manualshive.com logo in svg

Planet BM-525, User Manual

Introducing the all-new Planet BM-525! Need a User Manual? Look no further! Download the comprehensive manual for your BM-525 absolutely free from our website. Get ready to explore the endless possibilities of this groundbreaking product and unlock its true potential. Start your adventure now at manualshive.com.

Share
Download
background image

BM-525 Bandwidth Management Gateway User’s Manual 

 

 

 

 

- 84 -

We set up four Authentication examples in this section: 

 

 

No Suitable 

Situation 

Example 

Ex1 

Auth User 

Auth Group 

Setting specific users to connect with external 

network, only those pass the authentication of 

policy. 

Adopt the built-in Auth User and Auth Group 

Function

 

 

Summary of Contents for BM-525

Page 1: ...BM 525 Bandwidth Management Gateway User s Manual Bandwidth Management Gateway BM 525 User s Manual ...

Page 2: ...PLANET PLANET assumes no responsibility for any inaccuracies that may be contained in this User s Manual PLANET makes no commitment to update or keep current the information in this User s Manual and reserves the right to make improvements to this User s Manual and or to the products described in this User s Manual at any time without notice If you find information in this manual that is incorrect...

Page 3: ...ition of their conformity R TTE The R TTE Directive repeals and replaces in the directive 98 13 EEC Telecommunications Terminal Equipment and Satellite Earth Station Equipment As of April 8 2000 WEEE To avoid the potential effects on the environment and human health as a result of the presence of hazardous substances in electrical and electronic equipment end users of electrical and electronic equ...

Page 4: ... SYSTEM 4 2 1 ADMINISTRATION 4 2 2 ADMIN 5 2 3 PERMITTED IPS 8 2 4 LOGOUT 9 2 5 SOFTWARE UPDATE 10 2 6 CONFIGURE 11 2 7 SETTINGS 12 2 8 DATE TIME 22 2 9 MULTIPLE SUBNET 23 2 10 ROUTE TABLE 28 2 11 DHCP 32 2 12 DDNS 34 2 13 HOST TABLE 36 2 14 LANGUAGE 37 CHAPTER 3 INTERFACE 38 3 1 INTERFACE 39 3 2 LAN 42 3 3 WAN 43 3 4 DMZ 48 CHAPTER 4 POLICY OBJECT 50 4 1 ADDRESS 50 4 2 EXAMPLE 53 4 3 SERVICE 60 4...

Page 5: ...CHAPTER 5 POLICY 122 5 1 POLICY 124 5 2 EXAMPLE 128 CHAPTER 6 ANOMALY FLOW IP 146 6 1 SETTINGS 147 CHAPTER 7 MONITOR 157 7 1 LOG 157 7 2 TRAFFIC LOG 159 7 3 EVENT LOG 164 7 4 CONNECTION LOG 167 7 5 LOG BACKUP 170 7 6 ACCOUNTING REPORT 172 7 7 OUTBOUND 175 7 8 INBOUND 181 7 9 STATISTICS 187 7 10 WAN 189 7 11 POLICY 191 7 12 WAKE ON LAN 193 7 13 STATUS 195 7 14 INTERFACE 196 7 15 AUTHENTICATION 198 ...

Page 6: ...nts of 30 minutes Both the NAT mode and DMZ mode are supported and therefore can maintain the existing network infrastructure without reconfiguring The BM 525 provides policy based firewall protection and several hacker protections to prevent hackers attack Besides the comprehensive alarm and log function allow the network manager to easily enhance the security of local network 1 1 Features z One ...

Page 7: ... device WAN Steady on indicates the port is connected to other network device Blink to indicates there is traffic on the port LAN Steady on indicates the port is connected to other network device Blink to indicates there is traffic on the port DMZ Steady on indicates the port is connected to other network device Blink to indicates there is traffic on the port 1 4 Bandwidth Management Gateway Rear ...

Page 8: ...c management Guaranteed and maximum bandwidth Scheduled in unit of 30 minutes 3 Priorities Log Traffic Log Event Log Connection Log Log backup by mail or syslog server Statistics WAN port statistics and policy statistics with graph display Firewall Security Policy based access control Stateful Packet Inspection SPI Scheduled in unit of 30 minutes Hacker Alert and Anomaly Flow Detection Detect SYN ...

Page 9: ...ettings such as the privileges of packets that pass through the BM 525 and monitoring controls The System Administrators can manage monitor and configure BM 525 settings But all configurations are read only for all users other than the System Administrator those users are not able to change any setting of the BM 525 ...

Page 10: ...Privilege The privileges of Administrators Admin or Sub Admin The user name of the main Administrator is Administrator with reading writing privilege Administrator also can change the system setting log system status and to increase or delete sub administrator Sub Admin may be created by the Admin by clicking New Sub Admin Sub Admin have only read and monitor privilege and cannot change any system...

Page 11: ...Admin Web UI click the New Sub Admin button to create a new Sub Administrator STEP 2 In the Add New Sub Administrator Web UI and enter the following setting Sub Admin Name sub_admin Password 12345 Confirm Password 12345 STEP 3 Click OK to add the user or click Cancel to cancel it Add New Sub Admin ...

Page 12: ...Web UI locate the Administrator name you want to edit and click on Modify in the ConFigure field STEP 2 The Modify Administrator Password Web UI will appear Enter the following information Password admin New Password 52364 Confirm Password 52364 STEP 3 Click OK to confirm password change Modify Admin Password ...

Page 13: ...g and HTTP Click OK Complete add new permitted IPs Setting Permitted IPs Web UI Complete Add New Permitted IPs To make Permitted IPs be effective it must cancel the Ping and Web UI selection in the Web UI of BM 525 that Administrator enter LAN WAN or DMZ Interface Before canceling the Web UI selection of Interface must set up the Permitted IPs first otherwise it would cause the situation of cannot...

Page 14: ...ment Gateway User s Manual 9 2 4 Logout STEP 1 Click Logout in System to protect the system while Administrator is away Confirm Logout Web UI STEP 2 Click OK and the logout message will appear in Web UI Logout Web UI Message ...

Page 15: ...atest version in the hardware of the PC which manage the BM 525 Click Browse and choose the latest software version file Click OK and the system will update automatically Software Update It takes 3 minutes to update software The system will reboot after update During the updating time please don t turn off the PC or leave the Web UI It may cause some unexpected mistakes Strong suggests updating th...

Page 16: ...ateway User s Manual 11 2 6 Configure The Configure is according to the basic setting of the BM 525 In this section the definition is Setting Date Time Multiple Subnet Route Table DHCP Dynamic DNS Hosts Table and Language settings ...

Page 17: ...o the System Administrator when the network is being attacked by hackers or when emergency conditions occur It can be set from Settings Anomaly Flow IP in System to detect Anomaly Flow Attacks Web Management WAN Interface The System Manager can change the port number used by HTTP port anytime Remote Web UI management After HTTP port has changed if the administrator wants to enter Web UI from WAN h...

Page 18: ...y situation can use this function to resolve this problem Administration Packet Logging After enable this function the BM 525 will record packet which source IP or destination address is BM 525 And record in Traffic Log for System Manager to inquire about Define the required fields of Time Settings Synchronize Time Date Synchronizing the BM 525 with the System Clock The administrator can configure...

Page 19: ...he required fields of Multiple Subnet Forwarding Mode To display the mode that Multiple Subnet use NAT mode or Routing Mode WAN Interface Address The IP address that Multiple Subnet corresponds to WAN LAN Interface Address Subnet Netmask The Multiple Subnet range ...

Page 20: ...8 85 88 251 WAN 4 Procurement department subnet 192 168 4 1 24 LAN ÅÆ 168 85 88 250 WAN 5 Accounting department subnet 192 168 5 1 24 LAN ÅÆ 168 85 88 249 WAN The first department R D department had set while setting interface IP the other four ones have to be added in Multiple Subnet After completing the settings each department uses the different WAN IP Address to connect to the Internet The set...

Page 21: ... the required fields of DDNS Domain Name The domain name that provided by DDNS WAN IPAddress The WAN IP Address which the domain name corresponds to Define the required fields of Host Table Domain Name It can be set by System Manager To let the internal user to access to the information that provided by the host by this domain name Virtual IP Address The virtual IP address respective to Host Table...

Page 22: ...click on button next to Export System Settings to Client STEP 2 When the File Download pop up window appears choose the destination place where to save the exported file and click on Save The setting value of BM 525 will copy to the appointed site instantly Select the Destination Place to Save the Exported File ...

Page 23: ...on the Browse button next to Import System Settings from Client When the Choose File pop up window appears select the file to which contains the saved BM 525 Settings then click OK STEP 2 Click OK to import the file into the BM 525 Enter the File Name and Destination of the Imported File Upload the Setting File Web UI ...

Page 24: ... Web UI STEP 2 Click OK at the bottom right of the page to restore the factory settings Reset Factory Settings Enabling E mail Alert Notification STEP 1 Device Name Enter the Device Name or use the default value STEP 2 Select Enable E mail Alert Notification under E Mail Settings STEP 3 Sender Address Enter the Sender Address Required by some ISPs ...

Page 25: ...of the first user to be notified STEP 6 E Mail Address 2 Enter the e mail address of the second user to be notified Optional STEP 7 Click OK on the bottom right of the screen to enable E mail Alert Notification Enable E mail Alert Notification Click on Mail Test to test if E mail Address 1 and E mail Address 2 can receive the Alert Notification correctly ...

Page 26: ...y User s Manual 21 Reboot BM 525 STEP 1 Reboot BM 525 Click Reboot button next to Reboot BM 525 Appliance STEP 2 A confirmation pop up page will appear STEP 3 Follow the confirmation pop up page click OK to restart BM 525 Reboot BM 525 ...

Page 27: ... IP Name with which you want to synchronize STEP 4 Set the interval time to synchronize with outside servers System Time Setting Click on the Sync button and then the BM 525 s date and time will be synchronized to the Administrator s PC The value of Set Offset From GMT and Server IP Name can be looking for from Assist If the local area executes the daylight saving time then enable the daylight sav...

Page 28: ...User s Manual 23 2 9 Multiple Subnet Connect to the Internet through Multiple Subnet NAT or Routing Mode by the IP address that set by the LAN user s network card Preparation To connect the Internet WAN IP 211 22 22 22 connects with ATUR ...

Page 29: ... following settings in Multiple Subnet of System function Click on New Entry Alias IP of LAN Interface Enter 172 16 30 1 Netmask Enter 255 255 255 0 WAN Enter Interface IP211 22 22 22 and choose NAT in Forwarding Mode Click OK Complete Adding Multiple Subnet Add Multiple Subnet Web UI ...

Page 30: ... 1 0 24 default LAN subnet and 172 16 30 0 24 So if LAN IP is 192 168 1 xx it must use NAT Mode to connect to the Internet 162 172 50 xx it s also use NAT mode through WAN The Internet Server can see your WAN IP directly Multiple Subnet Network The BM 525 s Interface Status WAN IP 211 22 22 22 LAN Port IP 192 168 1 1 LAN Port Multiple Subnet 172 16 30 1 ...

Page 31: ...in Multiple Subnet of System function Click on New Entry Alias IP of LAN Interface Enter 162 172 50 1 Netmask Enter 255 255 255 0 WAN Enter Interface IP 10 10 10 1 and choose Routing in Forwarding Mode Click OK Complete Adding Multiple Subnet Multiple Subnet Web UI Setting After setting if LAN IP of BM 525 is 162 172 50 xx it uses Routing Mode Internet Server can see your IP 162 172 50 xx directly...

Page 32: ...BM 525 Bandwidth Management Gateway User s Manual 27 Multiple Subnet Network The BM 525 s Interface Status WAN IP 10 10 10 1 LAN Port IP 192 168 1 1 LAN Port Multiple Subnet 162 172 50 1 ...

Page 33: ...through BM 525 Preparation Company A WAN 61 11 11 11 connects with ATUR to Internet LAN subnet 192 168 1 1 24 The Router1 which connect with LAN 10 10 10 1 support RIPv2 its LAN subnet is 192 168 10 1 24 Company B Router2 10 10 10 2 support RIPv2 its LAN subnet is 192 168 20 1 24 Company A s Router1 10 10 10 1 connect directly with Company B s Router2 10 10 10 2 ...

Page 34: ... Enter 192 168 10 1 Netmask Enter 255 255 255 0 Gateway Enter 192 168 1 252 Interface Select LAN Click OK Add New Static Route1 STEP 2 Enter the following settings in Route Table in System function Destination IP Enter 192 168 20 1 Netmask Enter 255 255 255 0 Gateway Enter 192 168 1 252 Interface Select LAN Click OK Add New Static Route2 ...

Page 35: ...teway User s Manual 30 STEP 3 Enter the following setting in Route Table in System function Destination IP Enter 10 10 10 0 Netmask Enter 255 255 255 0 Gateway Enter 192 168 1 252 Interface Select LAN Click OK Add New Static Route3 ...

Page 36: ...Management Gateway User s Manual 31 STEP 4 Adding successful At this time the computer of 192 168 10 1 24 192 168 20 1 24 and 192 168 1 1 24 can connect with each other and connect to Internet by NAT Route Table Setting ...

Page 37: ...er2 LAN Interface Client IPAddress Range 1 Enter the starting and the ending IP address dynamically assigning to DHCP clients The default value is 192 168 1 2 to 192 168 1 254 it must be in the same subnet Client IPAddress Range 2 Enter the starting and the ending IP address dynamically assigning to DHCP clients But it must in the same subnet as Client IPAddress Range 1 and the range cannot be rep...

Page 38: ...eb UI When selecting Automatically Get DNS the DNS Server will lock it as LAN Interface IP Using Occasion When the system Administrator starts Authentication the users first DNS Server must be the same as LAN Interface IP in order to enter Authentication Web UI ...

Page 39: ...lick New Entry button Service providers Select service providers Automatically fill in the WAN IP Check to automatically fill in the WAN IP User Name Enter the registered user name Password Enter the password Domain name Enter Your host domain name Click OK to add Dynamic DNS DDNS Web UI Complete DDNS Setting ...

Page 40: ...assword Connecting to server Unknown error If System Administrator had not registered a DDNS account click on Sign up then can enter the website of the provider If you do not select Automatically fill in the WAN IP and then you can enter a specific IP in WAN IP Let DDNS to correspond to that specific IP address ...

Page 41: ...on and click on New Entry Domain Name The domain name of the server Virtual IPAddress The virtual IP address respective to Host Table Click OK to add Host Table Add New Host Table To use Host Table the user PC s first DNS Server must be the same as the LAN Port or DMZ Port IP of BM 525 That is the default gateway ...

Page 42: ... 525 Bandwidth Management Gateway User s Manual 37 2 14 Language Select the Language version English Version Traditional Chinese Version or Simplified Chinese Version and click OK Language Setting Web UI ...

Page 43: ...rface In this section the Administrator can set up the IP addresses for the office network The Administrator may configure the IP addresses of the LAN network the WAN network and the DMZ network The Netmask and gateway IP addresses are also configure d in this section ...

Page 44: ...System Administrator can set up the WAN network of BM 525 Connect Mode Display the current connection mode PPPoE ADSL user Dynamic IP Address Cable Modem User Static IP Address PPTP European User Only Upstream Downstream Bandwidth The System Administrator can set up the correct Bandwidth of WAN network Interface here Auto Disconnect The PPPoE connection will automatically disconnect after a length...

Page 45: ...Z Interface to set up the DMZ network The DMZ includes NAT Mode In this mode the DMZ is an independent virtual subnet This virtual subnet can be set by the Administrator but cannot be the same as LAN Interface Transparent Mode In this mode the DMZ and WAN Interface are in the same subnet ...

Page 46: ...t up four Interface Address examples in this section No Suitable Situation Example Ex1 LAN Modify LAN Interface Settings Ex2 WAN Setting WAN Interface Address Ex3 DMZ Setting DMZ Interface Address NAT Mode Ex4 DMZ Setting DMZ Interface Address Transparent Mode ...

Page 47: ...g LAN Interface Web UI The default LAN IP Address is 192 168 1 1 After the Administrator setting the new LAN IP Address on the computer he she has to restart the System to make the new IP address effective when the computer obtain IP by DHCP Do not cancel Web UI selection before not setting Permitted IPs yet It will cause the Administrator cannot be allowed to enter the BM 525 s Web UI from LAN ...

Page 48: ...Dynamic or Fixed in IPAddress provided by ISP If you select Fixed please enter IP Address Netmask and Default Gateway 5 Enter Max Downstream Bandwidth and Max Upstream Bandwidth According to the flow that user apply 6 Select Ping and Web UI 7 Click OK PPPoE Connection If the connection is PPPoE you can choose Service On Demand for WAN Interface to connect automatically when disconnect suggested or...

Page 49: ...r ISP then click on Clone MAC Address to obtain MAC IP automatically 4 Hostname Enter the hostname provided by ISP 5 Domain Name Enter the domain name provided by ISP 6 User Name and Password are the IP distribution method according to Authentication way of DHCP protocol like ISP in China 7 Enter Max Downstream Bandwidth and Max Upstream Bandwidth According to the flow that user apply 8 Select Pin...

Page 50: ...ork It may influence network security The suggestion is to Cancel Ping and Web UI after all the settings have finished And if the System Administrator needs to enter UI from WAN he she can use Permitted IPs to enter PPTP European User Only 1 Select PPTP European User Only 2 Enter the name of applied account in User Name 3 Enter the password of applied account in Password 4 Select Obtain an IP addr...

Page 51: ...and Default Gateway 5 Enter value of PPTP Gateway Connect ID is required by some ISP provider 6 Enter the value of MAX Downstream Bandwidth and MAX Upstream Bandwidth According to the applied bandwidth 7 Select Ping and HTTP in Enable System Management 8 Click OK ...

Page 52: ...teway User s Manual 47 Dynamic IPAddress Connection If the connection is PPPoE you can choose Service On Demand for WAN Interface to connect automatically when disconnect suggested or to set up Auto Disconnect if idle not recommend ...

Page 53: ...4 DMZ Setting DMZ Interface Address NAT Mode STEP 1 Click DMZ Interface STEP 2 Select NAT Mode in DMZ Interface Select NAT in DMZ Interface Enter IPAddress and Netmask STEP 3 Select Ping and HTTP STEP 4 Click OK Setting DMZ Interface Address NAT Mode Web UI ...

Page 54: ...TEP 1 Select DMZ Interface STEP 2 Select Transparent Mode in DMZ Interface Select DMZ_Transparent in DMZ Interface STEP 1 Select Ping and HTTP STEP 2 Click OK Setting DMZ Interface Address Transparent Mode Web UI In WAN the connecting way must be Static IPAddress and can choose Transparent Mode in DMZ ...

Page 55: ...ress If the Administrator needs to create a control policy for packets of different IP addresses he can first add a new group in the LAN Group or the WAN Group and assign those IP addresses into the newly created group Using group addresses can greatly simplify the process of building control policies With easily recognized names of IP addresses and names of address groups shown in the address tab...

Page 56: ...spond to a specific IP it should be set as 255 255 255 255 When correspond to several IP of a specific Domain Take 192 168 100 1 C Class subnet as an example it should be set as 255 255 255 0 MAC Address Correspond a specific PC s MAC Address to its IP it can prevent users changing IP and accessing to the net service through policy without authorizing Get Static IP address from DHCP Server When en...

Page 57: ...is section No Suitable Situation Example Ex1 LAN Under DHCP circumstances assign the specific IP to static users and restrict them to access FTP net service only through policy Ex2 LAN Group WAN Set up a policy that only allows partial users to connect with specific IP External Specific IP ...

Page 58: ...ervice only through policy STEP 1 Select LAN in Address and enter the following settings Click New Entry button Name Enter Rayearth IPAddress Enter 192 168 3 2 Netmask Enter 255 255 255 255 MAC Address Enter the user s MAC Address 00 B0 18 25 F5 89 Select Get static IP address from DHCP Server Click OK Setting LAN Address Book Web UI Complete the Setting of LAN ...

Page 59: ...utgoing Policy Add a Policy of Restricting the Specific IP to Access to Internet STEP 3 Complete assigning the specific IP to static users in Outgoing Policy and restrict them to access FTP net service only through policy Complete the Policy of Restricting the Specific IP to Access to Internet ...

Page 60: ...he user s MAC Address automatically In LAN of Address function the BM 525 will default an Inside Any address represents the whole LAN network automatically Others like WAN DMZ also have the Outside Any and DMZ Any default address setting to represent the whole subnet The setting mode of WAN and DMZ of Address are the same as LAN the only difference is WAN cannot set up MAC Address ...

Page 61: ...idth Management Gateway User s Manual 56 Setup a policy that only allows partial users to connect with specific IP External Specific IP STEP 1 Setting several LAN network Address Setting Several LAN Network Address ...

Page 62: ...ings in LAN Group of Address Click New Entry Enter the Name of the group Select the users in the Available Address column and click Add Click OK Add New LAN Address Group Complete Adding LAN Address Group The setting mode of WAN Group and DMZ Group of Address are the same as LAN Group ...

Page 63: ...gement Gateway User s Manual 58 STEP 3 Enter the following settings in WAN of Address function Click New Entry Enter the following data Name IPAddress Netmask Click OK Add New WAN Address Complete the Setting of WAN Address ...

Page 64: ...ndwidth Management Gateway User s Manual 59 STEP 4 To exercise STEP1 3 in Policy To Exercise Address Setting in Policy Complete the Policy Setting The Address function really take effect only if use with Policy ...

Page 65: ...e three sub menus under Service which are Pre defined Custom and Group The Administrator can simply follow the instructions below to define the protocols and port numbers for network communication applications Users then can connect to servers and other computers through these available network services How to use Service The Administrator can add new service group names in the Group option under ...

Page 66: ...edia RLOGIN SSH TCP ANY TELNET VDO Live WAIS WINFRAME X WINDOWS etc UDP Service For example IKE DNS NTP IRC RIP SNMP SYSLOG TALK TFTP UDP ANY UUCP etc ICMP Service Foe example PING TRACEROUTE etc New Service Name The System Manager can name the custom service Protocol The protocol type to be used in connection for device such as TCP and UDP mode Client Port The port number of network card of clien...

Page 67: ...tion Example Ex1 Custom Allow external user to communicate with internal user by VoIP through policy VoIP Port TCP 1720 TCP 15325 15333 UDP 15325 15333 Ex2 Group Setting service group and restrict the specific users only can access to service resource that provided by this group through policy Group HTTP POP3 SMTP DNS ...

Page 68: ...tom Allow external user to communicate with internal user by VoIP through policy VoIP Port TCP 1720 TCP 15328 15333 UDP 15328 15333 STEP 1 Set LAN and LAN Group in Address function as follows Setting LAN Address Book Web UI Setting LAN Group Address Book Web UI ...

Page 69: ...IP Protocol 1 select TCP need not to change the Client Port and set the Server Port as 1720 1720 Protocol 2 select TCP need not to change the Client Port and set the Server Port as 15328 15333 Protocol 3 select UDP need not to change the Client Port and set the Server Port as 15328 15333 Click OK Add User Define Service Complete the Setting of User Define Service of VoIP ...

Page 70: ...nge in Custom of is not suggested If the port numbers that enter in the two spaces are different port number then enable the port number under the range between the two different port numbers for example 15328 15333 And if the port number that enter in the two space are the same port number then enable the port number as one for example 1720 1720 ...

Page 71: ...r to Incoming Policy Complete the Policy for External VoIP to Connect with Internal VoIP STEP 5 In Outgoing Policy complete the setting of internal users using VoIP to connect with external network VoIP Complete the Policy for Internal VoIP to Connect with External VoIP Service must cooperate with Policy and Virtual Server that the function can take effect ...

Page 72: ... specific users only can access to service resource that provided by this group through policy Group HTTP POP3 SMTP DNS STEP 1 Enter the following setting in Group of Service Click New Entry Name Enter Main_Service Select HTTP POP3 SMTP DNS in Available Service and click Add Click OK Add Service Group ...

Page 73: ...ndwidth Management Gateway User s Manual 68 Complete the setting of Adding Service Group If you want to remove the service you choose from Selected Service choose the service you want to delete and click Remove ...

Page 74: ...Gateway User s Manual 69 STEP 2 In LAN Group of Address function setting an Address Group that can include the service of access to Internet Setting Address Book Group STEP 3 Compare Service Group to Outgoing Policy Setting Policy ...

Page 75: ...ated times And then the Administrator can set the start time and stop time or VPN connection in Policy or VPN By using the Schedule function the Administrator can save a lot of management time and make the network system most effective How to use the Schedule The system Administrator can use schedule to set up the device to carry out the connection of Policy or VPN during several different time di...

Page 76: ...gure the valid time periods for LAN users to access to Internet in a day STEP 1 Enter the following in Schedule Click New Entry Enter Schedule Name Set up the working time of Schedule for each day Click OK Setting Schedule Web UI Complete the Setting of Schedule ...

Page 77: ...BM 525 Bandwidth Management Gateway User s Manual 72 STEP 2 Compare Schedule with Outgoing Policy Complete the Setting of Comparing Schedule with Policy The Schedule must compare with Policy ...

Page 78: ...dwidth and Maximum Bandwidth Upstream Bandwidth Configure the Guaranteed Bandwidth and Maximum Bandwidth QoS Priority Configure the priority of distributing Upstream Downstream and unused bandwidth The BM 525 configures the bandwidth by different QoS and selects the suitable QoS through Policy to control and efficiently distribute bandwidth The BM 525 also makes it convenient for the administrator...

Page 79: ...BM 525 Bandwidth Management Gateway User s Manual 74 The Flow After Using QoS Max Bandwidth 400Kbps Guaranteed Bandwidth 200Kbps ...

Page 80: ...ximum Bandwidth according to the bandwidth range you apply from ISP Priority To configure the priority of distributing Upstream Downstream and unused bandwidth G Bandwidth Guaranteed Bandwidth The basic bandwidth of QoS The connection that uses the IPSec Auto key of VPN or Policy will preserve the basic bandwidth M Bandwidth Maximum Bandwidth The maximum bandwidth of QoS The connection that uses t...

Page 81: ... Bandwidth Management Gateway User s Manual 76 We set up two QoS examples in this section No Suitable Situation Example Ex1 QoS Setting a policy that can restrict the user s downstream and upstream bandwidth ...

Page 82: ...at can restrict the user s downstream and upstream bandwidth STEP 1 Enter the following settings in QoS Click New Entry Name The name of the QoS you want to configure Enter the bandwidth in G Bandwidth M Bandwidth Select QoS Priority Click OK QoS Web UI Setting Complete the QoS Setting ...

Page 83: ... Setting the QoS in Policy Complete Policy Setting When the administrator are setting QoS the bandwidth range can be set the value that system administrator sets in the WAN of Interface So when the System Administrator sets the downstream and upstream bandwidth in WAN of Interface he she must set up precisely ...

Page 84: ...tication By configuring the Authentication you can control the user s connection authority The user has to pass the authentication to access to Internet The BM 525 configures the authentication of LAN s user by setting account and password to identify the privilege ...

Page 85: ...tup the idle time after passing authentication If idle time exceeds the time you setup the authentication will be invalid The default value is 30 minutes URL to redirect when authentication succeeds The user who had passes Authentication has to connect to the specific web site It will connect to the web site directly which the user want to login The default value is blank Messages to display when ...

Page 86: ...BM 525 Bandwidth Management Gateway User s Manual 81 z When the user connects to external network by Authentication the following page will be displayed Authentication Login Web UI ...

Page 87: ... to the appointed website after passing Authentication Connecting to the Appointed Website After Authentication If the users ask for authentication positively they can enter the LAN IP by the Authentication port number And then the Authentication Web UI will be displayed ...

Page 88: ...Management Gateway User s Manual 83 Auth User Name The user account for Authentication you want to set Password The password when setting up Authentication Confirm Password Enter the password that correspond to Password ...

Page 89: ...et up four Authentication examples in this section No Suitable Situation Example Ex1 Auth User Auth Group Setting specific users to connect with external network only those pass the authentication of policy Adopt the built in Auth User and Auth Group Function ...

Page 90: ...nal network only those pass the authentication of policy Adopt the built in Auth User and Auth Group Function STEP 1 Setup several Auth User in Authentication Setting Several Auth Users Web UI To use Authentication the DNS Server of the user s network card must be the same as the LAN Interface Address of BM 525 ...

Page 91: ... Add Auth User Group Setting in Authentication function and enter the following settings Click New Entry Name Enter laboratory Select the Auth User you want and Add to Selected Auth User Click OK Complete the setting of Auth User Group Setting Auth Group Web UI ...

Page 92: ...525 Bandwidth Management Gateway User s Manual 87 STEP 3 Add a policy in Outgoing Policy and input the Address and Authentication of STEP 2 Auth User Policy Setting Complete the Policy Setting of Auth User ...

Page 93: ...orrect user name and password click OK to access to Internet STEP 5 If the user does not need to access to Internet anymore and is going to logout he she can click LOGOUT Auth User to logout the system Or enter the Logout Authentication Web UI http LAN Interface Authentication port number logout html to logout Access to Internet through Authentication Web UI Logout Auth User Web UI ...

Page 94: ...ipt Blocking The access authority of Popup ActiveX Java and Cookies P2P Blocking The authority of sending files by eDonkey eMule Bit Torrent WinMX and Foxy IM Blocking To restrict the authority of receiving video file and message from MSN Messenger Yahoo Messenger ICQ QQ and Skype Download Blocking To restrict the authority of download specific sub name file audio and some common video by http pro...

Page 95: ...event the pop up Web UI appearing ActiveX Blocking Prevent ActiveX packets Java Blocking Prevent Java packets Cookies Blocking Prevent Cookies packets eDonkey Blocking Prevent users to deliver files by eDonkey and eMule BitTorrent Blocking Prevent users to deliver files by BitTorrent WinMX Blocking Prevent users to deliver files by WinMX Foxy Blocking Prevent users to deliver files by Foxy ...

Page 96: ... Messenger Yahoo Messenger ICQ QQ and Skype Audio and Video Types Prevent users to transfer sounds and video file by http Sub name file Blocking Prevent users to deliver specific sub name file by http All Type Prevent users to send the Audio Video types and sub name file etc by http protocol ...

Page 97: ...ebsite Ex2 Script Blocking Restrict the Internal Users to access to Script file of Website Ex3 P2P Blocking Restrict the Internal Users to access to the file on Internet by P2P Ex4 IM Blocking Restrict the Internal Users to send message files video and audio by Instant Messaging Ex5 Download Blocking Restrict the Internal Users to access to video audio and some specific sub name file from http or ...

Page 98: ... enter 1 Add the web site you want to open up in URL String While adding you must enter the symbol in front of the complete domain name or key word that represents to open these website to enter For example www kcg gov tw or gov 2 After setting up the web site you want to open up enter an order to forbid all in the last URL String means only enter in URL String Warning The order to forbid all must...

Page 99: ...r the following in URL of Content Filtering function Click New Entry URL String Enter yahoo and click OK Click New Entry URL String Enter google and click OK Click New Entry URL String Enter and click OK Complete setting a URL Blocking policy Content Filtering Table ...

Page 100: ...ng function URL Blocking Policy Setting STEP 3 Complete the policy of permitting the internal users only can access to some specific web site in Outgoing Policy function Complete Policy Settings Afterwards the users only can browse the web sites that include yahoo and google in domain name by the above policy ...

Page 101: ...ernal Users to access to Script file of Website STEP 1 Select the following data in Script of Content Blocking function Select Popup Blocking Select ActiveX Blocking Select Java Blocking Select Cookies Blocking Click OK Complete the setting of Script Blocking Script Blocking Web UI ...

Page 102: ...ipt Blocking Setting STEP 3 Complete the policy of restricting the internal users to access to Script file of Website in Outgoing Policy Complete Script Blocking Policy Setting The users may not use the specific function like JAVA cookie etc to browse the website through this policy It can forbid the user browsing stock exchange website etc ...

Page 103: ...ct the Internal Users to access to the file on Internet by P2P STEP 1 Select the following data in P2P of Content Blocking function Select eDonkey Blocking Select BitTorrent Blocking Select WinMX Blocking Click OK Complete the setting of P2P Blocking P2P Blocking Web UI ...

Page 104: ...al users to access to the file on Internet by P2P in Outgoing Policy Complete P2P Blocking Policy Setting P2P Transfer will occupy large bandwidth so that it may influence other users And P2P Transfer can change the service port free so it is invalid to restrict P2P Transfer by Service Therefore the system manager must use P2P Blocking in Content Blocking to restrict users to use P2P Transfer effi...

Page 105: ...ternal Users to send message files video and audio by Instant Messaging STEP 1 Enter as following in IM Blocking of Content Blocking function Select MSN Messenger Yahoo Messenger ICQ Messenger QQ Messenger and Skype Click OK Complete the setting of IM Blocking IM Blocking Web UI ...

Page 106: ...d a new Outgoing Policy and use in Content Blocking function Add New Policy of IM Blocking STEP 3 Complete the policy of restricting the internal users to send message files audio and video by instant messaging in Outgoing Policy Complete IM Blocking Policy Setting ...

Page 107: ...nternal Users to access to video audio and some specific sub name file from http or ftp protocol directly STEP 1 Enter the following settings in Download of Content Blocking function Select All Types Blocking Click OK Complete the setting of Download Blocking Download Blocking Web UI ...

Page 108: ... Policy and use in Content Blocking function Add New Download Blocking Policy Setting STEP 3 Complete the Outgoing Policy of restricting the internal users to access to video audio and some specific sub name file by http protocol directly Complete Download Blocking Policy Setting ...

Page 109: ...ddress The BM 525 s Virtual Server function can solve this problem A Virtual Server has set the real IP address of the BM 525 s WAN network interface to be the Virtual Server IP Through the Virtual Server function the BM 525 translates the Virtual Server s IP address into the private IP address in the LAN network Virtual Server owns another feature know as one to many mapping This is when one real...

Page 110: ... Private IP Address Then the external users cannot connect to its private IPAddress directly The user must connect to the BM 525 s WAN subnet s Real IP and then map Real IP to Private IP of LAN by the BM 525 It is a one to one mapping That is to map all the service of one WAN Real IP Address to one LAN Private IP Address Server 1 2 3 4 Its function resembles Mapped IP s But the Virtual Server maps...

Page 111: ...ual Server Service name Port Number The service name that provided by the Virtual Server External Service Port The WAN Service Port that provided by the virtual server If the service you choose only have one port and then you can change the port number here If change the port number to 8080 and then when the external users going to browse the Website he she must change the port number first to ent...

Page 112: ...hat provide a single service to provide service through policy by Virtual Server Take Web service for example Ex3 Virtual Server The external user use VoIP to connect with VoIP of LAN VoIP Port TCP 1720 TCP 153210 15333 UDP 153210 15333 Ex4 Virtual Server Make several servers that provide several same services to provide service through policy by Virtual Server Take HTTP POP3 SMTP and DNS Group fo...

Page 113: ...and set up the network card s IP as 192 168 1 100 DNS is External DNS Server STEP 2 Enter the following setting in LAN of Address function Mapped IP Settings of Server in Address STEP 3 Enter the following data in Mapped IP of Virtual Server function Click New Entry WAN IP Enter 61 11 11 12 click Assist for assistance Map to Virtual IP Enter 192 168 1 100 Click OK Complete the setting of adding ne...

Page 114: ...on And add a new service group for server to send mails at the same time Service Setting STEP 5 Add a policy that includes settings of STEP3 4 in Incoming Policy Complete the Incoming Policy STEP 6 Add a policy that includes STEP2 4 in Outgoing Policy It makes the server to send e mail to external mail server by mail service Complete the Outgoing Policy ...

Page 115: ...etting of providing several services by mapped IP A Single Server that Provides Several Services by Mapped IP Strong suggests not to choose ANY when setting Mapped IP and choosing service Otherwise the Mapped IP will be exposed to Internet easily and may be attacked by Hacker ...

Page 116: ...servers that provide a single service to provide service through policy by Virtual Server Take Web service for example STEP 1 Setting several servers that provide Web service in LAN network which IP Address is 192 168 1 101 192 168 1 102 192 168 1 103 and 192 168 1 104 ...

Page 117: ...ver Real IP Enter 61 11 11 12 click Assist for assistance Click OK Virtual Server Real IP Setting Click New Entry Service Select HTTP 80 External Service Port Change to 8080 Load Balance Server1 Enter 192 168 1 101 Load Balance Server2 Enter 192 168 1 102 Load Balance Server3 Enter 192 168 1 103 Load Balance Server4 Enter 192 168 1 104 Click OK Complete the setting of Virtual Server Virtual Server...

Page 118: ...al server set by STEP2 Complete Virtual Server Policy Setting In this example the external users must change its port number to 8080 before entering the Website that set by the Web server STEP 4 Complete the setting of providing a single service by virtual server Several Servers Provide a Single Service by Virtual Server ...

Page 119: ...VoIP of LAN VoIP Port TCP 1720 TCP 153210 15333 UDP 153210 15333 STEP 1 Set up VoIP in LAN network and its IP is 192 168 1 100 STEP 2 Enter the following setting in LAN of Address function Setting LAN Address Web UI STEP 3 Add new VoIP service group in Custom of Service function Add Custom Service ...

Page 120: ...rver Real IP Setting Web UI Click New Entry Service Select Custom Service VoIP_Service External Service Port From Service Custom Load Balance Server1 Enter 192 168 1 100 Click OK Complete the setting of Virtual Server Virtual Server Configuration Web UI When the custom service only has one port number then the external network port of Virtual Server is changeable On the contrary if the custom serv...

Page 121: ...Policy which includes the virtual server that set by STEP4 Complete the Policy includes Virtual Server Setting STEP 6 Enter the following setting of the internal users using VoIP to connect with external network VoIP in Outgoing Policy Complete the Policy Setting of VoIP Connection ...

Page 122: ...7 STEP 7 Complete the setting of the external internal user using specific service to communicate with each other by Virtual Server Complete the Setting of the External Internal User using specific service to communicate with each other by Virtual Server ...

Page 123: ...several services in LAN network Its network card s IP is 192 168 1 101 192 168 1 102 192 168 1 103 192 168 1 104 and the DNS setting is External DNS server STEP 2 Enter the following in LAN and LAN Group of Address function Mapped IP Setting of Virtual Server in Address Group Setting of Virtual Server in Address STEP 3 Group the service of server in Custom of Service Add a Service Group for server...

Page 124: ...ick here to configure in Server1 Virtual Server Real IP Enter 61 11 11 12 click Assist for assistance Click OK Virtual Server Real IP Setting Click New Entry Service Select Group Service Main_Service External Service Port From Service Group Enter the server IP in Load Balance Server Click OK Complete the setting of Virtual Server Virtual Server Configuration Web UI ...

Page 125: ...g Policy which includes the virtual server that set by STEP 3 Complete Incoming Policy Setting STEP 6 Add a new policy that includes the settings of STEP2 3 in Outgoing Policy It makes server can send e mail to external mail server by mail service Complete Outgoing Policy Setting ...

Page 126: ...525 Bandwidth Management Gateway User s Manual 121 STEP 7 Complete the setting of providing several services by Virtual Server Complete the Setting of Providing Several Services by Several Virtual Servers ...

Page 127: ...ects network services and applications are able to pass through the BM 525 How to use Policy The device uses policies to filter packets The policy settings are source address destination address services permission packet log packet statistics and flow alarm Based on its source addresses a packet can be categorized into 1 Outgoing The source IP is in LAN network the destination is in WAN network T...

Page 128: ...destination is in LAN network The system manager can set all the policy rules of DMZ to LAN packets in this function 6 DMZ to WAN The source IP is in DMZ network the destination is in WAN network The system manager can set all the policy rules of DMZ to WAN packets in this function All the packets that go through BM 525 must pass the policy permission except VPN Therefore the LAN WAN and DMZ netwo...

Page 129: ... by Policy The user can choose default value or the custom services that the system manager set in Service function Action WAN Port Control actions to permit or reject packets that delivered between LAN network and WAN network when pass through BM 525 See the chart and illustration below Chart Name Illustration Permit all WAN network Interface Allow the packets that correspond with policy to be tr...

Page 130: ...ication User Enable Authentication User Schedule Enable the policy to automatically execute the function in a certain time Content Blocking Enable Content Blocking QoS Enable QoS Traffic Log Record all the packets that go through policy Statistics Chart of the traffic that go through policy Content Blocking To restrict the packets that passes through the policy Authentication User The user have to...

Page 131: ...the setting value the surplus connection cannot be set successfully QoS Setting the Guarantee Bandwidth and Maximum Bandwidth of the Policy the bandwidth is shared by the users who correspond to the Policy Move Every packet that passes the BM 525 is detected from the front policy to the last one So it can modify the priority of the policy from the selection ...

Page 132: ...IP and Content Blocking for example Ex3 Outgoing Only allow the users who pass Authentication to access to Internet in particular time Ex4 Incoming The external user control the internal PC through remote control software Take PC Anywhere for example Ex5 WAN to DMZ Under DMZ NAT Mode set a FTP Server and restrict the download bandwidth from external and MAX Concurrent Sessions Ex6 WAN to DMZ DMZ t...

Page 133: ...Example Set up the policy that can monitor the internal users Take Logging Statistics and Alarm Threshold for example STEP 1 Enter the following setting in Outgoing Policy Click New Entry Select Logging Select Statistics Click OK Setting the different Policies ...

Page 134: ...29 STEP 2 Complete the setting of Logging Statistics and Alarm Threshold in Outgoing Policy Complete Policy Setting STEP 3 Obtain the information in Traffic of Log function if you want to monitor all the packets of the BM 525 Traffic Log Monitor Web UI ...

Page 135: ...BM 525 Bandwidth Management Gateway User s Manual 130 STEP 4 To display the traffic record that through Policy to access to Internet in Policy Statistics of Statistics function Statistics Web UI ...

Page 136: ...c network Take specific WAN IP and Content Blocking for example STEP 1 Enter the following setting in URL Blocking Script Blocking P2P Blocking IM Blocking and Download Blocking in Content Blocking function URL Blocking Setting Script Blocking Setting P2P Blocking Setting IM Blocking Setting ...

Page 137: ...o Script file of Website Java Cookies etc 3 P2P Blocking can restrict the Internal Users to access to the file on Internet by P2P eDonkey BT 4 IM Blocking can restrict the Internal Users to send message files audio and video by instant messaging Ex MSN Messenger Yahoo Messenger QQ ICQ and Skype 5 Download Blocking can restrict the Internal Users to access to video audio and some specific sub name ...

Page 138: ... s Manual 133 STEP 2 Enter as following in WAN and WAN Group of Address function Setting the WAN IP that going to block WAN Address Group The Administrator can group the custom address in Address It is more convenient when setting policy rule ...

Page 139: ...ateway User s Manual 134 STEP 3 Enter the following setting in Outgoing Policy Click New Entry Destination Address Select WAN_Group that set by STEP 2 Blocking by IP Action WAN Port Select DENY ALL Click OK Setting Blocking Policy ...

Page 140: ...t Blocking Click OK Setting Content Blocking Policy STEP 5 Complete the setting of forbidding the users to access to specific network Complete Policy Setting Deny in Policy can block the packets that correspond to the policy rule The System Administrator can put the policy rule in the front to prevent the user connecting with specific IP ...

Page 141: ...ternet in particular time STEP 1 Enter the following in Schedule function Add New Schedule STEP 2 Enter the following in Auth User and Auth User Group in Authentication function Setting Auth User Group The Administrator can use group function the Authentication and Service It is more convenient when setting policy ...

Page 142: ...oing Policy Click New Entry Authentication User Select laboratory Schedule Select Working Time Click OK Setting a Policy of Authentication and Schedule STEP 4 Complete the policy rule of only allows the users who pass authentication to access to Internet in particular time Complete Policy Setting ...

Page 143: ... the internal PC through remote control software Take PC Anywhere for example STEP 1 Set up a Internal PC controlled by external user and Internal PC s IP Address is 192 168 1 2 STEP 2 Enter the following setting in Virtual Server1 of Virtual Server function Setting Virtual Server ...

Page 144: ...ick New Entry Destination Address Select Virtual Server1 61 11 11 12 Service Select PC Anywhere 5631 5632 Click OK Setting the External User Control the Internal PC Policy STEP 4 Complete the policy for the external user to control the internal PC through remote control software Complete Policy Setting ...

Page 145: ...r DMZ which IP is 192 168 3 2 The DMZ Interface Address is192 168 3 1 24 STEP 2 Enter the following setting in Virtual Server1 of Virtual Server function Setting up Virtual Server Corresponds to FTP Server When using the function of Incoming or WAN to DMZ in Policy strong suggests that cannot select ANY in Service It may be attacked by Hacker easily STEP 3 Enter the following in QoS QoS Setting ...

Page 146: ...Destination Address Select Virtual Server1 61 11 11 12 Service Select FTP 21 QoS Select FTP_QoS MAX Concurrent Sessions Enter 100 Click OK Add New Policy STEP 5 Complete the policy of restricting the external users to access to internal network server which may occupy the resource of network Complete the Policy Setting ...

Page 147: ...t a Mail Server in DMZ and set its network card s IP Address as 61 11 11 12 The DNS setting is external DNS Server STEP 2 Add the following setting in DMZ of Address function The Mail Server s IPAddress Corresponds to Name Setting in Address Book of Mail Server STEP 3 Add the following setting in Group of Service function Setting up a Service Group that has POP3 SMTP and DNS ...

Page 148: ...ting in WAN to DMZ Policy Click New Entry Destination Address Select Mail_Server Service Select E mail Click OK Setting a Policy to access Mail Service by WAN to DMZ STEP 5 Complete the policy to access mail service by WAN to DMZ Complete the Policy to access Mail Service by WAN to DMZ ...

Page 149: ...ing in LAN to DMZ Policy Click New Entry Destination Address Select Mail_Server Service Select E mail Click OK Setting a Policy to access Mail Service by LAN to DMZ STEP 7 Complete the policy to access mail service by LAN to DMZ Complete the Policy to access Mail Service by LAN to DMZ ...

Page 150: ... setting in DMZ to WAN Policy Click New Entry Source Address Select Mail_Server Service Select E mail Click OK Setting the Policy of Mail Service by DMZ to WAN STEP 9 Complete the policy access to mail service by DMZ to WAN Complete the Policy access to Mail Service by DMZ to WAN ...

Page 151: ...ter 6 Anomaly Flow IP When the BM 525 received the intrusion packets from hackers the internal PC will block this abnormal packets in it to prevent the Company s network be paralyzed In this chapter we will make the introduction and settings of Anomaly Flow IP ...

Page 152: ... SYN Flood Threshold Total Define all the IP and the total SYN packets Pkts Sec pass through the BM 525 If over the setting value then BM 525 will define it to be attacked SYN Flood Threshold Per Source IP Define every source IP and the total SYN packets Pkts Sec pass through the BM 525 If over the setting value then BM 525 will define it to be attacked SYN Flood Threshold Blocking Time Per Source...

Page 153: ...the BM 525 will re calculate the total ICMP flow from every source IP if over the setting value then BM 525 will keep blocking Detect UDP Flood Can detect the UDP data packes sent from hacker and use the Broadcast to send to ever internal PC UDP Flood Threshold Total Define all the IP and the total UDP packets Pkts Sec pass through the BM 525 If over the setting value then BM 525 will define it to...

Page 154: ... detect the port and attack them Detect Tear Drop Attack Can detect the IP data packets which pretend the normal data packets but actually this kind of packets contain the mount of data packets which can let the system crash hold on or reboot Detect Tear Drop Attack Select the function can prevent some IP packets which the hacker use it to enter the domain Detect Land Attack Select this function c...

Page 155: ...eer enable the Anomaly Flow function the BM 525 will instantly show the message in Virus infected IP and Attack Events If the MIS engineers enable the function in System Æ E mail alert notification then the BM 525 will automatically send the notification to the MIS engineer ...

Page 156: ... Æ Setting The threshold sessions of virus infected is default is 30 sessions sec Select Enable Virus infected IP Blocking Blocking Time 600 seconds Select Enable E Mail alert notification Select Enable NetBIOS Alert Notification Enter 192 168 189 30 in IP Address of Administrator Enable all the function in DoS Anti Attack Setting Click OK ...

Page 157: ...BM 525 Bandwidth Management Gateway User s Manual 152 The setting of anomaly flow IP and Dos Anti Attack Can add Non detected IP and these IP will not controlled by this function ...

Page 158: ... system detects the DDoS attack packets it will show the message in Anomaly Flow IP Æ Virus infected IP Or send the Net BIOS Notification to the MIS and virus infected PC Anomaly flow IP and Virus infected IP Send the NetBIOS Alert notification to the virus infected PC ...

Page 159: ...BM 525 Bandwidth Management Gateway User s Manual 154 Send the NetBIOS Alert Notification to the MIS engineer ...

Page 160: ... 525 Bandwidth Management Gateway User s Manual 155 Step3 Enable the System Æ E Mail alert notification and then the BM 525 will send the mail notice to the MIS engineer Send the e mail alert notification ...

Page 161: ...BM 525 Bandwidth Management Gateway User s Manual 156 Step4 Enable the Anomaly Flow Æ Attack Event then the BM 525 shows the attack information in detail Anomaly Flow IP attack event ...

Page 162: ...tion address and services requested for each control policy Event Log record the contents of System Configurations changes made by the Administrator such as the time of change settings that change the IP address used to log in etc Connection Log records all of the connections of BM 525 When the connection occurs some problem the Administrator can trace back the problem from the information How to ...

Page 163: ...the information and Protocol port that users use to access to Internet or Intranet by BM 525 Ex 2 Event Log To record the detailed management events such as Interface and event description of BM 525 of the Administrator Ex 3 Connection Log To detect event description of WAN Connection Ex 4 Log Backup To save or receive the records that sent by the BM 525 ...

Page 164: ... information and Protocol port that users use to access to Internet or Intranet by BM 525 STEP 1 Add new policy in DMZ to WAN of Policy and select Enable Logging Logging Policy Setting STEP 2 Complete the Logging Setting in DMZ to WAN Policy Complete the Logging Setting of DMZ to WAN ...

Page 165: ...BM 525 Bandwidth Management Gateway User s Manual 160 STEP 3 Click Traffic Log It will show up the packets records that pass this policy Traffic Log Web UI ...

Page 166: ...th Management Gateway User s Manual 161 STEP 4 Click on a specific IP of Source IP or Destination IP it will prompt out a Web UI about Protocol and Port of the IP The Web UI of detecting the Traffic Log by IPAddress ...

Page 167: ...ment Gateway User s Manual 162 STEP 5 Click on Download Logs and select Save in File Download Web UI And then choose the place to save in PC and click OK the records will be saved instantly Download Traffic Log Records Web UI ...

Page 168: ...BM 525 Bandwidth Management Gateway User s Manual 163 STEP 6 Click Clear Logs and click OK on the confirm Web UI The records will be deleted from the BM 525 instantly Clearing Traffic Log Records Web UI ...

Page 169: ...anual 164 7 3 Event Log To record the detailed management events such as Interface and event description of BM 525 of the Administrator STEP 1 Click Event log of LOG The management event records of the administrator will show up Event Log Web UI ...

Page 170: ...agement Gateway User s Manual 165 STEP 2 Click on Download Logs and select Save in File Download Web UI Then choose the place to save in PC and click OK The records will be saved instantly Download Event Log Records Web UI ...

Page 171: ...BM 525 Bandwidth Management Gateway User s Manual 166 STEP 3 Click Clear Logs and click OK on the confirm Web UI the records will be deleted from the BM 525 Clearing Event Log Records Web UI ...

Page 172: ...dth Management Gateway User s Manual 167 7 4 Connection Log To Detect Event Description of WAN Connection STEP 1 Click Connection in LOG It can show up WAN Connection records of the BM 525 Connection records Web UI ...

Page 173: ...nt Gateway User s Manual 168 STEP 2 Click on Download Logs and select Save in File Download Web UI And then choose the place to save in PC and click OK the records will be saved instantly Download Connection Log Records Web UI ...

Page 174: ... 525 Bandwidth Management Gateway User s Manual 169 STEP 3 Click Clear Logs and click OK on the confirm Web UI the records will be deleted from the BM 525 instantly Clearing Connection Log Records Web UI ...

Page 175: ...l Alert Notification function and set up the settings E mail Setting Web UI STEP 2 Enter Log Backup in Log select Enable Log Mail Support and click OK Log Mail Configuration Web UI After Enable Log Mail Support every time when LOG is up to 300Kbytes and it will accumulate the log records instantly And the device will e mail to the Administrator and clear logs automatically ...

Page 176: ...ter Log Backup in Log enter the following settings in Syslog Settings Select Enable Syslog Messages Enter the IP in Syslog Host IPAddress that can receive Syslog Enter the receive port in Syslog Host Port Click OK Complete the setting Syslog Messages Setting Web UI ...

Page 177: ...6 Accounting Report Administrator can use this Accounting Report to inquire the LAN IP users and WAN IP users and to gather the statistics of Downstream Upstream First packet Last packet Duration and the Service of the entire user s IP that passes the BM 525 ...

Page 178: ...ided into two parts Outbound Accounting Report and Inbound Accounting Report Outbound Accounting Report It is the statistics of the downstream and upstream of the LAN WAN and all kinds of communication network services Source IP The IP address used by LAN users who use BM 525 Destination IP The IP address used by WAN service server which uses BM 525 Service The communication service which listed i...

Page 179: ...n services The Inbound Accounting report will be shown when WAN users use BM 525 to connect with LAN Server Source IP The IP address used by WAN users who use BM 525 Destination IP The IP address used by LAN service server who use BM 525 Service The communication service which listed in the menu when WAN users use BM 525 to connect to LAN Service server ...

Page 180: ...of each WAN service server which uses BM 525 to LAN user Upstream The percentage of upstream and the value of each LAN user who uses BM 525 to WAN service server First Packet When the first packet is sent to WAN service server from LAN user the sent time will be recorded by the BM 525 Last Packet When the last packet sent from WAN service server is received by the LAN user the sent time will be re...

Page 181: ...BM 525 Bandwidth Management Gateway User s Manual 176 Outbound Source IP Statistics Report ...

Page 182: ...of each WAN service server which uses BM 525 to LAN user Upstream The percentage of upstream and the value of each LAN user who uses BM 525 to WAN service server First Packet When the first packet is sent from WAN service server to LAN users the sent time will be recorded by the BM 525 Last Packet When the last packet from LAN user is sent to WAN service server the sent time will be recorded by th...

Page 183: ...BM 525 Bandwidth Management Gateway User s Manual 178 Outbound Destination IP Statistics Report ...

Page 184: ...AN service server Downstream The percentage of downstream and the value of each WAN service server who uses BM 525 to connect to LAN user Upstream The percentage of upstream and the value of each LAN user who uses BM 525 to WAN service server First Packet When the first packet is sent to the WAN Service Server the sent time will be recorded by the BM 525 Last Packet When the last packet is sent fr...

Page 185: ...ment Gateway User s Manual 180 Outbound Services Statistics Report According to the downstream upstream report of the selected TOP numbering to draw the Protocol Distribution chart Press to return to Accounting Report window ...

Page 186: ...each WAN user who uses BM 525 to LAN service server Upstream The percentage of Upstream and the value of each LAN service server who uses BM 525 to WAN users First Packet When the first packet is sent from WAN users to LAN service server the sent time will be recorded by the BM 525 Last Packet When the last packet is sent from LAN service server to WAN users the sent time will be recorded by the B...

Page 187: ...BM 525 Bandwidth Management Gateway User s Manual 182 Inbound Top Users Statistics Report ...

Page 188: ...ser who uses BM 525 to LAN service server Upstream The percentage of Upstream and the value of each LAN service server who uses BM 525 to WAN users First Packet When the first packet is sent from WAN users to LAN service server the sent time will be recorded by the BM 525 Last Packet When the last packet is sent from LAN service server to WAN users the sent time will be recorded by the BM 525 Dura...

Page 189: ...BM 525 Bandwidth Management Gateway User s Manual 184 Inbound Destination IP Statistics Report ...

Page 190: ...rver Downstream The percentage of downstream and the value of each WAN user who uses BM 525 to LAN service server Upstream The percentage of upstream and the value of each LAN service server who uses BM 525 to WAN user First Packet When the first packet is sent to the LAN Service Server the sent time will be recorded by the BM 525 Last Packet When the last packet is sent from the LAN Service Serve...

Page 191: ...BM 525 Bandwidth Management Gateway User s Manual 186 According to the downstream upstream report of the selected TOP numbering to draw the Protocol Distribution chart ...

Page 192: ...rd that pass WAN Interface Policy Statistics The statistics of Downstream Upstream packets and Downstream Upstream traffic record that pass Policy In this chapter the Administrator can inquire the BM 525 for statistics of packets and data that passes across the BM 525 The statistics provides the Administrator with information about network traffics and network loads ...

Page 193: ...ion above the Administrator can know which Policy is the Policy Statistics belonged to Time To detect the statistics by minutes hours days months or years Bits sec Bytes sec Utilization Total The unit that used by Y Coordinate which the Administrator can change the unit of the Statistics Chart here Utilization The percentage of the traffic of the Max Bandwidth that System Manager set in Interface ...

Page 194: ...t will display all the statistics of Downstream Upstream packets and Downstream Upstream record that pass WAN Interface Time To detect the statistics by minutes hours days months or years WAN Statistics is the additional function of WAN Interface When enable WAN Interface it will enable WAN Statistics too ...

Page 195: ...BM 525 Bandwidth Management Gateway User s Manual 190 STEP 2 Statistics Chart Y Coordinate Network Traffic Kbytes Sec X Coordinate Time Hour Minute WAN Statistics ...

Page 196: ... has to enable the Statistics in Policy first STEP 2 In the Statistics Web UI find the network you want to check and click Minute on the right side and then you will be able to check the Statistics chart every minute click Hour to check the Statistics chart every hour click Day to check the Statistics chart every day click Week to check the Statistics Figure every week click Month to check the Sta...

Page 197: ...BM 525 Bandwidth Management Gateway User s Manual 192 STEP 3 Statistics Chart Y Coordinate Network Traffic Kbytes Sec X Coordinate Time Hour Minute Day Policy Statistics ...

Page 198: ...s can use the BM 525 appliance to start up the internal PCs by sending packets which included the network bootable network adapter and can additionally use the remote monitor software such as VNC Terminal Service and PC Anywhere In this section we will make the introduction of Wake on LAN ...

Page 199: ...nal PC to be remote monitored and its MAC is 00 0C 76 B7 96 3B Step2 In Wake on LAN Æ Setting add the following settings Click New Entry Name enter Rayearth MAC Address enter 00 01 80 41 D0 FB Click OK Set the internal PC to be monitored Step3 Click Wake Up to start up the internal PC Start up the PC ...

Page 200: ...P WAN IP Subnet Netmask Default Gateway DNS Server Connection and its IP etc Interface Display all of the current Interface status of the BM 525 Authentication The Authentication information of BM 525 ARP Table Record all the ARP that connect to the BM 525 DHCP Clients Display the table of DHCP clients that are connected to the BM 525 ...

Page 201: ...s and error packets of the Interface Ping Web UI To display whether the users can Ping to the BM 525 from the Interface or not or enter its Web UI Forwarding Mode The connection mode of the Interface Connection Status To display the connection status of WAN DnS UpS Kbps To display the Maximum DownStream UpStream Bandwidth of that WAN set from Interface DnStream Alloca The distribution percentage o...

Page 202: ...BM 525 Bandwidth Management Gateway User s Manual 197 Interface Status ...

Page 203: ...EP 1 Enter Authentication in Status function It will display the record of login status IPAddress The authentication user IP Auth User Name The account of the auth user to login Login Time The login time of the user Year Month Day Hour Minute Second Authentication Status Web UI ...

Page 204: ...t will display a table about IP Address MAC Address and the Interface information which is connecting to the BM 525 NetBIOS Name The identified name of the network IPAddress The IP Address of the network MAC Address The identified number of the network card Interface The Interface of the computer ARP Table Web UI ...

Page 205: ...us function it will display the table of DHCP Clients that are connected to the BM 525 IPAddress The dynamic IP that provided by DHCP Server MAC Address The IP that corresponds to the dynamic IP Leased Time The valid time of the dynamic IP Start End Year Month Day Hour Minute Second DHCP Clients Web UI ...

Reviews:

No comments

Related manuals for BM-525

rainforest EAGLE-200 User Manual preview
EAGLE-200
Brand: rainforest Pages: 20
EchoLife DU8245W Quick Start Manual preview
DU8245W
Brand: EchoLife Pages: 16
Ericsson EDACS Data Advantage Series Installation And Maintenance Manual preview
EDACS Data Advantage Series
Brand: Ericsson Pages: 48
IFM Electronic ASinterfoce AC1325 Installation Instructions Manual preview
ASinterfoce AC1325
Brand: IFM Electronic Pages: 23
WAGO 758-918 Manual preview
758-918
Brand: WAGO Pages: 76
Extron electronics ShareLink 200 User Manual preview
ShareLink 200
Brand: Extron electronics Pages: 23
Sagem MAxx1 Installation Manual preview
MAxx1
Brand: Sagem Pages: 27
RTA 460ESUS-NNA1 Product User Manual preview
460ESUS-NNA1
Brand: RTA Pages: 78
Toshiba XLTR-200 Instruction Manual preview
XLTR-200
Brand: Toshiba Pages: 99
Velleman HAA9523S User Manual preview
HAA9523S
Brand: Velleman Pages: 84
TCAM T8000-I User Manual preview
T8000-I
Brand: TCAM Pages: 25
Eaton POW-R-COMMAND 1000 Quick Start Manual preview
POW-R-COMMAND 1000
Brand: Eaton Pages: 8
National Instruments MON-10496 User Manual preview
MON-10496
Brand: National Instruments Pages: 18
AMX CSG-500 Installation Manual preview
CSG-500
Brand: AMX Pages: 2
Alarm Lock AL-IME2-POE Installation Instructions Manual preview
AL-IME2-POE
Brand: Alarm Lock Pages: 8
Alarm Lock AL-IME2 Installation Instructions Manual preview
AL-IME2
Brand: Alarm Lock Pages: 8
Hybertone HT-822P User Manual preview
HT-822P
Brand: Hybertone Pages: 48
SmartRG SR515ac Quick Start Manual preview
SR515ac
Brand: SmartRG Pages: 16

Brands by name

Popular brands

Load more brands