manualshive.com logo in svg

Billion BiGuard S10, Administration Manual, Page: 128 / 182

Share
Download
Billion BiGuard S10 Administration Manual Download Page 128

118

B

I

G

UARD

S10 FAQ

QUESTION:

What are “Block Java Applet” and “Block ActiveX” in Restrict Features?

ANSWER:

Block Java Applet and Block ActiveX blocks HTML access to potentially harmful 
instructions found in files with extensions such as .js, .class, .ocx or .cab.

Downloaded malicious Java applets and JavaScript can steal, delete or modify information and 
compromise security and breach a user’s system. In addition, “buggy” applets hamper perfor-
mance and needlessly consume network bandwidth. Once this function is enabled, malicious 
code cannot be executed unless the function is disabled. 
Before you can restrict Java applets and JavaScript, you must first create the content blocking 
profile. Follow these instructions.

1.  Click 

Configuration

 

 

Network Object

 

 

Content Blocking

 

 

Restrict URL Fea-

ture

.

2. Click 

Create

 to create a 

Restrict Filtering

 profile.

3. Type a descriptive name in the text box and check the 

Block Java Applet

 and 

Block 

ActiveX

 boxes. 

4. Click 

Apply

. The new profile is added to the list.

From here you can 

Edit

 or 

Delete

 the profile.

Now you can enable the 

Restrict URL Feature

.

Summary of Contents for BiGuard S10

Page 1: ...Administration Guide Administration Guide Version Release v101_08302006...

Page 2: ......

Page 3: ...s device complies with Part 15 of FCC rules Operation is subject to the following two conditions This device may not cause harmful interference This device must accept any interference received includ...

Page 4: ...a where it can be stepped on DO NOT use the BiGuard S10 in environments with high humidity or high temperatures DO NOT use the same power source for the BiGuard S10 as other equipment DO NOT use the B...

Page 5: ...N Applications 10 Network Extender 10 Transport Extender 10 Network Places 11 Application Proxy 11 SSL VPN Features 11 Granular Access Control 12 SSL VPN Certification 13 SSL VPN Portals 14 Authentica...

Page 6: ...s 55 Configuring Ethernet MAC Filtering 56 Configuring Content Filtering policies 57 Configuring the System 59 Setting the Time Zone 59 Enabling Remote Access 60 Upgrading the BiGuard S10 Firmware 60...

Page 7: ...IP network address 95 Hardware problems 96 LAN interface problems 97 Disabling pop up windows 98 JavaScripts 98 Java permissions 99 WAN interface problems 99 Internet service provider problems 100 Re...

Page 8: ...ce DoS Attack 163 Why Use a Firewall 164 Specifications SSL VPN 165 Access Connection 165 Application Management 165 Compatible Web Browsers 165 Security 165 Firewall Content Filter 166 Web Based Mana...

Page 9: ...en overview 21 FIGURE 19 Monitoring Status screen items 25 FIGURE 20 Device Management screen 27 FIGURE 21 Time Zone screen 28 FIGURE 22 Ethernet screen 29 FIGURE 23 DHCP status screen 29 FIGURE 24 Ma...

Page 10: ...4 Configuring Content Filtering Policies 57 FIGURE 65 Creating a Content Filtering Profile 58 FIGURE 66 Adding an IP Exception 59 FIGURE 67 Setting the Time Zone 59 FIGURE 68 Enabling Remote Access 60...

Page 11: ...SSL Certificate current certificates screen 79 FIGURE 96 SSL Certificate generate certificate screen 79 FIGURE 97 Downloading the CSR 80 FIGURE 98 Signing a certificate 81 FIGURE 99 Opening the CSR 8...

Page 12: ...describes how to install and operate the BiGuard S10 Please read this manual before you install the product This manual includes the following topics Product description features and specifications Ha...

Page 13: ...ng items are in the package NOTE IF ANY ITEM IS MISSING OR APPEARS DAMAGED REPACK THE BiGuard S10 AND RETURN IT TO YOUR RESELLER Warranty Card Power adapter Warranty card x 1 Mounting brackets x 2 BiG...

Page 14: ...g Device is in use 3 WAN 10 100 LED Green Connected at 100 Mbps Off Connected at 10 Mbps 4 LINK ACT LED On Corresponding port on rear is connected Blinking Data is being transmitted or received 5 LAN...

Page 15: ...on one side of the BiGuard S10 and secure it with the bracket screws 2 Repeat step 1 to attach the other bracket 3 After attaching both mounting brackets position the BiGuard S10 in the rack by linin...

Page 16: ...WAN port on the BiGuard S10 connect the other end to an ADSL modem cable modem or another router FIGURE 2 CONNECTING THE BIGUARD S10 TO A WAN Connecting to a LAN Connect switches hubs and servers to...

Page 17: ...electrical outlet FIGURE 4 CONNECTING THE POWER ADAPTER Turning on the power and checking LED status Press the power switch on the rear of the BiGuard S10 The LEDs all blink once The LEDs blink in seq...

Page 18: ...deployment examples SSL VPN Appli cations and SSL VPN Features for the use of the BiGuard S10 for easy integration of the BiGuard S10 into your existing network Network environment scenarios The follo...

Page 19: ...behind an existing firewall router The following illustration demonstrates how the BiGuard S10 can be connected to the DMZ zone of an existing firewall router to provide secure remote access to the s...

Page 20: ...N The BiGuard S10 above is configured to support secure remote access firewall and internet access functionality Public servers are placed on DMZ zone while private servers for secure remote access ar...

Page 21: ...e network resources in the form of Network Extender This functionality allows employees and trusted individuals to easily and securely connect to a corpo rate network over SSL VPN FIGURE 9 NETWORK EXT...

Page 22: ...FIGURE 11 NETWORK PLACES Application Proxy Application Proxy supports most commonly used applications through a web based interface Supported applications include VNC Virtual Network Control RDP5 Term...

Page 23: ...ess control remote users are granted different privileges and allowed only access to specific applications FIGURE 13 GRANULAR ACCESS CONTROL Remote User 3 Unauthorized User Remote User 2 Remote User 1...

Page 24: ...om the Certificate Authority CA For the strongest possible SSL encryption we recommend only trusted Certificate Authorities to secure network traffic and the strongest SSL encryption Remember to impor...

Page 25: ...ill be providing remote access through the SSL VPN such as Application Proxy Network Places Network Extender and Transport Extender will be presented to them through the portal The components presente...

Page 26: ...server FIGURE 16 AUTHENTICATION DOMAINS LOCAL USER DATABASE The BiGuard S10 provides not only local authentication but provides clientless identity based security and flexible centralized management t...

Page 27: ...k WAN requests from IP addresses that the router determines are unauthorized WAN settings The BiGuard S10 enables connection to an ISP using a static IP address PPPoE protocol or by automatically obta...

Page 28: ...N managing the Transporter Extender application and host names managing SSL certifications and creating system logs You can also enable remote access upgrade the firmware and back up and restore confi...

Page 29: ...18 Administration Guide 2 Click View Certificate You are prompted to install a certificate 3 Click Install Certificate The Certificate Import Wizard appears...

Page 30: ...9 4 Click Next You are prompted to choose the certificate location 5 Select Automatically select the certificate store based on the type of certificate and click Next The wizard completes the installa...

Page 31: ...ty Alert screen 9 Click Yes to continue The login screen appears 10 Type the default user name and password User Name admin Password admin Then click Login The Web Manager opens on the Status menu See...

Page 32: ...FIG to save the configuration to the flash memory without restarting WARNING NOT CLEARING THE IP ADDRESS OF THE BIGUARD S10 FROM BROWSER HISTORY IS A POTENTIAL SECURITY THREAT IF YOU HAVE ENABLED REMO...

Page 33: ...ing to configure the connection 1 Click Quick Start in the Menu bar 2 Click WAN The Quick Start WAN screen appears 3 Select Static IP from the Protocol drop down menu 4 Type the IP address in the IP A...

Page 34: ...idle timeout period 8 Check Obtain DNS Automatically if your ISP provides this with the assigned IP Other wise enter the Primary and Secondary DNS provided by your ISP 9 Click Apply to confirm the set...

Page 35: ...ss Groups Network Objects on page 45 3 Type a user name in the User Name field 4 Type and confirm a password in the Password and Retype Password fields 5 Enable access services for the account Network...

Page 36: ...wing system and SSL VPN status Status submenus Click Status in the Menu bar to open the Status main screen FIGURE 19 MONITORING STATUS SCREEN ITEMS Registration Click to open a web page on Billion s B...

Page 37: ...lays the manufacturer s website Active Users Displays the number of active users who are logged on through the SSL VPN Portal including the administrator 1 IP Address Displays the IP address for the L...

Page 38: ...e this item to distinguish the servers Device Name Type a descriptive name for this device to distinguish it from other gateway devices on the network Embedded Web Server Type the port number for HTTP...

Page 39: ...elds are unavailable Local Time Zone GMT Time Click the drop down arrow to choose the time zone for your location SNTP Server IP Address Four SNTP time synchronization server addresses are defined by...

Page 40: ...he current settings FIGURE 23 DHCP STATUS SCREEN The BiGuard S10 is enabled to act as a DHCP server for your network Disable this function if the stations that connect to the BiGuard S10 LAN ports use...

Page 41: ...DHCP start end IP range The default start end IP range is 192 168 1 100 to 192 168 1 199 FIGURE 24 MAPPING MAC ADDRESS TO FIXED IP ADDRESS SCREEN Refer to the following to map a MAC address to a fixe...

Page 42: ...you want to map from the list The MAC address for the computer you select is added to the MAC Address field 9 In the IP Address field type an IP address that is outside the DHCP start end IP range Th...

Page 43: ...GURE 26 ARP TABLE SCREEN Name Displays the name of the user Group Displays the Group name that the user belongs to From IP address Displays the IP address of the user Login Time Displays the time the...

Page 44: ...the DHCP functionality of the BiGuard S10 FIGURE 28 DHCP TABLE SCREEN Destination Displays the IP address of the destination network Subnet Mask Displays the destination netmask address Gateway Interf...

Page 45: ...SYSTEM LOG SCREEN NOTE YOU CAN MODIFY PARAMETERS FOR THE INFORMATION THAT IS SAVED TO THE LOG SEE Log and E mail Alerts ON PAGE 92 right click here To save the log right click where indicated and then...

Page 46: ...RE 30 SSL VPN LOG SCREEN NOTE YOU CAN MODIFY PARAMETERS FOR THE INFORMATION THAT IS SAVED TO THE LOG SEE Log and E mail Alerts ON PAGE 92 right click here To save the log right click where indicated a...

Page 47: ...nd restoring configura tions setting the log on password and restarting the system Finally you configure advanced features including setting up static routing enabling DDNS and SNMP configuring the fi...

Page 48: ...ubnet Definitions screen displays current settings These items are display only To change these settings click Next DHCP Server Mode Choose Disable if IP addresses are assigned manually to stations on...

Page 49: ...ase Time Type the number of seconds from 1 to 999999999 you want for the default lease time This is the time that the router can use an IP address assigned by the DHCP server Maximum Lease Time Type t...

Page 50: ...isplays the current protocol Click the drop down arrow to change the protocol Mode There are two modes for the connection NAT Network Address Transla tion and Router NAT converts private IP addresses...

Page 51: ...nnection Connection options are Always On and Connect on Demand If you select Connect on Demand the following field Idle Timeout is available If your ISP charges a fee for connection time select Conne...

Page 52: ...NAT to add an extra layer of security when user on the internal network need to access the Internet Select Router for an internal network IP Address Type the IP address that your ISP provided Subnet...

Page 53: ...more public IP addresses for the Internet Select NAT to add an extra layer of security when user on the internal network need to access the Internet Select Router for an internal network MAC Address S...

Page 54: ...d an untrusted external network such as the Internet The DMZ is a subnet that is located between firewalls or off one leg of a firewall Click the DMZ drop down menu to select Disable or Transparent Wh...

Page 55: ...c tive drop down menu Click Network Object to display the Network Object menu items Configuring IP address Network Objects Click Address to display the Address screen FIGURE 39 CONFIGURING NETWORK OBJ...

Page 56: ...u these two fields are displayed IP Address Start type the beginning IP address or click Candi dates to select the starting range from one of the active PCs that are listed on the LAN IP Address End t...

Page 57: ...sfer control protocol transmission UDP services involving user datagram protocol transmission ICMP services involving internet control message protocol trans mission This option does not require you t...

Page 58: ...settings Service Group Name Type the name that you want this service group Network Object to have Available Services Displays the list of available services which you can add to this group Select the...

Page 59: ...ion or rule to be activated Schedules are used for many Policy functions Click Create to create a new schedule FIGURE 47 CREATING A NEW SCHEDULE NETWORK OBJECT Name Type the name of the schedule Netwo...

Page 60: ...r the downstream bandwidth in the text boxes in kilobits per second Guaranteed type a value that defines the lower limit for down stream bandwidth Maximum type a value that defines the upper limit for...

Page 61: ...PROFILES Keyword filters prohibit users from accessing Web sites that contain words specified in these profiles Click Create to add a new Network Object profile FIGURE 51 ADDING A KEYWORD FILTER NETW...

Page 62: ...his profile Domain Type the domain to be added to the forbidden or trusted domain lists Type Select the domain type from the drop down menu Forbidden Domain users will not be allowed access to Web sit...

Page 63: ...to prohibit browser features that constitute a security threat such as cookies Java applets and ActiveX scripts from being used Click Create to add a new Network Object profile FIGURE 55 RESTRICTING...

Page 64: ...CKET FILTERING PROFILE Name Type the name for this profile Active Check Enable to make this profile active Packet Flow Select the packet flow direction from the drop down menu LAN to WAN filters packe...

Page 65: ...to from the drop down menu Schedule Select the schedule for when you want this profile to be applicable Log Check Enable to have the system create a log file when this filter is run Name Type the name...

Page 66: ...width to function properly QoS can ensure that this bandwidth is provided Click Create to add a new QoS profile FIGURE 61 ADDING A QOS PROFILE External Service Port s Check Redirect to Service if you...

Page 67: ...affic based on the DSCP markings DSCP markings are used to decide how packets should be treated and is a useful tool to give precedence to varying types of data in QoS scenarios Select an option from...

Page 68: ...tent Blocking You can also create an IP address exception list which allows specified IP addresses to be accessed Name Type a name for the Ethernet MAC filter Active Check Enable to activate the filte...

Page 69: ...d Filter Network Objects on page 50 Domains Filtering Check Enable to activate domain filtering and select a Domain Filtering profile from the drop down menu See Creating Domain Filter Network Objects...

Page 70: ...u to set the time zone configure remote access set up passwords upgrade the BiGuard S10 firmware backup and restore configuration profiles and restart the system Setting the Time Zone Click Time Zone...

Page 71: ...the BiGuard S10 to automatically adjust for day light saving time Resync Period Type the number of minutes that will elapse before the BiGuard S10 adjusts the time Remote Access Control Select the rem...

Page 72: ...onfigurations or select only certain objects to your computer Next click the Backup to save your configuration FIGURE 70 BACKING UP AND RESTORING CONFIGURATIONS To restore configurations click the Bro...

Page 73: ...configuration click Browse and go to the location of the configuration file Click Restore to begin restoring the configuration FIGURE 72 RESTORING A CONFIGURATION Wait for the router to restart befor...

Page 74: ...irm and click Apply to save the new password Restarting the system Click Restart to view the Restart screen FIGURE 74 RESTARTING THE SYSTEM You can restart the system using the following options Save...

Page 75: ...device settings Creating Static Routes Click Static Route to view the Static Routing List FIGURE 75 THE STATIC ROUTING LIST Click Create to add a new static route to the list FIGURE 76 ADDING A STATI...

Page 76: ...PORTS SEVERAL DYNAMIC DNS PROVIDERS Dynamic DNS Server Select a DDNS server from the drop down menu Wildcard Click Enable to allow the DDNS wildcard The Wildcard Alias enables you to point a URL yourd...

Page 77: ...name of the read community and the IP address associated with it Write Community type the name of the write community and the IP address associated with it Trap Community type the name of the trap com...

Page 78: ...vice Parameters Click Device Management to change device parameters FIGURE 82 CHANGING PARAMETERS Intrusion Detection Click Enable to activate intrusion detection Block WAN Request Click Enable to act...

Page 79: ...Portal Layout The Portal Layout is provided to create a personalized layout including portal banner and the default greeting text string To use the Portal Layout features click on Portal Layout under...

Page 80: ...hentication for PPP connec tions between a Windows based computer and an Access Point or other network access device RADIUS MSCHAPV2 MSCHAPV2 Microsoft Challenge Handshake Authentication Protocol is M...

Page 81: ...database Local Database stores the user s data in the BiGuard S10 for the users that do not have any Authentication Domain in their environment NOTE RADIUS REMOTE AUTHENTICATION DIAL IN USER SERVICE I...

Page 82: ...ssigned and whether group is the domain s default group To edit a current group click Edit To create a new group click Create CREATING A NEW GROUP Refer to the following to create a new group 1 In the...

Page 83: ...ccess the server the VNC client is delivered through the user s Web browser as a Java client File Transfer Protocol FTP The FTP protocol is used to transfer files over a TCP IP network Internet Unix e...

Page 84: ...ER LISTED APPLICATIONS All the other applications have the same screen field items Refer to the following to add any of the other listed applications 1 Type a name in the Application Name field 2 Sele...

Page 85: ...admin account are managed from the Account screen FIGURE 88 ACCOUNT MANAGEMENT SCREEN The Account Table shows the account name and the group the user belongs to You can create and edit account from th...

Page 86: ...ort Extender to log onto the SSL VPN See Installing the Transport Extender on page 5 Web Cache Cleaner When enabled the user s Web cache is cleared on log out from the SSL VPN This aids security as no...

Page 87: ...om the Group drop down menu See Group Application on page 71 5 Type and confirm a password in the Password Retype Password fields 6 Type the time to log out inactive users in the Inactivity Timeout fi...

Page 88: ...MENT SCREEN Type the new IP address range parameters and click Apply Creating client routes The Client Route item enables you to set routing rules for the Network Extender client connec tion For examp...

Page 89: ...en lists the local server IP address and the TCP port number for applications that are configured for tunneling via Transport Extender To add an application for tunneling click Create FIGURE 92 ADDING...

Page 90: ...ly Managing SSL Certification This section describes how to enable import and apply SSL certificates Importing a certificate Follow these instructions to import an SSL certificate 1 Click SSL Certific...

Page 91: ...ong to City Locality Type your city State Full Name If in the US type the name of your State Country Type your two letter country code FQDN Domain Name Type the FQDN Fully Qualified Domain Name The FQ...

Page 92: ...ENING THE CSR 8 Copy all of the CSR text and paste it in the appropriate field on the certificate provider s website and finish following the certificate provider s instructions for getting a certific...

Page 93: ...cate is loaded and added to the Current Certificates list FIGURE 101 CURRENT CERTIFICATES 13 Now you must activate the imported certificate Click Input to input the password FIGURE 102 INPUTTING THE C...

Page 94: ...with the simple click of a mouse Application Definition Network Extender Browser based plug in that simplifies clientless remote access deploy ments while delivering full network connectivity for any...

Page 95: ...uctions to complete the connection SSH JAVA based plug in interface for the secure transfer of files Click on con nect and follow the on screen instructions Username and password is required for login...

Page 96: ...ars in the task bar indicating that the Network Extender is active and the Connection Status screen appears Check Uninstall On Disconnect or Browser Exit to have the system uninstall the driver every...

Page 97: ...ess applications that are on that network To create a Transport Extender connection follow the instructions below 1 Click the Transport Extender icon 2 The Transport Extender installs After setup is c...

Page 98: ...ect the Transport Extender right click the Transport Extender icon and select an option from the menu Accessing Network Place Network Places enables you to access locations on the network to perform t...

Page 99: ...unning in a graphical interface such as Windows FTP transfers can also be started from within a Web browser by entering the URL preceded with ftp Click Connect in the FTP application line The FTP Sess...

Page 100: ...Configuring SSL VPN Parameters 89 Type your login name and press Enter to login to Telnet...

Page 101: ...ernative Click SSH to view the login screen You are prompted for a user name and password which is provided to you by the network administrator USING WEB AND WEB SSL The Web and Web SSL Secure Sockets...

Page 102: ...ll The RDP program file installs and the remote desktop appears From here you can control the remote system USING VNC Virtual Network Computing VNC is a desktop sharing system which uses the RFB Remot...

Page 103: ...network activity information The information can then be written to a log sent to an external server or to a selected E mail address Log Configuration Click Log Configuration to open the Log Configur...

Page 104: ...changes Enable reporting of configuration changes Packet Filter Enable packet filtering Note Packet filtering won t intercept packets that stay within the confines of the LAN MAC Filter The MAC Filte...

Page 105: ...ation E mail Alert Enables a log of security related events to be sent to a specified e mail address When enabled the following fields are available Recipient s E mail Address Type the e mail account...

Page 106: ...network must have a network IP address The IP address is either assigned manually a static IP address or it is assigned auto matically dynamic IP address by a DHCP router or server This is the same fo...

Page 107: ...estab lished you should check the following Ensure each Ethernet cable connection is firmly connected at the firewall and at the hub or workstation Ensure that power is turned on to the connected hub...

Page 108: ...iguration Interface Both date and time can be found under Configuration System Time Zone To synchronize the date and time open the status page on the Web Configuration Interface and click Sync now I h...

Page 109: ...ups checkbox and click Apply to save your changes ENABLING POP UP BLOCKERS WITH EXCEPTIONS Follow these instructions to allow pop up blockers with the BiGuard S10 1 In Internet Explorer select Tools I...

Page 110: ...you are using PPPoE or PPTP encapsulation you need a user name and password which is provided by your ISP Ensure that you have entered the correct Service Type User Name and Password Note that user na...

Page 111: ...modem 4 When the modem has finished synchronizing with the ISP generally shown by LEDs on the modem turn on the power to your router If you still can t obtain an IP address Your ISP may require a log...

Page 112: ...wser and enter the IP address 192 168 1 254 in the address bar You will see the recovery mode page 6 Follow the on screen instructions Troubleshooting sequence This section answers some common questio...

Page 113: ...he default username and password of the BiGuard S10 Series ANSWER The default username and password for the BiGuard S10 Series is as follows Username admin Password admin QUESTION What s the factory d...

Page 114: ...omputer is automatically assigned an IP address perform the following steps a Click Start and then select Run b Type cmd or command in the Run text box c A DOS window opens d In the DOS prompt type C...

Page 115: ...properly ANSWER It is possible that the browser is referencing data stored in the cache Clear the offline browser data in the cache restart the browser and try again To clear the cache in Internet Ex...

Page 116: ...e BiGuard S10 Series from the Internet ANSWER Make sure the Block WAN Request is disabled 1 Click Configuration Advanced Firewall 2 Next to Block WAN Request click the Disable radio button 3 Click App...

Page 117: ...from getting direct access to a server that has company data The BiGuard S10 Series supports hardware DMZ To set up a DMZ for the BiGuard S10 Series follow these instructions 1 From the Configuration...

Page 118: ...er you must add this address to the Address List Follow these instructions 1 Click Configuration Network Object Address The Address Table appears 2 Click Create 3 Type a descriptive name for this addr...

Page 119: ...ck the Reverse Direction box 8 Select HTTP from the Service drop down list and select the newly created address from the To Address drop down list 9 Click Apply The new filter appears in the Packet Fi...

Page 120: ...ent filters are supported Keyword Filtering Domain Filtering Restricted Features including Java Applet ActiveX Cookies Proxy and surf ing by IP Address QUESTION What is Keyword Filtering in Content fi...

Page 121: ...ile 3 Type a descriptive name for the keyword filtering profile and type the keyword in the text boxes 4 Click Add The keyword is added to the Block WEB URLs list 5 Add more keywords to this filter by...

Page 122: ...Create 9 Type a descriptive name for this content filtering profile and check Active to enable con tent filtering 10 In Keywords Filtering check Enable and select your new Keywords Filtering profile...

Page 123: ...WER Domain filtering is a firewall function designed to block specific domain addresses see example below Example The user wants to block www sexpicture com from being accessed Follow these instructio...

Page 124: ...type the domain name in this case www sexpicture com in the text boxes Select Forbidden Domain from the Type drop down list 4 Click Add The keyword is added to the Block WEB URLs list As described in...

Page 125: ...the Domain text box and select Trusted Domain from the drop down list 6 Click Add The domain is added to the trusted domain list 7 Click Apply The new domain filters are listed From here you can Edit...

Page 126: ...9 Click Create to add a new content filter policy 10 Type a descriptive name for this content filtering profile and check Active to enable con tent filtering 11 In Domains Filtering check Enable and...

Page 127: ...the exception of specific URLs selected by the user Example To allow a user access to only the www billion com URL follow the two steps below Step 1 Designate the URL www billion com as a trusted doma...

Page 128: ...e and needlessly consume network bandwidth Once this function is enabled malicious code cannot be executed unless the function is disabled Before you can restrict Java applets and JavaScript you must...

Page 129: ...able and select the new profile from the drop down list 9 Click Apply The new content filter is added to the list From here you can Edit or Delete the filter You can also Move the filter which changes...

Page 130: ...ction for Internet use To block the web proxy follow these instructions 1 Click Configuration Network Object Content Blocking Restrict URL Fea ture 2 Click Create to create a Restrict Filtering profil...

Page 131: ...able and select the new profile from the drop down list 9 Click Apply The new content filter is added to the list From here you can Edit or Delete the filter You can also Move the filter which changes...

Page 132: ...unction To block cookies follow these instructions 1 Click Configuration Network Object Content Blocking Restrict URL Fea ture 2 Click Create to create a Restrict Filtering profile 3 Type a descriptiv...

Page 133: ...able and select the new profile from the drop down list 9 Click Apply The new content filter is added to the list From here you can Edit or Delete the filter You can also Move the filter which changes...

Page 134: ...ssing the Internet See example below Example The IP address http 123 123 123 123 will be blocked if this option is enabled Follow these instructions 1 Click Configuration Network Object Content Blocki...

Page 135: ...Click Create to create a new content filter 7 Type a descriptive name for this content filter and next to Active check Enable to acti vate this content filter 8 Next to Restrict Feature check Enable a...

Page 136: ...he Content Filtering ANSWER Exception List is an option to exclude an IP address from content filtering policies See example below Example The user wants to place IP address 192 168 1 100 in the excep...

Page 137: ...MAC addresses to be able to access the Internet except 00 11 11 11 11 11 1 Click Configuration Policy Ethernet MAC Filtering 2 Click Create to add an Ethernet MAC filter 3 Type a descriptive name for...

Page 138: ...next to Active to activate the fil ter 4 From the Action drop down list select Forward 5 Type the MAC address in the text box or click Candidates and select and available MAC address from the list 6...

Page 139: ...to be applied to all MAC addresses 11 Click Apply The new filter is added to the list QUESTION Why can t I ping the WAN IP address of the BiGuard S10 Series from the Internet ANSWER Make sure the Bloc...

Page 140: ...n is enabled in the System Remote Access menu Click Apply to save the settings QUESTION What s the Auto log out timer ANSWER There is an inactivity timeout within the configuration pages The default v...

Page 141: ...s but we do not recommend doing so as Internet service reliability varies between areas QUESTION I ve just upgraded the router firmware to the latest version but I found some of the buttons or pages d...

Page 142: ...click OK SNMP QUESTION What type of SNMP MIBs are supported by the BiGuard S10 Series ANSWER The following MIBs are supported by the BiGuard S10 Series RFC1213 MIB II System group Interfaces group Add...

Page 143: ...nnect to the BiGuard S10 Series ANSWER The following options on the browser need to be enabled for successful connec tion SSLv2 SSLv3 or TLS Cookies Pop ups for the site Java Javascript ActiveX QUESTI...

Page 144: ...3 or SMTP Server Network Place Network Place provides remote users with a secure web inter face to Microsoft File Shares using the CIFS Common Internet File System or SMB Server Message Block protocol...

Page 145: ...er network segment that can be reached by the BiGuard S10 Series The remote user communicates with the BiGuard S10 Series by HTTPS using an administrator predefined URL which is retrieved over HTTP by...

Page 146: ...ase from the Application drop down list 5 Type the designated IP address in the IP Address text box 6 Click Apply The application is added to the list From here you can Edit or Delete the application...

Page 147: ...list 11 Type a password in the text box and retype the password for confirmation 12 Check the Application Proxy Applications box in this case BiGuard FTP 13 Click Apply 14 Log out of the web configur...

Page 148: ...Using Network Extender QUESTION How do I set up Network Extender ANSWER Use the following guide to set up Network Extender 1 Click Quick Start SSL VPN NOTE THE SINGLE SIGN ON SSO FEATURE CAN ONLY BE...

Page 149: ...drop down list and click Next 3 Type the user name and the password Retype the password for confirmation 4 Ensure the Network Extender Service button is enabled 5 Click Apply 6 Log out and log in agai...

Page 150: ...rop down message appears at the top of your browser prompting you to Install an ActiveX Control 8 Click Install ActiveX Control A Security Message is displayed 9 Click Install The installation begins...

Page 151: ...ActiveX Control will not need to be installed when you log on again If the box is checked ActiveX will uninstall itself when you log off to prevent unautho rized access for example if a public domain...

Page 152: ...192 168 1 210 192 168 1 230 by default is in the same subnet as your BiGuard S10 Series LAN network address 192 168 1 254 by default Alternatively if your client address is not the same as your BiGuar...

Page 153: ...to assign the user to from the drop down list 5 Click the Transport Extender Service Enable button 6 Click Apply 7 Click SSL VPN Transport Extender Application 8 Click Create The Transport Extender pa...

Page 154: ...to the BiGuard S10 as the remote user created The following screen is displayed 11 Click Transport Extender A drop down message appears at the top of your browser prompting you to Install an ActiveX...

Page 155: ...A Security Message will be displayed 13 Click Install The Transport Extender installs After setup is complete an icon appears in the task bar indicating that the Network Extender is active and the fol...

Page 156: ...u log on again If the box is checked ActiveX will uninstall itself when you log off to prevent unauthorized access for example if a public domain terminal was used to access Transport Extender Click D...

Page 157: ...omplete domain name for a specific host on the Internet and consists of the host name and domain name for example www billion com Email Type your email address Password Type a password Ensure that you...

Page 158: ...le to your computer and extract the files to a folder 5 Next you can sign a certificate for example from Verisign www verisign com 6 Follow the instructions from the web You will be prompted to input...

Page 159: ...r will send you the certificate by email 9 Copy the certificate text and paste into a text editor Save the file as server crt 10 Zip the files server crt and server key into a file for example server...

Page 160: ...ssword text box type the password that you created when generating the CSR 15 Click Apply The certificate is ready to be used 16 Click Enable to enable the certificate Registering the BiGuard S10 QUES...

Page 161: ...ction describes how to configure an active directory server for use with the BiGuard S10 Configuring an Active Directory server Follow these instructions to configure an Active Directory server 3 Clic...

Page 162: ...152 BIGUARD S10 FAQ The Welcome to the Configure Your Server Wizard screen opens 8 Click Next The Preliminary Screen opens...

Page 163: ...Configuring an Active Directory server 153 9 Click Next The Server Role screen opens 10 Select Domain Controller Active Directory and then click Next The Summary of Selections screen appears...

Page 164: ...154 BIGUARD S10 FAQ 11 Click Next The Welcome to the Active Directory Installation Wizard screen appears 12 Click Next The Operating System Compatibility screen appears...

Page 165: ...Configuring an Active Directory server 155 13 Click Next The Domain Controller Type screen opens 14 Select Domain controller for a new domain and then click Next The Create New Domain screen appears...

Page 166: ...156 BIGUARD S10 FAQ 15 Select Domain in a new forest and then click Next The New Domain Name screen opens 16 Enter a domain name and then click Next The NetBIOS Domain Name screen appears...

Page 167: ...rver 157 17 Enter a domain NetBIOS name and then click Next The Database and Log Folders screen appears 18 Select the folders that will store the Active Directory database and log Then click Next The...

Page 168: ...158 BIGUARD S10 FAQ 19 Enter a location for the SYSVOL folder and then click Next The DNS Registration Diagnostics screen appears...

Page 169: ...creen appears 21 Select Permissions compatible only with Windows 2000 or Windows Server 2003 operating systems 22 Click Next The Directory Services Restore Mode Administrator Password screen appears 2...

Page 170: ...160 BIGUARD S10 FAQ 24 Click Next The Summary screen appears 25 Click Next The wizard will configure Active Directory automatically and will notify you when the configuration is complete...

Page 171: ...an example the net masks for Class A B and C are 255 0 0 0 255 255 0 0 and 255 255 255 0 respectively Instead of dotted decimal notation the net mask can also be written in terms of the number of ones...

Page 172: ...uires access from outside computers you can use port forwarding to accomplish this For information on how to configure port forwarding on BiGuard S10 refer to Configuring the Virtual Server on page 54...

Page 173: ...ck or intrusion is detected the firewall can be configured to log the intru sion attempt and can also notify the administrator of the incident With this information the administrator can work with the...

Page 174: ...twork A simple NAT router provides a basic level of protection by shielding your network from the outside Internet Still there are ways for more dedicated hackers to either obtain information about yo...

Page 175: ...Shell SSH support Web based data HTTP HTTPS Granular User Policy Management Compatible Web Browsers Microsoft Internet Explorer 5 01 or newer versions Internet Explorer 6 0SP1 is strongly recommended...

Page 176: ...ity of Service Control Support DiffServ approach Traffic prioritization and bandwidth management based on IP protocol port number and IP address Policy control based on IP address or MAC address Loggi...

Page 177: ...configured to DMZ Power Switch Reset button Physical Specification Dimensions 19 x 6 54 x 1 65 482mm x 166mm x 42mm w bracket 250mm x 166mm x 33 8mm w o bracket Power Requirement Input 12V DC 1A Oper...

Page 178: ...cally refers to an Internet site address DTIM DTIM Delivery Traffic Indication Message provides client stations with information on the next opportunity to monitor for broadcast or multicast messages...

Page 179: ...etworks that serve users within specific geographical areas such as in a company building LANs are comprised of servers workstations a network operating system and communica tions links such as the ro...

Page 180: ...achines that store programs and data The programs and data are shared by client machines workstations on the network SMTP SMTP Simple Mail Transfer Protocol is the standard Internet e mail pro tocol S...

Page 181: ...rdwired net works Wireless LAN Wireless LANs WLANs are local area networks that use wireless com munications for transmitting data Transmissions are usually in the 2 4 GHz band WLAN devices do not nee...

Page 182: ...specifically designated for that purpose by Billion The warranty does not extend to defects resulting from normal wear and tear nor does it extend to any deviating application relating to local regio...

Reviews:

No comments