manualshive.com logo in svg

Planet ADSL VPN/Firewall Router ADE-4200, Руководство пользователя, Страница: 40 / 80

Поделиться
Скачать
Planet ADSL VPN/Firewall Router ADE-4200 Скачать руководство пользователя страница 40

PLANET ADSL VPN / Firewall Router

 

36 

3.6.3.4.2 Packet Filter 

When you click 

Packet Filter

, you get the following figure. 

 

 

You may configure to filter inbound (incoming) and outbound (outgoing) packets based 
on port or IP address.  

If it is based on port, click Port Filters for more options. You may filter the packets based 
on  PORT and  packet type  (TCP  or  UDP  or  any).  For  example,  the  protocol  number  1 
means  ICMP. You may  enter 1 to  protocol number of  Raw  IP  Filtering  web  page.  Port 
ranges are supported. 

If it is based on IP address, click Address Filters for more options. You may enter the IP 
address and again to select the inbound or outbound packets. 

For  example,  to  allow  TCP  packet,  port  0  to  1000  passing  router  between  WAN  and 
LAN  and  blocks  host  IP  address,  192.168.1.100.  Then  you  have  to  configure  the  port 
filter 

à

 add TCP filter > 0 to 1000 and ALLOW in both direction. Then click address filter 

à

 add address filter 

à

 enter host IP 192.168.1.100, subnet mask 255.255.255.255 (for 

this single host) and both direction. 

 

3.6.3.4.2.1 Port Filters 

The pre-defined port filter rules for high, medium and low security level are listed below. 
When user enables Firewall Security feature for high, medium or low security level, the 
Block WAN Request function (Ping packet) is enabled automatically. 

 

Port Number 

Firewall - High 

Firewall - Medium 

Firewall - Low 

Application 

Protocol 

Start 

End 

Inbound 

Outbound 
 

Inbound  Outbound  Inbound 

Outbound 

HTTP(80) 

TCP(6) 

80 

80 

NO 

YES 

NO 

YES 

NO 

YES 

DNS (53) 

UDP(17)  53 

53 

NO 

YES 

NO 

YES 

YES 

YES 

DNS (53) 

TCP(6) 

53 

53 

NO 

YES 

NO 

YES 

YES 

YES 

FTP(21) 

TCP(6) 

21 

21 

NO 

NO 

NO 

YES 

NO 

YES 

Telnet(23) 

TCP(6) 

23 

23 

NO 

NO 

NO 

YES 

NO 

YES 

SMTP(25) 

TCP(6) 

25 

25 

NO 

YES 

NO 

YES 

NO 

YES 

POP3(110) 

TCP(6) 

110 

110 

NO 

YES 

NO 

YES 

NO 

YES 

Содержание ADSL VPN/Firewall Router ADE-4200

Страница 1: ...ADE 4200 ADW 4200 ADSL VPN Firewall Router User s Manual...

Страница 2: ...ment This equipment generates and uses radio frequency energy and if not installed and used properly that is in strict accordance with the instructions provided with the equipment may cause interferen...

Страница 3: ...BROWSER 17 3 6 1 STATUS 19 3 6 2 Quick Start 20 3 6 3 Configuration 20 3 6 3 1 LAN 20 3 6 3 1 1 Ethernet 20 3 6 3 1 2 Wireless 21 3 6 3 1 3 Port Setting 22 3 6 3 1 4 DHCP Server 24 3 6 3 2 WAN 24 3 6...

Страница 4: ...IPSec VPN Connection 61 3 6 3 6 Virtual Server 63 3 6 3 6 1 An Example of Configuring a Web Server on the Local Network 65 3 6 3 6 2 An example of configuring the Web Server the Router to be accessib...

Страница 5: ...om accessing to the Internet Furthermore PPTP and IPSec VPN are also supported Utilizing 56 bit DES and 168 bit 3DES encryption header authentication and Internet Key Exchange IKE access control their...

Страница 6: ...es many application layer gateway ALG are supported such as web browser ICQ FTP Telnet E mail News Net2phone Ping NetMeeting and others Firewall Supports SOHO firewall with NAT technology Automaticall...

Страница 7: ...client IP addresses and distribute them including IP address subnet mask as well as DNS IP address to local computers It provides an easy way to manage the local IP network Static and RIP1 2 Routing S...

Страница 8: ...ing these connection capabilities mobile workers may attach to and access LAN resources from the public Internet while they are working at home or at branches abroad All corporate remote offices can d...

Страница 9: ...E 4200 ADW 4200 with other equipment Do not open or repair the case yourself If the ADE 4200 ADW 4200 is too hot turn off the power immediately and have a qualified serviceman repair it Place the ADE...

Страница 10: ...Orange for 10Mbps Blinking when data transmit received WLAN ADW 4200 only Lit green when the wireless connection is established Flashes when sending or receiving data MAIL Lit when there is email in...

Страница 11: ...r the device is powered on press it to reset the device or restore to factory default settings The operation is as below 0 3 seconds reset the device 3 6 seconds no action 6 seconds or above restore t...

Страница 12: ...easy way is to configure the PC to get an IP address from the ADE 4200 ADW 4200 Also make sure you have UNINSTALLED any kind of software firewall that can cause problems accessing the 192 168 1 254 I...

Страница 13: ...ration 9 2 Select TCP IP NE2000 Compatible or the name of any Network Interface Card NIC in your PC 3 Click Properties 4 Select the IP Address tab In this page click the Obtain an IP address automatic...

Страница 14: ...PLANET ADSL VPN Firewall Router 10 5 Then select the DNS Configuration tab 6 Select the Disable DNS radio button and click OK to finish the configuration...

Страница 15: ...s NT4 0 1 Go to Start Settings Control Panel In the Control Panel double click on Network and choose the Protocols tab 2 Select TCP IP Protocol and click Properties 3 Select the Obtain an IP address f...

Страница 16: ...er 12 3 3 3 For Windows 2000 1 Go to Start Settings Control Panel In the Control Panel double click on Network and Dial up Connections 2 Double click LAN Area Connection 3 In the LAN Area Connection S...

Страница 17: ...guration 13 4 Select Internet Protocol TCP IP and click Properties 5 Select the Obtain an IP address automatically and the Obtain DNS server address automatically radio buttons 6 Click OK to finish th...

Страница 18: ...uter 14 3 3 4 For Windows XP 1 Go to Start Control Panel in Classic View In the Control Panel double click on Network Connections 2 Double click Local Area Connection 3 In the LAN Area Connection Stat...

Страница 19: ...Chapter 3 Configuration 15 4 Select Internet Protocol TCP IP and click Properties 5 Select the Obtain an IP address automatically and the Obtain DNS server address automatically radio buttons...

Страница 20: ...ssword admin 2 Device IP Network settings in LAN site IP Address 192 168 1 254 Subnet Mask 255 255 255 0 3 ISP setting in WAN site PPPoE 4 DHCP server DHCP server is enabled Start IP Address 192 168 1...

Страница 21: ...owing table and keep it for reference PPPoE VPI VCI VC based LLC based multiplexing Username Password Service Name and Domain Name System DNS IP address it can be automatically assigned from ISP or be...

Страница 22: ...nfiguration homepage the left navigation pane where bookmarks are provided links you directly to the desired setup page including n Status ARP Table PPTP Status IPSec Status Email Status Event Log Err...

Страница 23: ...ves you a quick overview of the PPTP connection status IPSec Status it gives you a quick overview of the IPSec connection status Email Status it gives you a quick view to know if there is email in you...

Страница 24: ...you may check the Status web page to check whether the router is connected to the ISP or not In most cases you can access the Internet immediately If not please refer to the sections below for more in...

Страница 25: ...ere is only one subnet in LAN there is no need to configure a Secondary IP address The 192 168 1 254 is the default IP address for this ADSL router The Advanced Options will allow you to configure the...

Страница 26: ...less stations from accessing data transmitted over the network the wireless broadband firewall gateway offers highly secure data encryption known as WEP If you require high security in transmission th...

Страница 27: ...Control TOS Type of Services is the 2nd octet of IP packet The bits 6 7 of this octet are reserved and bit 0 5 are used to specify the priority of the packet The definition of these bits is listed bl...

Страница 28: ...ddress leased time for each assigned IP address DNS IP address Gateway IP address Those messages are sent to the DHCP client when it requests an IP address from the DHCP server Click Apply to enable t...

Страница 29: ...83 0 you can delete it by clicking Delete Then you may click Create to create a connection to your ISP to surf the Internet The following page is then shown Select one of the access methods among the...

Страница 30: ...the NAT function can be disabled Encapsulation method Select the protocol format the default is LlcBridged Select the one provided by your ISP DHCP client Enable or disable the DHCP client specify if...

Страница 31: ...can access the Internet directly the NAT function can be disabled Username Enter the username provided by your ISP You can input up to 128 alphanumeric characters case sensitive Password Enter the pas...

Страница 32: ...escription Give a name for this connection VPI VCI Enter the information provided by your ISP NAT The NAT feature allows multiple users to access the Internet through a single IP account sharing the s...

Страница 33: ...This item is for identification purpose If it is required your ISP will provide you the information Maximum input is 20 alphanumeric characters Use the following IP address If your ISP gives you a fix...

Страница 34: ...E or PPPoA as your WAN ISP protocol the ISP will provide the DNS IP address automatically You may leave it as blank Or your ISP may provide you with an IP address of their DNS If this is the case you...

Страница 35: ...fter you ready establish a connection to the Internet If you prefer to enter your own SNTP server please enter and use it as the first choice Resync Poll Interval in minutes is the periodical interval...

Страница 36: ...it allows you to save your current settings into a file on your PC You can click the Backup to store the current settings on a file If you like to restore it back please input the location of this con...

Страница 37: ...g user s database or to create other user accessing this device 3 6 3 4 Firewall This product also serves as an Internet firewall not only does it provide a natural firewall function Network Address T...

Страница 38: ...ity and Policy General Settings outbound direction of Packet Filter rules to prevent unauthorized computers or applications accessing the Internet l MAC Filter rules to prevent unauthorized computers...

Страница 39: ...between the WAN and LAN For example when you select High the Port Filters of the Packet Filter screen will be set automatically according to High security level settings Firewall Logging When both th...

Страница 40: ...s 192 168 1 100 Then you have to configure the port filter add TCP filter 0 to 1000 and ALLOW in both direction Then click address filter add address filter enter host IP 192 168 1 100 subnet mask 255...

Страница 41: ...wo kinds of address filters one is inbound the other is outbound The rules can be set to prevent unauthorized users hosts or network to access the Internet from LAN outbound and or access LAN from the...

Страница 42: ...PLANET ADSL VPN Firewall Router 38 1 Click Packet Filter you will get the following figure 2 Click Port Filters the pre defined port filter rules screen of low security level is shown as below...

Страница 43: ...Chapter 3 Configuration 39 3 Click Delete to delete the HTTP rule 4 Click Add TCP Filter...

Страница 44: ...PLANET ADSL VPN Firewall Router 40 5 Input the port number and set the inbound outbound as Allow 6 The port filter rule of HTTP is shown as below...

Страница 45: ...the Virtual Server to enable the HTTP service in the virtual server setting and input the WEB server s IP address If you try to setup a remote management of router permanently you may enter router s I...

Страница 46: ...ongly recommend to set TRUE for Use Blacklist and Use Victim Protection when enable Intrusion Detection Use Blacklist select True to use blacklist If enabled external host addresses will be saved into...

Страница 47: ...an Echo storm attack has occurred Maximum ICMP Count set the maximum number of ICMP packet per second Once the maximum number of ICMP packet per second is reached the router will consider that an ICMP...

Страница 48: ...nction enables you to configure your router to block internal users MAC address from Internet access Enable Disable to enable or disable MAC Address Filter feature Allowed Blocked To allow or block th...

Страница 49: ...l from the entire enterprise Enable Disable Check Enable Disable radio button to activate or deactivate the URL filter function Always Block Check this button if you wish not to access this website th...

Страница 50: ...elect the Apply button to save the setting 3 5 3 4 5 1 Keyword Filtering The ADSL Router allows the administrator to block some WEB URLs containing certain keywords in this page For example if the key...

Страница 51: ...packet is not matched with above two items the send it to outside world To add a domain name enter its host name such as www bad site com into the text field under Domain and select either Trusted Dom...

Страница 52: ...cations provided in PPTP Remote Access and LAN to LAN please refer below for more information Click Create to select one of applications to continually setup 3 6 3 5 1 1 PPTP for Remote Access For the...

Страница 53: ...t Stateful or Stateless mode The key will be changed in each 256 packets when you select Stateful mode If you select Stateless mode the key will not be changed in each packet Idle Time Auto disconnect...

Страница 54: ...with 40 bits or 128 bits Default is Auto it is negotiated when establish a connection Mode You may select Stateful or Stateless mode The key will be changed in each 256 packets when you select Statef...

Страница 55: ...er please make sure this IP is not used in the Office LAN Configuring PPTP VPN in Remote Side You can configure VPN client with commercial VPN client software package e g SSH or the Dial up Adaptor in...

Страница 56: ...PLANET ADSL VPN Firewall Router 52 2 Follow the step and select Connect to a private network through the Internet 3 Enter the IP address of the ADSL Router located in the office...

Страница 57: ...on 53 4 Follow the step the following screen appears The setup is completed 5 To make the connection click the Virtual Private Connection icon in Dial up Networking Group and input the username passwo...

Страница 58: ...ring a Remote Access PPTP VPN Dial out Connection Background of the Example Corporate establishes a PPTP VPN connection with the file server located in the remote side The router is installed in the o...

Страница 59: ...ation 55 Configuring PPTP VPN in the Office You can either input the IP address 69 1 121 33 in this case or hostname to reach the Server Refer also to PPTP VPN remote access dial in for the other para...

Страница 60: ...th the head office to connect two private networks by leveraging the Internet infrastructure The routers are installed in the head office and branch office accordingly Application Diagram Configuring...

Страница 61: ...head office If you have a domain name assigned to this IP address either you registered the DDNS please refer to the DDNS section or you have a static IP with a domain name you can also use the Hostna...

Страница 62: ...r a public networking infrastructure The specification is as below w Encapsulation tunnel mode w Support IKE authentication method pre shared key w Security protocol ESP and AH w Authentication MD5 SH...

Страница 63: ...e IPSec security method There are two methods to check the authentication information AH authentication header and ESP Encapsulating Security Payload Check ESP for a higher security data will be encry...

Страница 64: ...to 128 characters Both sides should use the same key IKE is used to establish a shared security policy and authenticated keys for services such as IPSec that require key Before any IPSec traffic can b...

Страница 65: ...Plan We want to setup a security channel between branch office and head office using LAN to LAN tunnel mode connection ESP with MD5 as the authentication protocol and AES as the encryption protocol is...

Страница 66: ...uter Set Proposal as ESP MD5 AES PFS as None and pre shared key as as12345678 according the pre defined security plan Configuring IPSec VPN in the Branch Office The local subnet branch office is set a...

Страница 67: ...nt of unique parameter values for Internet protocols Port numbers range from 0 to 65536 but only ports numbers 0 to 1024 are reserved for privileged services and designated as well known ports The reg...

Страница 68: ...modem can act as a virtual server You can set up a local server with specific a port number that stands for the service e g Web 80 FTP 21 Telnet 23 SMTP 25 POP3 110 When an incoming access request to...

Страница 69: ...ual servers in order to avoid conflicts The easy way is that the IP address assigned to each virtual server should not fall into the range of IP addresses that are to be issued by the DHCP server You...

Страница 70: ...nge the port number of either application to make these two services available Please note the access method to the Web server and router is different in case 1 2 this is particularly related to port...

Страница 71: ...Virtual Server 1 Set Web server IP address to a fixed IP 192 168 1 100 2 Set Remote Access as Enable User can access the router remotely through port 80 3 Since the port number 80 is used by the rout...

Страница 72: ...Device Management 3 6 3 7 1 Routing Table Click on the Routing Table and then choose Create Router to get the below figure to add a routing table Destination Enter the destination subnet IP Netmask Su...

Страница 73: ...rst browse the website to apply an account then configure the Dynamic DNS settings on this page Enable Disable Enable or disable the Dynamic DNS function Dynamic DNS Select the registered DDNS server...

Страница 74: ...than 5 DDNS services supported by this router 3 Configure DDNS as the following 3 6 3 7 3 Checking Emails Click Checking Emails to get the below figure then check the Enable button to access the servi...

Страница 75: ...es to check your email account periodically Automatically dial out for checking emails When the function is enabled your ADSL router will connect to your ISP automatically to check emails if your Inte...

Страница 76: ...Specify a name in any string to be identified as the Read Community and an optional IP address This community string will be checked against the string entered in the configuration file Once the stri...

Страница 77: ...n settings before logout Be aware that the router is restricted to only one local PC accessing the configuration Web pages Once a current PC has logged onto the Web pages other PCs cannot get access e...

Страница 78: ...connection failed Ensure that the cable is connected properly from the ADSL port to the wall jack The ADSL LED on the front panel of the ADE 4200 ADW 4200 should be on Check that your VPI VCI type of...

Страница 79: ...MDI MDI X Wireless None 1 x 802 11b wireless access point Ports WAN 1 RJ 1 10 100Base TX Auto Negotiation LED Indicators PWR SYS LAN 1 to 4 MAIL PPP ADSL WLAN ADW 4200 only Button 1 for reset factory...

Страница 80: ...problem with the Troubleshooting Chapter please contact the dealer where you purchased this product For any other questions please contact PLANET directly at the following email address support plane...

Отзывы:

Нет отзывов