Planet CS-5800 User Manual Download Page 1

Page: 1 / 142

Gigabit Content Security Router User’s Manual

User’s Manual

CS-5800

Gigabit Content Security Router

Summary of Contents for CS-5800

Page 1: ...Gigabit Content Security Router User s Manual User s Manual CS 5800 Gigabit Content Security Router...

Page 2: ...ET PLANET assumes no responsibility for any inaccuracies that may be contained in this User s Manual PLANET makes no commitment to update or keep current the information in this User s Manual and rese...

Page 3: ...e environment and human health as a result of the presence of hazardous substances in electrical and electronic equipment end users of electrical and electronic equipment should understand the meaning...

Page 4: ...CHAPTER 4 LOGIN SECURITY ROUTER 12 CHAPTER 5 SYSTEM STATUS 14 5 1 HOME PAGE 14 5 1 1 WAN Status 14 5 1 2 Physical Port Status 16 5 1 3 System Information 17 5 1 4 Security Status 17 5 1 5 Log Setting...

Page 5: ...NDWIDTH MANAGEMENT 75 8 1 1 The Maximum Bandwidth provided by ISP 76 8 1 2 QoS 78 8 1 3 Smart QoS 81 8 1 4 Exception IP address 83 8 2 SESSION CONTROL 84 CHAPTER 9 FIREWALL 86 9 1 GENERAL POLICY 86 9...

Page 6: ...TER 11 SYSTEM TOOL 117 11 1 DIAGNOSTIC 117 11 2 FIRMWARE UPGRADE 118 11 3 CONFIGURATION BACKUP 119 11 4 SNMP 121 11 5 SYSTEM RECOVER 122 11 6 HIGH AVAILABILITY 122 CHAPTER 12 LOG 127 12 1 SYSTEM LOG 1...

Page 7: ...including Auto Load Balance Unbinding WAN Balance and Strategy Routing User can also configure which IP or TCP UDP type of traffic use which WAN port to connect Inbound Load Balancing The CS 5800 pro...

Page 8: ...behavior It also supporting remote management by web browser with user name and password to realize router management from remote places Log Feature The log and traffic statistic function can helping...

Page 9: ...t has been connected Get IP Blinking Transmit data WAN DMZ Link Act Green Off Not get the IP address even the port has been connected Steady on LAN port has been connected LAN Link Act Green Blinking...

Page 10: ...T z One to One NAT z Multiple to One NAT z Stateful Packet Inspection SPI Firewall z Denial of Service DoS prevention z IP Port filtering z Block Website by Keyword Content Filter z Firewall detection...

Page 11: ...Gigabit Content Security Router User s Manual z Firmware upgrade through Web browser VPN Pass through z IPSec PPTP L2TP Pass through 5...

Page 12: ...at the same time Through the process settings users can install and operate Security router easily This simplifies the management and maintenance making the user network settings be done at one time...

Page 13: ...rt Static DHCP IP allocation to meet different needs IP group will simplize the management work 6 Set QoS bandwidth management avoid bandwidth occupation Restrict bandwidth and session of WAN ports LA...

Page 14: ...Gigabit Content Security Router User s Manual 8 window We will follow the process flow to complete the network setting in the following chapters...

Page 15: ...avy objects together with the device on a rack Overloading may cause the rack to fail thus causing damage or danger Each device comes with a set of rack installation accessories including 2 L brackets...

Page 16: ...e a connection to a Public IP server at the same time WAN connection A WAN port can be connected with xDSL Modem Fiber Modem Switching Hub or through an external router to connect to the Internet LAN...

Page 17: ...Gigabit Content Security Router User s Manual DMZ The DMZ port can be connected to servers that have legal IP addresses such as Web servers mail servers etc 11...

Page 18: ...tting Default Gateway address as the graphic below 192 168 1 1 Make sure Default Gateway is also the default IP address of Content Security Router Attention When not getting IP address and default gat...

Page 19: ...login password in the setting later Attention For security we strongly suggest that users must change password after login Please keep the password safe or you cannot login to Security router Press Re...

Page 20: ...users reference 5 1 1 WAN Status Item Description WAN IP Address Indicates the current IP configuration for WAN port Default Gateway Indicates current WAN gateway IP address from ISP DNS Indicates th...

Page 21: ...tes how many QoS rules are set Manual Connect When Obtain an IP automatically is selected two buttons Release and Renew will appear If a WAN connection such as PPPoE or PPTP is selected Disconnect and...

Page 22: ...mmary and statisitcs of the selected port The current port setting status information will be shown in the Port Information Table Examples type 10Base T 100Base TX 1000Base T iniferface WAN LAN DMZ li...

Page 23: ...he current working mode Can be Gateway or Router mode The default is Gateway mode System Active time Indicates how long the device has been running Serial Number This number is the device serial numbe...

Page 24: ...the configuration The default configuration is Off Access Rule Indicates the number of access rule applied in Security router 5 1 5 Log Setting Status Item Description Sent Log To Indicates if Syslog...

Page 25: ...y to save the configuration If users have already changed username and password they should login with current username and password and input admin as new username and password if they have to return...

Page 26: ...have your own preferred time server input the server IP address Apply After the changes are completed click Apply to save the configuration Cancel Click Cancel to leave without making any change This...

Page 27: ...r specific configurations 6 1 Network Connection 6 1 1 Host Name and Domain Name Dev Cho ice name and domain name can be input in the two boxes Though this configuration is not necessary in most envir...

Page 28: ...according to the actual network structure Multiple Subnet Setting IPv4 Only Click Unified IP Management to enter the configuration page as shown in the following figure Input the respective IP addres...

Page 29: ...roups in the Intranet the Internet is still accessible without making any changes to internal PCs Users can make changes according to their actual network structure 61 3 2 Dual Stack IP IPv4 and IPv6...

Page 30: ...e Input the respective IP addresses and subnet masks Note To configure global IPv6 prefixes for your LAN devices go to the WAN Setting click the IPv6 tab and click Edit for the WAN interface Then ente...

Page 31: ...an advanced configuration Click Edit to enter the advanced configuration page Obtain an Automatic IP automatically This mode is often used in the connection mode to obtain an automatic DHCP IP This is...

Page 32: ...WAN to the Internet In this way the effect of any disconnection can be minimized Line Dropped Period Input the time rule for disconnection of this WAN service Line Dropped Scheduling Input how long th...

Page 33: ...ceptable is two IP groups Enable Line Dropped Scheduling The WAN disconnection schedule will be activated by checking this option In some areas there is a time limitation for WAN connection service Fo...

Page 34: ...ets The default is Disabled MTU MTU is abbreviation of Maximum Transmission Unit Auto and Manual can be chosen The default value is 1500 Different value could be set in different network environment e...

Page 35: ...ugh there is a standby system in the device at the moment of WAN disconnection all the external connections that go through this WAN will be disconnected too Only after the disconnected lines are reco...

Page 36: ...This option is to configure a static IP address The IP address to be configured could be one issued by ISP The IP address is usually provided by the ISP when the PC is installed Contact ISP for relev...

Page 37: ...connections that go through this WAN will be disconnected too Only after the disconnected lines are reconnected can they go through the standby system to connect with the Internet Therefore to avoid...

Page 38: ...mally with the Internet while keeping the original Internet IP addresses in Intranet IP configuration If there are two WANs configured users still can select Transparent Bridge mode for WAN connection...

Page 39: ...with the Internet Therefore to avoid a huge number of disconnections users can activate this function to arrange new connections through another WAN to the Internet In this way the effect of any disco...

Page 40: ...into a LAN PC and this PC can use this public IP address to reach the Internet Others PCs can use NAT mode to reach the Internet If this WAN network is enabled the Router plus NAT mode you can still...

Page 41: ...can they go through the standby system to connect with the Internet Therefore to avoid a huge number of disconnections users can activate this function to arrange new connections to be made through a...

Page 42: ...lease refer to the following introduction for selection of appropriate configurations Users can also set up their own DNS IP address Check the options and input the user defined DNS IP addresses Item...

Page 43: ...by your ISP Default Gateway Input the default gateway issued by ISP For ADSL users it is usually an ATU R IP address As for optical fiber users please input the optical fiber switching IP DNS Servers...

Page 44: ...address Config Indicates an advanced configuration modification Click Edit to enter the advanced configuration page The DMZ configuration can be classified by Subnet and Range Subnet The DMZ and WAN...

Page 45: ...e Subnet Item Description Interface Select a WAN Port witch is the same subnet with DMZ IP Range for DMZ port Input the IP range located at the DMZ port After the changes are completed click Apply to...

Page 46: ...s selected the WAN bandwidth will automatically allocate connections based on IP amount to achieve network load balance Note For either session balancing or IP connection balancing collocation with Pr...

Page 47: ...Note Only when a device assignment is collocated with Protocol Binding can the balancing function be brought into full play For example an assignment requiring all Intranet IP addresses to go through...

Page 48: ...ne a name for the WAN grouping in the box such as Education etc The name is for recognizing different WAN groups Interface Check the boxes for the WANs to be added into this combination Add To List To...

Page 49: ...ex WAN 1 or WAN grouping users designated to the Internet To build a policy document users can use a text based editor such as Notepad which is included with Windows system Follow the text format in...

Page 50: ...king encrypted connection Https or TCP443 is required to connect from the same WAN IP If one intranet IP visits web banking website and the connection is distributed into different WAN IP addresses th...

Page 51: ...81 101 in the same Class B range the connection will also be through WAN1 200 10 10 1 If the destination is to other IP not in the same Class B range as 61 222 81 100 the session will be distributed...

Page 52: ...ased on the first time learning Item Description User Define Dis Or Port Auto Binding Indicates that the intranet IP will connect through the same WAN IP when the service ports are self defined You ca...

Page 53: ...or network external services If this option is selected information such Retry or Retry Timeout will be displayed If two WANs are used for external connection be sure to activate the NSD system so as...

Page 54: ...is way when any of the WAN connections is broken other WANs can serve as a backup traffic can be shifted to a WAN that is still connected Default Gateway The local default communication gateway locati...

Page 55: ...and so on 6 2 3 Protocol Binding WAN Setting The Security router allows maximum four WAN interface the bandwidth and real connection of every WAN will impact the load balance mechanism therefore you...

Page 56: ...ad balance mode of Assigned Routing the first WAN WAN1 cannot be assigned It is to be saved for the IP addresses and the application Service Ports that are not assigned to other WANs WAN2 WAN3 and WAN...

Page 57: ...to go through a specific WAN port for external connection In the boxes here input the Intranet virtual IP address range for example if 192 168 1 100 150 is input the binding range will be 100 150 If...

Page 58: ...Add To List To add this rule to the list Delete selected application To remove the rules selected from the Service List Moving Up Down The priority for rule execution depends on the rule order in the...

Page 59: ...nt to activate is not in the list users can add or remove service ports from Service Port Management to arrange the list as described in the following Item Description Service Name In this box input t...

Page 60: ...dresses to specific destination application service ports or assign specific destination IP addresses to the WAN users choose for external connections Example 1 How do I set up Auto Load Balance Mode...

Page 61: ...er services from going through WAN1 As in the figure below there are two rules to be configured The first rule select HTTP TCP 80 80 from the pull down option list Service and then in the boxes of Sou...

Page 62: ...cific WAN will only support those assigned Intranet IP addresses destination Service Ports or destination IP addresses Those which are not configured will go through other WANs for external connection...

Page 63: ...elect All Port TCP UDP 1 65535 from the pull down option list Service and then in the boxes of Source IP input 192 168 1 0 0 which means to include all Intranet IP addresses In the boxes for Destinati...

Page 64: ...Gigabit Content Security Router User s Manual 58...

Page 65: ...n can be made The default value is on Priority This feature allows users to set the high low priority of the packet delivery for the Ethernet port If it is set as High the port has the first priority...

Page 66: ...rver should be constructed for the intranet so that all VLAN group can visit this server Set one of the network ports as VLAN All Connect the server to VLAN All so that computers of different VLAN gro...

Page 67: ...ing High or Normal Speed Status 10Mbps 100Mbps or 1000Mbps Duplex Status half duplex or full duplex Auto Neg Enabled Disabled and VLAN Statistics The packet data of this specific port will be displaye...

Page 68: ...puters This function is similar to the DHCP service in NT servers It benefits users by freeing them from the inconvenience of recording and configuring IP addresses for each PC respectively When a com...

Page 69: ...cording to their needs The time unit is minute Range Start This is an initial IP automatically leased by DHCP It means DHCP will start the lease from this IP The default initial IP is 192 168 1 100 Ra...

Page 70: ...DNS server CS 5800 also provides easy self defined DNS services called DNS Local Database which can map website host domain names and the corresponding IP addresses Item Description Host Domain Name E...

Page 71: ...t is 1440 minutes a day Users can change it according to their needs The time unit is minute Range Start This is an initial IP automatically leased by DHCP It means DHCP will start the lease from this...

Page 72: ...ity Router User s Manual 7 4 DHCP Status This is an indication list of the current status and setup record of the DHCP server The indications are for the administrator s reference when a network modif...

Page 73: ...DHCP IP Available The amount of IP still available in the DHCP server Total IP The total IP which the DHCP server is configured to lease Host Name The name of the current computer IP Address The IP a...

Page 74: ...o methods for setting up this function Block MAC address on the list with wrong IP address This method only allows MAC addresses on the list to receive IP addresses from DHCP and have Internet access...

Page 75: ...Gigabit Content Security Router User s Manual IP MAC Binding 69...

Page 76: ...guration or modification to the list Delete selected item Remove the selected binding from the list Add Add new binding Block MAC address on the list with wrong IP address When this option is activate...

Page 77: ...to WAN IP groups Local IP Group list will automatically learn IP addresses having packets that pass through firewall Moreover if user changes the IP address the IP in the list will change accordingly...

Page 78: ...Delete Group Choose the group that you would like to delete from the pull down list and push the Delete Group button System will ask you again if you would like to delete the group After pushing the c...

Page 79: ...emote IP group does not have automatically learning functions Instead you need to define addresses ranges and groups manually For example 220 130 188 1 to 200 range It is the same setting methods You...

Page 80: ...ng name protocol and port range push this button to add the information into the Port list below This port can be from some port groups Group Name When you add new groups please note if the group name...

Page 81: ...ity to specific applications or services and also to enable other users to share bandwidth as well as to ensure stable and reliable network transmission To maximize the bandwidth efficiency network ad...

Page 82: ...calculations according to the data users input In other words it will guarantee a minimum rate of upstream and downstream for each IP and Service Port based on the total actual bandwidth of WAN1 and...

Page 83: ...can be calculated in the same way Attention The rules configured in Protocol Binding will be executed by the device according to their priorities too The higher up on the list the higher the priority...

Page 84: ...Rate Control method Rate Control The network administrator can set up bandwidth or usage limitations for each IP or IP range according to the actual bandwidth The network administrator can also set b...

Page 85: ...ntranet IP Server in LAN Upstream If a Server for external connection has been built in the device this option is to control the bandwidth for the traffic coming from outside to this Server Server in...

Page 86: ...Enable Activate the rule Add to list Add this rule to the list Move up Move down QoS rules will be executed from the bottom of the list to the top of the list In other words the lower down the list th...

Page 87: ...stream rate for intranet IPs Each IP s bandwidth is over maximum threshold its maximum bandwidth will remain When any IP uses more bandwidth than the above upstream or downstream settings the IP will...

Page 88: ...very __ second to detect whether internal IP s bandwidth are over than limit Detect usage of internal IP s bandwidth every __ secend If the punished IP still keep upper bounded limit on then decrease...

Page 89: ...iption WAN Select WAN ports Source IP Enter the exempted IP range or select the exempted IP group Do not control Direction Select do not control upload download or both of them Enabled Enable this pol...

Page 90: ...duling Item Description Disabled Disable Session Control function Single IP cannot exceed __ session This option enables the restriction of maximum external sessions to each Intranet PC When the numbe...

Page 91: ...rding to the configured range For example if the time control is from Monday to Friday 8 6 00pm users can refer to the following f Apply Click Apply to save the configuration Cancel Click Cancel to le...

Page 92: ...lso perform an alarming function for application procedure Meanwhile the packet authentication firewall may decline the connections which use non standard communication protocol DoS Denial of Service...

Page 93: ...Attack This feature is designed to prevent the intranet from being attacked by ARP spoofing causing the connection failure of the PC This ARP virus cheat mostly occurs in Internet cafes When attacked...

Page 94: ...d be adjusted from high to low LAN Threshold When all packet values from internal attack or from single internal IP attack reach the maximum amount the default is 15000 packets Sec and 2000 packets Se...

Page 95: ...All traffic from the WAN to the LAN is denied by default z All traffic from the LAN to the DMZ is allowed by default z All traffic from the DMZ to the LAN is denied by default z All traffic from the W...

Page 96: ...ackets not compliant with this control rule Service Port From the drop down menu select the service that users grant or do not give permission Service Port Management If the service that users wish to...

Page 97: ...ling Select Always to apply the rule on a round the clock basis Select from and the operation will run according to the defined time Apply this rule Select Always to apply the rule on a round the cloc...

Page 98: ...supports two webpage restriction modes one is to block certain forbidden domains and the other is to give access to certain web pages Only one of these two modes can be selected Block Forbidden Domain...

Page 99: ...ected domain Click to select one or more controlled websites and click this option to delete Apply Click Apply to save the configuration Cancel Click Cancel to leave without making any change Website...

Page 100: ...ss some specific websites This is the purpose of the function Item Description Enabled Activate the function The default setting is Disabled Domain Name Input the allowed domain name etc www google co...

Page 101: ...ration will run according to the defined time For example if the control time runs from 8 a m to 6 p m Monday to Friday users may control the operation according to the following illustrated example I...

Page 102: ...servers etup static routing entries or dynamic routing protocol etup one to one NAT function to mapping public IP address and private IP address etup dynamic DNS service etup MAC address in interfaces...

Page 103: ...llows If the DMZ Host function is selected to cancel this function users must input 0 in the following DMZ Private IP This function will then be closed After the changes are completed click Apply to s...

Page 104: ...et IP addresses with Port 80 the service port of WWW is Port 80 to access the internal server directly In the configuration page if a web server address such as 192 168 1 50 and the Port 80 has been s...

Page 105: ...Add or remove service ports from the list of service ports Add to list Add to the active service content Service Port Management The services in the list mentioned above are frequently used services I...

Page 106: ...al Plug and Play is a protocol set by Microsoft If the virtual host supports UPnP system such as Windows XP users could also activate the PC UPnP function to work with the device Item Description Serv...

Page 107: ...s Apply Click Apply to save the network configuration modification 10 3 Routing In this chapter we introduce the Dynamic Routing Information Protocol and Static Routing Information Protocol 10 3 1 Dyn...

Page 108: ...ion Working Mode Select the working mode of the device NAT mode or Router mode RIP Click Enabled to open the RIP function Receive RIP versions Use Up Down button to select one of None RIPv1 RIPv2 Both...

Page 109: ...the router layer count for the IP If there are two routers under the device users should input 2 for the router layer the default is 1 Max is 15 Interface This is to select WAN port or LAN port for n...

Page 110: ...ic IP addresses For example if there are more than 2 web servers requiring public IP addresses administrators can map several public IP addresses directly to internal private IP addresses Example User...

Page 111: ...lic IP Range Begin Input the Public IP address for the Internet One to One NAT function Range Length The numbers of final IP addresses of actual Internet IP addresses Please do not include IP addresse...

Page 112: ...ltiple to One NAT Item Description Enable Multiple to One NAT Click to enable multiple to one NAT function Private IP Range Input intranet IPs for NAT mapping Respective Public IP Input the respective...

Page 113: ...P address of an ADSL PPPoE time based system or the actual IP of a cable modem will be changed from time to time To overcome this problem for users who want to build services such as a website it offe...

Page 114: ...te address such as abc abcddns org cn as a user name for abcDDNS Password The password which is set up for DDNS Host Name Input the website address which has been applied from DDNS Examples are abc dy...

Page 115: ...ut the network card physical address MAC address 00 xx xx xx xx xx here The device will adopt this MAC address when requesting IP address from ISP Select the WAN port to which the configuration is to...

Page 116: ...inbound traffic equally to every WAN port to make best use of bandwidth It also can prevent traffic from unequally distribution and congested Users can use only one device to satisfy the demand of Inb...

Page 117: ...Gigabit Content Security Router User s Manual 111...

Page 118: ...Gigabit Content Security Router User s Manual 112...

Page 119: ...abbreviation is TTL is time interval of DNS inquiring second 0 65535 Too long interval will affect refresh time Shorter time will increase system s loading but the effect of Inbound Load Balance will...

Page 120: ...nput the host name which provides services E g mail server or FTP WAN IP Check corresponding A Record IP WAN Port IP If more than one IPs is checked Inbound traffic will be distributed on this WANs 6...

Page 121: ...r example someone on internet sends a mail to user myhomain com The mail server will search MX Record of mydomain com through DNS If the MX Record exists sender PC will send mails to the mail server a...

Page 122: ...ly IP of the domain name Take the previous example input 210 10 1 1 Scheduling Select Always 9 Enable internal IP and service port corresponding to A Record in Port Range Forwarding of Advanced Functi...

Page 123: ...oblems This tool includes DNS Name Lookup Domain Name Inquiry Test and Ping Packet Delivery Reception Test DNS Name lookup On this test screen please enter the host name of the network users want to t...

Page 124: ...rade page Please confirm all information about the software version in advance Select and browse the software file click Firmware Upgrade Right Now to complete the upgrade of the designated file Atten...

Page 125: ...tion about the software version Select and browse the backup parameter file config exp Select the file and click Import to import the file Export Configuration File This feature allows users to backup...

Page 126: ...urs Attention We recommend don t un tick this item cause if the rule not save to the flash memory after reset the router the configuration will be clear When You Reset the Router The System Will Save...

Page 127: ...e SNMP feature The default is activated System Name Set the name of the device such as Planet System Contact Set the name of the person who manages the device i e John System Location Define the locat...

Page 128: ...nfiguration before upgrading firmware After firmware upgraded import the configuration file after returning to factory default to ensure system stable Please refer to 12 3 11 6 High Availability High...

Page 129: ...backup mode The master device takes responsibility of network transmitting and the other one is set as idle When the master device fails transmitting it will send out the message to the idle device fo...

Page 130: ...he status is normal administrators can login the device remotely to manage Remote Management should be enabled Status Abnormal indicates the backup device can not be detected or does exist and need to...

Page 131: ...vice Then the status will return to Normal which the backup device remains idle Two devices are operating simultaneously Item Description Operation Master Mode Besides operating network with another d...

Page 132: ...1 1 and the subnet mask is 255 255 255 0 Salve device should be in the same subnet ex 192 168 1 2 WAN Backup The Checked WANs are not working in this device The checked WANs will works in another devi...

Page 133: ...2 Log From the log management and look up we can see the relevant operation status which is convenient for us to facilitate the setup and operation 12 1 System Log Its system log offers three options...

Page 134: ...ice provides the following warning message Click to activate these features Syn Flooding IP Spoofing Win Nuke Ping of Death Unauthorized Login Attempt Item Description Syn Flooding Bulky syn packet tr...

Page 135: ...instance message will be recorded in the system log Authorized Login Successful entry into the system includes login from the remote end or from the LAN into this device These messages will be record...

Page 136: ...iew system packet log of those entering the firewall The log includes information about the external source IP addresses destination IP addresses and service ports It is illustrated as below Clear Log...

Page 137: ...s port location device name current WAN link status IP address MAC address subnet mask default gateway DNS number of received sent total packets number of received sent total Bytes Received and Sent B...

Page 138: ...d control By Inbound IP Address The figure displays the source IP address bytes per second and percentage By outbound IP Address The figure displays the source IP address bytes per second and percenta...

Page 139: ...dress bytes per second and percentage By Outbound Session The figure displays the source IP address network protocol type source port destination IP address destination port bytes per second and perce...

Page 140: ...Gigabit Content Security Router User s Manual destination port bytes per second and percentage 134...

Page 141: ...rt rather than Multi WANs Administrators may find out the destination IP for protocol binding to solve this login problem For example when certain port software is denied inquiring about the IP addres...

Page 142: ...Gigabit Content Security Router User s Manual Specific Port Status Enter the service port number in the field and IP that are currently used by this port will be displayed 136...

Search results

Summary of Contents for CS-5800

Reviews:

Related manuals for CS-5800

Brands by name

Popular brands

Planet CS-5800, User Manual

Search results

Summary of Contents for CS-5800

Reviews:

Related manuals for CS-5800

Brands by name

Popular brands