QNO VPN QoS User Manual Download

Page: 82 / 210

802.1x Mode

RADIUS server is needed while 802.1x mode is enabled.

IP Address

Input RADIUS server IP.

RADIUS Port

Input RADIUS service port.

Shared Secret

Input initial shared key.

Session Timeout

Input a maximum idle time. If the link idles over time, the connection will be terminated.

8.2.3 WPS Config

Users can enable WPS function when using WPA Personal, WPA2 Personal and WPA/WPA2 Personal Mixed Mode.

When WPS is enabled, the mode will continue for 2 minutes. If there is no connection established in two minutes,

this connection wil be stopped.

1. Use personal PIN code to configure WPS

(1) Enable WPS.

(2) Input wireless client device PIN code. AP PIN code should be also written in client device.

(3) Click

“

Connect

”

to establish connection.

(4) Check if WPS connection is established successfully on client device.

2. Use PBC to configure WPS

(1) Enable WPS.

(2) Check

“

PBC

”

and click

“

connect

”

to establish connection. Uses can also push the WPS button on front panel

for 5 seconds.

(3) Check if WPS connection is established successfully on client device.

Summary of Contents for VPN QoS

Page 1: ...English User s Manual VPN QoS Wireless Router 1x100Mbps WAN 4x100Mbps Switch LAN 2xUSB Family Small Business IPSec VPN Solution...

Page 2: ...ns of intellectual property When the user copies the Manual this statement of intellectual property must also be copied and indicated Otherwise Qno regards it as tort and relevant duty will be prosecu...

Page 3: ...nd condition of the corresponding information The guarantee and condition include tacit guarantee and condition about marketability suitability for special purposes ownership and non infringement The...

Page 4: ...t Status 16 5 1 3 System Information 18 5 1 4 Firewall Status 19 5 2 Change and Set Login Password and Time 20 5 2 1 Password Setting 20 5 2 2 Time 21 VI Network 23 6 1 Network Connection 23 6 1 1 Hos...

Page 5: ...l Policy 100 10 2 Access Rule 104 10 2 1 Add New Access Rule 105 10 3 Content Filter 108 XI L7 Management 113 11 1 L7 Filter 1 Rule list 113 11 2 L7 VIP Priority Channel 117 11 3 L7 QoS 122 11 4 Appli...

Page 6: ...2 3 Configuration Backup 179 12 4 SNMP 180 12 5 System Recover 182 XV Log 184 13 1 System Log 184 13 2 System Statistic 189 13 3 Traffic Statistic 190 13 4 IP Port Statistic 192 XVI Log out 195 Append...

Page 7: ...of the IPSec Protocol IPSec VPN provides DES 3DES AES128 AES192 AES256 encryption MD5 SH1 certification IKE Pre Share Key or manual password interchange VPN Router also supports aggressive mode When a...

Page 8: ...p networks easy to understand It also reinforces the management of network access rules VPN and all other network services VPN Router fully protects the safety of communication between all offices and...

Page 9: ...ily This simplifies the management and maintenance making the user network settings be done at one time The main process is as below 1 Hardware installation 2 Login 3 Verify device specification and s...

Page 10: ...N Configure bandwidth to optimize data transmission 5 Set QoS bandwidth management avoid bandwidth occupation Restrict bandwidth and session of WAN ports LAN IP and application To assure transmission...

Page 11: ...backup Administrators can look up system log and monitor system status and inbound outbound flow in real time 9 VPN Virtual Private Network Configure VPN tunnels Configure different types of VPN to me...

Page 12: ...thernet is running at 10Mbps WLAN Green Green LED on Wireless function is enabled Green LED blinking Packets are transmitting WPS Green Green LED on WPS function is working Reset Action Description Pr...

Page 13: ...ing Hub or through an external router to connect to the Internet LAN Connection The LAN port can be connected to a Switching Hub or directly to a PC Users can use servers for monitoring or filtering t...

Page 14: ...o Start Run enter cmd to commend DOS and enter ipconfig for getting Default Gateway address as the graphic below 192 168 1 1 Make sure Default Gateway is also the default IP address of the router Atte...

Page 15: ...change the login password in the setting later Attention For security we strongly suggest that users must change password after login Please keep the password safe or you can not login to the device...

Page 16: ...ge all the device s parameters and status are listed for users reference 5 1 1 WAN Status IP Address Indicates the current IP configuration for WAN port Default Gateway Indicates current WAN gateway I...

Page 17: ...s Release and Renew will appear If a WAN connection such as PPPoE or PPTP is selected Disconnect and Connect will appear DMZ IP Address Indicates the current DMZ IP address 5 1 2 Physical Port Status...

Page 18: ...s type 10Base T 100Base TX iniferface WAN LAN DMZ link status Up Down physical port status Port Enabled Port Disabled priority high or normal speed status 10Mbps or 100Mbps duplex status Half Full aut...

Page 19: ...cates how long the Router has been running Serial Number This number is the Router serial number Firmware Version Information about the Router present software version Current Time Indicates the devic...

Page 20: ...efault configuration is On Block WAN Request Indicates that denying the connection from Internet is activated The default configuration is On Prevent ARP Virus Attack Indicates that preventing Arp vir...

Page 21: ...rongly recommend that you must change your password after first login Please keep the password safe or you might not login to the device You can press Reset button for more than 10 sec the device will...

Page 22: ...know the exact time of event occurrences that are recorded in the System Log and the time of closing or opening access for Internet resources You can either select the embedded NTP Server synchroniza...

Page 23: ...he server IP address Apply After the changes are completed click Apply to save the configuration Cancel Click Cancel to leave without making any change This action will be effective before Apply to sa...

Page 24: ...he following descriptions for specific configurations 6 1 Network Connection 6 1 1 Host Name and Domain Name Device name and domain name can be input in the two boxes Though this configuration is not...

Page 25: ...ddresses and subnet masks This function enables users to input IP segments that differ from the router network segment to the multi net segment configuration the Internet will then be directly accessi...

Page 26: ...advanced configuration page Obtain an Automatic IP automatically This mode is often used in the connection mode to obtain an automatic DHCP IP This is the device system default connection mode It is...

Page 27: ...herefore to avoid a huge number of disconnection users can activate this function to arrange new connections to be made through another WAN to the Internet In this way the effect of any disconnection...

Page 28: ...such as Issued eight static IP addresses 255 255 255 248 Issued 16 static IP addresses 255 255 255 240 Default Gateway Input the default gateway issued by ISP For ADSL users it is usually an ATU R IP...

Page 29: ...net In this way the effect of any disconnection can be minimized Line Dropped Period Input the time rule for disconnection of this WAN service Line Dropped Scheduling Input how long the WAN service ma...

Page 30: ...o connect with the Internet the device will automatically make a dial connection If the line has been idle for a period of time the system will break the connection automatically The default time for...

Page 31: ...ers can activate this function to arrange new connections to be made through another WAN to the Internet In this way the effect of any disconnection can be minimized Line Dropped Period Input the time...

Page 32: ...s installed Contact ISP for relevant information Subnet Mask Input the subnet mask of the static IP address issued by ISP such as Issued eight static IP addresses 255 255 255 248 Issued 16 static IP a...

Page 33: ...l connections that go through this WAN will be disconnected too Only after the disconnected lines are reconnected can they go through the standby system to connect with the Internet Therefore to avoid...

Page 34: ...load balancing will be achieved as usual WAN IP Address Input one of the static IP addresses issued by ISP Subnet Mask Input the subnet mask of the static IP address issued by ISP such as Issued eight...

Page 35: ...ough the standby system to connect with the Internet Therefore to avoid a huge number of disconnection users can activate this function to arrange new connections to be made through another WAN to the...

Page 36: ...ing limited PIN code trial errors If you enter wrong PIN code too many times the SIM card will be locked by ISP and the setting UI will show PUK PIN Unlocked Key Products do not support PIN code unloc...

Page 37: ...ice Status 4 3G modem is connected but the SIM card is locked Please enter the PUK code to unlock Status 5 3G modem is connected and works normally 3 DNS Server Choose the self defined DNS server IP a...

Page 38: ...es ss s R Ro ou ut te er r 37 6 2 Multi WAN Setting When you have multiple WAN gateways you can use Traffic Management and Protocol Binding function to fulfill WAN road balancing so that we can have...

Page 39: ...onnections based on session number to achieve network load balance IP Session Balance If By IP is selected the WAN bandwidth will automatically allocate connections based on IP amount to achieve netwo...

Page 40: ...e WAN bandwidth will automatically allocate connections based on session number to achieve network load balance IP Balance If By IP is selected the WAN bandwidth will automatically allocate connection...

Page 41: ...e WAN is connected with Netcom to apply a similar division of traffic policy to these WANs a combination for the WANs must be made Click Set WAN Grouping an interactive window as shown in the figure b...

Page 42: ...will then dispatch the traffic to the assigned destination IP through the WAN ex WAN 1 or WAN grouping users designated to the Internet To build a policy document users can use a text based editor suc...

Page 43: ...her words traffic to that destination IP will be transmitted through the WAN or WAN group under China Netcom strategy 6 2 2 Network Service Detection This is a detection system for network external se...

Page 44: ...n failure is detected an error message will be recorded in the System Log This line will not be removed therefore the some of the users on this line will not have normal connections This option is sui...

Page 45: ...detection If users have an optical fiber box or the IP issued by ISP is a public IP and the gateway is located at the port of the net caf rather than at the IP provider s port do not activate this opt...

Page 46: ...the WAN port configuration Bandwidth Configuration When Auto Load Balance mode is selected the device will select sessions or IP and the WAN bandwidth will automatically allocate connections to achie...

Page 47: ...nd the application Service Ports that are not assigned to other WANs WAN2 for external connections In other words the first WAN WAN1 cannot be configured with the Protocol Binding rule This is to avoi...

Page 48: ...restricted to WAN1 the external static IP address 210 1 1 1 210 1 1 1 should be input If a range of destinations is to be assigned input the range such as 210 11 1 1 210 11 255 254 This means the Clas...

Page 49: ...rt If the Service Port users want to activate is not in the list users can add or remove service ports from Service Management to arrange the list as described in the following Service Name In this bo...

Page 50: ...re Apply is clicked Exit To quit this configuration window Auto Load Balancing mode when enabled The collocation of the Auto Load Balance Mode and the Auto Load Mode will enable more flexible use of b...

Page 51: ...Enable Finally click Add New and the rule will be added to the mode Example 2 How do I set up Auto Load Balance Mode to keep Intranet IP 192 168 1 150 200 from going through WAN2 when the destination...

Page 52: ...s Select WAN2 from the pull down option list Interface and then click Enable Finally click Add New and the rule will be added to the mode The device will transmit packets to Port 80 through WAN2 Howev...

Page 53: ...V VP PN N Q Qo oS S W Wi ir re el le es ss s R Ro ou ut te er r 52...

Page 54: ...n it bring the function into full play Example 1 How do I set up the Assigned Routing Mode to keep all Intranet IP addresses from going through WAN2 when the destination is Port 80 and keep all other...

Page 55: ...ch means to include all Intranet IP addresses In the boxes for Destination IP input 211 1 1 1 211 254 254 254 Select WAN2 from the pull down option list Interface and then click Enable Finally click A...

Page 56: ...ced features of 3G 3 5G USB Modems Qno provides Intelligent USB Power Saving feature to be power efficient and extend 3G 3 5G USB dongle lifetime Based on bandwidth usage rate time and behaviors there...

Page 57: ...V VP PN N Q Qo oS S W Wi ir re el le es ss s R Ro ou ut te er r 56...

Page 58: ...e switched back to the original state setting Click the box the make all the setting changes are logged Note 1 3G feature is disabled by default Please go to USB Setting UI to enable 3G feature by cho...

Page 59: ...k is back 3G 3 5G USB dongles will return to power saving state When the WAN connection is detected failed the traffic will transfer to USB A Trigger Condition When ALL the chosen wired connections ar...

Page 60: ...g the USB port idle time helps you have time for dialing 3G 3 5G USB dongles Take the figure above as example If the idle time is 10 minutes the system will provide power for USB prots for 10 minutes...

Page 61: ...column shows You can decide 3G 3 5G USB dongle backup when WAN port is disconnected as well as 3G 3 5G dongle load balance Must click the box first to enable the bandwidth threshold configuration 1 Se...

Page 62: ...0 3G 3 5G will return to power saving state B Return condition When the trigger conditions no longer exist 3G 3 5G USB dongle will return to power saving state Example 1 3G 3 5G USB dongle is for WAN...

Page 63: ...You can schedule the USB port usage time on the time table which is shown in hour The figure above is an example of USB Port 1 schedule for one private enterprise Administrator would like to incread b...

Page 64: ...Connection Type Interface Link Status Up Down Port Activity Port Enabled Priority Setting High or Normal Speed Status 10Mbps or 100Mbps Duplex Status half duplex or full duplex Auto Neg Enabled Disab...

Page 65: ...ation for LAN computers This function is similar to the DHCP service in NT servers It benefits users by freeing them from the inconvenience of recording and configuring IP addresses for each PC respec...

Page 66: ...e time unit is minute Range End This is an initial IP automatically leased by DHCP It means DHCP will start the lease from this IP The default initial IP is 192 168 1 100 DNS Domain Name Service This...

Page 67: ...he administrator s reference when a network modification is needed DHCP Server This is the current DHCP IP Dynamic IP Used The amount of dynamic IP leased by DHCP Static IP Used The amount of static I...

Page 68: ...Local Database Normally DNS sever will be directed to ISP DNS server or internal self defined DNS server Qno router also provides easy self defined DNS services called DNS Local Database which can map...

Page 69: ...0 1 as shown in the following figure Therefore DCHP DNS IP address must be 10 10 10 1 to make DNS local database in effect 3 After enabling DNS local database if there is no host domain names in the l...

Page 70: ...V VP PN N Q Qo oS S W Wi ir re el le es ss s R Ro ou ut te er r 69 2 Enter tw yahoo com for lookup 3 The IP is 10 10 10 199 confirming the corresponding IP in DNS local database...

Page 71: ...S S W Wi ir re el le es ss s R Ro ou ut te er r 70 7 4 IP MAC Binding Administrators can apply IP MAC Binding function to make sure that users can not add extra PCs for Internet access or change priva...

Page 72: ...e two methods for setting up this function 1 Block MAC address not on the list This method only allows MAC addresses on the list to receive IP addresses from DHCP and have Internet access When this me...

Page 73: ...signed IP input 0 0 0 0 in the boxes The boxes cannot be left empty 2 If users want DHCP to assign a static IP for a PC every single time users should input the IP address users want to assign to this...

Page 74: ...with the Internet Show New IP user This function can reduce administrator s effort on checking MAC addresses one by one for the binding Furthermore it is easy to make mistakes to fill out MAC address...

Page 75: ...ss s R Ro ou ut te er r 74 VIII Wireless Network Wireless function is enabled by default The WLAN LED will be on after system booting Client device can find SSID as QNO_AP_1 Please refer to following...

Page 76: ...hoose the country where you are Freqeuncy Channel Means the channel of frequency of the wireless LAN Please choose the channel which is still available to avoid interference Users can also check Auto...

Page 77: ...etup DLS This function will greatly improve the data transfer rate between WMM enabled wireless devices WMM AP Parameter Setting Tx Power The default value is 100 To narrow down covering range users c...

Page 78: ...V VP PN N Q Qo oS S W Wi ir re el le es ss s R Ro ou ut te er r 77 8 2 Security Setting...

Page 79: ...SSID Check Enabled box to reveal SSID in the wireless network If Disabled is checked wireless client device will not find this SSID Users have to input SSID manually to connect to this device AP Isol...

Page 80: ...128 bit 26 hex digits Input 26 hex digits 0 9 a f A F as WEP key 64 bit 5 ASCII Input 5 ASCII code English letter or number as key 128 bit 13ASCII Input 13 ASCII code English letter or number as key 2...

Page 81: ...AP s coverage area to another it performs an authentication procedure exchanging security information with the new AP Instead of re authenticating a client each time it returns to the AP s coverage a...

Page 82: ...Personal Mixed Mode When WPS is enabled the mode will continue for 2 minutes If there is no connection established in two minutes this connection wil be stopped 1 Use personal PIN code to configure W...

Page 83: ...network to extand covering range Two devices should be set in the same subnet as figure above Configurations of two devices should be the same Basic Setting Under WDS mode channel bandwidth should be...

Page 84: ...S W Wi ir re el le es ss s R Ro ou ut te er r 83 If WEP mode is enabled system will arrange 4 sets of key for those MACs Make sure the order is correct 2 Or check Scanning to select existing AP and t...

Page 85: ...lling the wireless LAN MAC address of client Only the valid MAC address that has been configured can access the wireless LAN interface Policy Deny Connection from the disabled MAC list will be denied...

Page 86: ...client device Rate The quality of Wifi signal 8 4 Statistic Tx Success Number of successfully transmitted frames Tx Retry Count Number of retransmitted frames Tx Fail after Retry Number of failed fra...

Page 87: ...idth or provide priority to specific applications or services and also to enable other users to share bandwidth as well as to ensure stable and reliable network transmission To maximize the bandwidth...

Page 88: ...V VP PN N Q Qo oS S W Wi ir re el le es ss s R Ro ou ut te er r 87 9 1 Bandwidth Management...

Page 89: ...r words it will guarantee a minimum rate of upstream and downstream for each IP and Service Port based on the total actual bandwidth of WAN1 and WAN2 For example if the upstream bandwidths of both WAN...

Page 90: ...n users the device enables users to set up QoS Rate Control and Priority Control Users can select only one of the above QoS choices Rate Control The network administrator can set up bandwidth or usage...

Page 91: ...e a single selection or multiple selections Service Port Select what bandwidth control is to be configured in the QoS rule If the bandwidth for all services of each IP is to be controlled select All T...

Page 92: ...tream If a Server for external connection has been built in the device this option is to control the bandwidth for the traffic coming from outside to this Server Server in LAN Downstream If there are...

Page 93: ...download information the total occupied bandwidth is fixed Enable Activate the rule Add to list Add this rule to the list Move up Move down QoS rules will be executed from the bottom of the list to th...

Page 94: ...ge e g 192 168 1 1 254 in Direction part open the dropdown box and choose Downstream Import 2Kbit Sec in Mini Rate which guarantees the minimum bandwidth for FTP downloading And import 50Kbit Sec in M...

Page 95: ...Direction part open the dropdown box and choose Downstream Import 2Kbit Sec in Mini Rate which guarantees the minimum bandwidth And import 512Kbit Sec in Max Rate for a maximum limitation Choose Assig...

Page 96: ...ndwidth usage In addition if any Intranet PC is attacked by a virus like Worm Blaster and sends a huge number of session requests session control will restrict that as well Session Control and Schedul...

Page 97: ...session has been closed new sessions cannot be made until the setting time ends If this function is selected when the user s port connections reach the limit all the lines that this user is connected...

Page 98: ...Port Choose the service port Source IP Input the IP address range or IP group Enabled Activate the rule Add to list Add this rule to the list Delete seleted item Remove the rules selected from the Se...

Page 99: ...s downstream bandwidth threshold for all WAN Input the max downstream rate for intranet IPs If any IP s bandwidth is over maximum threshold its maximum bandwidth will remain When any IP uses more band...

Page 100: ...Always is selected the rule will be executed around the clock If From is selected the rule will be executed according to the configured time range For example if the time control is from Monday to Fr...

Page 101: ...hile the remote management feature will be activated The network access rules and content filter will be turned off Firewall This feature allows users to turn on off the firewall SPI Stateful Packet I...

Page 102: ...ed In the field of remote browser IP a valid external IP address WAN IP for the device should be filled in and the modifiable default control port should be adjusted the default is set to 80 modifiabl...

Page 103: ...just the threshold value and the blocking duration to effectively deal with external attack The threshold value should be adjusted from high to low LAN Threshold When all packet values from internal a...

Page 104: ...ked IP Show the blocked IP list and the remained blocked time Restricted WEB Features It supports the block that is connected through Java Cookies Active X and HTTP Proxy access Apply Click Apply to s...

Page 105: ...ernet access The following describes the internet access rules All traffic from the LAN to the WAN is allowed by default All traffic from the WAN to the LAN is denied by default Users may define acces...

Page 106: ...ass of packets compliant with this control rule Deny Prevents the pass of packets not compliant with this control rule Service From the drop down menu select the service that users grant or do not giv...

Page 107: ...ivation time is introduced as below to This control rule has time limitation The setting method is in 24 hour format such as 08 00 18 00 8 a m to 6 p m Day Control Everyday means this period of time w...

Page 108: ...200 to 230 to access service port 80 Action Forbid Service Port TCP 80 Source Interface LAN Meaning to service port 80 which blocks the traffic from intranet to internet Source IP 192 168 1 200 192 16...

Page 109: ...ter The device supports two webpage restriction modes one is to block certain forbidden domains and the other is to give access to certain web pages Only one of these two modes can be selected Block F...

Page 110: ...ut te er r 109 Add Enter the websites to be controlled such as www playboy com Add to list Click Add to list to create a new website to be controlled Delete selected item Click to select one or more...

Page 111: ...Keywords Only for English keyword Enter keywords Add to List Add this new service item content to the list Delete selected item Delete the service item content from the list Apply Click Apply to save...

Page 112: ...nction The default setting is Disabled Add Input the allowed domain name etc www google com Add to list Add the rule to list Delete selected item Users can select one or more rules and click to delete...

Page 113: ...ion will run according to the defined time For example if the control time runs from 8 a m to 6 p m Monday to Friday users may control the operation according to the following illustrated example Alwa...

Page 114: ...V VP PN N Q Qo oS S W Wi ir re el le es ss s R Ro ou ut te er r 113 XI L7 Management 11 1 L7 Filter 1 Rule list...

Page 115: ...V VP PN N Q Qo oS S W Wi ir re el le es ss s R Ro ou ut te er r 114 2 Add new rule click...

Page 116: ...tion support list 1 After choosing Category the Item column will show the crosponding list Hint Directly click on the applications to put them effective Cancel the application by double clicks Click C...

Page 117: ...ional user setting Please note that the exceptional user setting will be applied to all the rules in the application For example if there is a Google Talk rule with no exceptional IP when adding a new...

Page 118: ...V VP PN N Q Qo oS S W Wi ir re el le es ss s R Ro ou ut te er r 117 11 2 L7 VIP Priority Channel 1 Rule List 2 Add New Rule Click...

Page 119: ...will be shown on the list so administrator could name the rule by users or usages Select one WAN as VIP For example only the traffic of president room on WAN1 and WAN2 is VIP traffic on other WAN por...

Page 120: ...riority Set source IP Group as VIP For instance if General Manager Room IP group is chosen they will have VIP priority no matter what application is used Set VIP application and source IP Group at the...

Page 121: ...After choosing Category the Item column will show the crosponding list Hint Directly click on the applications to put them effective Cancel the application by double clicks Click Choose All to put all...

Page 122: ...V VP PN N Q Qo oS S W Wi ir re el le es ss s R Ro ou ut te er r 121 Step 4 Click to save the rules...

Page 123: ...V VP PN N Q Qo oS S W Wi ir re el le es ss s R Ro ou ut te er r 122 11 3 L7 QoS 1 Rule List...

Page 124: ...some of the software applications display by KB 1KB 8kbit Calculating bandwidth utility of QoS rule minimize of bandwidth IP set up number For example IP range is 192 168 1 101 110 minimize bandwidth...

Page 125: ...V VP PN N Q Qo oS S W Wi ir re el le es ss s R Ro ou ut te er r 124 2 Add New Rule Click...

Page 126: ...rence Please visit the official website for the actual application support list After choosing Category the Item column will show the crosponding list Hints Directly click on the applications to put t...

Page 127: ...for Intranet IP Bandwidth sharing Sharing total bandwidth with all IP addresses If this option is selected all IP addresses or Service Ports will share the bandwidth range from minimum to maximum band...

Page 128: ...o ou ut te er r 127 Step 4 Make sure the time setting is correct to make the rule in effective only during the set time All time is set as the default The time frame could be modified in the following...

Page 129: ...the URL destination IP address or the port number You can see the Application Define feature on the Application Status Table or on the APP List of all L7 Management features Application Status Figure...

Page 130: ...an IP range is to be controlled input the range such as 100 100 100 105 200 Dest IP Group Apply the Dest IP Group from the Group Management function Domain Name Use Domain Name to define the applicat...

Page 131: ...of the policies Figures are used for reference Please visit the official website for the actual application support list 1 Sorting and ordering the applications Sorting the applications or ordering th...

Page 132: ...u ut te er r 131 11 6 Database Update Database Update function provides administrator to know the server side informations on this web page whether the newest version to update moreover to set up the...

Page 133: ...diatly after you downloaded this version will reserve in system you can download manually from downloaded version in Version Management 3 Latest Version Check The latest time of server version checkin...

Page 134: ...nstallation Disable the Automatic Update Installation System will not update the database administrator can update the database manually by press the Enable Automatic Update Installastion Download and...

Page 135: ...V VP PN N Q Qo oS S W Wi ir re el le es ss s R Ro ou ut te er r 134 XII VPN Virtual Private Network 10 1 VPN...

Page 136: ...nt to Gateway tunnel The VPN tunnel connections are done by 2 VPN devices via the Internet When a new tunnel is added the setting page for Gateway to Gateway or Client to Gateway will be displayed Gat...

Page 137: ...o avoid confusion Note If this tunnel is to be connected to the other VPN device some device requires that the tunnel name is identical to the name of the host end to facilitate verification This tunn...

Page 138: ...rs don t need to do further settings 2 IP Domain Name FQDN Authentication If users select IP domain name type please enter the domain name and IP address The WAN IP address will be automatically fille...

Page 139: ...rs use dynamic IP address to connect to the device users may select this option to connect to VPN without entering IP address When VPN Gateway requires for VPN connection the device will start authent...

Page 140: ...gateway authentication type Remote Security Gateway Type must be identical to the remotely connected local security gateway authentication type Local Security Gateway Type Remote Security Gateway Type...

Page 141: ...fied FQDN refers to the combination of host name and domain name Users may enter any name that corresponds to the domain name of FQDN This IP address and domain name must be identical to those of the...

Page 142: ...Dynamic IP Domain Name FQDN Authentication If users use dynamic IP address to connect with the device users may select the combination of the dynamic IP address host name and domain name 5 Dynamic IP...

Page 143: ...rs 1 IP address This option allows the only IP address which is entered to build the VPN tunnel Reference When this VPN tunnel is connected computers with the IP address of 192 168 2 1 can establish c...

Page 144: ...ect the desired encryption mode as illustrated below Encryption Management Protocol When users set this VPN tunnel to use any encryption and authentication mode users must set the parameter of this ex...

Page 145: ...PN tunnel to use any authentication mode Note that this parameter must be identical to that of the remote authentication mode MD5 or SHA1 Phase 1 SA Life Time The life time for this exchange code is s...

Page 146: ...ection This is mostly used to connect the remote node of the branch office and headquarter or used for the remote dynamic IP address AH hash calculation For AH Authentication Header users may select M...

Page 147: ...nd point for the Heart Beat detection the end point should be a strong and stable server which is able to send reply quickly We suggest using the LAN IP address of the VPN remote end point device as t...

Page 148: ...PN feature please select the Tunnel number Tunnel Name Displays the current VPN tunnel connection name such as XXX Office Users are well advised to give them different names to avoid confusion Note If...

Page 149: ...ER FQDN Authentication Dynamic IP address Email address name 1 IP only If users decide to use IP only entering the IP address is the only way to gain access to this tunnel The WAN IP address will be a...

Page 150: ...connection if users select this option to link to VPN please enter the domain name 5 Dynamic IP E mail Addr USER FQDN Authentication If users use dynamic IP address to connect to the device users may...

Page 151: ...uters with the IP address of 192 168 1 0 can establish connection 2 Subnet This option allows local computers in this subnet to be connected to the VPN tunnel Reference When this VPN tunnel is connect...

Page 152: ...uthentication Dynamic IP E mail Addr USER FQDN Authentication 1 IP only If users decide to use IP only entering the IP address is the only way to gain access to this tunnel The WAN IP address will be...

Page 153: ...users may select this option to link to VPN If the remote VPN gateway requires connection to the device for VPN connection this device will start authentication and respond to this VPN tunnel connecti...

Page 154: ...elect the desired encryption mode as illustrated below Encryption Management Protocol When users set this VPN tunnel to use any encryption and authentication mode users must set the parameter of this...

Page 155: ...PN tunnel to use any authentication mode Note that this parameter must be identical to that of the remote authentication mode MD5 or SHA1 Phase 1 SA Life Time The life time for this exchange code is s...

Page 156: ...ection This is mostly used to connect the remote node of the branch office and headquarter or used for the remote dynamic IP address AH hash calculation For AH Authentication Header users may select M...

Page 157: ...stable server which is able to send reply quickly We suggest using the LAN IP address of the VPN remote end point device as the target of the Heart Beat detection Interval The default time for the He...

Page 158: ...l le es ss s R Ro ou ut te er r 157 Enabled PPTP Server When this option is selected the point to point tunnel protocol PPTP server can be enabled PPTP IP Address Range Please enter PPTP IP address ra...

Page 159: ...All PPTP Status Displays all successfully connected users including username remote IP address and PPTP address 10 1 3 VPN Pass Through IPSec Pass Through If this option is enabled the PC is allowed...

Page 160: ...cess by entering Server IP User Name and Password 2 Central Control Feature Displays a clear VPN connection status of all remote ends and branches Its central control screen allows setup from remote i...

Page 161: ...contention drops The range is 1 60 mins QVM Backup Tunnel You can input at most 3 backup IP addresses or domain names for backup Once the connection is dropped the function will be automatically enab...

Page 162: ...he DMZ Host function is selected to cancel this function users must input 0 in the following DMZ Private IP This function will then be closed After the changes are completed click Apply to save the ne...

Page 163: ...80 to access the web page In the same way to set up other services please input the server TCP or UDP port number and the virtual host IP addresses Service To select from this option the default list...

Page 164: ...elect whether a service port is TCP or UDP Port Range To activate this function input the range of the service port locations users want to activate such as 500 500 or 2300 2310 etc Add to list Add th...

Page 165: ...is 21 21 Please refer to the default service number list Host Name or IP Address Input the Intranet virtual IP address or name that maps with UPnP such as 192 168 1 100 Enabled Activate this function...

Page 166: ...rmation Protocol When there are more than one router and IP subnets the routing mode for the device should be configured as static routing Static routing enables different network nodes to seek necess...

Page 167: ...s is the router layer count for the IP If there are two routers under the device users should input 2 for the router layer the default is 1 Max is 15 Interface This is to select WAN port or LAN port f...

Page 168: ...heir own public IP addresses For example if there are more than 2 web servers requiring public IP addresses administrators can map several public IP addresses directly to internal private IP addresses...

Page 169: ...ase do not include IP addresses in use by WANs Add to List Add this configuration to the One to One NAT list Delete Seleted Item Remove a selected One to One NAT list Apply Click Apply to save the net...

Page 170: ...nged from time to time To overcome this problem for users who want to build services such as a website it offers the function of dynamic web address transfer This service can be applied from http www...

Page 171: ...ct one of the four DDNS website address transfer functions Username The name which is set up for DDNS Input a complete website address such as abc qnoddns org cn as a user name for QnoDDNS Password Th...

Page 172: ...171 Apply After the changes are completed click Apply to save the network configuration modification Cancel Click Cancel to leave without making any changes Register for Qno DDNS 1 Please go to Qno w...

Page 173: ...ress which users used to register this product and the serial number of the product to log in to the QnoDDNS Service System Be sure to input an available e mail address so that the password sent from...

Page 174: ...u ut te er r 173 3 Rules for Applying a Domain Name The Domain should have at least 4 letters and no more than 63 letters The Domain name should only consist of a z lowercase letter and 0 9 numerals a...

Page 175: ...V VP PN N Q Qo oS S W Wi ir re el le es ss s R Ro ou ut te er r 174...

Page 176: ...Users can input the network card physical address MAC address 00 xx xx xx xx xx here The device will adopt this MAC address when requesting IP address from ISP Select the WAN port to which the configu...

Page 177: ...nd Time setting is in Chapter 5 2 12 1 Diagnostic The device provides a simple online network diagnostic tool to help users troubleshoot network related problems This tool includes DNS Name Lookup Dom...

Page 178: ...m informs users of the status quo of the outbound session and allows the user to know the existence of computers online On this test screen please enter the host IP that users want to test such as 192...

Page 179: ...he Firmware Upgrade page Please confirm all information about the software version in advance Select and browse the software file click Firmware Upgrade Right Now to complete the upgrade of the design...

Page 180: ...content of parameter settings into the device Before upgrade confirm all information about the software version Select and browse the backup parameter file config exp Select the file and click Import...

Page 181: ...Through this SNMP communications protocol programs with network management i e SNMP Tools HP Open View can help communications of real time management The device supports standard SNMP v1 v2c and is...

Page 182: ...Set the name of the group or community that can view the device SNMP data The default setting is Public Set Community Name Set the name of the group or community that can receive the device SNMP data...

Page 183: ...o ou ut te er r 182 12 5 System Recover Users can restart the device with System Recover button System Recover As the figure below if clicking Restart Router button the dialog block will pop out confi...

Page 184: ...Qo oS S W Wi ir re el le es ss s R Ro ou ut te er r 183 Return to Factory Default Setting If clicking Return to Factory Default Setting the dialog block will pop out if the device will return to fact...

Page 185: ...nt and look up we can see the relevant operation status which is convenient for us to facilitate the setup and operation 13 1 System Log Its system log offers three options system log E mail alert and...

Page 186: ...ng warning message Click to activate these features Syn Flooding IP Spoofing Win Nuke Ping of Death Unauthorized Login Attempt Syn Flooding Bulky syn packet transmission in a short time causes the ove...

Page 187: ...or instance message will be recorded in the system log Allow Policies If remote users enter the system because of compliance with access rules for instance message will be recorded in the system log C...

Page 188: ...le es ss s R Ro ou ut te er r 187 Outgoing Packet Log View system packet log which is sent out from the internal PC to the Internet This log includes LAN IP destination IP and service port that is ap...

Page 189: ...Packet Log View system packet log of those entering the firewall The log includes information about the external source IP addresses destination IP addresses and service ports It is illustrated as be...

Page 190: ...mation such as port location device name current WAN link status IP address MAC address subnet mask default gateway DNS number of received sent total packets number of received sent total Bytes Receiv...

Page 191: ...es will be displayed on the Traffic Statistic page to provide better traffic management and control Inbound IP Source Address The figure displays the source IP address bytes per second and percentage...

Page 192: ...t te er r 191 Inbound IP Service The figure displays the network protocol type destination IP address bytes per second and percentage Outbound IP Service The figure displays the network protocol type...

Page 193: ...e allows administrators to inquire a specific IP or from a specific port about the addresses that this IP had visited or the users source IP who used this service port This facilitates the identificat...

Page 194: ...Enter the IP address that users want to inquire and then the entire destination IP connected to remote devices as well as the number of ports will be displayed Specific Port Status Enter the service...

Page 195: ...V VP PN N Q Qo oS S W Wi ir re el le es ss s R Ro ou ut te er r 194...

Page 196: ...R Ro ou ut te er r 195 XVI Log out On the top right corner of the web based UI there is a Logout button Click on it to log out of the web based UI To enter next time open the Web browser and enter the...

Page 197: ...er r 196 Appendix I Troubleshooting 1 Block BT Download To block BT and prevent downloading by users go to the Firewall Content Filter and select Enable Website Block by Keywords followed by the inpu...

Page 198: ...d Worm viruses recently the internet transmission speed was brought down and the Session bulky increase result in the massive processing load of the device The following guides users to block this vir...

Page 199: ...V VP PN N Q Qo oS S W Wi ir re el le es ss s R Ro ou ut te er r 198 Use the same method to add UDP UDP135 139 and TCP 445 445 Ports c Enhance the priority level of these three to the highest...

Page 200: ...and enter Firewall Access Rule b Click Add New Rule under Access Rule page Select Deny in Action under the Service rule setting followed by the selection of All Traffic TCP UDP 1 65535 from the servi...

Page 201: ...ut te er r 200 121 14 75 115 60 28 234 117 60 28 235 119 222 28 155 17 QQ LiveVersion QQ Live 2008 7 0 4017 0 Tested on 2008 07 29 After repeated addition users may see the links to the QQLive Server...

Page 202: ...Protocol In LAN what is actually transmitted is frame in which there is MAC address of the destination host device So called Address Analysis refers to the transferring process of the target IP addres...

Page 203: ...in the device or LAN PC The former intercepts the gateway data and send ceaselessly a series of wrong MAC messages to the device which sends out wrong MAC address The PC thus cannot receive the messag...

Page 204: ...idently this is a cheat by ARP 3 ARP Solution Now we understand ARP ARP cheat and attack as well as how to identify this type of attack What comes next is to find out effective prevention measures to...

Page 205: ...in the network follow the same way to enter the IP and MAC address of the corresponding device to complete the binding work However if this act restarts the computer the setting will be cancelled Ther...

Page 206: ...carry out the prevention work However this is more complicated because the search for the IP and address and MAC increases the workload Moreover there is greater possibility of making errors during th...

Page 207: ...ore recommended because of easy operation reducing workload and time efficiency It is described in the following Enter Setup under the DHCP page and look for IP and MAC binding On the right there is a...

Page 208: ...c operations can help solve the problem but Qno s technical engineers suggest that further measures should be taken to prevent the ARP attack 1 Deal with virus source as well as the source device affe...

Page 209: ...and invasion of the virus Some users of the pirate version of Windows cannot install patches successfully Users are advised to use network firewall and other measures for protection 6 Close some unne...

Page 210: ...onto the Qno s bandwidth forum refer to the examples of the FTP server or contact the technical department of Qno s dealers as well as the Qno s Mainland technical center Qno Official Website http www...

Search results

Summary of Contents for VPN QoS

Reviews:

Related manuals for VPN QoS

Brands by name

Popular brands

QNO VPN QoS, User Manual

Search results

Summary of Contents for VPN QoS

Reviews:

Related manuals for VPN QoS

Brands by name

Popular brands