manualshive.com logo in svg

Planet MH-2000, User Manual

Introducing Planet MH-2000 User Manual, a comprehensive guide to maximizing the potential of your device. Download this manual for free from manualshive.com and unleash the full capabilities of your Planet MH-2000. Get step-by-step instructions and troubleshooting tips in this essential guide.

Share
Download
background image

Multi-Homing Security Gateway User’s Manual 

Step 43.

 Finish the Policy setting of VPN_B LAN TO WAN.   

 

 

 

Step 44. 

In VPN_B window, click General tab. And click Advanced for Key Exchange using these settings.     

 

 

 

 

 

 

- 157 -

Summary of Contents for MH-2000

Page 1: ...Multi Homing Security Gateway User s Manual Multi Homing Security Gateway MH 2000 MH 4000 User s Manual...

Page 2: ...this User s Manual and reserves the right to make improvements to this User s Manual and or to the products described in this User s Manual at any time without notice If you find information in this...

Page 3: ...ecting Example 6 CHAPTER 3 GETTING STARTED 7 3 1 WEB CONFIGURATION 7 3 2 CONFIGURE WAN 1 INTERFACE 8 3 3 CONFIGURE WAN 2 INTERFACE 10 3 4 CONFIGURE DMZ INTERFACE 10 3 5 CONFIGURE POLICY 10 CHAPTER 4 W...

Page 4: ...ENTICATION 81 4 7 1 Auth Setting 81 4 7 2 Auth User 82 4 7 3 Auth User Group 86 4 7 4 Radius Server MH 4000 Only 89 4 7 5 POP3 MH 4000 only 89 4 7 6 LDAP MH 4000 only 90 4 8 CONTENT FILTERING 92 4 8 1...

Page 5: ...210 4 14 ALARM 213 4 14 1 Blaster Alarm 213 4 14 2 Traffic Alarm 214 4 14 3 Event Alarm 215 4 15 ACCOUNTING REPORT MH 4000 ONLY 217 4 15 1 Setting 217 4 15 2 Outbound Accounting Report 217 4 15 3 Inbo...

Page 6: ...backup links when a failure is detected The detection is based on the configurable target Internet addresses Outbound Load Balancing The network sessions are assigned based on the user configurable lo...

Page 7: ...English Traditional Chinese and Simplified Chinese Bandwidth Management Network packets can be classified based on IP address IP subnet and TCP UDP port number and give guarantee and burst bandwidth w...

Page 8: ...Front Panel LED Description PWR Power is supplied to this device Green Steady on indicates the port is connected to other network device Blink to indicates there is traffic on the port WAN1 WAN2 LAN D...

Page 9: ...SPI firewall Prevention of SYN attack ICMP Flood UDP flood Ping of Death Tear Drop IP Spoofing IP route Port Scan and Land attack VPN Tunnels 200 1000 VPN Functions PPTP IPSec DES 3DES and AES encryp...

Page 10: ...ata loss In some area installing a surge suppression device may also help to protect your device from being damaged by unregulated surge or current to the MH 2K 4K Network Requirements In order for MH...

Page 11: ...addresses are on the same subnet This application is suitable if you have a subnet of IP addresses and you do not want to change any IP configuration on the subnet 2 2 2 NAT Mode Connecting Example DM...

Page 12: ...trator must change his her PC IP address to be within the same range of the LAN subnet i e 172 16 0 2 Reboot the PC if necessary By default MH 2K 4K is shipped with its DHCP Server function enabled Th...

Page 13: ...a manually PPPoE ADSL User This option is for PPPoE users who are required to enter a username and password in order to connect Username Enter the PPPoE username provided by the ISP Password Enter the...

Page 14: ...his will be the Netmask of the WAN 1 network i e 255 255 255 0 Default Gateway This will be the Gateway IP address Domain Name Server DNS This is the IP Address of the DNS server Max Upstream Downstre...

Page 15: ...figure DMZ interface Depends on your network requirement you can disable the DMZ port make DMZ port transparent to WAN 1 or enable NAT function on it To configure the DMZ port select the Interface tab...

Page 16: ...ity Gateway User s Manual Destination Address select Outside_Any Service select ANY Action select Permit ALL Click on OK to apply the changes STEP 4 The configuration is successful when the screen bel...

Page 17: ...ected to the LAN port have their Default Gateway IP Address set to MH 2K 4K s LAN IP Address i e 192 168 1 1 At this point all the computers on the LAN network should gain access to the Internet immed...

Page 18: ...able V V DHCP V V Host Table V V SNMP N A V Dynamic DNS V V Language V V Permitted IP V V Logout V V Software Update V V Interface V V LAN V V WAN V V DMZ V V Address V V LAN V V LAN Group V V WAN V V...

Page 19: ...itoring configuration is set by the System Administrator The System Administrator can add or modify System settings and monitoring mode The sub Administrators can only read System settings but not mod...

Page 20: ...inistrator and also display warning messages in the Event window of Alarm Route Table Use this function to enable the Administrator to add static routes for the networks when the dynamic route is not...

Page 21: ...acked by hackers or when emergency conditions occur Language Both Chinese and English are supported in MH 2K 4K Permitted IP Enables the Administrator to authorize specific internal external IP addres...

Page 22: ...s password and click Remove to delete a Sub Administrator Changing the Main Sub Administrator s Password Step 1 The Modify Administrator Password window will appear Enter in the required information...

Page 23: ...to remove that Sub Admin or click Cancel to cancel 4 1 2 Settings The Administrator may use this function to backup MH 2K 4K configurations and export save them to an Administrator computer or anywhe...

Page 24: ...s Step 1 Under Configuration click on the Download button next to Export System Settings to Client Step 2 When the File Download pop up window appears choose the destination place to save the exported...

Page 25: ...of the screen to restore the factory settings Enabling E mail Alert Notification Step 1 Select Enable E mail Alert Notification under E Mail Settings This function will enable the Multi Homing Securi...

Page 26: ...ort anytime HTTPS only supports with MH 4000 Step 1 Set Web Management WAN Interface The administrator can change the port number used by HTTP or HTTPS port anytime Step 2 Idle Timeout Fill in the Idl...

Page 27: ...v2 MH 2K 4K will advertise an IP address pool to the specific network so that the address pool can be provided to the network You can choose to enable LAN WAN or DMZ interface to allow RIP protocol su...

Page 28: ...e this function is enabled every packet to this appliance will be recorded for system administrator to trace System Reboot Once this function is enabled MH 2K 4K will be rebooted Reboot Appliance Clic...

Page 29: ...able synchronization by checking the box Step 2 Click the down arrow to select the offset time from GMT Step 3 Enter the Server IP Address or Server name with which you want to synchronize Step 4 Upda...

Page 30: ...ng department sub network 192 168 5 11 24 LAN 168 85 88 249 WAN 1 The first department R D department was set while setting interface IP the other four ones have to be added in Multiple Subnet after c...

Page 31: ...tiple Subnet 1 Step 1 Find the IP Address you want to modify and click Modify Step 2 Enter the new IP Address in Modify Multiple Subnet window Step 3 Click the OK button below to change the setting or...

Page 32: ...Configuration on the left side menu bar then click Multiple Subnet below it Enter Multiple Subnet window Multiple Subnet functions WAN Interface IP Forwarding Mode Display WAN Port IP Address and Forw...

Page 33: ...of the service providers click OK Step 2 Enter the new IP Address in Modify Multiple Subnet window Step 3 Click the OK button below to change the setting or click Cancel to discard changes Removing a...

Page 34: ...s will attack your MS system in accordance with their weakness such as Sasser Blaster Code Red and Nimda Select the blocking function of MH 4000 will prevent you to be attacking by these worms MH 4000...

Page 35: ...etect Ping of Death Attack Select this option to detect the attacks of tremendous trash data in PING packets that hackers send to cause System malfunction This attack can cause network speed to slow d...

Page 36: ...CP port 135 for user drefined blocking time Enable E mail Alert Notification When Blaster worm is detected send alert e mail to administrator by using e mail address defined on System Setting Enalbe S...

Page 37: ...e window click the New Entry button Step 2 In the Add New Static Route window enter new static route information Step 3 In the Interface field s pull down menu choose the network to connect LAN WAN1 W...

Page 38: ...the Remove confirmation pop up box click OK to confirm removing or click Cancel to cancel it 4 1 8 DHCP In the section the Administrator can configure DHCP Dynamic Host Configuration Protocol settings...

Page 39: ...P address of DNS Server 1 DNS Server 2 Enter the distributed IP address of DNS Server 2 WINS Server 1 Enter the distributed IP address of WINS Server 1 WINS Server 2 Enter the distributed IP address o...

Page 40: ...ynamic DNS window Update Status Connecting Update succeed Update fail Unidentified error Domain name Enter the password provided by ISP WAN IP Address IP Address of the WAN port Configure Modify dynam...

Page 41: ...ss of the WAN port Automatically Check to automatically fill in the WAN IP User Name Enter the registered user name Password Enter the password provided by ISP Internet Service Provider Domain name Yo...

Page 42: ...the mail server of the organization easily by its domain name providing that the Administrator has set up Virtual Server or Mapped IP settings correctly However for the users in the LAN network their...

Page 43: ...t Name The domain name of the server Virtual IP Address The virtual IP address respective to Host Table Configure modify or remove each Host table policy Adding a new Host Table Step 1 Click on the Ne...

Page 44: ...responding Remove option in the Configure field Step 2 A confirmation pop up box will appear click OK to remove the DNS Proxy or click Cancel 4 1 11 SNMP MH 4000 only The administrator could send the...

Page 45: ...necting and being attacked by hackers or when emergency conditions occur Step 1 Enable SNMP Trap Alert Notification Step 2 SNMP Trap Receiver Address Set the SNMP Trap Receiver Address Step 3 SNMP Tra...

Page 46: ...ck this item Web User can use HTTP or HTTPS to connect to the Setting window of MH 2K 4K HTTPS is only available with MH 4000 Step 3 Click OK to add Permitted IP or click Cancel to discard changes Mod...

Page 47: ...lect the Language version Step 1 Select the Language version English Version Traditional Chinese Version or Simplified Chinese Version Step 2 Click OK to set the Language version or click Cancel to di...

Page 48: ...ent version number of software in Version Number Administrators may visit distributor s web site to download the latest version and save it in server s hard disc Step 1 Click Browse to select the late...

Page 49: ...Internet IP Address The private IP address of MH2000 MH4000 s LAN network is the IP address of the LAN port of the device The default IP address is 192 168 1 1 If the new LAN IP Address is not 192 168...

Page 50: ...distributes the WAN 1 2 download bandwidth by session For users who are connected to the Internet via a fixed WAN IP address By Packet MH 2K 4K distributes the WAN 1 2 download bandwidth by packet and...

Page 51: ...ISP IP Address provided by ISP Dynamic Select this if the IP address is automatically assigned by the ISP Fixed Select this if you were given a static IP address Enter the IP address that is given to...

Page 52: ...n a specific hostname in order to connect to their network Please enter the hostname here If not required by your ISP you do not have to enter a hostname Domain Name You can specify your own domain na...

Page 53: ...address of the WAN 1 port of the device Netmask This will be the subnet mask of the WAN 1 network i e 255 255 255 0 Default Gateway This will be the Gateway IP address Domain Name Server DNS This is t...

Page 54: ...ct this item if you are using the service provided by BEZEQ in Israel Service On Demand The PPPoE connection will automatically disconnect after a length of idle time no activities Enter in the amount...

Page 55: ...twork consists of server computers such as FTP SMTP and HTTP web These server computers are put in the DMZ network so they can be isolated from the LAN LAN network traffic Broadcast messages from the...

Page 56: ...WAN or LAN network NetMask This will be the subnet mask of the DMZ network Ping Select this to allow the DMZ network to ping the IP Address of MH 2K 4K This will allow people from the Internet to be a...

Page 57: ...resses can greatly simplify the process of building control policies How to use Address Table With easily recognized names of IP addresses and names of address groups shown in the address table the Ad...

Page 58: ...s of a new LAN network address Step 3 Click OK to add the specified LAN network or click Cancel to cancel the changes If you want to enable Get Static IP address from DHCP Server function enter the MA...

Page 59: ...a LAN Address Step 1 In the LAN window locate the name of the network to be removed Click the Remove option in its corresponding Configure field Step 2 In the Remove confirmation pop up box click OK t...

Page 60: ...f LAN group Click Modify to change the settings of LAN group Click Remove to delete the group In the LAN Group window if one of the LAN Group has been added to Policy the Configure column will show th...

Page 61: ...hanges Modifying a LAN Group Step 1 In the LAN Group window locate the network group desired to be modified and click its corresponding Modify option in the Configure field Step 2 A window displaying...

Page 62: ...ing a LAN Group Step 1 In the LAN Group window locate the group to be removed and click its corresponding Remove option in the Configure field Step 2 In the Remove confirmation pop up box click OK to...

Page 63: ...ings of WAN network Click Modify to change the settings of WAN network Click Remove to delete the setting of WAN network NOTE In the WAN Network window if one of the members has been added to Policy o...

Page 64: ...cate the name of the network to be modified and click the Modify option in its corresponding Configure field Step 2 The Modify Address window will appear on the screen immediately In the Modify Addres...

Page 65: ...option in its corresponding Configure field Step 2 In the Remove confirmation pop up box click OK to remove the address or click Cancel to discard changes 4 3 4 WAN Group Entering the WAN Group windo...

Page 66: ...N Group Step 1 In the WAN Group window click the New Entry button and the Add New Address Group window will appear Step 2 In the Add New Address Group window the following fields will appear Name Ente...

Page 67: ...p Step 3 Add members Select the names to be added in the Available Address list and click the Add button to add them to the Selected Address list Step 4 Remove members Select the names to be removed i...

Page 68: ...ay User s Manual 4 3 5 DMZ Entering the DMZ window Click DMZ under the Address menu to enter the DMZ window The current setting information such as the name of the LAN network IP and Netmask addresses...

Page 69: ...new DMZ address Step 3 Click OK to add the specified DMZ or click Cancel to discard changes Modifying a DMZ Address Step 1 In the DMZ window locate the name of the network to be modified and click the...

Page 70: ...Address Step 1 In the DMZ window locate the name of the network to be removed and click the Remove option in its corresponding Configure field Step 2 In the Remove confirmation pop up box click OK to...

Page 71: ...up window Available Address list names of all members of the DMZ Selected Address list names to assign to a new group Step 3 Name enter a name for the new group Step 4 Add members Select the names to...

Page 72: ...ist the names of all the members of the DMZ Selected Address list the names of the members that have been assigned to this group Step 3 Add members Select names to be added from the Available Address...

Page 73: ...s Manual Removing a DMZ Group Step 1 In the DMZ Group window locate the group to be removed and click its corresponding Remove option in the Configure field Step 2 In the Remove confirmation pop up b...

Page 74: ...CP port and UDP port numbers that are not in the pre defined menu according to their needs When defining custom services the client port ranges from 1024 to 65535 and the server port ranges from 0 to...

Page 75: ...c 4 4 2 Custom Entering the Custom window Step 1 Click Custom under it A window will appear with a table showing all services currently defined by the Administrator Definitions Service name The define...

Page 76: ...l appear in the Configure column In this case you are not allowed to modify or remove the settings Go to the Policy or Group window to delete the setting and then you can configure the settings Adding...

Page 77: ...ted service appears on the screen Step 2 Enter the new values Step 3 Click OK to accept editing or click Cancel Removing Custom Services Step 1 Click its corresponding Remove option in the Configure f...

Page 78: ...sage will appear in the Configure column You are not allowed to modify or remove the settings Go to the Policy window remove the Service group first and then you are allowed to configure the setting A...

Page 79: ...ow the following fields are displayed Available Services lists all the available services Selected Services list services that have been assigned to the selected group Step 2 Add new services Select s...

Page 80: ...Multi Homing Security Gateway User s Manual Removing Service Groups In the Remove confirmation pop up box click OK to remove the selected service group or click Cancel to cancel removing 75...

Page 81: ...ess the Internet during work hours Therefore the Administrator may create a schedule to allow MH2K 4K to work Monday Friday 8AM 5PM only During the non work hours MH2K 4K will not allow Internet acces...

Page 82: ...time must be less than the value in Stop Time or you cannot add or configure the setting Modifying a Schedule Step 1 In the Schedule window find the policy to be modified and click the corresponding M...

Page 83: ...Manual Removing a Schedule Step 1 In the Schedule window find the policy to be removed and click the corresponding Remove option in the Configure field Step 2 A confirmation pop up box will appear cl...

Page 84: ...QoS and selects the suitable QoS through Policy to control and efficiently distribute bandwidth MH2K 4K also makes it convenient for the administrator to use MH2K 4K with the best Utility Configuratio...

Page 85: ...igure the Guarateed Bandwidth and Maximum Bandwidth Upstream Bandwidth To configure the Guarateed Bandwidth and Maximum Bandwidth QoS Priority To configure the priority of distrubuting Upstream Downst...

Page 86: ...Configure column Step 2 In the Delete QoS window click OK to delete the QoS or click Cancel to discard the change 4 7 Authentication By configuring the Authentication you can control the user s acces...

Page 87: ...will be time out User has to re login again The default time is 30 minutes and you can configure this time by System Setting page Re Login after user login successfully When user login authentication...

Page 88: ...g a new Auth User Step 1 In the Authentication window click the New User button to create a new Auth User Step 2 In the Auth User window Auth User Name enter the username of new Authentication Passwor...

Page 89: ...this time by Authentication Auth Setting page In the form of controlling the Outgoing Policy enable the Authentication User Function NOTE If Outgoing Policy only has configured one rule with Authentic...

Page 90: ...tion window locate the Auth User name you want to edit and click on Modify in the Configure field Step 2 The Modify Auth User Password window will appear Enter in the required information Auth User sh...

Page 91: ...field Step 2 The Remove confirmation pop up box will appear Step 3 Click OK to remove that Authentication User or click Cancel to cancel 4 7 3 Auth User Group Accessing the Auth User Group window Clic...

Page 92: ...me referencing the created group Step 3 To add new Auth User Select the Auth User desired to be added in the Available auth user list and then click the Add button to add them to the group Step 4 To r...

Page 93: ...button to add them to the group Step 4 To remove Auth User Select Auth User desired to be removed in the Available auth user list and then click the Remove button to remove them from the group Step 5...

Page 94: ...e RADIUS Server Authentication RADIUS Server IP Enter RADIUS Server IP address RADIUS Server Port Enter RADIUS Server Port The default port is 1812 Shared Secret The Password for MH 4000 to access RAD...

Page 95: ...erver Port Enter POP3 Server Port The default port is 110 4 7 6 LDAP MH 4000 only Click Authentication on the left side menu bar then click LDAP below it The following window is shown Definition Enabl...

Page 96: ...be used to search by LDAP server ex dc mydomain dc com LDAP Filter Input the object located at the range of Distinguished Name ex objectClass User Distinguished Name The user Distinguished Name of LD...

Page 97: ...to block which type of extension name or all type of the file 4 8 1 URL Blocking The Administrator may setup URL Blocking to prevent LAN network users from accessing a specific website on the Interne...

Page 98: ...ng Modify option in the Configure field Step 2 Make the necessary changes needed Step 3 Click on OK to save changes or click on Cancel to discard changes Removing a URL Blocking policy Step 1 In the U...

Page 99: ...able 4 8 2 Script Blocking To let Popup ActiveX Java or Cookies in or keep them out Step 1 Click Content Filtering in the menu Step 2 Script Blocking detective functions Popup Prevent pop up boxes fro...

Page 100: ...tgoing Policy or Content Filtering will not be workable 4 8 3 P2P Blocking Step 1 Click Content Filtering in the menu Step 2 Select P2P Blocking and configure the setting eDonkey Block Prevent eDonkey...

Page 101: ...ring in the menu Step 2 Select IM Blocking and configure the setting MSN Messenger Blocking Only to select to block MSN Messenger login Yahoo Messenger Blocking Only to select to block Yahoo Messenger...

Page 102: ...tep 1 Click Content Filtering in the menu Step 2 Select Download Blocking and configure the setting All Types Block To block all types of the files downloading from web page Audio and Video Types bloc...

Page 103: ...Multi Homing Security Gateway User s Manual Note After finishing Content Filtering setting you must enable it at Outgoing Policy or Content Filtering will not be workable 98...

Page 104: ...s useful for Load Balancing which causes the virtual server to distribute data packets to each private IP addresses which are the real servers By sending all data packets to all similar servers this i...

Page 105: ...that means all services of one real WAN IP address is mapped to one private LAN IP address Entering the Mapped IP window Step 1 Click Mapped IP under the Virtual Server menu bar and the Mapped IP con...

Page 106: ...IP window Step 3 Click OK to save change or click Cancel to cancel NOTE A Mapped IP cannot be modified if it has been assigned used as a destination address of any Incoming policies Removing a Mapped...

Page 107: ...onfigure button to add new virtual server address Service The service names that provided by the virtual server WAN Port The TCP UDP ports that present the service items provided by the virtual server...

Page 108: ...nd the Add new Virtual Server IP window appears and asks for an IP address from the WAN network Step 3 Select an IP address from the drop down list of available WAN network IP addresses Step 4 Click O...

Page 109: ...r Real IP displays the WAN IP address assigned to the Virtual Server Service Name Port select the service from the pull down list that will be provided by the Real Server Load Balance Server External...

Page 110: ...dress assigned to the Virtual Server Service Name Port select the service from the pull down list that will be provided by the Real Server Load Balance Server External Service Port Input the port numb...

Page 111: ...difications or click Cancel to discard changes Click OK to execute the change of the virtual server or click Cancel to discard changes NOTE If the destination Network in Policy has set a virtual serve...

Page 112: ...ty Gateway User s Manual NOTE If the destination Network in Policy has set a virtual server it will not be able to change or configure this virtual server unless you have already removed this configur...

Page 113: ...Policy The policy settings are source addresses destination addresses services permission log statistics and flow alarm Among them source addresses destination addresses and IP mapping addresses have...

Page 114: ...nu or all of the WAN network addresses Service specify services provided by WAN network servers Action control actions to permit or deny packets from LAN networks to WAN 1 2 network travelling through...

Page 115: ...n Select Permit ALL Permit WAN 1 Permit WAN 2 or Deny ALL to allow or reject the packets travelling between the source network and the destination network Logging Traffic Log Select Enable to enable f...

Page 116: ...to be modified and click its corresponding Modify option under the Configure field Step 2 In the Modify Policy window fill in new settings NOTE To change or add selections in the drop down list for s...

Page 117: ...Configure field Step 2 In the Remove confirmation dialogue box click OK to remove the policy or click Cancel to cancel removing Enabled Monitoring function Log If Logging is enabled in the outgoing p...

Page 118: ...g to get details about the log and ways to back up and clear logs Alarm If Logging is enabled in the outgoing policy MH 2K 4K will log the traffic alarms and event alarms passing through the Multi Hom...

Page 119: ...rity Gateway NOTE The Administrator can also get flow statistics in Statistics Please refer to Statistics in Chapter 11 for more details 4 10 2 Incoming This section describes steps to create policies...

Page 120: ...ce services supported by Virtual Servers or Mapped IP Action control actions to permit or deny packets from WAN networks to Virtual Server Mapped IP travelling through the device Option specify the mo...

Page 121: ...are services application that are allowed to pass from the network to the LAN network Choose ANY for all services Action Select Permit or Deny to allow or reject the packets travelling between the spe...

Page 122: ...k Cancel to cancel adding new incoming policy Modifying Incoming Policy Step 1 In the Incoming window locate the name of policy desired to be modified and click its corresponding Modify option in the...

Page 123: ...ck Ok to remove the policy or click Cancel to cancel removing 4 10 3 WAN To DMZ LAN To DMZ This section describes steps to create policies for packets and services from the WAN networks to the DMZ net...

Page 124: ...the Virtual Server menu Service services supported by servers in DMZ network Action control actions to permit or deny packets from WAN networks to DMZ travelling through MH 2K 4K Option specify the mo...

Page 125: ...Virtual Server menu Please refer to the sections entitled Address and Virtual Server for details Service Select a service from drop down list The drop down list will contain services defined in the C...

Page 126: ...The maximum throughput quota in Kbytes Sec per session Only available with MH 4000 Quota Per Day The maximum throughput quota in Kbytes Sec per day Only available with MH 4000 NAT Select all WAN netwo...

Page 127: ...tion dialogue box click OK Removing a WAN To DMZ Policy Step 1 In the WAN To DMZ window locate the name of policy desired to be removed and click its corresponding Remove option in the Configure field...

Page 128: ...w Destination destination networks which is the WAN network address Service services supported by Servers of WAN networks Action control actions to permit or deny packets from the DMZ network to WAN n...

Page 129: ...on under the Service menu These are services application that are allowed to pass from the DMZ network to the WAN network Choose ANY for all services To add or modify these services please go to the S...

Page 130: ...d and click its corresponding Modify option in the Configure field Step 2 In the Modify Policy window fill in new settings NOTE To change or add selections in the drop down list go to the section wher...

Page 131: ...nual Removing a DMZ To WAN Policy Step 1 In the DMZ To WAN window locate the name of policy desired to be removed and click its corresponding Remove option in the Configure field Step 2 In the Remove...

Page 132: ...y and IPSec lifetime to make a VPN connection 4 11 1 IPSec Autokey This chapter describes steps to create a VPN connection using Autokey IKE Autokey IKE Internet Key Exchange provides a standard metho...

Page 133: ...VPN device Destination Subnet Destination network subnet Algorithm The display the Algorithm way Status Connect Disconnect Configure Connect Disconnect Modify and Delete Adding the Autokey IKE Step 1...

Page 134: ...ts 56 bit DES CBC 168 bit Triple DES CBC AES or NULL encryption algorithm The default algorithm is 56 bit DES CBC Authentication Algorithm Selects MD5 128 bit hash or SHA 1 160 bit hash authentication...

Page 135: ...outer Example 1 Create a VPN connection between two Multi Homing Security Gateways Preparation Task Company A External IP is 61 11 11 11 Internal IP is 192 168 10 X Company B External IP is 211 22 22...

Page 136: ...r ENC Algorithm and MD5 for AUTH Algorithm And select Group 1 to connect Step 6 In IPSec Algorithm Table choose Data Encryption Authentication We choose 3DES for ENC Algorithm and MD5 for AUTH Algorit...

Page 137: ...hand side and then select the sub select IPSec Autokey Click Add Step 2 Enter the VPN name VPN_B in IPSec Autokey window and choose From Source to be Internal Fill the subnet IP 192 168 20 0 and subne...

Page 138: ...n IPSec Algorithm Table choose Data Encryption Authentication We choose 3DES for ENC Algorithm and MD5 for AUTH Algorithm Step 7 Choose Perfect Forward Secrecy and enter 28800 seconds in IPSec Lifetim...

Page 139: ...y A are as the following Step 1 Enter the default IP of Company A s Multi Homing Security Gateway 192 168 10 1 Click VPN in the menu bar on the left hand side and then select the sub select IPSec Auto...

Page 140: ...r 28800 seconds in IPSec Lifetime and Keep alive IP to keep connecting Step 8 Click the down arrow to select the policy of schedule which was pre determined in Schedule Refer to the corresponding sect...

Page 141: ...Homing Security Gateway User s Manual Step 2 In the Execute window enter the command MMC in Open Step 3 Enter the Console window click Console C option and click Add Remove Embedded Management Option...

Page 142: ...Manual Step 4 Enter Add Remove Embedded Management Option window and click Add In Add Remove Embedded Management Option window click Add to add Create IP Security Policy Step 5 Choose Local Machine L...

Page 143: ...ti Homing Security Gateway User s Manual Step 6 Finish the setting of Add Step 7 Click the right button of mouse in IP Security Policies on Local Machine and choose Create IP Security Policy C option...

Page 144: ...Multi Homing Security Gateway User s Manual Step 8 Click Next Step 9 Enter the Name of this VPN and optionally give it a brief description 139...

Page 145: ...lti Homing Security Gateway User s Manual Step 10 Disable Activate the default response rule And click Next Step 11 Completing the IP Security Policy setting and click Finish Enable Edit properties 14...

Page 146: ...Multi Homing Security Gateway User s Manual Step 12 In VPN_B window click Add and please don t click Use Add Wizard 141...

Page 147: ...ulti Homing Security Gateway User s Manual Step 13 In IP Filter List tab click Add Step 14 In IP Filter List window please don t choose Use Add Wizard and change Name to VPN_B WAN TO LAN Click Add 142...

Page 148: ...s IP Address 211 22 22 22 and Subnet mask 255 255 255 255 In Destination address click down the arrow to select the specific IP Subnet and fill Company A s IP Address 192 168 10 0 and Subnet mask 255...

Page 149: ...ng Security Gateway User s Manual Step 17 Click Filter Action tab and choose Require Security Click Edit Step 18 In Security Methods tab choose accept unsecured communication but always respond using...

Page 150: ...Multi Homing Security Gateway User s Manual Step 19 Click Edit in Custom None 3DES MD5 Step 20 Click Custom For professional user and click Edit 145...

Page 151: ...s Manual Step 21 Click Data Integrity and Encapsulation and choose MD5 and 3DES Click Generate a New key after every 28800 seconds And click 3 times OK to return Step 22 Click Connection Type tab and...

Page 152: ...ity Gateway User s Manual Step 23 Click Tunnel Setting tab and click The tunnel endpoint is specified by the IP Address Enter the WAN IP of Company A 61 11 11 11 Step 24 Click Authentication Methods a...

Page 153: ...Multi Homing Security Gateway User s Manual Step 25 Choose Use this string to protect the key exchange Preshared Key And enter the key 123456789 Step 26 Finish the setting and close the window 148...

Page 154: ...ming Security Gateway User s Manual Step 27 Finish the Policy setting of VPN_B WAN TO LAN Step 28 Enter VPN_B window again and click Add to add second IP Security Policy Please don t enable Use Add Wi...

Page 155: ...Multi Homing Security Gateway User s Manual Step 29 In New Rule Properties click Add Step 30 In IP Filter List window please disable Use Add Wizard and change Name to VPN_B LAN TO WAN Click Add 150...

Page 156: ...IP Address 192 168 10 0 and Subnet mask 255 255 255 0 In Destination address click down the arrow to select the specific IP Subnet and fill remote user s IP Address 211 22 22 22 and Subnet mask 255 25...

Page 157: ...ng Security Gateway User s Manual Step 33 Click Filter Action tab and choose Require Security Click Edit Step 34 In Security Methods tab choose accept unsecured communication but always respond using...

Page 158: ...Multi Homing Security Gateway User s Manual Step 35 Click Edit in Custom None 3DES MD5 Step 36 Click Custom For professional user and click Edit 153...

Page 159: ...s Manual Step 37 Click Data Integrity and Encapsulation and choose MD5 and 3DES Click Generate a New key after every 28800 seconds And click 3 times OK to return Step 38 Click Connection Type tab and...

Page 160: ...ty Gateway User s Manual Step 39 Click Tunnel Setting tab and click The tunnel endpoint is specified by the IP Address Enter the WAN IP of remote user 211 22 22 22 Step 40 Click Authentication Methods...

Page 161: ...Multi Homing Security Gateway User s Manual Step 41 Choose Use this string to protect the key exchange Preshared Key And enter the key 123456789 Step 42 Finish the setting and close the window 156...

Page 162: ...Multi Homing Security Gateway User s Manual Step 43 Finish the Policy setting of VPN_B LAN TO WAN Step 44 In VPN_B window click General tab And click Advanced for Key Exchange using these settings 157...

Page 163: ...Multi Homing Security Gateway User s Manual Step 45 Click Master key Perfect Forward Secrecy Step 46 Move IKE 3DES MD5 up to the highest order Finish all settings 158...

Page 164: ...Multi Homing Security Gateway User s Manual Step 47 Finish the settings of remote user s Windows XP VPN Step 48 Click the right button of mouse in VPN_B and enable Assign 159...

Page 165: ...Multi Homing Security Gateway User s Manual Step 49 To restart IPSec by Start Settings Control Panel Step 50 Enter Control Panel and click Administrative Tools 160...

Page 166: ...Multi Homing Security Gateway User s Manual Step 51 After entering Administrative Tools click Services Step 52 After entering Service click IPSec Services Restart the Service 161...

Page 167: ...11 Internal IP is 192 168 10 X Company B External IP is 211 22 22 22 Internal IP is 192 168 20 X To Allow Company A 192 168 10 100 create a VPN connection with company B 192 168 20 100 for downloading...

Page 168: ...mode For communication via VPN the Multi Homing Security Gateway will automatically choose 3DES for ENC Algorithm MD5 for AUTH Algorithm and select Group 2 to connect Local ID and Remote ID are option...

Page 169: ...s Multi Homing Security Gateway 192 168 20 1 Click VPN in the to be Internal Fill S menu bar on the left hand side and then select the sub select IPSec Autokey Click Add Step 2 Enter the VPN name VPN...

Page 170: ...ID is 11 11 11 11 and Remote ID is 22 22 22 22 If you want to use number or text add in the front for instance 123A and abcd123 tep 6 In IPSec Algorithm Table choose Data Encryption Authentication We...

Page 171: ...PSec Algorithm The Gateway of Company A is 192 168 10 1 The settings of company A are as the following Step 1 Enter the default IP of Company A s Multi Homing Security Gateway 192 168 10 1 Click VPN i...

Page 172: ...E The Source IP and Remote IP should be in the same C Class Step 7 In IPSec Algorithm Table choose Data Encryption Authentication We choose 3DES for ENC Algorithm and MD5 for AUTH Algorithm Step 8 Cho...

Page 173: ...ubnet IP 192 168 20 0 and subnet mask 255 255 255 0 Step 3 In To Destination table choose Remote Gateway Fixed IP enter the IP desired to be connected company A s subnet IP and mask 192 168 10 0 and 2...

Page 174: ...e which was pre determined in Schedule Refer to the corresponding section for details Step 10 Click OK to finish the setting of Company B Example 5 Create a VPN connection between Multi Homing Securit...

Page 175: ...Multi Homing Security Gateway User s Manual Step 1 Configure the Multi Homing Security Gateway as the following Step 2 Configure VRT 311 VPN policy as the following 170...

Page 176: ...Multi Homing Security Gateway User s Manual 171...

Page 177: ...play the IP addresses range for PPTP Client connection User Name Displays the PPTP Client s user name for authentication Client IP Displays the PPTP Client s IP address for authentication Uptime Displ...

Page 178: ...lways connected set the number to 0 Schedule Click the down arrow to select the schedule which was pre determined in Schedule Refer to the corresponding section for details Enable RADIUS Server Authen...

Page 179: ...Client IP assigned by 1 IP Range check to enable auto allocating IP for PPTP client to connect 2 Fixed IP check and enter a fixed IP for PPTP client to connect Step 3 Click OK to save modifications or...

Page 180: ...lick Cancel to cancel modifications Removing PPTP Server Step 1 Select VPN PPTP Server Step 2 In the PPTP Server window find the PPTP server that you WAN t to modify Click Configure and click Remove S...

Page 181: ...Gateway User s Manual 4 11 3 PPTP Client This function allows MH 2K 4K to dial up the remote PPTP server and access the network resources on remote network Entering the PPTP Client window Step 1 Selec...

Page 182: ...Step 1 Select VPN PPTP Client Step 2 Configure the parameters User name Specify the PPTP client This should be unique Password Specify the PPTP client password Server Address Enter the PPTP Server s I...

Page 183: ...ow to select the schedule which was pre determined in Schedule Refer to the corresponding section for details NAT Check this feature if the remote PPTP Server belongs to Windows Server based Step 3 Cl...

Page 184: ...Multi Homing Security Gateway User s Manual 179...

Page 185: ...equirement 1 Register the Domain Name for example planet com tw You need to visit the Network Information Center in local i e the origination in Taiwan and China is TWNIC Taiwan Network Information Ce...

Page 186: ...nd IP 66 218 71 84 Enable Enable or Disable of the domain Configure Click Modify to make further configuration and Remove to delete the domain New Entry Click New Entry to add new domain Add New Domai...

Page 187: ...planet com tw A 61 11 11 12 host2 planet com tw A 61 11 11 13 host2 planet com tw A 211 22 22 23 A stands for Address and each record provides each Domain Name map into each IP Address Because the ho...

Page 188: ...r may send an E Mail to the customer support planet com tw The engineer may send the mail via test com tw as SMTP Server And the server test com tw could decide how to send the mail to the server mail...

Page 189: ...168 1 100 Web Server mail planet com tw 192 168 1 101 E Mail Server At first we have to register 2 leased line ADSL line for fixed IP Suppose the IP range provided by the ISP is below 61 11 11 11 61...

Page 190: ...Server is disconnected or can t run well C nslookup main planet com tw Address Name main planet com tw Address 211 22 22 22 Test whether if the function of backup is enabled automatically and smoothly...

Page 191: ...tering the website is as below The first user enter the server of 61 11 11 11 The second user enter the server of 211 22 22 22 The third user enter the server of 211 22 22 22 The fourth user enter the...

Page 192: ...und Load Balance feature Example 1 Setup WEB Server and Type is A for Back up in Inbound Load Balance Example 2 Setup WEB Server and Type is A for Round Robin in Inbound Load Balance Example 3 Setup W...

Page 193: ...r the window of Inbound Balance Step 2 Enter the DNS domain name broadband com tw registered by ISP in the field of Domain Name and enable Enable the Zone Step 3 Enter the window of Inbound Balance Co...

Page 194: ...on the Assist to select 211 22 22 22 And select Backup in Balance Mode After the setup is completed please click on OK Step 6 The setup is completed below Step 7 Enter the setup window of Virtual Ser...

Page 195: ...erver 1 Step 10 Enter the setup window of Virtual Server 2 Step 11 Enter the window of Add Virtual Server IP and enter the virtual server IP WAN 2 211 22 22 22 And click the Add button Enter the relat...

Page 196: ...e Round Robin For providing stable and reliable connection service quality MH 4000 provides this mechanism according to specific weight and priority in setup of Inbound Load Balance Below is the detai...

Page 197: ...ed below Step 6 Enter the setup window of Virtual Server 1 in the menu Step 7 Enter the window of Add Virtual Server IP and enter the virtual server IP WAN 1 61 11 11 11 And click the Add button Enter...

Page 198: ...ual Server 2 Step 12 Enter the window of Add Virtual Server IP and enter the virtual server IP WAN 2 211 22 22 22 And click the Add button Enter the relating parameters and click on OK Step 13 Add new...

Page 199: ...user enter the server of 211 22 22 22 The sixth user enter the server of 211 22 22 22 Example 3 Setup WEB Server and Type is CNAME for Round Robin in Inbound Load Balance Round Robin For providing sta...

Page 200: ...ide of Address click on the Assist to select 61 11 11 11 And select Round Robin in Balance Mode After the setup is completed please click on OK Step 6 Set weight to be 1 first priority and the setup i...

Page 201: ...e setup is completed please click on OK Step 10 Set weight to be 2 second priority and the setup is completed below Step 11 Enter the window of Inbound Balance Configuration and select CNAME for the S...

Page 202: ...s and click on OK Step 16 Add new policy of Incoming in Policy of Virtual Server 1 Step 17 Enter the setup window of Virtual Server 2 Step 18 Enter the window of Add Virtual Server IP and enter the vi...

Page 203: ...enter the server of 61 11 11 11 The second user enter the server of 211 22 22 22 The third user enter the server of 211 22 22 22 The fourth user enter the server of 61 11 11 11 The fifth user enter t...

Page 204: ...fter the setup is completed please click on OK Step 5 Set weight to be 1 first priority and the setup is completed below Step 6 Enter the window of Inbound Balance Configuration and select A for the S...

Page 205: ...in the menu Step 12 Enter the window of Add Virtual Server IP and enter the virtual server IP WAN 1 61 11 11 11 And click the Add button Enter the relating parameters according the service provided by...

Page 206: ...enter the virtual server IP WAN 2 211 22 22 22 And click the Add button Enter the relating parameters according to the service provided by this server ex POP3 110 and click on OK Step 17 Enter the win...

Page 207: ...n broadband com tw When users encounter mail broadband com tw Alias Server the connection service maps into main broadband com tw Real Server and the sequence of entering the website is below The firs...

Page 208: ...uration of connection the source address the destination address and services requested for each control policy Event logs record the contents of System Configuration changes made by the Administrator...

Page 209: ...or Deny Downloading the Traffic Logs The Administrator can backup the traffic logs regularly by downloading it to the computer Step 1 In the Traffic Log window click the Download Logs button at the b...

Page 210: ...g When MH 2K 4K WAN detects events the Administrator can get the details such as time and description of the events from the Event Logs Entering the Event Log window Step 1 Click the Event Log option...

Page 211: ...on of the events Time time when the event occurred Event description of the event Downloading the Event Logs Step 1 In the Event Log window click the Download Logs button at the bottom of the screen S...

Page 212: ...dministrator may clear on line event logs to keep just the most updated logs on the screen Step 1 In the Event Log window click the Clear Logs button at the bottom of the screen Step 2 In the Clear Lo...

Page 213: ...Definition Time The start and end time of connection Connection Log Event description during connection Download Logs Step 1 Click Log in the menu bar on the left hand side and then select the sub sel...

Page 214: ...ep 1 Click Log in the menu bar on the left hand side and then select the sub selection Connection Logs Step 2 In Connection Log window click the Clear Logs button Step 3 In Clear Logs window click OK...

Page 215: ...Multi Homing Security Gateway User s Manual 4 13 4 Log Backup Click Log Log Backup 210...

Page 216: ...er which supports Syslog function NOTE To restart Connection Log click the Refresh button on the right hand side in Log window Enable Log Mail Support Syslog Message Log Mail Configuration Enable Log...

Page 217: ...rity Gateway User s Manual Disable Log Mail Support Syslog Message Step 1 Go to LOG Log Backup Uncheck to disable Log Mail Support Click OK Step 2 Go to LOG Log Backup Uncheck to disable Settings Mess...

Page 218: ...so display warning messages in the Blaster window of Alarm Traffic Alarm In control policies the Administrator set the threshold value for Traffic Alarm The System regularly checks whether the traffic...

Page 219: ...he Download Alarm button at the bottom of the screen Step 2 Follow the File Download pop up box to save the blaster alarm logs into specific directory on the hard drive Clearing Blaster Alarm Logs The...

Page 220: ...le on the computer Step 1 In the Traffic Alarm window click the Download Alarm button on the bottom of the screen Step 2 Follow the File Download pop up box to save the traffic alarm logs into specifi...

Page 221: ...file on the computer Step 3 In the Event Alarm window click the Download Alarm button at the bottom of the screen Step 4 Follow the File Download pop up box to save the event alarm logs into specific...

Page 222: ...hen LAN users connect to WAN service server via MH 4000 Inbound Accounting Report the statistics of downstream and upstream for all kinds of communication services the Inbound Accounting report will b...

Page 223: ...sers icon on the page to show the source IP accounting report If this option is already selected it does not change when you click it When LAN users connect to WAN service server through MH 4000 all o...

Page 224: ...me record of the first packet that was sent to WAN service server from LAN user Last Packet The time record of the last packet sent from WAN server and received by the LAN user Duration The time stati...

Page 225: ...t presents 10 results in one page Destination IP User The WAN Server s IP address The value of indicates how many users had accessed the website Source IP The list of the user s IP address who had eve...

Page 226: ...ugh MH 4000 all of the Downstream Upstream First Packet Last Packet Duration log of the Communication Service will be recorded Definitions Top Services Select the data type you want to check It presen...

Page 227: ...Report Click the Accounting Report function and then select Inbound There are three options for Inbound acounting report Top Users source IP Top Sites Destination IP and Top Services Service Inbound S...

Page 228: ...e percentage of Upstream and the statistic value of the connection from LAN host to WAN host via MH 4000 First Packet The time record of the first packet that was sent from WAN host to LAN host Last P...

Page 229: ...m The percentage of Downstream and the statistic value of the connection from WAN host to LAN host via MH 4000 Upstream The percentage of Upstream and the statistic value of the connection from LAN ho...

Page 230: ...cation Service when WAN host connect to LAN host through MH 4000 Port indicates the protocol port number Downstream The percentage of Downstream and the statistic value of the connection from WAN host...

Page 231: ...istrator can get the current network status from statistics and use the information provided by statistics as a basis to mange networks How to apply WAN Statistics The Administrator needs to go to Pol...

Page 232: ...y 30 days Week 7 weeks Month 12 months and Year 10 years Select the WAN port you want to show and select the time units minute hour day week month or year of the graph Y Coordinate Four options are av...

Page 233: ...e Policy Statistics Step 1 Click Statistics in the menu bar on the left hand side and then select Policy Statistics Step 2 In Statistics window find the policy you want to view Step 3 In the Statistic...

Page 234: ...Multi Homing Security Gateway User s Manual 229...

Page 235: ...Status window Click on Status in the menu bar then click Interface Status below it A window will appear and provide information from the Configuration menu Interface Status will list the settings for...

Page 236: ...7 3 Auth Status Entering the Auth Status window Click on Status in the menu bar then click Auth Status below it A window will appear and provide information from the Auth User menu Auth Status will li...

Page 237: ...Auth User login in time 4 17 4 ARP Table Entering the ARP Table window Click on Status in the menu bar then click ARP Table below it A window will appear and display a table with IP addresses and the...

Page 238: ...omputer is connected to LAN WAN 1 2 DMZ 4 17 5 DHCP Clients Entering the DHCP Clients window Click on Status in the menu bar then click on DHCP Clients below it A window will appear and display the ta...

Page 239: ...Security Gateway User s Manual IP Address the IP address of the LAN host computer MAC Address MAC address of the LAN host computer Leased Time The Start and End time of the DHCP lease for the LAN host...

Reviews:

No comments

Related manuals for MH-2000

Valcom PagePro VIP-204A Quick Start Manual preview
PagePro VIP-204A
Brand: Valcom Pages: 4
Matrix Telecom SIMADO GFX44 Quick Start Manual preview
SIMADO GFX44
Brand: Matrix Telecom Pages: 32
Epygi QuadroM-E1 Installation Manual preview
QuadroM-E1
Brand: Epygi Pages: 55
Gree MG30-24/D1(B) Installation And Operation Manual preview
MG30-24/D1(B)
Brand: Gree Pages: 67
Sunfull 1002-ARM Instructions For Installation preview
1002-ARM
Brand: Sunfull Pages: 2
Siemens SMG 71 Installation Instructions preview
SMG 71
Brand: Siemens Pages: 2
Siemens VNT Installation Instructions Manual preview
VNT
Brand: Siemens Pages: 8
Siemens VersiComm VC1COMMA Installation And Operation Manual preview
VersiComm VC1COMMA
Brand: Siemens Pages: 22
Siemens SIRIUS 3RK3141 Series Original Operating Instructions preview
SIRIUS 3RK3141 Series
Brand: Siemens Pages: 19
Siemens SIMATIC RTLS4330G Operating Instructions Manual preview
SIMATIC RTLS4330G
Brand: Siemens Pages: 28
Siemens Tiastar LV MCC Instruction Manual preview
Tiastar LV MCC
Brand: Siemens Pages: 48
Siemens Sinamics Connect Series Operating Instructions Manual preview
Sinamics Connect Series
Brand: Siemens Pages: 101
Siemens WTT563 Series Operating And Installation Instructions preview
WTT563 Series
Brand: Siemens Pages: 124
Siemens SIMATIC S7-200 System Manual preview
SIMATIC S7-200
Brand: Siemens Pages: 866
Velleman HAA9523S User Manual preview
HAA9523S
Brand: Velleman Pages: 84
VOGO VOKKERO ELITE User Manual preview
VOKKERO ELITE
Brand: VOGO Pages: 24
Pfeiffer Vacuum TIC 253 Operating Instructions Manual preview
TIC 253
Brand: Pfeiffer Vacuum Pages: 20
BossPac WASP NEST4 User Manual preview
WASP NEST4
Brand: BossPac Pages: 27

Brands by name

Popular brands

Load more brands