background image

 

149

STEP 10

Enter the following setting in 

Outgoing

 

Policy:

(Figure11-15) 

„

 Authentication 

User:

 Select All_NET. 

„

 Schedule: 

Select Schedule_1. 

„

 QoS: 

Select QoS_1. 

„

 Tunnel:

 Select IPSec_VPN_Tunnel. 

„

 

Click 

OK

.(Figure11-16) 

 

Figure11-15 Setting the VPN Tunnel Outgoing Policy 

 

 

Figure11-16 Complete the VPN Tunnel Outgoing Policy Setting 

 

Summary of Contents for Barricade SMCBR21VPN

Page 1: ...Barricade Dual WAN Port Load Balancing VPN Router SMCBR21VPN ...

Page 2: ...No license is granted by implication or otherwise under any patent or patent rights of SMC SMC reserves the right to change specifications at any time without notice Copyright 2008 by SMC Networks Inc 20 Mason Irvine CA 92618 All rights reserved Printed in Taiwan Trademarks SMC is a registered trademark and EZ Connect is a trademark of SMC Networks Inc Other product and company names are trademark...

Page 3: ...t SMC price list As new technologies emerge older technologies become obsolete and SMC will at its discretion replace an older product in its product line with one that incorporates these newer technologies At that point the obsolete product is discontinued and is no longer an Active SMC product A list of discontinued products with their respective dates of discontinuance can be found at http www ...

Page 4: ... TO ASSUME FOR IT ANY OTHER LIABILITY IN CONNECTION WITH THE SALE INSTALLATION MAINTENANCE OR USE OF ITS PRODUCTS SMC SHALL NOT BE LIABLE UNDER THIS WARRANTY IF ITS TESTING AND EXAMINATION DISCLOSE THE ALLEGED DEFECT IN THE PRODUCT DOES NOT EXIST OR WAS CAUSED BY CUSTOMER S OR ANY THIRD PERSON S MISUSE NEGLECT IMPROPER INSTALLATION OR TESTING UNAUTHORIZED ATTEMPTS TO REPAIR OR ANY OTHER CAUSE BEYO...

Page 5: ...TO STATE NOTHING IN THIS WARRANTY SHALL BE TAKEN TO AFFECT YOUR STATUTORY RIGHTS SMC will provide warranty service for one year following discontinuance from the active SMC price list Under the limited lifetime warranty internal and external power supplies fans and cables are covered by a standard one year warranty from date of purchase SMC Networks Inc 20 Mason Irvine CA 92618 ...

Page 6: ...ry to correct the interference by one or more of the following measures Reorient the receiving antenna Increase the separation between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radio TV technician for help EC Conformance Declaration Class A SMC contact for these products i...

Page 7: ... 3 1996 80 1000 MHz with 1 kHz AM 80 Modulation 3 V m Electrical fast transient burst according to EN 61000 4 4 1995 AC DC power supply 1 kV Data Signal lines 0 5 kV Surge immunity test according to EN 61000 4 5 1995 AC DC Line to Line 1 kV AC DC Line to Earth 2 kV Immunity to conducted disturbances Induced by radio frequency fields EN 61000 4 6 1996 0 15 80 MHz with 1 kHz AM 80 Modulation 3 V m P...

Page 8: ...t to comply with international safety standards Do not connect the unit to an A C outlet power supply without an earth ground connection The appliance coupler the connector to the unit and not the wall plug must have a configuration for mating with an EN 60320 IEC 320 appliance inlet The socket outlet must be near to the unit and easily accessible You can only remove power from the unit by disconn...

Page 9: ...proximité de l appareil et son accès doit être facile Vous ne pouvez mettre l appareil hors circuit qu en débranchant son cordon électrique au niveau de cette prise L appareil fonctionne à une tension extrêmement basse de sécurité qui est conforme à la norme IEC 60950 Ces conditions ne sont maintenues que si l équipement auquel il est raccordé fonctionne dans les mêmes conditions Bitte unbedingt v...

Page 10: ... Gerätenetzkabels aus der Netzsteckdose unterbrochen werden Der Betrieb dieses Geräts erfolgt unter den SELV Bedingungen Sicherheitskleinstspannung gemäß IEC 60950 Diese Bedingungen sind nur gegeben wenn auch die an das Gerät angeschlossenen Geräte unter SELV Bedingungen betrieben werden Stromkabel Dies muss von dem Land in dem es benutzt wird geprüft werden Schweiz Dieser Stromstecker muß die SEV...

Page 11: ...discharge when handling this equipment Caution Do not plug a phone jack connector in the RJ 45 port This may damage this device Les raccordeurs ne sont pas utilisé pour le système téléphonique Caution Use only twisted pair cables with RJ 45 connectors that conform to FCC standards Warnings in German Achtung Dieses Produkt enthält keine Teile die eine Wartung vom Benutzer benötigen Achtung Installa...

Page 12: ...f the product s life span Continual monitoring of safety standards End of Product Life Span This product is manufactured in such a way as to allow for the recovery and disposal of all included electrical components once the product has reached the end of its life Manufacturing Materials There are no hazardous nor ozone depleting materials in this product Documentation All printed documentation for...

Page 13: ... equipment consequently it assumes a basic working knowledge of LANs Local Area Networks Diese Anleitung ist für die Benutzung durch Netzwerkadministratoren vorgesehen die für die Installation und das einstellen von Netzwerkkomponenten verantwortlich sind sie setzt Erfahrung bei der Arbeit mit LANs Local Area Networks voraus ...

Page 14: ...R 2 CONFIGURE 23 SETTING 28 DATE TIME 34 MULTIPLE SUBNET 35 ROUTE TABLE 38 DDNS 44 HOST TABLE 46 LANGUAGE 47 CHAPTER 3 INTERFACE 48 LAN 53 WAN 54 DMZ 62 CHAPTER 4 ADDRESS 64 EXAMPLE 67 CHAPTER 5 SERVICE 74 CUSTOM 78 GROUP 82 CHAPTER 6 SCHEDULE 85 EXAMPLE 86 CHAPTER 7 QOS 88 EXAMPLE 92 ...

Page 15: ...RVER 118 EXAMPLE 122 CHAPTER 11 VPN 137 EXAMPLE 145 CHAPTER 12 POLICY 169 EXAMPLE 175 CHAPTER 13 ALERT SETTING 193 INTERNET ALERT 198 CHAPTER 14 ATTACK ALARM 202 INTERNAL ALARM 204 EXTERNAL ALARM 205 CHAPTER 15 LOG 207 TRAFFIC LOG 209 EVENT LOG 214 CONNECTION LOG 217 LOG BACKUP 220 CHAPTER 16 ACCOUNTING REPORT 222 OUTBOUND 225 INBOUND 232 ...

Page 16: ...15 CHAPTER 17 STATISTICS 238 WAN STATISTICS 240 POLICY STATISTICS 242 CHAPTER 18 STATUS 244 INTERFACE 245 AUTHENTICATION 247 ARPTABLE 248 DHCP CLIENTS 249 ...

Page 17: ...of packets that pass through the SMC BR21VPN and monitoring controls The System Administrators can manage monitor and configure SMC BR21VPN settings But all configurations are read only for all users other than the System Administrator those users are not able to change any setting of the SMC BR21VPN ...

Page 18: ...f Administrators Admin or Sub Admin The username of the main Administrator is Administrator with reading writing privilege Administrator also can change the system setting log system status and to increase or delete sub administrator Sub Admin may be created by the Admin by clicking New Sub Admin Sub Admin have only read and monitor privilege and cannot change any system setting value Configure Cl...

Page 19: ...dmin button to create a new Sub Administrator STEP 2 In the Add New Sub Administrator WebUI Figure 1 1 and enter the following setting Sub Admin Name sub_admin Password 12345 Confirm Password 12345 STEP 3 Click OK to add the user or click Cancel to cancel it Figure1 1 Add New Sub Admin ...

Page 20: ...e you want to edit and click on Modify in the Configure field STEP 2 The Modify Administrator Password WebUI will appear Enter the following information Password admin New Password 52364 Confirm Password 52364 Figure1 2 STEP 3 Click OK to confirm password change Figure1 2 Modify Admin Password ...

Page 21: ...dd new permitted IPs Figure1 4 Figure1 3 Setting Permitted IPs WebUI Figure1 4 Complete Add New Permitted IPs To make Permitted IPs be effective it must cancel the Ping and WebUI selection in the WebUI of SMC BR21VPN that Administrator enter LAN WAN or DMZ Interface Before canceling the WebUI selection of Interface must set up the Permitted IPs first otherwise it would cause the situation of canno...

Page 22: ...1 Click Logout in System to protect the system while Administrator are away Figure1 5 Figure1 5 Confirm Logout WebUI STEP 2 Click OK and the logout message will appear in WebUI Figure1 6 Figure1 6 Logout WebUI Message ...

Page 23: ... which manage the SMC BR21VPN Click Browse and choose the latest software version file Click OK and the system will update automatically Figure1 7 Figure1 7 Software Update It takes 3 minutes to update software The system will reboot after update During the updating time please don t turn off the PC or leave the WebUI It may cause some unexpected mistakes Strong suggests updating the software from...

Page 24: ...onfigure Configure The Configure is according to the basic setting of the SMC BR21VPN In this chapter the definition is Setting Date Time Multiple Subnet Route Table DHCP Dynamic DNS Hosts Table and Language settings ...

Page 25: ...cked by hackers or when emergency conditions occur It can be set from Settings Hacker Alert in System to detect Hacker Attacks Web Management WAN Interface The System Manager can change the port number used by HTTP port anytime Remote WebUI management After HTTP port has changed if the administrator want to enter WebUI from WAN will have to change the port number of browser For example http 61 62 ...

Page 26: ...N with the System Clock The administrator can configure the SMC BR21VPN s date and time by either syncing to an Internet Network Time Server NTP or by syncing to your computer s clock GMT International Standard Time Greenwich Mean Time Define the required fields of Multiple Subnet Forwarding Mode To display the mode that Multiple Subnet use NAT mode or Routing Mode WAN Interface Address The IP add...

Page 27: ...ment department subnet 192 168 4 1 24 LAN ÅÆ 168 85 88 250 WAN 5 Accounting department subnet 192 168 5 1 24 LAN ÅÆ 168 85 88 249 WAN The first department R D department had set while setting interface IP the other four ones have to be added in Multiple Subnet After completing the settings each department uses the different WAN IP Address to connect to the Internet The settings of each department ...

Page 28: ...NS Domain Name The domain name that provided by DDNS WAN IP Address The WAN IP Address which the domain name corresponds to Define the required fields of Host Table Domain Name It can be set by System Manager To let the internal user to access to the information that provided by the host by this domain name Virtual IP Address The virtual IP address respective to Host Table It must be LAN or DMZ IP...

Page 29: ...tem Settings to Client STEP 2 When the File Download pop up window appears choose the destination place where to save the exported file and click on Save The setting value of SMC BR21VPN will copy to the appointed site instantly Figure2 1 Figure2 1 Select the Destination Place to Save the Exported File ...

Page 30: ... from Client When the Choose File pop up window appears select the file to which contains the saved SMC BR21VPN Settings then click OK Figure2 2 STEP 2 Click OK to import the file into the SMC BR21VPN Figure2 3 Figure 2 2 Enter the File Name and Destination of the Imported File Figure 2 3 Upload the Setting File WebUI ...

Page 31: ...30 Restoring Factory Default Settings STEP 1 Select Reset Factory Settings in SMC BR21VPN Configuration WebUI STEP 2 Click OK at the bottom right of the page to restore the factory settings Figure2 4 ...

Page 32: ...31 Figure2 4 Reset Factory Settings ...

Page 33: ...r IP Enter SMTP server s IP address STEP 5 E Mail Address 1 Enter the e mail address of the first user to be notified STEP 6 E Mail Address 2 Enter the e mail address of the second user to be notified Optional STEP 7 Click OK on the bottom right of the screen to enable E mail Alert Notification Figure2 5 Figure2 5 Enable E mail Alert Notification Click on Mail Test to test if E mail Address 1 and ...

Page 34: ...boot SMC BR21VPN Click Reboot button next to Reboot SMC BR21VPN Appliance STEP 2 A confirmation pop up page will appear STEP 3 Follow the confirmation pop up page click OK to restart SMC BR21VPN Figure2 6 Figure2 6 Reboot SMC BR21VPN ...

Page 35: ...m GMT STEP 3 Enter the Server IP Name with which you want to synchronize STEP 4 Set the interval time to synchronize with outside servers Figure2 7 System Time Setting Click on the Sync button and then the SMC BR21VPN s date and time will be synchronized to the Administrator s PC The value of Set Offset From GMT and Server IP Name can be looking for from Assist ...

Page 36: ...T or Routing Mode by the IP address that set by the LAN user s network card Preparation SMC BR21VPN WAN1 10 10 10 1 connect to the ISP Router 10 10 10 2 and the subnet that provided by ISP is 162 172 50 0 24 To connect to Internet WAN2 IP 211 22 22 22 connects with ATUR ...

Page 37: ...try Alias IP of LAN Interface Enter 162 172 50 1 Netmask Enter 255 255 255 0 WAN1 Enter Interface IP 10 10 10 1 and choose Routing in Forwarding Mode WAN2 Enter Interface IP 211 22 22 22 and choose NAT in Forwarding Mode Click OK Complete Adding Multiple Subnet Figure2 8 Figure 2 8 Add Multiple Subnet WebUI ...

Page 38: ...access to Internet by WAN2 If by WAN1 Routing mode then it cannot access to Internet by its virtual IP 162 172 50 xx it uses Routing mode through WAN1 The Internet Server can see your IP 162 172 50 xx directly And uses NAT mode through WAN2 The Internet Server can see your IP as WAN2 IP Figure2 9 Figure 2 9 Multiple Subnet Network The SMC BR21VPN s Interface Status WAN1 IP 10 10 10 1 WAN2 IP 211 2...

Page 39: ... 11 11 connects with ATUR to Internet WAN2 211 22 22 22 connects with ATUR to Internet LAN subnet 192 168 1 1 24 The Router1 which connect with LAN 10 10 10 1 support RIPv2 its LAN subnet is 192 168 10 1 24 Company B Router2 10 10 10 2 support RIPv2 its LAN subnet is 192 168 20 1 24 Company A s Router1 10 10 10 1 connect directly with Company B s Router2 10 10 10 2 ...

Page 40: ...255 0 Gateway Enter 192 168 1 252 Interface Select LAN Click OK Figure 2 10 Figure2 10 Add New Static Route1 STEP 2 Enter the following settings in Route Table in System function Destination IP Enter 192 168 20 1 Netmask Enter 255 255 255 0 Gateway Enter 192 168 1 252 Interface Select LAN Click OK Figure 2 11 Figure2 11 Add New Static Route2 ...

Page 41: ...the following setting in Route Table in System function Destination IP Enter 10 10 10 0 Netmask Enter 255 255 255 0 Gateway Enter 192 168 1 252 Interface Select LAN Click OK Figure 2 12 Figure2 12 Add New Static Route3 ...

Page 42: ...TEP 4 Adding successful At this time the computer of 192 168 10 1 24 192 168 20 1 24 and 192 168 1 1 24 can connect with each other and connect to Internet by NAT Figure 2 13 Figure 2 13 Route Table Setting ...

Page 43: ...s Range 1 Enter the starting and the ending IP address dynamically assigning to DHCP clients The default value is 192 168 1 2 to 192 168 1 254 it must be in the same subnet Client IP Address Range 2 Enter the starting and the ending IP address dynamically assigning to DHCP clients But it must in the same subnet as Client IP Address Range 1 and the range cannot be repeated DMZ Interface the same as...

Page 44: ...g Automatically Get DNS the DNS Server will lock it as LAN Interface IP Using Occasion When the system Administrator starts Authentication the users first DNS Server must be the same as LAN Interface IP in order to enter Authentication WebUI ...

Page 45: ...oviders Select service providers Automatically fill in the WAN 1 2 IP Check to automatically fill in the WAN 1 2 IP User Name Enter the registered user name Password Enter the password Domain name Enter Your host domain name Click OK to add Dynamic DNS Figure2 16 Figure2 15 DDNS WebUI Figure 2 16 Complete DDNS Setting ...

Page 46: ...ver Unknown error If System Administrator had not registered a DDNS account click on Sign up then can enter the website of the provider If you do not select Automatically fill in the WAN IP and then you can enter a specific IP in WAN IP Let DDNS to correspond to that specific IP address ...

Page 47: ...domain name of the server Virtual IP Address The virtual IP address respective to Host Table Click OK to add Host Table Figure2 17 Figure2 17 Add New Host Table To use Host Table the user PC s first DNS Server must be the same as the LAN Port or DMZ Port IP of SMC BR21VPN That is the default gateway ...

Page 48: ...47 Language Select the Language version English Version Traditional Chinese Version or Simplified Chinese Version and click OK Figure2 18 Figure2 18 Language Setting WebUI ...

Page 49: ... the Administrator can set up the IP addresses for the office network The Administrator may configure the IP addresses of the LAN network the WAN 1 2 network and the DMZ network The Netmask and gateway IP addresses are also configured in this section ...

Page 50: ...st the WAN 1 2 utility rate automatically according to the downstream upstream of WAN For users who are using various download bandwidth Round Robin The SMC BR21VPN distributes the WAN 1 2 download bandwidth 1 1 in other words it selects the agent by order For users who are using same download bandwidths By Traffic The SMC BR21VPN distributes the WAN 1 2 download bandwidth by accumulative traffic ...

Page 51: ...ct to Internet or not The testing ways are as following ICMP To test if the connection is successful or not by the Ping IP you set DNS To test if the connection is successful or not by checking Domain Name Upstream Downstream Bandwidth The System Administrator can set up the correct Bandwidth of WAN network Interface here Auto Disconnect The PPPoE connection will automatically disconnect after a l...

Page 52: ... DMZ network The DMZ includes NAT Mode In this mode the DMZ is an independent virtual subnet This virtual subnet can be set by the Administrator but cannot be the same as LAN Interface Transparent Mode In this mode the DMZ and WAN Interface are in the same subnet ...

Page 53: ...es in this chapter No Suitable Situation Example Page Ex1 LAN Modify LAN Interface Settings 41 Ex2 WAN Setting WAN Interface Address 42 Ex3 DMZ Setting DMZ Interface Address NAT Mode 50 Ex4 DMZ Setting DMZ Interface Address Transparent Mode 51 ...

Page 54: ...AN Interface WebUI The default LAN IP Address is 192 168 1 1 After the Administrator setting the new LAN IP Address on the computer he she have to restart the System to make the new IP address effective when the computer obtain IP by DHCP Do not cancel WebUI selection before not setting Permitted IPs yet It will cause the Administrator cannot be allowed to enter the SMC BR21VPN s WebUI from LAN ...

Page 55: ...rface and click Modify in WAN1 Interface The setting of WAN2 Interface is almost the same as WAN1 The difference is that WAN2 has a selection of Disable The System Administrator can close WAN2 Interface by this selection Figure3 2 Figure3 2 Disable WAN2 Interface ...

Page 56: ... Name can select from Assist Figure3 4 Setting time of seconds between sending alive packet Figure3 3 ICMP Connection Figure 3 4 DNS Service Connection test is used for SMC BR21VPN to detect if the WAN can connect or not So the Alive Indicator Site IP DNS Server IP Address or Domain Name must be able to use permanently Or it will cause judgmental mistakes of the device ...

Page 57: ...unt 3 Enter Password as the password 4 Select Dynamic or Fixed in IP Address provided by ISP If you select Fixed please enter IP Address Netmask and Default Gateway 5 Enter Max Downstream Bandwidth and Max Upstream Bandwidth According to the flow that user apply 6 Select Ping and HTTP 7 Click OK Figure3 6 ...

Page 58: ...nnection Figure3 6 Complete PPPoE Connection Setting If the connection is PPPoE you can choose Service On Demand for WAN Interface to connect automatically when disconnect or to set up Auto Disconnect if idle not recommend ...

Page 59: ...n click on Clone MAC Address to obtain MAC IP automatically 4 Hostname Enter the hostname provided by ISP 5 Domain Name Enter the domain name provided by ISP 6 User Name and Password are the IP distribution method according to Authentication way of DHCP protocol like ISP in China 7 Enter Max Downstream Bandwidth and Max Upstream Bandwidth According to the flow that user apply 8 Select Ping and HTT...

Page 60: ...59 Figure3 7 Dynamic IP Address Connection Figure3 8 Complete Dynamic IP Connection Setting ...

Page 61: ... provided by ISP 3 Enter DNS Server1 and DNS Server2 In WAN2 the connecting of Static IP Address does not need to set DNS Server 4 Enter Max Downstream Bandwidth and Max Upstream Bandwidth According to the flow that user apply 5 Select Ping and HTTP 6 Click OK Figure3 10 Figure3 9 Static IP Address Connection ...

Page 62: ...twork Interface users will be able to ping the SMC BR21VPN and enter the WebUI WAN network It may influence network security The suggestion is to Cancel Ping and WebUI after all the settings have finished And if the System Administrator needs to enter UI from WAN he she can use Permitted IPs to enter ...

Page 63: ...T Mode STEP 1 Click DMZ Interface STEP 2 Select NAT Mode in DMZ Interface Select NAT in DMZ Interface Enter IP Address and Netmask STEP 3 Select Ping and HTTP STEP 4 Click OK Figure3 11 Figure3 11 Setting DMZ Interface Address NAT Mode WebUI ...

Page 64: ...lect Transparent Mode in DMZ Interface Select DMZ_Transparent in DMZ Interface STEP 1 Select Ping and HTTP STEP 2 Click OK Figure3 12 Figure 3 12 Setting DMZ Interface Address Transparent Mode WebUI In WAN the connecting way must be Static IP Address and can choose Transparent Mode in DMZ ...

Page 65: ...eds to create a control policy for packets of different IP addresses he can first add a new group in the LAN Group or the WAN Group and assign those IP addresses into the newly created group Using group addresses can greatly simplify the process of building control policies With easily recognized names of IP addresses and names of address groups shown in the address table the Administrator can use...

Page 66: ... should be set as 255 255 255 255 When correspond to several IP of a specific Domain Take 192 168 100 1 C Class subnet as an example it should be set as 255 255 255 0 MAC Address Correspond a specific PC s MAC Address to its IP it can prevent users changing IP and accessing to the net service through policy without authorizing Get Static IP address from DHCP Server When enable this function and th...

Page 67: ...on Example Page Ex1 LAN Under DHCP circumstances assign the specific IP to static users and restrict them to access FTP net service only through policy 55 Ex2 LAN Group WAN Set up a policy that only allows partial users to connect with specific IP External Specific IP 58 ...

Page 68: ... Address and enter the following settings Click New Entry button Figure4 1 Name Enter Rayearth IP Address Enter 192 168 3 2 Netmask Enter 255 255 255 255 MAC Address Enter the user s MAC Address 00 B0 18 25 F5 89 Select Get static IP address from DHCP Server Click OK Figure4 2 Figure 4 1 Setting LAN Address Book WebUI Figure4 2 Complete the Setting of LAN ...

Page 69: ...cy of Restricting the Specific IP to Access to Internet STEP 3 Complete assigning the specific IP to static users in Outgoing Policy and restrict them to access FTP net service only through policy Figure4 4 Figure 4 4 Complete the Policy of Restricting the Specific IP to Access to Internet ...

Page 70: ...omatically In LAN of Address function the SMC BR21VPN will default an Inside Any address represents the whole LAN network automatically Others like WAN DMZ also have the Outside Any and DMZ Any default address setting to represent the whole subnet The setting mode of WAN and DMZ of Address are the same as LAN the only difference is WAN cannot set up MAC Address ...

Page 71: ...70 Setup a policy that only allows partial users to connect with specific IP External Specific IP STEP 1 Setting several LAN network Address Figure4 5 Figure4 5 Setting Several LAN Network Address ...

Page 72: ...igure 4 6 Enter the Name of the group Select the users in the Available Address column and click Add Click OK Figure 4 7 Figure4 6 Add New LAN Address Group Figure4 7 Complete Adding LAN Address Group The setting mode of WAN Group and DMZ Group of Address are the same as LAN Group ...

Page 73: ...he following settings in WAN of Address function Click New Entry Figure4 8 Enter the following data Name IP Address Netmask Click OK Figure4 9 Figure4 8 Add New WAN Address Figure4 9 Complete the Setting of WAN Address ...

Page 74: ... STEP 4 To exercise STEP1 3 in Policy Figre4 10 4 11 Figure4 10 To Exercise Address Setting in Policy Figure4 11 Complete the Policy Setting The Address function really take effect only if use with Policy ...

Page 75: ...ervices can be added There are three sub menus under Service which are Pre defined Custom and Group The Administrator can simply follow the instructions below to define the protocols and port numbers for network communication applications Users then can connect to servers and other computers through these available network services How to use Service The Administrator can add new service group nam...

Page 76: ...75 it takes only one control policy to achieve the same effect as the 50 control policies ...

Page 77: ...NET VDO Live WAIS WINFRAME X WINDOWS etc UDP Service For example IKE DNS NTP IRC RIP SNMP SYSLOG TALK TFTP UDP ANY UUCP etc ICMP Service Foe example PING TRACEROUTE etc New Service Name The System Manager can name the custom service Protocol The protocol type to be used in connection for device such as TCP and UDP mode Client Port The port number of network card of clients The range is 1024 65535 ...

Page 78: ...low external user to communicate with internal user by VoIP through policy VoIP Port TCP 1720 TCP 15325 15333 UDP 15325 15333 65 Ex2 Group Setting service group and restrict the specific users only can access to service resource that provided by this group through policy Group HTTP POP3 SMTP DNS 69 ...

Page 79: ... internal user by VoIP through policy VoIP Port TCP 1720 TCP 15328 15333 UDP 15328 15333 STEP 1 Set LAN and LAN Group in Address function as follows Figure5 1 5 2 Figure5 1 Setting LAN Address Book WebUI Figure5 2 Setting LAN Group Address Book WebUI ...

Page 80: ...o change the Client Port and set the Server Port as 1720 1720 Protocol 2 select TCP need not to change the Client Port and set the Server Port as 15328 15333 Protocol 3 select UDP need not to change the Client Port and set the Server Port as 15328 15333 Click OK Figure5 4 Figure5 3 Add User Define Service Figure5 4 Complete the Setting of User Define Service of VoIP ...

Page 81: ... suggested If the port numbers that enter in the two spaces are different port number then enable the port number under the range between the two different port numbers for example 15328 15333 And if the port number that enter in the two space are the same port number then enable the port number as one for example 1720 1720 ...

Page 82: ...re5 6 Complete the Policy for External VoIP to Connect with Internal VoIP STEP 5 In Outgoing Policy complete the setting of internal users using VoIP to connect with external network VoIP Figure5 7 Figure5 7 Complete the Policy for Internal VoIP to Connect with External VoIP Service must cooperate with Policy and Virtual Server that the function can take effect ...

Page 83: ...resource that provided by this group through policy Group HTTP POP3 SMTP DNS STEP 1 Enter the following setting in Group of Service Click New Entry Figure 5 8 Name Enter Main_Service Select HTTP POP3 SMTP DNS in Available Service and click Add Click OK Figure 5 9 Figure5 8 Add Service Group ...

Page 84: ...83 Figure5 9 Complete the setting of Adding Service Group If you want to remove the service you choose from Selected Service choose the service you want to delete and click Remove ...

Page 85: ... Address function Setting an Address Group that can include the service of access to Internet Figure5 10 Figure5 10 Setting Address Book Group STEP 3 Compare Service Group to Outgoing Policy Figure5 11 Figure5 11 Setting Policy ...

Page 86: ...then the Administrator can set the start time and stop time or VPN connection in Policy or VPN By using the Schedule function the Administrator can save a lot of management time and make the network system most effective How to use the Schedule The system Administrator can use schedule to set up the device to carry out the connection of Policy or VPN during several different time division automati...

Page 87: ...s to access to Internet in a day STEP 1 Enter the following in Schedule Click New Entry Figure6 1 Enter Schedule Name Set up the working time of Schedule for each day Click OK Figure6 2 Figure6 1 Setting Schedule WebUI Figure6 2 Complete the Setting of Schedule ...

Page 88: ...87 STEP 2 Compare Schedule with Outgoing Policy Figure6 3 Figure6 3 Complete the Setting of Comparing Schedule with Policy The Schedule must compare with Policy ...

Page 89: ...eam Bandwidth To configure the Guaranteed Bandwidth and Maximum Bandwidth QoS Priority To configure the priority of distributing Upstream Downstream and unused bandwidth The SMC BR21VPN configures the bandwidth by different QoS and selects the suitable QoS through Policy to control and efficiently distribute bandwidth The SMC BR21VPN also makes it convenient for the administrator to make the Bandw...

Page 90: ...89 Figure7 2 the Flow After Using QoS Max Bandwidth 400Kbps Guaranteed Bandwidth 200Kbps ...

Page 91: ...aximum Bandwidth according to the bandwidth range you apply from ISP Priority To configure the priority of distributing Upstream Downstream and unused bandwidth Guaranteed Bandwidth The basic bandwidth of QoS The connection that uses the IPSec Autokey of VPN or Policy will preserve the basic bandwidth Maximum Bandwidth The maximum bandwidth of QoS The connection that uses the IPSec Autokey of VPN ...

Page 92: ...91 We set up two QoS examples in this chapter No Suitable Situation Example Page Ex1 QoS Setting a policy that can restrict the user s downstream and upstream bandwidth 79 ...

Page 93: ...d upstream bandwidth STEP 1 Enter the following settings in QoS Click New Entry Figure7 3 Name The name of the QoS you want to configure Enter the bandwidth in WAN1 WAN2 Select QoS Priority Click OK Figure7 4 Figure7 3 QoS WebUI Setting Figure7 4 Complete the QoS Setting ...

Page 94: ...licy Figure7 6 Complete Policy Setting When the administrator are setting QoS the bandwidth range that can be set is the value that system administrator set in the WAN of Interface So when the System Administrator sets the downstream and upstream bandwidth in WAN of Interface he she must set up precisely ...

Page 95: ...guring the Authentication you can control the user s connection authority The user has to pass the authentication to access to Internet The SMC BR21VPN configures the authentication of LAN s user by setting account and password to identify the privilege ...

Page 96: ...sing authentication If idle time exceeds the time you setup the authentication will be invalid The default value is 30 minutes URL to redirect when authentication succeed The user who had passes Authentication have to connect to the specific website It will connect to the website directly which the user want to login The default value is blank Messages to display when user login It will display th...

Page 97: ...96 z When the user connect to external network by Authentication the following page will be displayed Figure8 2 Figure8 2 Authentication Login WebUI ...

Page 98: ... passing Authentication Figure8 3 Figure8 3 Connecting to the Appointed Website After Authentication If the user ask for authentication positively can enter the LAN IP by the Authentication port number And then the Authentication WebUI will be displayed ...

Page 99: ...98 Auth User Name The user account for Authentication you want to set Password The password when setting up Authentication Confirm Password Enter the password that correspond to Password ...

Page 100: ...les in this chapter No Suitable Situation Example Page Ex1 Auth User Auth Group Setting specific users to connect with external network only before passing the authentication of policy Adopt the built in Auth User and Auth Group Function 87 ...

Page 101: ...ntication of policy Adopt the built in Auth User and Auth Group Function STEP 1 Setup several Auth User in Authentication Figire8 4 Figure8 4 Setting Several Auth Users WebUI To use Authentication the DNS Server of the user s network card must be the same as the LAN Interface Address of SMC BR21VPN ...

Page 102: ...thentication function and enter the following settings Click New Entry Name Enter laboratory Select the Auth User you want and Add to Selected Auth User Click OK Complete the setting of Auth User Group Figure8 5 Figure8 5 Setting Auth Group WebUI ...

Page 103: ...102 STEP 3 Add a policy in Outgoing Policy and input the Address and Authentication of STEP 2 Figure8 6 8 7 Figure8 6 Auth User Policy Setting Figure8 7 Complete the Policy Setting of Auth User ...

Page 104: ...ccess to Internet Figure8 8 STEP 5 If the user does not need to access to Internet anymore and is going to logout he she can click LOGOUT Auth User to logout the system Or enter the Logout Authentication WebUI http LAN Interface Authentication port number logout html to logout Figure8 9 Figure8 8 Access to Internet through Authentication WebUI Figure8 9 Logout Auth User WebUI ...

Page 105: ... key words and met character and Script Blocking The access authority of Popup ActiveX Java Cookies P2P Blocking The authority of sending files by eDonkey eMule Bit Torrent IM Blocking To restrict the authority of receiving video file and message from MSN Messenger Yahoo Messenger ICQ QQ Download Blocking To restrict the authority of download specific sub name file audio and some common video by h...

Page 106: ... Java Blocking Prevent Java packets Cookies Blocking Prevent Cookies packets eDonkey Blocking Prevent users to deliver files by eDonkey and eMule BitTorrent Blocking Prevent users to deliver files by BitTorrent WinMX Prevent users to deliver files by WinMX IM Blocking Prevent users to login MSN Messenger Yahoo Messenger ICQ QQ and Skype Audio and Video Types Prevent users to transfer sounds and vi...

Page 107: ...106 Sub name file Blocking Prevent users to deliver specific sub name file by http All Type Prevent users to send the Audio Video types and sub name file etc by http protocol ...

Page 108: ...estrict the Internal Users to access to Script file of Website 98 Ex3 P2P Blocking Restrict the Internal Users to access to the file on Internet by P2P 100 Ex4 IM Blocking Restrict the Internal Users to send message files video and audio by Instant Messaging 102 Ex5 Download Blocking Restrict the Internal Users to access to video audio and some specific sub name file from http or ftp protocol dire...

Page 109: ...u want to open up in URL String While adding you must enter the symbol in front of the complete domain name or key word that represents to open these website to enter For example www kcg gov tw or gov 2 After setting up the website you want to open up enter an order to forbid all in the last URL String means only enter in URL String Warning The order to forbid all must be placed at last forever If...

Page 110: ...iltering function Click New Entry URL String Enter yahoo and click OK Click New Entry URL String Enter google and click OK Click New Entry URL String Enter and click OK Complete setting a URL Blocking policy Figure9 1 Figure9 1 Content Filtering Table ...

Page 111: ... Policy Setting STEP 3 Complete the policy of permitting the internal users only can access to some specific website in Outgoing Policy function Figure9 3 Figure9 3 Complete Policy Settings Afterwards the users only can browse the website that include yahoo and google in domain name by the above policy ...

Page 112: ... of Website STEP 1 Select the following data in Script of Content Blocking function Select Popup Blocking Select ActiveX Blocking Select Java Blocking Select Cookies Blocking Click OK Complete the setting of Script Blocking Figure9 4 Figure9 4 Script Blocking WebUI ...

Page 113: ... 3 Complete the policy of restricting the internal users to access to Script file of Website in Outgoing Policy Figure9 6 Figure9 6 Complete Script Blocking Policy Setting The users may not use the specific function like JAVA cookie etc to browse the website through this policy It can forbid the user browsing stock exchange website etc ...

Page 114: ... and some specific sub name file from http or ftp protocol directly STEP 1 Enter the following settings in Download of Content Blocking function Select All Types Blocking Click OK Complete the setting of Download Blocking Figure9 13 Figure9 13 Download Blocking WebUI ...

Page 115: ...gure9 14 Figure9 14 Add New Download Blocking Policy Setting STEP 3 Complete the Outgoing Policy of restricting the internal users to access to video audio and some specific sub name file by http protocol directly Figure9 15 Figure9 15 Complete Download Blocking Policy Setting ...

Page 116: ... Setting add the following settings Click New Entry Fig 10 5 Enter the Name of P2P_Blocking Select eDonkey Bit Torrent WinMX Foxy KuGoo AppleJuice AudioGalaxy DirectConnect iMesh and MUTE Click OK Complete the settings Fig 10 6 Fig 10 5 P2P blocking setting Fig 10 6 Complete the P2P blocking setting ...

Page 117: ...P blocking setting Fig 10 7 Fig 10 7 Set the policy applied to P2P blocking Step3 In Policy Æ Outgoing complete the policy setting of limit internal user to access internet resources by P2P software Fig 10 8 Fig 10 8 Complete the Policy setting of P2P blocking ...

Page 118: ...117 Use P2P will seriously occupy network bandwidth and it can change its service port So the MIS engineer not only set the service port in Service but also need to set IM P2P Blocking Æ P2P Blocking ...

Page 119: ...PN s Virtual Server function can solve this problem A Virtual Server has set the real IP address of the SMC BR21VPN s WAN network interface to be the Virtual Server IP Through the Virtual Server function the SMC BR21VPN translates the Virtual Server s IP address into the private IP address in the LAN network Virtual Server owns another feature know as one to many mapping This is when one real serv...

Page 120: ...ternal users cannot connect to its private IP Address directly The user must connect to the SMC BR21VPN s WAN subnet s Real IP and then map Real IP to Private IP of LAN by the SMC BR21VPN It is a one to one mapping That is to map all the service of one WAN Real IP Address to one LAN Private IP Address Server 1 2 3 4 Its function resembles Mapped IP s But the Virtual Server maps one to many That is...

Page 121: ...ort Number The service name that provided by the Virtual Server External Service Port The WAN Service Port that provided by the virtual server If the service you choose only have one port and then you can change the port number here If change the port number to 8080 and then when the external users going to browse the Website he she must change the port number first to enter the Website Server Vir...

Page 122: ...through policy by Virtual Server Take Web service for example 113 Ex3 Virtual Server The external user use VoIP to connect with VoIP of LAN VoIP Port TCP 1720 TCP 15328 15333 UDP 15328 15333 116 Ex4 Virtual Server Make several servers that provide several same services to provide service through policy by Virtual Server Take HTTP POP3 SMTP and DNS Group for example 120 Preparation Apply for two AD...

Page 123: ... DNS is External DNS Server STEP 2 Enter the following setting in LAN of Address function Figure10 1 Figure10 1 Mapped IP Settings of Server in Address STEP 3 Enter the following data in Mapped IP of Virtual Server function Click New Entry WAN IP Enter 61 11 11 12 click Assist for assistance Map to Virtual IP Enter 192 168 1 100 Click OK Complete the setting of adding new mapped IP Figure10 2 Figu...

Page 124: ... the same time Figure10 3 Figure10 3 Service Setting STEP 5 Add a policy that includes settings of STEP3 4 in Incoming Policy Figure10 4 Figure10 4 Complete the Incoming Policy STEP 6 Add a policy that includes STEP2 4 in Outgoing Policy It makes the server to send e mail to external mail server by mail service Figure10 5 Figure10 5 Complete the Outgoing Policy ...

Page 125: ... by mapped IP Figure10 6 Figure10 6 A Single Server that Provides Several Services by Mapped IP Strong suggests not to choose ANY when setting Mapped IP and choosing service Otherwise the Mapped IP will be exposed to Internet easily and may be attacked by Hacker ...

Page 126: ...ngle service to provide service through policy by Virtual Server Take Web service for example STEP 1 Setting several servers that provide Web service in LAN network which IP Address is 192 168 1 101 192 168 1 102 192 168 1 103 and 192 168 1 104 ...

Page 127: ... assistance Click OK Figure10 7 Figure10 7 Virtual Server Real IP Setting Click New Entry Service Select HTTP 80 External Service Port Change to 8080 Load Balance Server1 Enter 192 168 1 101 Load Balance Server2 Enter 192 168 1 102 Load Balance Server3 Enter 192 168 1 103 Load Balance Server4 Enter 192 168 1 104 Click OK Complete the setting of Virtual Server Figure10 8 Figure10 8 Virtual Server C...

Page 128: ...plete Virtual Server Policy Setting In this example the external users must change its port number to 8080 before entering the Website that set by the Web server STEP 4 Complete the setting of providing a single service by virtual server Figure10 10 Figure10 10 Several Servers Provide a Single Service by Virtual Server ...

Page 129: ...UDP 15328 15333 STEP 1 Set up VoIP in LAN network and its IP is 192 168 1 100 STEP 2 Enter the following setting in LAN of Address function Figure10 11 Figure10 11 Setting LAN Address WebUI STEP 3 Add new VoIP service group in Custom of Service function Figure10 12 Figure10 12 Add Custom Service ...

Page 130: ...UI Click New Entry Service Select Custom Service VoIP_Service External Service Port From Service Custom Load Balance Server1 Enter 192 168 1 100 Click OK Complete the setting of Virtual Server Figure10 14 Figure10 14 Virtual Server Configuration WebUI When the custom service only has one port number then the external network port of Virtual Server is changeable On the contrary if the custom servic...

Page 131: ... by STEP4 Figure10 15 Figure10 15 Complete the Policy includes Virtual Server Setting STEP 6 Enter the following setting of the internal users using VoIP to connect with external network VoIP in Outgoing Policy Figure10 16 Figure10 16 Complete the Policy Setting of VoIP Connection ...

Page 132: ...external internal user using specific service to communicate with each other by Virtual Server Figure10 17 Figure10 17 Complete the Setting of the External Internal User using specific service to communicate with each other by Virtual Server ...

Page 133: ...al servers that provide several services in LAN network Its network card s IP is 192 168 1 101 192 168 1 102 192 168 1 103 192 168 1 104 and the DNS setting is External DNS server STEP 2 Enter the following in LAN and LAN Group of Address function Figure10 18 10 19 Figure10 18 Mapped IP Setting of Virtual Server in Address Figure10 19 Group Setting of Virtual Server in Address ...

Page 134: ...133 STEP 3 Group the service of server in Custom of Service Add a Service Group for server to send e mail at the same time Figure10 20 Figure10 20 Add New Service Group ...

Page 135: ...eal IP Enter 211 22 22 23 click Assist for assistance Click OK Figure10 21 Figure10 21 Virtual Server Real IP Setting Click New Entry Service Select Group Service Main_Service External Service Port From Service Group Enter the server IP in Load Balance Server Click OK Complete the setting of Virtual Server Figure10 22 Figure10 22 Virtual Server Configuration WebUI ...

Page 136: ...et by STEP 3 Figure10 23 Figure10 23 Complete Incoming Policy Setting STEP 6 Add a new policy that includes the settings of STEP2 3 in Outgoing Policy It makes server can send e mail to external mail server by mail service Figure10 24 Figure10 24 Complete Outgoing Policy Setting ...

Page 137: ...136 STEP 7 Complete the setting of providing several services by Virtual Server Figure10 25 Figure10 25 Complete the Setting of Providing Several Services by Several Virtual Server ...

Page 138: ...y The system manager can create a VPN connection using Autokey IKE Autokey IKE Internet Key Exchange provides a standard method to negotiate keys between two security gateways Also set up IPSec Lifetime and Preshared Key of the SMC BR21VPN PPTP Server The System Manager can set up VPN PPTP Server functions in this chapter PPTP Client The System Manager can set up VPN PPTP Client functions in this ...

Page 139: ...establishment of Security Associations SAs Main Mode This is another first phase of the Oakley protocol in establishing a security association but instead of using three packets like in aggressive mode it uses six packets Aggressive mode This is the first phase of the Oakley protocol in establishing a security association using three data packets AH Authentication Header One of the IPSec standards...

Page 140: ...l last for the next 20 to 30 years NULL Algorithm It is a fast and convenient connecting mode to make sure its privacy and authentication without encryption NULL Algorithm doesn t provide any other safety services but a way to substitute ESP Encryption SHA 1 Secure Hash Algorithm 1 A message digest hash algorithm that takes a message less than 264 bits and produces a 160 bit digest MD5 MD5 is a co...

Page 141: ...ame The VPN name to identify the IPSec Autokey definition The name must be the only one and cannot be repeated Gateway IP The WAN interface IP address of the remote Gateway IPSec Algorithm To display the Algorithm way Configure Click Modify to change the argument of IPSec click Remove to remote the setting Figure11 1 Figure11 1 IPSec Autokey WebUI ...

Page 142: ... icon Chart Meaning Not be applied Disconnect Connecting User Name Display the PPTP Client user s name when connecting to PPTP Server Client IP Display the PPTP Client s IP address when connecting to PPTP Server Uptime Display the connection time between PPTP Server and Client Configure Click Modify to modify the PPTP Server Settings or click Remove to remove the setting Figure11 2 Figure11 2 PPTP...

Page 143: ...ver Server IP or Domain Name Display the PPTP Server IP addresses or Domain Name when connecting to PPTP Server Encryption Display PPTP Client and PPTP Server transmission whether opens the encryption authentication mechanism Uptime Displays the connection time between PPTP Server and Client Configure Click Modify to change the argument of PPTP Client click Remove to remote the setting Figure11 3 ...

Page 144: ...tion The name must be the only one and cannot be repeated Source Subnet Displays the Source Subnet Destination Subnet Displays the Destination Subnet IPSec PPTP Displays the Virtual Private Network s IPSec Autokey PPTP Server PPTP Client settings of Tunnel function Configure Click Modify to change the argument of VPN Tunnel click Remove to remote the setting Figure11 4 Figure11 4 VPN Tunnel Web UI...

Page 145: ... up two VPN examples in this chapter No Suitable Situation Example Page Ex1 IPSec Autokey Setting IPSec VPN connection between two SMC BR21VPN 133 Ex2 PPTP Setting PPTP VPN connection between two SMC BR21VPN 146 ...

Page 146: ...any B 192 168 20 100 for downloading the sharing file The Default Gateway of Company A is the LAN IP of the SMC BR21VPN 192 168 10 1 Follow the steps below STEP 1 Enter the default IP of Gateway of Company A s SMC BR21VPN 192 168 10 1 and select IPSec Autokey in VPN Click New Entry Figure11 5 Figure11 5 IPSec Autokey WebUI STEP 2 In the list of IPSec Autokey fill in Name with VPN_A Figure11 6 STEP...

Page 147: ... in Encapsulation list Choose the Algorithm when setup connection Please select ENC Algorithm 3DES DES AES AUTH Algorithm MD5 SHA1 and Group GROUP1 2 5 Both sides have to choose the same group Here we select 3DES for ENC Algorithm MD5 for AUTH Algorithm and GROUP1 for group Figure11 9 Figure11 9 IPSec Encapsulation Setting ...

Page 148: ...m to make sure the encapsulation way for data transmission Figure11 10 Figure11 10 IPSec Algorithm Setting STEP 7 After selecting GROUP1 in Perfect Forward Secrecy enter 3600 seconds in ISAKMP Lifetime enter 28800 seconds in IPSec Lifetime and selecting Main mode in Mode Figure11 11 Figure11 11 IPSec Perfect Forward Secrecy Setting STEP 8 Complete the IPSec Autokey setting Figure11 12 Figure11 12 ...

Page 149: ...Source Subnet Mask Enter 192 168 10 0 255 255 255 0 To Destination Select To Destination Subnet Mask To Destination Subnet Mask Enter 192 168 85 0 255 255 255 0 IPSec PPTP Setting Select VPN_A Select Show remote Network Neighborhood Click OK Figure11 14 Figure11 13 New Entry Tunnel Setting Figure11 14 Complete New Entry Tunnel Setting ...

Page 150: ...icy Figure11 15 Authentication User Select All_NET Schedule Select Schedule_1 QoS Select QoS_1 Tunnel Select IPSec_VPN_Tunnel Click OK Figure11 16 Figure11 15 Setting the VPN Tunnel Outgoing Policy Figure11 16 Complete the VPN Tunnel Outgoing Policy Setting ...

Page 151: ...g in Incoming Policy Figure11 17 Schedule Select Schedule_1 QoS Select QoS_1 Tunnel Select IPSec_VPN_Tunnel Click OK Figure11 18 Figure11 17 Setting the VPN Tunnel Incoming Policy Figure11 18 Complete the VPN Tunnel Incoming Policy Setting ...

Page 152: ...setting in Multiple Subnet of System Configure function Figure11 19 Figure11 19 Multiple Subnet Setting STEP 2 Enter the default IP of Gateway of Company B s SMC BR21VPN 192 168 20 1 and select IPSec Autokey in VPN Click New Entry Figure11 20 Figure11 20 IPSec Autokey Web UI STEP 3 In the list of IPSec Autokey fill in Name with VPN_B ...

Page 153: ... max 100 bits Figure11 23 STEP 6 Select ISAKMP Algorithm in Encapsulation list Choose the Algorithm when setup connection Please select ENC Algorithm 3DES DES AES AUTH Algorithm MD5 SHA1 and Group GROUP1 2 5 Both sides have to choose the same group Here we select 3DES for ENC Algorithm MD5 for AUTH Algorithm and GROUP1 for group Figure11 24 Figure11 24 IPSec Encapsulation Setting ...

Page 154: ...m to make sure the encapsulation way for data transmission Figure11 25 Figure11 25 IPSec Algorithm Setting STEP 8 After selecting GROUP1 in Perfect Forward Secrecy enter 3600 seconds in ISAKMP Lifetime enter 28800 seconds in IPSec Lifetime and selecting Main mode in Mode Figure11 26 Figure11 26 IPSec Perfect Forward Secrecy Setting STEP 9 Complete the IPSec Autokey setting Figure11 27 Figure11 27 ...

Page 155: ...Source Subnet Mask Enter 192 168 20 0 255 255 255 0 To Destination Select To Destination Subnet Mask To Destination Subnet Mask Enter 192 168 10 0 255 255 255 0 IPSec PPTP Setting Select VPN_B Select Show remote Network Neighborhood Click OK Figure11 29 Figure11 28 New Entry Tunnel Setting Figure11 29 Complete New Entry Tunnel Setting ...

Page 156: ...Policy Figure11 30 Authentication User Select All_NET Schedule Select Schedule_1 QoS Select QoS_1 Tunnel Select VPN_Tunnel Click OK Figure11 31 Figure11 30 Setting the VPN Tunnel Outgoing Policy Figure11 31 Complete the VPN Tunnel Outgoing Policy Setting ...

Page 157: ...g in Incoming Policy Figure11 32 Schedule Select Schedule_1 QoS Select QoS_1 Tunnel Select IPSec_VPN_Tunnel Click OK Figure11 33 Figure11 32 Setting the VPN Tunnel Incoming Policy Figure11 33 Complete the VPN Tunnel Incoming Policy Setting ...

Page 158: ...157 STEP 13 Complete IPSec VPN Connection Figure11 34 Figure 11 34 IPSec VPN Connection Deployment ...

Page 159: ...n Company A WAN IP 61 11 11 11 LAN IP 192 168 10 X Company B WAN IP 211 22 22 22 LAN IP 192 168 20 X This example takes two SMC BR21VPN as flattop Suppose Company B 192 168 20 100 is going to have VPN connection with Company A 192 168 10 100 and download the resource ...

Page 160: ...erver of VPN function in the SMC BR21VPN of Company A Select Modify and enable PPTP Server Select Encryption Client IP Range Enter 192 44 75 1 254 Idle Time Enter 0 Figure11 35 Figure11 35 Enable PPTP VPN Server Settings Idle Time the setting time that the VPN Connection will auto disconnect under unused situation Unit minute ...

Page 161: ...ction in the SMC BR21VPN of Company A Select New Entry Figure11 36 User Name Enter PPTP_Connection Password Enter 123456789 Client IP assigned by Select IP Range Click OK Figure11 37 Figure 11 36 PPTP VPN Server Setting Figure 11 37 Complete PPTP VPN Server Setting ...

Page 162: ...et Mask Enter 192 168 10 0 255 255 255 0 To Destination Select To Destination Subnet Mask To Destination Subnet Mask Enter 192 168 20 0 255 255 255 0 IPSec PPTP Setting Select PPTP_Server_PPTP_Connection Select Show remote Network Neighborhood Click OK Figure11 39 Figure11 38 New Entry Tunnel Setting Figure11 39 Complete New Entry Tunnel Setting ...

Page 163: ...icy Figure11 40 Authentication User Select All_NET Schedule Select Schedule_1 QoS Select QoS_1 Tunnel Select PPTP_VPN_Tunnel Click OK Figure11 41 Figure11 40 Setting the VPN Tunnel Outgoing Policy Figure11 41 Complete the VPN Tunnel Outgoing Policy Setting ...

Page 164: ...g in Incoming Policy Figure11 42 Schedule Select Schedule_1 QoS Select QoS_1 Tunnel Select PPTP_VPN_Tunnel Click OK Figure11 43 Figure11 42 Setting the VPN Tunnel Incoming Policy Figure11 43 Complete the VPN Tunnel Incoming Policy Setting ...

Page 165: ...ng settings in PPTP Client of VPN function in the SMC BR21VPN of Company B Click New Entry Button Figure11 44 User Name Enter PPTP_Connection Password Enter123456789 Server IP or Domain Name Enter 61 11 11 11 Select Encryption Click OK Figure11 45 Figure 11 44 PPTP VPN Client Setting Figure 11 45 Complete PPTP VPN Client Setting ...

Page 166: ...et Mask Enter 192 168 20 0 255 255 255 0 To Destination Select To Destination Subnet Mask To Destination Subnet Mask Enter 192 168 10 0 255 255 255 0 IPSec PPTP Setting Select PPTP_Client_PPTP_Connection Select Show remote Network Neighborhood Click OK Figure11 47 Figure11 46 New Entry Tunnel Setting Figure11 47 Complete New Entry Tunnel Setting ...

Page 167: ...icy Figure11 48 Authentication User Select All_NET Schedule Select Schedule_1 QoS Select QoS_1 Tunnel Select PPTP_VPN_Tunnel Click OK Figure11 49 Figure11 48 Setting the VPN Tunnel Outgoing Policy Figure11 49 Complete the VPN Tunnel Outgoing Policy Setting ...

Page 168: ...g in Incoming Policy Figure11 50 Schedule Select Schedule_1 QoS Select QoS_1 Tunnel Select PPTP_Client_PPTP Click OK Figure11 51 Figure11 50 Setting the VPN Tunnel Incoming Policy Figure11 51 Complete the VPN Tunnel Incoming Policy Setting ...

Page 169: ...168 STEP 5 Complete PPTP VPN Connection Figure11 52 Figure 11 52 PPTP VPN Connection Deployment ...

Page 170: ...ces and applications are able to pass through the SMC BR21VPN How to use Policy The device uses policies to filter packets The policy settings are source address destination address services permission packet log packet statistics and flow alarm Based on its source addresses a packet can be categorized into 1 Outgoing The source IP is in LAN network the destination is in WAN network The system man...

Page 171: ...rk The system manager can set all the policy rules of DMZ to LAN packets in this function 6 DMZ to WAN The source IP is in DMZ network the destination is in WAN network The system manager can set all the policy rules of DMZ to WAN packets in this function All the packets that go through SMC BR21VPN must pass the policy permission except VPN Therefore the LAN WAN and DMZ network have to set the app...

Page 172: ...n WAN Port Control actions to permit or reject packets that delivered between LAN network and WAN network when pass through SMC BR21VPN See the chart and illustration below Chart Name Illustration Permit all WAN network Interface Allow the packets that correspond with policy to be transferred by WAN1 2 Port Permit WAN1 Allow the packets that correspond with policy to be transferred by WAN1 Port Pe...

Page 173: ...ntication User Schedule Enable the policy to automatically execute the function in a certain time Content Blocking Enable Content Blocking QoS Enable QoS Traffic Log Record all the packets that go through policy Statistics Chart of the traffic that go through policy Content Blocking To restrict the packets that passes through the policy Authentication User The user have to pass the authentication ...

Page 174: ...us connection cannot be set successfully QoS Setting the Guarantee Bandwidth and Maximum Bandwidth of the Policy the bandwidth is shared by the users who correspond to the Policy Move Every packet that passes the SMC BR21VPN is detected from the front policy to the last one So it can modify the priority of the policy from the selection ...

Page 175: ...ample 166 Ex3 Outgoing Only allow the users who pass Authentication to access to Internet in particular time 171 Ex4 Incoming The external user control the internal PC through remote control software Take pcAnywhere for example 173 Ex5 WAN to DMZ Under DMZ NAT Mode set a FTP Server and restrict the download bandwidth from external and MAX Concurrent Sessions 175 Ex6 WAN to DMZ DMZ to WAN LAN to DM...

Page 176: ...itor the internal users Take Logging Statistics and Alarm Threshold for example STEP 1 Enter the following setting in Outgoing Policy Click New Entry Select Logging Select Statistics Click OK Figure12 1 Figure12 1 Setting the different Policies ...

Page 177: ...ics and Alarm Threshold in Outgoing Policy Figure12 2 Figure12 2 Complete Policy Setting STEP 3 Obtain the information in Traffic of Log function if you want to monitor all the packets of the SMC BR21VPN Figure12 3 Figure12 3 Traffic Log Monitor WebUI ...

Page 178: ...177 STEP 4 To display the traffic record that through Policy to access to Internet in Policy Statistics of Statistics function Figure12 4 Figure12 4 Statistics WebUI ...

Page 179: ...ing for example STEP 1 Enter the following setting in URL Blocking Script Blocking P2P Blocking IM Blocking and Download Blocking in Content Blocking function Figure12 5 12 6 12 7 12 8 12 9 Figure12 5 URL Blocking Setting Figure12 6 Script Blocking Setting Figure12 7 P2P IM Blocking Setting ...

Page 180: ...ript file of Website Java Cookies etc 3 P2P Blocking can restrict the Internal Users to access to the file on Internet by P2P eDonkey BT 4 IM Blocking can restrict the Internal Users to send message files audio and video by instant messaging Ex MSN Messenger Yahoo Messenger QQ ICQ and Skype 5 Download Blocking can restrict the Internal Users to access to video audio and some specific sub name file...

Page 181: ... and WAN Group of Address function Figure12 10 12 11 Figure12 10 Setting the WAN IP that going to block Figure12 11 WAN Address Group The Administrator can group the custom address in Address It is more convenient when setting policy rule ...

Page 182: ...r the following setting in Outgoing Policy Click New Entry Destination Address Select Romote_Group that set by STEP 2 Blocking by IP Action WAN Port Select Deny Click OK Figure12 12 Figure12 12 Setting Blocking Policy ...

Page 183: ...13 Setting Content Blocking Policy STEP 5 Complete the setting of forbidding the users to access to specific network Figure12 14 Figure12 14 Complete Policy Setting Deny in Policy can block the packets that correspond to the policy rule The System Administrator can put the policy rule in the front to prevent the user connecting with specific IP ...

Page 184: ...ing in Schedule function Figure12 15 Figure12 15 Add New Schedule STEP 2 Enter the following in Auth User and Auth User Group in Authentication function Figure12 16 Figure12 16 Setting Auth User Group The Administrator can use group function the Authentication and Service It is more convenient when setting policy ...

Page 185: ...Select laboratory Schedule Select WorkingTime Click OK Figure12 17 Figure12 17 Setting a Policy of Authentication and Schedule STEP 4 Complete the policy rule of only allows the users who pass authentication to access to Internet in particular time Figure12 18 Figure12 18 Complete Policy Setting ...

Page 186: ...ol software Take pcAnywhere for example STEP 1 Set up a Internal PC controlled by external user and Internal PC s IP Address is 192 168 1 2 STEP 2 Enter the following setting in Virtual Server1 of Virtual Server function Figure12 19 Figure12 19 Setting Virtual Server ...

Page 187: ...Server1 61 11 11 12 Service Select PC Anywhere 5631 5632 Click OK Figure12 20 Figure12 20 Setting the External User Control the Internal PC Policy STEP 4 Complete the policy for the external user to control the internal PC through remote control software Figure12 21 Figure12 21 Complete Policy Setting ...

Page 188: ...dress is192 168 3 1 24 STEP 2 Enter the following setting in Virtual Server1 of Virtual Server function Figure12 22 Figure12 22 Setting up Virtual Server Corresponds to FTP Server When using the function of Incoming or WAN to DMZ in Policy strong suggests that cannot select ANY in Service It may being attacked by Hacker easily STEP 3 Enter the following in QoS Figure12 23 Figure12 23 QoS Setting ...

Page 189: ...11 12 Service Select FTP 21 QoS Select FTP_QoS MAX Concurrent Sessions Enter 100 Click OK Figure12 24 Figure12 24 Add New Policy STEP 5 Complete the policy of restricting the external users to access to internal network server which may occupy the resource of network Figure12 25 Figure12 25 Complete the Policy Setting ...

Page 190: ... IP Address as 61 11 11 12 The DNS setting is external DNS Server STEP 2 Add the following setting in DMZ of Address function Figure12 26 Figure12 26 the Mail Server s IP Address Corresponds to Name Setting in Address Book of Mail Server STEP 3 Add the following setting in Group of Service function Figure12 27 Figure12 27 Setting up a Service Group that has POP3 SMTP and DNS ...

Page 191: ...tion Address Select Mail_Server Service Select E mail Click OK Figure12 28 Figure12 28 Setting a Policy to access Mail Service by WAN to DMZ STEP 5 Complete the policy to access mail service by WAN to DMZ Figure12 29 Figure12 29 Complete the Policy to access Mail Service by WAN to DMZ ...

Page 192: ...ion Address Select Mail_Server Service Select E mail Click OK Figure12 30 Figure12 30 Setting a Policy to access Mail Service by LAN to DMZ STEP 7 Complete the policy to access mail service by LAN to DMZ Figure12 31 Figure12 31 Complete the Policy to access Mail Service by LAN to DMZ ...

Page 193: ...rce Address Select Mail_Server Service Select E mail Click OK Figure12 32 Figure12 32 Setting the Policy of Mail Service by DMZ to WAN STEP 9 Complete the policy access to mail service by DMZ to WAN Figure12 33 Figure12 33 Complete the Policy access to Mail Service by DMZ to WAN ...

Page 194: ...ected attacks from hackers and the internal PC sending large DDoS attacks The Internal Alert and External Alert will start on blocking these packets to maintain the whole network In this chapter we will have the detailed illustration about Internal Alert and External Alert ...

Page 195: ... if value exceeds the setting one and then the device will determine it as an attack SYN Flood Threshold Blocking Time Per Source IP Seconds When the SMC BR21VPN determines as being attacked it will block the attacking source IP address in the blocking time you set After blocking for certain seconds the device will start to calculate the max number of SYN packets from attacking source IP Address A...

Page 196: ...s or to the SMC BR21VPN via broadcasting your network is experiencing an UDP attack UDP Flood Threshold Total Pkts Sec The System Administrator can enter the maximum number of UDP packets per second that is allow to enter the network SMC BR21VPN If the value exceeds the setting one and then the device will determine it as an attack UDP Flood Threshold Per Source IP Pkts Sec The System Administrato...

Page 197: ...option to detect the port scans hackers use to continuously scan networks on the Internet to detect computers and vulnerable ports that are opened by those computers Detect Tear Drop Attack Select this option to detect tear drop attacks These are packets that are segmented to small packets with negative length Some Systems treat the negative value as a very large number and copy enormous data into...

Page 198: ...e TCP header is marked Enable this function to detect such abnormal packets After System Manager enable External Alert if the SMC BR21VPN has detected any abnormal situation the alarm message will appear in External Alarm in Attack Alarm And if the system manager starts the E mail Alert Notification in Settings the device will send e mail to alarm the system manager automatically ...

Page 199: ... The threshold sessions of infected Blaster per Source IP the default value is 30 Sessions Sec Select Enable Blaster Blocking and enter the Blocking Time the default time is 60 seconds Select Enable E Mail Alert Notification Select Enable NetBIOS Alert Notification IP Address of Administrator Enter 192 168 1 10 Click OK Internal Alert Setting is completed Figure16 1 Figure16 1 Internal Alert Setti...

Page 200: ...ar in the Internal Alarm in Attack Alarm or send NetBIOS Alert notification to the infected PC Administrator s PC Figure16 2 16 3 16 4 If the Administrator starts the E Mail Alert Notification in Setting the SMC BR21VPN will send e mail to Administrator automatically Figure16 5 Figure16 2 Internal Alert Record Figure16 3 NetBIOS Alert Notification to the Infected PC ...

Page 201: ...200 Figure16 4 NetBIOS Alert Notification to Administrator s PC ...

Page 202: ...201 Figure16 5 E mail Virus Alert ...

Page 203: ...packets to maintain the whole network External Alarm When SMC BR21VPN detects attacks from hackers it writes attacking data in the External Alarm file and sends an e mail alert to the Administrator to take emergency steps How to use Attack Alarm The Administrator can be notified the unusal affair in Intranet from Attack Alarms And the Administrator can backup the Internal Alarm and External Alarm ...

Page 204: ...mples in the chapter No Suitable Situation Example Page Ex 1 Internal Alarm To record the DDoS attack alarm from internal PC 192 Ex 2 External Alarm To record the attack alarm about Hacker attacks the SMC BR21VPN and Intranet 193 ...

Page 205: ... record the DDoS attack alarm from internal PC STEP 1 Select Internal Alarm in Attack Alarm when the device detects DDoS attacks and then can know which computer is being affected Figure17 1 Figure17 1 Internal Alarm WebUI ...

Page 206: ...Alarm To record the attack alarm about Hacker attacks the SMC BR21VPN and Intranet STEP 1 Select the following settings in External Alert in Alert Setting function Figure17 2 Figure17 2 External Alert Setting WebUI ...

Page 207: ...206 STEP 2 When Hacker attacks the SMC BR21VPN and Intranet select External Alarm in Attack Alarm function to have detailed records about the hacker attacks Figure17 3 Figure17 3 External Alarm WebUI ...

Page 208: ...uested for each control policy Event Log record the contents of System Configurations changes made by the Administrator such as the time of change settings that change the IP address used to log in etc Connection Log records all of the connections of SMC BR21VPN When the connection occurs some problem the Administrator can trace back the problem from the information How to use the Log The Administ...

Page 209: ... users use to access to Internet or Intranet by SMC BR21VPN 197 Ex 2 Event Log To record the detailed management events such as Interface and event description of SMC BR21VPN of the Administrator 202 Ex 3 Connection Log To detect event description of WAN Connection 205 Ex 4 Log Backup To save or receive the records that sent by the SMC BR21VPN 208 ...

Page 210: ...cess to Internet or Intranet by SMC BR21VPN STEP 1 Add new policy in DMZ to WAN of Policy and select Enable Logging Figure18 1 Figure18 1 Logging Policy Setting STEP 2 Complete the Logging Setting in DMZ to WAN Policy Figrue18 2 Figure18 2 Complete the Logging Setting of DMZ to WAN ...

Page 211: ...210 STEP 3 Click Traffic Log It will show up the packets records that pass this policy Figure18 3 Figure18 3 Traffic Log WebUI ...

Page 212: ...EP 4 Click on a specific IP of Source IP or Destination IP in Figure18 3 it will prompt out a WebUI about Protocol and Port of the IP Figure18 4 Figure18 4 The WebUI of detecting the Traffic Log by IP Address ...

Page 213: ... 5 Click on Download Logs and select Save in File Download WebUI And then choose the place to save in PC and click OK the records will be saved instantly Figure18 5 Figure18 5 Download Traffic Log Records WebUI ...

Page 214: ...213 STEP 6 Click Clear Logs and click OK on the confirm WebUI the records will be deleted from the SMC BR21VPN instantly Figure18 6 Figure18 6 Clearing Traffic Log Records WebUI ...

Page 215: ...tailed management events such as Interface and event description of SMC BR21VPN of the Administrator STEP 1 Click Event log of LOG The management event records of the administrator will show up Figure18 7 Figure18 7 Event Log WebUI ...

Page 216: ...P 2 Click on Download Logs and select Save in File Download WebUI And then choose the place to save in PC and click OK the records will be saved instantly Figure18 8 Figure18 8 Download Event Log Records WebUI ...

Page 217: ...216 STEP 3 Click Clear Logs and click OK on the confirm WebUI the records will be deleted from the SMC BR21VPN Figure18 9 Figure18 9 Clearing Event Log Records WebUI ...

Page 218: ...217 Connection Log To Detect Event Description of WAN Connection STEP 1 Click Connection in LOG It can show up WAN Connection records of the SMC BR21VPN Figure18 10 Figure18 10 Connection records WebUI ...

Page 219: ...Click on Download Logs and select Save in File Download WebUI And then choose the place to save in PC and click OK the records will be saved instantly Figure18 11 Figure18 11 Download Connection Log Records WebUI ...

Page 220: ...219 STEP 3 Click Clear Logs and click OK on the confirm WebUI the records will be deleted from the SMC BR21VPN instantly Figure18 12 Figure18 12 Clearing Connection Log Records WebUI ...

Page 221: ...ttings Figrue18 13 Figure18 13 E mail Setting WebUI STEP 2 Enter Log Backup in Log select Enable Log Mail Support and click OK Figure18 14 Figure18 14 Log Mail Configuration WebUI After Enable Log Mail Support every time when LOG is up to 300Kbytes and it will accumulate the log records instantly And the device will e mail to the Administrator and clear logs automatically ...

Page 222: ...wing settings in Syslog Settings Select Enable Syslog Messages Enter the IP in Syslog Host IP Address that can receive Syslog Enter the receive port in Syslog Host Port Click OK Complete the setting Figure18 15 Figure18 15 Syslog Messages Setting WebUI ...

Page 223: ...eport Administrator can use this Accounting Report to inquire the LAN IP users and WAN IP users and to gather the statistics of Downstream Upstream First packet Last packet Duration and the Service of all the user s IP that passes the SMC BR21VPN ...

Page 224: ...ccounting Report and Inbound Accounting Report Outbound Accounting Report It is the statistics of the downstream and upstream of the LAN WAN and all kinds of communication network services Source IP The IP address used by LAN users who use SMC BR21VPN Destination IP The IP address used by WAN service server which uses SMC BR21VPN Service The communication service which listed in the menu when LAN ...

Page 225: ...rt will be shown when WAN user uses SMC BR21VPN to connect to LAN Service Server Source IP The IP address used by WAN users who use SMC BR21VPN Destination IP The IP address used by LAN service server who use SMC BR21VPN Service The communication service which listed in the menu when WAN users use SMC BR21VPN to connect to LAN Service server ...

Page 226: ...ich uses SMC BR21VPN to LAN user Upstream The percentage of upstream and the value of each LAN user who uses SMC BR21VPN to WAN service server First Packet When the first packet is sent to WAN service server from LAN user the sent time will be recorded by the SMC BR21VPN Last Packet When the last packet sent from WAN service server is received by the LAN user the sent time will be recorded by the ...

Page 227: ...226 Figure19 1 Outbound Source IP Statistics Report ...

Page 228: ...which uses SMC BR21VPN to LAN user Upstream The percentage of upstream and the value of each LAN user who uses SMC BR21VPN to WAN service server First Packet When the first packet is sent from WAN service server to LAN users the sent time will be recorded by the SMC BR21VPN Last Packet When the last packet from LAN user is sent to WAN service server the sent time will be recorded by the SMC BR21VP...

Page 229: ...228 Figure19 2 Outbound Destination IP Statistics Report ...

Page 230: ...rver Downstream The percentage of downstream and the value of each WAN service server who uses SMC BR21VPN to connect to LAN user Upstream The percentage of upstream and the value of each LAN user who uses SMC BR21VPN to WAN service server First Packet When the first packet is sent to the WAN Service Server the sent time will be recorded by the SMC BR21VPN Last Packet When the last packet is sent ...

Page 231: ...230 Accounting Report ...

Page 232: ...e19 3 Outbound Services Statistics Report Figure19 4 According to the downstream upstream report of the selected TOP numbering to draw the Protocol Distribution chart Press to return to Accounting Report window ...

Page 233: ...21VPN to LAN service server Upstream The percentage of Upstream and the value of each LAN service server who uses SMC BR21VPN to WAN users First Packet When the first packet is sent from WAN users to LAN service server the sent time will be recorded by the SMC BR21VPN Last Packet When the last packet is sent from LAN service server to WAN users the sent time will be recorded by the SMC BR21VPN Dur...

Page 234: ...233 Figure19 5 Inbound Top Users Statistics Report ...

Page 235: ... LAN service server Upstream The percentage of Upstream and the value of each LAN service server who uses SMC BR21VPN to WAN users First Packet When the first packet is sent from WAN users to LAN service server the sent time will be recorded by the SMC BR21VPN Last Packet When the last packet is sent from LAN service server to WAN users the sent time will be recorded by the SMC BR21VPN Duration Th...

Page 236: ...235 Figure19 6 Inbound Destination IP Statistics Report ...

Page 237: ... Downstream The percentage of downstream and the value of each WAN user who uses SMC BR21VPN to LAN service server Upstream The percentage of upstream and the value of each LAN service server who uses SMC BR21VPN to WAN user First Packet When the first packet is sent to the LAN Service Server the sent time will be recorded by the SMC BR21VPN Last Packet When the last packet is sent from the LAN Se...

Page 238: ...237 Figure19 7 Inbound Services Statistics Report Figure19 8 According to the downstream upstream report of the selected TOP numbering to draw the Protocol Distribution chart ...

Page 239: ...rface Policy Statistics The statistics of Downstream Upstream packets and Downstream Upstream traffic record that pass Policy In this chapter the Administrator can inquire the SMC BR21VPN for statistics of packets and data that passes across the SMC BR21VPN The statistics provides the Administrator with information about network traffics and network loads ...

Page 240: ...or can know which Policy is the Policy Statistics belonged to Time To detect the statistics by minutes hours days months or years Bits sec Bytes sec Utilization Total The unit that used by Y Coordinate which the Administrator can change the unit of the Statistics Chart here Utilization The percentage of the traffic of the Max Bandwidth that System Manager set in Interface function Total To conside...

Page 241: ...al function of WAN Interface When enable WAN Interface it will enable WAN Statistics too STEP 2 In the Statistics window find the network you want to check and click Minute on the right side and then you will be able to check the Statistics figure every minute click Hour to check the Statistics figure every hour click Day to check the Statistics figure every day click Week to check the Statistics ...

Page 242: ...241 STEP 3 Statistics Chart Figure20 2 Y Coordinate Network Traffic Kbytes Sec X Coordinate Time Hour Minute Figure20 2 To Detect WAN Statistics ...

Page 243: ...able the Statistics in Policy first STEP 2 In the Statistics WebUI find the network you want to check and click Minute on the right side and then you will be able to check the Statistics chart every minute click Hour to check the Statistics chart every hour click Day to check the Statistics chart every day click Week to check the Statistics figure every week click Month to check the Statistics fig...

Page 244: ...243 STEP 3 Statistics Chart Figure20 4 Y Coordinate Network Traffic Kbytes Sec X Coordinate Time Hour Minute Day Figure20 4 To Detect Policy Statistics ...

Page 245: ...lt Gateway DNS Server Connection and its IP etc Interface Display all of the current Interface status of the SMC BR21VPN Authentication The Authentication information of SMC BR21VPN ARP Table Record all the ARP that connect to the SMC BR21VPN DHCP Clients Display the table of DHCP clients that are connected to the SMC BR21VPN ...

Page 246: ...of the Interface Ping WebUI To display whether the users can Ping to the SMC BR21VPN from the Interface or not or enter its WebUI Forwarding Mode The connection mode of the Interface Connection Status To display the connection status of WAN DnS UpS Kbps To display the Maximum DownStream UpStream Bandwidth of that WAN set from Interface DnStream Alloca The distribution percentage of DownStream acco...

Page 247: ...246 Figure21 1 Interface Status ...

Page 248: ...ction it will display the record of login status Figure21 2 IP Address The authentication user IP Auth User Name The account of the auth user to login Login Time The login time of the user Year Month Day Hour Minute Second Figrue21 2 Authentication Status WebUI ...

Page 249: ...AC Address and the Interface information which is connecting to the SMC BR21VPN Figure21 3 NetBIOS Name The identified name of the network IP Address The IP Address of the network MAC Address The identified number of the network card Interface The Interface of the computer Figure21 3 ARP Table WebUI ...

Page 250: ...DHCP Clients that are connected to the SMC BR21VPN Figure21 4 IP Address The dynamic IP that provided by DHCP Server MAC Address The IP that corresponds to the dynamic IP Leased Time The valid time of the dynamic IP Start End Year Month Day Hour Minute Second Figure21 4 DHCP Clients WebUI ...

Page 251: ...SMCBR21VPN 20 Mason Irvine CA 92618 Phn 949 679 8000 www smc com ...

Reviews: