background image

(Wireless) ADSL VPN Firewall Router with 3DES Accelerator 
 
 

Chapter 4: Configuration 

 

 

 

65 

 

URL Filter 

URL (Uniform Resource Locator – e.g. an address in the form of 

http://www.abc.com

 or 

http://www.example.com

) filter rules allow you to prevent users on your network from 

accessing particular websites by their URL. There are no pre-defined URL filter rules; you 
can add filter rules to meet your requirements.  

 

Enable/Disable:

 To enable or disable URL Filter feature. 

Always Block:

 Select to always check the URL filter rules (i.e. at all hours of the day). 

Block from: 

Specify the time period to check the URL filter rules (e.g. during work hours). 

Keywords Filtering:

 Allows blocking by specific keywords within a particular URL rather 

than having to specify a complete URL (e.g. to block any image called “advertisement.gif”). 
When enabled, your specified keywords list will be checked to see if any keywords are 
present in URLs accessed to determine if the connection attempt should be blocked. Please 
note that the URL filter blocks web browser (HTTP) connection attempts using port 80 only. 

For example, if the URL is 

/abcde.html

, it will be dropped as the keyword “abcde” occurs in 

the URL. 

 

Содержание HRDSL742

Страница 1: ...Version Release 1 54c HRDSL742 HRDSL742W Wireless ADSL VPN Firewall Router User s Manual...

Страница 2: ......

Страница 3: ...T LEDS 6 THE REAR PORTS 7 CABLING 8 C CH HA AP PT TE ER R 3 3 B BA AS SI IC C I IN NS ST TA AL LL LA AT TI IO ON N 9 9 CONNECTING YOUR ROUTER 9 CONFIGURING PCS IN WINDOWS 10 For Windows XP 10 For Wind...

Страница 4: ...e Area Network 35 ISP 35 DNS 45 ADSL 46 System 47 Time Zone 47 Remote Access 48 Firmware Upgrade 49 Backup Restore 50 Restart Router 51 User Management 52 Firewall and Access Control 53 General Settin...

Страница 5: ...t 109 SAVE CONFIGURATION TO FLASH 113 LOGOUT 114 C CH HA AP PT TE ER R 5 5 T TR RO OU UB BL LE ES SH HO OO OT TI IN NG G 1 11 15 5 PROBLEMS STARTING UP THE ROUTER 115 PROBLEMS WITH THE WAN INTERFACE 1...

Страница 6: ......

Страница 7: ...speed suiting their needs and budgets It is compliant with Multi Mode standard ANSI T1 413 Issue 2 G dmt G 992 1 G lite G992 2 The Annex A and B are supported in different H W platforms Wireless Ethe...

Страница 8: ...his router will be forwarded to the real DNS in the outside network Dynamic Domain Name System DDNS The Dynamic DNS service allows you to alias a dynamic IP address to a static hostname This dynamic I...

Страница 9: ...outing capability Simple Network Management Protocol SNMP It is an easy way to remotely manage the router via SNMP Web based GUI Supports web based GUI for configuration and management It is user frie...

Страница 10: ...Router with 3DES Accelerator Chapter 1 Introduction 4 Wireless ADSL Router Wireless ADSL Router Figure 1 1 Application Diagram of Wireless ADSL Router Thank you for your purchase and welcome to the w...

Страница 11: ...er 12V DC 1A Quick Start Guide DO NOT use the Wireless ADSL Router in high humidity or high temperatures DO NOT use the same power source for the Wireless ADSL Router as other equipment DO NOT open or...

Страница 12: ...mail in the Inbox 12 ADSL Lit when successfully connected to an ADSL DSLAM linesync 8 11 LAN Port 1X 4X RJ 45 connector Lit when connected to an Ethernet device Green for 100Mbps Orange for 10Mbps Bli...

Страница 13: ...s is used when you cannot login to the router E g forgot the password 4 LAN 1X 4X RJ 45 connector Connect a UTP Ethernet cable Cat 5 or Cat 5e to one of the four LAN ports when connecting to a PC or a...

Страница 14: ...using the proper cables Ensure that all other devices connected to the same telephone line as your router e g telephones fax machines analogue modems have a line filter connected between them and the...

Страница 15: ...he PC to get an IP address automatically from the router using DHCP If you encounter any problems accessing the router s web interface it may also be advisable to uninstall any kind of software firewa...

Страница 16: ...Connection See Figure 3 1 3 In the LAN Area Connection Status window click Properties See Figure 3 2 4 Select Internet Protocol TCP IP and click Properties See Figure 3 3 5 Select the Obtain an IP ad...

Страница 17: ...ion See Figure 3 5 3 In the LAN Area Connection Status window click Properties See Figure 3 6 4 Select Internet Protocol TCP IP and click Properties See Figure 3 7 5 Select the Obtain an IP address au...

Страница 18: ...IP NE2000 Compatible or the name of any Network Interface Card NIC in your PC See Figure 3 9 3 Click Properties 4 Select the IP Address tab In this page click the Obtain an IP address automatically ra...

Страница 19: ...1 Go to Start Settings Control Panel In the Control Panel double click Network and choose the Protocols tab 2 Select TCP IP Protocol and click Properties See Figure 3 12 3 Select the Obtain an IP addr...

Страница 20: ...d password are admin and admin respectively LAN and WAN Port Addresses The parameters of LAN and WAN ports are pre set in the factory The default values are shown below LAN Port WAN Port IP address 19...

Страница 21: ...em DNS IP address it can be automatically assigned by your ISP when you connect or be set manually PPPoA VPI VCI VC based LLC based multiplexing Username Password and Domain Name System DNS IP address...

Страница 22: ...browser enter the IP address of your router which by default is 192 168 1 254 and click Go a user name and password window prompt will appear The default username and password are admin and admin See...

Страница 23: ...ng Status ARP Table Wireless Association Routing Table DHCP Table PPTP Status IPSec Status L2TP Status Email Status Event Log Error Log NAT Sessions and UPnP Portmap Quick Start Configuration LAN WAN...

Страница 24: ...rface of your PCs to use with the router s Firewall MAC Address Filter function See the Firewall section of this manual for more information on this feature IP Address A list of IP addresses of device...

Страница 25: ...sk The destination netmask address Gateway Interface The IP address of the gateway or existing interface that this route will use Cost The number of hops counted as the cost of the route RIP Routing T...

Страница 26: ...d Table IP Address The IP address that assigned to client Client UID hw addr The MAC address of client Client Host Name The Host Name Computer Name of client Expiry The current lease time of client Ex...

Страница 27: ...articular PPTP connection in your VPN configuration Type The type of connection dial in dial out Enable Whether the connection is currently enabled Active Whether the connection is currently active Tu...

Страница 28: ...gned to the particular VPN entry Active Whether the VPN Connection is currently Active Connection State Whether the VPN is Connected or Disconnected Statistics Statistics for this VPN Connection Local...

Страница 29: ...in dial out Enable Whether the connection is currently enabled Active Whether the connection is currently active Tunnel Connected Whether the VPN Tunnel is currently connected Call Connected If the Ca...

Страница 30: ...hen the router s ADSL connection is disconnected as well as Firewall events when you have enabled Intrusion or Blocking Logging in the Configuration Firewall section of the interface Please see the Fi...

Страница 31: ...ction lists all current NAT sessions between interface of types external WAN and internal LAN UPnP Portmap The section lists all port mapping established using UPnP Universal Plug and Play Please see...

Страница 32: ...you will need for the Quick Start wizard to get you online are your login often in the form of username ispname your password and the encapsulation type Your ISP will be able to supply all the detail...

Страница 33: ...ffered by your ISP If the scan is successful you will then be presented with a list of supported options Select the desired option from the list and click Apply to return to the Quick Start interface...

Страница 34: ...ibed below in the following sections LAN Local Area Network There are four items within the LAN section Ethernet Wireless Wireless Security Port Setting and DHCP Server Ethernet The router supports tw...

Страница 35: ...can discover the Access Point AP in question Regulation Domain There are five Regulation Domains for you to choose from including North America N America Europe France etc The Channel ID will be diff...

Страница 36: ...ed Key WPA Algorithms TKIP Temporal Key Integrity Protocol utilizes a stronger encryption method and incorporates Message Integrity Code MIC to provide protection against hackers WPA Shared Key The ke...

Страница 37: ...fined algorithm in WEP64 or WEP128 You can input the same string in both the AP and Client card settings to generate the same WEP keys Please note that you do not have to enter Key 0 3 as below when t...

Страница 38: ...types to solve compatibility issues The default is Auto which users should keep unless there are specific problems with PCs not being able to access your LAN IPv4 TOS priority Control Advanced users T...

Страница 39: ...PCs to the IP address of the router by default this is 192 168 1 254 To configure the router s DHCP Server check DHCP Server and click Next You can then configure parameters of the DHCP Server includ...

Страница 40: ...you check DHCP Relay Agent and click Next then you will have to enter the IP address of the DHCP server which will assign an IP address back to the DHCP client in the LAN Use this function only if adv...

Страница 41: ...are two items within the WAN section ISP DNS and ADSL ISP The factory default is PPPoE If your ISP uses this access protocol click Edit to input other parameters as below If your ISP does not use PPP...

Страница 42: ...ncapsulation method Select the encapsulation format the default is LlcBridged Select the one provided by your ISP DHCP client Enable or disable the DHCP client specify if the Router can get an IP addr...

Страница 43: ...e Enter the username provided by your ISP You can input up to 128 alphanumeric characters case sensitive This will usually be in the format of username ispname instead of simply username Password Ente...

Страница 44: ...Selects encapsulation mode true for using LLC or false for using VC Mux Create Route This setting specifies whether a route is added to the system after IPCP Internet Protocol Control Protocol negoti...

Страница 45: ...PP peer Once IPCP has discovered the DNS server IP address it automatically gives the address to the local DNS client so that a connection can be established Give DNSto DHCP Server Similar to the abov...

Страница 46: ...method Select the encapsulation format this is provided by your ISP Ether Filter Type Specify the type of ethernet filtering performed by the named bridge interface All Allows all types of ethernet p...

Страница 47: ...s the Internet directly the NAT function can be disabled Username Enter the username provided by your ISP You can input up to 128 alphanumeric characters case sensitive This will usually be in the for...

Страница 48: ...ute will be created which directs packets to the remote end of the PPP link Specific Route Specifies whether the route created when a PPP link comes up is a specific or default route If set to enabled...

Страница 49: ...established Give DNSto DHCP Server Similar to the above but gives the DNS server address to the DHCP server Discover Primary NBNS Discover Secondary NBNS This setting enables disables whether the pri...

Страница 50: ...nternet directly the NAT function can be disabled DHCP client Enable or disable the DHCP client specifying if the router can obtain an IP address from the Internet Service Provider ISP automatically o...

Страница 51: ...P Address is hard to remember the DNS converts the friendly name into its equivalent IP Address You can obtain a Domain Name System DNS IP address automatically if your ISP has provided it when you lo...

Страница 52: ...active true again for taking effect with setting of Connect Mode Coding Gain Configure the ADSL coding gain from 0 dB to 7dB or automatic Tx Attenuation Setting ADSL transmission gain the value is bet...

Страница 53: ...button After a successful connection to the Internet the router will retrieve the correct local time from the SNTP server you have specified If you prefer to specify an SNTP server other than those in...

Страница 54: ...r LAN select a time period the router will permit remote access for and click Enable You may change other configuration options for the web administration interface using Device Management options in...

Страница 55: ...lows it to operate and provides all its functionality Think of your router as a dedicated computer and the firmware as the software it runs Over time this software may be improved and modified and you...

Страница 56: ...aking any significant changes to your router s configuration Press Backup to select where on your local PC to save the settings file You may also change the name of the file when saving if you wish to...

Страница 57: ...ation If you wish to restart the router using the factory default settings for example after a firmware upgrade or if you have saved an incorrect configuration select Factory Default Settings to reset...

Страница 58: ...ce you have clicked on Edit you are shown the following options You can change the user s password whether their account is active and Valid as well as add a comment to each user account These options...

Страница 59: ...at cannot be directly accessed from the Internet Firewall Prevents access from outside your network The router provides three levels of security support NAT natural firewall This masks LAN users IP ad...

Страница 60: ...Filter rules To prevent unauthorized computers accessing the Internet URL Filter To block PCs on your local network from unwanted websites You can find six items under the Firewall section General Se...

Страница 61: ...LAN and outbound LAN to Internet packets will be blocked Users have to add their own filter rules for further access to the Internet High Medium Low security level the pre defined port filter rules fo...

Страница 62: ...Wireless ADSL VPN Firewall Router with 3DES Accelerator Chapter 4 Configuration 56 Packet Filter...

Страница 63: ...CP 6 53 53 NO YES NO YES YES YES FTP 21 TCP 6 21 21 NO NO NO YES NO YES Telnet 23 TCP 6 23 23 NO NO NO YES NO YES SMTP 25 TCP 6 25 25 NO YES NO YES NO YES POP3 110 TCP 6 110 110 NO YES NO YES NO YES N...

Страница 64: ...und and the other is outbound The rules can be set to prevent unauthorized users hosts or network to access the Internet from LAN outbound and or access LAN from the Internet inbound Host IP Address T...

Страница 65: ...whether the firewall is set to a high medium or low security level To setup a web server located on the local network when the firewall is enabled you have to configure the Port Filters setting for H...

Страница 66: ...defined port filter rules screen in this case for the low security level shown below 3 Click Delete to delete the existing HTTP rule 4 Click Add TCP Filter 5 Input the port number 80 and set both Inb...

Страница 67: ...ettings so that incoming HTTP requests on port 80 will be forwarded to the PC running your web server To enable the HTTP service in Virtual Server settings input the web server PC s IP address Tip If...

Страница 68: ...cklist function such as Land attack and Echo CharGen scan Block Duration DoS Attack Block Duration This is the duration for blocking hosts that attempt a possible Denial of Service DoS attack Possible...

Страница 69: ...P Victim Protection Yes Yes Land attack SrcIP DstIP Yes Yes Echo CharGen Scan UDP Echo Port and CharGen Port Yes Yes Echo Scan UDP Dst Port Echo 7 Src IP Scan Yes Yes CharGen Scan UDP Dst Port CharGen...

Страница 70: ...ic from specified machines or else to block specific machines from accessing your LAN There are no pre defined MAC address filter rules you can add the filter rules to meet your requirements Enable Di...

Страница 71: ...ys check the URL filter rules i e at all hours of the day Block from Specify the time period to check the URL filter rules e g during work hours Keywords Filtering Allows blocking by specific keywords...

Страница 72: ...tch either of the above two items it is sent to the remote web server 4 Please be note that the domain only should be specified not the full URL For example to block traffic to www sex com enter sex o...

Страница 73: ...elerator Chapter 4 Configuration 67 Firewall Log Firewall Log display log information of any unexpected action with your firewall settings Check the Enable box to activate the logs Log information can...

Страница 74: ...router support three main types of VPN Virtual Private Network PPTP IPSec and L2TP and these are the two major section choices from the menu on the left PPTP There are two types of PPTP VPN supported...

Страница 75: ...enter your own password PPP Authentication Type Default is Auto if you want the router to determine the authentication type to use or else manually specify CHAP Challenge Handshake Authentication Prot...

Страница 76: ...key will be changed every 256 packets when you select Stateful mode If you select Stateless mode the key will be changed in each packet Idle Time Auto disconnect the VPN connection when there is no a...

Страница 77: ...If you are a Dial In user server enter your own username Password If you are a Dial Out user client enter the password provided by the your Host If you are a Dial In user server enter your own passwor...

Страница 78: ...keys provide stronger encryption than 40 bit keys Mode You may select Stateful or Stateless mode The key will be changed every 256 packets when you select Stateful mode If you select Stateless mode t...

Страница 79: ...Wireless ADSL VPN Firewall Router with 3DES Accelerator Chapter 4 Configuration 73 IPSec Click Create to configure a new IPSec VPN connection...

Страница 80: ...1 1 i e 192 168 1 1 through to 192 168 1 254 IP Range The IP address range of the local network For example IP 192 168 1 1 end IP 192 168 1 10 Remote Secure Gateway Address or hostname The IP address...

Страница 81: ...Advanced Encryption Standards it uses 128 bits as an encryption method Perfect Forward Secrecy Choose whether to enable PFS using Diffie Hellman public key cryptography to change encryption keys duri...

Страница 82: ...tay active before new encryption and authentication key will be exchanged There are two kinds of SAs IKE and IPSec IKE negotiates and establishes SA on behalf of IPSec an IKE SA is used by IKE Phase 1...

Страница 83: ...wall Router with 3DES Accelerator Chapter 4 Configuration 77 L2TP There are two types of L2TP VPN supported Remote Access and LAN to LAN please refer below for more information Click Create to configu...

Страница 84: ...Out user client enter the password provided by your Host If you are a Dial In user server enter your own password PPP Authentication Type Default is Auto if you want the router to determine the authen...

Страница 85: ...method AES Stands for Advanced Encryption Standards it uses 128 bits as an encryption method Perfect Forward Secrecy Choose whether to enable PFS using Diffie Hellman public key cryptography to chang...

Страница 86: ...the Peer Network IP setting Username If you are a Dial Out user client enter the username provided by your Host If you are a Dial In user server enter your own username Password If you are a Dial Out...

Страница 87: ...uses 56 bits as an encryption method 3DES Stands for Triple Data Encryption Standard it uses 168 56 3 bits as an encryption method AES Stands for Advanced Encryption Standards it uses 128 bits as an e...

Страница 88: ...s a PPTP VPN connection with the head office using Microsoft s VPN Adapter included with Windows 2000 ME etc The router is installed in the head office connected to a couple of PCs and Servers Configu...

Страница 89: ...e worker Username username 3 Password 123456 Input username password to authenticate remote worker Auth Type Chap Auto Data Encryption Auto Key Length Auto 4 Mode stateful Keep as default value in mos...

Страница 90: ...nection A company s office establishes a PPTP VPN connection with a file server located at a separate location The router is installed in the office connected to a couple of PCs and Servers Configurin...

Страница 91: ...IP Username username 3 Password 123456 A given username password Auth Type Chap Auto Data Encryption Auto Key Length Auto 4 Mode stateful Keep as default value in most of the cases PPTP server client...

Страница 92: ...AN to LAN PPTP VPN Connection The branch office establishes a PPTP VPN tunnel with head office to connect two private networks over the Internet The routers are installed in the head office and branch...

Страница 93: ...92 168 1 200 IP address assigned to branch office network Peer Network IP 192 168 0 0 Branch office network 3 Netmask 255 255 255 0 Username username 4 Password 123456 Input username password to authe...

Страница 94: ...Dial out 2 Server IP Address or Hostname 69 121 1 33 IP address of the head office router in WAN side Peer Network IP 192 168 1 0 3 Netmask 255 255 255 0 Head office network Username username 4 Passw...

Страница 95: ...ocal Router IP 69 1 121 30 69 1 121 3 Remote Network ID 192 168 1 0 24 192 168 0 0 24 Remote Router IP 69 1 121 3 69 1 121 30 IKE Pre shared Key 12345678 12345678 VPN Connection Type Tunnel mode Tunne...

Страница 96: ...Address 192 168 1 0 2 Netmask 255 255 255 0 Head office network 3 Secure Gateway Address or Hostname 69 121 1 30 IP address of the head office router in WAN side Subnet Check Subnet radio button IP Ad...

Страница 97: ...heck Subnet radio button IP Address 192 168 0 0 2 Netmask 255 255 255 0 Branch office network 3 Secure Gateway Address or Hostname 69 121 1 3 IP address of the head office router in WAN side Subnet Ch...

Страница 98: ...le Configuring a Remote Access L2TP VPN Dial in Connection A remote worker establishes a L2TP VPN connection with the head office using Microsoft s VPN Adapter included with Windows XP 2000 ME etc The...

Страница 99: ...gned to Dialing User 192 168 1 200 An assigned IP address for the remote worker Username username 3 Password 123456 Input username password to authenticate remote worker 4 Auth Type Chap Auto Keep as...

Страница 100: ...figuration 94 Example Configuring a Remote Access L2TP VPN Dial out Connection A company s office establishes a L2TP VPN connection with a file server located at a separate location The router is inst...

Страница 101: ...d server IP Username username 3 Password 123456 A given username password 4 Auth Type Chap Auto Keep as default value in most of the cases 5 Idle Timeout 0 The connection will be disconnected when the...

Страница 102: ...lerator Chapter 4 Configuration 96 Example Configuring your Router to Dial in to the Server Currently Microsoft Windows operation system does not support L2TP incoming service Additional software may...

Страница 103: ...es a L2TP VPN tunnel with head office to connect two private networks over the Internet The routers are installed in the head office and branch office accordingly Both office LAN networks MUST in diff...

Страница 104: ...1 200 IP address assigned to branch office network Peer Network IP 192 168 0 0 Branch office network 3 Netmask 255 255 255 0 Username username 4 Password 123456 Input username password to authenticat...

Страница 105: ...out 2 Server IP Address or Hostname 69 121 1 33 IP address of the head office router in WAN side Peer Network IP 192 168 1 0 3 Netmask 255 255 255 0 Head office network Username username 4 Password 12...

Страница 106: ...ur network traffic for each application from LAN Ethernet and or Wireless to WAN Internet It facilitates you to control the different quality and speed of through put for each application when the sys...

Страница 107: ...to activate the function Application A name that identifies an existing rule Priority High or Low the priority for existing rule All of traffic will be set to normal priority until you change it The...

Страница 108: ...A name that identifies an existing rule Protocol The name of supported protocol Source Port The source port of packets to be monitored Destination Port The destination port of packets to be monitored...

Страница 109: ...icly accessible IP address will be used by and point to your router which then needs to deliver all traffic to the private IP addresses used by your PCs Please see the WAN configuration section of thi...

Страница 110: ...your router needs to allow outside users to access internal servers e g a web server FTP server Email server or game server the router can act as a virtual server You can set up a local server with a...

Страница 111: ...es If you have disabled the NAT option in the WAN ISP section the Virtual Server function will hence be invalid Attention If the DHCP server option is enabled you have to be very careful in assigning...

Страница 112: ...here are four items within the Advanced section Static Route Dynamic DNS Checking Email and Device Management Static Routing Click on Routing Table and then choose Create Route add a routing table Des...

Страница 113: ...by your ISP You will first need to register and establish an account with the Dynamic DNS provider using their website for example http www dyndns org There are more than 5 DDNS services supported Dis...

Страница 114: ...the routers Emailing checking function The following fields will be activated and required Account Name Enter the name login of the POP3 account you wish to check Normally it is the text in your email...

Страница 115: ...if for example they are running a web server on a PC within their LAN Management IP Address You may specify an IP address allowed to logon and access the router s web server Setting the IP address to...

Страница 116: ...2800 It is highly recommended for users to use this port value If this value conflicts with other ports already being used you may wish to change the port SNMP Access Control Software on a PC within t...

Страница 117: ...as the SNMPv2 standard SNMPv3 is a strong authentication mechanism authorization with fine granularity for remote monitoring Traps supported Cold Start Authentication Failure The following MIBs are s...

Страница 118: ...12 pppLink group pppLqr group From RFC 1472 PPP Security MIB PPP Security Group From RFC 1473 PPP IP MIB PPP IP Group From RFC 1474 PPP Bridge MIB PPP Bridge Group From RFC1573 IfMIB ifMIBObjects Grou...

Страница 119: ...iguration 113 Save Configuration to Flash After changing the router s configuration settings you must save all of the configuration parameters to FLASH to avoid them being lost after turning off or re...

Страница 120: ...y one PC accessing the configuration web pages at a time Once a PC has logged into the web interface other PCs cannot get access until the current PC has logged out of the web interface If the previou...

Страница 121: ...forgotten your router login and or password Try the default login and password please refers to Chapter 3 If this fails you can restore your router to its factory settings by holding the Reset button...

Страница 122: ...all line filters are correctly installed and the right way around Missing line filters or line filters installed the wrong way around can cause problems with your ADSL connection including causing fr...

Отзывы: