Niveo NR-70 Скачать руководство пользователя страница 159 | Manualshive

Страница: 159 / 186

background image

}

The parameters

Gateway IP/Domain Name (Remote)

,

Subnet IP (Remote)

,

Subnet

Mask (Remote)

,

Bind to (Local)

,

Subnet IP (Local)

,

Subnet Mask (Local)

,

Preshared Key

, and

P2 Encrypt/Auth Algorithms 1

are the same as those in the

Bidirectional

connection type, please refer to the detailed descriptions of them.

The difference is that this connection type requires identity authentication. Specifically,
the identity authentication for the remote IPSec endpoint is required, that is, the
remote IPSec endpoint should provide its identity information to the local Device for
authentication; but the identity authentication for the local Device is optional.

ID Type (Remote):

Specify the type of remote ID. The available options are

Domain Name

,

Email Address

, and

IP Address

. In this connection type, it is a

required parameter. You must select one type and then specify

ID Value

(Remote)

to allow the local Device to authenticate the remote IPSec device.

ID Value (Remote):

Specify the identity of the remote IPSec device. In this

connection type, it is an optional parameter. Please enter an ID value according
to the selected

ID Type (Remote)

.

ID Type (Local):

Specify the type of local ID. The available options are

Domain

Name

,

Email Address

, and

IP Address

. In this connection type, it is an optional

parameter. If you want the local Device to be authenticated, please select one
type and then specify

ID Value (Local)

.

ID Value (Local):

Specify the identity of the local Device. In this connection type,

it is a required parameter. Please enter an ID value according to the selected

ID

Type (Local)

.

2) Advanced Parameters Settings

Click the

Advanced Options

hyperlink to view and configure advanced parameters.

In most cases, you need not configure them. In the

Bidirectional

connection type,

you should choose

Main

mode as the exchange mode for phase 1 IKE negotiation; in

the

Originate-Only

or

Answer-Only

connection type, you should choose

Aggressive

mode.

«
...
157
158
159
160
161
...
»

Содержание NR-70

Страница 1: ...User Manual NR 70 Router Prelimary version 2 8...

Страница 2: ...uced transmitted transcribed stored in a retrieval system or translated into any language without written permission from the copyright holders The scope of delivery and other details are Other tradem...

Страница 3: ...pter 3 Start Menu 11 3 1 Setup Wizard 11 3 1 1 Running the Setup Wizard 11 3 1 2 Setup Wizard WAN1 Settings 12 3 2 Interface Status 13 3 3 Interface Traffic 13 3 4 Restart Device 15 Chapter 4 Network...

Страница 4: ...ication 37 4 6 UpnP 38 4 7 Number of WAN 39 Chapter 5 Advanced Menu 40 5 1 NAT DMZ 40 5 2 Static Route 51 5 3 Policy Routing 53 5 4 Anti NetSniper 56 5 5 Plug and Play 56 5 6 Port Mirroring 57 5 7 Sys...

Страница 5: ...iltering Settings 127 9 3 2 Domain Block Notification 128 9 4 MAC Address Filtering 129 Chapter 10 VPN Menu 132 10 1 Introduction to VPN Technologies 132 10 2 PPTP 133 10 3 IPSec 144 Chapter 11 System...

Страница 6: ...action Text Box Allows you to enter text information List Box Allows you to select one or more items from a static multiple line text box Drop down List Allows you to choose one item from a list When...

Страница 7: ...wn in the following table Parameter Default Value Description User Name admin Both the User Name and Password are case sensitive Password admin LAN IP Address 192 168 1 1 255 255 255 0 You can use thi...

Страница 8: ...oduct Figure 1 1 Front Panel_NR70 LED Description PWR The Power LED indicator is on when the Device is powered on SYS The LED indicator blinks twice per second when the system is working properly and...

Страница 9: ...pin or paperclip to press and hold the Reset button for more than 5 seconds and then release the button After that the Device will restart with the factory default settings Note The reset operation wi...

Страница 10: ...C with an Ethernet card and TCP IP installed 3 Network devices like hub switch wireless access point 4 Network cables 5 Screwdriver 6 Power outlet 1 4 Installation Procedure Follow these steps to inst...

Страница 11: ...hands dry 1 Power off your PC s CableDSL modem and the Device 2 Connect the Cable DSL modem to the Device s WAN port 3 Connect one end of an Ethernet cable to one of the LAN ports on the Device and t...

Страница 12: ...computer to a LAN port of the Device or connect the computer to the Device through wireless Step 2 Install TCP IP protocol on your computer If it is already installed please skip this step Step 3 Con...

Страница 13: ...fault the computer s IP address must be an unused IP address in the 192 168 1 0 24 subnet Pinging 192 168 1 1 with 32 bytes of data Request timed out Request timed out Request timed out Request timed...

Страница 14: ...of the Device s web based utility launch your web browser and enter the Device s default IP address 192 168 1 1 in the URL filed Then press the Enter key Figure 2 1 Address Bar Step 2 A login screen p...

Страница 15: ...the UTT website to find more products Forum Click to go to the forum home page on the UTT website to participate in product discussions Feedback Click to send us your feedback by email 1 On left side...

Страница 16: ...ct the Device to the Internet Even unfamiliar with the product you still can follow the instructions to complete the setup easily 3 1 1Running the Setup Wizard The first page appears is Setup Wizard i...

Страница 17: ...izard WAN1 Settings There are three connection types you can configure for WAN Internet connection PPPoE Static IP and DHCP For the detail information you can refer to the chapter 4 1 WAN Figure 3 3 S...

Страница 18: ...of each physical interface If you want to view the rate chart of an interface click the corresponding interface name hyperlink In the interface rate chart the abscissa x axis shows the time axis and...

Страница 19: ...rate of the physical interface since last opened the current page Total Displays the total RX or TX traffic of the physical interface since last opened the current page LAN WANx Click the interface n...

Страница 20: ...cking the Restart button the system will pop up a dialog Then you can click the OK button to restart the Device or click the Cancel button to cancel the operation Figure 3 7 Restart Device Note Becaus...

Страница 21: ...various settings We will describe the settings for each connection type respectively Figure 4 1 Select Connection Type 4 1 1PPPoE Connection The Point to Point Protocol over Ethernet PPPoE is a networ...

Страница 22: ...None If selected no protocol will be used PAP If selected PAP Password Authentication Protocol protocol will be used for PPP authentication CHAP If selected CHAP Challenge Handshake Authentication Pro...

Страница 23: ...ernet connection when the value is zero MTU When dialing the Device will automatically negotiate MTU maximum transmission unit with the peer device Please leave the default value of 1480 bytes unless...

Страница 24: ...er the IP address of your ISP s secondary DNS server if it is available 4 1 3DHCP Connection The Dynamic Host Configuration Protocol DHCP is a standardized network protocol used on IP networks for dyn...

Страница 25: ...also display the time left before the lease expires day hour minute second for current IP address which is assigned by your ISP s DHCP server IP Address Subnet Mask and Gateway IP When the connection...

Страница 26: ...ck the OK button to delete the connection Note The default WAN1 connection can t be deleted but edited 4 1 7Dial or Hang up a PPPoE connection If the connection type is PPPoE when you click the WAN1 h...

Страница 27: ...balancing mode detection interval retry times and ID binding and so on 4 2 1Internet Connection Detection Mechanism When using multiple Internet connections the Device should has the ability to real...

Страница 28: ...ately For example by default if the Device has sent three detection packets and received two packets during a detection period it will consider that the connection is back to normal Note If you don t...

Страница 29: ...n s to let the LAN users use them to access the Internet In this case if there is more than one backup connection the Device will control and balance the traffic among these connections 3 Once one or...

Страница 30: ...en click to move the selected connection s to the Backup list box Select one or more Internet connections in the Backup list box and then click to move the selected connection s to the Primary list bo...

Страница 31: ...re 4 11 Detection and Bandwidth Settings Interface Select the physical interface you want to set load balancing Detection Interval Specify the time interval at which the Device periodically sends dete...

Страница 32: ...pplications such as online banking QQ etc cannot be used normally due to the identity change We provide ID binding feature to solve this problem After you enable Identity Binding the Device will assig...

Страница 33: ...tion 10M HD 10M Half Duplex 10M FD 10M Full Duplex 100M HD 100M Half Duplex 100M FD 100M Full Duplex and 1000M FD 1000M Full Duplex In most cases please leave the default value If a compatibility prob...

Страница 34: ...he Device can act as a DHCP server to assign network addresses and deliver other TCP IP configuration parameters such as gateway IP address DNS server IP address etc to the LAN hosts 4 4 1DHCP Server...

Страница 35: ...e in the DHCP protocol packets which is used to carry the IP address of AC AP analyze the AC address carried by option 43 to discover AC The available options are Disable HEX Length ASCII Length and C...

Страница 36: ...fy the LAN hosts related settings 4 4 2Static DHCP This section describes the static DHCP list and the way to configure a static DHCP Using the DHCP Server to automatically configure TCP IP properties...

Страница 37: ...r the setting is successful the Device will assign the preset IP address for the specified computer in a fixed way 2 The assigned IP addresses must be within the range provided by the DHCP server 4 4...

Страница 38: ...time expires 4 4 4DHCP Client List When acting as a DHCP client the Device can dynamically obtain an IP address and other TCP IP configuration parameters from a DHCP server The information of those DH...

Страница 39: ...of 192 168 1 10 2 Configuration Steps Step 1 Go to Network DHCP Server DHCP Server Settings page Step 2 Select Enable DHCP Server enter 192 168 1 10 and 192 168 1 59 in the Start IP Address and End IP...

Страница 40: ...ave applied PPPoE connection with dynamically assigned IP address from the ISP you can use DDNS to allow the external computers to access the Device by a static domain name In order to use DDNS servic...

Страница 41: ...Device User Name Enter the user name of the account It should be the same with the user name that you entered when registering the DDNS account Password Enter the key that you got when registering th...

Страница 42: ...hat you entered when registering the DDNS account Password Enter the key that you got when registering the DDNS account 4 5 3DDNS Verification To verify whether DDNS is updated successfully you can us...

Страница 43: ...ilities of other devices on the network The Device can implement NAT traversal by enabling UPnP When you enable UPnP the Device allows any LAN UPnP enabled device to perform a variety of actions inclu...

Страница 44: ...er of WAN interface and click the Save button to save the settings Figure 4 26 Number of WAN Settings Note 1 After the number of WAN interface is changed you need to restart the Device for the setting...

Страница 45: ...network the Device can forward those requests to computers equipped to handle the requests For example if you set the port number 21 ftp to be forwarded to IP address 192 168 1 2 then all the related...

Страница 46: ...ervice available options are TCP UDP and TCP UDP Start External Port Specify the lowest port number provided by the Device The external ports are opened for outside users to access IP Address Specify...

Страница 47: ...ess Then all the requests for syslog from outside users to 200 200 200 88 2514 will be forwarded to 192 168 16 88 514 The following figure shows the detailed settings Figure 5 3 Port Forwarding settin...

Страница 48: ...ice s WAN1 interface s IP address The organization wants a LAN server IP Address 192 168 16 88 to open SMTP service Protocol TCP Port 25 to the outside users And the Device will use 2025 as the extern...

Страница 49: ...rom the Internet As the internal network can be effectively isolated from the outside world the NAT can also provide the benefit of network security assurance The Device provides flexible NAT features...

Страница 50: ...it is often simply referred to as NAT NAPT provides many to one mappings between multiple internal IP addresses and a single external IP addresses that is these multiple internal IP addresses will be...

Страница 51: ...range of the NAT rule The LAN hosts that belong to this address range will use the NAT rule Bind to Specify an Internet connection to which the NAT rule is bound The LAN hosts that match the NAT rule...

Страница 52: ...Internal IP and End Internal IP Specify the internal address range of the NAT rule The LAN hosts that belong to this address range will preferential use the NAT rule Bind to Specify an Internet conne...

Страница 53: ...202 1 1 132 29 202 1 1 133 29 202 1 1 134 29 respectively 2 Analysis Firstly we need configure a static IP Internet connection on the WAN1 interface in the Basic WAN page or through the Setup Wizard...

Страница 54: ...et connection s gateway IP address 218 1 21 2 29 is used as the Device s WAN1 interface s IP address Note that 218 1 21 0 29 and 218 1 21 7 29 cannot be used as they are the subnet number and broadcas...

Страница 55: ...ave the settings Till now you have finished configuring the NAT rule and then you can view its configuration in the NAT Rule List 5 1 1 12 DMZ The DMZ Demilitarized Zone feature allows one local compu...

Страница 56: ...if there is an available DMZ host 5 2 Static Route A static route is manually configured by the network administrator which is stored in a routing table By using routing table the Device can select a...

Страница 57: ...related information will be displayed in the setup page Then modify it and click the Save button Delete Static Route s Select the leftmost check boxes of them and then click the Delete button 5 2 1 2...

Страница 58: ...ckets are forwarded to the next hop gateway or router The available options are the name of each physical interface Note 1 When creating a static route you should specify the next hop IP address by th...

Страница 59: ...deleting it please clear the check mark Edit a Policy Routing Entry Click its Edit hyperlink the related information will be displayed in the setup page Then modify it and click the Save button Delete...

Страница 60: ...g entry Interface Specify an outbound interface through which the packets matching the Policy Routing entry are forwarded Src IP Specify the source IP addresses of the packets to which the Policy Rout...

Страница 61: ...uting list the packet will be forwarded through normal routing channel in other words destination based routing is performed 5 4 Anti NetSniper This section describes Advanced Anti NetSniper page Anti...

Страница 62: ...at the same time For example if a LAN user with IP address 1 1 1 1 has connected to the Device to access the Internet another user with IP address 1 1 1 1 cannot access the Internet through the Devic...

Страница 63: ...rts this protocol and can send its activity logs to an external syslog server It helps the network administrator monitor analyze and troubleshoot the Device and network Figure 5 20 Syslog settings Ena...

Страница 64: ...ss to USB disk SD card for digital data 5 9 Sharing Management After plugging a USB SD card into the Device administrator could share the Data on the USB SD card to LAN users through the FTP function...

Страница 65: ...hare data to local area users All the sources you have shared are displayed on the Shared Directory List Figure 5 22 FTP Server Enable FTP Server Select to enable FTP Server Remote Access Select to en...

Страница 66: ...tp xxx xxx xxx xxx 21 xxx xxx xxx xxx stands for the IP address of the LAN port in the address bar to open the shared resources folder Such as when the IP address of the LAN port is 192 168 1 1 you co...

Страница 67: ...unt of admin has the right to write and read data and who also can upload the changes on the volume to the server through IE The account of guest only has the right to read data Click the Add new item...

Страница 68: ...Access Grant this account the right to read or read and write Enable FTP Access Select Yes to allow this account to access FTP server select No to forbid this account to access FTP server...

Страница 69: ...t status information of each user including Rx Tx rate Rx Tx total traffic Internet behavior online time etc Figure 6 1 User Behavior Analysis Pie Charts Current Network Traffic Analysis Displays the...

Страница 70: ...our PC the rate chart cannot be displayed properly To view the rate chart click the Please install SVG Viewer if the page cannot display properly hyperlink to download and install the SVG Viewer 1 Use...

Страница 71: ...al traffic transmitted received by the user Online Time Displays the online time of the user User Group Displays the user group to which the user belongs Internet Application Displays the online activ...

Страница 72: ...ss check box is selected Illegal User A illegal user s IP and MAC address pair matches an IP MAC binding whose Allow Internet Access check box is unselected or the IP address or MAC address is the sam...

Страница 73: ...nitiated from LAN the Device will process it according to the following cases 1 A packet with IP address 192 168 16 65 and MAC address 00 15 c5 67 41 0f is allowed to pass and then it will be further...

Страница 74: ...If you have added the IP and MAC address pair of a trusted LAN host in the IP MAC Binding List and later changed this host s IP address or MAC address you must also change the corresponding binding i...

Страница 75: ...the setup page and then configure it lastly click the Save button Edit an IP MAC Binding Click its Edit hyperlink the related information will be displayed in the setup page Then modify it and click t...

Страница 76: ...evice will immediately scan the LAN to detect active hosts connected to the Device learn and display dynamic ARP information that is IP and MAC address pairs Note that if you have added a LAN host s I...

Страница 77: ...whose Allow check box is unselected or the IP address or MAC address is the same with an IP MAC binding s but not both 6 2 1 5Configure an Internet Whitelist If you want to configure an Internet whit...

Страница 78: ...nding List Method Two Bind an IP address which is different from any LAN host s to each illegal user s MAC address in the IP MAC Binding List Method Three Add these users IP and MAC address pairs in t...

Страница 79: ...to connect the Ethernet hosts to a remote Access Concentrator AC over a simple bridging access device And it provides extensive access control management and accounting benefits to ISPs and network ad...

Страница 80: ...name and a service name identical to the one in the PADI and any number of other service names which indicate other services that the PPPoE server can offer If a PPPoE server receives a PADI packet b...

Страница 81: ...et at anytime to indicate the session has been terminated The PADT packet s SESSION ID must be set to indicate which session is to be terminated Once received a PADT no further PPP packets even normal...

Страница 82: ...ion mode by which the PPPoE server authenticates a PPPoE client The available options are PAP CHAP and Auto In most cases please leave the default value of Auto which means that the Device will automa...

Страница 83: ...he corresponding PPPoE account If you want to disable the PPPoE account temporarily instead of deleting it please click it to remove the check mark Edit a PPPoE Account Click the Edit hyperlink the re...

Страница 84: ...sh a PPPoE session firstly After that only this user can use the account Manual If selected you can configure up to four MAC addresses that are bound to the account Only the users with one of these MA...

Страница 85: ...pecify the maximum download bandwidth of a PPPoE dial in user that uses the current PPPoE account Remarks Specify the description of the PPPoE account Note 1 If you want to assign a static IP address...

Страница 86: ...er Status Displays the PPPoE account status If a PPPoE dial in user has established the PPPoE session to the Device successfully with the PPPoE account it displays Connected Else it displays Disconnec...

Страница 87: ...t box The import contents are User Name Password and Description of each PPPoE account one PPPoE account per line and the import format of a PPPoE account is User Name Space Password Space Description...

Страница 88: ...y the normal employees and its Rx and Tx bandwidth are both 512 Kbit s its Max Sessions is 90 the other is advanced account which is used only for MAC address 0021859b4544 with a static IP address 10...

Страница 89: ...lt values for the other parameters Then click the Save button to save the settings Figure 6 19 Configuring the Universal PPPoE Account Example Step 3 Creating the advanced PPPoE Account whose user nam...

Страница 90: ...The Device provide Web authentication feature This new feature will enhance network security If you enable the Web authentication on the Device those non PPPoE dial in users cannot access the Internet...

Страница 91: ...Management User Group page Expiration Time Specify how long the user will be log off if there is no traffic after the user logging in Exception IP Group Select the user groups that don t need web auth...

Страница 92: ...t Settings User Name Specify a unique user name of the web authentication account It should be between 1 and 31 characters long The Device will use the User Name and Password to authenticate a user Pa...

Страница 93: ...b Authentication Client Status 6 4 1 4The steps for using Web Authentication If you want to use web authentication for a non PPPoE dial in user do the following Step 1 Go to the User Management Web Au...

Страница 94: ...then click the Save button the system will pop up a prompt page Figure 6 26 Web Authentication Prompt Page 6 5 User Group This section describes User Management User Group page You can group users tha...

Страница 95: ...figure it lastly click Save Figure 6 28 User Group Settings Group Name Specify the unique name for the user group Group Type Select the type of the user group Address Group or Account Group Note The u...

Страница 96: ...escribes APP Control Schedule page you can configure and view schedules A schedule consists of a start date an end date and optional time periods 1 Schedule List In Schedule List you can add view modi...

Страница 97: ...e range 7 2 Application Control This section describes APP Control Application Control page you can configure and view application management list An application control entry consists of a date and a...

Страница 98: ...4 Application Management List continued Enable Internet Application Management Select the check box to enable Internet application management Notes To use this feature you need to enable application...

Страница 99: ...ontrol Application Control page next click Add to go to Internet Application Management Settings page and then configure it lastly click Save Figure 7 5 Internet Application Management Settings Group...

Страница 100: ...licy Database for more information about how to update policy 3 Example for Application Control Requirements In this example a company has four departments Technology Department 192 168 1 11 192 168 1...

Страница 101: ...then clear the Select All check box next to IM Software In the Schedule Settings section clear the Every Day check box and select the Mon Tue Wed Thu and Fri check boxes Next choose 09 00 and 18 00 a...

Страница 102: ...on to add this policy to Application Management List 3 Enabling Internet Application Management Lastly you need to enable Internet application management to make the policies take effect The configura...

Страница 103: ...inued 7 3 QQ Whitelist This section describes App Control QQ Whitelist page This feature allows you to add a list of QQ numbers that are exempt from the Internet application management policies set in...

Страница 104: ...ll QQ numbers with description to a text file Import Accounts To add multiple QQ numbers at once click Import Accounts to go to Import QQ Numbers page and then enter them in the text box lastly click...

Страница 105: ...management policies Add To add a new MSN account click Add to go to MSN Whitelist Settings page and then configure it lastly click Save 7 5 TradeManager This section describes App Control TradeManager...

Страница 106: ...the Device will automatically push a notice message to the user The Device provides daily routine notice and account expiration notice If you enable daily routine notice feature and specify a notice...

Страница 107: ...ox to enable Daily Routine Notification IP Address Range Specify the range of IP addresses to which the notification will be sent Notification Titile Specify the title of the notice message Redirectio...

Страница 108: ...e Select the check box to enable account expiration notification feature Notify X Days before Expiration Date Specify the number of days before the account expiration date so that the notification wil...

Страница 109: ...online activities When an audited event occurs the Device stores a record of the event to the audit log 1 View Audit Log Figure 7 14 Internet Application Audit Note The Device can record the last 400...

Страница 110: ...n Audit page Enable Email Audit Log Select the check box to enable email audit log If enabled you can view emails sending and receiving activities of internal users in Application Audit page Enable Ap...

Страница 111: ...Type Displays the type of the policy Description Displays the description of the policy It is usually used to describe the purpose of the policy Update Click to update the policy over the Internet Upd...

Страница 112: ...d Rate Limiting On the QoS Fixed Rate Limiting page you can specify the upload download limiting value for each LAN host in order to allocate bandwidth equally and avoid few hosts occupying too much b...

Страница 113: ...each IP address that matches the rule Rate Limiting Mode Share The specified Max Tx Rx rate is shared by all IP addresses that match the rule Max Tx Rx Rate Specify the maximum upload rate and downlo...

Страница 114: ...dwidth Specify the download speed of Internet connection 0 means unlimited rate Game Settings Select the game you want to boost 8 3 P2P Rate Limit P2P software usually occupies too much bandwidth whic...

Страница 115: ...imum upload speed for the members in the group 0 means unlimited rate Max Rx Rate Specify the maximum download speed for the members in the group 0 means unlimited rate Exception IP Group Specify the...

Страница 116: ...sessions per restricted host 0 means no restriction Notes 1 If some applications such as online games performance is degraded due to the maximum sessions limiting you can increase the Max Sessions and...

Страница 117: ...basic internal attack defense settings to enhance network security The internal attack defense includes three parts Virus Prevention It can effectively protect the Device against popular virus attack...

Страница 118: ...t value Enable SYN Flood Prevention If selected the Device will be effectively protected against SYN flood defense If the number of SYN packets from one source IP address e g 192 168 16 36 to a single...

Страница 119: ...emergence of gambling pornography and other illegal websites which are contrary to the state laws and regulations broadband network provide fast surfing to the Internet users while fast spreading worm...

Страница 120: ...ll be dropped immediately As these dropped packets are no longer further processed by route NAT and other modules it will reduce CPU load and improve the Device performance The action of an access con...

Страница 121: ...ove an access control rule to above another rule in the list the operation is as follows Select the ID of a rule that you want to move from the Rule drop down list and another rule s ID from the Mode...

Страница 122: ...rule applies There are two options IP Range Specify the start and the end addresses User Group Select it to choose an address group Dest IP Specify the destination IP addresses of the packets to which...

Страница 123: ...own list to set Dest Port and Source Port for yourself Dest Port Specify a range of destination ports to which the access control rule applies Source Port Specify a range of source ports to which the...

Страница 124: ...he full domain of all web pages are match When inputting a substring of domain the URL contains the substring of all web pages are match Note 1 The URL address is not case sensitive Please don t input...

Страница 125: ..._DNS Filtering The setting of Rule Name Enable Src IP Action Schedule Settings is the same with IP Filtering please refer to the section 12 2 1 4 1 IP Filtering Filtering Type Here please select DNS F...

Страница 126: ...uring working time 2 User defined rule 2 Allow them to access WEB during working time 3 User defined rule 3 Deny them to access all other services during working time Configuration Procedure Step 1 Co...

Страница 127: ...s Control page Set the Src IP from 192 168 1 9 to 192 168 1 20 select Allow from the Action select IP Filtering from Filtering Type select 6 TCP from Protocol select 80 web from Common Service select...

Страница 128: ...to Firewall Access Control page Set the Src IP from 192 168 1 9 to 192 168 1 20 select Deny from the Action select IP Filtering from Filtering Type select all All from Protocol select Mon to Fri from...

Страница 129: ...m IP address is 29 58 246 93 and http www cnn com IP address is 157 166 255 18 Analysis We need to create two access control rules to meet requirements Rule 1 Deny them access to http www bbc com Rule...

Страница 130: ...Control _Example 2_step 1 Step 2 Configuring Access Control Rule 2 Go to Firewall Access Control page Set the Src IP from 192 168 1 80 to 192 168 1 90 select Deny from the Action select URL Filtering...

Страница 131: ...Figure 9 12 Access Control _Example 2_step 2 9 3 Domain Filtering This section describes the steps and notes to setup Domain Filtering on the Firewall Domain Filtering page...

Страница 132: ...sers to access any other domain names Only Allow Domain Names in Domain Name List If selected the Device will allow the LAN users to access the domain names in the Domain Name list but block the users...

Страница 133: ...st the Device will block or allow it according to the Filtering Mode 2 You can use the wildcard in a domain name to match multiple domain names For example if you have created www 163 in the Domain Na...

Страница 134: ...ump to any other web page Redirecting URL Specify the redirecting URL to which the requested web page will jump Leave it blank if you don t want the requested web page to jump to any other web page No...

Страница 135: ...ddress Filtering List from connecting to the Device but allow all other wireless clients MAC Address Filtering List Displays the MAC address filtering entries You can add or delete them by clicking th...

Страница 136: ...Figure 9 16 MAC Address Filtering Settings...

Страница 137: ...rigin authentication data integrity as well as replay protection IPSec provides two security mechanisms encryption and authentication Encryption mechanism is used to ensure data confidentiality preven...

Страница 138: ...h offices or mobile users traveling employees telecommuters etc use the Windows built in PPTP client software to initiate PPTP connections to the server the Device deployed at the head office acts as...

Страница 139: ...e users and transmit those packets destined for the head office internal network to the Device at the head office thus the mobile users can access both the branch office and head office internal netwo...

Страница 140: ...AP Password Authentication Protocol CHAP Challenge Handshake Authentication Protocol MS CHAPV2 The Microsoft version of the Challenge Handshake Authentication Protocol ANY The Device will automaticall...

Страница 141: ...h the remote VPN appliance when dialing Unless special application please leave the default value of 1478 bytes 10 2 1 4 Account Settings Figure 10 4 PPTP Server_Account Settings Tunnel Name Specify t...

Страница 142: ...fy the subnet IP address of the remote network In most cases you may enter the IP address of the remote VPN appliance s LAN interface If you choose Mobile User as the Tunnel Type the system will autom...

Страница 143: ...n Select the way of data encryption mode Note when you choose MS CHAPV2 as PPP aunthentication mode you must select MPPE as data encryption mode Remote Subnet IP Address Specify the IP address of the...

Страница 144: ...he head office and branch office to securely communicate with each other over the Internet In addition some mobile users traveling employees telecommuters etc want to securely access the head office s...

Страница 145: ...ress 200 200 202 123 255 255 255 0 The VPN appliance PPTP Client at the branch office LAN Subnet 192 168 16 0 255 255 255 0 LAN Interface IP Address 192 168 16 1 255 255 255 0 WAN Interface IP Address...

Страница 146: ...to LAN PPTP Server Account for the Branch Office Click the Account Settings tab and make settings as the following figure lastly click the Save button Figure 10 9 PPTP Server Settings_LAN to LAN 2 Cre...

Страница 147: ...PN PPTP page click the Add Client button and then make settings as the following figure lastly click the Save button Figure 10 11 PPTP Client settings 3 Configuring a Windows XP based Computer as a PP...

Страница 148: ...ncryption from the Data encryption drop down list l Select the Unencrypted password PAP Challenge Handshake Authentication Protocol CHAP and Microsoft CHAP MS CHAP check boxes in the Allow these proto...

Страница 149: ...it key to encrypt and decrypt the packets ensuring high performance encryption 3DES Triple Data Encryption Standard 3DES is a data encryption algorithm supported by IPSec As a variant of the 56 bit DE...

Страница 150: ...used to protect further IKE exchanges and Phase 2 is used to negotiate the parameters and key material required to establish IPSec SAs The IPSec SAs are then used to authenticate and encrypt the user...

Страница 151: ...cceptable security services such as Encryption algorithm DES 3DES or AES 98 99 256 Authentication algorithm MD5 or SHA 1 Diffie Hellman group Refer to Diffie Hellman Exchange described later in this s...

Страница 152: ...ts certificates if it is being used The weakness of using aggressive mode is that it does not provide identity protection because the identities of both sides are exchanged in clear text However aggre...

Страница 153: ...t renegotiation improves security but at the expense of higher CPU utilization and possible delays during the renegotiation process Therefore the SA lifetime is often set to a relatively long time the...

Страница 154: ...ng IPSec with NAT During IKE phase 1 negotiation the two IPSec NAT T capable endpoints can automatically determine Whether both of the IPSec endpoints can perform IPSec NAT T If there are any NAT devi...

Страница 155: ...rs Therein the basic parameters for each type are different but the advanced parameters are the same The following will describe the basic parameters for each connection type respectively and then des...

Страница 156: ...IP text box and its mask in the Subnet Mask text box if you want to define a host please enter the IP address of that host in the Subnet IP text box and 255 255 255 255 in the Subnet Mask text box Bin...

Страница 157: ...IPSec endpoints should use aggressive mode for phase 1 IKE negotiation Figure 10 14 IPSec Settings_Originate Only The parameters Gateway IP Domain Name Remote Subnet IP Remote Subnet Mask Remote Bind...

Страница 158: ...Domain Name Email Address IP Address and Other In this connection type it is a required parameter You must select one type and then specify ID Value Local to allow the remote IPSec device to authentic...

Страница 159: ...te to allow the local Device to authenticate the remote IPSec device ID Value Remote Specify the identity of the remote IPSec device In this connection type it is an optional parameter Please enter an...

Страница 160: ...ase 1 They refer to phase 1 proposal that specifies a set of security algorithms for phase 1 negotiation A phase 1 proposal includes an encryption algorithm an authentication algorithm and a DH group...

Страница 161: ...500 Keepalive Frequency Specify a time interval in seconds at which the Device will periodically send keepalive packets to the NAT device to keep the NAT mapping active so that the NAT mapping doesn t...

Страница 162: ...ce Go to the VPN IPSec IPSec Settings page make the following settings leave the default values for the other parameters and then click the Save button Connection Type Bidirectional Gateway IP Domain...

Страница 163: ...aes256 md5 3 Viewing the IPSec tunnel status After you have configured IPSec parameters on both Devices the IPSec tunnel establishment can be triggered manually On the Device you can go to the VPN IPS...

Страница 164: ...with a dynamic IP address DHCP Internet connection Now we want to establish an IPSec tunnel between them and use the following proposals i e encryption and authentication algorithms the phase 1 propos...

Страница 165: ...Configuring the Device at the branch office Go to the VPN IPSec IPSec Settings page make the following settings leave the default values for the other parameters and then click the Save button Connec...

Страница 166: ...ished you can see that the SA Status displays Established and the Out Pkts and In Pkts will go on increasing as long as there is some network traffic being passed through the IPSec tunnel 1 Viewing th...

Страница 167: ...Figure 10 21 Initiator s IPSec List...

Страница 168: ...f you want to change the password go to System Administrator page do the following setup Step 1 Click the Edit icon with the user name as admin to enter into the configuration page Step 2 Modify the f...

Страница 169: ...onize with SNTP Server It is recommended to use the Synchronize with SNTP Server function to obtain the standard time and the device will automatically get the standard time from the Internet after it...

Страница 170: ...on file to you local PC import the configuration file to the Device and reset the Device to factory default settings Figure 11 4 Configuration 1 Backup Configuration File In Application Configuration...

Страница 171: ...253 with a subnet mask of 255 255 255 0 4 After the reset operation is complete you must restart the Device for the default settings to take effect 11 5 Firmware Upgrade On the Application Firmware pa...

Страница 172: ...before upgrade Normally the upgrade does not affect the current configuration of the Device However this situation might happen if the right steps are not followed properly 4 It is strongly recommend...

Страница 173: ...urity it is strongly recommended that you don t enable remote management functions unless necessary If you are sure to enable them you had better change the default password 11 7 Scheduled Task This s...

Страница 174: ...ime cycle or when the Device will perform the task The available options are Weekly Daily Hourly Minutely Start time Specify the time at which the Device will start to perform the task Its settings wi...

Страница 175: ...ation such as current system time system up time system resources usage information SN firmware version etc Through system information administrator can identify and diagnose the source of network pro...

Страница 176: ...When the percentage is between 50 and 70 below 70 the color is yellow When the percentage is equal to or above 70 the color is red 2 The above resources usage information indicates the load of the Dev...

Страница 177: ...l be enabled Enable DHCP Log If selected the Device will store and display the DHCP related logs in the System Log Enable Notification Log If selected the Device will store and display the notice rela...

Страница 178: ...Connection Local Area Connection right click Local Area Connection and choose Properties Step 2 In the Properties dialogue double click Internet Protocol Version 4 TCP IPv4 Step 3 In the Internet Prot...

Страница 179: ...ain an IP address and other TCP IP parameters automatically from the Device you should enable the Device s DHCP server function in Application DHCP Server page Step 1 On the Windows taskbar click Star...

Страница 180: ...2 How to reset the Device to factory default settings Case I Know the administrator password Under normal circumstances you can directly go to the System Configuration page click Reset button and rest...

Страница 181: ...Notes The reset operation will clear all custom settings on the Device so do it with caution...

Страница 182: ...otocol IPINIP 4 IP in IP Tunnel Driver TCP 6 Transmission Control Protocol EGP 8 Exterior Gateway Protocol IGP 9 Interior Gateway Protocol PUP 12 PARC Universal Packet Protocol UDP 17 User Datagram Pr...

Страница 183: ...f the day chargen 19 tcp Character generator chargen 19 udp Character generator ftp data 20 tcp FTP data ftp 21 tcp FTP control telnet 23 tcp smtp 25 tcp Simple Mail Transfer Protocol time 37 tcp tims...

Страница 184: ...re Call sunrpc 111 udp SUN Remote Procedure Call auth 113 tcp Identification Protocol uucp path 117 tcp nntp 119 tcp Network News Transfer Protocol ntp 123 udp Network Time Protocol epmap 135 tcp DCE...

Страница 185: ...sakmp 500 udp Internet Key Exchange exec 512 tcp Remote Process Execution biff 512 udp login 513 tcp Remote Login who 513 udp cmd 514 tcp syslog 514 udp printer 515 tcp talk 517 udp ntalk 518 udp efs...

Страница 186: ...sql s 1433 tcp Microsoft SQL Server ms sql s 1433 udp Microsoft SQL Server ms sql m 1434 tcp Microsoft SQL Monitor ms sql m 1434 udp Microsoft SQL Monitor wins 1512 tcp Microsoft Windows Internet Nam...

Отзывы:

Нет отзывов

Похожие инструкции для NR-70

Бренд: Super Circuits Страницы: 4

Бренд: Abocom Страницы: 3

StreamBuds Hybrid

Бренд: Mixx Страницы: 17

Бренд: Ubiquiti Страницы: 17

3CRWDR101A-75-US - OfficeConnect ADSL Wireless 54 Mbps 11g Firewall...

Бренд: 3Com Страницы: 146

3CRWEASYG73 - 11g Wireless LAN Outdoor

Бренд: 3Com Страницы: 4

Бренд: TP-Link Страницы: 35

Бренд: Linksys Страницы: 44

Бренд: TP-Link Страницы: 86

Бренд: Linksys Страницы: 123

Bluetooth CE Bus PhoneDongle

Бренд: Motorola Страницы: 17

Бренд: Motorola Страницы: 2

Бренд: Motorola Страницы: 1

Бренд: Motorola Страницы: 802

Бренд: Motorola Страницы: 1048

Бренд: Motorola Страницы: 836

Бренд: Motorola Страницы: 1090

Бренд: Constructor Страницы: 34

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды