manualshive.com logo in svg

Patton BODi rS 1000 Series, User Manual

Share
Download
Patton BODi rS 1000 Series User Manual Download Page 56

Configuring IPsec VPN Settings

56

BODi rS BD1000 User Manual 

4 • Configuring the WAN

Configuring IPsec VPN Settings

The BD1000 IPsec VPN functionality securely connects one or more branch offices to your company's main
headquarters or to other branches. The data, voice or video communications between these locations are thus
kept safe and confidential across the public Internet.

The IPsec VPN of the BD1000 is especially designed for a multi-WAN environment. For instance, a user sets
up multiple IPsec profiles for his multi- WAN1 ~ WAN3 environment, if WAN1 is connected and its health
check returns as good, the IPsec traffic will go through this link. However, should unforeseen problems (e.g.
physically unplugged or ISP problems) arise and cause WAN1 to go down, our IPsec implementation will
make use of WAN2 and WAN3 accordingly, as failover purposes.

Setting Up an IPsec VPN Connection

To configure IPsec VPN settings for the BD1000, click on 

Network > IPsec VPN 

in the Web Admin Inter-

face. The 

BD1000 IPsec VPN 

page displays: 

Figure 32. Network > IPsec VPN Profiles

Note

All LAN subnets and subnets behind the LAN must be unique.  Oth-
erwise, the VPN members will not be able to access each other.

All data can be routed over the VPN with a selected encryprion standard: 3DES, AES-128, and AES-256.

The NAT-Traversal option should be enabled if your system is behind a NAT router. Click the 

New Profile

button to create new IPsec VPN profiles that make VPN connections to remote BD1000, Cisco or Juniper
Routers via the available WAN connections. To edit any of the profiles, click on its associated connection
name in the far left column.The 

IPsec VPN Profile 

configuration page displays (

Figure 33

 on page 57).

Summary of Contents for BODi rS 1000 Series

Page 1: ...anual Sales Office 1 301 975 1000 Technical Support 1 301 975 1007 E mail support patton com WWW www patton com Part Number 07MBD1000 UM Rev A Revised November 28 2012 This is a Class A device and is...

Page 2: ...ctronics warrants all BODi rS components to be free from defects and will at our option repair or replace the product should it fail within one year from the first date of the shipment This warranty i...

Page 3: ...e WAN 59 6 Configuring Inbound Access NAT Mappings 69 7 Configuring Quality of Service 95 8 Configuring Firewall Settings 100 9 Configuring Miscellaneous Services 107 10 Managing System Settings 117 1...

Page 4: ...anel 23 Front Panel 23 LCD Display Menu 24 2 Installing the BODi rS 25 Planning the Installation 26 Setting Up the Network 26 Constructing the Network 26 Configuring the Network Environment 27 Connect...

Page 5: ...53 WAN Connection Priority Settings 53 Managing Link Failure Detection Settings 54 Configuring a NAT Router Behind the BD1000 for VPN Connections 55 Viewing the WAN Bonding Status 55 Configuring IPsec...

Page 6: ...guring NAT Mappings 93 7 Configuring Quality of Service 95 Introduction 96 Managing User Groups 96 Setting Up Bandwidth Control 97 Configuring Applications 98 Application Prioritization 98 Prioritizat...

Page 7: ...stem Configuration Files 130 Restore Configuration to Factory Settings 130 Downloading Active Configurations 130 Uploading Configurations 130 Uploading Configurations from High Availability Pair 130 R...

Page 8: ...ations RMAs 145 Warranty coverage 145 Out of warranty service 146 Returns for credit 146 Return for credit policy 146 RMA numbers 146 Shipping instructions 146 A Compliance Information 147 Compliance...

Page 9: ...ess throughout a Session 154 Scenario 154 Solution 154 Settings 154 Bypassing the Firewall to Access Hosts on LAN 155 Scenario 155 Solution 155 Inbound Access Restriction 155 Scenario 155 Solution 155...

Page 10: ...AN Settings Mobile Internet Connection 43 24 Network WAN Physical Interfaces 45 25 Network WAN Details Other Health Check Settings 47 26 Network WAN Details Bandwidth Allowance Monitor 48 27 Network W...

Page 11: ...t Wizard 4 92 75 Network NAT Mappings 93 76 NAT Mappings Add NAT Rule 93 77 Network QoS User Groups 96 78 Network QoS Bandwidth Control 97 79 Network QoS Application Prioritization 98 80 Network QoS C...

Page 12: ...System SNMPv3 User 128 107 System Configuration 130 108 System Reboot 131 109 System Tools Ping Test 131 110 System Tools Traceroute Test 132 111 Status Device 134 112 Status Active Sessions 135 113...

Page 13: ...VPN WAN Connection Priority Settings 53 23 Site to Site VPN Link Failure Detection 54 24 IPsec VPN New Connection Settings 57 25 Outbound Policy Options 60 26 Outbound Policy Custom Rule Settings 62...

Page 14: ...BODi rS BD1000 User Manual 44 System SNMP Settings 127 45 System SNMP Community Settings 128 46 System SNMP Community Settings 128 47 System Reporting Server Settings 129 48 Status System Information...

Page 15: ...Chapter 7 on page 95 provides information about configuring Quality of Service QoS settings Chapter 8 on page 100 provides information about setting up the firewall for BODi rS Chapter 9 on page 107...

Page 16: ...alls attention to important information The alert symbol and CAUTION heading indicate a potential haz ard Strictly follow the instructions to avoid property damage The shock hazard symbol and CAUTION...

Page 17: ...h ground For DC powered devices ensure that the interconnecting cables are rated for proper voltage current anticipated temperature flammability and mechanical serviceability WAN LAN PSTN ports connec...

Page 18: ...tes a cross reference hyperlink that points to a figure graphic table or sec tion heading Clicking on the hyperlink jumps you to the reference When you have finished reviewing the reference click on t...

Page 19: ...19 Chapter 1 General Information Chapter contents BODi rS BD1000 Overview 20 Network Features 20 BODi rS BD1000 Panels 23 Rear Panel 23 Front Panel 23 LCD Display Menu 24...

Page 20: ...PPPoE Static IP Address 10 100 Mbps Connection in Full Half Duplex USB Mobile Connection Network Address Translation NAT Port Address Translation PAT Inbound and Outbound NAT mapping Multiple static I...

Page 21: ...on per TCP UDP service Persistent routing for specified source and or destination IP addresses per TCP UDP service Prioritize and route traffic to VPN tunnels with Priority and Enforced algorithms WLA...

Page 22: ...grades configuration backups Ping and Traceroute via Web Admin Interface Remote web based configuration via WAN and LAN interfaces Time server synchronization SNMP Email notification Read only user fo...

Page 23: ...ower source System has a power connection LAN WAN Right LED ORANGE GREEN OFF 1000 Mbps 100 Mbps 10 Mbps LAN WAN Left LED ON FLASHING OFF Port is connected without traffic Transferring data Port is not...

Page 24: ...em Uptime CPU Load LAN Status IP Address Subnet Mask Shows firmware version Shows serial number Shows current time Shows system uptime since last reboot Shows current CPU loading 0 100 Shows LAN port...

Page 25: ...ion 26 Setting Up the Network 26 Constructing the Network 26 Configuring the Network Environment 27 Connecting the BODi rS Interfaces 27 Connecting the Ethernet Interfaces 27 Connecting the USB Interf...

Page 26: ...3 0 or above Apple Safari 3 1 1 or above and Google Chrome 2 0 or above Setting Up the Network Constructing the Network At the high level construct the network according to the following steps 1 With...

Page 27: ...es refer to Chapter 3 Configuring LAN WAN Interfaces on page 32 Connecting the BODi rS Interfaces Connecting the Ethernet Interfaces The BODi rS includes one LAN Ethernet port and five Gigabit Etherne...

Page 28: ...page The Web Admin Interface Dashboard shows the current WAN LAN WLAN settings and statuses The Dashboard enables you to change the priority of the WAN connections and switch the Wi Fi AP connec tions...

Page 29: ...On the next screen select Yes if you want to set up Drop in mode in the Setup Wizard Figure 6 Setup Wizard Drop in Mode 3 Click on the appropriate check box es to select the WAN connection s to be co...

Page 30: ...d PPPoE 6 If Mobile Internet Connection is checked Setup Wizard will move on to Operator settings Figure 10 Setup Wizard Mobile Internet Operator Settings 7 If Custom Mobile Operator Settings is selec...

Page 31: ...y all time zone options Figure 13 Setup Wizard Time Zone 10 Check the following screen to make sure all settings have been configured correctly and then click Save Settings to confirm Figure 14 Setup...

Page 32: ...6 WINS Server Settings 36 DNS Proxy Settings 36 Configuring Drop in Mode 37 Configuring the WAN Interface 39 Connection Methods 40 DHCP Settings 40 Static IP Settings 41 PPPoE Settings 42 Mobile Inter...

Page 33: ...on page 39 Configuring the LAN Interface This section describes configuring the basic settings and Wi Fi AP settings for the LAN using the BD1000 Web Admin Interface Basic Settings To configure basic...

Page 34: ...ot to advertise the speed to the peer by selecting the Advertise Speed checkbox Table 5 LAN Drop in Mode Settings Field Description Enable Check the box to enable the Drop in Mode feature Drop in Mode...

Page 35: ...INS Servers setting Therefore all PC clients in the VPN can resolve the NetBIOS names of other clients in remote peers If enabled you can view a list of WINS clients by clicking Status WINS Clients Ex...

Page 36: ...le 9 LAN DNS Proxy Settings Field Description Enable Check the box to enable the DNS Proxy feature DNS Caching Enables DNS Caching on the built in DNS proxy server When enabled queried DNS replies wil...

Page 37: ...and selecting the WAN for Drop in mode various settings including the WAN s connection method and IP address will be automatically updated When Drop in Mode is enabled the LAN and the WAN for Drop in...

Page 38: ...ter the IP address of the WAN1 router in the WAN Default Gateway field Ensure that the BD1000 IP subnet is the same as the Firewall s WAN port and the Router s LAN port 3 If there are hosts other than...

Page 39: ...oup are selected the WAN connection is treated as a backup connection and is used only in the absence of available Always on WAN connection s and higher priority backup connection s Default recommende...

Page 40: ...uted through this connection Each ISP may provide a set of DNS servers for DNS lookups Selecting Obtain DNS server address automatically allows the WAN DHCP Server to assign the DNS Servers used for o...

Page 41: ...typically provides this information Subnet Mask Specifies the subnet mask for the IP address The ISP typically provides this information Default Gateway Specifies the default gateway to connect to th...

Page 42: ...ce Name Specifies the Service Name The ISP typically provides this information Note Leave this field blank unless it is provided by your ISP DNS Servers Specifies the DNS Domain Name System Servers to...

Page 43: ...remain connected or to disconnect when this WAN connection is no longer in the highest priority and has entered the standby state When Remain connected is chosen upon bringing up this WAN connection...

Page 44: ...splays the modem s electronic serial number ESN SIM Card IMSI Displays the International Mobile Subscriber Identity IMSI associ ated with the SIM inside the mobile modem Network Type Specifies the pre...

Page 45: ...The auto detection will run each time the WAN connection establishes MSS Configures the maximum payload size that the local system can han dle The MSS Maximum Segment Size is computed from the MTU min...

Page 46: ...dered up if PING responses are received from either one or both of the PING Hosts The Ping Hosts field specifies the IP addresses or hostnames to test with the ICMP PING method for connectivity If you...

Page 47: ...ds for ping DNS lookup requests Default 5 seconds Health Check Interval Specifies the time interval in seconds between ping or DNS lookup requests Default 5 seconds Health Check Retries Specifies the...

Page 48: ...Monitor option Select the box to enable and configure Bandwidth Allowance settings Figure 26 Network WAN Details Bandwidth Allowance Monitor Table 19 WAN Bandwidth Allowance Monitor Method Descriptio...

Page 49: ...namic DNS ser vice provider are required A dynamic DNS update is performed whenever a WAN s IP address changes e g IP is changed after a DHCP IP refresh reconnection etc Due to dynamic DNS service pro...

Page 50: ...AN Bonding Profile 52 VPN Settings 53 WAN Connection Priority Settings 53 Managing Link Failure Detection Settings 54 Configuring a NAT Router Behind the BD1000 for VPN Connections 55 Viewing the WAN...

Page 51: ...will be utilized to establish the VPN tunnel and all traffic will be load bal anced at packet level across all links VPN Bandwidth Bonding is enabled by default Note You can define firewall rules to c...

Page 52: ...bnet and subnets behind the LAN defined in the Static Route Settings on page 36 will be advertised to the VPN All VPN members branch offices and headquarters will be able to route to the local subnets...

Page 53: ...y used for this particular VPN connection The VPN connection s session key will be further protected by the pre shared key The connection will be up only if the pre shared keys on each side match Peer...

Page 54: ...d Note The BD1000 Site to Site VPN feature uses TCP and UDP port 32015 for establishing VPN connections If you have a firewall in front of the devices you will need to add firewall rules for these por...

Page 55: ...tions on Router A and all of the WAN connections on Router B are using NAT In this case the Peer IP Addresses Host Names field in Router B should be filled with all of the Router A s host names or pub...

Page 56: ...to go down our IPsec implementation will make use of WAN2 and WAN3 accordingly as failover purposes Setting Up an IPsec VPN Connection To configure IPsec VPN settings for the BD1000 click on Network...

Page 57: ...e peer s public IP address For Aggressive Mode this is optional Local Networks Enter the local LAN subnets here If you have defined static routes they will be shown here too Remote Networks Enter the...

Page 58: ...ode only one selection is permitted Phase 1 DH Group This is the Diffie Hellman group used within IKE This allows two parties to establish a shared secret over an insecure communications channel The l...

Page 59: ...e Outbound Policy 60 Creating Custom Rules for the Outbound Policy 61 New Custom Rule Settings 62 Algorithm Weighted Balance 63 Algorithm Persistence 63 Algorithm Enforced 65 Algorithm Priority 65 Alg...

Page 60: ...gh Application Compatibility Select this policy to route outbound traffic from a source LAN device through the same WAN connection regardless of the des tination IP address and protocol This option pr...

Page 61: ...om of the table You may edit this rule to change the device s default method of controlling outbound traffic for all connections as long as it does not match any of the rules above it in the table Dra...

Page 62: ...e drop down menu for the Protocol Selection Tool to choose a common protocol Algorithm Specifies the behavior of the BD1000 for the custom rule Available options Weighted Balance see Algorithm Weighte...

Page 63: ...and other secure websites for security reasons terminate the session when the client computer s Internet IP address changes during the session In general different Internet IP addresses represent diff...

Page 64: ...page see Configuring the WAN Interface on page 39 Alternatively select Custom to manually set the weight of each WAN using the sliders Table 27 Persistence Algorithm Persistence Mode Options Mode Desc...

Page 65: ...Outbound traffic can be enforced to go through a specified Site to Site VPN connection Algorithm Priority The Priority Algorithm specifies the priority of the WAN connections to be utilized to route t...

Page 66: ...ify the order of WAN connections to be used for routing traffic Only the highest prior ity healthy connection that is not in full load will be utilized Algorithm Least Used Figure 41 Outbound Policy C...

Page 67: ...uter of each WAN connection to determine its latency value The latency of a WAN is the packet round trip time of the WAN connection Additional network usage may be incurred as a result The round trip...

Page 68: ...cial rule Site to Site VPN Routes is available in the Custom Rules table This option represents all Site to Site VPN routes learned from remote VPN peers By default this bar is on the top of all custo...

Page 69: ...73 Inbound Access Services 74 UPnP NAT PMP Settings 77 DNS Records 77 SOA Records 80 NS Records 81 MX Records 81 CNAME Records 82 A Records 82 PTR Records 84 TXT Records 84 SRV Records 85 Domain Dele...

Page 70: ...es By the custom definition of servers and services for inbound access Internet users can access the servers behind the BD1000 Advanced configurations allow inbound access to be distributed among mult...

Page 71: ...ick the Add Service button and the following window displays Figure 45 Network Inbound Access Port Forwarding Add Service Table 28 Port Forwarding Service New Service Settings Field Description Enable...

Page 72: ...or example with IP Protocol set to TCP and Port set to Single Port and Service Port 80 TCP traffic received on Port 80 is forwarded to the configured servers via Port 80 Port Range Traffic that is rec...

Page 73: ...d port number When more than one server is defined requests will be distributed to the servers in the weight ratio specified for each server Figure 46 Network Inbound Access Servers To define a new se...

Page 74: ...Inbound Access New Service Table 29 Inbound Access Services New Service Settings Field Description Enable Specifies whether the inbound service rule takes effect Select Yes for the inbound service rul...

Page 75: ...the servers speci fied by the Servers setting For example with IP Protocol set to TCP and Port set to Single Port and Service Port 80 TCP traffic received on Port 80 is forwarded to the configured ser...

Page 76: ...ic that is distributed to a server is proportional to the weight value assigned to the server relative to the total weight Example With the following weight settings on a BD1000 demo_server_1 10 demo_...

Page 77: ...he built in DNS Server functionality of the BD1000 facilitates inbound load balancing With the presence of the functionality NS SOA DNS records for a domain name can be delegated to Internet IP addres...

Page 78: ...SOA NS record for all Domain Names For configuration details refer to SOA Records on page 80 For defining a default SOA record the field Name Server IP Address is optional If left blank the Address A...

Page 79: ...NAME A TXT and SRV records Seven tables are presented in this page for defining the five types of records Figure 52 Network Inbound Access DNS Settings Refer to the following sections for information...

Page 80: ...ss optional This is the IP address of the authoritative name server If the Balance is the authoritative name server of the domain this field s value should be the WAN connection s name server IP addre...

Page 81: ...be a non FQDN Fully Qualified Domain Name Please be sure that a corresponding A record is created Click the button to complete the entry and add the other Name Server After finishing adding NS records...

Page 82: ...When creating a CNAME record for the domain itself not a sub domain the Host field should be left blank The wildcard character is supported in the Host field The Reference of omain name will be retur...

Page 83: ...Internet IP addresses that are candidates to be returned when the BD1000 responds to DNS queries for the domain name specified by Host Name The IP addresses listed in each box as default are the Inte...

Page 84: ...for the PTR records For example if the IP address range 11 22 33 0 to 11 22 33 255 is delegated to the DNS server on the BD1000 you will also have to create a domain 33 22 11 in addr arpa and have it...

Page 85: ...rity Indicates the priority of the Target the smaller the value the higher the priority Weight A relative weight for records with the same priority Target The canonical hostname of the machine providi...

Page 86: ...ure 64 DNS Domain Delegation Create A Record If ISC BIND 8 or 9 is being utilized in the zone file mycompany com then the addition of the following lines suffice Testing the DNS Configuration To test...

Page 87: ...mplementation will likely be different Reverse Lookup Zones Figure 65 DNS New Reverse Lookup Zone Reverse Lookup refers to performing a DNS query to find one or more DNS names associated with a given...

Page 88: ...ecord to create or click on the Name Server field to edit the SOA record Figure 67 DNS Reverse Lookup Zone SOA Record In the SOA record you must fill out the fields for Name Server Name Server IP Addr...

Page 89: ...defined in the SOA record is automatically added here To create a new NS record click the New NS Records button Figure 68 DNS Reverse Lookup Zone NS Record When creating an NS record for the Reverse...

Page 90: ...e lookup zones are further described in RFC 2317 Classless IN ADDR ARPA delegation PTR Records To add a new PTR record click the New PTR Records button Figure 70 DNS Reverse Lookup Zone PTR Record The...

Page 91: ...is used to access the DNS Record Import Wizard Figure 71 DNS DNS Record Import Wizard 1 1 From the Import Wizard introduction screen click Next to continue Figure 72 DNS DNS Record Import Wizard 2 2...

Page 92: ...Configuring Inbound Access NAT Mappings 3 In the blank space enter the Domain Names Zones that you would like to assign with the IP address entered in the previous step Enter one domain name per line...

Page 93: ...on allows the BD1000 to map IP addresses of all inbound and outbound NAT traffic to and from an internal client IP address To configure NAT Mappings click on Network NAT Mappings in the Web Admin Inte...

Page 94: ...these addresses to a number of specified public IP addresses to facili tate outbound traffic This option is only available when IP Network is selected as the LAN Client Inbound Mappings Specifies the...

Page 95: ...ity of Service Chapter contents Introduction 96 Managing User Groups 96 Setting Up Bandwidth Control 97 Configuring Applications 98 Application Prioritization 98 Prioritization for Custom Applications...

Page 96: ...k the Add button to define clients and their user group Click to remove the defined rule Two default rules are pre defined and located at the bottom of the table They include All DHCP reservation clie...

Page 97: ...h group s weight The lower part of the table shows the corresponding reserved download and upload bandwidth value of each connection By default 50 of bandwidth has been reserved for Manager 30 for Sta...

Page 98: ...n traffic by inspecting the packets content Select an application by choos ing a supported application or by defining a custom application manually The priority preference of sup ported applications i...

Page 99: ...idth of the WAN can be fully utilized in any situation When a DSL Cable circuit s uplink is congested the download bandwidth will be affected Users will not be able to download data in full speed unti...

Page 100: ...er 8 Configuring Firewall Settings Chapter contents Introduction 101 Configuring Outbound and Inbound Firewall Rules 101 Access Rules 101 Intrusion Detection and DoS Prevention 105 Setting Up Web Bloc...

Page 101: ...s the selective filtering of data traffic in both directions Outbound LAN to WAN Inbound WAN to LAN Intrusion Detection and DoS Prevention Web Blocking With Site to Site VPN enabled see Chapter 4 Conf...

Page 102: ...e Name Specifies a name for the firewall rule Enable Specifies whether the firewall rule should take effect Select Yes for the firewall rule to take effect If the traffic matches the specified Protoco...

Page 103: ...on IP address es and port number s to match with the fire wall rule You may specify a single address or network and a single port or a range of ports Action Specifies what the BD1000 should do upon en...

Page 104: ...rom the table click Rules are matched from top to bottom If a connection matches any one of the upper rules the matching process will stop If none of the rules match the connection the BD1000 will app...

Page 105: ...rnet To turn on this feature click and check Enable for Intrusion Detection and DoS Prevention Click Save to apply the setting Figure 85 Network Firewall Intrusion Detection and DoS Prevention When en...

Page 106: ...com www foobar co jp or foobar co uk will be blocked Placing the wild card in any other position is not sup ported The BD1000 will inspect and look for blocked domain names on all HTTP traffic Secure...

Page 107: ...ter contents Introduction 108 Setting Up High Availability Configurations 108 Enabling the PPTP Server 111 Enabling Service Forwarding 112 SMTP Forwarding 114 Web Proxy Forwarding Settings 115 DNS For...

Page 108: ...its and two Internet connections Figure 87 High Availability Application In the diagram the WAN ports on each BD1000 unit connect to the router and modem and the BD1000 unit connects to the same LAN s...

Page 109: ...e slave unit Configuration Sync Displays when Slave mode is selected as the Preferred Role When enabled and the Master Serial Number matches with the actual master unit the master unit will automatica...

Page 110: ...the LAN segment For example a fire wall sitting behind the BD1000 should set its default gateway as the VIP instead of the IP of the Master BD1000 Figure 89 High Availability Application VIP Default...

Page 111: ...ss es where the PPTP server should listen Authentication Specifies the source of user database for PPTP authentication Available options include Local User Accounts User accounts are stored in the BD1...

Page 112: ...tions destined for any host at TCP Port 25 These connections will be redirected to a specified SMTP server and port number SMTP server settings for each WAN can be specified after selecting Enable For...

Page 113: ...ction you may want to enable this option to enhance the DNS availability without modifying the DNS server setting of the clients The built in DNS name server will distribute DNS lookups to correspondi...

Page 114: ...ct the Enable check box under SMTP Forwarding Setup then select the boxes for the WAN connections in the Enable Forwarding column that require forwarding Enter the ISP s e mail server address and TCP...

Page 115: ...ction with reference to the Outbound Policy and 3 forward them to the specified web proxy server and port number You may configure the redirected server settings for each WAN in the Web Proxy Intercep...

Page 116: ...enabled the BD1000 defines protocols that provide audio visual communi cation sessions on any packet network to passthrough the BD1000 FTP FTP sessions consist of two TCP connections one for control...

Page 117: ...mote System Log 126 Configuring Simple Network Management Protocol SNMP 127 General SNMP Settings 127 SNMP Community Settings 128 SNMPv3 User Settings 128 Managing the Reporting Server 129 Importing a...

Page 118: ...ing the Web Admin admin and user The admin account has full administration access while user is a read only account The user account can only access the device s status information and cannot make any...

Page 119: ...r Name Non configurable set as admin by default Admin Password Specifies a new password for the admin account Confirm Admin Password Verifies and confirms the new password for the admin account Read o...

Page 120: ...ude MS CHAP v2 and PAP Auth Server Specifies the access address of the external RADIUS server Auth Server Secret Defines the secure password phrase for accessing the RADIUS server Auth Timeout Specifi...

Page 121: ...n access from any location without IP address restrictions Allow access from the following IP subnets only Only the defined IP subnets may access the Web Admin Interface When selected this option disp...

Page 122: ...or the desired software release In the BD1000 Web Admin Interface click Browse to select the firmware file from the local com puter and then click Manual Upgrade to send the firmware to the unit The B...

Page 123: ...k on System Time in the Web Admin Interface Figure 99 System Time Table 41 System Time Server Settings Field Description Time Zone Specifies the time zone along with the corresponding Daylight Savings...

Page 124: ...g email If the server requires authentication select Require authentication SSL Encryption Select the box to Enable SMTPS When enabled the SMTP Port field will change to 465 automatically SMTP Port Sp...

Page 125: ...completed the settings click the Test Email Notification button to test the settings before sav ing The following screen displays to confirm the settings Figure 101 Test Email Notification Click Yes t...

Page 126: ...the remote system log settings click on System Remote Syslog in the Web Admin Interface Figure 103 System Remote Syslog Table 43 System Remote Syslog Setup Field Description Remote Syslog Specifies w...

Page 127: ...tion from the BD1000 To configure SNMP settings click on System SNMP in the Web Admin Interface Figure 104 System SNMP General SNMP Settings Table 44 System SNMP Settings Field Description SNMP Device...

Page 128: ...ies a unique name for the SNMP Community Allowed Source Subnet Address Enter a subnet address where the SNMP Server will allow access Allowed Source Subnet Mask Specifies the subnet mask that correspo...

Page 129: ...alid Table 47 System Reporting Server Settings Field Description Post Data to Server Specifies whether or not the BD1000 should periodically and automatically post traffic data to Reporting Server Rep...

Page 130: ...u must click the Apply Changes button for the new settings to take effect Downloading Active Configurations Use the Download button to back up the current active settings and save the configuration fi...

Page 131: ...he connectivity of a WAN or VPN link Use the Traceroute Test see Traceroute Test on page 132 to view the connection path of a WAN or VPN link Use the VPN Test see VPN Test on page 132 to view the thro...

Page 132: ...test on a BD1000 connection click on System Tools Traceroute in the Web Admin Interface Select an option from the Connection drop down menu then click the Start button Click Stop to end the tracerout...

Page 133: ...wing Access Points 136 Viewing the WINS Client List 136 Viewing Site to Site VPN Connection Details 136 Viewing IPsec VPN Connection Details 136 Viewing UPnP and NAT PMP Connection Details 136 Viewing...

Page 134: ...h LAN WAN interface connected to the BD1000 Table 48 Status System Information Field Description Router Name Displays the name specified for this specific BD1000 device in the Router Name field locate...

Page 135: ...ws DHCP clients associated with the BD1000 since it has powered up To view information about DHCP clients click on Status Client List in the Web Admin Interface The table lists the DHCP client IP Addr...

Page 136: ...ts retrieved and automatically matched with the DHCP Client List see Viewing the Client List on page 135 Click the button Flush All to clear the table of all WINS client records Viewing Site to Site V...

Page 137: ...ices Select the number of entries to show in the log screen at a time 50 100 or all Viewing Bandwidth Usage Statistics The Bandwidth section shows bandwidth usage statistics for the BD1000 including d...

Page 138: ...Viewing Bandwidth Usage Statistics 138 BODi rS BD1000 User Manual 11 Managing Status Settings Figure 115 Real Time Bandwidth Usage...

Page 139: ...enabled the Bandwidth Monitoring feature see Bandwidth Allowance Monitor on page 48 the BD1000 will display the Current Billing Cycle table for that specific WAN connection In the Client Bandwidth Usa...

Page 140: ...ature see Bandwidth Allowance Monitor on page 48 the BD1000 will display the Billing Cycle or Calendar Month for that specific WAN connection In the Client Bandwidth Usage table click on the first or...

Page 141: ...141 Chapter 12 Troubleshooting Chapter contents Outbound Load 142 Download Speed 142 Public IP Address 142 LAN Connection 142 WAN Connection 143 File Upload Transfer 143...

Page 142: ...ution First check whether the WAN connections are up Second ensure your download manager application has split the file into 3 parts or more It is also possible that all of 2 or even 3 download sessio...

Page 143: ...nterface you may be able to find out the source of problem File Upload Transfer Problem When I upload files to a server via ftp the transfer stalls after a few kilobytes of data are sent What should I...

Page 144: ...support headquarters in the USA 145 Alternate Patton support for Europe Middle East and Africa EMEA 145 Warranty Service and Returned Merchandise Authorizations RMAs 145 Warranty coverage 145 Out of w...

Page 145: ...00 Fax 1 301 869 9293 Alternate Patton support for Europe Middle East and Africa EMEA Online support available at www patton com E mail support e mail sent to support patton com will be answered withi...

Page 146: ...be issued upon receipt and inspection of the equipment 30 to 60 days We will add a 20 restocking charge crediting your account with 80 of the purchase price Over 60 days Products will be accepted for...

Page 147: ...147 Appendix A Compliance Information Chapter contents Compliance 148 EMC 148 Low Voltage Directive Safety 148 CE Declaration of Conformity 148 Authorized European Representative 148...

Page 148: ...elating to electromagnetic compatibility and Directive 2006 95 EC relating to electrical equipment designed for use within certain voltage limits The Declaration of Conformity may be obtained from Pat...

Page 149: ...149 Appendix B Specifications Chapter contents WAN Interface 150 LAN Interface 150 VPN 150 Load Balancing 150 Networking 151 Advanced QoS 151 Device Management 151 Physical 151...

Page 150: ...t Ethernet Switch Extended DHCP Options DHCP Reservation Support for Dynamic DNS services DNS Proxy for LAN Clients VPN Complete VPN Solution Site to Site VPN Bonding Bandwidth Aggregation Intelligent...

Page 151: ...vanced QoS User Groups Bandwidth Reservation Individual Bandwidth Limit Custom Application QoS Application Prioritization Device Management Web Administrative Interface Email Notification Active Clien...

Page 152: ...g 153 Performance Optimization 154 Scenario 154 Solution 154 Settings 154 Maintaining the Same IP Address throughout a Session 154 Scenario 154 Solution 154 Settings 154 Bypassing the Firewall to Acce...

Page 153: ...e Internet i e the WAN IP address of the BD1000 Operating the BD1000 in NAT mode requires only one WAN Internet IP address In addition operating in NAT mode also has security advan tages because LAN d...

Page 154: ...ddress throughout a Session Scenario Some client IP address sensitive websites for example Internet banking use both client IP address and cookies matching for session identification Since different I...

Page 155: ...Mapping and bind the host to the default IP and 211 123 123 100 of WAN1 Inbound Access Restriction Scenario A firewall is required to protect the network from potential hacker attacks and other Inter...

Page 156: ...his can easily be achieved by setting up an outbound firewall rule with the BD1000 Solution To set up a firewall rule between the Internet and the private network for outbound access click the Add Rul...

Page 157: ...157 Appendix D Terms Chapter contents Abbreviations 158...

Page 158: ...apsulation HTTP Hyper Text Transfer Protocol ICMP Internet Control Message Protocol IP Internet Protocol LAN Local Area Network MAC Address Media Access Control Address MTU Maximum Transmission Unit M...

Reviews:

No comments

Brands by name

Popular brands

Load more brands