M2M IDG701AM-0T001 User Manual Download | Manualshive

Page: 343 / 400

background image

M2M

Cellular

Gateway

Index

skipping

is

used

to

reserve

slots

for

new

function

insertion,

when

required.

343

Remote

Netmask

255.255.255.0

Remote

Gateway

203.95.80.22

Configuration

Path

[IPSec]

‐

[Authentication]

Key

Management

IKE+X.509

Local

Certificate:

BranchCRT

Remote

Certificate:

HQCRT

Local

ID

User

Name

Network

‐

B

Remote

ID

User

Name

Network

‐

A

Configuration

Path

[IPSec]

‐

[IKE

Phase]

Negotiation

Mode

Main

Mode

X

‐

Auth

None

Scenario

Operation

Procedure

In

above

diagram,

"Gateway

1"

is

the

gateway

of

Network

‐

A

in

headquarters

and

the

subnet

of

its

Intranet

is

10.0.76.0/24.

It

has

the

IP

address

of

10.0.76.2

for

LAN

interface

and

203.95.80.22

for

WAN

‐

1

interface.

"Gateway

2"

is

the

gateway

of

Network

‐

B

in

branch

office

and

the

subnet

of

its

Intranet

is

10.0.75.0/24.

It

has

the

IP

address

of

10.0.75.2

for

LAN

interface

and

118.18.81.33

for

WAN

‐

1

interface.

They

both

serve

as

the

NAT

security

gateways.

Gateway

1

generates

the

root

CA

and

a

local

certificate

(HQCRT)

that

is

signed

by

itself.

Import

the

certificates

of

the

root

CA

and

HQCRT

into

the

"Trusted

CA

Certificate

List"

and

"Trusted

Client

Certificate

List"

of

Gateway

2.

Gateway

2

generates

a

Certificate

Signing

Request

(BranchCSR)

for

its

own

certificate

(BranchCRT)

(Please

generate

one

not

self

‐

signed

certificate

in

the

Gateway

2,

and

click

on

the

"View"

button

for

that

CSR.

Just

downloads

it).

Take

the

CSR

to

be

signed

by

the

root

CA

of

Gateway

1

and

obtain

the

BranchCRT

certificate

(you

need

rename

it).

Import

the

certificate

into

the

"Trusted

Client

Certificate

List"

of

the

Gateway

1

and

the

"Local

Certificate

List"

of

Gateway

2.

Gateway

2

can

establish

an

IPSec

VPN

tunnel

with

"Site

to

Site"

scenario

and

IKE

and

X.509

protocols

to

Gateway

1.

Finally,

the

client

hosts

in

two

subnets

of

10.0.75.0/24

and

10.0.76.0/24

can

communicate

with

each

other.

The

My

Certificates

setting

allows

user

to

create

local

certificate.

Create

local

certificate

Go

to

Advanced

Network

>

Certificate

>

My

Certificates

When

Add

button

is

applied,

Local

Certificate

Configuration

screen

will

appear.

«
...
341
342
343
344
345
...
»

Summary of Contents for IDG701AM-0T001

Page 1: ...M2M Cellular Gateway IDG701AM 0T001 User Manual...

Page 2: ...REMENTS 11 1 6 Hardware Installation 12 1 6 1 Mount the Unit 12 1 6 2 Insert the SIM Card 12 1 6 3 Connecting Power 13 1 6 6 Connecting to the Network or a Host 13 Chapter 2 Getting Started 14 2 1 Wiz...

Page 3: ...Z Pass Through 137 3 b Routing 140 3 b 1 Static Routing 140 3 b 3 Dynamic Routing 145 3 b 5 Routing Information 157 3 d Client Server Proxy 159 3 d 1 DNS DDNS 159 3 d 3 DHCP Server 164 Chapter5 Advanc...

Page 4: ...069 312 5 9 3 SNMP 316 5 9 5 Telnet with CLI 328 5 9 7 UPnP 332 5 b Certificate 336 5 b 1 Configuration 336 5 b 3 My Certificates 339 5 b 5 Trusted Certificates 347 5 b 7 Issue Certificates 354 Chapt...

Page 5: ...M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion when required 5 9 3 Scheduling 391 9 7 Grouping 393 9 9 External Servers 397 9 b MMI 400...

Page 6: ...series product is loaded with luxuriant security features including VPN firewall NAT port forwarding DHCP server and many other powerful features for complex and demanding business and M2M Machine to...

Page 7: ...ackage Contents Standard Package Items Description Contents Quantity 1 IDG701AM 0T001 M2M Cellular Gateway 1pcs 2 Cellular Antenna 2pcs 3 Power Adapter DC 12V 2A 2 1pcs 4 RJ45 Cable 1pcs 5 Console Cab...

Page 8: ...he RESET button provides user with a quick and easy way to resort the default setting Press the RESET button continuously for 6 seconds and then release it The device will restore to factory default s...

Page 9: ...M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion when required 9 Bottom View Left View Power Terminal Block SIM B Slot SIM A Slot...

Page 10: ...ON SIM card A is used SIM B Green Steady ON SIM card B is used LAN 1 LAN 4 Green Steady ON Ethernet connection of LAN is established Flash Data packets are transferred High LTE 3G Signal Green Steady...

Page 11: ...owing Windows Macintosh or Linux based operating system An installed Ethernet adapter Browser Requirements Internet Explorer 6 0 or higher Chrome 2 0 or higher Firefox 3 0 or higher Safari 3 0 or high...

Page 12: ...screw the wall mount kits and DIN rail bracket on the product first 1 6 2 Insert the SIM Card WARNNING BEFORE INSERTING OR CHANGING THE SIM CARD PLEASE MAKE SURE THAT POWER OF THE DEVICE IS SWITCHED O...

Page 13: ...ion It s not for operating at wide temperature range environment PLEASE PREPARE OR PURCHASE OTHER INDUSTRIAL GRADE POWER SUPPLY FOR POWERING UP THE DEVICE 1 6 6 Connecting to the Network or a Host The...

Page 14: ...rd Go to Wizard Network Setup Wizard Step 2 Item Value setting Description Old Password 1 String format any text If you want to change password Enter the current password in this item New Password 1 S...

Page 15: ...Select the time zone for the system clock Detect Again NA Click the Detect Again button to detect the time zone from network Exit NA Click the Exit button to cancel Setup Wizard Back NA Click the Bac...

Page 16: ...ettings Go to Wizard Network Setup Wizard Step 4 WAN interface Step 4 WAN interface Setting Item Value setting Description Physical Interface A Must filled setting Here you specify the Physical Interf...

Page 17: ...onal setting Enter the host name provided by your Service Provider ISP Registered MAC Address An Optional setting Enter the MAC address that you have registered with your service provider Or Click the...

Page 18: ...vider WAN Subnet Mask A Must filled setting Enter the WAN subnet mask given by your Service Provider WAN Gateway A Must filled setting Enter the WAN gateway IP address given by your Service Provider P...

Page 19: ...Password A Must filled setting Enter the PPPoE password provided by your Service Provider Primary DNS A Must filled setting Enter the IP address of Primary DNS server Secondary DNS Optional setting En...

Page 20: ...ven by your Service Provider WAN Subnet Mask A Must filled setting Enter the WAN subnet mask given by your Service Provider WAN Gateway A Must filled setting Enter the WAN gateway IP address given by...

Page 21: ...ven by your Service Provider WAN Subnet Mask A Must filled setting Enter the WAN subnet mask given by your Service Provider WAN Gateway A Must filled setting Enter the WAN gateway IP address given by...

Page 22: ...optional manually WAN IP Address A Must filled setting Enter the WAN IP address given by your Service Provider WAN Subnet Mask A Must filled setting Enter the WAN subnet mask given by your Service Pro...

Page 23: ...rvice Provider VPI Number refers to Virtual Path Identifier Number VCI Number 1 A Must filled setting 2 Default is 33 Enter the VCI provided by your Service Provider VCI Number refers to Virtual Circu...

Page 24: ...our Service Provider WAN Subnet Mask A Must filled setting Enter the WAN subnet mask given by your Service Provider WAN Gateway A Must filled setting Enter the WAN gateway IP address given by your Ser...

Page 25: ...A Must filled setting 2 Default is 33 Enter the VCI provided by your Service Provider VCI Number refers to Virtual Circuit Identifier Number Schedule Type 1 A Must filled setting 2 Default is UBR Def...

Page 26: ...ryption mode for data There two types can be selected LLC refers to Logical Link Control VCMux Virtual Circuit Multiplexing VPI Number A Must filled setting Define the VPI number that connection shoul...

Page 27: ...nal setting Define the IP address of Secondary DNS server Service Name Optional setting Define the PPPoA server name should be used Assigned IP Address Optional setting Define the static IP that the P...

Page 28: ...eo encoding GFR refers to Guaranteed Frame Rate GFR Back N A Click the Back button to go to previous step Next N A Click the Next button to go to next step In Ethernet LAN Interface Step 5 configure t...

Page 29: ...lays the summary of steps for VPN setup Click Next button to begin VPN setup Step 2 Select VPN Type From VPN Type dropdown box choose a VPN method to deploy Click the Next button to go to the next ste...

Page 30: ...sertion when required 30 Step 3 IPSec When IPSec is selected in Step 2 for VPN Type IPSec configuration window will appear When complete the IPSec configuration click Next button a setup summary will...

Page 31: ...ent or server configuration window will appear PPTP Client When PPTP Client is selected in Step 2 for VPN Type PPTP configuration window will appear When complete the PPTP Client configuration click N...

Page 32: ...setting then click the Apply button to complete the setting Step 3 L2TP When L2TP is selected in Step 2 for VPN Type and either L2TP client or server is selected the client or server configuration win...

Page 33: ...ing then click the Apply button to complete the setting L2TP Server When L2TP Server is selected in Step 2 for VPN Type L2TP configuration window will appear When complete the L2TP Server configuratio...

Page 34: ...n insertion when required 34 Step 3 GRE When GRE is selected in Step 2 for VPN Type GRE configuration window will appear When complete the GRE configuration click Next button a setup summary will disp...

Page 35: ...It displays the type of WAN physical interface Depending on the model purchased it can be Ethernet 3G 4G USB 3G 4G WAN Type N A It displays the method which public IP address is obtained from your IS...

Page 36: ...hen DHCP WAN Type is used and WAN connection is connected Connect button allows user to manually connect the device to the Internet Note Connect button is available when Connection Control in WAN Type...

Page 37: ...Basic Network IPv6 Configuration LAN Interface Network Status LAN Interface Network Status screen shows IPv4 and IPv6 information of LAN network LAN Interface Network Status Item Value setting Descri...

Page 38: ...terface Traffic Statistics Item Value setting Description ID N A It displays corresponding WAN interface WAN IDs Interface N A It displays the type of WAN physical interface Depending on the model pur...

Page 39: ...ess assigned by your ISP for your Internet connection Action N A This area provides functional buttons Edit IPv4 Button when press web based utility will take you to the Ethernet LAN configuration pag...

Page 40: ...ns Detail Button when press windows of detail information will appear They are the Modem Information SIM Status and Service Information Refer to next page for more Note Currently USB 3G 4G doesn t sup...

Page 41: ...M card Blocked the SIM card is locked and need PUK code to unlock It is probably due to the device had exceeded the allowed number of times to unlock Refer to PIN Code Remaining Times PIN Code Remaini...

Page 42: ...a Code information in hexadecimal format only available in GSM UMTS networks TAC N A It displays the TAC Tracking Area Code information in hexadecimal format only available in LTE network Cell ID N A...

Page 43: ...work at roaming or at home network It can be Roaming or Not Roaming IMSI N A It displays the IMSI International Mobile Subscriber Identity information which usually is composed of 15 digits SMSC N A I...

Page 44: ...s router Go to Status LAN Client List LAN Client List Item Value setting Description LAN Interface N A Client record of LAN Interface String Format IP Address N A Client record of IP Address Type and...

Page 45: ...to display log history Clicking the Edit button the screen will be switched to the configuration page From the menu on the left select Status Firewall Status Firewall Status Tab Packet Filter Status...

Page 46: ...b Content Filter Status Web Content Filter Status Item Value setting Description Activated Filter Rule N A Logged packet of the rule name String format Detected Contents N A Logged packet of the filte...

Page 47: ...Filters Status Application Filters Status Item Value setting Description Filtered Application Category N A The name of the Application Category being blocked Filtered Application Name N A The name of...

Page 48: ...ing Description Detected Intrusion N A This is the intrusion type of the packets being blocked IP N A The Source IP IPv4 of the logged packet Time N A The Date and Time stamp of the logged packet Date...

Page 49: ...from WAN N A Enable or Disable setting status of Discard Ping from WAN on Firewall Options String Format Disable or Enable Remote Administrator Management N A Enable or Disable setting status of Remo...

Page 50: ...have entered to identify Tunnel Scenario N A It displays the Tunnel Scenario specified Local Subnets N A It displays the Local Subnets specified Remote Subnets N A It displays the Remote Subnets spec...

Page 51: ...Status Item Value setting Description Client Name N A It displays Name for the PPTP Client specified Interface N A It displays the WAN interface with which the gateway will use to request PPTP tunneli...

Page 52: ...e connection Remote IP N A It displays the public IP address the WAN IP address of the connected L2TP client Remote Virtual IP N A It displays the IP address assigned to the connected L2TP client Remo...

Page 53: ...IP FQDN N A It displays the L2TP Server s Public IP address the WAN IP address or FQDN Default Gateway Remote Subnet N A It displays the specified IP address of the gateway device used to connect to...

Page 54: ...MP Link Status screen shows the status of current active SNMP connections SNMP Link Status Item Value setting Description User Name N A It displays the user name for authentication This is only availa...

Page 55: ...vel Time N A It displays the timestamp of trap event Trap Event N A It displays the IP address of the trap sender and event type TR 069 Status The TR 069 Status window shows the current connection sta...

Page 56: ...Physical Interface WAN Internet Setup and WAN Load Balance for Intranet to access Internet For each WAN interface you must specify its physical interface first and then its Internet setup to connect...

Page 57: ...ilable physical interfaces After clicking on the Edit button for the interface in Physical Interface List window the Interface Configuration window will appear to let you configure a WAN interface Phy...

Page 58: ...les They vary from model to model It depends on the model purchased Interface Name The logic name of WAN interfaces is identified by WAN 1 WAN 2 and so on Physical Interface This device is equipped wi...

Page 59: ...You must specify it in the WAN physical interface Please note that only Ethernet and ADSL physical interfaces support the feature Interface Configuration The configuration of a WAN interface includes...

Page 60: ...Cellular Network xDSL Modem Gateway ISP DSLAM ISP DSLAM Gateway Firewall or Ethernet WAN 3G 4G WAN USB 3G 4G WAN ADSL WAN Ethernet WAN The gateway has one or more RJ45 WAN ports that can be configure...

Page 61: ...backup connection will be started up to substitute the primary connection In addition there is a Seamless option for Failover operation mode When seamless option is activated by checking on the Seamle...

Page 62: ...t Always on Data Encryption LLC VPI Number 0 VCI Number 33 Schedule Type UBR Configuration Path Internet Setup 3G 4G WAN Type Configuration Interface Name WAN 2 Dial up Profile Auto detection Connecti...

Page 63: ...lover Failback Seamless Failover Scenario As another example all parameter configuration for WAN 1 and WAN 2 is same as above example except the Seamless box is checked as bellow in red color Configur...

Page 64: ...just Keep Alive Next Failover and Failback processes are shown in following diagram Their steps are S 1 When system discovers the primary WAN connection is failed S 2 System starts the failover proce...

Page 65: ...re It is called as Dual SIM Failover In this Dual SIM Failover there are four kinds of SIM card usage scenarios including SIM A First SIM B First and SIM A Only and SIM B Only By default SIM A First s...

Page 66: ...th SIM A First scenario is shown in the following diagram The steps are Pre state System tries to connect to mobile system for an Internet connection by using connection profile in SIM A for SIM A Fir...

Page 67: ...ce functions normally If you don t know accurate line speed of your subscribed Internet service following are some suggestions High Speed Ethernet WAN Upload 100Mbps Download 100Mbps Gigabit Ethernet...

Page 68: ...r these two WAN interfaces and their scenarios are shown in the following diagram Configuration Path Physical Interface Interface Configuration WAN n n 1 2 Interface Name WAN 1 WAN 2 Physical Interfac...

Page 69: ...ows for each WAN type For the Internet setup of each WAN interface you must specify its WAN type of physical interface first and then its related parameter configuration for that WAN type Internet Set...

Page 70: ...ce their operation mode and WAN connection type There is one Edit button for each WAN interface to let you configure its Internet connection Please see Internet Connection Configuration section beneat...

Page 71: ...You will need to enter in the IP address subnet mask and gateway address provided to you by your ISP Dynamic IP Address WAN type You may choose this WAN type if you connects a cable modem or a fiber V...

Page 72: ...ddress and DNS to you to setup an ADSL Internet connection PPPoE ADSL WAN type Select this option if your ISP requires you to use a PPPoE connection for accessing Internet This option is typically use...

Page 73: ...Time Service Name Assigned IP Address MTU MPPE NAT Network Monitoring IGMP and WAN IP Alias L2TP WAN Type Settings include IP Mode Server IP Name L2TP Account Password Connection Control Maximum Idle...

Page 74: ...id keep alive feature work abnormally enable this option will stop sending keep alive packets when there are continuous incoming and outgoing data packets passing through WAN connection Check Interval...

Page 75: ...of fails Connection Control There are three ways for connection control Auto reconnect Always on Dial on demand and Manually Auto reconnect Always on This gateway will establish Internet connection au...

Page 76: ...lly Following 3 tables list the parameter configuration for these three WAN interfaces Configuration Path Physical Interface Interface Configuration WAN n n 1 2 3 Interface Name WAN 1 WAN 2 WAN 3 Phys...

Page 77: ...Secondary DNS DHCP Servers 10110110001100 01 Request Coming Start Connecting Disconnect when idle timeout Dial on demand Its steps are Pre state After system booting up the WAN connection is disconnec...

Page 78: ...out Manually Its steps are Pre state After system booting up the WAN connection is disconnected S 1 When administrator click on the Connect button on the Network Status configuration window S 2 System...

Page 79: ...Configuration will become available configuration Please be noted that By Smart Weight has not further configuration window Load Balance Configuration The Configuration window is to enable the load ba...

Page 80: ...N interfaces in past period maybe 5 minutes system decides how many sessions will be transferred via each WAN interface for current period of traffic loadings as shown in the following illustration di...

Page 81: ...between its counted transferred bytes and the summary one of all interfaces for next time period S 2 Based on the new ratio that is obtained at S1 system decides how many sessions will be transferred...

Page 82: ...4G ISP for another 11 Mbps WAN connection Administrator fills these both values in the line speed field for both WAN interfaces Please refer to section Basic Network WAN Physical Interface So the def...

Page 83: ...er 33 Schedule Type UBR Configuration Path Internet Setup 3G 4G WAN Type Configuration Interface Name WAN 2 Dial up Profile Auto detection Connection Control Auto reconnect Always on Configuration Pat...

Page 84: ...u configure one user policy for routing dedicated packet flow via one WAN interface They are shown in following diagrams Above example shows that administrator hopes the packet flow whose destination...

Page 85: ...e one in By Priority load balance strategy Configuration Path Load Balance Configuration Load Balance Enable Load Balance Strategy By User Policy Configuration Path Load Balance User Policy Configurat...

Page 86: ...d Balance Strategy A Must filled setting There are three strategy selections By Smart Weight System will automatically adjust traffic loading based on traffic weight of each WAN By Priority System wil...

Page 87: ...el the settings When By User Policy is selected the load balance can be configured for user s preference By User Policy Item Value setting Description Add N A When click Add button it will open the ru...

Page 88: ...e Single IP Traffic to specific IP will follow the rule Domain Name Traffic to the specific domain name will follow the rule Destination Port A Must filled setting There are four options can be select...

Page 89: ...s device supports both Port based VLAN and Tag based VLAN In Port based VLAN all client hosts belong to the same group by transferring data via some physical ports that are tagged with same VLAN ID in...

Page 90: ...1 VAP 8 together for differentiated services like Internet surfing multimedia enjoyment VoIP talking and so on Two operation modes NAT and Bridge can be applied to each VLAN group One DHCP server can...

Page 91: ...as one Ethernet LAN port there will be only one VLAN group for the device Under such situation it still supports both the NAT and Bridge mode for the Port based VLAN configuration Tag based VLAN Taggi...

Page 92: ...o different groups based on VLAN ID Following is an example In a SMB company administrator schemes out 3 segments Lab Meeting Rooms and Office In a Security VPN Gateway administrator can configure Off...

Page 93: ...her VLAN Group Internet Access Administrator can specify members of one VLAN group to be able to access Internet or not Following is an example that VLAN groups of VID is 2 and 3 can access Internet b...

Page 94: ...es of another VLAN group or not This is a communication pair and one VLAN group can join many communication pairs But communication pair doesn t have the transitive property That is A can communicate...

Page 95: ...ots for new function insertion when required 95 LAN VLAN Setting The Ethernet LAN allows user to setup the LAN IP address for device Setting LAN IP address and subnet mask will affect the IP that LAN...

Page 96: ...y The VLAN function allows you to divide local network into different virtual LAN There are Port based and Tag based VLAN types Select one that applies For Port based VLAN Type Go to Basic Network LAN...

Page 97: ...on insertion when required 97 When Add button is applied Port based VLAN Configuration screen will appear which is including 3 sections Port based VLAN Configuration DHCP Server Configuration and IP F...

Page 98: ...t Members configuration when Disable is selected NAT Bridge By default NAT is selected Select NAT mode or Bridge mode for the rule Port Members These box is unchecked by default Select which LAN port...

Page 99: ...IP Address that the DHCP Server leases to a new device By default the lease time is 86400 seconds When your lease expires you must stop using the IP address Domain Name NA It s optional field please...

Page 100: ...ion Item Value setting Description MAC Address A Must filled setting Define the MAC Address target that the DHCP Server wants to filter IP Address A Must filled setting Define the IP Address that the...

Page 101: ...lick on VLAN Group Routing button the VLAN Group Internet Access Definition and Inter VLAN Group Routing screen will appear The screen in the figure shows the default setting Each member in different...

Page 102: ...access each other Our device supports 4 rules for Inter VLAN Group Routing If ID_1 and ID_2 are checked it means members in VLAN ID_1 and VLAN ID_2 are defined as a group member Members of VLAN ID_1 c...

Page 103: ...lular Gateway Index skipping is used to reserve slots for new function insertion when required 103 Create Edit Tag based VLAN Rules When Add button is applied Tag based VLAN Configuration screen will...

Page 104: ...e VLAN ID VAP The box is unchecked by default Define which VAP is part of the VLAN ID Notice that a VAP is only belong to a VLAN ID Disappear VAP if the router doesn t support Wireless function DHCP S...

Page 105: ...his gateway supports various types of IPv6 connection Static IPv6 DHCPv6 PPPoEv6 6to4 6in4 Please contact your ISP the type of IPv6 is supported before you proceed with IPv6 setup Static IPv6 Static I...

Page 106: ...Pv6 default gateway address and IPv6 DNS to client host s automatically PPPoEv6 PPPoEv6 in IPv6 does the same function as PPPoE in IPv4 The PPPoEv6 server provides configuration parameters based on PP...

Page 107: ...y a host it must have a global IPv4 address connected and the host is responsible for encapsulation of outgoing IPv6 packets and decapsulation of incoming 6to4 packets If the host is configured to for...

Page 108: ...e slots for new function insertion when required 108 In above diagram the 6in4 usually needs to register to a 6in4 tunnel service known as Tunnel Broker in order to use It also need end point global I...

Page 109: ...m Value setting Description WAN Connection Type 1 Only can be selected when IPv6 Enable 2 A Must filled setting Define the selected IPv6 WAN Connection Type to establish the IPv6 connectivity Select S...

Page 110: ...ess Primary DNS An optional setting Enter the WAN primary DNS Server Secondary DNS An optional setting Enter the WAN secondary DNS Server MLD Snooping The box is unchecked by default Enable Disable th...

Page 111: ...primary DNS Server Secondary DNS Can not modified by default Enter the WAN secondary DNS Server MLD The box is unchecked by default Enable Disable the MLD Snooping function LAN Configuration LAN Conf...

Page 112: ...ection If you want more information please contact your ISP Connection Control Fixed value The value is Auto reconnect Always on MTU A Must filled setting Enter the MTU for setting up PPPoEv6 connecti...

Page 113: ...nal setting Enter the WAN secondary DNS Server MLD The box is unchecked by default Enable Disable the MLD Snooping function LAN Configuration LAN Configuration Item Value setting Description Global Ad...

Page 114: ...r setting page 6in4 WAN Type Configuration Item Value setting Description Remote IPv4 Address A Must filled setting Filled Server IPv4 Address gotten from tunnelbroker in this field Local IPv4 Address...

Page 115: ...t filled setting Filled Routed 64 gotten from tunnelbroker in this field Link local Address Value auto created Show the link local address for LAN interface of router Then go to Address Auto configura...

Page 116: ...ess to manage the Local Area Network to be SLAAC RDNSS Router Advertisement Lifetime A Must filled setting Enter the Router Advertisement Lifetime in seconds 200 is setted by default Select Stateful t...

Page 117: ...iguration page Normally with global IP address or FQDN of WAN interface in the gateway employees who travel outside the office can access various servers behind the office gateway You can set up those...

Page 118: ...rk It is useful when you run a server inside your network For example if you set a mail server at LAN side your local devices can access this mail server through gateway s global IP address when enabl...

Page 119: ...ver Virtual Computer Virtual Server List ID 1 2 Public Port 25 SMTP 110 POP3 Server IP 10 0 75 101 10 0 75 101 Private Port 25 SMTP 110 POP3 Rule Enable Enable Scenario Operation Procedure In above di...

Page 120: ...unction insertion when required 120 Configuration Item Value setting Description NAT Loopback The box is checked by default Check the Enable box to activate this NAT function Save N A Click the Save b...

Page 121: ...r gateway This device s NAT firewall filters out unrecognized packets to protect your Intranet so all hosts behind this device gateway are invisible to the outside world If you wish you can make some...

Page 122: ...side For example if you set an E mail server on the LAN side with IP address 10 0 75 101 a remote user can access the gateway for E mail service if you defined a virtual E mail server for the gateway...

Page 123: ...virtual server to be located at a server with IP address 10 0 75 101 in the Intranet of Network A including SMTP service port 25 and POP3 service port 110 So the remote user can access the E mail ser...

Page 124: ...A LAN host is assigned with a global IP address to be visible to outside world The host has an embedded FTP file server and is protected by the gateway firewall The gateway acts as the media between...

Page 125: ...as a media between the LAN host and the outside world by using its Virtual Computer feature So remote users can request for file services from the FTP file server even it is existed in a LAN host The...

Page 126: ...cted interface to be the packet entering interface of the router If the packets to be filtered are coming from WAN x then select WAN x for this field Select ALL for packets coming into the router from...

Page 127: ...ify a port number and Private Port can be set a Single Port number Public Port is selected Port Range and specify a port range and Private Port can be selected Single Port or Port Range Apply Time Sch...

Page 128: ...g under System Then check Enable box to enable this rule When User defined is selected It means the option Protocol of packet filter rule is User defined For Protocol Number enter a port number Apply...

Page 129: ...some applications require multiple connections like Internet games Video conferencing Internet telephony etc Because of the firewall function these applications cannot work with a pure NAT router The...

Page 130: ...is applied the Special AP Rule Configuration window will appear to let you define a application rule The parameters include the trigger port the allowed incoming ports the integrated time schedule ru...

Page 131: ...nly at the pre defined schedule Scenario Description Local user runs an application to access the Internet server by a trigger packet with the dedicated destination port Gateway opens more service por...

Page 132: ...ALG feature to allow one SIP phone behind the NAT gateway can call another SIP phone in the Internet even the gateway executes its NAT mechanism between the Intranet and the Internet The NAT gateway...

Page 133: ...33 for WAN interface It serves as a NAT router Configure the NAT gateway with SIP ALG being enabled When the SIP Phone 1 behind the NAT gateway has booted up it will register to the SIP server in the...

Page 134: ...te this NAT function ALG Enable The box is checked by default Check the Enable box to activate this NAT function Save N A Click the Save button to save the setting Undo N A Click Undo to cancel the se...

Page 135: ...g setting under System Then check Rule box to enable this rule When Popular Applications is selected Battle net Port and Incoming Ports will be defined automatically Apply Time Schedule to this rule o...

Page 136: ...same with Incoming Ports Apply Time Schedule to this rule otherwise leave it as Always refer to Scheduling setting under System Then check Rule box to enable this rule When Popular Applications is sel...

Page 137: ...ify the IP address in the Intranet to be DMZ host so that the host under DMZ function can run applications freely that would otherwise blocked by NAT mechanism of the gateway with DMZ feature disabled...

Page 138: ...Description The DMZ host is behind a NAT gateway and receives all normal and active packets from the Internet Remote user can access the DMZ host by using the IP address of the gateway and the gatewa...

Page 139: ...e DMZ and Pass Through Enable Go to Basic Network NAT Bridging DMZ tab Configuration Item Value setting Description DMZ 1 A Must filled setting 2 Default is ALL Check the Enable box to activate this N...

Page 140: ...tables record the obtained routing paths from neighbor routers by using some protocols such as RIP OSPF and BGP It is dynamic routing These both routing approaches will be illustrated one after one 3...

Page 141: ...ll static routing rule enteries There also be one Add button at the Static Routing Rule List caption that can let you add one new static routing rule While the Edit button at the end of each static ro...

Page 142: ...ing Rule List ID 1 2 Destination IP 173 194 72 94 188 125 73 108 Subnet Mask 255 255 255 255 255 255 255 255 Gateway 118 18 81 1 203 95 80 1 Metric 255 255 Rule Enable Enable Scenario Operation Proced...

Page 143: ...heir office setting Go to Basic Network Routing Static Routing Tab Static Routing Tab Item Value setting Description Enable Static Routing function The box is unchecked by default Check the Enable box...

Page 144: ...Interface Auto is set by default The Interface of this static routing rule Metric 1 Numberic String Format 2 A Must filled setting The Metric of this static routing rule Enabling the rule The box is...

Page 145: ...e In the Dynamic Routing page there are seven configuration windows for dynamic routing feature They are the RIP Configuration window OSPF Configuration window OSPF Area List OSPF Area Configuration B...

Page 146: ...ting protocols are described as follows RIP Scenario The Routing Information Protocol RIP is one of the oldest distance vector routing protocols which employs the hop count as a routing metric RIP pre...

Page 147: ...gle routing domain such as an autonomous system It gathers link state information from available routers and constructs a topology map of the network The topology is presented as a routing table to th...

Page 148: ...rio Application Timing When the administrator of the gateway wants to deploy one OSPF gateway in a large enterprise and expects the gateway to learn its routing table by using OSPF protocol from the e...

Page 149: ...r OSPF gateways in the enterprise backbone And then it forwards the routing information to the routers in its dominated areas Finally the routers in the dominated areas of the OSPF Gateway know the sh...

Page 150: ...eighbor ID and neighbor activation by an Enable box Following diagram is an example for the scenario Scenario Application Timing Most Internet service providers ISPs must use BGP to establish routing...

Page 151: ...able Self ID 100 Configuration Path Dynamic Routing BGP Neighbor List ID 1 2 3 4 Neighbor IP 10 101 0 1 10 102 0 1 10 103 0 1 10 104 0 1 Neighbor ID 101 102 103 104 Neighbor Enable Enable Enable Enabl...

Page 152: ...Enable Dynamic Routing function The box is unchecked by default Check the Enable box to activate this function The RIP configuration setting allows user to customize RIP protocol through the router ba...

Page 153: ...ne will disable Authentication on OSPF protocol Select Text will enable Text Authentication with entered the Key in this field on OSPF protocol Select MD5 will enable MD5 Authentication with entered t...

Page 154: ...24 2 A Must filled setting The Area Subnet of this router on OSPF Area List Area ID 1 IPv4 Format 2 A Must filled setting The Area ID of this router on OSPF Area List Area Enable The box is unchecked...

Page 155: ...router allows you to custom your BGP Network rules It supports up to a maximum of 32 rule sets When Add button is applied BGP Network Rule Configuration screen will appear Item Value setting Descripti...

Page 156: ...em Value setting Description Neighbor IP 1 IPv4 Format 2 A Must filled setting The Neighbor IP of this router on BGP Neighbor List Remote ASN 1 Numberic String Format 2 A Must filled setting The Remot...

Page 157: ...sic Network Routing Routing Information Tab Item Value setting Description Destination IP N A Routing record of Destination IP IPv4 Format Subnet Mask N A Routing record of Subnet Mask IPv4 Format Gat...

Page 158: ...Index skipping is used to reserve slots for new function insertion when required 158 Destination Port N A Policy Routing of Destination Port String Format WAN Interface N A Policy Routing of WAN Inte...

Page 159: ...server on a changing IP address you have to use dynamic domain name service DDNS Therefore anyone wishing to reach your host only needs to know the domain name Dynamic DNS will map the name of your ho...

Page 160: ...automatically re maps your domain name with the changed IP address So other hosts in the Internet world will be able to link to your gateway by using your domain name regardless of the changing globa...

Page 161: ...ing between the domain name and the obtained WAN IP address of the gateway The DDNS server broadcasts the mapping to other DNS servers for DNS hosting service in the Internet world So other hosts in t...

Page 162: ...String format can be any text 2 A Must filled setting Enter a domain name that mapping the IP Address IP Address 1 IPv4 format 2 A Must filled setting Enter a IP Address that mapping the Domain Name E...

Page 163: ...set by default Selected the WAN Interface IP Address of the router Provider DynDNS org Dynamic is set by default Your DDNS provider of Dynamic DNS Host Name 1 String format can be any text 2 A Must f...

Page 164: ...r whose LAN IP Address is the same one of gateway LAN interface with its default Subnet Mask setting as 255 255 255 0 and its default IP Pool ranges is from 100 to 200 as shown at the DHCP Server List...

Page 165: ...can assign fixed IP address to map the specific client MAC address by select them then copy when targets were already existed in the DHCP Client List or to add some other Mapping Rules by manually in...

Page 166: ...When Add button is applied DHCP Server Configuration screen will appear DHCP Server Configuration Item Value setting Description DHCP Server Name 1 String format can be any text 2 A Must filled setti...

Page 167: ...at The Secondary WINS of this DHCP Server Gateway IPv4 format The Gateway of this DHCP Server Enabling the Server The box is unchecked by default Click Enable box to activate this Server Save NA Click...

Page 168: ...he Save button to save the configuration Undo N A Click the Undo button to restore what you just configured back to the previous setting Please note that the restored setting may not be the factory de...

Page 169: ...Firewall check box will activate all firewall functions The firewall configuration allows user to enable or disable all functions including Packet Filters URL Blocking Web Content Filters MAC Control...

Page 170: ...ry In addition log alerting can be enabled through an Enable checkbox to log events Second the Packet Filter Rule List window lists all your defined packet filtering rule entry At last the Packet Filt...

Page 171: ...dy existed the Packet Filter Rule Configuration window shows up for you to configure The parameters in a rule include the rule name the from and to which interface the packet enters and leaves the sou...

Page 172: ...t those match the following rules Configuration Path Packet Filters Packet Filter Rule List ID 1 2 Rule Name Access 80 Access 443 Source IP IP Range 10 0 75 200 10 0 75 250 IP Range 10 0 75 200 10 0 7...

Page 173: ...lt Check the Enable box to activate Packet Filter function Black List White List Filter Method Selection Deny those match the following rules is set by default When Deny those match the following rule...

Page 174: ...format can be any text 2 A Must filled setting Enter a packet filter rule name Enter a name that is easy for you to remember From Interface A Must filled setting Define the selected interface to be th...

Page 175: ...Must filled setting This field is to specify the Destination IP address Select Any to filter packets that are entering to any IP addresses Select Specific IP Address to filter packets entering to an I...

Page 176: ...port dropdown box when Well known Service is selected otherwise select User defined Service and specify a port range Then for Destination Port select a predefined port dropdown box when Well known Se...

Page 177: ...ned URL blocking rule entry in the black list or in the exclusion of the white list In URL Blocking page there are three configuration windows They are the Configuration window URL Blocking Rule List...

Page 178: ...eb requests listed in the rule will be allowed if one pattern in the requests matches to one rule Other Web requests will be blocked URL Blocking Rule List The URL Blocking Rule List shows the setup p...

Page 179: ...through the gateway he can use the URL Blocking function by defining the white list to carry out to meet the requirement It is contrasting to above diagram Scenario Description Web requests with dedic...

Page 180: ...wo URL blocking rules for the gateway Create one rule to deny the Web requests with sex or sexygirl patterns and the other to deny the Web requests with playboy pattern to go through the gateway Syste...

Page 181: ...function When the user attempts to open a blocked http URL by the web browser it will redirect to a warning page Create Edit Filter Rules The router supports up to a maximum of 20 URL blocking rule s...

Page 182: ...group by the Add Rule shortcut button Setting done through the Add Rule button will also appear in the Host grouping setting screen URL Domain Name Keyword A Must filled setting Specify URL Domain Na...

Page 183: ...an let you activate the Web content filtering function Some popular script types like Java Applet Java Scripts cookies and Active X are in the window and you can check their boxes to enable the gatewa...

Page 184: ...e or edit one existed rule the Web Content Filter Configuration window will appear when you click on the Add or Edit button to configure The parameters in a rule include the rule name the defined file...

Page 185: ...le Scenario Operation Procedure In above diagram the Gateway is the gateway of Network A and the subnet of its Intranet is 10 0 75 0 24 The gateway has the IP address of 10 0 75 2 for LAN interface 11...

Page 186: ...s filter function as the name suggests this pattern matching rule define as the packet with the keyword js class jar jsp java jse jcm jtk or jad Check the ActiveX box to activate this filter function...

Page 187: ...MAC A Must filled setting This field is to specify the Source MAC address Select Any to filter packets coming from any MAC addresses Select Specific MAC Address to filter packets coming from a MAC add...

Page 188: ...In MAC Control page there are three configuration windows for MAC control function They are the Configuration window MAC Control Rule List window and MAC Control Rule Configuration window The Configur...

Page 189: ...ules to belong to the white list The client hosts listed in the rule in the Intranet will be allowed for the connection to the gateway if their MAC addresses match to one rule Other client hosts can t...

Page 190: ...only the client hosts with dedicated MAC addresses to connect to the gateway he can use the MAC Control function by defining the white list to carry out to meet the requirement It is contrasting to a...

Page 191: ...the IP address of 10 0 75 2 for LAN interface 118 18 81 33 for WAN 1 interface It serves as a NAT router Enable the MAC control function and specify the MAC Control Rule List is a black list and confi...

Page 192: ...In contrast with Allow MAC Address Below you can specifically white list the packets to pass and the rest will be blocked Log Alert The box is unchecked by default Check the Enable box to activate to...

Page 193: ...mat 2 A Must fill setting Specify the Source MAC Address to filter rule Time Schedule A Must fill setting Apply Time Schedule to this rule otherwise leave it as Always If the dropdown list is empty en...

Page 194: ...tion can categorize Internet Protocol packets based on their application layer data and allow or deny their passing of gateway It supports the application filters for various Internet chat software P2...

Page 195: ...ter Enable Log Alert Enable Configuration Path Application Filters Application Filter List Rule Name Rule 1 Source IP IP Range 192 168 123 200 192 168 123 250 P2P Software BT BitTorrent BitSpirit BitC...

Page 196: ...box is unchecked by default Check the Enable box to activate this filter function Log Alert The box is unchecked by default Check the Enable box to activate Event Log Create Edit Filter Rules The rou...

Page 197: ...ld is to specify the Source IP address Select Any to filter packets coming from any IP addresses Select Specific IP Address to filter packets coming from an IP address entered in this field Select IP...

Page 198: ...nt on this rule P2P Software All boxes are unchecked by default Check the boxes to activate the application filter functions you want on this rule Proxy All boxes are unchecked by default Check the bo...

Page 199: ...it You can enable the IPS function and check the listed intrusion activities when needed There are some intrusion prevention items need a further Threshold parameter to work properly for intrusion det...

Page 200: ...io Description The gateway serves as an E mail server Web Server and open TCP Port 8080 allowing user to access web based utility of Gateway so remote users or unknown users can request those services...

Page 201: ...etting allows user to customize intrusion prevention rules to prevent malicious packets Enabling IPS Firewall Go to Advanced Network Firewall IPS Tab Enabling IPS Firewall Item Value setting Descripti...

Page 202: ...M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion when required 202...

Page 203: ...ic threshold in this field Port Scan Defection 1 A Must filled setting 2 The box is unchecked by default 3 traffic threshold is set to 200 by default 4 The value range can be from 10 to 10000 Click En...

Page 204: ...ard Ping from WAN makes any host on the WAN side can t ping this product It means this device won t reply any ICMP packet from Internet Remote Administrator Hosts enables only the LAN users to browse...

Page 205: ...ables list the parameter configuration as an example for the gateway in above diagram with SPI enabling Configuration Path Options Firewall Options SPI Enable Scenario Operation Procedure In above dia...

Page 206: ...local users surf the internet Following tables list the parameter configuration as an example for the gateway in above diagram Configuration Path Options Firewall Options Discard Ping from WAN Enable...

Page 207: ...ns Item Value setting Description Enable Stealth mode function The box is unchecked by default Check the Enable box to activate Stealth Mode function Enable SPI function The box is checked by default...

Page 208: ...mote access Select Any IP to allow any remote hosts Select Specific IP to allow the remote host coming from a specific subnet An IP address entered in this field and a selected Subnet Mask to compose...

Page 209: ...to incoming packets QoS determines which queue the packets enter based on priority This is useful when there are certain types of data you want to give higher priority to such as voice packets given h...

Page 210: ...ortant parameters for the QoS BWM function Incorrect information will result in poor bandwidth utilization System Resource Configuration The gateway system needs to know some system resource status fo...

Page 211: ...rce It is also related to default banwidth of WANs WAN Interface By default WAN 1 is selected Select WAN 1 and then the following will show setting function that you can configure WAN 1 is available o...

Page 212: ...figuration window can let you activate the Rule based QoS function In addition you can also enable the Flexible Bandwidth Management FBM feature for better utilization of system bandwidth by FBM algor...

Page 213: ...stem resource to be distributed the corresponding control function for your specified resource the packet flow direction the sharing method for the control function the integrated time schedule rule a...

Page 214: ...P 500 RTSP TCP 554 POP3s TCP 995 NetMeeting 1720 L2TP UDP 1701 and PPTP TCP 1723 Available Control Functions There are 4 resources can be applied in a QoS rule bandwidth connection sessions priority q...

Page 215: ...4 CS4 to AF Class2 High Drop for incoming packets from some client hosts in the Intranet Parameter Setup Example Following tables list the parameter configuration as an example for the gateway in abo...

Page 216: ...r of the gateway wants to limit the connection sessions from some client hosts IP 10 0 75 16 31 to 20000 sessions totally for accessing the Internet he can use the Rule based QoS function to carry out...

Page 217: ...the limitation of the maximum 20000 connection sessions totally at any time The Rule Based QoS allows user to configure QoS and bandwidth to set the limitation of total bandwidth of each WAN connecti...

Page 218: ...o or leaving from WAN 1 WAN 1 is available only when WAN 1 interface is enabled The same applies to other WAN interfaces i e WAN 2 Group A Must filled setting This field is to specify the Group of the...

Page 219: ...e and the protocol could be TCP UDP Both protocol for these ports Select Well known Service to filter packets entering to or leaving from a well known service list Resource_1 for Group Src MAC Address...

Page 220: ...oup When Both is selected It means the option QoS Direction of rule based QoS Rule is both Time Schedule A Must filled setting Apply Time Schedule to this rule otherwise leave it as Always refer to Sc...

Page 221: ...hen Outbound is selected It means the option QoS Direction of rule based QoS Rule is outbound Outbound means the Group option is a source group When Inbound is selected It means the option QoS Directi...

Page 222: ...p Control Time Schedule A Must filled setting Apply Time Schedule to this rule otherwise leave it as Always refer to Scheduling setting under System Enabling the rule Click Enable box to activate this...

Page 223: ...s priority queues In Control Function when Set Priority is selected It means the option Control Function of rule based QoS Rule is set priority You must fill the priority queue number in the textbox E...

Page 224: ...both Time Schedule A Must filled setting Apply Time Schedule to this rule otherwise leave it as Always refer to Scheduling setting under System Enabling the rule Click Enable box to activate this rule...

Page 225: ...d QoS Rule is connection sessions In Control Function when Set Session Limitation is selected It means the option Control Function of rule based QoS Rule is set session limitation You must fill the se...

Page 226: ...S Rule is both Time Schedule A Must filled setting Apply Time Schedule to this rule otherwise leave it as Always refer to Scheduling setting under System Enabling the rule Click Enable box to activate...

Page 227: ...ction insertion when required 227 Time Schedule A Must filled setting Apply Time Schedule to this rule otherwise leave it as Always refer to Scheduling setting under System Enabling the rule Click Ena...

Page 228: ...e by establishing a virtual point to point connection through the use of dedicated connections encryption or a combination of the two The tunnel technology supports data confidentiality data origin au...

Page 229: ...s The VPN configuration allows user to enable or disable all the VPN functions of the gateway device The VPN enables check box must be checked to enable to allow IPSec PPTP L2TP and GRE to function VP...

Page 230: ...d negotiates IKE SAs Security Association to set up a secure channel for negotiating IPSec SAs in phase 2 At IPSec phase IKE negotiates IPSec SA parameters and sets up matching IPSec SAs in the peers...

Page 231: ...dow shows the maximum number of concurrent IPSec VPN tunnels that are running in system Tunnel List Status The Tunnel List shows the setup parameters of all IPSec VPN tunnels and their connection stat...

Page 232: ...y gateways have their own subnet and the Site to Site tunnel scenario is used Site means a subnet of client hosts Scenario Description Both Initiator and Responder of IPSec tunnel must have a Static I...

Page 233: ...guration Path IPSec IKE Phase Negotiation Mode Main Mode X Auth None For Network B at Branch Office Following 5 tables list the parameter configuration for above example diagram of IPSec VPN tunnel in...

Page 234: ...Negotiation Mode Main Mode X Auth None Scenario Operation Procedure In above diagram Network A is in the headquarters and the subnet of its Intranet is 10 0 76 0 24 The security gateway for Network A...

Page 235: ...ccess the enterprise operation systems to access office resources from outside the Dynamic VPN connection can be setup up to meet the requirement These mobile employees are carrying with their noteboo...

Page 236: ...Operation Mode Always on Configuration Path IPSec Local Remote Configuration Local Subnet 10 0 76 0 Local Netmask 255 255 255 0 Configuration Path IPSec Authentication Key Management IKE Pre shared K...

Page 237: ...eep alive item Configuration Path IPSec Authentication Key Management IKE Pre shared Key 12345678 Local ID User Name Network B Configuration Path IPSec IKE Phase Negotiation Mode Main Mode X Auth None...

Page 238: ...ng scenario example When Full Tunnel function of remote Business Security Gateway is enabled all data traffic from remote clients behind remote Business Security Gateway will go over the VPN tunnel Th...

Page 239: ...rough the established VPN tunnel between both sites including the HQ resource accessing and regular Internet accessing Scenario Description Both Initiator and Responder of IPSec tunnel must have a Sta...

Page 240: ...None For Network B at Branch Office Following 5 tables list the parameter configuration for above example diagram of IPSec VPN tunnel in Network B Use default value for those parameters that are not...

Page 241: ...s 10 0 76 0 24 The security gateway for Network A has the IP address of 10 0 76 2 for LAN interface and 203 95 80 22 for WAN interface However Network B is in the branch office and the subnet of its I...

Page 242: ...ck the Enable box to enable IPSec function NetBIOS over IPSec Unchecked by default Click the Enable box to enable NetBIOS over IPSec function NAT Traversal Unchecked by default Click the Enable box to...

Page 243: ...M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion when required 243 When Add Edit button is applied a series of configuration screen will appear...

Page 244: ...operates in transport mode Hub and Spoke 1 An optional setting 2 None is set by default Select from the dropdown box to setup your gateway for Hub and Spoke IPsec VPN Deployments Select None if your...

Page 245: ...available for Dynamic VPN specified in Tunnel Scenario Encapsulation Protocol 1 A Must fill setting 2 ESP is selected by default Select the Encapsulation Protocol from the dropdown box for this IPSec...

Page 246: ...the Remote Subnet IP address and Subnet Mask Click the Add or Delete button to add or delete Remote Subnet setting Remote Gateway 1 A Must fill setting 2 Format can be a ipv4 address or FQDN Specify...

Page 247: ...st fill setting 2 v1 is selected by default Specify the IKE version for this IPSec tunnel Select v1 or v2 Note IKE versions will not be available when Dynamic VPN option in Tunnel Scenario is selected...

Page 248: ...IKE Proposal Definition A Must fill setting Specify the Phase 1 Encryption method AES auto AES128 AES192 AES256 DES 3DES Specify the Authentication method None MD5 SHA1 SHA2 256 SHA2 512 Specify the...

Page 249: ...save the settings Undo N A Click Undo button to cancel the settings Back N A Click Back button to return to the previous page Manual Key Management This section describes parameters available for conf...

Page 250: ...is easy for you to identify Interface 1 A Must fill setting 2 WAN 1 is selected by default Select WAN interface on which IPSec is to be established Tunnel Scenario 1 A Must fill setting 2 Site to sit...

Page 251: ...Failover and Load Balance functions are not available for Dynamic VPN specified in Tunnel Scenario Encapsulation Protocol 1 A Must fill setting 2 ESP is selected by default Select the Encapsulation P...

Page 252: ...ow Item Value setting Description Outbound SPI Hexadecimal format Specify the Outbound SPI for this IPSec tunnel Inbound SPI Hexadecimal format Specify the Inbound SPI for this IPSec tunnel Encryption...

Page 253: ...M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion when required 253 Back N A Click Back button to return to the previous page...

Page 254: ...y levels and remote access levels comparable with typical VPN products Deploy a security gateway for local office and establish a virtual private network with the remote gateway of another office by u...

Page 255: ...window is to enable the PPTP VPN function by checking the Enable box In the Client Server field of the Configuration window choose either Server or Client Choose Server to define the gateway as the P...

Page 256: ...he used user name remote IP address the obtained virtual IP address and call ID of all PPTP clients User Account List User Account List lists your defined user accounts that can be accepted by the PPT...

Page 257: ...et of Network A at headquarters via this established PPTP tunnel Usually these hosts at PPTP client peer access the Internet directly via the WAN interface of Security Gateway 2 Only the packets whose...

Page 258: ...of its Intranet is 10 0 76 0 24 The security gateway for Network A has the IP address of 10 0 76 2 for LAN interface and 203 95 80 22 for WAN interface It serves as a PPTP server However Network B is...

Page 259: ...bnet Authentication Protocol MPPE Encryption NAT before Tunneling LCP Echo Type and tunnel activation Please be noted the Default Gateway Remote Subnet configuration item There are two options Default...

Page 260: ...work A at headquarters via this established PPTP tunnel Usually these hosts at PPTP client peer access the Internet directly via the WAN interface of Security Gateway 2 Only the packets whose destinat...

Page 261: ...PPTP 1 Interface WAN 1 Remote IP FQDN 203 95 80 22 User Name User 1 Password 1234 Default Gateway Remote Subnet Default Gateway Authentication Protocol MS CHAP MPPE Encryption Enable Tunnel Enable Sc...

Page 262: ...user to create and configure PPTP tunnels Before you proceed ensure that the VPN is enabled and saved To enable VPN go to Advanced Network VPN Configuration tab Enabling PPTP Go to Advanced Network VP...

Page 263: ...virtual DHCP server for the PPTP clients Clients will be assigned a virtual IP address from it after the PPTP tunnel has been established IP Pool Starting Address 1 A Must fill setting 2 Default is 10...

Page 264: ...cancel the settings PPTP Server Status Window Item Value setting Description PPTP Server Status N A It displays the User Name Remote IP Remote Virtual IP Remote Call ID of the connected PPTP clients...

Page 265: ...Setting Window Item Value setting Description PPTP Client Unchecked by default Check the Enable box to enable PPTP client role of the gateway Save N A Click Save button to save the settings Undo N A...

Page 266: ...to balance traffic loads For more details on WAN Load Balance refer to Load Balance Usage in this manual On gateway s web based utility go to Basic Network WAN Load Balance tab Remote IP FQDN 1 A Mus...

Page 267: ...hecked by default 2 an optional setting Check the Enable box to enable NAT function for this PPTP tunnel LCP Echo Type Auto is set by default Specify the LCP Echo Type for this PPTP tunnel Auto User d...

Page 268: ...L2TP tunneling So all client hosts behind local security gateway can make data communication with others behind remote gateway Or when you are a mobile user with your notebook or carrying along a sec...

Page 269: ...nt Choose Server to define the gateway as the L2TP VPN server for remote clients to initiate the connection to establish VPN tunnels Or choose Client to create multiple L2TP VPN clients to establish V...

Page 270: ...cluding the used user name remote IP address the obtained virtual IP address and call ID of all L2TP clients User Account List User Account List lists your defined user accounts that can be accepted b...

Page 271: ...2TP Server must have a Static IP or a FQDN and maintain a Client list account password The Client may be a mobile user or mobile site and requesting the L2TP tunnel connection with its account passwor...

Page 272: ...ork A at HQ in a secured link L2TP VPN Client Scenario When you want the security gateway to play a L2TP client role check the Enable box and choose Client option in the L2TP Configuration window And...

Page 273: ...of any packets from the L2TP client peer Certainly those packets come through the L2TP VPN tunnel Scenario Application Timing Above diagram illustrates the Security Gateway 2 or the mobile device pla...

Page 274: ...password L2TP protocol is used for establishing a L2TP VPN tunnel The L2TP Client s Default Gateway Remote Subnet setting determines how the Internet traffic from L2TP client site is handled The L2TP...

Page 275: ...ount to dial in the L2TP server at HQ for establishing a L2TP VPN tunnel So both Intranets of 10 0 75 0 24 and 10 0 76 0 24 can securely communicate each other Finally the client hosts in the Intranet...

Page 276: ...ected Client Set as a L2TP client and jump to client configuration page L2TP Server The box is unchecked by default When click the Enable box It will active L2TP server L2TP over IPSec The box is unch...

Page 277: ...ion which be choose Note_1 If Enable box is be clock Authentication Protocol PAP CHAP will be available Service Port A Must filled setting Specify the Service Port which L2TP server use Save N A Click...

Page 278: ...on will appear L2TP Client Configuration Item Setting Value setting Description L2TP Client The box is unchecked by default When click the Enable box It will activate L2TP Client Save N A Click the Sa...

Page 279: ...address or FQDN Remote LNS Port A Must filled setting Specify the Remote LNS Port for this L2TP tunnel Fill in the value for LNS port Username A Must filled setting Specify the Username for this L2TP...

Page 280: ...LCP Echo Type A Must filled setting Specify the LCP Echo Type for this L2TP tunnel Select Auto Auto setting the Interval and Max Failure Time Selected User defined Fill in the Interval and Max Failur...

Page 281: ...ters supports the GRE tunneling function Then local security gateway can establish a GRE VPN tunnel with remote gateway in headquarters Client hosts in these both Intranets of branch office and headqu...

Page 282: ...a GRE tunnel between the gateway in headquarters and the one in branch office as an example fo following description GRE Tunnel at HQ Peer Scenario Application Timing Above diagram illustrates the se...

Page 283: ...N 1 Operation Mode Always on Tunnel IP 203 95 80 22 Remote IP 118 18 81 33 Key 1234 TTL 255 Default Gateway Remote Subnet Remote Subnet 10 0 75 0 24 Tunnel Enable Scenario Operation Procedure In above...

Page 284: ...ackets are delivered via the GRE tunnel as shown in the diagram by configuring the GRE tunnel is the default gateway at GRE client peer the Internet accessing packets will be also sent to the Security...

Page 285: ...teway for Network A has the IP address of 10 0 76 2 for LAN interface and 203 95 80 22 for WAN interface It serves as a GRE server However Network B is in the branch office and the subnet of its Intra...

Page 286: ...ing Description GRE Unchecked by default Click the Enable box to enable GRE function Max Concurrent GRE Tunnels 1 32 is set by default 2 Max of 32 connections It specifies the maximum number of simult...

Page 287: ...el Note If this GRE is a failover tunneling you will need to select a primary GRE tunnel from which to failover to Load Balance Define whether the GRE tunnel connection will take part in load balance...

Page 288: ...0 0 2 24 DMVPN Spoke Unchecked by default Specify whether the gateway will support DMVPN Spoke for this GRE tunnel Check Enable box to enable DMVPN Spoke GRE Pre shared Key 1 Unchecked by default 2 Pr...

Page 289: ...e for every client using signature and Certificate authority It uses the OpenSSL encryption library extensively as well as the SSLv3 TLSv1 protocol and contains many security and control features Depl...

Page 290: ...gateway can either take OpenVPN Server role or OpenVPN Client role or they both Define and choose either one role for your router in the Configuration window and configure all required parameters bene...

Page 291: ...r Scenario When you want the security gateway to play an OpenVPN server role check the Enable box and choose Server option in the OpenVPN Configuration window And make its related configuration in fol...

Page 292: ...enVPN tunnel Usually these hosts at OpenVPN client peer access the Internet directly via the WAN interface of Security Gateway 2 Only the packets whose destination is in the dedicated subnet to Networ...

Page 293: ...aqRMQ3MlNB7AgEC END DH PARAMETERS PS Security Gateway 1 is the role of RootCA and trusted CA IP Pool Starting Address 10 0 76 100 IP Pool Ending Address 10 0 76 150 Gateway 10 0 76 253 Netmask 255 255...

Page 294: ...penVPN Client Configuration window can let you enable the OpenVPN client function by checking the Enable box OpenVPN Client List OpenVPN Client List window shows your defined OpenVPN clients and their...

Page 295: ...quarters via this established OpenVPN tunnel Moreover these hosts at OpenVPN client peer access the Internet directly via the WAN interface of Security Gateway 1 As shown in the diagram by configuring...

Page 296: ...ert RootCA Client Cert Remote crt Encryption Cipher Blowfish Hash Algorithm SHA 1 Scenario Operation Procedure In above diagram Network A is in the headquarters and the subnet of its Intranet is 10 0...

Page 297: ...VPN Configuration Tab Enable OpenVPN and select which server or client you want Item Value setting Description OpenVPN The box is unchecked by default Check the Enable box to activate this OpenVPN fun...

Page 298: ...which to be Select TCP UDP for OpenVPN Server which to be Select TCP for OpenVPN Server which to be The OpenVPN will use TCP protocol and Port will be set 443 automatically Select UDP for OpenVPN Ser...

Page 299: ...cal Endpoint IP Address Note_1 Local Endpoint IP Address will be available only when Static Key is be chose in Authorization Mode Remote Endpoint IP Address A Must filled setting Specify the Remote En...

Page 300: ...Device and DHCP Proxy Mode is unchecked Note_2 Netmask will be available when TUN is be chose in Tunnel Device Encryption Cipher By default Blowfish is selected Specify the Encryption Cipher Selected...

Page 301: ...By default Adaptive is selected Specify the OpenVPN server LZO Compression TLS Auth Key String format any text Specify the OpenVPN server TLS Auth Key Note_1 TLS Auth Key will be available only when...

Page 302: ...rver Tunnel UDP MSS Fix Note_1 Tunnel UDP MSS Fix will be available only when UDP is be chose in Protocol CCD Dir Default File String format any text Specify the OpenVPN server CCD Dir Default File Cl...

Page 303: ...el Device A Must filled setting By default TUN is selected Specify the Tunnel Device for the OpenVPN Client to use Select TUN for OpenVPN Client which to be The OpenVPN will use TUN tunnel device Sele...

Page 304: ...Key Note_1 Static Key will be available only when Static Key is be chose in Authorization Mode Encryption Cipher By default Blowfish is selected Specify the Encryption Cipher Selected the Blowfish AE...

Page 305: ...M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion when required 305...

Page 306: ...enVPN client User Name Password Optional String format any text Specify the OpenVPN client Password NAT The box is unchecked by default Specify the OpenVPN client NAT Bridge TAP to By default VLAN1 is...

Page 307: ...n The box is unchecked by default Specify the OpenVPN client nsCertType Verification Redirect Internet Traffic The box is checked by default Specify the OpenVPN client Redirect Internet Traffic TLS Re...

Page 308: ...r or switch fails This increases the availability and reliability of routing paths via automatic default gateway selections on an IP network The protocol achieves this by creation of virtual routers w...

Page 309: ...s a reliable connection to the Internet administrator can setup a group of VRRP redundant gateways as the enterprise entry gateway Each member gateway connects to different ISP for a redundant connect...

Page 310: ...3 Virtual Server IP Address 10 0 75 200 Scenario Operation Procedure In above diagram the Master Gateway and the Backup Gateway are the redundant gateway group of Network A and the subnet of its Intra...

Page 311: ...ng Format 2 A Must filled setting Define the Virtual Server ID on VRRP of the router The value range is from 1 to 255 Priority of Virtual Server 1 Numberic String Format 2 A Must filled setting Define...

Page 312: ...s gateway device As a bidirectional SOAP HTTP based protocol it provides the communication between customer premises equipment CPE and Auto Configuration Servers ACS The Security Gateway is such CPE T...

Page 313: ...rver to manage remote gateways geographically distributed elsewhere in the world the gateways in all branch offices must have an embedded TR 069 agent to communicate with the ACS server So that the AC...

Page 314: ...ernet The Gateway 1 is one of them and has 118 18 81 33 IP address for its WAN 1 interface When all remote gateways have booted up they will try to connect to the ACS server Once the connections are e...

Page 315: ...manager provide ACS password and manually set ConnectionRequest Port A Must filled setting You can ask ACS manager provide ACS ConnectionRequest Port and manually set ConnectionRequest Username A Mus...

Page 316: ...odifying and applying a new configuration through remote modification of these variables The variables accessible via SNMP are organized in hierarchies These hierarchies and other metadata such as typ...

Page 317: ...indow provides 5 records of user privacy definition for user authentication and data hashing and encryption In SNMPv3 SNMP protocol supports user privacy feature additionally By referring to above set...

Page 318: ...te NMS to manage some devices whose WAN interfaces are connected together by using a switch or a router with UDP forwarding If you want to manage some devices and they all have supported SNMP protocol...

Page 319: ...NoPriv Privacy Key 12345678 Disable Disable Authority Read Write Read Read Enable Enable Enable Enable Scenario Operation Procedure In above diagram the NMS server can manage multiple devices in the I...

Page 320: ...e Configuration are enabled and saved Go to Advanced Network System Management SNMP SNMP Item Value setting Description SNMP Enable 1 The LAN box is checked by default Select the interface for the SNM...

Page 321: ...NMP Port You can fill in any port number But you must ensure the port number is not to be used Save N A Click Save to save the settings Undo N A Click Undo to cancel the settings Create Edit Multiple...

Page 322: ...configuration But it does not apply to SNMP functions When you return to the SNMP main page It will show Click on save button to apply your changes remind user to click main page Save button Undo N A...

Page 323: ...ion protocols for this version 3 user Selected the encryption protocols DES AES to use Privacy Mode 1 noAuthNoPriv is selected by default Specify the Privacy Mode for this version 3 user Selected the...

Page 324: ...our changes remind user to click main page Save button Undo N A Click Undo to cancel the settings Back N A Click the Back button to return the last page Create Edit Trap Event Receiver The SNMP allows...

Page 325: ...ceiver Rule Configuration Item Value setting Description Server IP 1 A Must filled setting 2 String format any Ipv4 address Specify the trap Server IP The DUT will send trap to the server IP Server Po...

Page 326: ...led setting 2 String format any text When your Privacy Mode is authNoPriv or authPriv you must specify the Password for this version 3 trap The minimum length of the password is 8 The maximum length o...

Page 327: ...ions When you return to the SNMP main page It will show Click on save button to apply your changes remind user to click main page Save button Undo N A Click Undo to cancel the settings Back N A Click...

Page 328: ...e means of interacting with a computer program where the user or client issues commands to the program in the form of successive lines of text command lines The interface is usually implemented with a...

Page 329: ...e Telnet with CLI function to do that by using Telnet or SSH utility Scenario Description The Local Admin or the Remote Admin can manage the Gateway by using Telnet or SSH utility with privileged user...

Page 330: ...Network A and the subnet of its Intranet is 10 0 75 0 24 It has the IP address of 10 0 75 2 for LAN interface and 118 18 81 33 for WAN 1 interface It serves as a NAT gateway The Local Admin in the Int...

Page 331: ...le box to activate this WAN LAN function Connection Type The Telnet Enable box is checked by default By default Service Port is 23 The SSH Enable box is unchecked by default By default Service Port is...

Page 332: ...s using peer to peer networks multiplayer gaming and remote assistance programs need a way to communicate through home and business gateways Without IGD one has to manually configure the gateway to al...

Page 333: ...ually the active port service attempt to access the gateway from the Internet will be ignored by the gateway for security Normal NAT mechanism has the connection tracking feature to direct the respons...

Page 334: ...the gaming server can send data to the station actively via those service ports At first stage the gaming server sends an active accessing for service port 1000 to the NAT Gateway the gateway ignores...

Page 335: ...lots for new function insertion when required 335 UPnP Configuration Item Name Value Setting Description UPnP Default checked Check to enable UPnP functionality Save N A Click the Save button to save...

Page 336: ...es customers to issue certificates for them In a web of trust scheme the signer is either the key s owner a self signed certificate or other users endorsements whom the person examining the certificat...

Page 337: ...set identifier in the signature algorithm identifier of certificates Subject Name A Must filled setting This field is to specify the information of certificate Country C is the two letter ISO code for...

Page 338: ...box is unchecked by default Check the Enable box to activate SCEP function Automatically re enroll aging certificates The box is unchecked by default When SCEP Enable is checked Check the Enable box t...

Page 339: ...Certificates function The Root CA window can let you generate or delete the certificate of root CA Root CA Configuration window can let you fill required information necessary for generating the root...

Page 340: ...a certificate if the Self signed box is checked otherwise it is a CSR Self signed Certificate Usage Scenario Scenario Application Timing When the enterprise gateway owns the root CA and VPN tunneling...

Page 341: ...tion example must be combined with the ones in following two sections to complete the whole user scenario Use default value for those parameters that are not mentioned in the tables Configuration Path...

Page 342: ...agram The configuration example must be combined with the ones in following two sections to complete the whole user scenario Use default value for those parameters that are not mentioned in the tables...

Page 343: ...erates the root CA and a local certificate HQCRT that is signed by itself Import the certificates of the root CA and HQCRT into the Trusted CA Certificate List and Trusted Client Certificate List of G...

Page 344: ...Digest Algorithm to set identifier in the signature algorithm identifier of certificates Subject Name A Must filled setting This field is to specify the information of certificate Country C is the two...

Page 345: ...ld be generated in External Server Refer to System External Servers External Servers You may click Add Object button to generate Select CA Certificate to choice which certificate could be accepted by...

Page 346: ...illed setting It could select a certificate file from user s computer for importing to DUT PEM Encoded 1 String format can be any text 2 A Must filled setting It could input the certificate pem encode...

Page 347: ...Trusted CA Certificate Import from a PEM window that can let you copy the contents of dedicated CA certificate and paste them in the window to be a trusted one for the gateway Similarly the Trusted Cl...

Page 348: ...dition you can delete used ones by checking the Select box of those certificates and clicking on the Delete button The View button allows you to view the contents of the dedicated certificate and down...

Page 349: ...t CA of the Gateway 1 sign it to be the BranchCRT certificate Import the certificate into the Gateway 2 as a local certificate In addition also imports the certificates of the root CA of Gateway 1 int...

Page 350: ...e described in My Certificates section In above diagram the Gateway 1 is the gateway of Network A in headquarters and the subnet of its Intranet is 10 0 76 0 24 It has the IP address of 10 0 76 2 for...

Page 351: ...s applied Trusted CA import screen will appear Trusted Certificates Item Value setting Description Import A Must filled setting It could select a CA certificate file from user s computer for importing...

Page 352: ...ant to connect It could be generated in External Server Refer to System External Servers External Servers You may click Add Object button to generate CA Identifier 1 String format can be any text CA I...

Page 353: ...t A Must filled setting It could select a certificate file from user s computer for importing to DUT PEM Encoded 1 String format can be any text 2 A Must filled setting It could input the certificate...

Page 354: ...generates the certificate based on the dedicated CSR by clicking on the Sign button in the window Certainly only the gateway be the root CA and it can sign the requests to certify Another approach to...

Page 355: ...om a PEM Copy the contents of one CSR in PEM format to this window and use Sign button to generate corresponding certificate based on the pasted CSR contents The Signed Certificate View window will di...

Page 356: ...oot CA of Gateway 1 Gateway 2 creates a CSR BranchCSR to let the root CA of the Gateway 1 sign it to be the BranchCRT certificate Import the certificate into the Gateway 2 as a local certificate In ad...

Page 357: ...NAT security gateways Gateway 1 generates the root CA and a local certificate HQCRT that is signed by itself Import the certificates of the root CA and HQCRT into the Trusted CA Certificate List and T...

Page 358: ...lue setting Description Certificate Signing Request CSR Import from a File A Must filled setting It could select a certificate signing request file from user s computer for importing to DUT Certificat...

Page 359: ...essaging service component of phone Web or mobile communication systems It uses standardized communications protocols to allow fixed line or mobile phone devices to exchange short text messages 13 SMS...

Page 360: ...ages to another mobile phone set message forwarding by email and message forwarding by syslog By using the third window Alter Rule Configuration you can define an altering rule for SMS messages At las...

Page 361: ...send read SMS from SIM card SMS Summary Item Value setting Description Unread SMS N A If SIM card insert to router first time unread SMS value is zero When received the new SMS but didn t read this v...

Page 362: ...ceivers to send SMS User need to add the semicolon and compose multiple receivers that can group send SMS Text Message N A Write the SMS context to send SMS The router supports up to a maximum of 1023...

Page 363: ...n appears Refresh N A Refresh the SMS Inbox List Delete N A Delete the SMS for all checked box from Action Close N A Close the Detail SMS Message screen 7 1 3 USSD Usage Unstructured Supplementary Ser...

Page 364: ...Add button in the window can let you add one new USSD profile and define the command for the profile in the third window the USSD Profile Configuration When you want to start the activation of an USSD...

Page 365: ...in Taiwan Scenario Description An USSD session can be established from the voice Vo3G Gateway to ask for services that are provided by ISP Parameter Setup Example Following tables list the parameter...

Page 366: ...elect the roaming setting profile and the USSD Command field shows 135 Click on the Send button to send out the USSD request via the gateway and the recevied response will appear at USSD Response line...

Page 367: ...in USSD Command N A The USSD command that user can key in Comments N A The Comments is this profile comment USSD Request When send the USSD command the USSD Response screen will appear When click the...

Page 368: ...ge there are two windows for the Network Scan function The Configuration window can let you select which 3G 4G module physical interface is used to perform Network Scan and system will show the curren...

Page 369: ...Band List setting Band List All box is checked by default The Band List s options depend on module and user need to select option at least one for all network type Scan Approach The box is Auto by def...

Page 370: ...tion or to reboot the system In addition gateway can also send SMS notification messages automatically to users for alert events Moreover only the assigned person with connection key can link with the...

Page 371: ...to enable gateway to execute corresponding actions and make responses once selected events happened At last the sixth window is Access Control Configuration window Administrator can enable the access...

Page 372: ...th Remote Management Event Configuration Managing Event List Enable Configuration Path Remote Management Managing Event List ID 1 Event Reboot Device Enable Configuration Path Remote Management Access...

Page 373: ...es or links within the login page In addition to whitelisting the URLs of web hosts some gateways can whitelist TCP ports The MAC address of attached clients can also be set to bypass the login proces...

Page 374: ...to configure Captive Portal function back in this page to specific WAN Interface select external Authentication Server and UAM Server from the pre defined external server object list Internal Captive...

Page 375: ...strator of gateway can create user accounts for users in the System User Management for user authentication Then the scenario is adequate to be adopted in the situation Scenario Description Client hos...

Page 376: ...Server Embedded Database Scenario Operation Procedure In above diagram the Gateway serves as the gateway integrating with internal captive portal function and an embedded user account database There...

Page 377: ...nt host and allows its incoming Internet access requests Each account has its own lease time and it will not be reused for authentication once the lease time has run out The client host with that acco...

Page 378: ...er Not all machines with internal options some machine only have external options When External is selected there is no Customize login page and user must specify Uam Server and Authentication Server...

Page 379: ...ernal radius server can be added by pressing AddObject button directly or added in System External Servers External Servers tab Uam Server A Must filled setting This field is to specify the uam server...

Page 380: ...ty login password to access gateway Go to System System Related Change Password tab Change Password Item Value Setting Description Old Password String any text Enter the current password to enable you...

Page 381: ...escription WAN Type N A It displays WAN Type of WAN 1 Interface Internet connection configured Display Time N A It displays current system time System Status System Status screen contains various even...

Page 382: ...analysis View Email Log History Item Value setting Description View button N A Click on the View button to view Log History in Web Log List Window Email Now button N A Click on the Email Now button to...

Page 383: ...rator to select the type of event to log and be displayed in the Web Log List Window as described in the previous section Click on the View button to view Log History in the Web Log List window Web Lo...

Page 384: ...r the recipient s Email account Separate Email accounts with comma or semicolon Enter the Email account in the format of myemail domain com Subject String any text Enter an Email subject that is easy...

Page 385: ...alue Setting Description Enable Default unchecked Check Enable box to enable sending event logs to syslog server Server Select from menu Select one syslog server from the Server dropdown box to sent e...

Page 386: ...Add Object Button N A Click on the Add Object button a popup window will appear Add a syslog server You may also add a syslog server from External Servers under System System External Server External...

Page 387: ...ever log file reaching size set in the following filed Split file Size Default 200 KB Set file size to split log file Log type category Default unchecked Check which type of logs to send System Attack...

Page 388: ...ed It means that if the current output file reaches the specific size it will open a new file to save packets User can change File Size and Unit when Enable is checked Packet Interfaces Optional setti...

Page 389: ...filter packets based on the rules The rules below can be set when Enable is checked Source MACs Optional setting Define the filter rule with Source MACs which means the source MAC address of packets...

Page 390: ...the filter rule with Destination MACs which means the destination MAC address of packets Packets which match rules will be captured Multiple input is accepted but it must be seperated by e g AA BB CC...

Page 391: ...ules 9 3 Scheduling Scheduling provides ability of adding deleting time schedule rules which can be applied to other functionality Go to System Scheduling Schedule Settings Button description Item Val...

Page 392: ...vate activate the function been applied to in the time period below Time Period Definition Item Value Setting Description Week Day Select from menu Select everyday or one of weekday Start Time Time fo...

Page 393: ...Grouping Host Grouping Tab When Add button is applied Host Group Configuration screen will appear Host Group Configuration Item Value setting Description Group Name 1 String format can be any text 2...

Page 394: ...to the group in this field Key the member in the blank and press the Join button to add Each time can be add only one member Group The box is unchecked by default Enable the group that can be used in...

Page 395: ...i mov mpeg mpg mp4 rm wmv 3gp 3gpp 3gpp2 and 3g2 When Audio is selected there are total eleven file extension names about audio can be added Include aac au mp3 m4a m4p ogg ra ram vox wav and wma When...

Page 396: ...can be used in firewall service L7 Application to Join A Must filled setting Define the member type of group There are four member types can be selected When Chat is selected there are total four Cha...

Page 397: ...format can be any text 2 A Must filled setting Enter a server name Enter a name that is easy for you to understand Server IP FQDN A Must filled setting This field is to specify the external server IP...

Page 398: ...String format any text Authentication Protocol By default CHAP is selected Session Timeout By default 1 The values must be between 1 and 60 Idle Timeout By default 1 The values must be between 1 and...

Page 399: ...xt Location Name String format any text Then check Enable box to add this server TACACS Server A Must filled setting When TACACS Server is selected it means the option External Servers is set TACACS S...

Page 400: ...administrator when the idle time has elapsed The setting allows administrator to enable automatic logout and set the logout idle time When the Time out is disabled the system will not logout the admi...

Reviews:

No comments

Related manuals for IDG701AM-0T001

PathBuilder S200 Series

Brand: 3Com Pages: 31

OfficeConnect 3C855

Brand: 3Com Pages: 3

OfficeConnect 3C855

Brand: 3Com Pages: 4

Brand: IntesisBox Pages: 63

Brand: Planet Pages: 57

VGW VIRTUAL GATEWAY

Brand: Juniper Pages: 6

Brand: Juniper Pages: 3

Brand: Dinstar Pages: 100

Brand: AVM Pages: 12

Dream Machine Pro UDM-Pro

Brand: Ubiquiti Pages: 27

Brand: Wildix Pages: 14

Brand: Innovision Pages: 9

Brand: ActionTec Pages: 127

Brand: HOOC Pages: 2

Brand: Redlion Pages: 8

Brand: Watts Pages: 140

Brand: Telstra Pages: 86

Brand: Arris Pages: 51

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands