Planet BM-2101 User Manual Download

Page: 6 / 278

５

15.4

Backup………….………….. ………………………………………

235

Chapter 16

Accounting Report…........................................................................

237

16.1

Outbound…….……………………………………………………...

241

16.2

Inbound………….………………………………………………….

247

Chapter 17

Statistics……………………….........................................................

253

17.1

WAN……………….……………………………………………….

255

17.2

Policy……….……………………………………………………….

257

Chapter 18

Diagnostic……………………………………………............. ……

259

18.1

Ping ……………………….……………………………………….

260

18.2

Traceroute ……………………….…………………………. ……..

263

Chapter 19

Wake On Lan………………………………………... ……………

265

19.1

Example…………………….……………………………………….

266

Chapter 20

Status…………………………………..............................................

267

20.1

Interface….………………………………………………………….

270

20.1

System Info………………………………………………………….

272

20.3

Authentication……………………………………………………….

274

20.4

ARP Table………….…………………………….............................

275

20.5

Sessions Info…………………………………………………….......

276

20.6

DHCP Client……….…………………….………………………….

277

Summary of Contents for BM-2101

Page 1: ...Bandwidth Management Gateway BM 2101 User s Manual...

Page 2: ...Manual is subject to change without notice and does not represent a commitment on the part of PLANET PLANET assumes no responsibility for any inaccuracies that may be contained in this User s Manual...

Page 3: ...service please take a moment to gather the following information Internet Monitor serial number and MAC address Any error messages that displayed when the problem occurred Any software running when th...

Page 4: ...2 2 Permitted IPs 13 2 3 System Log Out 14 2 4 Software Update 15 Chapter 3 Configure 16 3 1 Setting 21 3 2 Date Time 27 3 3 Multiple Subnet 28 3 4 Route Table 32 3 5 DHCP 36 3 6 DDNS 38 3 7 Host Tab...

Page 5: ...P 122 Chapter 10 Content Blocking 147 10 1 URL 150 10 2 Script 153 10 3 Download 155 10 4 Upload 157 Chapter 11 IM P2P Blocking 159 11 1 Example 162 Chapter 12 Virtual Server 167 12 2 Example 171 Poli...

Page 6: ...Statistics 253 17 1 WAN 255 17 2 Policy 257 Chapter 18 Diagnostic 259 18 1 Ping 260 18 2 Traceroute 263 Chapter 19 Wake On Lan 265 19 1 Example 266 Chapter 20 Status 267 20 1 Interface 270 20 1 System...

Page 7: ...bandwidth levels for inbound and outbound traffic in each class The administrator can also define three priority levels for each policy to ensure high priority packets receive the maximum available b...

Page 8: ...Z 1 x 10 100Base TX Auto MDI MDI X 1 x 10 100Base TX Auto MDI MDI X Console 1 x RS 232 DB 9 H W Watch Dog Auto reboot when detecting system fail Software Maximum Controlled Bandwidth 100Mbps Maximum C...

Page 9: ...SYN Attack Detect ICMP Flood Detect UDP Flood Detect Ping of Death Attack Detect Tear Drop Attack Detect IP Spoofing Attack Filter IP Route Option Detect Port Scan Attack Detect Land Attack Virus Infe...

Page 10: ...me relevant settings In this Chapter the system administration will be defined as the management of the MIS engineer Permitted IPs System Log Out and Software Update Chief administrator configures and...

Page 11: ...herwise the other chief admin can modify its privilege to be the sub admin but can not be deleted The BM 2101 appliance still force to reserve a chief admin Privilege Chief administrator has the Write...

Page 12: ...add the settings Sub Admin name sub_admin Password 12345 Confirm Password 12345 If select Write Access and View Log Privilege the new sub admin becomes chief admin Step3 Click OK for the user to log...

Page 13: ...nd to the Configure Modify Step2 In Modify Admin Password enter the following information Password admin New Password 52364 Confirm Password 52364 Step3 Click OK to change the password or click Cancel...

Page 14: ...rvice Check Ping HTTP and HTTPS Click OK Compelte adding Permitted IPs Add new Permitted IPs Complete add new Permitted IPs To activate Permitted IPs click Interface LAN WAN and DMZ to uncheck Ping HT...

Page 15: ...Logged icon at the upper right of the WebUI The MIS engineer can log out the system anytime to prevent the other person change the setting through other PC Confirm to log out Step2 Click OK It shows...

Page 16: ...BM 2101 appliance Click Browse Choose File select the latest update file and open it Click OK to run automatic software update Firmware update It takes 3 minutes to run software update then the system...

Page 17: ...gu ur re e The configuration here is about the basic operating settings of the BM 2101 appliance In this Chaper it will be defined as Setting Date Time Multiple Subnet Route Table DHCP Dynamic DNS Ho...

Page 18: ...iance anywhere via Web UI In addition the MIS engineer can change the used port number in BM 2101 s remote management Set up the idle timeout as the MIS engineer log into the BM 2101 appliance The BM...

Page 19: ...setting Administration Packet Logging After enabled this function the system will record the source or destination packet information of BM 2101 in Monitor Log Traffic for the MIS engineer to query Da...

Page 20: ...ment Dep 192 168 4 1 24 Internal 168 85 88 250 External Accounting Dep 192 168 5 1 24 Internal 168 85 88 249 External R D Dep has already been set up in Interface configurations so set up the reservei...

Page 21: ...Dynamic DNS Domain Name The domain name that the MIS engineer applied from the DDNS provider WAN IP The real IP which the domain name correspond to Host Table Host Name Customized by the MIS engineer...

Page 22: ...ation click near Export System Setting to Client Step2 In File Download window click Save Then choose the destination location to save the exported file Finally click Save for BM 2101 to copy the conf...

Page 23: ...Setting from Client Step2 In Choose File window select the previously saved settings and click Open Step3 Click Open and a confirmation dialogue box pop out Step4 Click the OK to import the configura...

Page 24: ...Step1 In Setting Bandwidth Management Gateway Configuration select Restore Factory Setting Step2 Click OK to restore the default settings Restore to factory setting...

Page 25: ...r s email address Required by some ISP Step4 SMTP Server Enter the IP address of the SMTP server Step5 E mail Address 1 Enter the first e mail address to receive the notification Step6 E mail Address...

Page 26: ...ail Test to test if e mail address 1 and e mail address 2 can receive the notification or not If the MIS engineer want to send the mails via the authentication then he must Enable SMTP Server Authenti...

Page 27: ...2101 appliance Click Reboot near Reboot Bandwidth Management Gateway Appliance Step2 It shows the confirm dialogue of Are you sure to reboot Step3 Click OK to restart or click Cancel to terminate the...

Page 28: ...correct option Step3 Enter the time server s IP address in Server IP Name Step4 Enter the update time Set system clock Click Sync near Synchronize system clock with this client to synchronize the BM 2...

Page 29: ...ternet via the multiple subnet NAT or Routing mode Preparations Connect the BM 2101 appliance WAN 1 10 10 10 1 to the ISP s Router 10 10 10 2 The segment is 162 172 50 0 24 Distributed by the ISP Conn...

Page 30: ...terface select LAN Alias IP of Interface enter 162 172 50 1 Netmask enter 255 255 255 0 WAN 1 10 10 10 1 Forwarding Mode select routing WAN 2 211 22 22 22 Forwarding Mode select NAT Click OK Complete...

Page 31: ...if the LAN IP is 192 168 1 xx Use the NAT Mode to connect to the network As regulated in Policy one can only connect to network via WAN2 If use Routing mode via WAN 1 an virtual IP can t be usd to con...

Page 32: ...Multiple Subnet deployment BM 2101 Interface WAN1 IP 10 10 10 1 WAN2 IP 211 22 22 22 LAN Port IP 192 168 1 1 LAN Port Multiple Subnet 162 172 50 1...

Page 33: ...11 11 to ATUR and link to network Connect WAN 2 211 22 22 22 to ATUR and link to network LAN segment is192 168 1 1 24 LAN Router1 10 10 10 1 supporting RIPv2 the LAN segment is 192 168 10 1 24 Company...

Page 34: ...nter 255 255 255 0 Gateway Enter 192 168 1 252 Interface Select LAN Click OK Add new static route 1 Step2 In Configure Route Table Destination IP Enter 192 168 20 1 Netmask Enter 255 255 255 0 Gateway...

Page 35: ...Step3 In Configure Route Table Destination IP Enter 10 10 10 0 Netmask Enter 255 255 255 0 Gateway Enter 192 168 1 252 Interface Select LAN Click OK Add new static route 3...

Page 36: ...l The BM 2101 appliance can translate the virtual IP to real IP Therefore the LAN subnet PC 192 168 10 1 24 192 168 20 1 24 and 192 168 1 1 24 can communicate to each other via the BM 2101 appliance R...

Page 37: ...r the IP Address distributed to WIN server 2 LAN Interface Client IP range 1 Enter the first starting and ending IP addresss the default value is 192 168 1 2 to 192 168 1 254 it must be at the same do...

Page 38: ...ng When the LAN network adaptor set to Automatically Get DNS The DNS Server will auto lock the LAN interface IP Note When enabled the Authentication the first DNS server must correspond to the LAN int...

Page 39: ...from the drop down menu Select Automatically and select a WAN interface to correspond from the menu User Name and Password Enter the applied name and password Domain Name Enter the applied domain nam...

Page 40: ...the DDNS account then he can choose the proper DDNS supplier click Sign up and then it will display the registeration web page If the MIS engineer do not select Automatically correspond to the WAN int...

Page 41: ...al IP Address enter the host name that correspond to the virtual IP address Click OK Complete Host Table setting Host table setting Use the Host Table of the BM 2101 appliance the first DNS Server in...

Page 42: ...etting is Taipei Taiwan Community Can customize the settings Default setting is public Contact Person Can customize the settings Default setting is root public Description Can customize the settings D...

Page 43: ...the port number Default value 162 Click OK Complete the SNMP Trap setting The MIS engineer can use the SNMP Trap software and receive the alarm notification from the BM 2101 appliance it will send th...

Page 44: ...3 9 Language Step1 In Configure Language to select the language Click OK Select language...

Page 45: ...ce e The so called interface included the LAN and WAN of the BM 2101 appliance In Interface the MIS engineer can set the IP address netmask gateway address and define the WAN and LAN IP address all de...

Page 46: ...ust the usage of WAN depends on the downstream and upstream status Suitable for the user who use different downstream bandwidth Round Robin Forced to use the 1 1 cycling distribution of network downlo...

Page 47: ...he WAN interface priority by balance mode choice Service To test if the WAN can work or not The testing includes two parts ICMP Ping the IP to see if the connection can work DNS Use the domain name to...

Page 48: ...the DMZ in the BM 2101 appliance The DMZ includes two modes NAT The DMZ is an isolated virtual domain but it can not be at the same segment as LAN TRANSPARENT The DMZ and WAN interface are both in the...

Page 49: ...e Application Environment Example 1 LAN Modify the LAN interface address Example 2 WAN Set the WAN interface address Example 3 DMZ Set the DMZ interface address NAT mode Example 4 DMZ Set the DMZ inte...

Page 50: ...setting The default LAN interface address is 192 168 1 1 After the MIS engineer has modified the LAN IP address he has to set the PC to obtain the latest IP then use the modified LAN interface IP addr...

Page 51: ...ace WAN click Modify of WAN 1 WAN 2 Interface s settings are almost the same as WAN 1 setting The difference is that WAN 2 has the additional Disable function The MIS engineer can use this function to...

Page 52: ...me Or click Assist Sets the interval seconds during the packets transferring per seconds ICMP test DNStest Both of the two connection test is the standard to see if the WAN can work properly The testi...

Page 53: ...assword 4 Select Dynamic or Fixed in IP Address provided by ISP It depends on the user s network status click Fixed option please enter the IP address Netmask and Default Gateway 5 Enter Max Downstrea...

Page 54: ...Complete PPPoE setting If use the PPPoE the MIS engineer can set the WAN interface auto connect when it disconnect it is recommended enable this function or set the WAN interface disconect as idle Not...

Page 55: ...ess 4 User Name Require by the ISP to enter the provided user name 5 Domain Name Require by the ISP to enter the provided domain name 6 Username and Password The IP machenism of DHCP authentication Ac...

Page 56: ...Complete to set the Dynamic IP address...

Page 57: ...IP Address 2 Enter IP Address Netmask and Default Gateway 3 Enter DNS Server 1 or DNS Server 2 4 Enter Max Downstream Bandwidth and Max Upstream According to the bandwidth applied by the user 5 Selec...

Page 58: ...ing Ping HTTP and HTTPS in WAN interface the user can ping the BM 2101 appliance and its WebUI This action may cause the network security problem It s recommended do not selet the Ping HTTP and HTTPS...

Page 59: ...T Mode Step1 In Interface DMZ Step2 In DMZ Interface select NAT mode In DMZ Interface select NAT from the drop down menu Enter the value in IP Address and Netmask Step3 Select Ping HTTP and HTTPS Step...

Page 60: ...ect Transparent Mode In DMZ Interface select DMZ_ Transparent Mode from the drop down menu Step3 Select Ping HTTP and HTTPS Step4 Click OK Select DMZ transparent mode The MIS engineer has to set the s...

Page 61: ...ss Basically the IP address can divided into three types internal IP address WAN IP address and DMZ IP address The MIS can apply the different IP address packets filtering rules to the same policy he...

Page 62: ...255 255 Correspond to many IP address in a specific domain For example IP Address 192 168 100 1 in C Class segment the setting must be 255 255 255 0 MAC Address Mapped the MAC address to its IP addres...

Page 63: ...ample 1 LAN When use the DHCP to distribute the static IPaddress to the specific user and limit the user can only access the FTP resources through policy Example 2 LAN Group and WAN To set the policy...

Page 64: ...olicy Step1 In Address LAN make the setting as following Click New Entry Name enter the user s identified name Rayearth IP Address enter the user s IP 192 168 3 2 Netmask enter 255 255 255 255 MAC Add...

Page 65: ...sources through specific service Step3 In Policy Outgoing to complete the settings to appointed the static IP to the specific user and limit the user can only accessing FTP resources through Policy Co...

Page 66: ...address In Address LAN the BM 2101 appliance will automatically set an Inside_Any Address it represents the whole LAN The WAN or DMZ also has its Outside_Any and DMZ_Any default address setting to rep...

Page 67: ...To set the policy which allow part of users connect to the remote static IPaddress Step1 Set many LAN address Set many LAN address...

Page 68: ...following Click New Entry To set the group Name In available address select the user in the group and click Add Click OK Group the LAN address Complete to group the LAN address In Address WAN Group a...

Page 69: ...Step3 In Address WAN add the setting as following Click New Entry Enter the remote static IP information Name IP Netmask Click OK Set the WAN address Complete to set the WAN address...

Page 70: ...Step4 To apply Step 1 3 to Policy Apply the address setting in policy Complete the policy setting The Address function works by apply it to policy...

Page 71: ...port is 0 to 65535 In this chapter we will introduce the three common use services for example Pre defined Custom and Group The MIS engineer can define the Protocol and port number in every network ap...

Page 72: ...NS NTP IRC RIP SNMP SYSLOG TALK TFTP UDP ANY UUCP ICMP service for example PING TRACEROUTE Service name The MIS engineer can define the service name Protocol The Protocol that is made of the communica...

Page 73: ...user communicate to LAN user via the network phone through policy VoIP port number TCP 1720 TCP 15328 15333 UDP 15328 15333 Example 2 Group To group the services and limit the specific user accessing...

Page 74: ...user communicate to LAN user via the network phone through policy VoIP port number TCP 1720 TCP 15328 15333 UDP 15328 15333 Step1 In Address LAN and LAN Group add the following setting LAN address se...

Page 75: ...g reserve the default value Server Port enter the value of 1720 1720 Protocol 2 select TCP Client Port s setting reserve the default value Server Port enter the value of 15328 15333 Protocol 3 select...

Page 76: ...Service function To enter the the port number in the client port if the MIS engineer have to enter two different port number in server port then enter the range of 15328 15333 To enter the same port...

Page 77: ...l server Step4 Apply Virtual Service to Policy Incoming Complete to set the incoming VoIP policy Step5 In Policy Outgoing to complete the Outgoing VoIP setting Complete to set the outgoing VoIP policy...

Page 78: ...ces provided by the Group through Policy Object Group HTTP POP3 SMTP DNS Step1 In Service Group add the new setting as following Click New Entry Set the Name to be the default name of Main_Service In...

Page 79: ...Complete the service group setting If the MIS engineer want to remove the group service then he can choose the Selected service and click Remove...

Page 80: ...Step2 In Address LAN Group to set the LAN group which can only access the specific service LAN group setting Step3 Apply Service Group to Policy Outgoing Policy setting...

Page 81: ...and the process time period in Schedule In other words the MIS engineer can select the specific time period to transfer the data packets by policy management How to use Sehedule The MIS engineer can...

Page 82: ...work data everyday through the policy management Step1 In Schedule add the new setting as following Click New Entry Set the Schedule Name Use the drop down menu to select the time period everyday Clic...

Page 83: ...Step2 Apply schedule setting to Policy Outgoing Complete to apply the schedule setting to policy The Schedule setting must apply into Policy...

Page 84: ...h Downstream Bandwidth Can set the G Bandwidth and M Bandwidth Upstream Bandwidth Can set the G Bandwidth and M Bandwidth QoS Priority Can set the QoS priority of upstream and downstream bandwidth The...

Page 85: ...The used QoS Flow M Bandwidth 400 Kbps G Bandwidth 200Kbps...

Page 86: ...th and guarantee bandwidth of upstream bandwidth QoS Priority To set the unuse upstream and downstream bandwidth in QoS priority G Bandwidth The basic bandwidth in QoS The policy which applied to the...

Page 87: ...ndwidth and Downstream Bandwidth Step1 In QoS add the new setting as following Click New Entry In Name to set the QoS name In WAN 1 2 enter the parameter of limited bandwidth To select the QoS Priorit...

Page 88: ...Outgoing to apply the QoS Setting in Step 1 Set the QoS policy Complete to set the QoS policy When the MIS engineer setting the QoS he must use the correct upstream and downstream bandwidth range set...

Page 89: ...tion by authentication The user has to pass the authentication to connect the network The BM 2101 appliance provided 4 authentication modes The User and User Group built in others are RADIUS POP3 and...

Page 90: ...Re Login after user login successfully When the LAN user connect to the WAN through the authentication The available authentication time depends on the time limit if over the default time setting the...

Page 91: ...z To add the settings in the authenticaion management Authentication management...

Page 92: ...l redirect to the assigned web site If the user want to require the authentication then he can enter the BM 2101 s LAN interface IP and the authenticaion port number in the URL address then shows the...

Page 93: ...ADIUS server 802 1x RADIUS The authentication between the BM 2101 appliance and RADIUS server which included the wireless network Search Distinguished Name The identify name of LDAP server LDAP Filter...

Page 94: ...S To plan the user connect to the WAN through the authenticaton in policy To use the WAN RADIUS server Windows 2003 Server built in authentication Example 3 POP3 To plan the user connect to the WAN th...

Page 95: ...by policy To use the built in user and user group authentication Step1 In Authentication User to add the Authentication User Name Set the authentication user The user s DNS server must correspond to...

Page 96: ...tting as following Click New Entry Name enter laboratory Click Add to add the available authentication user to the selected authentication user in the same user group Click OK Complete the user group...

Page 97: ...Step3 In Policy Outgoing add a new policy and apply the Step 1 2 into the new policy setting Authentication user policy setting Complete the policy setting...

Page 98: ...rk via the BM 2101 appliance To create the IPSec VPN connection via the authentication Step5 If the remote user want to logout click Logout Auth User in Auth User Logout window The logout window will...

Page 99: ...US server Windows 2003 Server built in authentication Windows 2003 RADIUS Server Deployment Step1 Click Start Control Panel Add Remove Programs select Add Remove Windows Components then it shows the W...

Page 100: ...Step3 Select Internet Authentication Service Add new network authentication service components...

Page 101: ...Step4 Click Start Control Panel Administrative Tools select Network Authentication Service Select network authentication service...

Page 102: ...Step5 Right click RADIUS Clients New RADIUS Client Add new RADIUS client...

Page 103: ...Step6 Enter the Name and Client Address It is the same as BM 2101 IP address Add New RADIUS client name and IP address setting...

Page 104: ...Step7 Select RADISU Standard enter the Shared secret and Confirm Shared secret It must be the same setting as RADIUS in BM 2101 Add new RADIUS client vendor and shared secret...

Page 105: ...Step8 Right click on Remote Access Policies New Remote Access Policy Add new romote access policies...

Page 106: ...Step9 Select Use the wizard to set up a typical policy for a common scenario and enter the Policy name Add new romote access policies and policy name...

Page 107: ...Step10 Select Ethernet The way to add new romote access policy...

Page 108: ...Step11 Select User Add new romote access policy user and group...

Page 109: ...Example 2 Authentication Step12 Select MD5 Challenge The authentication of add new romote access policy...

Page 110: ...Step13 Right click on the Radius Properties The network authentication service setting...

Page 111: ...Step14 Select Grant remote access permission and Remove the original setting then click Add The RADIUS properties settings...

Page 112: ...Step15 Add Service Type Add new RADIUS properties attribute...

Page 113: ...Step16 Add Authenticate Only from the left side Add RADIUS properties service type...

Page 114: ...Step17 Click Edit Profile select Authentication and check Unencrypted authentication PAP SPAP Edit RADIUS service type dial in property...

Page 115: ...Step18 Add Auth User click Start Setting Control Panel Administrative Tools select Computer Management Enter computer management...

Page 116: ...Step19 Right click on Users select New User Add new user Step20 Complete the Windows 2003 RADIUS Server Settings...

Page 117: ...P Port and Shared Secret The setting must be the same as RADIUS server The RADIUS server setting Click Test it can detect if the BM 2101 and RADIUS server can real working Step22 In Authentication Use...

Page 118: ...Step23 In Policy Outgoing apply the Authentication Group RADIUS included in Step22 to add the new policy To add the RADIUS authentication policy Complete the RADIUS authentication policy setting...

Page 119: ...connect to the network via the browser it will show the authentication window Enter the user name and password click OK then link to the network through the BM 2101 Link to the network through the au...

Page 120: ...policy To use the WAN POP3 server authentication Step1 In Authentication POP3 add the new settin as following POP3 server setting Click Test it can detect if the BM 2101 and POP3 server can real worki...

Page 121: ...Step3 In Policy Outgoing apply Step2 The authentication group in to the policy The POP3 server authentication in policy setting Complete the POP3 server authentication in policy setting...

Page 122: ...o connect to the network via browser it will show the authentication window Enter the user name and password click OK then link to the network through the BM 2101 appliance Link to the network through...

Page 123: ...P server Windows 2003 Server built in authentication Windows 2003 LDAP Server Deployment Step1 Click Start Program Administrative Tools Manage MIS engineer Server Step2 In Manage MIS engineerr Server...

Page 124: ...Step3 In Preliminary Steps window click Next The Preliminary steps Web UI...

Page 125: ...Step4 In Server Role window select Active Directory and click Next The server role window...

Page 126: ...Step5 In Summary of Selections window click Next The summary of selections window...

Page 127: ...Step6 In Active Directory Installation Wizard window click Next Active directory installation wizard...

Page 128: ...Step7 In Operating System Compatibility window click Next The operating system compatibility window...

Page 129: ...Step8 In Domain Controller Type window select Domain controller for a new domain click Next The domain controller type window...

Page 130: ...Step9 In Create New Domain window select Domain in a new forest click Next Create new domain window...

Page 131: ...Step10 In New Domain Name window enter the Full DNS name for new domain click Next The new domain name window...

Page 132: ...Step11 In NetBIOS Domain Name window enter the Domain NetBIOS name click Next The NetBIOS domain name window...

Page 133: ...Step12 In Database and Log Folders window enter the routes of Database folder and Log folder click Next The database and log folder window...

Page 134: ...Step13 In Shared System Volume window enter the Folder location click Next The shared system volume window...

Page 135: ...Step14 In DNS Registration Diagnostics window select I will correct the problem later by configuring DNS manually Advanced click Next The DNS registration diagnostics window...

Page 136: ...Step15 In Permissions window select Permissions compatible only with Windows 2000 or Windows Server 2003 operating systems click Next The permissions window...

Page 137: ...tep16 In Directory Services Restore Mode Administrator Password window enter the Restore Mode Password and Confirm password click Next The directory services restore mode administrator password window...

Page 138: ...Step17 In Summary window click Next The summary window...

Page 139: ...Step18 Complete the Active Directory installation wizard Complete the active directory installation wizard...

Page 140: ...Step19 Click Start Programs Administrative Tools Active Directory Users and Computers Enable active directory users and computers...

Page 141: ...Step20 In Active Directory Users and Computers window right click on the Users select New User Add new active directory user...

Page 142: ...Step21 In New Object User window enter the settings click Next Add new object user setting 1...

Page 143: ...Step22 In New Object User window enter the password click Next The new object user setting 2...

Page 144: ...mplete to add the user Complete to add the object user Step24 In Authentication LDAP enter the following setting The LDAP server setting Click Test it can detect if the BM 2101 and LDAP server can rea...

Page 145: ...Step25 In Authentication User Group add LDAP User Add new LDAP user...

Page 146: ...Step26 In Policy Outgoing apply Step25 the authentication group in to the policy setting The LDAP server authentication in policy setting Complete the LDAP server authentication in policy setting...

Page 147: ...ser want to connect to the network it will show the authentication window Enter the user name and password click OK then link to the network through the BM 2101 appliance Link to the network through t...

Page 148: ...web site through the complete domain name keywords and wildcards and 2 Script The access competency of popup ActiveX Java cookie in the blocking URL 3 Download To limit the competency of downloading t...

Page 149: ...ck the ActiveX packets from the web site Java Can block the Java packets from the web site Cookie Can block the cookie packets from the web site Audio and Video Types Can limit the user to transfer th...

Page 150: ...e Example 2 Script To limit the LAN user to access the script data in the web site Example 3 Download To limit the LAN user to download the extension files video and audio files in the intenet through...

Page 151: ...ll enter the complete Domain Name or Keywords in to the URL blocking setting and add the symbol which reresents permitted to enter For example www kcg gov tw or gov 2 Complete all the setting of opene...

Page 152: ...locking URL add the following setting Click New Entry URL String enter yahoo Click OK Click New Entry URL String enter google Click OK Click New Entry URL String enter Click OK Complete the URL settin...

Page 153: ...ng setting in policy Step3 In Policy Outgoing complete the setting to permit the user can only access the data in specific web site through the policy Completer the URL content blocking setting in pol...

Page 154: ...LAN user to access the script data in the web site Step1 In Content Blocking Script select the following setting Select Popup Select ActiveX Select Java Select Cookie Click OK Complete the script set...

Page 155: ...the LAN user accessing the script data in the web site through the policy Complete the script content blocking settings The user can not use the specific function in the web site For example JAVA cook...

Page 156: ...ser to download the extension files video and audio files in the intenet through http or ftp Step1 In Content Blocking Download set the following settings Select ALL Types Click OK Complete the downlo...

Page 157: ...in to the policy The download content block setting in policy Step3 In Policy Outgoing complete the settings to limit the LAN user to transfer the video and audio files and specific extention files i...

Page 158: ...upload the extension files video and audio files in the intenet through http or ftp Step1 In Content Blocking Upload Blocking set the following settings Select ALL Types Blocking Click OK Complete th...

Page 159: ...gs in to the policy The upload content block setting in policy Step3 In Policy Outgoing complete the settings to limit the LAN user to upload the video and audio files and specific extention files in...

Page 160: ...M and P2P software by using IM P2P Blocking function 1 IM Set the login privilege of MSN Messenger Yahoo Messenger ICQ Messenger QQ Messenger and Skype Messenger 2 P2P Set the use privilege of eDonkey...

Page 161: ...tantly System will show the update time and version of IM P2P signature definitions IM Blocking Set the login privilege of MSN Messenger Yahoo Messenger ICQ Messenger QQ Messenger and Skype Messenger...

Page 162: ...We set two examples No Range Environment Ex 1 IM Limit internal user transfer messages files and media files by IM software Ex 2 P2P Limit internal user access internet resources by P2P software...

Page 163: ...ware Step1 In IM P2P Blocking Setting add the following settings Click New Entry Enter the Name called IM_Blocking Select MSN Messenger Yahoo Messenger ICQ Messenger QQ Messenger and Skype Messenger C...

Page 164: ...applied to IM blocking setting Set the policy applied to IM blocking setting Step3 In Policy Outgoing complete the policy setting of limit internal user to transfer messages files and media files Com...

Page 165: ...ocking Setting add the following settings Click New Entry Enter the Name of P2P_Blocking Select eDonkey Bit Torrent WinMX Foxy KuGoo AppleJuice AudioGalaxy DirectConnect iMesh MUTE and Thunder 5 Click...

Page 166: ...cy applied to P2P blocking setting Set the policy applied to P2P blocking Step3 In Policy Outgoing complete the policy setting of limit internal user to access internet resources by P2P software Compl...

Page 167: ...Use P2P will seriously occupy network bandwidth and it can change its service port So the MIS engineer not only set the service port in Service but also need to set IM P2P Blocking P2P Blocking...

Page 168: ...l server also includes the features called One to Many map function It means one real IP address can map to the private IP address in four LAN servers which provide the same service It is because the...

Page 169: ...the IP mapped function The difference is that the virtual server use the one to many IP mapped That means one real IP address mapped to 1 4 LAN private IP address The virtual server also provide the...

Page 170: ...ervice The service provided by the virtual server WAN Port The external port provided by the virtual server If the selected service using only single port then the MIS engineer can change its external...

Page 171: ...For example use the web service Example 3 Virtual Server The external user use the VoIP to communicate to the internal user VoIP service port TCP 1720 TCP 15328 15333 UDP 15328 15333 Example 4 Virtual...

Page 172: ...adapter IP setting is 192 168 1 100 and the DNS setting correspond to the WAN DNS server Step2 In Address LAN add the following settings The server setting in address Step3 In Virtual Server Mapped I...

Page 173: ...to external Fig 11 3 The service group setting Step5 In Policy Incoming add the new policy included Step 3 Step 4 Complete the incoming setting in policy Step6 In Policy Outgoing add the new policy i...

Page 174: ...es to external Set up the single server environment which provided the multiple services via IP mapped When the MIS engineer set the IP mapped by policy it is strongly recommended not to select ANY in...

Page 175: ...the internal server which only provide single service by policy management For example use the web service Step1 To set up many LAN server which provide the web service The IP address are 192 168 1 10...

Page 176: ...ist to select Click OK Click New Entry Service select HTTP 80 External service port enter 8080 Load Balance Server 1 enter 192 168 1 101 Load Balance Server 2 enter 192 168 1 102 Load Balance Server 3...

Page 177: ...erver setting in the policy If the external user want to link to the homepage provided by the web server then the user has to modify the port into 8080 Step4 Make the virtual server can provide the si...

Page 178: ...VoIP service port TCP 1720 TCP 15328 15333 UDP 15328 15333 Step1 To set the LAN VoIP its IP address is 192 168 1 100 Step2 In Address LAN add the new following setting The LAN address setting Step3 I...

Page 179: ...ce External Service Port auto set From Service Custom Load Balance Server 1 enter 192 168 1 100 Click OK Complete the virtual server setting The virtual server real IP setting The virtual server setti...

Page 180: ...new policy included Step4 The virtual server setting Complete the virtual server setting in policy Step6 In Policy Outgoing complete the setting of LAN user use VoIP to communicate to external user Co...

Page 181: ...ake the virtual server provide the communication service between the internal and external user The deployment of using the communication service between the internal and external user via the virtual...

Page 182: ...ts network adapter IP address are 192 168 1 101 192 168 1 102 192 168 1 103 192 168 1 104 and the DNS is correspond to the external DNS server Step2 In Address LAN and LAN Group add the new following...

Page 183: ...Real IP enter 211 22 22 23 Or click Assist to select Click OK Click New Entry Service select Group Service Main_ Service External Service Port auto set From Service Group Load Balance Server enter the...

Page 184: ...4 The virtual server setting Complete the incoming setting in policy Step6 In Policy Outgoing add the new policy included Step2 Step3 to make the server can send the e mail to external mail server via...

Page 185: ...Step7 Make the virtual server provide multiple service to external Deployment of using the virtual server instead of many internal server which provide multiple service to external...

Page 186: ...in data transmission by policy management How to use the Policy The BM 2101 can divide the Policy into 6 function depends on the data packets in different source address The MIS engineer can easy to...

Page 187: ...twork packets and services 6 DMZ To WAN The source IP is in DMZ and the destination IP is in WAN The MIS engineer can set the DMZ To WAN policy included the network packets and services All the packet...

Page 188: ...tem default setting or choose the Policy Object Service Custom to use the custom setting Option Use the icon to display as the option enabled Icon Name Definition Schedule Enable the schedule autorun...

Page 189: ...qualified packets can go through WAN1 WAN2 PERMIT WAN1 To permit the qualified Packets can pass by WAN1 PERMIT WAN2 To permit the qualified Packets can pass by WAN2 PERMIT VPN Trunk To permit the VPN...

Page 190: ...y policy management Quota Per Day To allocate the max flow MBytes Sec in everyday NAT When the packets pass through the LAN DMZ from external the packets source IP will change into the BM 2101 s LAN D...

Page 191: ...itted the authenticated user can access the network resources on specific time Example 4 Incoming The external user use the remote control software to control the internal PCs For example pcAnywhere E...

Page 192: ...al user link to the network use traffic log statistics and quota per session Step1 In Policy Outgoing add the following settings Click New Entry Select Traffic Log Select Statistics In Quota Per Sessi...

Page 193: ...nitor packets through the policy In Traffic Log Filtered window click the drop down menu at the upper left to select the Refresh frequency In Traffic Log Filtered click the IP address displayed in the...

Page 194: ...Traffic Log Web UI...

Page 195: ...Step4 In Monitor Statistics Ploicy it shows the traffic statistics through the policy Traffic statistics...

Page 196: ...cify network resources For example the static IP and content blocking Step1 In Content Blocking URL Script P2P IM Download Upload add the following settings Content blocking setting 12 7 Script settin...

Page 197: ...IM setting Download setting...

Page 198: ...cookie market exchange web site 3 The Peer to Peer application policy can limit the user to use the Peer to Peer applicatoin for example eDonkey BT WinMX 4 The IM policy can limit the user to use the...

Page 199: ...Step2 In Address WAN and WAN Group add the following settings Set the WAN IP to block Group the WAN The MIS engineer can customize to group the address and apply it to policy...

Page 200: ...licy Outgoing add the following settings Click New Entry Destination Address select WAN _Group set in Step2 Use the IP to block Action WAN Port select DENY ALL Click OK Set the policy included blockin...

Page 201: ...Step4 In Policy Outgoing add the following settings Click New Entry Select Content Blocking Click OK To set the content blocking policy...

Page 202: ...e network resources Complete to set the policy to deny users access the network resources The DENY action can block the packets correspond to the policy The MIS engineer can move the policy to first p...

Page 203: ...ic time Step1 In Schedule add the following settings Add new schedule Step2 In Authentication User and User Group add the following settings The authentication user group setting The MIS engineer can...

Page 204: ...User select laboratory Schedule select WorkingTime Click OK To set the authentication and schedule policy Step4 Complete the setting to permitte the user can access the network resources on specific t...

Page 205: ...trol software to control the internal PCs For example pcAnywhere Step1 To set up a LAN PC remoted by the external PC the server virtual IP is 192 168 1 2 Step2 In Virtual Server Server 1 add the follo...

Page 206: ...Address select Virtual Server 1 61 11 11 12 Service select PC Anywhere 5631 5632 Click OK To set the policy of LAN PC remoted by the external PC Step4 Complete to set the policy of LAN PC remoted by...

Page 207: ...the server virtual IP is 192 168 3 2 The DMZ interface address is 192 168 3 1 24 Step2 In Virtual Server Server 1 add the following settings Set the virtual server correspond to FTP server In Policy...

Page 208: ...ion Address select Virtual Server 1 61 11 11 12 Service select FTP 21 Qos select FTP_QoS MAX Concurrent Sessions enter 100 Quota Per Day enter 100000 Mbytes Click OK Add new policy Step5 Limit users a...

Page 209: ...Step1 In DMZ to set a mail server and the IP is 61 11 11 12 The DNS set to correspond to the external DNS server Step2 In Address DMZ add the following settings To set the mail server correspond to th...

Page 210: ...settings Click New Entry Destination Address select Mail_Server Service select E mail Click OK To set the WAN To DMZ mail service policy Step5 Complete to set the WAN To DMZ mail service policy Comple...

Page 211: ...settings Click New Entry Destination Address select Mail_Server Service select E mail Click OK To set the LAN To DMZ mail service policy Step7 Complete to set the LAN To DMZ mail service policy Comple...

Page 212: ...settings Click New Entry Destination Address select Mail_Server Service select E mail Click OK To set the DMZ To WAN Mail service policy Step9 Complete to set the DMZ To WAN mail service policy Comple...

Page 213: ...I IP P When the BM 2101 received the intrusion packets from hackers the internal PC will block this abnormal packets in it to prevent the Company s network be paralyzed In this chapter we will make th...

Page 214: ...all the IP and the total SYN packets Pkts Sec pass through the BM 2101 If over the setting value then BM 2101 will define it to be attacked SYN Flood Threshold Per Source IP Define every source IP an...

Page 215: ...the total ICMP flow from every source IP if over the setting value then BM 2101 will keep blocking Detect UDP Flood Can detect the UDP data packes sent from hacker and use the Broadcast to send to eve...

Page 216: ...k them Detect Tear Drop Attack Can detect the IP data packets which pretent the normal data packets but actually this kind of packets contain the mount of data packes which can let the system crash ho...

Page 217: ...the message in Virus infected IP and Attack Events If the MIS engineer enable the function in System E mail alert notification then the BM 2101 will automatically send the notification to the MIS eng...

Page 218: ...infected is default is 100 sessions sec Select Enable Virus infected IP Blocking Blocking Time 60 seconds Select Enable E Mail alert notification Select Enable Snmp Trap Alert Notification Select Enab...

Page 219: ...anomaly flow IP and Dos Anti Attack Enable Co Defense System then the BM 2101 can send the defense message to the assigned Switch Model Add Non detected IP these specific IP is not controlled this fun...

Page 220: ...ttack packets it will show the message in Anomaly Flow IP Viru infected IP Or send the Net BIOS Notification to the MIS and virus infected PC Anomaly flow IP and Virus infected IP Send the NetBIOS Ale...

Page 221: ...Send the NetBIOS Alert Notification to the MIS engineer...

Page 222: ...the BM 2101 will send the mail notice to the MIS engineer Step4 If enable the SNMP SNMP Trap then the Bandwidth Management Gateway will show the message on the SNMP Trap client software The SNMP Trap...

Page 223: ...101 will show the alert message at first time If the virus infected user can not solve the problem then the BM 2101 will restrict the virus infected user and it will make the link speed slow and will...

Page 224: ...Step6 Enable the Anomaly Flow Attack Event then the BM 2101 shows the attack information in detail Anomaly Flow IP attack event...

Page 225: ...onnection record all the BM 2101 connecting information MIS engineer can easily to know the status depends on the connecting information when the problems happened How to use Monitor Traffic MIS engin...

Page 226: ...ccess the internal and external resources via BM 2101 Example 2 Event View the status of MIS engineer log into BM 2101 pocess the managemnt and external interface Example 3 Connection View the externa...

Page 227: ...to access the internal and external resources via BM 2101 Step1 Policy DMZ To WAN add the following settings Traffic setting in policy Step2 Policy DMZ To WAN com lete the traffic setting in policy p...

Page 228: ...Step3 Monitor Traffic it shows the packets traffic through policy The traffic log Web UI...

Page 229: ...Step4 Click Source IP or Destination IP in Fig 14 3 it shows the Protocol Port and Traffic information The IP address traffic log Web UI...

Page 230: ...Step5 Click Clear it shows the confirm window then click OK All the records will be deleted in BM 2101 Delete all the traffic log...

Page 231: ...Step6 Click Clear it shows the confirm window then click OK All the records will be deleted in BM 2101 Delete all the traffic log...

Page 232: ...to the BM 2101 appliance Step1 Monitor Event it shows the status of MIS enginer log into BM 2101 to process the management and external interface Step2 Click Download File Download Save Step3 Click Cl...

Page 233: ...5 3 Connection View the external interface connection record as process the bandwidth management Step1 Monitor Connection it shows the external interface connection status in BM 2101 Connection record...

Page 234: ...Step2 Click Download File Download Save Save the connection log files...

Page 235: ...Step3 Click Clear it shows the confirm window then click OK All the records will be deleted in BM 2101 Delete all the connection log files...

Page 236: ...Step1 System Configure enable E mail Alert Notification and enter the e mail settings E mail setting Step2 Monitor Backup enable log mail support Click OK Log mail configuration Select Enable E mail L...

Page 237: ...p3 Monitor Backup Syslog setting Select Enable Syslog Messages Enter the IP in Syslog host IP address Enter the Syslog receive Prt number in Syslog host Port Click OK Complete the setting Syslog setti...

Page 238: ...use Accounting Report to view all the internal and external user s network accssing activities Includes the policy and VPN Accounting Report can record user s upstream downstream first packet last pa...

Page 239: ...and outbound information in BM 2101 Accounting Report includes Outbound and Inbound Outbound Accounting Report Account report can record any downstream upstream service traffic used by LAN and DMZ use...

Page 240: ...ort can record the service traffic used by LAN or DMZ user via BM 2101 Inbound Accounting Report Account report can record any service downstream upstream traffic used from external user to LAN or DMZ...

Page 241: ...Site Display the LAN and DMZ server accounting report Service Accounting report can record the service traffic used from external user to LAN or DMZ server via BM 2101...

Page 242: ...to access LAN or DMZ user via BM 2101 Upstream The percentage of user s traffic and total upstream from LAN or DMZ user to access external server via BM 2101 First Packet Record the first packet from...

Page 243: ...Outbound accounting report...

Page 244: ...Outbound use information...

Page 245: ...xternal server Source IP It means the LAN or DMZ user s IP address to access the external server Downstream The percentage of traffic and total downstream traffic from external server to access LAN or...

Page 246: ...Outbound site accounting report...

Page 247: ...AN or DMZ user to access external server Downstream It means the percentage of traffic and total downstream traffic from external server to access LAN or DMZ user via BM 2101 Upstream It means the per...

Page 248: ...ccess external user via BM 2101 Downstream The percentage of user s traffic and total downstream from external user to access LAN or DMZ server via BM 2101 First Packet Record the first packet from ex...

Page 249: ...Inbound user accounting report...

Page 250: ...Inbound user information...

Page 251: ...AN or DMZ server Source IP It means the external user s IP address to access the LAN or DMZ server Downstream The percentage of traffic and total downstream traffic from external user to access LAN or...

Page 252: ...Inbound site accounting report...

Page 253: ...e external user to access LAN or DMZ server Downstream It means the percentage of traffic and total downstream traffic from external user to access LAN or DMZ server via BM 2101 Upstream It means the...

Page 254: ...s pass through the WAN interface and traffic log in upstream downstream Policy statistics it includes all the upstream downstream packets pass through the Policy and traffic log in upstream downstream...

Page 255: ...ect the time unit 1 Minute Refresh the statistics charts every minute 2 Hour Refresh the statistics charts every hour 3 Day Refresh the statistics charts every day 4 Week Refresh the statistics charts...

Page 256: ...AN statistics will enabled when enable the WAN interface Step2 Statistics WAN select the WAN to view MIS engineer can click Minute to view the statistic charts results in every minute Click Hour to vi...

Page 257: ...Step3 Statistic charts Ordinate Network flow Horizontal ordinate Time hour minute View the WAN flow...

Page 258: ...Policy Step2 Statistics Policy select the policy to view MIS engineer can click Minute to view the statistic charts results in every minute Click Hour to view the statistic charts results in every hou...

Page 259: ...Step3 Network flow statistic charts Ordinate Network flow Horizontal ordinate Time hour minute View the policy statistics charts...

Page 260: ...Chapter 18 D Di ia ag gn no os st ti ic c The MIS engineer can set the BM 2101A proactivly send the packets Ping and Traceroute to detects the status of WAN interface...

Page 261: ...s to specific address to detects the status of WAN interface Enter the Destination IP Domain name Enter the Packet size Default setting is 32 Bytes Enter Count value Default setting is 4 Enter Wait ti...

Page 262: ...Ping results...

Page 263: ...101A LAN interface IP and enter the remote LAN IP which can send or receive packets via VPN in to Destination IP Domain name coulumn Use the following method to detect the VPN status of local 192 168...

Page 264: ...ss by traceroute command to detects the status of WAN interface Enter the Destination IP Domain name Enter the Packet size Default setting is 40 Bytes Enter the MAX Time to Live Default setting is 30...

Page 265: ...Traceroute results...

Page 266: ...2101 appliance to start up the internal PCs by sending packets which included the network bootable network adapter and can additionally use the remote monitor software such as VNC Terminal Service and...

Page 267: ...e monitored and its MAC is 00 30 4F B7 96 3B Step2 In Wake on Lan Setting add the following settings Click New Entry Name enter josh MAC Address enter 00 30 4F B7 96 3B Click OK Set the internal PC to...

Page 268: ...he all the interface status in BM 2101 2 System Info It shows the CPU utilization memory utilization and ramdisk utilization 3 Authentication It records the authentication information in BM 2101 4 ARP...

Page 269: ...Sessions Info Search To search the record depends on the Policy No Source IP Destination IP and Port in BM 2101 Add the following settings 1 Policy select All Policy 2 NO select ALL 3 Click Search...

Page 270: ...Search the specific record...

Page 271: ...TTP and HTTPS Forwarding Mode It shows the interface connection mode WAN Connection It shows the WAN interface connection status DnS UpS kbps It shows the maximium downstream upstream bandwidth in WAN...

Page 272: ...The interface information...

Page 273: ...hows the real system information CPU Utilization The CPU utilization in BM 2101 HardDisk Utilization The hard disk utilization in BM 2101 Memory Utilization The memory utilization in BM 2101 RamDisk U...

Page 274: ...The system information...

Page 275: ...represents the authenticated user IP address Authentication User Name It represents the authenticated login name used by authentication user Login Time It represents the user s login time year month d...

Page 276: ...ation of Net BIOS name IP address MAC address and interface Net BIOS Name The PC s network identification name IP Address The PC s IP address MAC Address The computer s network adapter identification...

Page 277: ...packets pass through BM 2101 Step2 Click Source IP or DestinationIP It shows the traffic staistics by user s IP host name or domain name to access the network resources of pop up window Use the IP ad...

Page 278: ...PC s network identification name of IP address distributed by DHCP server IP Address The PC s dynamic IP address distributed by DHCP server MAC Address The computer s dynamic IP address mapped to MAC...

Search results

Summary of Contents for BM-2101

Reviews:

Related manuals for BM-2101

Brands by name

Popular brands

Planet BM-2101, User Manual

Search results

Summary of Contents for BM-2101

Reviews:

Related manuals for BM-2101

Brands by name

Popular brands