manualshive.com logo in svg

QNO 4WAN, User Manual

The QNO 4WAN is a high-performance networking device designed to enhance connectivity and improve network performance. To set up and configure your device seamlessly, make sure to download the free User Manual from our website. This manual will provide you with all the information you need to get started.

Share
Download
background image

 

  Enterprise  Multi-WAN  VPN  QoS  Router 

 

 

 

85 

9.3 Access Rule 

Users may turn on/off the setting to permit or forbid any packet to access internet. Users 

may select to set different network access rules: from internal to external or from external to 

internal. Users may set different packets for IP address and communication port numbers to 

filter Internet access rules. 

Network access rule follows IP address, destination IP address, and IP communications 

protocol status to manage the network packet traffic and make sure whether their access is 

allowed by the firewall. 

The device has a user-friendly network access regulatory tool. Users may define network 

access  rules. They can  select to  enable/ disable the network so as to  protect all internet 

access. The following describes the internet access rules: 

 

All traffic from the LAN to the WAN is allowed - by default.   

 

All traffic from the WAN to the LAN is denied - by default.   

 

All traffic from the LAN to the DMZ is allowed - by default.   

 

All traffic from the DMZ to the LAN is denied - by default.   

 

All traffic from the WAN to the DMZ is allowed - by default. 

 

All traffic from the DMZ to the WAN is allowed - by default.   

Users may define access rules and do more than the default rules. However, the following 

four extra service items are always on and are not affected by other user-defined settings.   

* HTTP Service (from LAN to Device) is on by default (for management)   

*  DHCP  Service  (from  LAN  to  Device)  is  set  to  on  by  default  (for  the  automatic  IP 

retrieval)   

* DNS Service (from LAN to Device) is on by default (for DNS service analysis)   

* Ping Service (from LAN to Device) is on by default (for connection and test)   

 

Summary of Contents for 4WAN

Page 1: ...English User s Manual 4 WAN Enterprise Multi WAN VPN QoS Router Load Balancing Bandwidth Management VPN Network Security Management...

Page 2: ...text and corresponding combination diagram interface design printing materials or electronic file are protected by copyright of our country clauses of international copyright and other regulations of...

Page 3: ...ies The actual functions of the product may vary with the model Therefore some functions may not be found on the product you purchased 4 5 Qno reserves the right to change the file content of this Man...

Page 4: ...attempted to solve by consultation first If it is not solved by consultation user agrees that the dissension or dispute is brought to trial in the jurisdiction of the court in the location of Qno In...

Page 5: ...11 5 1 2 Physical Port Status 12 5 1 3 System Information 13 5 1 4 Firewall Status 14 5 1 5 VPN Status 15 5 1 6 Log Setting Status 15 5 2 Change and Set Login Password and Time 16 5 2 1 Password Sett...

Page 6: ...splay All VPN Summary 93 10 1 2 Add a New VPN Tunnel 98 10 1 3 PPTP Setting 128 10 1 4 VPN Pass Through 131 10 2 QnoKey 132 10 2 1 QnoKey Summary 132 10 2 2 Qnokey Group Setup 133 10 2 3 Qnokey Accoun...

Page 7: ...Backup 173 13 4 SNMP 174 13 5 System Recover 176 XIV Log 178 14 1 System Log 178 14 2 System Statistic 185 14 3 Traffic Statistic 187 14 4 IP Port Statistic 189 XV Log out 192 Appendix I User Interfa...

Page 8: ...ive enterprise level VPN Routers This is why the device is so popular with modern enterprises In addition to internet connectability for the broadband market VPN Router has the function of VPN virtual...

Page 9: ...o control web access users can build and edit filter lists It also enables users to ban or monitor websites according to their needs By the filter setting and complete OS management school and busines...

Page 10: ...s the management and maintenance making the user network settings be done at one time The main process is as below 1 Hardware installation 2 Login 3 Verify device specification and set up password and...

Page 11: ...ue Synchronize time with WAN 4 Set WAN connection Verify WAN connection setting bandwidth allocation and protocol binding Connect to WAN Configure bandwidth to optimize data transmission 5 Set LAN con...

Page 12: ...multiple WAN IP DDNS and MAC Clone DMZ Forwarding UPnP Routing Mode multiple WAN IP DDNS and MAC Clone 9 Management and maintenance settings Syslog SNMP and configuration backup Monitor VPN Router wor...

Page 13: ...et is running at 100Mbps Amber LED off Ethernet is running at 10Mbps Connect Green Green LED on WAN is connected and gets the IP address Reset Action Description Press Reset Button For 5 Secs Warm Sta...

Page 14: ...ack to fail thus causing damage or danger Each device comes with a set of rack installation accessories including 2 L shaped brackets and 8 screws Users can rack mount the device onto the chassis Plea...

Page 15: ...ugh an external router to connect to the Internet LAN Connection The LAN port can be connected to a Switching Hub or directly to a PC Users can use servers for monitoring or filtering through the port...

Page 16: ...er cmd to commend DOS and enter ipconfig for getting Default Gateway address as the graphic below 192 168 1 1 Make sure Default Gateway is also the default IP address of the router Attention When not...

Page 17: ...gin password in the setting later Attention For security we strongly suggest that users must change password after login Please keep the password safe or you can not login to the device Press Reset bu...

Page 18: ...rs reference 5 1 1 WAN Status IP Address Indicates the current IP configuration for WAN port Default Gateway Indicates current WAN gateway IP address from ISP DNS Server Indicates the current DNS IP c...

Page 19: ...PPPoE or PPTP is selected Disconnect and Connect will appear DMZ IP Address Indicates the current DMZ IP address 5 1 2 Physical Port Status The status of all system ports including each connected and...

Page 20: ...ase T iniferface WAN LAN DMZ link status Up Down physical port status Port Enabled Port Disabled priority high or normal speed status 10Mbps or 100Mbps duplex status Half Full auto negotiation Enabled...

Page 21: ...nchronize the device with the remote NTP server first 5 1 4 Firewall Status SPI Stateful Packet Inspection Indicates whether SPI Stateful Packet Inspection is on or off The default configuration is On...

Page 22: ...nnels that have been configured in VPN Virtual Private Network Tunnel s Available Indicates number of tunnels that are available for VPN Virtual Private Network PPTP Server Indicates if PPTP server is...

Page 23: ...are both admin For security reasons we strongly recommend that you must change your password after first login Please keep the password safe or you might not login to the device You can press Reset bu...

Page 24: ...Apply to save the configuration 5 2 2 Time The device can adjust time setting Users can know the exact time of event occurrences that are recorded in the System Log and the time of closing or opening...

Page 25: ...ur own preferred time server input the server IP address Apply After the changes are completed click Apply to save the configuration Cancel Click Cancel to leave without making any change This action...

Page 26: ...ntains the basic settings For most users completing this general setting is enough for connecting with the Internet However some users need advanced information from their ISP Please refer to the foll...

Page 27: ...untries may require it 6 1 2 LAN Setting This is configuration information for the device current LAN IP address The default configuration is 192 168 1 1 and the default Subnet Mask is 255 255 255 0 I...

Page 28: ...e multi net segment configuration the Internet will then be directly accessible In other words if there are already different IP segment groups in the Intranet the Internet is still accessible without...

Page 29: ...e connection mode to obtain an automatic DHCP IP This is the device system default connection mode It is a connection mode in which DHCP clients obtain an IP address automatically If having a differen...

Page 30: ...e for disconnection of this WAN service Line Dropped Scheduling Input how long the WAN service may be disconnected before the newly added connections should go through another WAN to connect with the...

Page 31: ...5 255 248 Issued 16 static IP addresses 255 255 255 240 Default Gateway Input the default gateway issued by ISP For ADSL users it is usually an ATU R IP address As for optical fiber users please input...

Page 32: ...tion can be minimized Line Dropped Period Input the time rule for the disconnection of this WAN service Line Dropped Scheduling Input how long the WAN service may be disconnected before the newly adde...

Page 33: ...the Internet the device will automatically make a dial connection If the line has been idle for a period of time the system will break the connection automatically The default time for automatic brea...

Page 34: ...be minimized Line Dropped Period Input the time rule for the disconnection of this WAN service Line Dropped Scheduling Input how long the WAN service may be disconnected before the newly added connect...

Page 35: ...ided by the ISP when the PC is installed Contact ISP for relevant information Subnet Mask Input the subnet mask of the static IP address issued by ISP such as Issued eight static IP addresses 255 255...

Page 36: ...n for WAN connection service For example the optical fiber service will be disconnected from 0 00 am to 6 00 am Although there is a standby system in the device at the moment of WAN disconnection all...

Page 37: ...ithout making any changes Transparent Bridge If all Intranet IP addresses are applied as Internet IP addresses and users don t want to substitute private network IP addresses for all Intranet IP addre...

Page 38: ...5 240 Default Gateway Address Input the default gateway of the static IP address issued by ISP For ADSL users it is usually an ATU R IP address DNS Server Input the DNS IP address set by ISP At least...

Page 39: ...e minimized Line Dropped Period Input the time rule for the disconnection of this WAN service Line Dropped Scheduling Input how long the WAN service may be disconnected before the newly added connecti...

Page 40: ...anced configuration modification Click Edit to enter the advanced configuration page The DMZ configuration can be classified by Subnet and Range Subnet The DMZ and WAN located in different Subnets For...

Page 41: ...rise Multi WAN VPN QoS Router 34 IP Range Input the IP range located at the DMZ port After the changes are completed click Apply to save the configuration or click Cancel to leave without making any c...

Page 42: ...e to ensure that the device can balance the actual network load please input real upload and download bandwidths Session Balance If By Session is selected the WAN bandwidth will automatically allocate...

Page 43: ...to go through an assigned WAN for external connection After being assigned the specific WAN will only support those assigned Intranet IP addresses specific destination application service ports or sp...

Page 44: ...he device will automatically allocate external connections based on routing policy Division of traffic between Telecom and Netcom is to be used in China embedded in the device All you have to do is to...

Page 45: ...China Netcom Policy window users can select WANs in combination to connect with Netcom Import Strategy A division of traffic policy can be defined by users too In the Import Strategy window select th...

Page 46: ...e keyed in as 210 66 161 54 210 66 161 54 After the document has been saved the extension file name is txt users can import the IP range of self defined strategy Note China Netcom strategy and self de...

Page 47: ...art When Fail 1 Generate the Error Condition in the System Log If an ISP connection failure is detected an error message will be recorded in the System Log This line will not be removed therefore the...

Page 48: ...he local default communication gateway location such as the IP address of an ADSL router will be input automatically by the device Therefore users just need to check the option if this function is nee...

Page 49: ...WANs in turn For example the traffic will be shifted to WAN2 first if WAN2 is broken too the traffic will be shifted to WAN3 and so on 6 2 3 Protocol Binding Bandwidth Configuration When Auto Load Ba...

Page 50: ...balance mode of Assigned Routing the first WAN WAN1 cannot be assigned It is to be saved for the IP addresses and the application Service Ports that are not assigned to other WANs WAN2 WAN3 and WAN4...

Page 51: ...boxes Destination IP In the boxes input an external static IP address For example if connections to destination IP address 210 11 1 1 are to be restricted to WAN1 the external static IP address 210 1...

Page 52: ...able button A dialogue box as shown in the following figure will be displayed Users can choose to sort the list by priorities or by interface Click Refresh and the page will be refreshed click Close a...

Page 53: ...To remove the selected activated Services Apply Click the Apply button to save the modification Cancel Click the Cancel button to cancel the modification This only works before Apply is clicked Close...

Page 54: ...y click Add New and the rule will be added to the mode Example 2 How do I set up Auto Load Balance Mode to keep Intranet IP 192 168 1 150 200 from going through WAN2 when the destination port is Port...

Page 55: ...ain the original numbers 0 0 0 0 in the boxes of Destination IP Which means to include all Internet IP addresses Select WAN2 from the pull down option list Interface and then click Enable Finally clic...

Page 56: ...or to specific destination Service Ports and to specific destination IP addresses through an assigned WAN to the Internet After being assigned the specific WAN will only support those assigned Intran...

Page 57: ...e and then click Enable Finally click Add New and the rule will be added to the mode After the rule is set up only packets that go to Port 80 will be transmitted through WAN2 while other traffics will...

Page 58: ...New and the rule will be added to the mode The second rule Select All Port TCP UDP 1 65535 from the pull down option list Service and then in the boxes of Source IP input 192 168 1 0 0 which means to...

Page 59: ...orts and understand how to configure intranet IP addresses 7 1 Setup Through the device users can easily manage the setup for WAN ports LAN ports and the DMZ port by choosing the number of ports speed...

Page 60: ...irror port by choosing Enable Port 1 as Mirror Port All the traffic from LAN to WAN will be copied to mirror port Administrator can control or filter the traffic through mirror port Once this function...

Page 61: ...nd gather the connection speed and duplex mode Therefore if Enabled Auto Neg selected the ports setup will be done without any manual setting by administrators VLAN This feature allows administrators...

Page 62: ...t Status Summary There are Network Connection Type Interface Link Status Up Down Port Activity Port Enabled Priority Setting High or Normal Speed Status 10Mbps or 100Mbps Duplex Status half duplex or...

Page 63: ...6 Statistics The packet data of this specific port will be displayed Data include receive transmit packet count receive transmit packet Byte count and error packet count Users may press the refresh bu...

Page 64: ...computers This function is similar to the DHCP service in NT servers It benefits users by freeing them from the inconvenience of recording and configuring IP addresses for each PC respectively When a...

Page 65: ...minute Range End This is an initial IP automatically leased by DHCP It means DHCP will start the lease from this IP The default initial IP is 192 168 1 100 DNS Domain Name Service This is for checkin...

Page 66: ...or s reference when a network modification is needed DHCP Server This is the current DHCP IP Dynamic IP Used The amount of dynamic IP leased by DHCP Static IP Used The amount of static IP assigned by...

Page 67: ...ter 60 IP Address The IP address acquired by the current computer MAC Address The actual MAC network location of the current computer Client Lease Time The lease time of the IP released by DHCP Delete...

Page 68: ...S Router 61 7 5 IP MAC Binding Administrators can apply IP MAC Binding function to make sure that users can not add extra PCs for Internet access or change private IP addresses There are two methods f...

Page 69: ...ck MAC address not on the list This method only allows MAC addresses on the list to receive IP addresses from DHCP and have Internet access When this method is applied please fill out Static IP with 0...

Page 70: ...0 in the boxes The boxes cannot be left empty 2 If users want DHCP to assign a static IP for a PC every single time users should input the IP address users want to assign to this computer in the boxes...

Page 71: ...rnet Show New IP user This function can reduce administrator s effort on checking MAC addresses one by one for the binding Furthermore it is easy to make mistakes to fill out MAC addresses on the list...

Page 72: ...instead of configuring each IP respectively which takes more time and is more prone to error IP Group Select a group to which the modification is to be made Add Group Click Add Group to crate a new IP...

Page 73: ...de priority to specific applications or services and also to enable other users to share bandwidth as well as to ensure stable and reliable network transmission To maximize the bandwidth efficiency ne...

Page 74: ...um Bandwidth provided by ISP In the boxes for WAN1 and WAN2 bandwidth input the upstream and downstream bandwidth which users applied for from bandwidth supplier The bandwidth QoS will make calculatio...

Page 75: ...can be calculated in the same way Attention The unit of calculation in this example is Kbit Some software indicates the downstream upstream speed with the unit KB 1KB 8Kbit 8 1 2 QoS To satisfy the b...

Page 76: ...ection or multiple selections Service Port Select what bandwidth control is to be configured in the QoS rule If the bandwidth for all services of each IP is to be controlled select All TCP UDP 1 65535...

Page 77: ...ver for external connection has been built in the device this option is to control the bandwidth for the traffic coming from outside to this Server Server in LAN Downstream If there are web sites buil...

Page 78: ...cupy too much bandwidth users can select the Share Bandwidth Mode so that no matter how much users use FTPs to download information the total occupied bandwidth is fixed Enable Activate the rule Add t...

Page 79: ...you give the port 21 as Low priority the device will only give it 10 bandwidth The remained 30 bandwidth will be shared by the other service Interface Select on which WAN the QoS rule should be execut...

Page 80: ...this Server For example game servers have been built in many Internet caf s This rule can be used to control the bandwidth for connections from outside to the game server of a caf to update data In th...

Page 81: ...In addition if any Intranet PC is attacked by a virus like Worm Blaster and sends a huge number of session requests session control will restrict that as well Session Control and Scheduling Disabled D...

Page 82: ...is user is connected with will be removed and the user will not be able to connect with the Internet for five minutes New connections cannot be made until the delay time ends Scheduling If Always is s...

Page 83: ...Address Input the IP address range or IP group Enabled Activate the rule Add to list Add this rule to the list Delete seleted item Remove the rules selected from the Service List Apply Click Apply to...

Page 84: ...QoS will be enabled You can enter the needed value the default is 60 Each IP s upstream bandwidth threshold for all WAN Input the allowed maximum threshold Each IP s downstream bandwidth threshold fo...

Page 85: ...ty mechanism Show Penalty List To show the IPs with upstream constraint downstream constraint and in the penalty mechanism Applied Time If Always is selected the rule will be executed around the clock...

Page 86: ...ty 9 1 General Policy The firewall is enabled by default If the firewall is set as disabled features such as SPI DoS and outbound packet responses will be turned off automatically Meanwhile the remote...

Page 87: ...alue is set as activated in order to decline the outbound responses Remote Management To enter the device web based UI by connecting to the remote Internet this feature must be activated In the field...

Page 88: ...hold value and the blocking duration to effectively deal with external attack The threshold value should be adjusted from high to low LAN Threshold When all packet values from internal attack or from...

Page 89: ...ies Active X and HTTP Proxy access Don t Block Java ActiveX Cookies Proxy to Trusted Domain If this option is activated users can add trusted network or IP address into the trust domain and it will no...

Page 90: ...de this service for certain IP address in the intranet users may check the following item and then enter the specific IP address or IP address session to use the services which are checked above In ad...

Page 91: ...ulti WAN VPN QoS Router 84 User Name Input the information of the QQ number etc Exempted QQ Number Input the number Add to list Add the number to the list Delete selected item Delete the selected rule...

Page 92: ...as to protect all internet access The following describes the internet access rules All traffic from the LAN to the WAN is allowed by default All traffic from the WAN to the LAN is denied by default...

Page 93: ...ity of each network access rule The device will follow the rule priorities one by one so please make sure the priority for all the rules can suit the setting rules Edit Define the network access rule...

Page 94: ...vice Port Management If the service that users wish to manage does not exist in the drop down menu press Service Management to add the new service From the pop up window enter a service name and commu...

Page 95: ...apply the rule on a round the clock basis Select from and the operation will run according to the defined time Apply this rule Select Always to apply the rule on a round the clock basis If From is se...

Page 96: ...supports two webpage restriction modes one is to block certain forbidden domains and the other is to give access to certain web pages Only one of these two modes can be selected Block Forbidden Domain...

Page 97: ...e Website Blocking by Keywords Enabled Click to activate this feature The default setting is disabled For example If users enter the string sex any websites containing sex will be blocked Keywords Onl...

Page 98: ...Name Input the allowed domain name etc www google com Add to list Add the rule to list Delete selected item Users can select one or more rules and click to delete Content Filter Scheduling Select Alwa...

Page 99: ...from and the operation will run according to the defined time to Select Always to apply the rule on a round the clock basis If From is selected the activation time is introduced as below Day Control T...

Page 100: ...tual Private Network 10 1 VPN 10 1 1 Display All VPN Summary This VPN Summary displays the real time data with regard to VPN status These data include all tunnel numbers PPTP IPSec QnoKey and IPSec VP...

Page 101: ...ced setting users may adjust the tunnel number of IPSec and QnoKey This shows how many VPN tunnels are in use or available Detail Push this button to display the following information with regard to a...

Page 102: ...l Tunnel No To set the embedded VPN feature please select the tunnel number It supports up to 300 IPSec VPN tunnel Setting gateway to gateway as well as client to gateway Status Successful connection...

Page 103: ...splay Local Group Displays the setting for VPN connection secure group of the local end Remote Group Displays the setting for remote VPN connection secure group Remote Gateway Set the IP address to co...

Page 104: ...VPN connection secure setting for the local group Remote Client Displays the name of this group for remote VPN Connection secure group setting Remote Client Status Click on Detail List and more inform...

Page 105: ...tunnel The VPN tunnel connections are done by 2 VPN devices via the Internet When a new tunnel is added the setting page for Gateway to Gateway or Client to Gateway will be displayed Gateway to Gatewa...

Page 106: ...ion Note If this tunnel is to be connected to the other VPN device some device requires that the tunnel name is identical to the name of the host end to facilitate verification This tunnel can thus be...

Page 107: ...rs don t need to do further settings 2 IP Domain Name FQDN Authentication If users select IP domain name type please enter the domain name and IP address The WAN IP address will be automatically fille...

Page 108: ...mail Addr USER FQDN Authentication If users use dynamic IP address to connect to the device users may select this option to connect to VPN without entering IP address When VPN Gateway requires for VP...

Page 109: ...connected to the VPN tunnel Reference When this VPN tunnel is connected only computers with the session of 192 168 1 0 and with subnet mask as 255 255 255 0 can connect with remote VPN 3 IP Range This...

Page 110: ...c IP Domain Name FQDN Authentication Dynamic IP address Domain name Dynamic IP E mail Addr USER FQDN Authentication Dynamic IP address Email address name 1 IP only If users select the IP Only type ent...

Page 111: ...urity gateway setting type to establish successful connection If the remote IP address is unknown choose IP by DNS Resolved allowing DNS to translate the IP address This domain name must be available...

Page 112: ...ernet When users finish the setting the corresponding IP address will be displayed under the remote gateway of Summary Or users can choose IP by Multiple DNS Resolved and IP address can be translated...

Page 113: ...sers use dynamic IP address to connect with the device users may select this type to link to VPN When the remote VPN gateway requires connection to facilitate VPN connection the device will start auth...

Page 114: ...ish connection 2 Subnet This option allows local computers in this subnet can be connected to the VPN tunnel Reference When this VPN tunnel is connected only computers with the session of 192 168 2 0...

Page 115: ...s They are Manual and IKE automatic encryption mode IKE with Preshared Key automatic By using the drop down menu select the desired encryption mode as illustrated below Encryption Management Protocol...

Page 116: ...o activate the PFS function of the VPN device and the VPN Client as well Phase 1 Phase 2 DH Group This option allows users to select Diffie Hellman groups Group 1 Group 2 Group 5 Phase 1 Phase 2 Encry...

Page 117: ...f Pre shared Key the example here is set as test and the system will automatically translate what users entered as exchange password and authentication mechanism during the VPN tunnel connection This...

Page 118: ...to enhance the security control if dynamic IP is used for connection Use IP Header Compression Protocol If this option is selected in the connected VPN tunnel the device supports IP Payload Compressio...

Page 119: ...rly transmit HELLO ACK message packet to detect whether there is connection between the two ends of the VPN tunnel If one end is disconnected the device will disconnect the tunnel automatically and th...

Page 120: ...ed VPN feature please select the Tunnel number Tunnel Name Displays the current VPN tunnel connection name such as XXX Office Users are well advised to give them different names to avoid confusion Not...

Page 121: ...Addr USER FQDN Authentication Dynamic IP address Email address name 1 IP only If users decide to use IP only entering the IP address is the only way to gain access to this tunnel The WAN IP address wi...

Page 122: ...N If the remote VPN gateway requires connection to the device for VPN connection this device will start authentication and respond to this VPN tunnel connection if users select this option to link to...

Page 123: ...ected computers with the IP address of 192 168 1 0 can establish connection 5 Subnet This option allows local computers in this subnet to be connected to the VPN tunnel Reference When this VPN tunnel...

Page 124: ...y authentication type comes with five operation modes which are IP only IP Domain Name FQDN Authentication IP E mail Addr USER FQDN Authentication Dynamic IP Domain Name FQDN Authentication Dynamic IP...

Page 125: ...tication If users select IP address and E mail enter the IP address and E mail address to gain access to this tunnel and the WAN IP address will be automatically filled into this space Users don t nee...

Page 126: ...ail authentication IPSec Setup If there is any encryption mechanism the encryption mechanism of these two VPN tunnels must be identical in order to create connection And the transmission data must be...

Page 127: ...en PFS is enabled hackers using brute force to capture the key will not be able to get the Phase 2 key in such a short period of time Perfect Forward Secrecy When users check the PFS option don t forg...

Page 128: ...lid time of the VPN connection so as to guarantee security Preshared Key For the Auto IKE option enter a password of any digit or characters in the text of Pre shared Key the example here is set as te...

Page 129: ...ration mode The connection is the same to most of the VPN devices Aggressive Mode This mode is mostly adopted by remote devices The IP connection is designed to enhance the security control if dynamic...

Page 130: ...smission time for each DPD message packet and the default value is 10 seconds Situation in Group VPN Group No Two Group VPN settings at most Group Name Displays the current VPN tunnel connection name...

Page 131: ...l is connected computers with the IP address of 192 168 1 0 can establish connection 2 Subnet This option allows local computers in this subnet can be connected to the VPN tunnel Reference When this V...

Page 132: ...ain name to be authenticated FQDN refers to the combination of host name and domain name that are available on the Internet i e vpn Server com The domain name must be identical to the status setting o...

Page 133: ...types of encryption management modes Manual and IKE automatic encryption mode IKE with Preshared Key automatic If the Group VPN is selected or the dynamic IP address of the Remote Security Gateway Typ...

Page 134: ...hase1 SA Life Time The life time for this exchange code is 28800 seconds or 8 hours by default This allows the automatic generation of other exchange passwords within the valid time of the VPN connect...

Page 135: ...IP address AH Hash Calculation For AH Authentication Header users may select MD5 DSHA 1 NetBIOS Broadcast If this option is selected the connected VPN tunnel allows the passage of NetBIOS broadcast p...

Page 136: ...Enterprise Multi WAN VPN QoS Router 129 Enabled PPTP Server When this option is selected the point to point tunnel protocol PPTP server can be enabled...

Page 137: ...to the last field Enter Range End Enter the value into the last field Username Please enter the name of the remote user Password Confirm Password Enter the password and confirm again by entering the n...

Page 138: ...and same source port the second connection needs to change source port from UDP 500 to the other random port If choosing Fixed Source Port the second connection will still keep the connection with UDP...

Page 139: ...lay the page that summarizes the current status information of QnoKey as illustrated below QnoKey Tunnel Number Displays how many tunnels are applied and the total tunnel number of QnoKey tunnel Throu...

Page 140: ...e number of connected devices that are using QnoKey Show Table Displays the list of all QnoKey users Delete Deletes one user name group setting rule Go to page Goes to the page where summarized inform...

Page 141: ...cessary so that VPN connection will not fail This option allows users to select which WAN port to make connection facilitating management If WAN1 is selected QnoKey group users can connect through onl...

Page 142: ...ssing QnoKey In the event of losing QnoKey there are three options for selection Do Nothing Clear Key and Lock Key Setting this feature on QnoKey can enhance VPN security Select Do Nothing to do no ch...

Page 143: ...sers applying this group rule Click Edit to change settings Click the trash can icon to delete this setting 10 2 3 Qnokey Account List Click Show List to show the Account List page applying this rule...

Page 144: ...n Action Select this option to create settings if the QnoKey is lost Bind MAC If there is hardware binding QnoKey can only execute on the bound PC MAC Address If hardware binding function is enabled i...

Page 145: ...entional complicated VPN setup process by entering Server IP User Name and Password 2 Central Control Feature Displays a clear VPN connection status of all remote ends and branches Its central control...

Page 146: ...Enterprise Multi WAN VPN QoS Router 139 10 3 1 QVM Server Settings Select QVM Feature as Server mode...

Page 147: ...s Subnet Mask Refers to the specific network IP address and subnet mask which has to build connection with the remote client end VPN Hub Function After branch and headquarter are connected branches ca...

Page 148: ...ace Shows which WAN port is applied to connect to this remote QVM Start Time Shows the starting time of QVM End Time Shows the ending time of QVM Duration Shows the total time used from the Start to t...

Page 149: ...Password Confirm Password Must be identical to that of the server password Please enter the password and confirm again QVM VPN IP Address or Dynamic Domain Name Input QVM VPN Server IP address or dom...

Page 150: ...enabled to backup the VPN connection and ensure data transition security Advanced Function Change QVM Client s Service Port In some environment port 443 has been used for example E Mail Forwarding To...

Page 151: ...al bradband connection As the result the linking problem between different ISP network will be sloved As the figure showed above Caf A has only one ISP service Because of narrow bandwidth between two...

Page 152: ...ble virtual route function and link to Caf B s device They can access another ISP service through Caf B s network It seems that Caf A employ dual ISP service too If users in Caf A want to access to an...

Page 153: ...figure a Virtue Route server Virtue Route builds PPTP on the basis of PPP Point to point Protocol it strengthens the security of PPP Virtue Route enables encryption transmission between PPTP server an...

Page 154: ...Range Please enter PPTP IP address range so as to provide the remote users with an entrance IP into the local network Enter Range Start Enter the value into the last field Enter Range End Enter the va...

Page 155: ...AN VPN QoS Router 148 Add to list Add a new account and password Delete selected item Delete Selected Item All PPTP Status Displays all successfully connected users including username remote IP addres...

Page 156: ...the binding network Netcome or Self Defined Import IP Range Click Browse to import binding IP range Binding Service Port To select the port that will execute virtual route All port Game or Self defin...

Page 157: ...P address range should be keyed in the next line Attention Even if only one destination IP address is to be assigned it should follow the same format For example if the destination IP address is 210 6...

Page 158: ...Enterprise Multi WAN VPN QoS Router 151...

Page 159: ...such as network games We recommend that users map the device actual WAN IP addresses directly to the Intranet virtual IP addresses as follows If the DMZ Host function is selected to cancel this functi...

Page 160: ...ration page if a web server address such as 192 168 1 50 and the Port 80 has been set up in the configuration this web page will be accessible from the Internet by keying in the device actual IP addre...

Page 161: ...ports Add to list Add to the active service content Service Port Management The services in the list mentioned above are frequently used services If the service users want to activate is not in the li...

Page 162: ...ist It supports up to 100 rules Delete selected item To remove the selected services Apply Click the Apply button to save the modification Cancel Click the Cancel button to cancel the modification Thi...

Page 163: ...Such as 9000 6600 Incoming Port Range Input the port numbers for data coming in from the Internet to the device Such as 2004 2005 Add to list Add the service to the active service list Delete selected...

Page 164: ...with the device Service Port Select the UPnP service number default list here for example WWW is 80 80 FTP is 21 21 Please refer to the default service number list Host Name or IP Address Input the In...

Page 165: ...Delete Selected Item Remove selected services Show Table This is a list which displays the current active UPnP functions Apply Click Apply to save the network configuration modification Cancel Click C...

Page 166: ...g The abbreviation of Routing Information Protocol is RIP There are two kinds of RIP in the IP environment RIP I and RIP II Since there is usually only one router in a network ordinarily just Static R...

Page 167: ...he RIP function Receive RIP versions Use Up Down button to select one of None RIPv1 RIPv2 Both RIPv1 and v2 as the TX function for transmitting dynamic RIP Transmit RIP versions Use Up Down button to...

Page 168: ...r layer count for the IP If there are two routers under the device users should input 2 for the router layer the default is 1 Max is 15 Interface This is to select WAN port or LAN port for network con...

Page 169: ...c IP addresses For example if there are more than 2 web servers requiring public IP addresses administrators can map several public IP addresses directly to internal private IP addresses Example Users...

Page 170: ...nternet One to One NAT function Range Length The numbers of final IP addresses of actual Internet IP addresses Please do not include IP addresses in use by WANs Add to List Add this configuration to t...

Page 171: ...resses and for dynamic IP remote control For example the actual IP address of an ADSL PPPoE time based system or the actual IP of a cable modem will be changed from time to time To overcome this probl...

Page 172: ...ddress such as abc qnoddns org cn as a user name for QnoDDNS Password The password which is set up for DDNS Dynamic Domain Name Input the website address which has been applied from DDNS Examples are...

Page 173: ...qno com tw 2 Input the e mail address which users used to register this product and the serial number of the product to log in to the QnoDDNS Service System Be sure to input an available e mail addre...

Page 174: ...hould only consist of a z lowercase letter and 0 9 numerals and the first character should be an English letter For products with two WANs users can apply no more than two DDNS configurations For prod...

Page 175: ...Enterprise Multi WAN VPN QoS Router 168...

Page 176: ...t the network card physical address MAC address 00 xx xx xx xx xx here The device will adopt this MAC address when requesting IP address from ISP Select the WAN port to which the configuration is to b...

Page 177: ...is in Chapter 5 2 13 1 Diagnostic The device provides a simple online network diagnostic tool to help users troubleshoot network related problems This tool includes DNS Name Lookup Domain Name Inquiry...

Page 178: ...s of the status quo of the outbound session and allows the user to know the existence of computers online On this test screen please enter the host IP that users want to test such as 192 168 5 20 Pres...

Page 179: ...grade page Please confirm all information about the software version in advance Select and browse the software file click Firmware Upgrade Right Now to complete the upgrade of the designated file Note...

Page 180: ...eter settings into the device Before upgrade confirm all information about the software version Select and browse the backup parameter file config exp Select the file and click Import to import the fi...

Page 181: ...network management item Through this SNMP communications protocol programs with network management i e SNMP Tools HP Open View can help communications of real time management The device supports stan...

Page 182: ...me of the group or community that can view the device SNMP data The default setting is Public Set Community Name Set the name of the group or community that can receive the device SNMP data The defaul...

Page 183: ...outer 176 13 5 System Recover Users can restart the device with System Recover button Restart As the figure below if clicking Restart Router button the dialog block will pop out confirming if users wo...

Page 184: ...Enterprise Multi WAN VPN QoS Router 177 Return to Factory Default Setting If clicking Return to Factory Default Setting the dialog block will pop out if the device will return to factory default...

Page 185: ...IV Log From the log management and look up we can see the relevant operation status which is convenient for us to facilitate the setup and operation 14 1 System Log Its system log offers three options...

Page 186: ...Enterprise Multi WAN VPN QoS Router 179 System Log Enabled If this option is selected the System Log feature will be enabled...

Page 187: ...d type To apply this feature enter the system log server name or the IP address into the empty system log server field E mail Alert Enabled If this option is selected E mail Warning will be enabled Ma...

Page 188: ...ing this button Log Setting Alert Log The device provides the following warning message Click to activate these features Syn Flooding IP Spoofing Win Nuke Ping of Death Unauthorized Login Attempt Syn...

Page 189: ...and so on Deny Policies If remote users fail to enter the system because of the access rules for instance message will be recorded in the system log Allow Policies If remote users enter the system bec...

Page 190: ...the Internet This log includes LAN IP destination IP and service port that is applied It is illustrated as below Incoming Packet Log View system packet log of those entering the firewall The log inclu...

Page 191: ...Enterprise Multi WAN VPN QoS Router 184 Clear Log Now This feature clears all the current information on the log...

Page 192: ...port location device name current WAN link status IP address MAC address subnet mask default gateway DNS number of received sent total packets number of received sent total Bytes Received and Sent By...

Page 193: ...Enterprise Multi WAN VPN QoS Router 186...

Page 194: ...r 187 14 3 Traffic Statistic Six messages will be displayed on the Traffic Statistic page to provide better traffic management and control By Inbound IP Address The figure displays the source IP addre...

Page 195: ...source IP address bytes per second and percentage By Outbound Port The figure displays the network protocol type destination IP address bytes per second and percentage By Inbound Port The figure disp...

Page 196: ...inistrators to inquire a specific IP or from a specific port about the addresses that this IP had visited or the users source IP who used this service port This facilitates the identification of websi...

Page 197: ...e Multi WAN VPN QoS Router 190 Specific IP Status Enter the IP address that users want to inquire and then the entire destination IP connected to remote devices as well as the number of ports will be...

Page 198: ...Enterprise Multi WAN VPN QoS Router 191 Specific Port Status Enter the service port number in the field and IP that are currently used by this port will be displayed...

Page 199: ...outer 192 XV Log out On the top right corner of the web based UI there is a Logout button Click on it to log out of the web based UI To enter next time open the Web browser and enter the IP address us...

Page 200: ...d how to setup quickly and understand the VPN Router capability at the same time VPN Router overall interface is as below Category Sub category Chapter Home V Device Spec Verification Status Display a...

Page 201: ...Function XII Advanced Setting DMZ Forwarding 12 1 DMZ Host Port Range Forwarding UPnP 12 2 UPnP Universal Plug and Play Routing 12 3 Routing One to One NAT 12 4 One to One NAT DDNS 12 5 DDNS MAC Clon...

Page 202: ...TP Setup PPTP Status 10 1 3 PPTP Status VPN Pass Through 10 1 4 VPN Pass Through QnoKey 10 2 QnoKey Summary 10 2 1 10 2 3 QnoKey Group and Client QVM VPN 10 3 QVM VPN QVM Setup 10 3 1 QVM VPN Server S...

Page 203: ...ndix II Troubleshooting 1 Block BT Download To block BT and prevent downloading by users go to the Firewall Content Filter and select Enable Website Block by Keywords followed by the input of torrent...

Page 204: ...recently the internet transmission speed was brought down and the Session bulky increase result in the massive processing load of the device The following guides users to block this virus correspondi...

Page 205: ...Enterprise Multi WAN VPN QoS Router 198 Use the same method to add UDP UDP135 139 and TCP 445 445 Ports c Enhance the priority level of these three to the highest...

Page 206: ...s to Qno products and provides users with solutions by introducing users how to set up the device a Log into the device web based UI and enter Firewall Access Rule b Click Add New Rule under Access Ru...

Page 207: ...sary specific time setting may be undertaken Click Apply to move to the next step c Input the following IP address in Dest IP with repeat operation 121 14 75 115 60 28 234 117 60 28 235 119 222 28 155...

Page 208: ...within the local network can be obtained Their account and information are stolen The following describes how to prevent such virus attack First let us get down to the definition of ARP Address Resolu...

Page 209: ...the shop experience temporal disconnection or failure of going online It can be resolved by restarting the device however the problem repeats shortly after Cafe Administrators can use arp a command t...

Page 210: ...nter the ping 192 168 1 1 Gateway IP address as illustrated If there are cases of packet loss of the ping LAN IP and lf later there is connection it is possible that the system is attacked by ARP To v...

Page 211: ...on the device end On every PC start or operate cmd to enter the dos operation Enter arp s 192 168 1 1 0a 0f d4 9e fb 0b so as to finish the binding of pc01 as illustrated For other host devices withi...

Page 212: ...make a two way binding of the IP address and MAC address from both of the PC and device ends in order to carry out the prevention work However this is more complicated because the search for the IP a...

Page 213: ...ot recommended because the inquiry of IP MAC addresses of all hosts creates heavy workload Another method to bind IP and MAC is more recommended because of easy operation reducing workload and time ef...

Page 214: ...AC address corresponding to the PC are displayed Enter the Name of the computer and click on Enabled with the display of the icon and push the option on the top right corner of the screen to confirm N...

Page 215: ...RP This can better shelter the network from being attacked 2 Cyber caf administrators should check the LAN virus install anti virus software Ginshan Virus Reixin must update the virus codes and conduc...

Page 216: ...such management sharing as C and D Single device user can directly close Server service 7 Do not open QQ or the link messages sent by MSN online chatting tools in a causal manner Do not open or execu...

Page 217: ...s bandwidth forum refer to the examples of the FTP server or contact the technical department of Qno s dealers as well as the Qno s Mainland technical center Qno Official Website http www Qno com tw D...

Reviews:

No comments

Related manuals for 4WAN

Garland P1GCCAS Installation Manual preview
P1GCCAS
Brand: Garland Pages: 4
Patton electronics 2888 Quick Start Manual preview
2888
Brand: Patton electronics Pages: 8
Watchguard Firebox SOHO 6 Wireless Instructions Manual preview
Firebox SOHO 6 Wireless
Brand: Watchguard Pages: 8
Queclink GV600 Series Instruction Manual preview
GV600 Series
Brand: Queclink Pages: 9
ZyXEL Communications P-336M Specifications preview
P-336M
Brand: ZyXEL Communications Pages: 2
US Robotics USR8700 Quick Installation Manual preview
USR8700
Brand: US Robotics Pages: 36
Baicells EG2013B-M11 User Manual preview
EG2013B-M11
Brand: Baicells Pages: 10
BEC 7404 Series User Manual preview
7404 Series
Brand: BEC Pages: 159
ETL TeleCLIENT TC7730 Series User Manual preview
TeleCLIENT TC7730 Series
Brand: ETL Pages: 83
E-Lins H820Q Series Quick Start Manual preview
H820Q Series
Brand: E-Lins Pages: 10
TRENDnet TEM-560T Specifications preview
TEM-560T
Brand: TRENDnet Pages: 2
Juniper EX8200 Series Brochure preview
EX8200 Series
Brand: Juniper Pages: 12
Westermo RedFox User Manual preview
RedFox
Brand: Westermo Pages: 20
King Pigeon N80 User Manual preview
N80
Brand: King Pigeon Pages: 8
Westermo Viper 408 Manual preview
Viper 408
Brand: Westermo Pages: 22
Huawei Mobile WiFi E5878 Quick Start Manual preview
Mobile WiFi E5878
Brand: Huawei Pages: 28
Huawei NE20E-S2E Configuration preview
NE20E-S2E
Brand: Huawei Pages: 16
Huawei NE20E-S8 Configuration preview
NE20E-S8
Brand: Huawei Pages: 23

Brands by name

Popular brands

Load more brands