background image

myGuard 7500GL 802.11g Security ADSL Router 
 

Chapter 4:Configuration 

 

 

 

Configuring PPTP VPN in the Branch Office 

The IP address 69.1.121.30 is the 

Public IP

 address of the router located in head office. If you 

registered the DDNS (please refer to the 

DDNS

 section of this manual), you can also use the 

domain name instead of the IP address to reach the router.

 

 

 

1

2

3

4

5

6

 
 

Item Function 

Description 

Connection Name  BranchOffice 

Given a name of PPTP connection 

Dial out 

 

Check Dial out 

Server IP Address 
(or Hostname) 

69.121.1.33 

IP address of the head office router (in WAN side) 

Peer Network IP 

192.168.1.0 

Netmask 255.255.255.0 

Head office network 

Username  

username 

Password 123456 

Input username & password to authenticate branch 
office network 

Auth.Type Chap(Auto) 
Data Encryption 

Auto 

Key Length 

Auto 

Mode stateful 

 

Keep as default value in most of the cases, PPTP 
server & client will determine the value automatically.  
Refer to manual for details if you want to change the 
setting. 

Idle Time 

The connection will be disconnected when there Is no 
traffic in a predefined period of time.  Idle time 

means 

the connection is always-on. 

 

89

Summary of Contents for myGuard 7500GL

Page 1: ...myGuard 7500GL 802 11g Security ADSL Router User s Manual Version Release 1 54c ...

Page 2: ......

Page 3: ...CH HA AP PT TE ER R 3 3 B BA AS SI IC C I IN NS ST TA AL LL LA AT TI IO ON N 9 9 CONNECTING YOUR ROUTER 9 CONFIGURING PCS IN WINDOWS 10 For Windows XP 10 For Windows 2000 11 For Windows 98 ME 12 For Windows NT4 0 13 ACTIVATING TREND MICRO SECURITY SERVICES 14 FACTORY DEFAULT SETTINGS 15 Username and Password 15 LAN and WAN Port Addresses 15 INFORMATION FROM YOUR ISP 16 CONFIGURING WITH YOUR WEB BR...

Page 4: ... WAN Wide Area Network 37 ISP 37 DNS 47 ADSL 48 System 49 Time Zone 49 Remote Access 50 Firmware Upgrade 51 Backup Restore 52 Restart Router 53 User Management 54 Firewall and Access Control 55 General Settings 56 Packet Filter 57 Intrusion Detection 63 MAC Address Filter 65 URL Content Filtering 66 Firewall Log 68 VPN Virtual Private Networks 69 PPTP 69 IPSec 74 Advanced Option 77 L2TP 78 QoS Qua...

Page 5: ...ics 118 GETTING S C CH HA AP PT TE ER R 5 5 T TR RO OU UB BL LE ES SH HO OO OT TI IN NG G 1 13 38 8 A AP PP PE EN ND DI IX X A A P PR RO OD DU UC CT T S SU UP PP PO OR RT T A AN ND D C CO ON NT TA AC CT T I IN NF FO OR RM MA AT TI IO ON N 1 14 41 1 TARTED WITH TREND MICRO SECURITY SERVICES 119 SAVE CONFIGURATION TO FLASH 136 LOGOUT 137 PROBLEMS STARTING UP THE ROUTER 138 PROBLEMS WITH THE WAN INTE...

Page 6: ......

Page 7: ...event virus and other threats from damage your PC Trend Micro powered Security Services On subscription base with 60 day FREE evaluation Trend Micro powered Security Services provide Anti Virus Anti Spam and Parental Controls The former 2 features provide to protect your PC from potential virus infection and spam emails For extra protection upon browsing Internet parents or caregivers can pre defi...

Page 8: ... can now connect to Net meeting or MSN Messenger seamlessly Network Address Translation NAT Allows multi users to access outside resources such as the Internet simultaneously with one IP address one Internet access account Many application layer gateway ALG are supported such as web browser ICQ FTP Telnet E mail News Net2phone Ping NetMeeting IP phone and others Firewall Supports SOHO firewall wit...

Page 9: ...side web servers directly while it is protected by NAT A DMZ host setting is also provided to a local computer exposed to the outside network Internet Rich Packet Filtering Not only filters the packet based on IP address but also based on Port numbers It will filter packets from and to the Internet and also provides a higher level of security control Dynamic Host Configuration Protocol DHCP client...

Page 10: ...hapter 1 Introduction myGuard 7500GL Application myGuard 7500GL 802 11g Security ADSL Router Figure 1 1 Application Diagram of myGuard 7500GL 802 11g Security ADSL Router Thank you for your purchase and welcome to the world of broadband Internet 4 ...

Page 11: ...rvice center Avoid using this product and all accessories outdoors Attention Place the myGuard 7500GL on a stable surface Only use the power adapter that comes with the package Using a different voltage rating power adaptor may damage the router Package Contents myGuard 7500GL 802 11g Security ADSL Router CD with the user s manual in PDF format router s application and Trend Micro Internet Securit...

Page 12: ...Blinking when data is transmitted received 5 LAN port 3 Lit when connected to an Ethernet device Green for 100Mbps Orange for 10Mbps Blinking when data is transmitted received 6 LAN port 4 Lit when connected to an Ethernet device Green for 100Mbps Orange for 10Mbps Blinking when data is transmitted received 7 WLAN Lit green when the wireless connection is established Flashes when sending receiving...

Page 13: ...ort 3 LAN 1X 4X RJ 45 connector Connect a UTP Ethernet cable Cat 5 or Cat 5e to one of the four LAN ports when connecting to a PC or an office home network of 10Mbps or 100Mbps 4 RESET After the device is powered on press it to reset the device or restore to factory default settings 0 3 seconds reset the device 6 seconds above restore to factory default settings this is used when you cannot login ...

Page 14: ...oper cables Ensure that all other devices connected to the same telephone line as your Billion router e g telephones fax machines analogue modems have a line filter connected between them and the wall socket unless you are using a Central Splitter or Central Filter installed by a qualified and licensed electrician and ensure that all line filters are correctly installed and the right way around Mi...

Page 15: ...siest way is to configure the PC to get an IP address automatically from the router using DHCP If you encounter any problems accessing the router s web interface it may also be advisable to uninstall any kind of software firewall on your PCs as they can cause problems accessing the 192 168 1 254 IP address of the router Users should make their own decisions on how to best protect their network Ple...

Page 16: ...ection See Figure 3 1 3 In the LAN Area Connection Status window click Properties See Figure 3 2 4 Select Internet Protocol TCP IP and click Properties See Figure 3 3 5 Select the Obtain an IP address automatically and Obtain DNS server address automatically radio buttons See Figure 3 4 6 Click OK to finish the configuration Figure 3 1 LAN Area Connection Figure 3 2 LAN Connection Status Figure 3 ...

Page 17: ...e Figure 3 5 3 In the LAN Area Connection Status window click Properties See Figure 3 6 4 Select Internet Protocol TCP IP and click Properties See Figure 3 7 5 Select the Obtain an IP address automatically and Obtain DNS server address automatically radio buttons See Figure 3 8 6 Click OK to finish the configuration Figure 3 5 LAN Area Connection Figure 3 6 LAN Connection Status Figure 3 7 TCP IP ...

Page 18: ...000 Compatible or the name of any Network Interface Card NIC in your PC See Figure 3 9 3 Click Properties 4 Select the IP Address tab In this page click the Obtain an IP address automatically radio button See Figure 3 10 5 Then select the DNS Configuration tab See Figure 3 11 6 Select the Disable DNS radio button and click OK to finish the configuration Figure 3 9 TCP IP Figure 3 10 IP Address Fig...

Page 19: ...to Start Settings Control Panel In the Control Panel double click Network and choose the Protocols tab 2 Select TCP IP Protocol and click Properties See Figure 3 12 3 Select the Obtain an IP address from a DHCP server radio button and click OK See Figure 3 13 Figure 3 12 TCP IP Figure 3 13 IP Address ...

Page 20: ...Protection Parental Controls Not available 60 day evaluation version with option to purchase for one year use To activate Trend Micro Security Services perform the following Step 1 Registering your Trend Micro account Step 2 Validating the Registration Email Step 3 Installing Trend Micro Internet Security named TIS 11 35 Package Important you may download it through the Internet or CD folder named...

Page 21: ... and password are admin and admin respectively Attention Attention If you ever forget the password to log in you may press the RESET button to restore the factory default settings LAN and WAN Port Addresses The parameters of LAN and WAN ports are pre set in the factory The default values are shown below LAN Port WAN Port IP address 192 168 1 254 Subnet Mask 255 255 255 0 DHCP server function Enabl...

Page 22: ... IP address it can be automatically assigned by your ISP when you connect or be set manually PPPoA VPI VCI VC based LLC based multiplexing Username Password and Domain Name System DNS IP address it can be automatically assigned by your ISP when you connect or be set manually RFC1483 Bridged VPI VCI VC based LLC based multiplexing to use Bridged Mode RFC1483 Routed VPI VCI VC based LLC based multip...

Page 23: ...er enter the IP address of your router which by default is 192 168 1 254 and click Go a user name and password window prompt will appear The default username and password are admin and admin See Figure 3 14 Figure 3 14 User namd Password Prompt Widonw Congratulation You are now successfully logon to the myGuard 7500GL ADSL Router ...

Page 24: ...on Routing Table DHCP Table PPTP Status IPSec Status L2TP Status Email Status Event Log Error Log NAT Sessions and UPnP Portmap Quick Start Configuration LAN WAN System Firewall VPN QoS Virtual Server and Advanced TMSS Security Services Security Surveying Parental Controls Save Config to FLASH Language provides user interface in English and German languages Please see the relevant sections of this...

Page 25: ...your PCs to use with the router s Firewall MAC Address Filter function See the Firewall section of this manual for more information on this feature IP Address A list of IP addresses of devices on your LAN Local Area Network MAC Address The MAC Media Access Control addresses for each device on your LAN Interface The interface name on the router that this IP Address connects to Static Static status ...

Page 26: ...myGuard 7500GL 802 11g Security ADSL Router Chapter 4 Configuration Wireless Association IP Address It is IP address of wireless client that joins this network MAC The MAC address of wireless client 20 ...

Page 27: ...stination netmask address Gateway Interface The IP address of the gateway or existing interface that this route will use Cost The number of hops counted as the cost of the route RIP Routing Table Destination The IP address of the destination network Netmask The destination netmask address Gateway The IP address of the gateway that this route will use Cost The number of hops counted as the cost of ...

Page 28: ...IP Address The IP address that assigned to client Client UID hw addr The MAC address of client Client Host Name The Host Name Computer Name of client Expiry The current lease time of client Expired Table Please refer the Leased Table Permanent Table Name The name you assigned to the Permanent configuration IP Address The fixed IP address for the specify client MAC Address The MAC Address that you ...

Page 29: ...r PPTP connection in your VPN configuration Type The type of connection dial in dial out Enable Whether the connection is currently enabled Active Whether the connection is currently active Tunnel Connected Whether the VPN Tunnel is currently connected Call Connected If the Call for this VPN entry is currently connected Encryption The encryption type used for this VPN connection 23 ...

Page 30: ...he particular VPN entry Active Whether the VPN Connection is currently Active Connection State Whether the VPN is Connected or Disconnected Statistics Statistics for this VPN Connection Local Subnet The local IP Address or Subnet used Remote Subnet The Subnet of the remote site Remote Gateway The Remote Gateway IP address SA The Security Association for this VPN entry 24 ...

Page 31: ...out Enable Whether the connection is currently enabled Active Whether the connection is currently active Tunnel Connected Whether the VPN Tunnel is currently connected Call Connected If the Call for this VPN entry is currently connected Encryption The encryption type used for this VPN connection Email Status Details and status for the Email Account you have configured the router to check Please se...

Page 32: ...outer s ADSL connection is disconnected as well as Firewall events when you have enabled Intrusion or Blocking Logging in the Configuration Firewall section of the interface Please see the Firewall section of this manual for more details on how to enable Firewall logging Error Logging Any errors encountered by the router e g invalid names given to entries are logged to this window 26 ...

Page 33: ...ts all current NAT sessions between interface of types external WAN and internal LAN UPnP Portmap The section lists all port mapping established using UPnP Universal Plug and Play Please see the Advanced section of this manual for more details on UPnP and the router s UPnP configuration options 27 ...

Page 34: ... need for the Quick Start wizard to get you online are your login often in the form of username ispname your password and the encapsulation type Your ISP will be able to supply all the details you need alternatively if you have deleted the current WAN Connection in the WAN ISP section of the interface you can use the router s PVC Scan feature to attempt to determine the Encapsulation types offered...

Page 35: ... your ISP If the scan is successful you will then be presented with a list of supported options Select the desired option from the list and click Apply to return to the Quick Start interface to continue configuring your ISP connection Please note that the contents of this list will vary depending on what is supported by your ISP 29 ...

Page 36: ... Network There are four items within the LAN section Ethernet Wireless Wireless Security Port Setting and DHCP Server Ethernet The router supports two Ethernet IP addresses in the LAN and two different LAN subnets through which you can access the Internet at the same time Users usually only have one subnet in their LAN so there is no need to configure a Secondary IP address The default IP address ...

Page 37: ... ESSID Broadcast Disable Any client that using the any setting cannot discover the Access Point AP in question Enable Any client that using the any setting can discover the Access Point AP in question Regulation Domain There are five Regulation Domains for you to choose from including North America N America Europe France etc The Channel ID will be different based on this setting Channel ID Select...

Page 38: ...TKIP Temporal Key Integrity Protocol utilizes a stronger encryption method and incorporates Message Integrity Code MIC to provide protection against hackers WPA Shared Key The key for network authentication The input format is in character style and key size should be in the range between 8 and 63 characters Group Key Renewal The period of renewal time for changing the security key automatically b...

Page 39: ...orithm in WEP64 or WEP128 You can input the same string in both the AP and Client card settings to generate the same WEP keys Please note that you do not have to enter Key 0 3 as below when the Passphrase is enabled Default Used WEP Key Select the encryption key ID please refer to Key 0 3 below Key 0 3 Enter the key to encrypt wireless data To allow encrypted data transmission the WEP Encryption K...

Page 40: ... solve compatibility issues The default is Auto which users should keep unless there are specific problems with PCs not being able to access your LAN IPv4 TOS priority Control Advanced users TOS Type of Services is the 2nd octet of an IP packet Bits 6 7 of this octet are reserved and bit 0 2 are used to specify the priority precedence of the packet and bits 3 5 are specified the delay throughput a...

Page 41: ...the IP address of the router by default this is 192 168 1 254 To configure the router s DHCP Server check DHCP Server and click Next You can then configure parameters of the DHCP Server including the IP pool starting IP address and ending IP address to be allocated to PCs on your network lease time for each assigned IP address the period of time the IP address assigned will be valid DNS IP address...

Page 42: ...k DHCP Relay Agent and click Next then you will have to enter the IP address of the DHCP server which will assign an IP address back to the DHCP client in the LAN Use this function only if advised to do so by your network administrator or ISP Click Apply to enable this function 36 ...

Page 43: ...items within the WAN section ISP DNS and ADSL ISP The factory default is PPPoE If your ISP uses this access protocol click Edit to input other parameters as below If your ISP does not use PPPoE you can change the default WAN connection entry by clicking Change A simpler alternative is to select Quick Start from the main menu on the left Please see the Quick Start section of the manual for more inf...

Page 44: ...ion method Select the encapsulation format the default is LlcBridged Select the one provided by your ISP DHCP client Enable or disable the DHCP client specify if the Router can get an IP address from the Internet Service Provider ISP automatically or not Please click Obtain an IP address automatically via DHCP client to enable the DHCP client function or click Specify an IP address to disable the ...

Page 45: ...nter the username provided by your ISP You can input up to 128 alphanumeric characters case sensitive This will usually be in the format of username ispname instead of simply username Password Enter the password provided by your ISP You can input up to 128 alphanumeric characters case sensitive Service Name This item is for identification purposes If it is required your ISP will provide you the in...

Page 46: ...elects encapsulation mode true for using LLC or false for using VC Mux Create Route This setting specifies whether a route is added to the system after IPCP Internet Protocol Control Protocol negotiation is completed If set to enabled a route will be created which directs packets to the remote end of the PPP link Specific Route Specifies whether the route created when a PPP link comes up is a spec...

Page 47: ...Once IPCP has discovered the DNS server IP address it automatically gives the address to the local DNS client so that a connection can be established Give DNSto DHCP Server Similar to the above but gives the DNS server address to the DHCP server Discover Primary NBNS Discover Secondary NBNS This setting enables disables whether the primary secondary NBNS server address is requested from a remote P...

Page 48: ...elect the encapsulation format this is provided by your ISP Ether Filter Type Specify the type of ethernet filtering performed by the named bridge interface All Allows all types of ethernet packets through the port Ip Allows only IP ARP types of ethernet packets through the port Pppoe Allows only PPPoE types of ethernet packets through the port Spanning Bridge Interface Enable Disable spanning tre...

Page 49: ...ernet directly the NAT function can be disabled Username Enter the username provided by your ISP You can input up to 128 alphanumeric characters case sensitive This will usually be in the format of username ispname instead of simply username Password Enter the password provided by your ISP You can input up to 128 alphanumeric characters case sensitive IP Address Specify an IP address allowed to lo...

Page 50: ...be created which directs packets to the remote end of the PPP link Specific Route Specifies whether the route created when a PPP link comes up is a specific or default route If set to enabled the route created will only apply to packets for the subnet at the remote end of the PPP link The address of this subnet is obtained during IPCP negotiation Subnet Mask sets the subnet mask used for the local...

Page 51: ...hed Give DNSto DHCP Server Similar to the above but gives the DNS server address to the DHCP server Discover Primary NBNS Discover Secondary NBNS This setting enables disables whether the primary secondary NBNS server address is requested from a remote PPP peer using IPCP The default setting for this command is disabled Discover Subnet Mask Specifies if the subnet mask given by IPCP negotiation pr...

Page 52: ...irectly the NAT function can be disabled DHCP client Enable or disable the DHCP client specifying if the router can obtain an IP address from the Internet Service Provider ISP automatically or not Please click Obtain an IP address automatically via DHCP client to enable the DHCP client function or click Specify an IP address to disable the DHCP client function and specify the IP address manually T...

Page 53: ...ss is hard to remember the DNS converts the friendly name into its equivalent IP Address You can obtain a Domain Name System DNS IP address automatically if your ISP has provided it when you logon Usually when you choose PPPoE or PPPoA as your WAN ISP protocol the ISP will provide the DNS IP address automatically You may leave the configuration field blank Alternatively your ISP may provide you wi...

Page 54: ...ue again for taking effect with setting of Connect Mode Coding Gain Configure the ADSL coding gain from 0 dB to 7dB or automatic Tx Attenuation Setting ADSL transmission gain the value is between 0 12 DSP FirmwareVersion Current ADSL line code firmware version Connected Display current ADSL line sync status Operational Mode Display current ADSL mode standard Operational Mode your Router is using w...

Page 55: ...ter a successful connection to the Internet the router will retrieve the correct local time from the SNTP server you have specified If you prefer to specify an SNTP server other than those in the drop down list simply enter its IP address as shown above Your ISP may provide an SNTP server for you to use Resync Poll Interval in minutes is the periodic interval the router will wait before it re sync...

Page 56: ...ect a time period the router will permit remote access for and click Enable You may change other configuration options for the web administration interface using Device Management options in the Advanced section of the GUI If you wish to permanently enable remote access choose a time period of 0 minutes This setting cannot be saved into flash when timer set to zero 50 ...

Page 57: ...time this software may be improved and modified and your Billion router allows you to upgrade the software it runs to take advantage of these changes Clicking on Browse will allow you to select the new firmware image file you have downloaded to your PC Once the correct file is selected click Upgrade to update the firmware in your router 51 DO NOT power down the router or interrupt the firmware upg...

Page 58: ...y significant changes to your router s configuration Press Backup to select where on your local PC to save the settings file You may also change the name of the file when saving if you wish to keep multiple backups Press Browse to select a file from your PC to restore You should only restore settings files that have been generated by the Backup function and that were created when using the current...

Page 59: ...you wish to restart the router using the factory default settings for example after a firmware upgrade or if you have saved an incorrect configuration select Factory Default Settings to reset to factory default settings You may also reset your router to factory settings by holding the small Reset pinhole button on the back of your router in for 10 12 seconds whilst the router is turned on 53 ...

Page 60: ...ave clicked on Edit you are shown the following options You can change the user s password whether their account is active and Valid as well as add a comment to each user account These options are the same when creating a user account with the exception that once created you cannot change the username You cannot delete the default admin account however you can delete any other created accounts by ...

Page 61: ...des three levels of security support NAT natural firewall This masks LAN users IP addresses which are invisible to outside users on the Internet making it much more difficult for a hacker to target a machine on your network This natural firewall is on when NAT function is enabled 55 When using Virtual Servers your PCs will be exposed to the degree specified in your Virtual Server settings provided...

Page 62: ...e the Firewall they are All blocked User defined no pre defined port or address filter rules by default meaning that all inbound Internet to LAN and outbound LAN to Internet packets will be blocked Users have to add their own filter rules for further access to the Internet High Medium Low security level the pre defined port filter rules for High Medium and Low security are displayed in Port Filter...

Page 63: ... 11g Security ADSL Router Chapter 4 Configuration 57 Any remote user who is attempting to perform this action may result in blocking all the accesses to configure and manage of the device from the Internet Packet Filter ...

Page 64: ...3 NO YES NO YES YES YES FTP 21 TCP 6 21 21 NO NO NO YES NO YES Telnet 23 TCP 6 23 23 NO NO NO YES NO YES SMTP 25 TCP 6 25 25 NO YES NO YES NO YES POP3 110 TCP 6 110 110 NO YES NO YES NO YES NEWS 119 TCP 6 119 119 NO NO NO YES NO YES RealAudio 7070 UDP 17 7070 7070 NO NO YES YES YES YES PING ICMP 1 N A N A NO YES NO YES NO YES H 323 1720 TCP 6 1720 1720 NO NO NO YES YES YES T 120 1503 TCP 6 1503 15...

Page 65: ...he other is outbound The rules can be set to prevent unauthorized users hosts or network to access the Internet from LAN outbound and or access LAN from the Internet inbound Host IP Address This is the IP address you wish to block access to or from Host Subnet Mask This is the subnet mask for the IP address range you wish to block Direction Whether you want to block access to the Internet outbound...

Page 66: ... the firewall is set to a high medium or low security level To setup a web server located on the local network when the firewall is enabled you have to configure the Port Filters setting for HTTP As you can see from the diagram below when the firewall is enabled with one of the three presets Low Medium High inbound HTTP access is not allowed Configuring Packet Filter 1 Click Packet Filter you will...

Page 67: ... port filter rules screen in this case for the low security level shown below Click Delete 3 Click Delete to delete the existing HTTP rule 4 Click Add TCP Filter Click Add TCP Filter 5 Input the port number 80 and set both Inbound Outbound to Allow Input HTTP port number Select Allow 6 The new port filter rule for HTTP is shown below 61 ...

Page 68: ...so that incoming HTTP requests on port 80 will be forwarded to the PC running your web server To enable the HTTP service in Virtual Server settings input the web server PC s IP address Tip If you wish to setup permanent remote management of your router you may enter the router s IP instead HTTP inbound outbound application 62 ...

Page 69: ...abled Some attack types are denied immediately without using the Blacklist function such as Land attack and Echo CharGen scan Block Duration DoS Attack Block Duration This is the duration for blocking hosts that attempt a possible Denial of Service DoS attack Possible DoS attacks this attempts to block include Ascend Kill and WinNuke Default value is 1800 seconds Scan Attack Block Duration This is...

Page 70: ...g URG Src IP DoS Yes Yes Smurf ICMP type 8 Des IP is broadcast Dst IP Victim Protection Yes Yes Land attack SrcIP DstIP Yes Yes Echo CharGen Scan UDP Echo Port and CharGen Port Yes Yes Echo Scan UDP Dst Port Echo 7 Src IP Scan Yes Yes CharGen Scan UDP Dst Port CharGen 19 Src IP Scan Yes Yes X mas Tree Scan TCP Flag X mas Src IP Scan Yes Yes IMAP SYN FIN Scan TCP Flag SYN FIN DstPort IMAP 143 SrcPo...

Page 71: ...pecified machines or else to block specific machines from accessing your LAN There are no pre defined MAC address filter rules you can add the filter rules to meet your requirements Enable Disable To enable or disable the MAC Address Filter function Allowed Blocked To allow or block the following MAC addresses to surf outside network only If you check Allowed please be sure your PC s MAC address i...

Page 72: ...e URL filter rules i e at all hours of the day Block from Specify the time period to check the URL filter rules e g during work hours Keywords Filtering Allows blocking by specific keywords within a particular URL rather than having to specify a complete URL e g to block any image called advertisement gif When enabled your specified keywords list will be checked to see if any keywords are present ...

Page 73: ...he above two items it is sent to the remote web server 4 Please be note that the domain only should be specified not the full URL For example to block traffic to www sex com enter sex or sex com instead of www sex com In the example below the URL request for www abc com will be sent to the remote web server because it is listed in the trusted list whilst the URL request for www sex or www sex com ...

Page 74: ...ter Chapter 4 Configuration Firewall Log Firewall Log display log information of any unexpected action with your firewall settings Check the Enable box to activate the logs Log information can be seen in the Status Event Log after enabling 68 ...

Page 75: ...support three main types of VPN Virtual Private Network PPTP IPSec and L2TP and these are the two major section choices from the menu on the left PPTP There are two types of PPTP VPN supported Remote Access and LAN to LAN please refer below for more information Click Create to configure a new VPN connection 69 ...

Page 76: ...ur own password PPP Authentication Type Default is Auto if you want the router to determine the authentication type to use or else manually specify CHAP Challenge Handshake Authentication Protocol or PAP Password Authentication Protocol if you know which type the server is using when acting as a client or else the authentication type you want clients connecting to you to use when acting as a serve...

Page 77: ...l be changed every 256 packets when you select Stateful mode If you select Stateless mode the key will be changed in each packet Idle Time Auto disconnect the VPN connection when there is no activity on the connection for a predetermined period of time 0 means this connection is always on Click Apply after changing settings 71 ...

Page 78: ...re a Dial In user server enter your own username Password If you are a Dial Out user client enter the password provided by the your Host If you are a Dial In user server enter your own password PPP Authentication Type Default is Auto if you want the router to determine the authentication type to use or else manually specify CHAP Challenge Handshake Authentication Protocol or PAP Password Authentic...

Page 79: ...ovide stronger encryption than 40 bit keys Mode You may select Stateful or Stateless mode The key will be changed every 256 packets when you select Stateful mode If you select Stateless mode the key will be changed in each packet Idle Time Auto disconnect the VPN connection when there is no activity on the connection for a predetermined period of time 0 means this connection is always on Click App...

Page 80: ...myGuard 7500GL 802 11g Security ADSL Router Chapter 4 Configuration IPSec Click Create to configure a new IPSec VPN connection 74 ...

Page 81: ... 192 168 1 1 through to 192 168 1 254 IP Range The IP address range of the local network For example IP 192 168 1 1 end IP 192 168 1 10 Remote Secure Gateway Address or hostname The IP address or hostname of the remote VPN device that is connected and establishes a VPN tunnel Network Set the IP address subnet or address range of the remote network Proposal Proposal Select the IPSec security method...

Page 82: ...d Encryption Standards it uses 128 bits as an encryption method Perfect Forward Secrecy Choose whether to enable PFS using Diffie Hellman public key cryptography to change encryption keys during the second phase of VPN negotiation This function will provide better security but extends the VPN negotiation time Diffie Hellman is a public key cryptography protocol that allows two parties to establish...

Page 83: ...e before new encryption and authentication key will be exchanged There are two kinds of SAs IKE and IPSec IKE negotiates and establishes SA on behalf of IPSec an IKE SA is used by IKE Phase 1 IKE To issue an initial connection request for a new VPN tunnel The range can be from 5 to 15 000 minutes and the default is 240 minutes Phase 2 IPSec To negotiate and establish secure authentication The rang...

Page 84: ...02 11g Security ADSL Router Chapter 4 Configuration L2TP There are two types of L2TP VPN supported Remote Access and LAN to LAN please refer below for more information Click Create to configure a new VPN connection 78 ...

Page 85: ...client enter the password provided by your Host If you are a Dial In user server enter your own password PPP Authentication Type Default is Auto if you want the router to determine the authentication type to use or else manually specify CHAP Challenge Handshake Authentication Protocol or PAP Password Authentication Protocol if you know which type the server is using when acting as a client or else...

Page 86: ...ES Stands for Advanced Encryption Standards it uses 128 bits as an encryption method Perfect Forward Secrecy Choose whether to enable PFS using Diffie Hellman public key cryptography to change encryption keys during the second phase of VPN negotiation This function will provide better security but extends the VPN negotiation time Diffie Hellman is a public key cryptography protocol that allows two...

Page 87: ... Network IP setting Username If you are a Dial Out user client enter the username provided by your Host If you are a Dial In user server enter your own username Password If you are a Dial Out user client enter the password provided by the your Host If you are a Dial In user server enter your own password PPP Authentication Type Default is Auto if you want the router to determine the authentication...

Page 88: ...bits as an encryption method 3DES Stands for Triple Data Encryption Standard it uses 168 56 3 bits as an encryption method AES Stands for Advanced Encryption Standards it uses 128 bits as an encryption method Perfect Forward Secrecy Choose whether to enable PFS using Diffie Hellman public key cryptography to change encryption keys during the second phase of VPN negotiation This function will provi...

Page 89: ...iguring a Remote Access PPTP VPN Dial in Connection A remote worker establishes a PPTP VPN connection with the head office using Microsoft s VPN Adapter included with Windows 2000 ME etc The router is installed in the head office connected to a couple of PCs and Servers Dial in 83 ...

Page 90: ...ss Assigned to Dialing User 192 168 1 200 An assigned IP address for the remote worker Username username 3 Password 123456 Input username password to authenticate remote worker Auth Type Chap Auto Data Encryption Auto Key Length Auto 4 Mode stateful Keep as default value in most of the cases PPTP server client will determine the value automatically Refer to manual for details if you want to change...

Page 91: ...ation Example Configuring a Remote Access PPTP VPN Dial out Connection A company s office establishes a PPTP VPN connection with a file server located at a separate location The router is installed in the office connected to a couple of PCs and Servers Dial out 85 ...

Page 92: ... 2 Server IP Address or Hostname 69 121 1 33 An Dialed server IP Username username 3 Password 123456 A given username password Auth Type Chap Auto Data Encryption Auto Key Length Auto 4 Mode stateful Keep as default value in most of the cases PPTP server client will determine the value automatically Refer to manual for details if you want to change the setting 5 Idle Time 0 The connection will be ...

Page 93: ... PPTP VPN Connection The branch office establishes a PPTP VPN tunnel with head office to connect two private networks over the Internet The routers are installed in the head office and branch office accordingly Attention Both office LAN networks MUST in different subnet with LAN to LAN application 87 ...

Page 94: ...r 192 168 1 200 IP address assigned to branch office network Peer Network IP 192 168 0 0 Branch office network 3 Netmask 255 255 255 0 Username username 4 Password 123456 Input username password to authenticate branch office network Auth Type Chap Auto Data Encryption Auto Key Length Auto 5 Mode stateful Keep as default value in most of the cases PPTP server client will determine the value automat...

Page 95: ...eck Dial out 2 Server IP Address or Hostname 69 121 1 33 IP address of the head office router in WAN side Peer Network IP 192 168 1 0 3 Netmask 255 255 255 0 Head office network Username username 4 Password 123456 Input username password to authenticate branch office network Auth Type Chap Auto Data Encryption Auto Key Length Auto 5 Mode stateful Keep as default value in most of the cases PPTP ser...

Page 96: ...ter IP 69 1 121 30 69 1 121 3 Remote Network ID 192 168 1 0 24 192 168 0 0 24 Remote Router IP 69 1 121 3 69 1 121 30 IKE Pre shared Key 12345678 12345678 VPN Connection Type Tunnel mode Tunnel mode Security Algorithm ESP MD5 with AES ESP MD5 with AES Attention Both office LAN networks MUST in different subnet with LAN to LAN application Functions of Pre shared Key VPN Connection Type and Security...

Page 97: ...P Address 192 168 1 0 2 Netmask 255 255 255 0 Head office network 3 Secure Gateway Address or Hostname 69 121 1 30 IP address of the head office router in WAN side Subnet Check Subnet radio button IP Address 192 168 0 0 4 Netmask 255 255 255 0 Branch office network ESP Check ESP radio button Authentication MD5 Encryption 3DES Prefer Forward Security None Pre shared Key 12345678 Encryption Prefer F...

Page 98: ... Check Subnet radio button IP Address 192 168 0 0 2 Netmask 255 255 255 0 Branch office network 3 Secure Gateway Address or Hostname 69 121 1 3 IP address of the head office router in WAN side Subnet Check Subnet radio button IP Address 192 168 1 0 4 Netmask 255 255 255 0 Head office network ESP Check ESP radio button Authentication MD5 Encryption 3DES Prefer Forward Security None 5 Pre shared Key...

Page 99: ...myGuard 7500GL 802 11g Security ADSL Router Chapter 4 Configuration Example Configuring a IPSec Host to LAN VPN Connection 93 ...

Page 100: ...et radio button IP Address 192 168 1 0 2 Netmask 255 255 255 0 Head office network 3 Secure Gateway Address or Hostname 69 121 1 30 IP address of the head office router in WAN side Single Address Check Single Address radio button 4 IP Address 69 121 1 30 Remote worker s IP address ESP Check ESP radio button Authentication MD5 Encryption 3DES Prefer Forward Security None 5 Pre shared Key 12345678 S...

Page 101: ...guring a Remote Access L2TP VPN Dial in Connection A remote worker establishes a L2TP VPN connection with the head office using Microsoft s VPN Adapter included with Windows XP 2000 ME etc The router is installed in the head office connected to a couple of PCs and Servers Dial in 95 ...

Page 102: ...Assigned to Dialing User 192 168 1 200 An assigned IP address for the remote worker Username username 3 Password 123456 Input username password to authenticate remote worker 4 Auth Type Chap Auto Keep as default value in most of the cases 5 Idle Timeout 0 The connection will be disconnected when there Is no traffic in a predefined period of time Idle time 0 means the connection is always on IPSec ...

Page 103: ...ation Example Configuring a Remote Access L2TP VPN Dial out Connection A company s office establishes a L2TP VPN connection with a file server located at a separate location The router is installed in the office connected to a couple of PCs and Servers Dial out 97 ...

Page 104: ...aled server IP Username username 3 Password 123456 A given username password 4 Auth Type Chap Auto Keep as default value in most of the cases 5 Idle Timeout 0 The connection will be disconnected when there Is no traffic in a predefined period of time Idle time 0 means the connection is always on IPSec Enable for enhancing your L2TP VPN security Authentication MD5 Encryption 3DES Perfect Forward Se...

Page 105: ...er Chapter 4 Configuration Example Configuring your Router to Dial in to the Server Currently Microsoft Windows operation system does not support L2TP incoming service Additional software may be required to set up your L2TP incoming service 99 ...

Page 106: ... VPN tunnel with head office to connect two private networks over the Internet The routers are installed in the head office and branch office accordingly Attention Both office LAN networks MUST in different subnet with LAN to LAN application Functions of Pre shared Key VPN Connection Type and Security Algorithm MUST BE identically set up on both sides 100 ...

Page 107: ...2 168 1 200 IP address assigned to branch office network Peer Network IP 192 168 0 0 Branch office network 3 Netmask 255 255 255 0 Username username 4 Password 123456 Input username password to authenticate branch office network 5 Auth Type Chap Auto Keep as default value in most of the cases 6 Idle Timeout 0 The connection will be disconnected when there Is no traffic in a predefined period of ti...

Page 108: ...ut 2 Server IP Address or Hostname 69 121 1 33 IP address of the head office router in WAN side Peer Network IP 192 168 1 0 3 Netmask 255 255 255 0 Head office network Username username 4 Password 123456 Input username password to authenticate branch office network 5 Auth Type Chap Auto Keep as default value in most of the cases 6 Idle Timeout 0 The connection will be disconnected when there Is no...

Page 109: ...k traffic for each application from LAN Ethernet and or Wireless to WAN Internet It facilitates you to control the different quality and speed of through put for each application when the system is running with full loading of upstream You can find two items under the QoS section Prioritization and IP Throttling bandwidth management 103 ...

Page 110: ...te the function Application A name that identifies an existing rule Priority High or Low the priority for existing rule All of traffic will be set to normal priority until you change it The balance of utilizations for each priority is High 60 Normal 30 or Low 10 Protocol The name of supported protocol Source Port The source port of packets to be monitored Destination Port The destination port of p...

Page 111: ...hat identifies an existing rule Protocol The name of supported protocol Source Port The source port of packets to be monitored Destination Port The destination port of packets to be monitored Source IP Address Range The source IP address or IP range of packets to be monitored Destination IP address Range The destination IP address or IP range of packets to be monitored Upstream Rate Limit This fun...

Page 112: ...nt to your router which then needs to deliver all traffic to the private IP addresses used by your PCs Please see the WAN configuration section of this manual for more information on NAT The Internet Assigned Numbers Authority IANA is the central coordinator for the assignment of unique parameter values for Internet protocols Port numbers range from 0 to 65535 but only ports numbers 0 to 1023 are ...

Page 113: ...s a virtual server You can set up a local server with a specific port number for the service to use e g web HTTP port 80 FTP port 21 Telnet port 23 SMTP port 25 or POP3 port 110 When an incoming access request to the router for a specified port is received it will be forwarded to the corresponding internal server For example if you set the port number 80 Web HTTP to be mapped to the IP Address 192...

Page 114: ...on your network For this reason you are advised to use specific Virtual Server entries just for the ports your application requires instead of simply using DMZ or create a Virtual Server entry for All protocols as doing so will result in all connection attempts to your public IP address will access the PC specified If you have disabled the NAT option in the WAN ISP section the Virtual Server funct...

Page 115: ...four items within the Advanced section Static Route Dynamic DNS Checking Email and Device Management Static Routing Click on Routing Table and then choose Create Route add a routing table Destination This is the destination subnet IP address Netmask Subnet mask of the destination IP addresses based on above destination subnet IP Gateway This is the gateway IP address to which packets are to be for...

Page 116: ...blish an account with the Dynamic DNS provider using their website for example http www dyndns org There are more than 5 DDNS services supported Disable Check to disable the Dynamic DNS function Enable Check to enable the Dynamic DNS function The following fields will be activated and required Dynamic DNS Server Select the DDNS service you have established an account with Domain Name Username and ...

Page 117: ...s Emailing checking function The following fields will be activated and required Account Name Enter the name login of the POP3 account you wish to check Normally it is the text in your email address before the symbol If you have trouble with it please contact your ISP Password Enter the account s password POP3 Mail Server Enter your POP mail server name You Internet Service Provider ISP or network...

Page 118: ...eir LAN Management IP Address You may specify an IP address allowed to logon and access the router s web server Setting the IP address to 0 0 0 0 will disable IP address restrictions allowing users to login from any IP address Expire to auto logout Specify a time frame for the system to auto logout the user s configuration session For Example User A changes HTTP port number to 100 specifies their ...

Page 119: ...If this value conflicts with other ports already being used you may wish to change the port SNMP Access Control Software on a PC within the LAN is required in order to utilize this function Simple Network Management Protocol SNMP V1 and V2 Read Community Specify a name to be identified as the Read Community and an IP address This community string will be checked against the string entered in the c...

Page 120: ...andard SNMPv3 is a strong authentication mechanism authorization with fine granularity for remote monitoring Traps supported Cold Start Authentication Failure The following MIBs are supported From RFC 1213 MIB II System group Interfaces group Address Translation group IP group ICMP group TCP group UDP group EGP not applicable Transmission SNMP group From RFC1650 EtherLike MIB dot3Stats From RFC 14...

Page 121: ... pppLqr group From RFC 1472 PPP Security MIB PPP Security Group From RFC 1473 PPP IP MIB PPP IP Group From RFC 1474 PPP Bridge MIB PPP Bridge Group From RFC1573 IfMIB ifMIBObjects Group From RFC1695 atmMIB atmMIBObjects From RFC 1907 SNMPv2 only snmpSetSerialNo OID 115 ...

Page 122: ...it can be customized to specify the display interval value 1 day 3 days 1 week 2 weeks and 1 month to invoke TMSS Security Services during surfing Internet Select Enable to exclude the IP address of user on your LAN from Security Surveying policy Status The router will check latest components available for PC cillin automatically and provide detail client Anti Virus Protection Status which located...

Page 123: ...n version of Trend Micro Internet Security It is free subscription to updated content filter lists for a limited period with 60 day FREE evaluation This function can only be switched on by myGuard 7500GL and only function after activation 60 days free or renew this service by purchasing it online to continue use for a year after the initial free subscription period expires By default Parental Cont...

Page 124: ...ration Exception List Select Enable to exclude the IP address of user on your LAN from Parental Controls policy Statistics In addition to blocking Web sites Parental Controls provide summary information that lets you know how many times users on your network 118 ...

Page 125: ...icro Security Services To activate your Trend Micro Security Service you must have IE 5 5 or above installed After finish the WAN connection setting the following window will be popped up when opening Internet Explorer to surf Internet via myGuard 7500GL first time Click Continue to next step 119 ...

Page 126: ...myGuard 7500GL 802 11g Security ADSL Router Chapter 4 Configuration The service will ask to download the Trend Micro Security Services ActiveX control 120 ...

Page 127: ...ntrol however if you experience issues downloading it modify your Internet Explorer Security Settings to the following refer to the Internet Explorer online help for instructions Setting Choose Download signed ActiveX controls Prompt Script ActiveX control marked safe for scripting Enable Run ActiveX controls and plug ins Enable Download the Trend Micro Security Services AcitveX control for each c...

Page 128: ...downloading You now get 60 day evaluation Security Scan service Just feeling myGuard Security Services by clicking Scan Now And it is free of charge for activating Trend Micro Security Scan service By clicking Scan Now You will be guided to Security Scan tab and security scan will be progressing automatically to scan your computer 122 ...

Page 129: ...myGuard 7500GL 802 11g Security ADSL Router Chapter 4 Configuration Downloading Scanning 123 ...

Page 130: ...rity ADSL Router Chapter 4 Configuration Vulnerability report for computer The detail report is generated and shown up to you Please click Step 2 for seeing detail information of entire Network for example as following figure 124 ...

Page 131: ...xplorer Web browser toolbar Click the security Services link on your Windows Start Menu You may activate Trend Micro Security Services for getting unlimited use by clicking button Activate My Services Also you will get 60 day evaluation version with Virus Scan Personal Firewall Spyware Protection and Parental Controls after activating Another way for activating is On the Trend Micro Security Servi...

Page 132: ...1 35 Package Important you may download it through the Internet or CD folder named Trend Micro Internet Security Software All steps must be completed to fully activate Trend Micro Security Services Available Services Before Activation After Activation Security Scan Vulnerability reports 60 day evaluation version Unlimited use Virus Scan Personal Firewall Spyware Protection Parental Controls Not Av...

Page 133: ...myGuard 7500GL 802 11g Security ADSL Router Chapter 4 Configuration 127 ...

Page 134: ...verify the email address is correct Returning users can use their existing Customer Care Center IDs and click Login Now to quickly update their account to include Trend Micro Security Services Choose the subscriptions to receive Virus Alerts Be informed of virus outbreaks as they happen Weekly Virus Report Learn about viruses that are circulating and infecting systems Product News and Updates Find...

Page 135: ...l address and other information is correct Trend Micro sends a verification email to this address that you must reply to before your services are activated Click Back to make any modifications Click Submit A validation email is sent to the mail address you entered as your user ID 129 ...

Page 136: ...end a validation email to confirm that the email address is correct To validate your email address 1 Open your email client for example Microsoft Outlook Outlook Express and click the validation link in the Trend Micro email to verify your email address 2 On the Trend Micro Security Services Dashboard click Continue Previewing to preview other parts other the Trend Micro Security Services 130 ...

Page 137: ... following In User Name type a user name You must provide a user name to continue installation In Organization type the name of your organization In Serial Key type your serial key If you do not have a serial key you can continue installation and install a 60 day evaluation version If you want to install the trial version an additional screen appears when you click Next giving you the option to in...

Page 138: ...he dashboard main menu click Service Summary View Service Summary to quickly display the following Trend Micro Customer Account information The number of days remaining for trial version software Recent Virus Outbreaks In addition you can Access Online Support Buy Renew evaluation version software Login to your Trend Micro Customer Account or your router Web console 132 ...

Page 139: ...e requested Web site content Parental Controls are included when you install the evaluation version of Trend Micro Internet Security This function can only be switched on by myGurad 7500GL and only function after activation 60 days free or renew this service by purchasing it online to continue use for a year Enabling Parental Controls The Parental Controls function switch is at TMSS Security Servi...

Page 140: ...trols In addition to blocking Web sites Parental Controls provide summary information that lets you know how many times users on your network To view statistics of Parental Controls 1 Open the myGurard 7500GL Web GUI 2 Open the Trend Micro Security Services dashboard click Parental Controls 134 ...

Page 141: ...myGuard 7500GL 802 11g Security ADSL Router Chapter 4 Configuration 135 ...

Page 142: ...ion Save Configuration to Flash After changing the router s configuration settings you must save all of the configuration parameters to FLASH to avoid them being lost after turning off or resetting your router Click Save to write your new configuration to FLASH 136 ...

Page 143: ...ccessing the configuration web pages at a time Once a PC has logged into the web interface other PCs cannot get access until the current PC has logged out of the web interface If the previous PC forgets to logout the second PC can access the page after a user defined period by default 3 minutes You can modify this value using the Advanced Device Management section of the web interface Please see t...

Page 144: ...estore your router to its factory settings by holding the Reset button on the back of your router more than 6 seconds Problems with the WAN Interface Problem Corrective Action Initialization of the PVC connection linesync failed Ensure that the telephone cable is connected properly from the ADSL port to the wall jack The ADSL LED on the front panel of the router should be on Check that your VPI VC...

Page 145: ...m Corrective Action Can t ping any PCs on the LAN Check the Ethernet LEDs on the front panel The LED should be on for a port that has a PC connected If it is off check the cables between your router and the PC Make sure you have uninstalled any software firewall for troubleshooting Verify that the IP address and the subnet mask are consistent between the router and the workstations Problems with t...

Page 146: ...myGuard 7500GL 802 11g Security ADSL Router Chapter 5 Troubleshooting My Parent s Control does not work Check your DNS setting Your router needs the DNS setting to query ASP server for URL rating 140 ...

Page 147: ...shooting chapter please contact the dealer where you purchased this product Contact Billion AUSTRALIA http www billion com au 2004 Billion Electric Co Ltd PC Range P L All Rights Reserved WORLDWIDE http www billion com Mac OS is a registered Trademark of Apple Computer Inc Windows 98 Windows NT Windows 2000 Windows Me and Windows XP are registered Trademarks of Microsoft Corporation Appendix A Pro...

Reviews: