background image

84

 

Outbound IP Throttling (LAN to WAN)

 

 

IP Throttling allows you to limit the speed of the IP traffic. The value entered in the Rate 
Limit blank will set the speed limitation of the application. 

 

 

 

Name

: User defined description to identify the new policy/name created. 

 

Time Schedule

: Schedule your prioritization policy. Refer to 

Time Schedule 

for more 

information. 

 

Protocol

: The name of the supported protocol. 

 

Rate Limit

: To limit the speed of the outbound traffic. 

 

Source IP Address Range

: The source IP address or the range of packets to be 

monitored. 

 
Source Port(s)

: The source port of the packets to be monitored. 

 

Destination IP Address Range

: The destination IP address or the range of packets to be 

monitored. 

 

Destination Port(s)

: The destination port of the packets to be monitored. 

Summary of Contents for BiPAC 7402GL R4

Page 1: ...BiPAC 7402GL R4 Wireless ADSL Firewall Router User Manual Version release 5 53 s5 wk Last Revised Date 27 05 2009 ...

Page 2: ...hapter 3 Basic Installation 14 Connecting Your Router 15 Network Configuration 16 Factory Default Settings 22 Information from your ISP 23 Configuring with your Web Browser 24 Chapter 4 Configuration 25 Status 26 ADSL Status 26 ARP Table 27 DHCP Table 28 Routing Table 29 NAT Sessions 30 UPnP Portmap 30 Email Status 31 Event Log 31 Error Log 32 Diagnostic 32 Quick Start 33 Configuration 37 LAN Loca...

Page 3: ...ote Access 62 Firmware Upgrade 62 Backup Restore 63 Restart Router 64 User Management 65 Firewall and Access Control 67 General Settings 68 Packet Filter 69 Intrusion Detection 76 URL Filter 79 IM P2P Blocking 81 Firewall Log 82 QoS Quality of Service 83 Prioritization 83 Outbound IP Throttling LAN to WAN 85 Inbound IP Throttling WAN to LAN 86 Virtual Server known as Port Forwarding 92 Add Virtual...

Page 4: ...s Translation 96 Wake on LAN 99 Time Schedule 100 Advanced 103 Static Route 103 Static ARP 104 Dynamic DNS 105 Check Email 106 Device Management 107 IGMP 110 Logout 111 Chapter 5 Troubleshooting 112 Appendix Product Support Contact 114 ...

Page 5: ...T1 413 Issue 2 G dmt ITU G 992 1 G lite ITU G 992 2 G hs ITU G994 1 G dmt bis ITU G 992 3 G dmt bis plus ITU G 992 5 802 11g Wireless AP with WPA Support With integrated 802 11g Wireless Access Point in the router the device offers a quick and easy access among wired network wireless network and broadband connection with single device simplicity and as a result mobility to the users In addition to...

Page 6: ...ides advanced hacker pattern filtering protection It can automatically detect and block Denial of Service DoS attacks The router is built with Stateful Packet Inspection SPI to determine if a data packet is allowed through the firewall to the private LAN Domain Name System DNS Relay It provides an easy way to map the domain name a friendly name for users such as www yahoo com and IP address When a...

Page 7: ...ly filters the packet based on IP address but also based on Port numbers It will filter packets from and to the Internet and also provides a higher level of security control Dynamic Host Configuration Protocol DHCP Client and Server In the WAN site the DHCP client can get an IP address from the Internet Service Provider ISP automatically In the LAN site the DHCP server can allocate a range of clie...

Page 8: ...ement Interfaces It supports flexible management interfaces with LAN port and WAN port Users can use terminal applications through Telnet WEB GUI and SNMP through LAN or WAN ports to configure and manage the device ...

Page 9: ...Important note for using this router Package Contents BiPAC 7402GL R4 Wireless ADSL Firewall Router CD ROM containing the online manual RJ 11 ADSL telephone Cable Ethernet CAT 5 Cable Power adapter A detachable antenna Quick Start Guide ...

Page 10: ...en when Ethernet connection established Blink when data is being Transmitted Received 3 Wireless Lit green when the wireless connection is established Flashes when sending receiving data 4 ADSL Lit Green when the device is successfully connected to an ADSL DSLAM line synch 5 Internet Lit red when WAN port fails to get IP address Lit green when WAN port gets IP address successfully Lit off when dev...

Page 11: ...vice is being turned on press RESET button for 1 3 seconds quick reset the device 6 seconds and above power off power on the device restore to factory default settings Cannot login to the router or forgot your Username Password Press the button for more than 6 seconds Caution After pressing the RESET button for more than 6 seconds to be sure you power cycle the device again 6 WPS Push WPS button t...

Page 12: ...ther devices connected to the same telephone line as your router e g telephones fax machines analogue modems have a line filter connected between them and the wall socket unless you are using a Central Splitter or Central Filter installed by a qualified and licensed electrician and ensure that all line filters are correctly installed and the right way around Missing line filters or line filters in...

Page 13: ...alled properly prior to connecting the router device You ought to configure your PCs to obtain an IP address through a DHCP server or a fixed IP address that must be in the same subnet as the router The default IP address of the router is 192 168 1 254 and the subnet mask is 255 255 255 0 i e any attached PC must be in the same subnet and have an IP address in the range of 192 168 1 1 to 192 168 1...

Page 14: ...this router to a LAN Local Area Network and the ADSL telephone ADSL network 2 Power on the device 3 Make sure the Power LED lit steadily and that the LAN LED is lit 4 Connect your router to the telephone jack on the wall with RJ 11 cable ...

Page 15: ... on Network 2 Then click on Network and Sharing Center at the top bar 3 When the Network and Sharing Center window pops up select and click on Manage network connec tions on the left window column 4 Select the Local Area Connection and right click the icon to select Properties ...

Page 16: ... 6 In the TCP IPv4 properties window select the Obtain an IP address au tomatically and Obtain DNS Server address automatically radio but tons Then click OK to exit the set ting 7 Click OK again in the Local Area Connection Properties window to apply the new configuration ...

Page 17: ...ork Connections 2 Double click Local Area Connection 3 In the Local Area Connection Status window click Properties 4 Select Internet Protocol TCP IP and click Properties 5 Select the Obtain an IP address auto matically and the Obtain DNS server address automatically radio buttons 6 Click OK to finish the configuration ...

Page 18: ...ial up Connections 2 Double click Local Area Connection 3 In the Local Area Connection Status window click Properties 4 Select Internet Protocol TCP IP and click Properties 5 Select the Obtain an IP address auto matically and the Obtain DNS server address automatically radio buttons 6 Click OK to finish the configuration ...

Page 19: ... Network and choose the Configuration tab 2 Select TCP IP NE2000 Compatible or the name of your Network Interface Card NIC in your PC 3 Select the Obtain an IP address auto matically radio button 4 Then select the DNS Configurationtab 5 Select the Disable DNS radio button and click OK to finish the configuration ...

Page 20: ...1 Go to Start Settings Control Panel In the Control Panel double click on Network and choose the Protocols tab 2 Select TCP IP Protocol and click Prop erties 3 Select the Obtain an IP address from a DHCP server radio button and click OK ...

Page 21: ...rver is enabled Start IP Address 192 168 1 100 IP pool counts 100 LAN and WAN Port Addresses The parameters of LAN and WAN ports are pre set in the factory The default values are shown in the tale LAN Port WAN Port IP address 192 168 1 254 Subnet Mask 255 255 255 0 DHCP server function Enabled in ports 1 2 3 and 4 IP addresses for distribution to PCs 100 IP addresses continuing from 192 168 1 100 ...

Page 22: ...RFC2684 VPI VCI VC LLC based multiplexing Username Password and Domain Name System DNS IP address it can be automatically assigned by your ISP when you connect or be set manually MPoA RFC1483 RF C2684 VPI VCI VC LLC based multiplexing IP address Subnet mask Gateway address and Domain Name System DNS IP address it is a fixed IP address IPoA RFC1577 VPI VCI VC LLC based multiplexing IP address Subne...

Page 23: ...uter which by default is 192 168 1 254 and click Go a user name and password window prompt will appear The default username and password are admin and admin respectively See Figure 3 14 Figure 3 14 User name Password Prompt Window Congratulations You are now successfully logon to the Router ...

Page 24: ...gory of each configuration page is listed as below Status ADSL Status ARP Table DHCP Table Routing Table NAT Sessions UPnP Portmap Email Status Event Log Error Log Diagnostic Quick Start LAN WAN Configuration System Firewall QoS Virtual Server Wake on LAN Time Schedule Advanced Language provides user interface in English and French languages ...

Page 25: ...25 Status ADSL Status This section displays the overall status of ADSL such as DSP firmware version Operational mode Upstream downstream rate SNR margin Line Attenuation CRC Errors and Latency rate ...

Page 26: ...Filter function See the Firewall section of this manual for more information on this feature IP Address Shows a list of IP addresses of devices on your LAN Local Area Network MAC Address Shows the MAC Media Access Control addresses of each device on your LAN Interface Shows the interface name on the router that this IP Address connects to Static Static status of the ARP table entry no for dynamica...

Page 27: ... expired IP addresses Permanent Shows the fixed host mapping information Leased Table IP Address Shows the IP address that is assigned to each client MAC Address Shows the MAC address of each client Client Host Name Shows the Host Name Computer Name of the client Expiry Shows the current lease time of each client ...

Page 28: ...Interface Shows the IP address of the gateway or the existing interface that this route will use Cost The number of hops counted as the cost of the route RIP Routing Table Destination Shows the IP address of the destination network Netmask Shows the destination Netmask address Gateway Shows the IP address of the gateway that this route will use Cost The number of hops counted as the cost of the ro...

Page 29: ...sions between external WAN and internal LAN interface UPnP Portmap This section lists all the established port mapping using UPnP Universal Plug and Play See the Advanced section of this manual for more details on UPnP and the router UPnP configuration options ...

Page 30: ... section of this manual for details on this function Event Log This page displays all the event Log entries of the router such as when gets disconnected and during Firewall triggered events like Intrusion or Blocking Logging Please see the Firewall section of this manual for more details on how to enable Firewall logging ...

Page 31: ...ven to entries are logged to this window Diagnostic It tests the connection to computer s which is connected to the LAN ports and also the WAN Internet connection If PING www google com is shown FAIL and the rest is PASS you ought to check your PC s DNS setting is correct ...

Page 32: ...your ADSL line is ready the screen appears ADSL Line is Ready Choose Auto radio button and click Apply It will automatically scan the recommended mode for you Manually mode makes you to set the ADSL line by manual 4 Please enter Username and Password as supplied by your ISP Internet Service Provider and click Apply to continue ...

Page 33: ...rovided by your ISP Service Name This item is for identification purposes If it is required your ISP provides you the information Auth Protocol Default is Auto Your ISP advises on using Chap or Pap MTU Maximum Transmission Unit The size of the largest datagram excluding media specific headers that IP will attempt to send through the interface IP Address Your WAN IP address Leave this at 0 0 0 0 to...

Page 34: ...device in order to get connected to your network ESSID Broadcast It is function in which transmits its ESSID to the air so that when wireless client searches for a network router can then be discovered and recognized Default setting is Enable Enable When Enable is selected you can allow anybody with a wireless client to be able to locate the Access Point AP of your router Disable Select Disable if...

Page 35: ...35 6 Wait for the configuration 7 When ADSL is synchronic it will appear check ...

Page 36: ...will expand to display the sub items that will allow you to further configure your router LAN WAN System Firewall QoS Virtual Server Wake on LAN Time Schedule and Advanced The function of each configuration sub item is described in the following sections ...

Page 37: ... groups need to be created Ethernet P1 Port 1 Ethernet1 P2 P3 and P4 Port 2 3 4 Uncheck P2 P3 P4 from Ethernet VLAN port first Note You should setup each VLAN group with caution Each Bridge Interface is arranged in this order Bridge Interface VLAN Port Always starts with ethernet P1 P2 P3 P4 ethernet1 P2 P3 P4 ethernet2 P3 P4 ethernet3 P4 Management Interface To specify which VLAN group has possib...

Page 38: ...is case an internal router is not required IP Address Specify an IP address for this virtual interface Netmask Specify a subnet mask for this virtual interface Security Interface Specify the firewall setting for this virtual interface Internal This mean the network is behind NAT All traffic will do network address translation when sending out data to the Internet if NAT is enabled External This me...

Page 39: ...n the space provided or click the Candidate button Make sure your PC s MAC is not listed The maximum number of client is 16 The MAC addresses should be 6 bytes long and are presented only in hexadecimal characters Only numbers 0 9 and letters a f are acceptable Note Follow the MAC Address Format xx xx xx xx xx xx Semicolon must be included Candidates automatically detects devices that are connecte...

Page 40: ...an ap to a unique ID name that is already built into the router wireless interface It is case sensitive and must not exceed 32 characters Make sure your wireless clients have exactly the ESSID as the device in order to connect to your network Note It is case sensitive and must not exceed 32 characters ESSID Broadcast It is used to broadcast its ESSID on the network so that when a wireless client s...

Page 41: ...nt firmware version Wireless Distribution System WDS It is a wireless access point mode that enables wireless link and communication with other access points It is easy to install simply by defining the peer s MAC address of the connected AP WDS takes advantage of the cost saving and flexibility with no extra wireless client device is required to bridge between two access points and extending an e...

Page 42: ...sable or enable with WPA or WEP for protecting wireless network The default mode of wireless security is Disable WPA Shared Key The key for network authentication The input format is in character style and key size should be in the range between 8 and 63 characters Group Key Renewal The period of renewal time for changing the security key automatically between wireless client and Access Point AP D...

Page 43: ...gh security for transmissions there are two alternatives to select from WEP 64 and WEP 128 WEP 128 will offer increased security over WEP 64 Passphrase This is used to generate WEP keys automatically based upon the input string and a pre defined algorithm in WEP64 or WEP128 Default Used WEP Key Select the encryption key ID please refer to Key 1 4 below Key 1 4 Enter the key to encrypt wireless dat...

Page 44: ...he space provided or click the Candidate button Make sure your PC s MAC is not listed The maximum client is 16 The MAC addresses are 6 bytes long they are presented only in hexadecimal characters The number 0 9 and letters a f are acceptable Note Follow the MAC Address Format xx xx xx xx xx xx Semicolon must be included Candidates It automatically detects for devices that are connected to the rout...

Page 45: ...y Wi Fi Alliance This protocol is used to build a Wi Fi networks within a home small office environment in an easy and secured manner This feature thus provides a much simplified method to configure WiFi Protected Access to those who know very little about wireless security ...

Page 46: ...y issues The default is Auto which users should keep unless there are specific problems with PCs not being able to access your LAN IPv4 TOS priority Control Advanced users TOS Type of Services is the 2nd octet of an IP packet Bits 6 7 of this octet are reserved and bit 0 5 are used to specify the priority of the packet This feature uses bits 0 5 to classify the packet s priority If the packet prio...

Page 47: ...HCP Server including the IP pool starting IP address and ending IP address to be allocated to PCs on your network lease time for each assigned IP address the period of time the IP address assigned will be valid DNS IP address and the gateway IP address These details are sent to the DHCP client i e your PC when it requests an IP address from the DHCP server Click Apply to enable this function If yo...

Page 48: ...onnection VPI VCI Enter the information provided by your ISP ATM Class The Quality of Service for ATM layer Username Enter the username provided by your ISP You can input up to 128 alpha numeric characters case sensitive This is the format of username username ispname instead of username Password Enter the password provided by your ISP You can input up to 128 alpha numeric characters case sensitiv...

Page 49: ... on the line for a predetermined period of time Detail You can define the destination port and packet type TCP UDP without checking by timer It allows you to set which outgoing traffic will not trigger and reset the idle timer MTU Maximum Transmission Unit The size of the largest datagram excluding media specific headers that IP will attempt to send through the interface RIP RIP v1 RIP v2 and RIP ...

Page 50: ... case sensitive NAT The NAT Network Address Translation feature allows multiple users to access the Internet through a single IP account sharing the single IP address If users on your LAN have public IP addresses and can access the Internet directly the NAT function can be disabled IP 0 0 0 0 Auto Your WAN IP address Leave this at 0 0 0 0 to obtain automatically an IP address from your ISP Auth Pr...

Page 51: ...t the idle timer MTU Maximum Transmission Unit The size of the largest datagram excluding media specific headers that IP will attempt to send through the interface RIP RIP v1 RIP v2 and RIP v2 Multicast Check to enable RIP function TCP MSS Clamp This option helps to discover the optimal MTU size automatically Default is enabled Obtain DNS A Domain Name System DNS contains a mapping table for domai...

Page 52: ...resses and can access the Internet directly the NAT function can be disabled Encap method Choose whether you want the packets in WAN interface as bridged packet or routed packet MTU Maximum Transmission Unit The size of the largest datagram excluding media specific headers that IP will attempt to send through the interface IP 0 0 0 0 Auto Specify an IP address allowed to logon and access the route...

Page 53: ...re the configuring of this option You must fill in the MAC address that specify by service provider when it is required Default is disabled Obtain DNS A Domain Name System DNS contains a mapping table for domain name and IP addresses DNS helps to find the IP address of a specific domain name Check the checkbox to obtain DNS automatically Primary DNS Enter the primary DNS Secondary DNS Enter the se...

Page 54: ...ed MTU Maximum Transmission Unit The size of the largest datagram excluding media specific headers that IP will attempt to send through the interface IP 0 0 0 0 Auto Specify an IP address allowed to logon and access the router s web server Note IP 0 0 0 0 indicates all users who are connected to this router are allowed to logon the device and modify data Netmask The default is 255 255 255 0 User c...

Page 55: ...NS contains a mapping table for domain name and IP addresses DNS helps to find the IP address of a specific domain name Check the checkbox to obtain DNS automatically Primary DNS Enter the primary DNS Secondary DNS Enter the secondary DNS ...

Page 56: ...e whether you want the packets in WAN interface as bridged packet or routed packet Acceptable Frame Type Specify which kind of traffic goes through this connection all traffic or only VLAN tagged Filter Type Specify the type of ethernet filtering performed by the named bridge interface All Allows all types of ethernet packets through the port IP Allows only IP ARP types of ethernet packets through...

Page 57: ...n the device Description A given name for the connection VPI VCI Enter the information provided by your ISP ATM Class The Quality of Service for ATM layer Username Enter the username provided by your ISP You can input up to 128 alphanumeric characters case sensitive This is in the format of username ispname instead of simply username Password Enter the password provided by your ISP You can input u...

Page 58: ... there is no activity on the line for a predetermined period of time Detail You can define the destination port and packet type TCP UDP without checking by timer It allows you to set which outgoing traffic will not trigger and reset the idle timer MTU Maximum Transmission Unit The size of the largest datagram excluding media specific headers that IP will attempt to send through the interface RIP R...

Page 59: ...ate or unstable problems You may need to change the profile setting to reach the best ADSL line rate it depends on the different DSLAM and location Activate Line Aborting false your ADSL line and making it active true again for taking effect with setting of Connect Mode Coding Gain It reduces router s transmit power which will effect to router s downstream performance Higher the gain will increase...

Page 60: ... prefer to specify an SNTP server other than those in the list simply enter its IP address as shown above Your ISP may provide an SNTP server for you to use Daylight Saving is also known as Summer Time Period Many places in the world adapt it during summer time to move one hour of daylight from morning to the evening in local standard time Check Enable checkbox to set your local time Resync Period...

Page 61: ...ware is the software that enables it to operate and provides all its functionality Think of your router as a dedicated computer and the firmware as the software it runs Over time this software may be improved and revised and your router allows you to upgrade the software it runs to take advantage of these changes Clicking on Browse will allow you to select the new firmware image file you have down...

Page 62: ...ation Backup To create a backup of the setting simply press the Backup button and specify the location on where to save your configuration file You may also change the name of the file if you wish to keep multiple backups Restoring the Router Configuration To restore the configuration of the router press Browse to locate the configuration file from your PC Once the file has been located click on t...

Page 63: ... example after a firmware upgrade or if you have saved an incorrect configuration select Factory Default Settings to reset to factory default settings You may also reset your router to factory settings by holding the small Reset pinhole button more than 6 seconds on the back of your router Caution After pressing the RESET button for more than 6 seconds to be sure you power cycle the device again ...

Page 64: ...configuration interface Edit Account Information You can change the informations of any account whether the account is active or valid 1 To edit an account select the Edit radio button of the account to be edited Once selected all information of that account will be displayed 2 Delete the information to be edited and replace it with the new one 3 When it is done simply click on the Edit Delete but...

Page 65: ...ord 2 When it is done click the Add button To delete a user account 1 Click on the Delete radio button of the account you want to delete 2 Then click the Edit Delete to confirm the deletion Note You can delete any user account except for the default admin account Thus there is no delete radio button available for this account ...

Page 66: ...t a machine on your network This natural firewall is turned on when NAT function is enabled Firewall Security and Policy General Settings Inbound direction of Packet Filter rules to prevent unauthorized computers or applications to access your local network from the Internet Intrusion Detection Enable Intrusion Detection to detect prevent and log malicious attacks Access Control Prevent access fro...

Page 67: ...um and Low security are displayed in the Port Filters of the Packet Filter Select either High Medium or Low security level to enable Firewall protection The only difference between these three is the preset port filter rules in the Packet Filter Firewall function is the same for all levels it is only the list of preset port filters that changes between each setting For more detail on level of pres...

Page 68: ... is enabled with one of the four security levels selected All blocked High Medium and Low The preset port filter rules in the Packet Filter must be modified accordingly to the level of security selected See Table1 Predefined Port Filter for more detail information ...

Page 69: ...23 NO YES NO YES NO NO SMPT 25 TCP 6 25 25 NO YES NO YES NO YES POP3 110 TCP 6 110 110 NO YES NO YES NO YES NEWS NNTP TCP 6 119 119 NO YES NO YES NO NO PING ICMP 1 N A N A NO YES NO YES NO YES H 323 1720 TCP 6 1720 1720 YES YES NO YES NO NO T 120 1503 TCP 6 1503 1503 YES YES NO YES NO NO SSH 22 TCP 6 22 22 NO YES NO YES NO NO NTP SNTP UDP 17 123 123 NO YES NO YES NO YES HTTP HTTP Proxy 8080 TCP 6 ...

Page 70: ...t the IP address and Subnet Mask to 0 0 0 0 to inactive the Address Filter rule Tip To block access to from a single IP address enter that IP address as the Host IP Address and use a Host Subnet Mask of 255 255 255 255 Type It is the packet protocol type used by the application select TCP UDP or both TCP UDP Protocol Number Insert the port number Source Port This Port or Port Ranges defines the po...

Page 71: ...set IP address and Subnet Mask to 0 0 0 0 to inactive the Address Filter rule Tip To block access to from a single IP address enter that IP address as the Host IP Address and use a Host Subnet Mask of 255 255 255 255 Type It is the packet protocol type used by the application select TCP UDP or both TCP UDP Protocol Number Insert the port number i e GRE 47 Source Port This Port or Port Ranges defin...

Page 72: ...ed on the local network when the firewall is enabled you have to configure the Port Filters setting for HTTP As you can see from the diagram below when the firewall is enabled with one of the three presets Low Medium High security level selected an inbound HTTP access is not allowed which means remote access through HTTP to your router is not allowed Note Inbound indicates accessing from the Inter...

Page 73: ...s case for the low security level shown below Note You may click Edit the predefined rule instead of Delete it This is an example to show to how you add a filter on your own 2 If you want to delete a filter rule select the delete radio button of the HTTP rule you want to delete Then click the Edit Delete button to delete the rule ...

Page 74: ...74 3 To add a new rule Input the Rule Name Time Schedule Source Destination IP Type Source Destination Port Inbound and Outbound Then click the Add button ...

Page 75: ...pts Default is false Block Duration Victim Protection Block Duration This is the duration for blocking Smurf attacks Default value is 600 seconds Scan Attack Block Duration This is the duration for blocking hosts that attempt a possible Scan attack Scan attack types include X mas scan IMAP SYN FIN scan and similar at tempts Default value is 86400 seconds DoS Attack Block Duration This is the durat...

Page 76: ... Scan UDP Dst Port Echo 7 Src IP Scan Yes Yes CharGen Scan UDP Dst Port CharGen 19 Src IP Scan Yes Yes X mas Tree Scan TCP Flag X mas Src IP Scan Yes Yes IMAP SYN FIN Scan TCP Flag SYN FIN DstPort IMAP 143 SrcPort 0 or 65535 Src IP Scan Yes Yes SYN FIN RST ACK Scan TCP No Existing session And Scan Hosts more than five Src IP Scan Yes Yes Net Bus Scan TCP No Existing session DstPort Net Bus 12345 1...

Page 77: ... the Block Mode Always On Action is enabled URL filter rules will be monitoring and checking at all hours of the day TimeSlot1 TimeSlot16 It is a self defined time period You may specify the time period to check the URL filter rules i e during working hours For setup and detail refer to Time Schedule section Keywords Filtering Allow blocking against specific keywords within a particular URL rather...

Page 78: ...ermine if it is in the trusted list If yes the connection attempt is sent to the remote web server 2 If not check if it is listed in the forbidden list If yes then the connection attempt will be dropped 3 If the packet does not match either of the above two conditions it is sent to the remote web server 4 Please be noted that the completed URL www domain name should be specific e g In order to blo...

Page 79: ...this is the situation Block surfing by IP address function can become helpful Now Andy can successfully prevent Bobby from accessing other websites Restrict URL Features This function enhances the restriction to your URL rules Block Java Applet This function can block Web content that includes Java Applets It is to prevent someone who wants to damage your system via standard HTTP protocol Block su...

Page 80: ... Message blocking is not triggered No action will be performed Always On Action is enabled TimeSlot1 TimeSlot16 This is the self defined time period You may specify the time period to trigger the blocking i e during working hours For setup and detail refer to Time Schedule section Yahoo MSN Messenger Check the checkbox to block either or both Yahoo or and MSN Messenger To be sure you enabled the I...

Page 81: ...plays a log that contains information of any unexpected actions that occur to your firewall settings Check the Enable checkbox to activate event logging Log information can be seen in the Status Event Log after the feature is enabled ...

Page 82: ...normal priority for all of traffic without setting Low The utilization percentage of each priority settings are High 60 Normal 30 and Low 10 To delete an application you can click on the Delete radio button of the application and then click the Edit Delete button Name User defined description to identify the new policy application created Time Schedule Schedule your prioritization policy Priority ...

Page 83: ...sure that the router s in the network backbone are capable to execute and check the DSCP throughout the QoS network Table 4 DSCP Mapping Table DSCP Mapping Table Wireless ADSL Router Standard DSCP Disabled None Best Effort Best Effort 000000 Premium Express Forwarding 101110 Gold service L Class 1 Gold 001010 Gold service M Class 1 Silver 001100 Gold service H Class 1 Bronze 001110 Silver service ...

Page 84: ... your prioritization policy Refer to Time Schedule for more information Protocol The name of the supported protocol Rate Limit To limit the speed of the outbound traffic Source IP Address Range The source IP address or the range of packets to be monitored Source Port s The source port of the packets to be monitored Destination IP Address Range The destination IP address or the range of packets to ...

Page 85: ... your prioritization policy Refer to Time Schedule for more information Protocol The name of the supported protocol Rate Limit To limit the speed of the inbound traffic Source IP Address Range The source IP address or the range of the packets to be monitored Source Port s The source port of the packets to be monitored Destination IP Address Range The destination IP address or the range of the pack...

Page 86: ...86 Example QoS for your Network Connection Diagram VoIP Normal PCs Restricted PC ...

Page 87: ...87 Information and Settings Upstream 928 kbps Downstream 8 Mbps VoIP User 192 168 1 1 Normal Users 192 168 1 2 192 168 1 5 Restricted User 192 168 1 100 ...

Page 88: ...he level of priority as high to prevent other applications from saturating the bandwidth Voice application Voice is latency sensitive application Most VoIP devices are use SIP protocol and the port number will be assigned by SIP module automatically Better to use fixed IP address for catching VoIP packets as high priority The setting above will help to improve the quality of your VoIP service when...

Page 89: ...s to limit its utilization only during daytime Advanced setting by using IP throttling IP throttling enables you to set parameters for bandwidth allocation although the applications maybe located on the same level Upstream 928kbps 29 32kbps Mission critical Application 192kbps 6 32kbps Voice Application 128kbps 4 32kbps Restricted Application 160kbps 5 32kbps Other Applications 448kbps 14 32kbps 6...

Page 90: ... Sometime your customers or friends may upload their files to your FTP server and that will saturate your downstream bandwidth The settings below help you to limit bandwidth for the restricted application ...

Page 91: ...using NAT Network Address Translation then you will usually need to configure your router to forward these incoming connection attempts using specific ports to the PC on your network running the application You will also need to use port forwarding if you want to host an online game server The reason for this is that when using NAT your publicly accessible IP address will be used by and point to y...

Page 92: ...ry or click the Application drop down menu to select an existing predefined rules 20 predefined rules are available Application Protocol and External Redirect Ports will be filled after the selection Protocol It is the supported protocol for the virtual server In addition to specifying the port number to be used you will also need to specify the protocol used The protocol used is determined by a p...

Page 93: ... the Router with an IP address of 192 168 1 254 Since port number 80 has already been predefined next to the Application click Helper A window with a list of predefined rules will pop you can then select HTTP_Sever Application HTTP_Sever Time Schedule Always On Protocol tcp External Port 80 80 Redirect Port 80 80 IP Address 192 168 1 254 Add Click it to apply your settings Edit Delete Click it to ...

Page 94: ...t Cautious The local computer that is exposed to the Internet may face various security risks Go to Configuration Virtual Server Edit DMZ Host Enabled It activates your DMZ function Disabled As set in default setting it disables the DMZ function Internal IP Address Give a static IP address to the DMZ Host when Enabled radio button is checked Be aware that this IP will be exposed to the WAN Interne...

Page 95: ... Server Edit One to one NAT NAT Type Select the desired NAT type One to One NAT function is set to Disabled by default Global IP Address Subnet The subnet of the public WAN IP address given by your ISP If your ISP has pro vided this information you may insert it here Otherwise use IP Range method IP Range The IP address range of your public WAN IP addresses For example IP 1 1 1 1 end IP 1 1 1 10 S...

Page 96: ...efined time period to enable your virtual server You may specify a time schedule or select Always on for this Virtual Server Entry For setup and detail refer to Time Schedule section Global IP Define a public WAN IP address for this Application This Global IP address must be defined in the Global IP Address blank External Port The Port number on the Remote WAN side used when accessing the virtual ...

Page 97: ...ebsite at http www iana org assignments port numbers For help on determining which private port numbers are used by common applications on this list please see the FAQs Frequently Asked Questions at http www billion com Table 5 Well known and registered Ports Port Number Protocol Description 20 TCP FTP Data 21 TCP FTP Contro 22 TCP UDP SSH Remote Login Protocol 23 TCP Telnet 25 TCP SMTP Simple Mai...

Page 98: ... for users to turn on boot the computer of the network from a remotely site MAC Address Enter the MAC address of the target computer or you can select the MAC address directly from the Select drop down menu on the right You can select the MAC from this list ...

Page 99: ...low the use of the Internet by users or applications Time Schedule correlates closely with router time Since router does not have a real time clock on board it uses the Simple Network Time Protocol SNTP to get the current time from an SNTP server Refer to Time Zone for details Your router time should correspond with your local time If the time is not set correctly your Time Schedule will not funct...

Page 100: ... of this Time Slot will be shown ID This is the index of the time slot Name A user defined description to identify this time portfolio Day in a week The default is set from Monday through Friday You may also specify the days for the schedule to be applied to Start Time The default is set at 8 00 AM You may specify the start time of the schedule End Time The default is set at 18 00 6 00PM You may s...

Page 101: ...ete radio button of the Time Slot you wish to delete under the Time Slot section and then click the Edit Delete button to confirm the deletion of the selected Time profile i e erase the Day and back to default setting of Start Time End Time ...

Page 102: ...dvanced section Static Route Static ARP Dynamic DNS Check Email Device Management and IGMP Static Route Go to Configuration Advanced Static Route Destination This is the destination subnet IP address Netmask Subnet mask of the destination IP addresses based on the above destination subnet IP Gateway This is the gateway IP address to which packets are to be forwarded Interface Select the interface ...

Page 103: ...03 Static ARP IP Address Fill in the IP address of the host computer that is sending the data packet MAC Address Fill in the MAC address of the computer that the incoming data packets are to be forwarded ...

Page 104: ...establish an account with the Dynamic DNS provider using their website for example http www dyndns org There are more than 5 DDNS services supported Dynamic DNS Disable Check to disable the Dynamic DNS function Enable Check to enable the Dynamic DNS function The following fields will be activated and required Dynamic DNS Server Select the DDNS service you have established an account with Domain Na...

Page 105: ...on The following fields will be activated and required Account Name Enter the name login of the POP3 account you wish to check Normally it is the text in your email address before the symbol If you have trouble with it please contact your ISP Password Enter the account s password POP3 Mail Server Enter your POP mail server name You Internet Service Provider ISP or network administrator will be abl...

Page 106: ...your router security option and device monitoring features Device Host Name Host Name Assign it a name Note The Host Name must have more than a word These two words should be connected with a period inbetween Example Host Name homegateway Incorrect Host Name home gateway or my home gateway Correct ...

Page 107: ...nP in addition to the router Windows XP and Windows ME natively support UPnP when the component is installed while Windows 98 users may install the Internet Connection Sharing client from Windows XP in order to gain support for UPnP Nevertheless Windows 2000 does not support UPnP Disable Check to disable the router s UPnP functionality Enable Check to enable the router s UPnP functionality UPnP Po...

Page 108: ...re supported From RFC 1213 MIB II System group System group Interface group Address Translation group IP group ICMP Group TCP group UDP group EGP not applicable Transmission SNMP group From RFC 1650 EtherLike MIB dot3stats From RFC 1493 Bridge MIB dot1 dBase group dot1 dTp group dot1 dStp group if configured as span ning tree From RFC 1472 PPP Security MIB PPP security group From RFC 1473 PPP IP M...

Page 109: ...ast packet Default is set to Enable IGMP Snooping Allowing switched Ethernet to check and make correct forwarding decisions Default is set to Disable VLAN Bridge This section allows you to create VLAN group and specify the members of each group Edit Edit your member ports in selected VLAN group Create VLAN To create another VLAN group ...

Page 110: ...rface the other users cannot access the system interface until the current user has logged out of the system If the previous user forgets to logout the second PC can only access the router web interface after a user defined auto logout period which is by default 3 minutes You can however modify the value of the auto logout period using the Advanced Device Management section of the router web inter...

Page 111: ...econds Problems with WAN interface Problem Suggested Action Initialization of PVC connection line sync fail Frequent loss of ADSL linesync disconnection Make sure that the telephone cable is properly con nected between the ADSL port and the wall jack The ADSL LED on the front panel should lit Check that your VPI VCI encapsulation type and type of multi plexing settings are the same as those provid...

Page 112: ...should be on for the port that has a PC connected If it does not lit check to see if the cable between your router and the PC is properly connected Make sure you have first unin stalled your firewall program before troubleshooting Verify that the IP address and the subnet mask are consis tent for both the router and the workstations ...

Page 113: ...rsist or you come across other technical issues that are not listed in the Troubleshooting section please contact the dealer from where you purchased your product Contact Billion Worldwide http www billion com MAC OS is a registered Trademark of Apple Computer Inc Windows 98 Windows NT Windows 2000 Windows Me Windows XP and Windows Vista are registered Trademarks of Microsoft Corporation ...

Page 114: ......

Page 115: ......

Reviews: