manualshive.com logo in svg

Patton BODi rS 1000 Series, Руководство пользователя, Страница: 58 / 158

Поделиться
Скачать
Patton BODi rS 1000 Series Скачать руководство пользователя страница 58

Configuring IPsec VPN Settings

58

BODi rS BD1000 User Manual 

4 • Configuring the WAN

Viewing the IPsec Status

The 

IPsec Status 

section shows the current connection status of each connection profile. To view more details

about a VPN connection status, navigate to the 

Status > IPsec 

page. 

Pre-Shared Key

Defines the pre-shared key used for this particular VPN connection.  The 
VPN connection's session key will be further protected by the pre-shared 
key. The connection will be up only if the pre-shared keys on each side 
match.

Local ID

Under Main Mode, this field can be left blank. 
Under Aggressive Mode, if Remote Gateway IP Address field is filled on 
this end and the peer end, this field can be left blank. Otherwise, this field 
is typically a U-FQDN.

Remote ID

Under Main Mode, this field can be left blank. 
Under Aggressive Mode, if Remote Gateway IP Address field is filled on 
this end and the peer end, this field can be left blank. Otherwise, this field 
is typically a U-FQDN.

Phase 1 (IKE) Proposal

Under Main Mode, this allows the setting of up to 6 encryption standards, 
in descending order of priority, to be used in the initial connection key 
negotiations. For Aggressive Mode, only one selection is permitted.

Phase 1 DH Group

This is the Diffie-Hellman group used within IKE. This allows two parties to 
establish a shared secret over an insecure communications channel. The 
larger the group number, the higher the security.

Group 2 - 1024-bit is the default value. 

Group 5 - 1536-bit is the alternative option.

Phase 1 SA Lifetime

Specifies the lifetime limit of this Phase 1 Security Association. 
Default = 3600 seconds

Phase 2 (ESP) Proposal

Under Main Mode, this allows the setting of up to 6 encryption standards, 
in descending order of priority, to be used for the IP data that is being 
transferred.
For Aggressive Mode, only one selection is permitted.

Phase 2 PFS Group

The Perfect Forward Secrecy (PFS) ensures that if a key was compromised, 
the attacker will be able to access only the data protected by that key but 
not any other data.

None - Do not request for PFS when initiating connection. However, 
since there is no valid reason to refuse PFS, the system will allow the 
connection to use PFS if requested by the remote peer. This is the 
default value.

Group 2 - 1024-bit Diffie-Hellman group. The larger the group number, 
the higher the security. 

Group 5 - 1536-bit is the third option.

Phase 2 SA Lifetime

Specifies the lifetime limit of this Phase 2 Security Association. 
Default = 28800 seconds

Table 24. IPsec VPN: New Connection Settings

Field

Description

Содержание BODi rS 1000 Series

Страница 1: ...anual Sales Office 1 301 975 1000 Technical Support 1 301 975 1007 E mail support patton com WWW www patton com Part Number 07MBD1000 UM Rev A Revised November 28 2012 This is a Class A device and is...

Страница 2: ...ctronics warrants all BODi rS components to be free from defects and will at our option repair or replace the product should it fail within one year from the first date of the shipment This warranty i...

Страница 3: ...e WAN 59 6 Configuring Inbound Access NAT Mappings 69 7 Configuring Quality of Service 95 8 Configuring Firewall Settings 100 9 Configuring Miscellaneous Services 107 10 Managing System Settings 117 1...

Страница 4: ...anel 23 Front Panel 23 LCD Display Menu 24 2 Installing the BODi rS 25 Planning the Installation 26 Setting Up the Network 26 Constructing the Network 26 Configuring the Network Environment 27 Connect...

Страница 5: ...53 WAN Connection Priority Settings 53 Managing Link Failure Detection Settings 54 Configuring a NAT Router Behind the BD1000 for VPN Connections 55 Viewing the WAN Bonding Status 55 Configuring IPsec...

Страница 6: ...guring NAT Mappings 93 7 Configuring Quality of Service 95 Introduction 96 Managing User Groups 96 Setting Up Bandwidth Control 97 Configuring Applications 98 Application Prioritization 98 Prioritizat...

Страница 7: ...stem Configuration Files 130 Restore Configuration to Factory Settings 130 Downloading Active Configurations 130 Uploading Configurations 130 Uploading Configurations from High Availability Pair 130 R...

Страница 8: ...ations RMAs 145 Warranty coverage 145 Out of warranty service 146 Returns for credit 146 Return for credit policy 146 RMA numbers 146 Shipping instructions 146 A Compliance Information 147 Compliance...

Страница 9: ...ess throughout a Session 154 Scenario 154 Solution 154 Settings 154 Bypassing the Firewall to Access Hosts on LAN 155 Scenario 155 Solution 155 Inbound Access Restriction 155 Scenario 155 Solution 155...

Страница 10: ...AN Settings Mobile Internet Connection 43 24 Network WAN Physical Interfaces 45 25 Network WAN Details Other Health Check Settings 47 26 Network WAN Details Bandwidth Allowance Monitor 48 27 Network W...

Страница 11: ...t Wizard 4 92 75 Network NAT Mappings 93 76 NAT Mappings Add NAT Rule 93 77 Network QoS User Groups 96 78 Network QoS Bandwidth Control 97 79 Network QoS Application Prioritization 98 80 Network QoS C...

Страница 12: ...System SNMPv3 User 128 107 System Configuration 130 108 System Reboot 131 109 System Tools Ping Test 131 110 System Tools Traceroute Test 132 111 Status Device 134 112 Status Active Sessions 135 113...

Страница 13: ...VPN WAN Connection Priority Settings 53 23 Site to Site VPN Link Failure Detection 54 24 IPsec VPN New Connection Settings 57 25 Outbound Policy Options 60 26 Outbound Policy Custom Rule Settings 62...

Страница 14: ...BODi rS BD1000 User Manual 44 System SNMP Settings 127 45 System SNMP Community Settings 128 46 System SNMP Community Settings 128 47 System Reporting Server Settings 129 48 Status System Information...

Страница 15: ...Chapter 7 on page 95 provides information about configuring Quality of Service QoS settings Chapter 8 on page 100 provides information about setting up the firewall for BODi rS Chapter 9 on page 107...

Страница 16: ...alls attention to important information The alert symbol and CAUTION heading indicate a potential haz ard Strictly follow the instructions to avoid property damage The shock hazard symbol and CAUTION...

Страница 17: ...h ground For DC powered devices ensure that the interconnecting cables are rated for proper voltage current anticipated temperature flammability and mechanical serviceability WAN LAN PSTN ports connec...

Страница 18: ...tes a cross reference hyperlink that points to a figure graphic table or sec tion heading Clicking on the hyperlink jumps you to the reference When you have finished reviewing the reference click on t...

Страница 19: ...19 Chapter 1 General Information Chapter contents BODi rS BD1000 Overview 20 Network Features 20 BODi rS BD1000 Panels 23 Rear Panel 23 Front Panel 23 LCD Display Menu 24...

Страница 20: ...PPPoE Static IP Address 10 100 Mbps Connection in Full Half Duplex USB Mobile Connection Network Address Translation NAT Port Address Translation PAT Inbound and Outbound NAT mapping Multiple static I...

Страница 21: ...on per TCP UDP service Persistent routing for specified source and or destination IP addresses per TCP UDP service Prioritize and route traffic to VPN tunnels with Priority and Enforced algorithms WLA...

Страница 22: ...grades configuration backups Ping and Traceroute via Web Admin Interface Remote web based configuration via WAN and LAN interfaces Time server synchronization SNMP Email notification Read only user fo...

Страница 23: ...ower source System has a power connection LAN WAN Right LED ORANGE GREEN OFF 1000 Mbps 100 Mbps 10 Mbps LAN WAN Left LED ON FLASHING OFF Port is connected without traffic Transferring data Port is not...

Страница 24: ...em Uptime CPU Load LAN Status IP Address Subnet Mask Shows firmware version Shows serial number Shows current time Shows system uptime since last reboot Shows current CPU loading 0 100 Shows LAN port...

Страница 25: ...ion 26 Setting Up the Network 26 Constructing the Network 26 Configuring the Network Environment 27 Connecting the BODi rS Interfaces 27 Connecting the Ethernet Interfaces 27 Connecting the USB Interf...

Страница 26: ...3 0 or above Apple Safari 3 1 1 or above and Google Chrome 2 0 or above Setting Up the Network Constructing the Network At the high level construct the network according to the following steps 1 With...

Страница 27: ...es refer to Chapter 3 Configuring LAN WAN Interfaces on page 32 Connecting the BODi rS Interfaces Connecting the Ethernet Interfaces The BODi rS includes one LAN Ethernet port and five Gigabit Etherne...

Страница 28: ...page The Web Admin Interface Dashboard shows the current WAN LAN WLAN settings and statuses The Dashboard enables you to change the priority of the WAN connections and switch the Wi Fi AP connec tions...

Страница 29: ...On the next screen select Yes if you want to set up Drop in mode in the Setup Wizard Figure 6 Setup Wizard Drop in Mode 3 Click on the appropriate check box es to select the WAN connection s to be co...

Страница 30: ...d PPPoE 6 If Mobile Internet Connection is checked Setup Wizard will move on to Operator settings Figure 10 Setup Wizard Mobile Internet Operator Settings 7 If Custom Mobile Operator Settings is selec...

Страница 31: ...y all time zone options Figure 13 Setup Wizard Time Zone 10 Check the following screen to make sure all settings have been configured correctly and then click Save Settings to confirm Figure 14 Setup...

Страница 32: ...6 WINS Server Settings 36 DNS Proxy Settings 36 Configuring Drop in Mode 37 Configuring the WAN Interface 39 Connection Methods 40 DHCP Settings 40 Static IP Settings 41 PPPoE Settings 42 Mobile Inter...

Страница 33: ...on page 39 Configuring the LAN Interface This section describes configuring the basic settings and Wi Fi AP settings for the LAN using the BD1000 Web Admin Interface Basic Settings To configure basic...

Страница 34: ...ot to advertise the speed to the peer by selecting the Advertise Speed checkbox Table 5 LAN Drop in Mode Settings Field Description Enable Check the box to enable the Drop in Mode feature Drop in Mode...

Страница 35: ...INS Servers setting Therefore all PC clients in the VPN can resolve the NetBIOS names of other clients in remote peers If enabled you can view a list of WINS clients by clicking Status WINS Clients Ex...

Страница 36: ...le 9 LAN DNS Proxy Settings Field Description Enable Check the box to enable the DNS Proxy feature DNS Caching Enables DNS Caching on the built in DNS proxy server When enabled queried DNS replies wil...

Страница 37: ...and selecting the WAN for Drop in mode various settings including the WAN s connection method and IP address will be automatically updated When Drop in Mode is enabled the LAN and the WAN for Drop in...

Страница 38: ...ter the IP address of the WAN1 router in the WAN Default Gateway field Ensure that the BD1000 IP subnet is the same as the Firewall s WAN port and the Router s LAN port 3 If there are hosts other than...

Страница 39: ...oup are selected the WAN connection is treated as a backup connection and is used only in the absence of available Always on WAN connection s and higher priority backup connection s Default recommende...

Страница 40: ...uted through this connection Each ISP may provide a set of DNS servers for DNS lookups Selecting Obtain DNS server address automatically allows the WAN DHCP Server to assign the DNS Servers used for o...

Страница 41: ...typically provides this information Subnet Mask Specifies the subnet mask for the IP address The ISP typically provides this information Default Gateway Specifies the default gateway to connect to th...

Страница 42: ...ce Name Specifies the Service Name The ISP typically provides this information Note Leave this field blank unless it is provided by your ISP DNS Servers Specifies the DNS Domain Name System Servers to...

Страница 43: ...remain connected or to disconnect when this WAN connection is no longer in the highest priority and has entered the standby state When Remain connected is chosen upon bringing up this WAN connection...

Страница 44: ...splays the modem s electronic serial number ESN SIM Card IMSI Displays the International Mobile Subscriber Identity IMSI associ ated with the SIM inside the mobile modem Network Type Specifies the pre...

Страница 45: ...The auto detection will run each time the WAN connection establishes MSS Configures the maximum payload size that the local system can han dle The MSS Maximum Segment Size is computed from the MTU min...

Страница 46: ...dered up if PING responses are received from either one or both of the PING Hosts The Ping Hosts field specifies the IP addresses or hostnames to test with the ICMP PING method for connectivity If you...

Страница 47: ...ds for ping DNS lookup requests Default 5 seconds Health Check Interval Specifies the time interval in seconds between ping or DNS lookup requests Default 5 seconds Health Check Retries Specifies the...

Страница 48: ...Monitor option Select the box to enable and configure Bandwidth Allowance settings Figure 26 Network WAN Details Bandwidth Allowance Monitor Table 19 WAN Bandwidth Allowance Monitor Method Descriptio...

Страница 49: ...namic DNS ser vice provider are required A dynamic DNS update is performed whenever a WAN s IP address changes e g IP is changed after a DHCP IP refresh reconnection etc Due to dynamic DNS service pro...

Страница 50: ...AN Bonding Profile 52 VPN Settings 53 WAN Connection Priority Settings 53 Managing Link Failure Detection Settings 54 Configuring a NAT Router Behind the BD1000 for VPN Connections 55 Viewing the WAN...

Страница 51: ...will be utilized to establish the VPN tunnel and all traffic will be load bal anced at packet level across all links VPN Bandwidth Bonding is enabled by default Note You can define firewall rules to c...

Страница 52: ...bnet and subnets behind the LAN defined in the Static Route Settings on page 36 will be advertised to the VPN All VPN members branch offices and headquarters will be able to route to the local subnets...

Страница 53: ...y used for this particular VPN connection The VPN connection s session key will be further protected by the pre shared key The connection will be up only if the pre shared keys on each side match Peer...

Страница 54: ...d Note The BD1000 Site to Site VPN feature uses TCP and UDP port 32015 for establishing VPN connections If you have a firewall in front of the devices you will need to add firewall rules for these por...

Страница 55: ...tions on Router A and all of the WAN connections on Router B are using NAT In this case the Peer IP Addresses Host Names field in Router B should be filled with all of the Router A s host names or pub...

Страница 56: ...to go down our IPsec implementation will make use of WAN2 and WAN3 accordingly as failover purposes Setting Up an IPsec VPN Connection To configure IPsec VPN settings for the BD1000 click on Network...

Страница 57: ...e peer s public IP address For Aggressive Mode this is optional Local Networks Enter the local LAN subnets here If you have defined static routes they will be shown here too Remote Networks Enter the...

Страница 58: ...ode only one selection is permitted Phase 1 DH Group This is the Diffie Hellman group used within IKE This allows two parties to establish a shared secret over an insecure communications channel The l...

Страница 59: ...e Outbound Policy 60 Creating Custom Rules for the Outbound Policy 61 New Custom Rule Settings 62 Algorithm Weighted Balance 63 Algorithm Persistence 63 Algorithm Enforced 65 Algorithm Priority 65 Alg...

Страница 60: ...gh Application Compatibility Select this policy to route outbound traffic from a source LAN device through the same WAN connection regardless of the des tination IP address and protocol This option pr...

Страница 61: ...om of the table You may edit this rule to change the device s default method of controlling outbound traffic for all connections as long as it does not match any of the rules above it in the table Dra...

Страница 62: ...e drop down menu for the Protocol Selection Tool to choose a common protocol Algorithm Specifies the behavior of the BD1000 for the custom rule Available options Weighted Balance see Algorithm Weighte...

Страница 63: ...and other secure websites for security reasons terminate the session when the client computer s Internet IP address changes during the session In general different Internet IP addresses represent diff...

Страница 64: ...page see Configuring the WAN Interface on page 39 Alternatively select Custom to manually set the weight of each WAN using the sliders Table 27 Persistence Algorithm Persistence Mode Options Mode Desc...

Страница 65: ...Outbound traffic can be enforced to go through a specified Site to Site VPN connection Algorithm Priority The Priority Algorithm specifies the priority of the WAN connections to be utilized to route t...

Страница 66: ...ify the order of WAN connections to be used for routing traffic Only the highest prior ity healthy connection that is not in full load will be utilized Algorithm Least Used Figure 41 Outbound Policy C...

Страница 67: ...uter of each WAN connection to determine its latency value The latency of a WAN is the packet round trip time of the WAN connection Additional network usage may be incurred as a result The round trip...

Страница 68: ...cial rule Site to Site VPN Routes is available in the Custom Rules table This option represents all Site to Site VPN routes learned from remote VPN peers By default this bar is on the top of all custo...

Страница 69: ...73 Inbound Access Services 74 UPnP NAT PMP Settings 77 DNS Records 77 SOA Records 80 NS Records 81 MX Records 81 CNAME Records 82 A Records 82 PTR Records 84 TXT Records 84 SRV Records 85 Domain Dele...

Страница 70: ...es By the custom definition of servers and services for inbound access Internet users can access the servers behind the BD1000 Advanced configurations allow inbound access to be distributed among mult...

Страница 71: ...ick the Add Service button and the following window displays Figure 45 Network Inbound Access Port Forwarding Add Service Table 28 Port Forwarding Service New Service Settings Field Description Enable...

Страница 72: ...or example with IP Protocol set to TCP and Port set to Single Port and Service Port 80 TCP traffic received on Port 80 is forwarded to the configured servers via Port 80 Port Range Traffic that is rec...

Страница 73: ...d port number When more than one server is defined requests will be distributed to the servers in the weight ratio specified for each server Figure 46 Network Inbound Access Servers To define a new se...

Страница 74: ...Inbound Access New Service Table 29 Inbound Access Services New Service Settings Field Description Enable Specifies whether the inbound service rule takes effect Select Yes for the inbound service rul...

Страница 75: ...the servers speci fied by the Servers setting For example with IP Protocol set to TCP and Port set to Single Port and Service Port 80 TCP traffic received on Port 80 is forwarded to the configured ser...

Страница 76: ...ic that is distributed to a server is proportional to the weight value assigned to the server relative to the total weight Example With the following weight settings on a BD1000 demo_server_1 10 demo_...

Страница 77: ...he built in DNS Server functionality of the BD1000 facilitates inbound load balancing With the presence of the functionality NS SOA DNS records for a domain name can be delegated to Internet IP addres...

Страница 78: ...SOA NS record for all Domain Names For configuration details refer to SOA Records on page 80 For defining a default SOA record the field Name Server IP Address is optional If left blank the Address A...

Страница 79: ...NAME A TXT and SRV records Seven tables are presented in this page for defining the five types of records Figure 52 Network Inbound Access DNS Settings Refer to the following sections for information...

Страница 80: ...ss optional This is the IP address of the authoritative name server If the Balance is the authoritative name server of the domain this field s value should be the WAN connection s name server IP addre...

Страница 81: ...be a non FQDN Fully Qualified Domain Name Please be sure that a corresponding A record is created Click the button to complete the entry and add the other Name Server After finishing adding NS records...

Страница 82: ...When creating a CNAME record for the domain itself not a sub domain the Host field should be left blank The wildcard character is supported in the Host field The Reference of omain name will be retur...

Страница 83: ...Internet IP addresses that are candidates to be returned when the BD1000 responds to DNS queries for the domain name specified by Host Name The IP addresses listed in each box as default are the Inte...

Страница 84: ...for the PTR records For example if the IP address range 11 22 33 0 to 11 22 33 255 is delegated to the DNS server on the BD1000 you will also have to create a domain 33 22 11 in addr arpa and have it...

Страница 85: ...rity Indicates the priority of the Target the smaller the value the higher the priority Weight A relative weight for records with the same priority Target The canonical hostname of the machine providi...

Страница 86: ...ure 64 DNS Domain Delegation Create A Record If ISC BIND 8 or 9 is being utilized in the zone file mycompany com then the addition of the following lines suffice Testing the DNS Configuration To test...

Страница 87: ...mplementation will likely be different Reverse Lookup Zones Figure 65 DNS New Reverse Lookup Zone Reverse Lookup refers to performing a DNS query to find one or more DNS names associated with a given...

Страница 88: ...ecord to create or click on the Name Server field to edit the SOA record Figure 67 DNS Reverse Lookup Zone SOA Record In the SOA record you must fill out the fields for Name Server Name Server IP Addr...

Страница 89: ...defined in the SOA record is automatically added here To create a new NS record click the New NS Records button Figure 68 DNS Reverse Lookup Zone NS Record When creating an NS record for the Reverse...

Страница 90: ...e lookup zones are further described in RFC 2317 Classless IN ADDR ARPA delegation PTR Records To add a new PTR record click the New PTR Records button Figure 70 DNS Reverse Lookup Zone PTR Record The...

Страница 91: ...is used to access the DNS Record Import Wizard Figure 71 DNS DNS Record Import Wizard 1 1 From the Import Wizard introduction screen click Next to continue Figure 72 DNS DNS Record Import Wizard 2 2...

Страница 92: ...Configuring Inbound Access NAT Mappings 3 In the blank space enter the Domain Names Zones that you would like to assign with the IP address entered in the previous step Enter one domain name per line...

Страница 93: ...on allows the BD1000 to map IP addresses of all inbound and outbound NAT traffic to and from an internal client IP address To configure NAT Mappings click on Network NAT Mappings in the Web Admin Inte...

Страница 94: ...these addresses to a number of specified public IP addresses to facili tate outbound traffic This option is only available when IP Network is selected as the LAN Client Inbound Mappings Specifies the...

Страница 95: ...ity of Service Chapter contents Introduction 96 Managing User Groups 96 Setting Up Bandwidth Control 97 Configuring Applications 98 Application Prioritization 98 Prioritization for Custom Applications...

Страница 96: ...k the Add button to define clients and their user group Click to remove the defined rule Two default rules are pre defined and located at the bottom of the table They include All DHCP reservation clie...

Страница 97: ...h group s weight The lower part of the table shows the corresponding reserved download and upload bandwidth value of each connection By default 50 of bandwidth has been reserved for Manager 30 for Sta...

Страница 98: ...n traffic by inspecting the packets content Select an application by choos ing a supported application or by defining a custom application manually The priority preference of sup ported applications i...

Страница 99: ...idth of the WAN can be fully utilized in any situation When a DSL Cable circuit s uplink is congested the download bandwidth will be affected Users will not be able to download data in full speed unti...

Страница 100: ...er 8 Configuring Firewall Settings Chapter contents Introduction 101 Configuring Outbound and Inbound Firewall Rules 101 Access Rules 101 Intrusion Detection and DoS Prevention 105 Setting Up Web Bloc...

Страница 101: ...s the selective filtering of data traffic in both directions Outbound LAN to WAN Inbound WAN to LAN Intrusion Detection and DoS Prevention Web Blocking With Site to Site VPN enabled see Chapter 4 Conf...

Страница 102: ...e Name Specifies a name for the firewall rule Enable Specifies whether the firewall rule should take effect Select Yes for the firewall rule to take effect If the traffic matches the specified Protoco...

Страница 103: ...on IP address es and port number s to match with the fire wall rule You may specify a single address or network and a single port or a range of ports Action Specifies what the BD1000 should do upon en...

Страница 104: ...rom the table click Rules are matched from top to bottom If a connection matches any one of the upper rules the matching process will stop If none of the rules match the connection the BD1000 will app...

Страница 105: ...rnet To turn on this feature click and check Enable for Intrusion Detection and DoS Prevention Click Save to apply the setting Figure 85 Network Firewall Intrusion Detection and DoS Prevention When en...

Страница 106: ...com www foobar co jp or foobar co uk will be blocked Placing the wild card in any other position is not sup ported The BD1000 will inspect and look for blocked domain names on all HTTP traffic Secure...

Страница 107: ...ter contents Introduction 108 Setting Up High Availability Configurations 108 Enabling the PPTP Server 111 Enabling Service Forwarding 112 SMTP Forwarding 114 Web Proxy Forwarding Settings 115 DNS For...

Страница 108: ...its and two Internet connections Figure 87 High Availability Application In the diagram the WAN ports on each BD1000 unit connect to the router and modem and the BD1000 unit connects to the same LAN s...

Страница 109: ...e slave unit Configuration Sync Displays when Slave mode is selected as the Preferred Role When enabled and the Master Serial Number matches with the actual master unit the master unit will automatica...

Страница 110: ...the LAN segment For example a fire wall sitting behind the BD1000 should set its default gateway as the VIP instead of the IP of the Master BD1000 Figure 89 High Availability Application VIP Default...

Страница 111: ...ss es where the PPTP server should listen Authentication Specifies the source of user database for PPTP authentication Available options include Local User Accounts User accounts are stored in the BD1...

Страница 112: ...tions destined for any host at TCP Port 25 These connections will be redirected to a specified SMTP server and port number SMTP server settings for each WAN can be specified after selecting Enable For...

Страница 113: ...ction you may want to enable this option to enhance the DNS availability without modifying the DNS server setting of the clients The built in DNS name server will distribute DNS lookups to correspondi...

Страница 114: ...ct the Enable check box under SMTP Forwarding Setup then select the boxes for the WAN connections in the Enable Forwarding column that require forwarding Enter the ISP s e mail server address and TCP...

Страница 115: ...ction with reference to the Outbound Policy and 3 forward them to the specified web proxy server and port number You may configure the redirected server settings for each WAN in the Web Proxy Intercep...

Страница 116: ...enabled the BD1000 defines protocols that provide audio visual communi cation sessions on any packet network to passthrough the BD1000 FTP FTP sessions consist of two TCP connections one for control...

Страница 117: ...mote System Log 126 Configuring Simple Network Management Protocol SNMP 127 General SNMP Settings 127 SNMP Community Settings 128 SNMPv3 User Settings 128 Managing the Reporting Server 129 Importing a...

Страница 118: ...ing the Web Admin admin and user The admin account has full administration access while user is a read only account The user account can only access the device s status information and cannot make any...

Страница 119: ...r Name Non configurable set as admin by default Admin Password Specifies a new password for the admin account Confirm Admin Password Verifies and confirms the new password for the admin account Read o...

Страница 120: ...ude MS CHAP v2 and PAP Auth Server Specifies the access address of the external RADIUS server Auth Server Secret Defines the secure password phrase for accessing the RADIUS server Auth Timeout Specifi...

Страница 121: ...n access from any location without IP address restrictions Allow access from the following IP subnets only Only the defined IP subnets may access the Web Admin Interface When selected this option disp...

Страница 122: ...or the desired software release In the BD1000 Web Admin Interface click Browse to select the firmware file from the local com puter and then click Manual Upgrade to send the firmware to the unit The B...

Страница 123: ...k on System Time in the Web Admin Interface Figure 99 System Time Table 41 System Time Server Settings Field Description Time Zone Specifies the time zone along with the corresponding Daylight Savings...

Страница 124: ...g email If the server requires authentication select Require authentication SSL Encryption Select the box to Enable SMTPS When enabled the SMTP Port field will change to 465 automatically SMTP Port Sp...

Страница 125: ...completed the settings click the Test Email Notification button to test the settings before sav ing The following screen displays to confirm the settings Figure 101 Test Email Notification Click Yes t...

Страница 126: ...the remote system log settings click on System Remote Syslog in the Web Admin Interface Figure 103 System Remote Syslog Table 43 System Remote Syslog Setup Field Description Remote Syslog Specifies w...

Страница 127: ...tion from the BD1000 To configure SNMP settings click on System SNMP in the Web Admin Interface Figure 104 System SNMP General SNMP Settings Table 44 System SNMP Settings Field Description SNMP Device...

Страница 128: ...ies a unique name for the SNMP Community Allowed Source Subnet Address Enter a subnet address where the SNMP Server will allow access Allowed Source Subnet Mask Specifies the subnet mask that correspo...

Страница 129: ...alid Table 47 System Reporting Server Settings Field Description Post Data to Server Specifies whether or not the BD1000 should periodically and automatically post traffic data to Reporting Server Rep...

Страница 130: ...u must click the Apply Changes button for the new settings to take effect Downloading Active Configurations Use the Download button to back up the current active settings and save the configuration fi...

Страница 131: ...he connectivity of a WAN or VPN link Use the Traceroute Test see Traceroute Test on page 132 to view the connection path of a WAN or VPN link Use the VPN Test see VPN Test on page 132 to view the thro...

Страница 132: ...test on a BD1000 connection click on System Tools Traceroute in the Web Admin Interface Select an option from the Connection drop down menu then click the Start button Click Stop to end the tracerout...

Страница 133: ...wing Access Points 136 Viewing the WINS Client List 136 Viewing Site to Site VPN Connection Details 136 Viewing IPsec VPN Connection Details 136 Viewing UPnP and NAT PMP Connection Details 136 Viewing...

Страница 134: ...h LAN WAN interface connected to the BD1000 Table 48 Status System Information Field Description Router Name Displays the name specified for this specific BD1000 device in the Router Name field locate...

Страница 135: ...ws DHCP clients associated with the BD1000 since it has powered up To view information about DHCP clients click on Status Client List in the Web Admin Interface The table lists the DHCP client IP Addr...

Страница 136: ...ts retrieved and automatically matched with the DHCP Client List see Viewing the Client List on page 135 Click the button Flush All to clear the table of all WINS client records Viewing Site to Site V...

Страница 137: ...ices Select the number of entries to show in the log screen at a time 50 100 or all Viewing Bandwidth Usage Statistics The Bandwidth section shows bandwidth usage statistics for the BD1000 including d...

Страница 138: ...Viewing Bandwidth Usage Statistics 138 BODi rS BD1000 User Manual 11 Managing Status Settings Figure 115 Real Time Bandwidth Usage...

Страница 139: ...enabled the Bandwidth Monitoring feature see Bandwidth Allowance Monitor on page 48 the BD1000 will display the Current Billing Cycle table for that specific WAN connection In the Client Bandwidth Usa...

Страница 140: ...ature see Bandwidth Allowance Monitor on page 48 the BD1000 will display the Billing Cycle or Calendar Month for that specific WAN connection In the Client Bandwidth Usage table click on the first or...

Страница 141: ...141 Chapter 12 Troubleshooting Chapter contents Outbound Load 142 Download Speed 142 Public IP Address 142 LAN Connection 142 WAN Connection 143 File Upload Transfer 143...

Страница 142: ...ution First check whether the WAN connections are up Second ensure your download manager application has split the file into 3 parts or more It is also possible that all of 2 or even 3 download sessio...

Страница 143: ...nterface you may be able to find out the source of problem File Upload Transfer Problem When I upload files to a server via ftp the transfer stalls after a few kilobytes of data are sent What should I...

Страница 144: ...support headquarters in the USA 145 Alternate Patton support for Europe Middle East and Africa EMEA 145 Warranty Service and Returned Merchandise Authorizations RMAs 145 Warranty coverage 145 Out of w...

Страница 145: ...00 Fax 1 301 869 9293 Alternate Patton support for Europe Middle East and Africa EMEA Online support available at www patton com E mail support e mail sent to support patton com will be answered withi...

Страница 146: ...be issued upon receipt and inspection of the equipment 30 to 60 days We will add a 20 restocking charge crediting your account with 80 of the purchase price Over 60 days Products will be accepted for...

Страница 147: ...147 Appendix A Compliance Information Chapter contents Compliance 148 EMC 148 Low Voltage Directive Safety 148 CE Declaration of Conformity 148 Authorized European Representative 148...

Страница 148: ...elating to electromagnetic compatibility and Directive 2006 95 EC relating to electrical equipment designed for use within certain voltage limits The Declaration of Conformity may be obtained from Pat...

Страница 149: ...149 Appendix B Specifications Chapter contents WAN Interface 150 LAN Interface 150 VPN 150 Load Balancing 150 Networking 151 Advanced QoS 151 Device Management 151 Physical 151...

Страница 150: ...t Ethernet Switch Extended DHCP Options DHCP Reservation Support for Dynamic DNS services DNS Proxy for LAN Clients VPN Complete VPN Solution Site to Site VPN Bonding Bandwidth Aggregation Intelligent...

Страница 151: ...vanced QoS User Groups Bandwidth Reservation Individual Bandwidth Limit Custom Application QoS Application Prioritization Device Management Web Administrative Interface Email Notification Active Clien...

Страница 152: ...g 153 Performance Optimization 154 Scenario 154 Solution 154 Settings 154 Maintaining the Same IP Address throughout a Session 154 Scenario 154 Solution 154 Settings 154 Bypassing the Firewall to Acce...

Страница 153: ...e Internet i e the WAN IP address of the BD1000 Operating the BD1000 in NAT mode requires only one WAN Internet IP address In addition operating in NAT mode also has security advan tages because LAN d...

Страница 154: ...ddress throughout a Session Scenario Some client IP address sensitive websites for example Internet banking use both client IP address and cookies matching for session identification Since different I...

Страница 155: ...Mapping and bind the host to the default IP and 211 123 123 100 of WAN1 Inbound Access Restriction Scenario A firewall is required to protect the network from potential hacker attacks and other Inter...

Страница 156: ...his can easily be achieved by setting up an outbound firewall rule with the BD1000 Solution To set up a firewall rule between the Internet and the private network for outbound access click the Add Rul...

Страница 157: ...157 Appendix D Terms Chapter contents Abbreviations 158...

Страница 158: ...apsulation HTTP Hyper Text Transfer Protocol ICMP Internet Control Message Protocol IP Internet Protocol LAN Local Area Network MAC Address Media Access Control Address MTU Maximum Transmission Unit M...

Отзывы:

Нет отзывов