UTT HiPER 518W Advanced Configuration Manual Download Page 190

Page: 190 / 295

UTT Technologies Chapter 11 Firewall

http://www.uttglobal.com

Page 182

11.2.1.3 Filtering Type of Access Rule

The Router supports three filtering types of access rule, which include IP filtering, URL

filtering and keyword filtering. All of them support access control based on schedule.

1. IP Filtering

The IP filtering rules are used to filter IP packets based on the packet header information,

such as source IP address, destination IP address, protocol type (TCP, UDP, ICMP, etc.),

TCP/UDP source port and destination port.

The filtering criteria that you can specify within an IP filtering rule include: source IP

address, destination IP address, protocol, source port, destination port, and schedule.

2. URL Filtering

The URL filtering rules are used to filter URLs based on keyword in the URL. It allows you

to filter any web page whose URL contains the specified keyword. For example, if you

want to block sex related websites, you can use the URL

keyword “sex”. This will block

any web page whose URL contains sex, such as

www.sexpicture.com

. Of course, you can

use the full URL (like

“www.yahoo.com”) to filter only the specified URL.

The filtering criteria that you can specify within a URL filtering rule include: source IP

address, filtering content (i.e., URL keyword), and schedule.

3. Keyword Filtering

The keyword filtering rules are used to block users from submitting information to the web

page based on keyword, that is, the information that contains the specified keyword (such

as pornography, gambling, etc.) cannot be submitted to any web page. The Router

supports both Chinese and English keyword filtering.

The filtering criteria that you can specify within a keyword filtering rule include: source IP

address, filtering content (i.e., keyword in the web page), and schedule.

11.2.1.4 Action of Access Rule

The action of an access rule is either

Allow

Deny

. As mentioned earlier, the Router

checks each received packet against the access rules in the

Access Rule List

, and the

first access rule that matches a packet determines whether the Router accepts or drops

the packet. If the rule

’s

Action

Allow

, the packet is forwarded. If the rule

’s

Action

Deny

, the packet is dropped.

Note that keyword filtering rules only support the

Deny

action.

Summary of Contents for HiPER 518W

Page 1: ...HiPER 518W Wireless Router Advanced Configuration Guide V1 3 UTT Technologies Co Ltd http www uttglobal com ...

Page 2: ...cording or otherwise or used for any commercial and profit purposes without the express prior written permission of UTT Technologies Co Ltd UTT Technologies Co Ltd has the patents patent applications trademarks trademark applications copyrights and other intellectual property rights that are mentioned in this document You have no license to use these patents trademarks copyrights or other intellec...

Page 3: ...NFORMATION 9 CHAPTER 1 PRODUCT OVERVIEW 10 1 1 PRODUCT BRIEF 10 1 2 KEY FEATURES 11 1 3 PHYSICAL SPECIFICATION 12 1 4 DETAILED SPECIFICATIONS TABLE 12 CHAPTER 2 HARDWARE INSTALLATION 14 2 1 PHYSICAL CHARACTERISTICS 14 2 1 1 Front Panel 14 2 1 2 Rear Panel 15 2 2 INSTALLATION PROCEDURE 16 CHAPTER 3 QUICK SETUP 19 3 1 CONFIGURING YOUR COMPUTER 19 3 2 LOGGING IN TO THE WIRELESS ROUTER 21 3 3 SETUP WI...

Page 4: ...gs 57 5 2 5 Identity Binding 58 5 2 6 How to Configure Connection Detection Settings 59 5 3 LAN SETTINGS 60 5 4 DHCP SERVER 62 5 4 1 DHCP Server Settings 62 5 4 2 Static DHCP 64 5 4 3 DHCP Auto Binding 66 5 4 4 DHCP Client List 67 5 4 5 Configuration Example for DHCP 68 5 5 DDNS 71 5 5 1 Introduction to DDNS 71 5 5 2 Apply for a DDNS Account 71 5 5 3 DDNS Settings 72 5 5 4 DDNS Status 75 5 5 5 DDN...

Page 5: ... 7 1 NAT AND DMZ 103 7 1 1 Introduction to NAT Features 103 7 1 2 Port Forwarding 105 7 1 3 NAT Rule 109 7 1 4 DMZ 115 7 2 STATIC ROUTE 116 7 2 1 Introduction to Static Route 116 7 2 2 Static Route List 116 7 2 3 Static Route Settings 117 7 2 4 How to Add Static Routes 118 7 3 POLICY ROUTING 119 7 3 1 Policy Routing Settings 120 7 3 2 Enable Policy Routing 122 7 3 3 Policy Routing List 122 7 4 ANT...

Page 6: ...ation 149 8 5 USER GROUP 151 8 5 1 Introduction to User Group 151 8 5 2 User Group Settings 152 8 5 3 User Group List 153 8 5 4 How to Add the User Groups 154 8 5 5 How to Edit an User Group 154 CHAPTER 9 APPLICATION CONTROL 156 9 1 SCHEDULE 156 9 2 APPLICATION CONTROL 157 9 2 1 Internet Application Management List 158 9 2 2 Internet Application Management Settings 158 9 2 3 Internet Application M...

Page 7: ... 11 4 2 MAC Address Filtering Setting 197 CHAPTER 12 VPN 199 12 1 PPTP VPN 199 12 1 1 Introduction to PPTP Implementation 199 12 1 2 PPTP Client Settings 204 12 1 3 PPTP Server Settings 205 12 1 4 Notes on Configuring PPTP Client and Server 208 12 1 5 PPTP List 208 12 1 6 How to Add View Edit and Delete PPTP Clients or Server Entries 210 12 1 7 Configuration Example for PPTP 211 12 2 IPSEC VPN 212...

Page 8: ...61 CHAPTER 15 SUPPORT 264 APPENDIX A HOW TO CONFIGURE YOUR PC 265 APPENDIX B FAQ 269 1 HOW TO CONNECT THE WIRELESS ROUTER TO THE INTERNET USING PPPOE 269 2 HOW TO CONNECT THE WIRELESS ROUTER TO THE INTERNET USING STATIC IP 270 3 HOW TO CONNECT THE WIRELESS ROUTER TO THE INTERNET USING DHCP 270 4 HOW TO CONNECT A WINDOWS XP PC TO THE DEVICE WIRELESSLY 272 5 HOW TO CONNECT A WINDOWS 7 PC TO THE DEVI...

Page 9: ...ich is as follows Radio Button It allows you to choose only one of a predefined set of options Check Box It allows you to choose one or more options Button It allows you to click to perform an action Text Box It allows you to enter text information List Box It allows you to select one or more items from a list contained within a static multiple line text box Drop down List It allows you to choose ...

Page 10: ...ans the menu path to open a page For example Wireless MAC Filtering means that in the Web UI click the first level menu item Wireless firstly and then click the second level menu item MAC Filtering to open the corresponding page 0 3 2 2 Convention for Clicking a Button Click the XXX button XXX is the name of the button bold font means performing the corresponding operation E g click the Delete but...

Page 11: ...Web UI contains two kinds of lists editable list and read only list An editable list is used to add display modify and delete the configuration entries A read only list is used to display the system status information which is not editable Let s take the editable MAC Address Filtering List see Figure 0 1 as an example to explain the basic elements and features of the list Note Only the editable li...

Page 12: ...xt box and then press Enter key Note that the matching rule is substring matching that is it will search for and display those entries that contain the specified text string Configured number maximum number the example means that there are 2 configured MAC address filtering entries and the maximum number of MAC address filtering allowed is 50 Click to go to the setup page to modify the correspondi...

Page 13: ...administrator account to login to the Wireless Router s Web UI Note Both the User Name and Password are case sensitive Administrator Password admin LAN IP Address 192 168 1 1 They are the IP address and subnet mask of the Wireless Router s LAN interface You can use this IP address to access and manage the Wireless Router LAN Subnet Mask 255 255 255 0 SSID UTT HIPER_XXXXXX To connect to the Wireles...

Page 14: ...How to view wired and wireless status of the Wireless Router Interface Traffic How to view the real time traffic chart for each interface and the ingress and egress traffic statistics for each interface Restart How to restart the Wireless Router Chapter 5 Network This chapter describes how to configure the basic network parameters of the Wireless Router including WAN How to configure Internet conn...

Page 15: ...w the static routes Policy Routing How to configure and view the policy routings Anti NetSniper How to enable Anti Netsniper Plug and Play How to enable Plug and play Syslog How to configure syslog SNMP How to configure SNMP Chapter 8 User Management This chapter describes how to control the LAN users including User Status How to view user status IP MAC Binding How to configure IP MAC bindings to ...

Page 16: ...users based on schedule and to prevent external attacks Domain Filtering How to configure domain filtering feature to block access to the specified websites MAC Address Filtering How to configure MAC address filtering to block or allow specified hosts Chapter 12 VPN This chapter describes the PPTP and IPsec implementation and how to configure the Router as a server client Chapter 13 System This ch...

Page 17: ...e UTT Technologies service system and enjoy the most intimate and professional services Appendix This guide provides six appendixes including Appendix A How to Configure Your PC How to configure TCP IP settings on a Windows XP based computer Appendix B FAQ Frequent questions and answers Appendix C Common IP Protocols Provides the list of common IP protocols and their protocol numbers Appendix D Co...

Page 18: ... simple and efficient wireless MAC address filtering to improve the security of your wireless network The HiPER 518W supports DHCP server NAT static route DDNS IP MAC binding PPPoE server and other advanced features Furthermore it provides feature rich user management which can help you control and manage the Internet behaviors of the LAN users based on schedule and address group including QQ MSN ...

Page 19: ...rts VPN pass through IPSec PPTP Supports PPTP VPN and IPSec VPN Supports QoS Supports WMM Wi Fi Multimedia Supports wireless MAC address filtering feature whitelist blacklist one click filtering of MAC addresses Supports DHCP server Supports DNS proxy Supports DDNS Dynamic Domain Name System Supports IP MAC binding Supports feature rich PPPoE server Supports upload and download rate limiting for t...

Page 20: ...Ds Operating Environment Temperature 32 to 104 F 0 to 40 C Relative Humidity 10 to 90 Non condensing Height 0m to 4000m 1 4 Detailed Specifications Table The HiPER 518W has three models HiPER 518W Plus HiPER 518W VPN HiPER 518W Lite The features and specifications of each model are different The following table lists detailed specifications for each model Model Name HiPER 518W Plus HiPER 518W VPN ...

Page 21: ...g Y Y Y DHCP Server Y Y Y Wireless Standard IEEE 802 11 b g n IEEE 802 11 b g n IEEE 802 11 b g n Wireless Security WEP WPA PSK TKI P WPA2 PSK AES WEP WPA PSK T KIP WPA2 PSK AES WEP WPA PSK TKI P WPA2 PSK AES Througput per Radio 300Mbps 300Mbps 300Mbps 3G USB Modem E1750 E261 E169 Z TE MF637U E1750 E261 E169 Z TE MF637U 3G Standard WCDMA CDMA 2000 TD SCDMA WCDMA CDMA 2000 TD SCDMA Antennas Gain 2 ...

Page 22: ...nt Panel of the Wireless Router LED Full Name State Description PWR Power LED On The Wireless Router is powered on Off The Wireless Router is powered off SYS System LED Blinking The system is operating properly On The system is not operating properly Off The system is not operating properly USB 3G USB Modem Status LED On A 3G USB modem is connected to the USB port Off No 3G USB modem is connected ...

Page 23: ... WPS feature at present Table 2 1 Description of LEDs on the Front Panel 2 1 2 Rear Panel As shown in Figure 2 2 the rear panel of the Wireless Router contains a POWER connector a RESET button a USB port two wired WAN ports WAN1 and WAN2 three LAN ports a WPS button and two Antenna ports Note that the Wireless Router doesn t support WPS feature at present Figure 2 2 Back Panel of the Wireless Rout...

Page 24: ...s and other Ethernet network devices on the LAN to the Wireless Router WAN1 WAN2 They are used to connect the Wireless Router to the Internet USB The Wireless Router provides a USB port for connecting a 3G USB Modem which is used to connect the Wireless Router to the Internet Table 2 2 Description of Ports on the Rear Panel 3 Components Component Number Description Antenna 2 They are used to recei...

Page 25: ...d the two antennas to the Wireless Router properly The antennas will greatly enhance wireless communication capacity of the Wireless Router 3 Connecting the Wireless Router to the LAN Connect a standard network cable from a PC or switch to a LAN port of the Wireless Router or connect a PC to the Wireless Router wirelessly The Wireless Router will automatically adapt to any network device operating...

Page 26: ...y or being damaged please make sure that the power supply and connectivity are normal and the power outlet is grounded properly before powering on the Wireless Router 6 Checking the LEDs Verify that the Wireless Router starts up properly and the network connections are operational by checking the LED states as described in Table 2 1 ...

Page 27: ...ep 1 Connect the computer to a LAN port of the Wireless Router Step 2 Install TCP IP protocol on your computer If it has been installed please ignore it Step 3 Configure TCP IP settings on your computer set the computer s IP address to an IP address in the range of 192 168 1 2 through 192 168 1 254 set its subnet mask to 255 255 255 0 set its default gateway to 192 168 16 1 the Wireless Router s d...

Page 28: ...e Wireless Router connected properly Verify that the LED corresponding to the Wireless Router s LAN port and the LED on your computer s adapter are lit 2 Is the TCP IP configuration for your PC correct Verify that your computer is on the same subnet as the Wireless Router s LAN interface For example if the Wireless Router s LAN IP address is 192 168 1 1 24 default value your computer s IP address ...

Page 29: ...r do the following Open a Web browser enter the Wireless Router s LAN interface IP address the default is 192 168 1 1 in the address bar and then press Enter key see Figure 3 1 Figure 3 1 Entering IP address in the Address Bar A login screen prompts you for your user name and password see Figure 3 2 When you first login to the Wireless Router please use the default administrator account Enter admi...

Page 30: ...T website to participate in product discussions Feedback Click to link to send us your feedback by E mail 2 Main Pane It is the location where you can configure each feature of the Wireless Router view configuration status and statistics 3 Side Pane It displays the two level main menu bar i e navigation bar The first level menu is always visible The second level menu is hidden by default You can c...

Page 31: ...lly Launch the Wizard Again If you select this check box the system don t automatically launch the Setup Wizard the next time you login to the Wireless Router instead directly open the Welcome page shown in Figure 3 5 Else the system will still launch the Setup Wizard automatically Exit Wizard Click to exit the Setup Wizard and go to the Welcome page see Figure 3 5 The changes made in the Setup Wi...

Page 32: ...an choose one or more Internet connections that you want to configure via the Setup Wizard see Figure 3 6 Figure 3 6 Setup Wizard Internet Access Mode WAN1 If you want to configure a wired Internet connection on the WAN1 interface via the Setup Wizard select this check box WAN2 If you want to configure a wired Internet connection on the WAN2 interface ...

Page 33: ... Wizard Click to exit the Setup Wizard and go to the Welcome page see Figure 3 5 The changes made in the Setup Wizard will be discarded Next Click to go to the next page of the Setup Wizard 3 3 3 Setup Wizard Internet Connection Settings In the Setup Wizard you can configure each Internet connection respectively For each Internet access mode the Internet connection settings are different 3 3 3 1 W...

Page 34: ... s secondary DNS server If it is available you may set it Else please leave it blank Back Click to go back to the previous page of the Setup Wizard Cancel Click to revert to the last saved settings Exit Click to exit the Setup Wizard and go to the Welcome page see Figure 3 5 The changes made in the Setup Wizard will be discarded Skip Click to go directly to the next page of the Setup Wizard The ch...

Page 35: ...the next page of the Setup Wizard The changes made on the current page will be discarded Next Click to go to the next page of the Setup Wizard 3 3 3 1 3 PPPoE Internet Connection Settings Please select PPPoE from the Connection Type drop down list if your ISP uses PPPoE to establish the Internet connection for you Then the following page will be shown Figure 3 9 Setup Wizard WAN1 WAN2 Settings PPP...

Page 36: ...cifies the model of the 3G USB modem Now the Wireless Router supports many models WCDMA HUAWEI E169 HUEWEI E1750 HUAWEI E261 and ZTE MF637U CDMA2000 HUAWEI EC1260 HUAWEI EC1260_new HUAWEI EC1261 HUAWEI EC177 HUAWEI EC156 HUAWEI EC122 D Link DL 162 U5 TD SCDMA HUAWEI ET128 HUAWEI ET127 ISP It is short for Internet Service Provider a company that provides 3G wireless Internet access service for you ...

Page 37: ...onfigure only the 3G USB Modem and ISP of the 3G Internet connection and leave the other parameters at their default values If necessary please change them under the guidance of a professional 3 3 3 3 APClient Internet Connection Settings In the Setup Wizard APClient Connection Settings page the security settings depend on the value of Security Mode The following sections describe the APClient con...

Page 38: ...e next page of the Setup Wizard 3 3 3 3 2 APClient Connection Settings WEP Figure 3 12 Setup Wizard APClient Connection Settings WEP AP SSID It specifies the SSID of the remote AP It must be between 1 and 32 characters long and it is case sensitive AP MAC Address It specifies the MAC address of the remote AP Security Mode It specifies the security mode to be used by the Wireless Router Here please...

Page 39: ...CII format ASCII WEP keys are case sensitive Default Tx Key It allows you to select one of the WEP keys as the default transmit key to transmit data All keys can be used to receive data WEP Key It allows you to enter a key in one of the WEP Key boxes You can enter up to four WEP keys You should enter a key according to the Key Format and Key Type selected For 64 bit encryption enter 10 hex charact...

Page 40: ...e WPA mode to be used by the Wireless Router The options are WPA PSK and WPA2 PSK WPA PSK It means that the Wireless Router will use WAP PSK security mode WPA2 PSK It means that the Wireless Router will use WAP2 PSK security mode Encrption Method It specifies the encrytion method used for data encryption The options are TKIP and AES TKIP It means that the Wireless Router will use TKIP for data enc...

Page 41: ...s network The options are 11g Only 11n Only and 11b g n Mixed 11g Only In allows both 802 11g and 802 11n wireless clients to connect to the Wireless Router at 802 11g data rates with a maximum speed of 54Mbps 11n Only It only allows 802 11n wireless clients to connect to the Wireless Router at 802 11n data rates with a maximum speed of 300Mbps 11b g n Mixed It allows 802 11b 802 11g and 802 11n w...

Page 42: ...hannel width with the Wireless Router 20M It you select this option 802 11n wireless clients will use 20MHz channel Back Click to go back to the previous page of the Setup Wizard Cancel Click to revert to the last saved settings Exit Click to exit the Setup Wizard and go to the Welcome page see Figure 3 5 The changes made in the Setup Wizard will be discarded Finish Click to save the changes you h...

Page 43: ...rate properly view system status view interface traffic statistics and restart the Wireless Router 4 1 Setup Wizard The Start Setup Wizard can help you configure the basic parameters for the Wireless Router to operate properly Refer to Section 3 3 Setup Wizard for detailed information 4 2 System Status This section describes the Start System Status page where you can view the current status inform...

Page 44: ...gateway and DNS server addresses and up time WAN2 It displays the current status and basic configuration of the WAN2 Internet connection which are the same as those of the WAN1 Internet connection LAN It displays the basic configuration of the LAN inteface which include IP address subnet mask and MAC address Refresh Click to view the latest wired status information 4 2 2 Wireless Status This page ...

Page 45: ...ss subnet mask MAC address default gateway and DNS server addresses and up time APClient It displays the current status and basic configuration of the APClient Internet connection which are the same as those of the 3G Internection connection Wireless LAN It displays the current status and basic configuration of the Wireless LAN which include status operation mode SSID wireless mode channel and MAC...

Page 46: ...ic of each interface For example as shown in Figure 4 3 all of the Wireless Router s interfaces LAN WAN1 WAN2 3G and APClient have been configured Note If the SVG Viewer plug in isn t installed on your web browser the port traffic chart cannot be displayed properly Please click the Please install SVG Viewer if the page cannot be displayed properly hyperlink to download and install the SVG Viewer t...

Page 47: ...ot line is solid Color It specifies the colors of the two lines or filled areas such as red blue black etc Reverse Click to toggle the colors of the two lines or filled areas LAN WAN1 WAN2 APClient and 3G You can select an interface name at the top to view the traffic chart for that interface View Traffic Statistics Click to view the ingress and egress traffic statistics for the interfaces that ha...

Page 48: ...or the interfaces that have been configured 4 4 Restart Figure 4 5 Restart the Wireless Router Restart Click to restart the Wireless Router If you click the Restart button the system will pop up a prompt dialog box see Figure 4 6 Then you can click OK to restart the Wireless Router or click Cancel to cancel the operation Figure 4 6 Prompt Dialog Box Restart the Wireless Router Note Restarting the ...

Page 49: ...is section describes the Network WAN page If you have configured one or more Internet connections in the Start Quick Wizard you can view their configuration and status in this page and modify or delete them if needed You also can directly configure one or more Internet connections in this page 5 1 1 Internet Connection List You can view the configuration and status of each Internet connection in t...

Page 50: ...us of the connection There are four cases 1 PPPoE Connection Status For the PPPoE connection there are two kinds of status see Table 5 1 When it is connected it will also display the elapsed time days hours minutes seconds since connected Status Description Disconnected The connection is disconnected due to that the interface is disabled or not connected or the Wireless Router doesn t dial up yet ...

Page 51: ...ddress and the connection is established successfully Table 5 3 Description of DHCP Connection Status 4 3G Connection Status For the 3G connection there are two kinds of status see Table 5 4 When it is connected it will also display the elapsed time days hours minutes seconds since connected Status Description Disconnected The connection is disconnected due to that the 3G USB modem isn t inserted ...

Page 52: ...ck its Interface hyperlink or icon the related information will be displayed in the setup fields Then modify it and click the Save button Delete an Internet Connection To delete an Internet connection click its Interface hyperlink or icon to select the connection and then click the Delete button below the list Refresh Internet Connection List To view the latest status of the Internet connections c...

Page 53: ...ure 5 4 Internet Connection List DHCP Connection Renew Click to re obtain an IP address from the ISP s DHCP server The Wireless Router will automatically release the assigned IP address firstly and then obtain a new IP address from the DHCP server Release Click to release the IP address obtained from the ISP s DHCP server 5 1 2 Internet Connection Settings If you want to configure an Internet conn...

Page 54: ...estined for one ISP s servers will be forwarded through this ISP s connection 2 If you want to configure and use an APClient Internet connection please choose APClient Mode as the Operation Mode in the Wireless Basic page 5 1 2 1 WAN1 WAN2 APClient Internet Connection Settings For the WAN1 WAN2 or APClient Internet connection there are three connection types which include PPPoE Static IP and DHCP ...

Page 55: ...Mobile None It means that no route policy database is used This option is selected by default Telecom If your ISP is China Telecom you may select this option Then the traffic destined for China Telecom servers will be forwarded through the connection Unicom If your ISP is China Unicom you may select this option Then the traffic destined for China Unicom servers will be forwarded through the connec...

Page 56: ...ts five modes which include Auto Auto negotiation 100M FD 100M Full Duplex 100M HD 100M Half Duplex 10M FD 10M Full Duplex and 10M HD 10M Half Duplex In most cases please leave the default value If a compatibility problem occurred or the network device connected to the WAN interface doesn t support auto negotiation function you may modify it as required Save Click to save your changes Cancel Click...

Page 57: ...ress NAT Mode The device enables NAT function MAC Address It specifies the MAC address of the WAN interface In most cases please leave the default value Interface Mode It specifies the speed and duplex mode of the WAN interface The Device supports five modes which include Auto Auto negotiation 100M FD 100M Full Duplex 100M HD 100M Half Duplex 10M FD 10M Full Duplex and 10M HD 10M Half Duplex In mo...

Page 58: ...omatically re establish the PPPoE connection once disconnected please select this option Manual If you want to connect and disconnect the PPPoE connection manually in the Internet connection List see Section 5 1 1 3 How to Connect and Disconnect a PPPoE 3G Connection please select this option On Demand If you want the Wireless Router to establish the PPPoE connection only when it listens for packe...

Page 59: ...Device supports five modes which include Auto Auto negotiation 100M FD 100M Full Duplex 100M HD 100M Half Duplex 10M FD 10M Full Duplex and 10M HD 10M Half Duplex In most cases please leave the default value If a compatibility problem occurred or the network device connected to the WAN interface doesn t support auto negotiation function you may modify it as required Save Click to save your changes...

Page 60: ...e Click to save your changes Cancel Click to revert to the last saved settings Note It is strongly recommended that you configure only the 3G USB Modem and ISP of the 3G Internet connection and leave the other parameters at their default values If necessary please follow your ISP s instructions to change them After you click the Save button the Wireless Router will start to dial It may take a minu...

Page 61: ...ill monitor an Internet connection by sending detection packets to the specified target IP address Detection Interval It indicates the time interval at which the Wireless Router periodically sends detection packets one packet at a time The default value is 0 which means that connection detection is disabled Retry Times It indicates the number of retries per detection period Detection Period It ind...

Page 62: ...t Else they will use other normal Internet connections to access the Internet Note If you don t want to monitor an Internet connection please leave its Detection Interval at the default value of 0 5 2 1 2 Load Balancing Mode The Wireless Router provides two connection groups primary connection group and backup connection group An Internet connection in the primary connection group is a primary con...

Page 63: ...ll automatically switch back to the primary connection Note During connections switching some user applications such as some online games may be interrupted unexpectedly due to the nature of TCP connection 5 2 2 Load Balancing Global Settings The following sections describe the global settings related to Full Load Balancing and Partial Load Balancing respectively For more information please refer ...

Page 64: ...imary list box is a primary connection Backup It specifies the backup connection group An Internet connection in the Backup list box is a backup connection Select one or more Internet connections in the Primary list box and then click to move the selected connection s to the Backup list box Select one or more Internet connections in the Backup list box and then click to move the selected connectio...

Page 65: ...en you have configured load balancing global settings and connection detection settings you can view the related configuration and status in the Load Balancing List Refresh Load Balancing List Click the Refresh button to view the latest information in the list 5 2 4 Connection Detection Settings You can configure the connection detection related parameters for each Internet connection as required ...

Page 66: ...vert to the last saved settings Back Click to go back to the Load Balancing List page Note The Detection Target IP Detection Interval and Retry Times are connection detection related parameters Please refer to Section 5 2 1 1 Internet Connection Detection Mechanism for more information 5 2 5 Identity Binding When using multiple Internet connections if Load Balancing Policy is set to NAT Session th...

Page 67: ...nection Detection Settings To configure connection detection settings follow these steps Step 1 Go to the Network Load Balancing Load Balancing List page Step 2 Click an Internet connection s Interface hyperlink or icon to go the Connection Detection Settings page Step 3 Configure detection related parameters Detection Target IP Detection Interval Retry Times etc for the selected Internet connecti...

Page 68: ... Mode It specifies the speed and duplex mode of the WAN interface The Device supports five modes which include Auto Auto negotiation 100M FD 100M Full Duplex 100M HD 100M Half Duplex 10M FD 10M Full Duplex and 10M HD 10M Half Duplex In most cases please leave the default value If a compatibility problem occurred or the network device connected to the WAN interface doesn t support auto negotiation ...

Page 69: ...ask that defines the range of the secondary subnet Save Click to save your changes Cancel Click to revert to the last saved settings Note 1 You can assign four IP addresses to the Device s LAN interface to connect four subnets The hosts on the four subnets can communicate with each other 2 If you have changed the LAN IP address and saved the change you should use the new IP address to re login to ...

Page 70: ...gure 5 17 DHCP Server Settings Enable DHCP Server It allows you to enable or disable DHCP server If you want to enable DHCP server on the Wireless Router please select this check box Start IP Address It specifies the first IP address assigned by the DHCP server In most cases this address must be on the same subnet as the Wireless Router s LAN IP address End IP Address It specifies the last IP addr...

Page 71: ...ting as a DNS proxy the Wireless Router listens for incoming DNS requests on the LAN interface relays the DNS requests to the current public DNS servers and replies as a DNS resolver to the requesting local computers ISP DNS Server 1 and ISP DNS Server 2 They specify the IP addresses of the ISP DNS servers Save Click to save your changes Cancel Click to revert to the last saved settings Note 1 If ...

Page 72: ...address and thus that computer will always obtain the same IP address from the DHCP server More specifically each time the specified computer boots and requests its IP address from the Wireless Router s DHCP server the DHCP server will recognize the computer s MAC address and always assign the reserved IP address to it 5 4 2 1 Static DHCP Settings Figure 5 18 Static DHCP Settings User Name It spec...

Page 73: ...ve button View Static DHCP Entry s When you have configured one or more static DHCP entries you can view them in the Static DHCP List Modify a Static DHCP Entry To modify a configured static DHCP entry click its User Name hyperlink or icon the related information will be displayed in the Static DHCP Settings page Then modify it and click the Save button Delete Static DHCP Entry s There are three w...

Page 74: ...ture also needs periodic maintenance So usually there are some users who can t access the Device and Internet To deal with these issues the Device provides DHCP auto binding feature Once the DHCP auto binding is enabled the Device will immediately scan the LAN to detect active hosts connected to the Device learn dynamic ARP information and bind the related valid IP and MAC address pairs After that...

Page 75: ...ing operation Save Click it to save your settings 5 4 4 DHCP Client List Figure 5 21 DHCP Client List IP Address It displays the IP address assigned to the DHCP client Subnet Mask It displays the subnet mask of the current IP address MAC Address It displays the MAC address of the DHCP client Lease Left It displays the time remaining in seconds until the current IP address lease expires Refresh Cli...

Page 76: ...sses is 100 Besides there are two computers that must always have the same IP address one s MAC address is 00 21 85 9B 45 46 and IP address is 192 168 1 15 the other s MAC address is 00 1f 3c 0f 07 f4 and IP address is 192 168 1 16 2 Configuration Steps Step 1 Go to the Network DHCP Server DHCP Server Settings page Step 2 As shown in the following figure select the Enable DHCP Server check box and...

Page 77: ...on to go to the Static DHCP Settings page see Figure 5 23 enter Server1 in the User Name text box 192 168 1 15 in the IP Address text box and 0021859B4546 in the MAC Address text box and then click the Save button Figure 5 23 Adding the Static DHCP Entry 1 Example Step 5 Add the static DHCP entry 2 Click the Add button to go to the Static DHCP Settings page see Figure 5 24 enter Server2 in the Use...

Page 78: ... the MAC Address text box and then click the Save button Figure 5 24 Adding the Static DHCP Entry 2 Example Now you have configured the two static DHCP entries You can view them in the Static DHCP List see Figure 5 25 and you can directly click the icon to modify either of them if desired Figure 5 25 Static DHCP List Example ...

Page 79: ...e suspend or terminate your use of some or all network services at any time for any reason The DDNS service providers supported by UTT Technologies Co Ltd currently provide free DDNS services but they may charge for the DDNS services in the future In this case UTT Technologies Co Ltd will notify you as soon as possible if you refuse to pay for the services you will no longer be able to use them Du...

Page 80: ...t in Host Name It specifies a unique host name of the Router The suffix of no ip biz will be appended to the host name to create a fully qualified domain name FQDN for the Router For example if the Router s host name is uttglobal then its FQDN is uttglobal no ip biz and it allows you to use uttglobal no ip biz to access the Router Free Sign Up Click to sign up the domain name 5 5 3 DDNS Settings 5...

Page 81: ... Router supports two DDNS service providers no ip com and dyndns com Here please select no ip com Registry Website It allows you to click http www no ip com to go to this website to register a DDNS account for the Router Host Name It specifies the host name of the Router It must be identical to the host name that you entered when registering the DDNS account on the website http www no ip com User ...

Page 82: ... to click http www dyndns org to go to this website to register a DDNS account for the Router Host Name It specifies the host name of the Router It must be identical to the host name that you entered when registering the DDNS account on the website http www dyndns org User Name It specifies the user name that you entered when registering your user account on the website http www dyndns org Passwor...

Page 83: ...rompt on the PC for example ping uttglobal no ip biz If the displayed page is similar to the screenshot below the domain name is resolved to an IP address successfully 116 236 120 162 in this example DDNS is updated successfully Note 1 Only when the WAN interface IP address is a public IP address the Internet users can use its mapped domain name to access the Router normally 2 DDNS feature can hel...

Page 84: ...allows any local UPnP enabled device to perform a variety of actions including retrieving the public IP address enumerating existing port mappings and adding or removing port mappings By adding a port mapping a UPnP enabled device opens the related service ports on the Wireless Router to allow outside computers to access 5 6 1 Enable UPnP Figure 5 31 Enable UPnP Enable UPnP It allows you to enable...

Page 85: ...e transport protocol used by the service Remote IP It displays the IP address of the remote computer External Port It displays the external port of the UPnP port forwarding which is opened for outside user to access Description It displays the description of the UPnP port forwarding entry Refresh Click to view the latest information in the list 5 7 Number of WAN HiPER 518W has two WAN ports by def...

Page 86: ... The Wireless Router supports multiple operation modes AP mode AP Client mode and three WDS modes including Repeater mode Bridge mode and Lazy mode The following sections describe the basic wireless settings under each operation mode Note 1 The Wireless Router functions differently under each operation mode Please select the one that best meets your needs 2 After you modify the wireless parameters...

Page 87: ...ss network It is case sensitive It must be identical for all wireless devices in the wireless network Wireless Mode It specifies the wireless standards running on your wireless network The options are 11g Only 11n Only and 11b g n Mixed 11g Only In allows both 802 11g and 802 11n wireless clients to connect to the Wireless Router at 802 11g data rates with a maximum speed of 54Mbps 11n Only It onl...

Page 88: ...te the Wireless Router will periodically broadcast its SSID so that wireless clients can automatically find it to connect to the Wireless Router and join the wireless network identified by the SSID However this feature also makes it easier for hackers to know your SSID and break into your WLAN It is suggested that you disable this feature to improve security of your WLAN In this case you need to m...

Page 89: ...ection 6 1 1 AP Mode for detailed information AP SSID AP MAC Address and Security Mode Refer to Section 3 3 3 3 APClient Internet Connection Settings for detailed information Save Click to save your changes Cancel Click to revert to the last saved settings Note In APClient Mode the Securtiy Mode Channel and Channel Width configured on the Wireless Router must match those on the remote AP Otherwise...

Page 90: ...ode or Lazy Mode that allows it to forward traffic directly to other wireless access points repeaters or routers Note that the Securtiy Mode Channel and Channel Width configured on the Wireless Router must match those on the remote AP and their LAN IP addresses must be on the same subnet 6 1 3 1 Repeater Mode If you want the Wireless Router to operate in repeater mode please select Repeater Mode f...

Page 91: ...ation AP MAC Address It specifies the MAC address of the remote AP Security Mode It specifies the security mode to be used by the Wireless Router There are four options None WEP TKIP and AES None It means that no security mode will be used WEP It means that the Wireless Router will use WEP for data encryption see Figure 6 4 TKIP It means that the Wireless Router will use TKIP for data encryption s...

Page 92: ...nsitive Default Tx Key It allows you to select one of the WEP keys as the default transmit key to transmit data All keys can be used to receive data Key Type It allows you to select the size of each key and it also allows you to disable or enable each key The options are Disabled 64 bit and 128 bit By default Disabled is selected which means the key is of no effect WEP Key It allows you to enter a...

Page 93: ... Key 3 is identical to the remote wireless device s WEP Key 3 2 You must configure at least one WEP key Otherwise the system will pop up a prompt dialog box after you click the Save button see Figure 6 5 Figure 6 5 Key Settings Prompt Dialog Box Figure 6 6 Security Settings TKIP Mode Security Mode It specifies the security mode to be used by the Wireless Router Here please select TKIP Pre shared K...

Page 94: ...dge mode please select Bridge Mode from the Opeartion Mode drop down list see Figure 6 8 In this mode the Wireless Router can connect to other wireless network devices in repeater mode or lazy mode However in this mode wireless clients are unable to connect to the Wireless Router directly Figure 6 8 Basic Wireless Settings Bridge Mode Operation Mode Here please select Bridge Mode The other paramte...

Page 95: ...Figure 6 9 Basic Wireless Settings Lazy Mode Operation Mode Here please select Laze Mode The other paramters are the same as those of Repeater Mode Please refer to Section 6 1 3 1 Repeater Mode for detailed information 6 1 4 Configuration Example for WDS 1 Requirements In this example see Figure 6 10 there are two Wireless Routers Router A and Router B The Wireless Router A operates in Bridge Mode...

Page 96: ... be Lazy Mode or Repeater Mode here we take Lazy Mode for example its SSID security mode and pre shared key must be the same as those of the Wireless Router A Besides we leave the other parameters at their default values on both Routers 1 Configuring the Wireless Router A The following figure shows the detailed settings on the Wireless Router A Note Please enter the Wireless Router B s MAC address...

Page 97: ...6 Wireless http www uttglobal com Page 89 Figure 6 11 Configuration Example for WDS Configuring the Wireless Router A 2 Configuring the Wireless Router B The following figure shows the detailed settings on the Wireless Router B ...

Page 98: ...onnectivity between the Two Routers To verify connectivity between the two Routers you can use the ping command at the command prompt on the Wireless Router B Ping 192 168 1 1 If the displayed page is similar to the screenshot below the connection between the two Routers has been established Figure 6 13 Configuration Example for WDS Verifying Connectivity ...

Page 99: ...WPA PSK WPA2 PSK If you want an open network without wireless security keep the default value of None 6 2 1 Disabling Wireless Security Figure 6 14 Disabling Wireless Security Security Mode It specifies the security mode that you want to use on your wireless network Here please select None to disable wireless securtiy Save Click to save you changes Cancel Click to revert to the last saved settings...

Page 100: ... authenticate Without the correct key authentication will fail and the client won t be allowed to associate with the Wireless Router Key Format It specifies the format for entering the WEP keys The options are Hex and ASCII Hex Select this option if you want to enter the WEP keys in hexadecimal format Hexadecimal digits are a set of characters that includes numbers 0 through 9 and letters A throug...

Page 101: ...PA2 It only allows WPA2 clients to connect to the Wireless Router Encrption Method It specifies the encrytion method used for data encryption The options are Auto TKIP and AES Auto It means that the Wireless Router will automatically choose to use TKIP or AES for data encryption TKIP It means that the Wireless Router will use TKIP for data encryption AES It means that the Wireless Router will use ...

Page 102: ... this mode the Wireless Router uses the pre shared key that is manulally entered to generate encryption keys WPA Mode It specifies the WPA mode that you want to use on your wireless network The options are Auto WPA PSK and WPA2 PSK Auto It allows both WPA and WPA2 clients to connect to the Wireless Router WPA PSK It only allows WPA clients to connect to the Wireless Router WPA2 PSK It only allows ...

Page 103: ...ame pre shared key It must be between 8 and 63 characters long Key Renewal Interval It specifies how often the WPA group key changes The valid range is 60 86400 or 0 and the default value is 3600 seconds Enter 0 to disable automatic renewal Save Click to save your changes Cancel Click to revert to the last saved settings ...

Page 104: ...ess Filtering It allows you to enable or disable MAC address filtering If you want to enable MAC address filtering please select the check box Filtering Mode It specifies the mode of MAC address filtering Allow Choose this option to allow the wireless clients with the MAC addresses listed in the MAC Address Filtering List to connect to the Wireless Router but block all other wireless clients Deny ...

Page 105: ...ss Filtering Entry To modify a configured MAC address filtering entry click its ID hyperlink or icon the related information will be displayed in the setup page Then modify it and click the Save button Delete MAC Address Filtering Entry s There are three ways to delete MAC address filtering entry s 1 To delete a MAC address filtering entry directly click its icon 2 To delete more than one MAC addr...

Page 106: ...ess clients with the MAC addresses listed in the MAC Address Filtering List to connect to the Wireless Router but block all other wireless clients select the Enable MAC Address Filtering check box and choose Allow as the Filtering Mode If you want to block the specified wireless clients from connecting to the Wireless Router but allow all other wireless clients select the Enable MAC Address Filter...

Page 107: ...ddresses 001f3c47f481 and 001f3c0f07f4 to the MAC Address Filtering List Step 4 Select the Enable MAC Address Filtering check box choose Block as the Filtering Mode and then click the Save button Figure 6 22 MAC Address Filtering Global Settings Example Now the configuration is complete and you can view the three MAC address filtering entries in the MAC Address Filtering List If you have entered a...

Page 108: ...e available bandwidth and reduce the throughput of other network packets However frequent RTS packets can help the network to recover from interference or collisions Fragmentation Threshold It speicifies the maximum size of a packet that can be transmitted The packets larger than the specified size will be fragmented before transmission It must be between 256 and 2346 and the default value is 2346...

Page 109: ...e check box to enable short preamble The short preamble can improve network performance Clear the check box to enable long preamble The long preamble ensures compatibilities with some old 802 11b devices that require the long preamble but it can slightly reduce throughout at high data rate Enable WMM It allows you to enable or disable WMM Wi Fi Multimedia WMM is a subset of the 802 11e standard En...

Page 110: ...address of the wireless client Filtered It indicates whether the corresponding MAC address has been added to the MAC Address Filtering List in the Wireless MAC Filtering page If the MAC address has been added to the MAC Address Filtering List the Filtered check box is checked Else the Filtered check box is cleared and in this case you can click the check box to add the MAC address to the MAC Addre...

Page 111: ...dresses On the Internet there is only a single network device using a single or a small group of public IP addresses but the local computers can use any range of private IP addresses and these IP addresses are not visible from the Internet As the internal network can be effectively isolated from the outside world the NAT can also provide the benefit of network security assurance The Router provide...

Page 112: ...nternal IP addresses will be translated to the same external IP address In this type of NAT to avoid ambiguity in the handling of returned packets it must dynamically assign a TCP UDP port to an outgoing session and change the packets source port to the assigned port before forwarding them Besides the Router must maintain a translation table so that return packets can be correctly translated back ...

Page 113: ...ts initiated from outside users the Router will directly forward these requests to the specified DMZ host Note When a local computer is designated as the DMZ host it loses firewall protection provided by the Router As the DMZ host is exposed to many exploits from the Internet it may be used to attack your network 3 The Priorities of Port Forwarding Entries and DMZ Host The port forwarding entries ...

Page 114: ...yed in the setup page Then modify it and click the Save button Delete Port Forwarding Entry s There are three ways to delete port forwarding entry s 1 To delete a port forwarding entry directly click its icon 2 To delete more than one port forwarding entry at a time select the leftmost check boxes of the entries that you want to delete and then click the Delete button 3 To delete all the port forw...

Page 115: ...ce uses only one port number enter 1 Change it if the service uses a range of consecutive ports The maximum value is 20 For example if the start internal port is 20 the start external port is 2000 and the port count is 2 then the internal port range is from 20 to 21 and the external port range is from 2000 to 2001 Bind to It specifies the interface to which this port forwarding entry is bound The ...

Page 116: ...d another new port forwarding entry please repeat the above steps 7 1 2 4 Configuration Example for Port Forwarding An organization wants a LAN server IP Address 192 168 1 99 to open Web service Protocol TCP Port 80 to the outside users And the Router will use 10000 as the external port and the WAN2 IP address 200 200 200 88 in this example as the external IP address Then all the requests to Web s...

Page 117: ...n the related information will be displayed in the setup page Then modify it and click the Save button Delete NAT Rule s There are three ways to delete NAT rules 1 To delete a NAT rule directly click its icon 2 To delete more than one NAT rule at a time select the leftmost check boxes of the NAT rules that you want to delete and then click the Delete button 3 To delete all the NAT rules at a time ...

Page 118: ...e please select EasyIP External IP It specifies the external IP address to which the local computers IP addresses are mapped Start Internal IP and End Internal IP They specify a range of internal IP addresses The local computers within the specified range will preferentially use the NAT rule Bind to It specifies the interface to which the NAT rule is bound Save Click to save your changes Cancel Cl...

Page 119: ...ies the interface to which the NAT rule is bound Save Click to save your changes Cancel Click to revert to the last saved settings Back Click to go back to the NAT Rule List Note 1 When creating a One2One NAT rule you must set the Start External IP The number of the external IP addresses is the same as the number of internal IP addresses which is determined by the Start Internal IP and End Interna...

Page 120: ... the Save button to save the settings You can view the NAT rule in the NAT Rule List Step 7 If you want to add another new NAT rule please repeat the above steps Note If you want to delete NAT rule s please follow the ways described in Section 7 1 3 1 NAT Rule List 7 1 3 4 Configuration Examples for NAT Rule 7 1 3 4 1 An Example for Configuring an EasyIP NAT Rule 1 Requirements In this example an ...

Page 121: ...the Name text box Step 3 Select EasyIP from the NAT Type drop down list Step 4 Enter 218 1 21 3 in the External IP text box enter 192 168 1 10 and 192 168 1 100 in the Start Internal IP and End Internal IP text boxes respectively Step 5 Select WAN1 from the Bind to drop down list Step 6 Click the Save button to save the settings Till now you have finished configuring the NAT rule and you can view ...

Page 122: ...is 192 168 1 0 24 The four local servers IP addresses are from 192 168 1 200 24 to 192 168 1 203 24 2 Analysis Firstly we need to configure a static IP Internet connection on the WAN1 interface in the Network WAN page or through the Start Setup Wizard After you have configured the Internet connection the Router will automatically create a related system reserved EasyIP NAT rule and also enable NAT...

Page 123: ...tively Step 5 Select WAN1 from the Bind to drop down list Step 6 Click the Save button to save the settings Till now you have finished configuring the NAT rule and you can view it in the NAT Rule List 7 1 4 DMZ Figure 7 9 DMZ Host Settings Enable DMZ It allows you to enable or disable DMZ feature If you want to enable DMZ feature on the Router please select this check box DMZ Host IP Address It sp...

Page 124: ...ble By using routing table the Router can select an optimal transmission path for each received packet and forward the packet to the destination site effectively The proper usage of static routes can not only improve the network performance but also achieve other benefits such as traffic control provide a secure network environment The disadvantage of using static routes is that they cannot dynami...

Page 125: ...e a static route directly click its icon 2 To delete more than one static route at a time select the leftmost check boxes of the static routes that you want to delete and then click the Delete button 3 To delete all the static routes at a time directly click the Delete All button 7 2 3 Static Route Settings Figure 7 11 Static Route Settings Name It specifies a unique name of the static route Enabl...

Page 126: ...1 WAN2 APClient and 3G Save Click to save your changes Cancel Click to revert to the last saved settings Back Click to go back to the Static Route List 7 2 4 How to Add Static Routes To add one or more static routes follow these steps Step 1 Go to the Advanced Static Route page and click the Add button to go to the setup page Step 2 Specify the Name for the static route and leave the Enable check ...

Page 127: ... want to delete static route s please follow the ways described in Section 7 3 2 Static Route List 7 3 Policy Routing This section describes the Advanced Policy Routing page Policy Routing provides a tool for forwarding and routing data packets based on the user defined policies Different from the traditional destination based routing mechanism Policy Routing enables you to use policies based on s...

Page 128: ...e source IP addresses of the packets to which the Policy Routing entry applies There are two options IP Range Select it to enter the start and end addresses in the associated text boxes User Group Select it to choose an User Group from the associated drop down list By default the User Group radio button is selected and its value is All Users Destination IP It specifies the destination IP addresses...

Page 129: ...he Policy Routing applies Dest Port end It specified the end destination port to which the Policy Routing applies Schedule Setting It specifies a schedule to restrict when the Policy Routing entry is in effect The default value is Every Day which means the Policy Routing entry will be in effect always Edit Schedule Click it to go to the Application Control Schedule page to add view modify or delet...

Page 130: ...ntries will be of no effect Save Click it to save your settings 7 3 3 Policy Routing List Figure 7 15 Policy Routing List Add a Policy Routing Entry If you want to add a new Policy Routing entry click the Add button to go to the setup page and then configure it lastly click the Save button Enable a Policy Routing Entry The Enable check box is used to enable or disable the corresponding Policy Rout...

Page 131: ...outing Entry The Device allows you to move a Policy Routing entry before another entry in the list the operation is as follows Select the ID of a Policy Routing entry that you want to move from the Move drop down list and another entry s ID from the before drop down list lastly click OK Note that moving a Policy Routing entry in the list doesn t change its ID number 7 4 Anti NetSniper This section...

Page 132: ...ice Save Click it to save your settings Note 1 The LAN hosts basic TCP IP parameters including IP address subnet mask gateway IP address and DNS server IP address should be set properly otherwise plug and play feature cannot act on those hosts 2 Once plug and play is enabled the Device will automatically enable proxy ARP enable DNS proxy and disable IP spoofing defense 3 Once plug and play is enab...

Page 133: ...yslog Server Port It specifies the port used by the syslog server to communicate with the Device In most cases please leave the default value of 514 which is a well known port number Syslog Message Facility It specifies the facility level used for logging The facilities are used to distinguish different classes of syslog messages The available options are local0 local1 through local7 Save Click it...

Page 134: ...munity name is used as a shared secret for SNMP managers to access the SNMP agent and to read the configuration on the device but can t change the configuration on the device SNMP Write Community Name The SNMP write community name is used as a shared secret for SNMP managers to access the SNMP agent and to read and change the configuration on the device SNMP Trap community Name The device will sen...

Page 135: ...rk traffic online Applications of the LAN users and current status information of each user including Rx Tx rate Rx Tx total traffic Internet Application online time etc 8 1 1 User Application Analysis Pie Charts Figure 8 1 User Application Analysis Pie Charts Current Network Traffic Analysis It shows the percentage of network traffic made up by each Application in your network Current Internet Ap...

Page 136: ...ture set in Application Control Application Control page will not take effect 8 1 2 User Status List In User Status List you can view current status of each user including online time Rx Tx rate Rx Tx total traffic Internet Application etc Figure 8 2 User Status List Figure 8 3 User Status List continued The first column in User Status List indicates whether a user s online activities affect work ...

Page 137: ... user Tx Rx Rate Shows the upload download speed of the user Tx Rx Total Shows the total traffic transmitted received by the user Online Time Shows the online time of the user User Group Shows the user group to which the user belongs Internet Application Shows the online activities of the user Setup Click icon and click Clear Statistics to clear the Internet Application statistics of the user Rema...

Page 138: ...ng legal user illegal user and undefined user Legal User A legal user s IP and MAC address pair matches an IP MAC binding whose Allow check box is checked Illegal User An illegal user s IP and MAC address pair matches an IP MAC binding whose Allow check box is cleared or the IP address or MAC address is the same as that of an IP MAC binding but not both Undefined User An undefined user s IP addres...

Page 139: ... packet will be dropped immediately 8 2 2 IP MAC Binding Global Settings Figure 8 4 IP MAC Binding Global Settings Allow Undefined LAN PCs It allows or blocks the undefined local computers from accessing the Router or accessing the Internet through the Router If you want to allow the undefined local computers to access the Router and Internet please select the check box Save Click to save your cha...

Page 140: ...e related information will be displayed in the setup page shown in Figure 8 6 Modifying an IP MAC Binding Then modify it and click the Save button Figure 8 6 Modifying an IP MAC Binding The Allow check box is used to allow or block a user matching an IP MAC binding from accessing the Router and Internet To allow the user matching the IP MAC binding to access select the IP MAC binding s Allow check...

Page 141: ... box you will be prompted that the operation is not permitted see the following figure Figure 8 7 IP MAC Binding Error Message 8 2 4 IP MAC Binding Settings Figure 8 8 IP MAC Binding Settings Subnet It specifies the subnet you want to scan The default is the Router s LAN IP address and subnet mask Scan If you click the Scan button the Router will immediately scan the specified subnet to detect act...

Page 142: ...eate a user name for the computer Note 1 You can use the ipconfig all command at the command prompt to find a Windows based computer s IP address and MAC address 2 For an IP MAC address pair entry entered manually there can be one or more spaces between the IP Address and MAC Address and between the MAC address and User Name 3 The Bind operation will skip any invalid IP and MAC address pairs in th...

Page 143: ...es 8 2 6 Internet Whitelist and Blacklist 8 2 6 1 Introduction to Internet Whitelist and Blacklist Based on IP MAC Binding By utilizing IP MAC binding feature you can flexibly configure an Internet whitelist or blacklist for the LAN users If you want to allow only a small number of LAN users to access the Internet you can configure an Internet whitelist for these users Then all users cannot access...

Page 144: ...f you want to allow a local computer with IP address 192 168 1 2 and MAC address 0021859b4544 to access the Router and Internet you can add its IP MAC address pair into the IP MAC Binding List see Figure 8 9 IP MAC Binding List Example 1 The binding s Allow check box is checked by default so please leave the default value Figure 8 9 IP MAC Binding List Example 1 8 2 6 3 How to Configure an Interne...

Page 145: ...inding into the IP MAC Binding List the IP Address is 192 168 1 3 and the MAC Address is different from any local computer s MAC address 112233445566 here see Figure 8 10 IP MAC Binding List Example 2 Figure 8 10 IP MAC Binding List Example 2 Another example is that if you want to block a local computer with IP address 192 168 1 3 and MAC address 0021859b2564 from accessing the Router and Internet...

Page 146: ... Stage In the PPPoE discovery stage a PPPoE client will find a proper server and then build the connection When a client initiates a PPPoE session it should perform discovery to indentify the PPPoE server s Ethernet MAC address and establish a PPPoE session ID Figure 8 12 PPPoE Discovery Stage Flows As shown in Figure 7 21 the discovery stage includes the following four steps 1 PADI PPPoE Active D...

Page 147: ...d client know the PPPoE session ID and the peer s Ethernet MAC address which together define the PPPoE session uniquely 8 3 1 3 PPP Session Stage In the PPP session stage the server and client perform standard PPP negotiation to establish a PPP connection After the PPP connection is established successfully the original datagram are encapsulated in PPP frames and PPP frames are encapsulated in PPP...

Page 148: ...rop down list Execption Group It specifies an address group that is exempt from the restriction of Mandatory PPPoE Authentication If you select an address group here the LAN users that belong to this address group are exempt from the restriction of Mandatory PPPoE Authentication that is whether it is enabled or not those users may access the Internet through the Device even they aren t PPPoE dial ...

Page 149: ...List Add a PPPoE Account To add a new PPPoE account first click the Add button to go to the setup page next configure it lastly click the Save button Enable a PPPoE Account The Enable check box is used to enable or disable the corresponding PPPoE account The default value is selected which means the PPPoE account is in effect If you want to disable the PPPoE account temporarily instead of deleting...

Page 150: ...ettings page and click the Add button to go to the setup page shown in Figure 8 15 PPPoE Account Settings Figure 8 15 PPPoE Account Settings User Name It specifies a unique user name of the PPPoE account It must be between 1 and 31 characters long The PPPoE server will use User Name and Password to identify the PPPoE client Password It specifies the password of the PPPoE account MAC Binding It spe...

Page 151: ...ress within the range of IP addresses assigned by the PPPoE server Select Account Group Select PPPoE accounts that need to enable account mode The account group is configured in the User Management User Group page Select Account Group in Group Type Account Mode Select the check box to enable account mode Account Effective Date It specifies the start effective date of the PPPoE account If the curre...

Page 152: ...PPPoE server MAC Address It displays the PPPoE dial in user s MAC address Online Time It displays the elapsed time since the PPPoE session was established Tx Rate It displays the real time upload rate in kilobytes per second of the PPPoE dial in user Rx Rate It displays the real time download rate in kilobytes per second of the PPPoE dial in user User Status It displays the PPPoE account status If...

Page 153: ...port function to simplify operation When you want to create a great deal of PPPoE accounts you can import them at a time in the page You can edit them in Notepad and then copy them to the Import PPPoE Accounts list box also you can directly enter them in the Import PPPoE Accounts list box The import contents are User Name Password and Description of each PPPoE account one PPPoE account per line an...

Page 154: ...uthenticated successfully through Web browser 8 4 1 Enable Web Authentication Figure 8 19Enable Web Authentication Enable Web Authentication It allows you to enable or disable web authentication feature By default it is disabled If you select the check box to enable this feature those non PPPoE dial in users cannot access the Internet through the Device unless they are authenticated successfully E...

Page 155: ... Management User Group page Window Title It specifies the title of the web authentication Tips It specifies the tips for users Contact Details It specifies the contact details for users Save Click it to save your settings Background Picture Select Online Picture s URL and fill in the blanket with the online picture s URL Save Click it to save online image s URL Preview Click it to preview the web ...

Page 156: ... 4 3 Web Authentication User Account List Figure 8 21 Web Authentication User Account List Add a Web Authentication User Account If you want to add a web authentication user account click the New button or select the User Account Settings tab to go to setup page and then configure it lastly click the Save button Edit a Web Authentication User Account If you want to modify a configured web authenti...

Page 157: ...user account see figure 11 11 and then click the Save button to save the settings Step 3 Select the User Account List tab and then select the Enable Web Authentication check box Step 4 Launch a web browser enter an Internet domain name or IP address in the address bar and then press Enter the Device will automatically pop up an authentication login page see figure 11 13 Figure 8 22 Web Authenticat...

Page 158: ...UTT Technologies Chapter 8 User Management http www uttglobal com Page 150 Figure 8 23 Web Authentication Prompt Page Note Do not close the prompt page else the user cannot access the Internet ...

Page 159: ...tination or source IP address belongs to the User Group the Device will consider that its IP address matches the access control rule And if the packet also matches other criteria protocol type destination ports schedule etc of the access control rule the Device will consider that the packet matches the access control rule Using User Groups can facilitate the configuration of access control rules F...

Page 160: ...st It displays the members of the User Group A member may be an address range or User Group Click it to move the new address range or selected User Group s to the Address Members list Click it to move the selected address member from the Address Members list box to the left editable list Delete Click it to delete the selected address member from the Address Members list box Save Click it to save t...

Page 161: ... view them in the User Group List Edit an User Group If you want to modify a configured User Group click its Edit hyperlink the related information will be displayed in the setup page Then modify it and click the Save button Delete User Group s If you want to delete one or more User Groups select the leftmost check boxes of them and then click the Delete button Note You cannot delete an User Group...

Page 162: ... Groups and then click to move the selected User Groups to the Address Members list box Step 5 Click the Save button to save the settings You can view the User Group in the User Group List Step 6 If you want to add another new User Group please repeat the above steps 8 5 5 How to Edit an User Group If you want to modify a configured User Group do the following Step 1 Go to the User Management User...

Page 163: ...UTT Technologies Chapter 8 User Management http www uttglobal com Page 155 Step 4 Click the Save button to save the changes to make them take effect ...

Page 164: ...Policy Database 9 1 Schedule This section describes Application Control Schedule page you can configure and view schedules A schedule consists of a start date an end date and optional time periods 1 Schedule List In Schedule List you can add view modify and delete schedules Figure 9 1 Schedule List 2 Schedule Settings To add a new schedule entry go to Application Control Schedule page next click A...

Page 165: ...Effective Date Range Specify the effective date range for the schedule Time Period 1 Time Period 3 Specify further constraints of active time within the specified date range 9 2 Application Control This section describes Application Control Application Control page which includes Internet Application management list and Internet Application management settings ...

Page 166: ... 9 3 Internet Application Management List Enable Internet Application Management Select the check box to enable Internet Application management Note that to use this feature you need to enable Application recognition in User Management User Status page 9 2 2 Internet Application Management Settings To add a new Internet Application management policy go to Application Control Application Control pa...

Page 167: ... to specify a range of IP addresses or select the User Group button to select a user group The members in the group are subject to the Internet Application management policy Schedule Settings Select the days and times when the Internet Application management policy is in effect By default the policy is always in effect IM Software P2P Software Network Video Online Game Shopping Site Social Network...

Page 168: ... 1 141 192 168 1 170 Financial Department 192 168 1 171 192 168 1 180 Now the company wants to manage employee online Application It is required that all the Internet applications provided in Internet Application Management Settings page are blocked during working hours Monday to Friday 09 00 to 18 00 and permitted at other times including weekends But there are two exceptions The CEO and vice CEO...

Page 169: ...y Day check box and select the Mon Tue Wed Thu and Fri check boxes Next choose 09 00 and 18 00 as the daily start time and end time Step 3 Click Save to add this policy to Application Management List 2 Adding Policy 2 Step 1 Go to User Management User Group to add a user group for the Customer Service and Sales Departments employees Group Name is TD_SD_Group Group Type is User Group and it contain...

Page 170: ...pplication management to make the policies take effect as shown in Figure 9 5 The configuration is now complete You can veiw the two policies in Application Management List as shown in Figure 9 5 Figure 9 5 Internet Application Management List Example Figure 9 6 Internet Application Management List Example continued ...

Page 171: ...tion management policies Enable QQ Whitelist Select the check box to enbale QQ whitelist If enabled the QQ numbers in QQ Whitelist are exempt from the Internet Application management policies Add To add a new QQ number click Add to go to QQ Whitelist Settings page and then configure it lastly click Save Export Accounts You can click Export Accounts export all QQ numbers with description to a text ...

Page 172: ... 8 Import QQ Numbers Note The maximum QQ number that can be entered is 4294967295 9 4 MSN Whitelist This section describes Application Control MSN Whitelist page This feature allows you to add a list of MSN accounts that are exempt from the Internet Application management policies set in Application Control Application Control page ...

Page 173: ...describes Application Control Notification page where you can configure daily routine notification and account expiration notification 9 5 1 Daily Routine Notification With the daily routine notification feature when a user attempts to access a Web page the user will receive a notification message in the Web browser After that the user can assess the Internet as usual The Device will only send the...

Page 174: ...feature IP Address Range Specify a range of IP addresses to which you want to send the notification This range can contain up to 65535 IP addresses Notification Title Enter the title of the notification Redirection Time Enter the number of seconds to delay before redirecting Enter 0 if you want to redirect immediately Leave it blank to disable automatic redirection Redirect to URL Enter the URL to...

Page 175: ...fication Enable Select the check box to enable account expiration notification feature Notify X Days before Expiration Date Specify the number of days before the account expiration date so that the notification will be sent to the users from that day onwards Each time a PPPoE user or Web authentication user connects to the Device the notification appears the first time the user attempts to access ...

Page 176: ...ugh the Device and when the user attempts to access a Web site the expiration notification appears in the Web browser 9 6 Application Audit This section describes Application Control Application Audit page On the Device auditing is the process of tracking user online activities When an audited event occurs the Device stores a record of the event to the audit log see Figure 9 12 9 6 1 View Audit Lo...

Page 177: ...09 36 41 Enable QQ Online Offline Log Select the check box to enable QQ online offline log If enabled you can view QQ online and offline activities of internal users in Application Audit page Enable MSN Online Offline Log Select the check box to enable MSN online offline log If enabled you can view MSN online and offline activities of internal users in Application Audit page Enable Email Audit Log...

Page 178: ...IM P2P Stock Network Video Online Game Shopping Site SNS Web Game Forum and Others These policies are referenced by Internet Application management function set in Application Control Application Control page Figure 9 14 Policy Database List Name Shows the name of the policy Type Shows the type of the policy Description Shows the description of the policy It is usually used to describe the purpose...

Page 179: ...ing 10 1 Fixed Rate Limiting This section describes QoS Fixed Rate Limiting page This feature allows you to limit the maximum upload and download speed for the LAN users You can configure different rate limiting rules for different groups of users 10 1 1 Fixed Rate Limiting Rule List In Fixed Rate Limiting Rule List you can add view modify reorder and delete fixed rate limiting rules Figure 10 1 F...

Page 180: ... Range button to specify a range of IP addresses or select the User Group button to select a user group The members in the group are subject to the fixed rate limiting rule Rate Limiting Mode The options are Each and Share Each The specified Max Tx Rx Rate is assigned to each member in the group Share The specified Max Tx Rx Rate is shared by all members in the group Max Tx Rate Specify the maximu...

Page 181: ...nd downlink bandwidth of each Internet connection which are provided by your ISP Note that the number of WAN interfaces depends on the device model 10 3 P2P Rate Limit This section describes the QoS P2P Rate Limit page P2P rate limit feature is specially designed for P2P application The P2P rate limit has the highest priority that is even if you have created rate limit rules for some LAN users in ...

Page 182: ... Rx Rate at most Share If you select this radio button the total Tx Rx rate of all the LAN hosts P2P traffic can reach the value specified by the Max Tx Rx Rate at most Max Tx Rate It specifies the maximum upload rate of the P2P traffic Max Rx Rate It specifies the maximum download rate of the P2P traffic Exception IP Group It specifies an address group that is exempt from the restriction of P2P r...

Page 183: ...t the maximum number of concurrent Sessions per host including maximum total Sessions maximum TCP Sessions maximum UDP Sessions and maximum ICMP Sessions Figure 10 5 Session Limiting Enable Session Limit Select the check box to enable connection limit Max Sessions Enter the maximum number of Sessions allowed per host The default is 1500 Max TCP Sessions Enter the maximum number of TCP Sessions all...

Page 184: ...n appropriately increase Max Sessions and Max TCP Sessions or Max UDP Sessions Note that if they are too large the Device may be unable to prevent DDoS attacks effectively 3 In order for users to access the Internet normally the maximum Sessions cannot be too small It is suggested that Max Sessions Max TCP Sessions Max UDP Sessions and Max ICMP Sessions are larger than or equal to 100 100 50 and 1...

Page 185: ...tack Prevention In this page you can do basic internal Attack Prevention settings to enhance network security The internal Attack Prevention includes three parts Virus Prevention It can effectively protect the Device against popular virus attacks such as Anti Blaster virus attack UDP ICMP SYN flood attack ARP spoofing attack and so on Access Restriction It can effectively protect the Device agains...

Page 186: ... 168 16 66 to a single port on a remote host exceeds the threshold the Device will consider that the LAN host with IP address 192 168 16 66 is performing UDP flood attack and then randomly discard the further UDP packets from that source to that destination In most cases leave Threshold the default value Enable ICMP Flood Prevention It allows you to enable or disable ICMP flood defense If you sele...

Page 187: ...nternal DDoS attacks The Access Restriction rules are as follows 1 Allow any LAN host to use ICMP to access the Device 2 Allow any LAN host to access the UDP port 53 67 or 68 of the Device to ensure that the Device s DNS proxy DHCP server and DHCP client can operate properly 3 Only allow the LAN hosts that belong to the range specified by Start IP to to access the web or telnet service provided by...

Page 188: ...to locate active networks or hosts in most cases it is recommended that you disable WAN ping respond for added security Only in some special cases such as network debugging you need enable this feature Block WAN Ping It is used to block or allow WAN ping If you select the check box to block WAN ping all the WAN interfaces of the Router will not respond to ping requests from the Internet See Figure...

Page 189: ...es from accessing the Internet 11 2 1 2 The Operation Principle of Access Control By default the Router will forward all the valid packets received by the LAN interface because no access rule exists After you have configured some access rules the Router will examine each packet received by the LAN interface to determine whether to forward or drop it based on the criteria you specified in the acces...

Page 190: ...w sexpicture com Of course you can use the full URL like www yahoo com to filter only the specified URL The filtering criteria that you can specify within a URL filtering rule include source IP address filtering content i e URL keyword and schedule 3 Keyword Filtering The keyword filtering rules are used to block users from submitting information to the web page based on keyword that is the inform...

Page 191: ...4 Access Rule List Continue Figure 11 5 Access Rule List Continue Add an Access Rule To add a new access rule first click the Add button to go to the Access Rule Settings page next configure it lastly click the Save button View Access Rule s When you have configured one or more access rules you can view them in the Access Rule List ...

Page 192: ...are three ways to delete access rule s 1 To delete a access rule directly click its icon 2 To delete more than one access rule at a time select the leftmost check boxes of the access rules that you want to delete and then click the Delete button 3 To delete all the access rules at a time directly click the Delete All button 11 2 3 Access Rule Settings The following sections describe three types of...

Page 193: ...ou want to disable the rule temporarily instead of deleting it please clear the check box Source IP Range It specifies a range of source IP addresses i e a group of local computers to which the access rule applies To specify a single local computer enter its address in both text boxes Prority It specifies the priority of the access rule The access rules will be checked against the packets in desce...

Page 194: ...common services and their port numbers Dest Port Start and Dest Port End They specify a range of destination ports to which the access rule applies To specify a single port enter the port number in both text boxes The port number must be between 1 and 65535 Dest IP Start and Dest IP End They specify a range of destination IP addresses to which the access rule applies To specify a single IP addres ...

Page 195: ...ring Here please select URL Filtering Filtering Content It specifies the URL keyword that you want to filter The access rule is used to filter any web pages whose URL contains the specified keyword You can enter part of a URL to match all URLs that contain that string or you can enter the full URL to match only the specified URL Here we give two examples Example 1 If you enter yahoo it will match ...

Page 196: ...lude http 2 The URL filtering rules cannot be used to control users access to other services through a web browser For example to control users access to ftp ftp utt com cn you need to configure an IP filtering rule to allow or deny ftp service 11 2 3 3 Access Rule Settings Keyword Filtering Figure 11 8 Access Rule Settings Keyword Filtering The parameters Name Source IP Range Priority and Action ...

Page 197: ...List Note 1 The keyword filtering rules only support the Deny action 2 The English keyword is case sensitive 11 2 4 Configuration Examples for Access Rule 11 2 4 1 Example 1 Only Allow a Group of Users to Access Certain Services In this example we want to allow a group of users IP address range 192 168 1 10 192 168 1 20 to access web service and block them from accessing any other services We need...

Page 198: ...0 Access Rule List Example 1 Continue Figure 11 11 Access Rule List Example 1 Continue 11 2 4 2 Example 2 Only Block a Group of Users from Accessing Certain Services In this example we want to block a group of users IP address range 192 168 1 80 192 168 1 100 from accessing www bbc com and www cnn com and allow them to ...

Page 199: ...w bbc com Access rule 2 It blocks those users from accessing www cnn com Access rule 3 It allows those users to access all Internet services Therein both rule 1 and rule 2 must have a higher priority than rule 3 Otherwise rule 3 will be matched first This will make those users unable to access www bbc com and www cnn com Figure 11 12 Access Rule List Example 2 Figure 11 13 Access Rule List Example...

Page 200: ...ods We need to create three access rules to meet the requirements Access rule 1 It allows those users to access DNS service during business hours And it is used to ensure that the domain names can be resolved successfully thus the users can access web service properly Access rule 2 It allows those users to access web service during business hours Access rule 3 It blocks those users from accessing ...

Page 201: ... we want to allow a group of users IP address range 192 168 1 10 192 168 1 120 to access web service and block them from accessing all other services The exception is that the user with IP address 192 168 1 16 is allowed to access all Internet services during business hours Monday to Friday 9 00 to 17 00 We need to create four access rules to meet the requirements Access rule 1 It allows the user ...

Page 202: ...T Technologies Chapter 11 Firewall http www uttglobal com Page 194 Figure 11 18 Access Rule List Example 4 Figure 11 19 Access Rule List Example 4 Continue Figure 11 20 Access Rule List Example 4 Continue ...

Page 203: ...n Filtering Global Settings Enable Domain Filtering It allows you to enable or disable domain filtering If you select the check box to enable domain filtering the domain names in the Domain Name List will take effect Else they will be of no effect Save Click to save your changes 11 3 2 Domain Filtering Settings Figure 11 22 Domain Filtering Settings Domain Name It specifies the domain name of the ...

Page 204: ...ames in the Domain Name List at a time directly click the Delete All button Note 1 The Router supports up to 100 domain names 2 The matching rule of domain filtering is whole words matching that is only a domain name matches the whole words of the domain name in the Domain Name List the Router will block access to it 3 You can use the wildcard in a domain name to filter multiple URLs For example i...

Page 205: ...ccess the internal User Name It displays the user name of the MAC address filtering MAC Address It displays MAC addresses in MAC Address Filtering List 11 4 2 MAC Address Filtering Setting Go to MAC Address Filtering List click on Add to go to MAC Address Filtering Setting page User Name It specifies the user name of the MAC address filtering MAC Address The MAC address needs to be filtered Users ...

Page 206: ...ds to be input When you add the MAC addresses the format is MAC space user name For example 0022aaafcdb3 David After finishing all MAC addresses and user name click on Add Note 1 The text box can be edited by paste copy delete and so on 2 Please notice that there are one or more spaces between MAC and user name ...

Page 207: ...ternet The PPTP or server encapsulates the original user packets inside PPP frames before sending them through a PPTP tunnel over the Internet while the peer performs decapsulation firstly and then forward the original packets to their intended destinations As shown in Figure 12 1 the typical application of PPTP is that some laptop or desktop computers act as the PPTP devices that is some employee...

Page 208: ...nformation that identifies the specific PPTP tunnel for the data packet GRE is described in RFC 1701 The use of a separate GRE mechanism for PPTP data encapsulation has an interesting side effect for NAT devices Most NAT devices can translate TCP based packets for PPTP tunnel maintenance However many NAT devices or firewalls cannot handle GRE packets thus the PPTP data packets with the GRE header ...

Page 209: ... user data 1 in Figure 12 2 2 The PPTP s virtual interface listens for the user packets destined for the remote LAN 3 in Figure 12 2 3 The PPTP initiates the PPTP tunnel setup request 4 in Figure 12 2 4 The PPTP receives the user authentication request from the PPTP server and then responds to the request 7 in Figure 12 2 5 The PPTP negotiates with the PPTP server to establish a PPTP tunnel 8 in F...

Page 210: ...ryption mechanisms such as CCP PPE etc to provide data confidentiality 12 1 1 5MTU and Fragmentation The Router will fragment an IP packet if it exceeds the MTU of the outbound physical interface For example a standard Ethernet type interface has a MTU of 1500 bytes thus the Router will fragment a packet exceeding 1500 bytes in order to transmit it over the Ethernet interface With PPTP the additio...

Page 211: ... PPTP Header 30 Bytes at most PPPoE Header 8 Bytes Figure 12 3 PPTP Packet Format Static IP DHCP Internet Connection Figure 12 4 PPTP Packet Format PPPoE Internet Connection Therefore to avoid fragmentation and reassembly in the PPTP switching path the PPTP tunnel MTU should be smaller or equal to 1442 bytes 1500 20 8 30 1442 when the PPTP packets are sent over a static IP or DHCP Internet connect...

Page 212: ...fies a unique name of the PPTP tunnel It is used to identify multiple tunnels User Name It specifies a unique user name of the PPTP It must be between 1 and 31 characters long The remote PPTP server will use the User Name and Password to identify the client Password It specifies a password of the PPTP PPP Authentication It specifies the PPP authentication mode of the PPTP tunnel The available opti...

Page 213: ...te network Server IP Domain Name It specifies the IP address or domain name of the remote PPTP server In most cases you may enter the WAN IP address or domain name of the remote VPN appliance Save Click to save your changes Cancel Click to revert to the last saved settings Back Click to go back to the PPTP List 12 1 3 PPTP Server Settings This section describes the VPN PPTP PPTP Server Global Sett...

Page 214: ...ppliance IP Poor Start Address It specifies the starting IP address assigned from the VPN address pool Number of Addresses It specifies the maximum number of IP addresses that can be assigned from the VPN address pool Server IP Address It specifies the IP address of the PPTP server In most cases you may enter the WAN IP address of the VPN appliance Primary DNS Server It specifies the IP address of...

Page 215: ...al hosts having to use VPN clients In this case either a UTT VPN gateway or compatible VPN appliance can act as a PPTP Mobile User It allows remote individual users to securely connect over public networks like the Internet In this case a laptop or desktop computer will act as a PPTP User Name It specifies a unique user name of the PPTP It should be between 1 and 31 characters long The PPTP server...

Page 216: ... the registered TCP port 1723 to transmit control messages When NAT is enabled on the UTT VPN gateway in order for the IPSec tunnel to be established and function properly the UTT VPN gateway will automatically create two port forwarding rules after you have configured a PPTP server or client entry You can go to the NAT Port Forwarding page to view them in the Port Forwarding List ID is pptp proto...

Page 217: ...fter the Router has successfully established a PPTP tunnel with the remote PPTP server you will see that the tunnel s Status changes from Disconnected to Connected the Up Time timer starts and the Out Bytes and In Bytes will go on increasing as long as there is some network traffic being passed through the PPTP tunnel ...

Page 218: ... Enable check box is used to enable or disable the corresponding PPTP server or client entry The default value is checked which means the entry is in effect If you want to disable a PPTP server or client entry temporarily instead of deleting it please click its Enable check box to remove the check mark Edit a PPTP Client or Server Entry If you want to modify a configured PPTP client or server entr...

Page 219: ...eploy a HiPER 518W Router acting as a PPTP at the branch office and another VPN appliance a UTT VPN gateway is recommended acting as a PPTP server at the head office The IP addresses are as follows The HiPER 518W PPTP at the branch office LAN Subnet 192 168 1 0 255 255 255 0 LAN Interface IP Address 192 168 1 1 255 255 255 0 The VPN appliance PPTP Server at the head office LAN Subnet 192 168 123 0...

Page 220: ...e of the most widely used VPN security technologies today IPSec is a set of open standards and protocols to implement network secure communication which provides two security mechanisms encryption and authentication Encryption mechanism is used to ensure data confidentiality and authentication mechanism is used to ensure that data is from the claimed sender and not destroyed or tampered during tra...

Page 221: ...at both have dynamic IP addresses 12 2 1 1Concepts and Protocols In order for the IPSec tunnel to be established and function properly the two IPSec endpoints must agree on the SAs The IPSec SAs determine a number of security parameters like security protocol security algorithms and keys SA lifetime etc necessary to secure and maintain the IPSec tunnel effectively An SA is uniquely identified by t...

Page 222: ...choose to provide all of the supported security services including data confidentiality data integrity data origin authentication and anti replay for the data which are currently the highest level of data protection services in the IP network The IPSec architecture is shown in Figure 12 11 IPSec Architecture Figure 12 11 IPSec Architecture IPSec supports two methods to create security associations...

Page 223: ...el Mode the IPSec AH and or ESP header is appended to the front of the original IP header and then a new IP header is appended to the front of the IPSec header The source and destination IP addresses in the new IP header are those of the two endpoints of the IPSec tunnel respectively The entire original IP packet can be encrypted authenticated or both With AH the AH and new IP headers can also be ...

Page 224: ... more than 20 parameters that need to be configured at each endpoint Manual key management is feasible for small VPN networks such as a network with a few VPN appliances where the distribution maintenance and tracking of keys are not difficult However for large VPN networks with a large number of VPN appliances across great distances this method is often unreliable or infeasible When a key is init...

Page 225: ...ssociations SAs The concept of a Security Association SA is fundamental to IPSec An SA is a relationship between two IPSec endpoints that describes how the endpoints will use security services to communicate Each SA consists of a set of security parameters like security protocol ESP or AH encryption and or authentication algorithms session keys SA lifetime and so on Because an IPSec SA is simplex ...

Page 226: ...se 1 proposal By default the UTT VPN gateway provides four phase 1 proposals which include 3des md5 group2 3des sha group2 des md5 group2 des sha group2 It also allows you to specify phase 1 proposals as required In the Web UI it allows you to configure up to four phase 1 proposals You can go to the VPN IPSec IPSec Settings page to configure the Preshared Key and then click the Advanced Options hy...

Page 227: ...sponder accepts the proposed SA authenticates the initiator and sends a nonce i e random number its IKE identity and its certificates if it is being used Third message The initiator authenticates the responder confirms the exchange and sends its certificates if it is being used The weakness of using aggressive mode is that it does not provide identity protection because the identities of both side...

Page 228: ...Phase 2 the two IPSec endpoints also exchange security proposals to determine which security parameters to be used in the IPSec SAs A phase 2 proposal consists of one or two IPSec security protocols either ESP or AH or both the encryption and or authentication algorithms used with the selected security protocol and a Diffie Hellman if Perfect Forward Secrecy PFS is desired Note that the UTT VPN ga...

Page 229: ...s in a false connection SAs are normal but the tunnel is disconnected where packets are tunneled to oblivion Therefore it is necessary that either endpoint can detect a dead peer as soon as possible a method called Dead Peer Detection DPD is used to achieve this purpose DPD has smaller cost than SA renegotiation so it is always performed at a higher frequency 2 DPD Dead Peer Detect Dead Peer Detec...

Page 230: ...Sec Settings page to click the Advanced Options hyperlink and then configure the filter parameters including Protocol and Port to define the packets that are protected by IPSec section6 1 2 1 and 6 1 2 2 2 Creation Method Once the PPTP tunnel parameters have been configured properly the system will automatically create a virtual interface for the new tunnel to transmit data and add two routes poin...

Page 231: ...PSec SAs that is an IPSec tunnel After the IPSec tunnel is established the UTT VPN gateway will do the required IPSec processing e g encryption and or authentication before sending the packet to the remote endpoint through the tunnel and the remote endpoint will do the required IPSec processing e g authentication and or decryption before sending the packet to its intend destination In the CLI you ...

Page 232: ... policy in the SPD 3 3 IKE phase 1 negotiation takes place started by the initiator and the IKE SA is established 4 Refer to section 4 2 1 3 for more information 4 IKE phase 2 negotiation takes place and the IPSec SAs are established 5 The initiator uses ESP and or AH to protect the user data i e original packets 6 5 The initiator sends the IPSec packets to the responder through the IPSec tunnel 7...

Page 233: ...te IPSec SAs as required 14 Refer to section 4 2 1 4 for more information Note In Manual Key mode IKE phase 1 and phase 2 negotiations are not required because all the necessary SA parameters are defined during the configuration of the IPSec tunnel 12 2 1 9MTU and Fragmentation The UTT VPN gateway will fragment an IP packet if it exceeds the MTU of the outbound physical interface For example a sta...

Page 234: ...illustrates the format of the IPSec packet to be sent over a static IP or DHCP Internet connection and Figure 12 18 IPSec Packet Format PPPoE Internet Connection illustrates the format of the IPSec packet to be sent over a PPPoE Internet connection Therein the sizes of standard Ethernet MTU and each encapsulation header are as follows Ethernet MTU 1500 Bytes IP Header 20 Bytes AH Header 20 Bytes a...

Page 235: ...ets IPSec NAT T is designed to solve the problems inherent in using IPSec with NAT During IKE phase 1 negotiation the two IPSec NAT T capable endpoints can automatically determine Whether both of the IPSec endpoints can perform IPSec NAT T If there are any NAT devices along the path between them If both of these two conditions are true the two endpoints will automatically use IPSec NAT T to send I...

Page 236: ... value so you cannot create a new IPSec session Figure 12 20 Viewing IPSec Sessions Limit Related System Log CLI In the Web UI you can go to the Status System Log page view the related system log As shown inFigure 12 21 Viewing IPSec Sessions Limit Related System Log Web UI the log Max VPN Sessions Cannot set up a new IPSec session means that the number of active VPN sessions has reached the maxim...

Page 237: ...onnection Type It specifies the role of the UTT VPN gateway in the IPSec tunnel establishment The available options are Bidirectional Originate Only and Answer Only Here please select Bidirectional Gateway IP Domain Name Remote It specifies the IP address or domain name of the device at the other end of the IPSec tunnel Note If you enter a domain name you should configure at least one DNS server o...

Page 238: ...bnet IP text box and its mask in the Subnet Mask text box if you want to define a host please enter the IP address of that host in the Subnet IP text box and 255 255 255 255 in the Subnet Mask text box Preshared Key It specifies a preshared key for IKE negotiation It should be no more than 128 characters long Note that you must enter the same preshared key at the remote IPSec device P2 Encrypt Aut...

Page 239: ...hentication for the local UTT gateway is required that is the local UTT gateway should provide its identity information to the remote IPSec endpoint for authentication but the identity authentication for the remote IPSec endpoint is optional ID Type Remote It specifies the type of remote ID The available options are Domain Name Email Address IP Address and Other In this connection type it is an op...

Page 240: ... a required parameter Please enter an ID value according to the selected ID Type Local 3 Answer Only Static to Dynamic IPSec VPN If the local UTT VPN gateway has a static IP address and the remote endpoint another UTT VPN gateway or compatible VPN appliance has a dynamically assigned IP address you can choose Answer Only as the connection type see Figure 12 24 IPSec Settings AutoKey IKE Answer Onl...

Page 241: ... gateway to authenticate the remote IPSec device ID Value Remote It specifies the identity of the remote IPSec device In this connection type it is an optional parameter Please enter an ID value according to the selected ID Type Remote ID Type Local It specifies the type of local ID The available options are Domain Name Email Address IP Address and Other In this connection type it is an optional p...

Page 242: ...UTT Technologies Chapter 12 VPN http www uttglobal com Page 234 Figure 12 25 IPSec Settings AutoKey IKE Advanced Options Main Mode ...

Page 243: ... them Exchange Mode It specifies the exchange mode used for IKE phase 1 negotiation The available options are Main and Aggressive If the Connection Type is Bidirectional you should choose Main mode else you should choose Aggressive mode SA Lifetime Phase 1 It refers to IKE SA lifetime which specifies the number of seconds at least 600 seconds an IKE SA will exist before expiring A new IKE SA is ne...

Page 244: ...ateway will periodically send DPD heartbeat messages at the specified time interval set by the Heartbeat Interval to the remote IPSec device to verify its availability Heartbeat Interval It specifies a time interval in seconds at which the UTT VPN gateway will periodically send DPD heartbeat messages to the remote IPSec device to verify its availability PFS Perfect Forward Secrecy Enable NAT trave...

Page 245: ...y three 6 3 3 1 53 phase 2 proposals supported The details are as follows 1 There are five phase 2 proposals for using ESP encryption only For example the proposal esp des means ESP encryption with DES algorithm 2 There are two phase 2 proposals for using ESP authentication only For example the proposal esp md5 means ESP authentication with MD5 algorithm 3 There are two phase 2 proposals for using...

Page 246: ... proposals in the CLI 12 2 3 IPSec List Figure 12 27 IPSec List After you have finished configuring an IPSec entry you can view its configuration and status information in the IPSec List see Figure 12 27 IPSec List The parameter definitions are as follows ID It is used to identify each IPSec tunnel in the list Enable Enable or disable the IPSec tunnel The box is checked by default You can disable ...

Page 247: ...2TP virtual interface it will display the corresponding tunnel s ID Local Subnet It displays the Subnet IP Local you specify in the VPN IPSec IPSec Settings page Connect In the AutoKey IKE mode the IPSec tunnel establishment can be triggered manually or by traffic If you want to establish an IPSec tunnel manually select the leftmost check box of the corresponding entry and then click the Connect b...

Page 248: ...er Answer Only Static to Dynamic IPSec VPN The local UTT VPN gateway has a static IP address while the remote endpoint another UTT VPN gateway or compatible VPN appliance has a dynamic IP address In this case the local UTT VPN gateway can only act as a responder and the remote endpoint should provide its identity information such as an Email address a domain name etc for authentication Originate O...

Page 249: ...hase 2 proposal is esp aes256 md5 ah sha in addition the preshared key is testing and the IP addresses are as follows The UTT VPN gateway at the head office WAN Interface IP Address 200 200 202 123 24 Default Gateway IP Address 200 200 202 254 24 LAN Interface IP Address 192 168 123 1 24 The UTT VPN gateway at the branch office WAN Interface IP Address 200 200 202 16 24 Default Gateway IP Address ...

Page 250: ...255 0 Bind to Local WAN1 Subnet IP Local 192 168 16 1 Subnet Mask Local 255 255 255 0 Preshared Key testing P2 Encrypt Auth Algorithms 1 esp aes256 md5 ah sha 3 Viewing the IPSec tunnel status After you have configured IPSec parameters on both UTT VPN gateways the IPSec tunnel establishment can be triggered manually or by traffic On the UTT VPN gateway you can go to the VPN IPSec IPSec List page t...

Page 251: ... the connection type In this case the local UTT VPN gateway can only act as a responder and both IPSec endpoints should use aggressive mode for phase 1 IKE negotiation Figure 12 30 Network Topology UTT VPN Gateway to UTT VPN Gateway Answer Only In this scenario seeFigure 12 30 Network Topology UTT VPN Gateway to UTT VPN Gateway Answer Only we deploy two UTT VPN gateways at a company one is located...

Page 252: ...168 123 1 24 The UTT VPN gateway at the branch office WAN Interface IP Address Dynamic DHCP LAN Interface IP Address 192 168 16 1 24 1 Configuring the UTT VPN gateway at the head office Go to the VPN IPSec IPSec Settings page make the following settings leave the default values for the other parameters and then click the Save button Key Mode AutoKey IKE Connection Type Answer Only Gateway IP Domai...

Page 253: ...e 3 Viewing the IPSec tunnel status After you have configured IPSec parameters on both UTT VPN gateways the IPSec tunnel establishment can be triggered manually or by traffic On the UTT VPN gateway you can go to the VPN IPSec IPSec List page to view the configuration of the IPSec tunnel including the Remote Gateway Remote Subnet IP Bind to and Local Subnet IP see Figure 12 31 Responder s IPSec Lis...

Page 254: ...way to UTT VPN Gateway Answer Only 2 Viewing the UTT VPN gateway at the branch office The following figure shows the configuration and status of the IPSec tunnel on the UTT VPN gateway with a dynamic IP address at the branch office Figure 12 32 Initiator s IPSec List UTT VPN Gateway to UTT VPN Gateway Answer Only ...

Page 255: ...dress PPPoE or DHCP and the remote endpoint another UTT VPN gateway or compatible VPN appliance has a static IP address you can choose Originate Only as the connection type In this case the local UTT VPN gateway can only act as an initiator and both IPSec endpoints should use aggressive mode for phase 1 IKE negotiation Please refer to section 12 2 5 2 for detailed information ...

Page 256: ...ts 13 1 1 Administrator List Figure 13 1 Administrator List Add an Administrator Account To add a new administrator account first click the Add button to go to the setup page next configure it lastly click the Save button View Administrator Account s When you have configured one or more administrator accounts you can view them in the Administrator List Modify an Administrator Account To modify a c...

Page 257: ...it 13 1 2 Administrator Settings Figure 13 2 Administrator Settings User Name It specifies a unique login name case sensitive of the administrator Password It specifies a login password case sensitive of the administrator This password will be required to login to the Router in the future Confirm Password You should re enter the password Save Click to save your changes Cancel Click to revert to th...

Page 258: ...n the Internet It is suggested that you choose SNTP to automatically synchronize time in most cases Figure 13 3 System Time Settings Current System Time It displays the Router s current date YYYY MM DD and time HH MM SS Time Zone It specifies the time zone for your local time To ensure that SNTP operates properly you must select the correct time zone Set Time Manually If you want to set the date Y...

Page 259: ...imary server the default is 192 43 244 18 and the Server 2 is the first backup server the default is 129 6 15 28 and the Server 3 is the second backup server the default is 0 0 0 0 Save Click to save your changes Cancel Click to revert to the last saved settings Note For more information about SNTP or to find an SNTP server with which you can synchronize the system clock please refer to http www n...

Page 260: ...t file on your local computer 13 3 2 Restore Configuration Figure 13 5 Restore Configuration Reset to Factory Defaults before Restore If you select this check box it will reset the Router to factory default settings before importing the configuration file else import the file directly Select a Configuration File Click the Browse button to choose an appropriate configuration file or enter the file ...

Page 261: ... Note 1 After performing the reset operation you must manually restart the Router in order for the default settings to take effect 2 The reset operation will clear all of the Router s custom settings It is strongly recommended that you backup the current configuration before resetting 3 The default administrator user name and password both are admin case sensitive The default LAN IP address is 192...

Page 262: ...hese steps Step 1 Downloading the latest firmware Click the Download Firmware hyperlink to download the latest firmware from the website of UTT Technologies Co Ltd Note 1 Please select the appropriate firmware file according to the product model 2 It is recommended that you go to the Administration Configuration to backup the Router s current configuration before upgrade Step 2 Choosing the firmwa...

Page 263: ...when the Router is under light load 2 If you upgrade firmware timely the Router will have more functionality and better performance The right upgrade will not change the Router s current settings 3 To avoid any unexpected error or unrecoverable hardware damage do not power off the Router during upgrading 4 After the upgrade is complete the Router will automatically restart in order for the new fir...

Page 264: ...nagement is enabled Here you can select only one interface To enable HTTP remote management on multiple interfaces at the same time you need to go to the Advanced NAT DMZ Port Forwarding page to create port forwarding entry s for the other interface s Save Click to save your changes Cancel Click to revert to the last saved settings Note 1 To ensure security it is strongly recommended that you don ...

Page 265: ...ns are Weekly Daily Hourly Minutely Start Time It specifies the time at which the Router will start the task Its settings depend on the value of Repeat Task Content It specifies the content of the task Now the Router only provide one option Restart which means that the Router will restart itself periodically Save Click to save your changes Cancel Click to revert to the last saved settings Back Cli...

Page 266: ...w them in the Scheduled Task List Modify a Scheduled Task To modify a configured scheduled task click its User Name hyperlink or icon the related information will be displayed in the setup page Then modify it and click the Save button Delete Scheduled Task s There are three ways to delete scheduled task s 1 To delete a scheduled task directly click its icon 2 To delete more than one scheduled task...

Page 267: ...version and system log 14 1 Interface Status In Status Interface Status page you can view the configuration and status information of each interface 14 2 System Information This section describes the Status System Info page which includes the current system time system up time system resources usage information SN firmware version and system log System information can help you identify and diagnos...

Page 268: ... installed on the Router System Log It records the events that occur in the system such as system startup wireless enabled and so on Refresh Click to view the latest system information Note The CPU and Memory are displayed as a status bar and percentage value The color of the status bar indicates the usage percentage for each resource When the percentage is below 1 the bar is blank When the percen...

Page 269: ...og It allows you to enable or disable notification log If you want the Device to store and display the notice related logs in the System Log please select this check box Enable ARP Log It allows you to enable or disable ARP log If you want the Device to store and display the ARP related logs in the System Log please select this check box Enable PPPoE Log It allows you to enable or disable PPPoE lo...

Page 270: ... 00 22 aa The old MAC address of the specified user ARP SPOOF 192 168 1 1 The MAC address of the user with IP address 192 168 1 1 has changed Session Up PPPOE The Device has successfully established a session whose name is PPPOE PPPoE Up 00 22 aa 5d 63 6f The Device has successfully established a PPPoE connection with the remote device whose MAC address is 00 0c f8 f9 66 c6 Call Connected _netiNet...

Page 271: ...AN eth2 eth5 WAN1 WAN4 Route Down ethX The static routes bound to the specified physical interface became inactive Usually due to that the corresponding Internet connection became inactive NAT exceeded IP Address The specified host has exceeded the maximum NAT sessions limited by the Device Usually due to that this host is infected with a virus or it is using hacker attack software If the host is ...

Page 272: ...1 Support As shown in Figure 15 1 it allows you to click each Learn More hyperlink to directly open the corresponding page of the UTT website UTTCare Link to the support page of the UTT website to download product data and get help Forum Link to the forum page of the UTT website to participate in product discussions Knowledge Link to the knowledge base page of the UTT website to learn more about o...

Page 273: ...iguring TCP IP settings with DHCP The following describes the two ways respectively Method One Manually Configuring TCP IP To configure the TCP IP protocol manually follow these steps 1 On the Windows taskbar click Start Settings Control Panel 2 Double click the Network Connections icon right click the Local Area Connection icon and select Properties On the General tab see Figure A 0 1 in the This...

Page 274: ...llowing DNS server address option enter the primary DNS server IP address in the Preferred DNS server text box and enter the secondary DNS server IP address in the Alternate DNS server text box optional A DNS query is sent to the primary DNS server at first If the primary DNS server is unable to service the query the query will be sent to the secondary DNS server 5 Click the OK button Now you have...

Page 275: ...A 0 3 select the Obtain an IP address automatically option and Obtain DNS server address automatically option Figure A 0 3 Internet Protocol TCP IP Properties 5 Click the OK button Now you have finished configuring the TCP IP settings Note In Windows XP the TCP IP stack is a core component of the operating system Therefore you cannot remove TCP IP in Windows XP However if you have network connecti...

Page 276: ...268 c Click Install d Click Protocol and then click Add e Click Have Disk f In the Copy manufacturer s files from box type System_Drive_Letter windows inf and then click OK g In the list of available protocols click Internet Protocol TCP IP and then click OK h Restart your computer ...

Page 277: ...r the Internet connection you can choose Always On as the Dial Type else you can choose On Demand or Manual as the Dial Type and specify the Idle Timeout to avoid wasting online time due to that you forget to hang up the connection in time Step 6 If you choose Manual as the Dial Type you need to dial up manually in the Internet Connection List on the Network WAN page Refer to Section 5 1 1 3 for m...

Page 278: ...AN port of the Wireless Router Step 3 Configure the Static IP Internet connection related parameters in the Start Setup Wizard or the Network WAN page Step 4 After the Static IP connection is established successfully you can view its configuration and status information in the Internet Connection List on the Network WAN page Step 5 Configure the local computers according to the steps described in ...

Page 279: ... and then change the MAC address of the corresponding interface lastly click the Save button Step 4 After the DHCP Internet connection is established successfully you can go to the view its configuration and status information in the Internet Connection List on the Network WAN page such as Status Connected means the connection is established successfully the connection s IP address and Gateway ass...

Page 280: ...ess a free IP address in 192 168 1 0 24 in IP address box 255 255 255 0 in Subnet mask box and enter the IP address of your default gateway in Default Gateway box Select Use the following DNS server addresses and enter the IP addresses of DNS servers in Preferred DNS Server and Alternate DNS Server optional boxes If the primary DNS server is unreachable the secondary DNS server is used 5 Click OK ...

Page 281: ... following Select Use the following IP address enter the static IP address a free IP address in 192 168 1 0 24 in IP address box 255 255 255 0 in Subnet mask box and enter the IP address of your default gateway in Default Gateway box Select Use the following DNS server addresses and enter the IP addresses of DNS servers in Preferred DNS Server and Alternate DNS Server optional boxes If the primary...

Page 282: ...t settings via the Web UI The operation is as follows Go to the Administration Configuration page and then click the Reset button in the Reset to Factory Defaults configuration field lastly manually restart the Wireless Router Case Two Forget the administrator password If you forget the administrator password you cannot login to the Wireless Router s Web UI However you can reset the Wireless Route...

Page 283: ...IP in IP Tunnel Driver TCP 6 Transmission Control Protocol EGP 8 Exterior Gateway Protocol IGP 9 Interior Gateway Protocol PUP 12 PARC Universal Packet Protocol UDP 17 User Datagram Protocol HMP 20 Host Monitoring Protocol XNS IDP 22 Xerox NS IDP RDP 27 Reliable Datagram Protocol GRE 47 General Routing Encapsulation ESP 50 Encap Security Payload AH 51 Authentication Header RVD 66 MIT Remote Virtua...

Page 284: ...me 13 tcp daytime 13 udp qotd 17 tcp Quote of the day qotd 17 udp Quote of the day chargen 19 tcp Character generator chargen 19 udp Character generator ftp data 20 tcp FTP data ftp 21 tcp FTP control telnet 23 tcp smtp 25 tcp Simple Mail Transfer Protocol time 37 tcp timserver time 37 udp timserver rlp 39 udp Resource Location Protocol nameserver 42 tcp Host Name Server nameserver 42 udp Host Nam...

Page 285: ... Service pop2 109 tcp Post Office Protocol Version 2 pop3 110 tcp Post Office Protocol Version 3 sunrpc 111 tcp SUN Remote Procedure Call sunrpc 111 udp SUN Remote Procedure Call auth 113 tcp Identification Protocol uucp path 117 tcp nntp 119 tcp Network News Transfer Protocol ntp 123 udp Network Time Protocol epmap 135 tcp DCE endpoint resolution epmap 135 udp DCE endpoint resolution netbios ns 1...

Page 286: ...htweight Directory Access Protocol https 443 tcp MCom https 443 udp MCom microsoft ds 445 tcp microsoft ds 445 udp kpasswd 464 tcp Kerberos v5 kpasswd 464 udp Kerberos v5 isakmp 500 udp Internet Key Exchange exec 512 tcp Remote Process Execution biff 512 udp login 513 tcp Remote Login who 513 udp cmd 514 tcp syslog 514 udp printer 515 tcp talk 517 udp ntalk 518 udp efs 520 tcp Extended File Name S...

Page 287: ...adm 749 tcp Kerberos administration kerberos adm 749 udp Kerberos administration kerberos iv 750 udp Kerberos version IV kpop 1109 tcp Kerberos POP phone 1167 udp Conference calling ms sql s 1433 tcp Microsoft SQL Server ms sql s 1433 udp Microsoft SQL Server ms sql m 1434 tcp Microsoft SQL Monitor ms sql m 1434 udp Microsoft SQL Monitor wins 1512 tcp Microsoft Windows Internet Name Service wins 1...

Page 288: ...ologies Appendix D Common Service Ports http www uttglobal com Page 280 radacct 1813 udp RADIUS accounting protocol nfsd 2049 udp NFS server knetd 2053 tcp Kerberos de multiplexor man 9535 tcp Remote Man Server ...

Page 289: ...up Wizard APClient Connection Settings WPA PSK WAP2 PSK 32 Figure 3 14 Setup Wizard Wireless Settings 33 Figure 4 1 System Status Wired Status 36 Figure 4 2 System Status Wireless Status 37 Figure 4 3 Interface Traffic Chart 38 Figure 4 4 Traffic Statistics 39 Figure 4 5 Restart the Wireless Router 40 Figure 4 6 Prompt Dialog Box Restart the Wireless Router 40 Figure 5 1 Internet Connection List 4...

Page 290: ...Settings WEP Mode 84 Figure 6 5 Key Settings Prompt Dialog Box 85 Figure 6 6 Security Settings TKIP Mode 85 Figure 6 7 Security Settings AES Mode 85 Figure 6 8 Basic Wireless Settings Bridge Mode 86 Figure 6 9 Basic Wireless Settings Lazy Mode 87 Figure 6 10 Configuration Example for WDS Network Topology 88 Figure 6 11 Configuration Example for WDS Configuring the Wireless Router A 89 Figure 6 12 ...

Page 291: ... User Status List 128 Figure 8 3 User Status List continued 128 Figure 8 4 IP MAC Binding Global Settings 131 Figure 8 5 IP MAC Binding List 132 Figure 8 6 Modifying an IP MAC Binding 132 Figure 8 7 IP MAC Binding Error Message 133 Figure 8 8 IP MAC Binding Settings 133 Figure 8 9 IP MAC Binding List Example 1 136 Figure 8 10 IP MAC Binding List Example 2 137 Figure 8 11 IP MAC Binding List Exampl...

Page 292: ...ure 11 3 Access Rule List 183 Figure 11 4 Access Rule List Continue 183 Figure 11 5 Access Rule List Continue 183 Figure 11 6 Access Rule Settings IP Filtering 185 Figure 11 7 Access Rule Settings URL Filtering 187 Figure 11 8 Access Rule Settings Keyword Filtering 188 Figure 11 9 Access Rule List Example 1 190 Figure 11 10 Access Rule List Example 1 Continue 190 Figure 11 11 Access Rule List Exam...

Page 293: ... Originate Only 231 Figure 12 24 IPSec Settings AutoKey IKE Answer Only 232 Figure 12 25 IPSec Settings AutoKey IKE Advanced Options Main Mode 234 Figure 12 26 IPSec Settings AutoKey IKE Advanced Options Aggressive Mode 235 Figure 12 27 IPSec List 238 Figure 12 28 Network Topology UTT VPN Gateway and UTT VPN Gateway Bidirectional 241 Figure 12 29 IPSec List UTT VPN Gateway and UTT VPN Gateway Bidi...

Page 294: ... Figure A 0 2 Internet Protocol TCP IP Properties 266 Figure A 0 3 Internet Protocol TCP IP Properties 267 Figure B 0 1 Viewing PPPoE Connection Status in the Internet Connection List 269 Figure B 0 2 Viewing PPPoE Connection Status in the Internet Connection List Continue 270 Figure B 0 3 Viewing DHCP Connection Status in the Internet Connection List 271 Figure B 0 4 Viewing DHCP Connection Statu...

Page 295: ...Front Panel 15 Table 2 2 Description of Ports on the Rear Panel 16 Table 2 3 Description of Components on the Rear Panel 16 Table 5 1 Description of PPPoE Connection Status 42 Table 5 2 Description of Static IP Connection Status 43 Table 5 3 Description of DHCP Connection Status 43 Table 5 4 Description of 3G Connection Status 43 Table 12 1 Four Types of IPSec VPN Configuration 213 Table 12 2 Desc...

Search results

Summary of Contents for HiPER 518W

Reviews:

Related manuals for HiPER 518W

Brands by name

Popular brands

UTT HiPER 518W, Advanced Configuration Manual

Search results

Summary of Contents for HiPER 518W

Reviews:

Related manuals for HiPER 518W

Brands by name

Popular brands