QNO QVF7411 Скачать руководство пользователя страница 200

Страница: 200 / 268

193

RIP is a very simple routing protocol, in which Distance Vector is used. Distance Vector determines

transmission distance in accordance with the number of routers, rather than based on actual session speed.

Therefore, sometimes it will select a path through the least number of routers, rather than through the fastest

routers.

Working Mode

：

Select the working mode of the device: NAT mode or router mode.

RIP

：

Click “Enabled” to open the RIP function.

Receive RIP versions

：

Use Up/Down button to select one of “None, RIPv1, RIPv2, Both

RIPv1 and v2” as the “TX” function for transmitting dynamic RIP.

Transmit RIP versions

：

Use Up/Down button to select one of “None, RIPv1,

RIPv2-Broadcast, RIPv2-Multicast” as the “RX” function for

receiving dynamic RIP.

13.3.2 Static Routing

When there are more than one router and IP subnets, the routing mode for the device should be

configured as static routing. Static routing enables different network nodes to seek necessary paths

automatically. It also enables different network nodes to access each other. Click the button “Show Routing

Table” (as in the figure) to display the current routing list.

Содержание QVF7411

Страница 1: ...English User s Manual SSL IPSec VPN QoS Router 2x100Mbps WAN 4x100Mbps Switch LAN WAN2 DMZ Fully Integrated SMB SSL IPSec VPN Solution...

Страница 2: ...uses of international copyright and other regulations of intellectual property When the user copies the Manual this statement of intellectual property must also be copied and indicated Otherwise Qno r...

Страница 3: ...that no liability will be born for any guarantee and condition of the corresponding information The guarantee and condition include tacit guarantee and condition about marketability suitability for s...

Страница 4: ...atus 12 5 1 2 Physical Port Status 13 5 1 3 System Information 15 5 1 4 Firewall Status 16 5 1 5 Log Setting Status 16 5 2 Change and Set Login Password and Time 17 5 2 1 Password Setting 17 5 2 2 Tim...

Страница 5: ...Content Filter 99 X VPN Virtual Private Network 104 10 1 VPN 104 10 1 1 Display All VPN Summary 104 10 1 2 Add a New VPN Tunnel 108 10 1 3 PPTP Server 134 10 1 4 VPN Pass Through 136 10 2 QnoKey 137...

Страница 6: ...rwarding 187 13 1 1 DMZ Host 187 13 1 2 Port Range Forwarding 187 13 2 UPnP 191 13 3 Routing 192 13 3 1 Dynamic Routing 192 13 3 2 Static Routing 193 13 4 One to One NAT 195 13 5 DDNS Dynamic Domain N...

Страница 7: ...5 XVI Log out 20 Appendix I User Interface and User Manual Chapter Cross Reference 21 Appendix II Troubleshooting 24 1 Block BT Download 24 2 Shock Wave and Worm Virus Prevention 25 3 Block QQLive Vid...

Страница 8: ...ket VPN Router has the function of VPN virtual network connection It is equipped with a virtual private network hardware acceleration mode which is widely used in modern enterprises and offers full VP...

Страница 9: ...filter setting and complete OS management school and business internet management will be clearly improved VPN Router offers various on line SysLog records It supports on line management setup tools i...

Страница 10: ...This simplifies the management and maintenance making the user network settings be done at one time The main process is as below 1 Hardware installation 2 Login 3 Verify device specification and set...

Страница 11: ...ize data transmission 5 Set LAN connection physical port and IP address settings Set mirror port and VLAN Allocate and manage LAN IP Provide mirror port port management and VLAN setting functions Supp...

Страница 12: ...ation backup Monitor VPN Router working status and configuration backup Administrators can look up system log and monitor system status and inbound outbound flow in real time 10 VPN Virtual Private Ne...

Страница 13: ...Green Green LED on WAN is connected and gets the IP address WAN1 Green Green LED on WAN1 is connected and IP address has been obtained WAN2 Green Green LED on WAN2 is connected and IP address has been...

Страница 14: ...ce other heavy objects together with the device on a rack Overloading may cause the rack to fail comes with a set of rack installation accessories including 2 L mount the device onto the chassis Pleas...

Страница 15: ...ll The Router has two wall mount slots on its bottom panel When mounting the device on a wall please ensure that the heat dissipation holes are facing sideways as shown in the following picture for sa...

Страница 16: ...ing Hub or through an external router to connect to the Internet LAN Connection The LAN port can be connected to a Switching Hub or directly to a PC Users can use servers for monitoring or filtering t...

Страница 17: ...o Start Run enter cmd to commend DOS and enter ipconfig for getting Default Gateway address as the graphic below 192 168 1 1 Make sure Default Gateway is also the default IP address of the router Atte...

Страница 18: ...change the login password in the setting later Attention For security we strongly suggest that users must change password after login Please keep the password safe or you can not login to the device...

Страница 19: ...or security 5 1 Home Page In the Home page all the device s parameters and status are listed for users reference 5 1 1 WAN Status IP Address Indicates the current IP configuration for WAN port Default...

Страница 20: ...IP automatically is selected two buttons Release and Renew will appear If a WAN connection such as PPPoE or PPTP is selected Disconnect and Connect will appear DMZ IP Address Indicates the current DM...

Страница 21: ...es type 10Base T 100Base TX iniferface WAN LAN DMZ link status Up Down physical port status Port Enabled Port Disabled priority high or normal speed status 10Mbps or 100Mbps duplex status Half Full au...

Страница 22: ...icates how long the Router has been running Serial Number This number is the Router serial number Firmware Version Information about the Router present software version Current Time Indicates the devi...

Страница 23: ...ctivated The default configuration is On Prevent ARP Virus Attack Indicates that preventing Arp virus attack is acitvated The default configuration is Off Remote Management Indicates if remote managem...

Страница 24: ...e and password are both admin For security reasons we strongly recommend that you must change your password after first login Please keep the password safe or you might not login to the device You can...

Страница 25: ...5 2 2 Time The device can adjust time setting Users can know the exact time of event occurrences that are recorded in the System Log and the time of closing or opening access for Internet resources Y...

Страница 26: ...he server IP address Apply After the changes are completed click Apply to save the configuration Cancel Click Cancel to leave without making any change This action will be effective before Apply to sa...

Страница 27: ...ting this general setting is enough for connecting with the Internet However some users need advanced information from their ISP Please refer to the following descriptions for specific configurations...

Страница 28: ...changed according to the actual network structure Multiple Subnet Setting Click Unified IP Management to enter the configuration page as shown in the following figure Input the respective IP addresses...

Страница 29: ...nsparent Bridge Config A modification in an advanced configuration Click Edit to enter the advanced configuration page Obtain an Automatic IP automatically This mode is often used in the connection mo...

Страница 30: ...ough there is a standby system in the device at the moment of WAN disconnection all the external connections that go through this WAN will be disconnected too Only after the disconnected lines are rec...

Страница 31: ...one IP or eight IP addresses etc please select this connection mode and follow the steps below to input the IP numbers issued by an ISP into the relevant boxes WAN IP address Input the available stat...

Страница 32: ...ange new connections to be made through another WAN to the Internet In this way the effect of any disconnection can be minimized Line Dropped Period Input the time rule for disconnection of this WAN s...

Страница 33: ...to connect with the Internet the device will automatically make a dial connection If the line has been idle for a period of time the system will break the connection automatically The default time for...

Страница 34: ...sers can activate this function to arrange new connections to be made through another WAN to the Internet In this way the effect of any disconnection can be minimized Line Dropped Period Input the tim...

Страница 35: ...s installed Contact ISP for relevant information Subnet Mask Input the subnet mask of the static IP address issued by ISP such as Issued eight static IP addresses 255 255 255 248 Issued 16 static IP a...

Страница 36: ...ice at the moment of WAN disconnection all the external connections that go through this WAN will be disconnected too Only after the disconnected lines are reconnected can they go through the standby...

Страница 37: ...guration If there are two WANs configured users still can select Transparent Bridge mode for WAN connection mode and load balancing will be achieved as usual WAN IP Address Input one of the static IP...

Страница 38: ...ct with the Internet Therefore to avoid a huge number of disconnection users can activate this function to arrange new connections to be made through another WAN to the Internet In this way the effect...

Страница 39: ...lic IP address subnet mask WAN Default Gateway Enter the WAN default gateway which provided by your ISP DNS Servers Enter the DNS server IP address you must have to enter a DNS server IP address maxim...

Страница 40: ...up connections for servers with real IP addresses The DMZ ports act as bridges between the Internet and LANs IP address Indicates the current default static IP address Config Indicates an advanced con...

Страница 41: ...DMZ and WAN within same Subnet IP Range Input the IP range located at the DMZ port After the changes are completed click Apply to save the configuration or click Cancel to leave without making any cha...

Страница 42: ...ured at Router Plus NAT Mode LAN IP Range Enter the usable static IP range that provide by ISP into the DMZ service IP range If you have other IP range you can setup the default gateway and IP range i...

Страница 43: ...Qo oS S R Ro ou ut te er r 36 6 2 Multi WAN Setting When you have multiple WAN gateways you can use Traffic Management and Protocol Binding function to fulfill WAN road balancing so that we can have...

Страница 44: ...onnections based on session number to achieve network load balance IP Session Balance If By IP is selected the WAN bandwidth will automatically allocate connections based on IP amount to achieve netwo...

Страница 45: ...balancing Session Balance If By Session is selected the WAN bandwidth will automatically allocate connections based on session number to achieve network load balance IP Balance If By IP is selected th...

Страница 46: ...gly In this way the traffic for Netcom and Telecom can be divided Set WAN Grouping If more than one WAN is connected with Netcom to apply a similar division of traffic policy to these WANs a combinati...

Страница 47: ...configuration window click Apply The device will then dispatch the traffic to the assigned destination IP through the WAN ex WAN 1 or WAN grouping users designated to the Internet To build a policy do...

Страница 48: ...her words traffic to that destination IP will be transmitted through the WAN or WAN group under China Netcom strategy 6 2 2 Network Service Detection This is a detection system for network external se...

Страница 49: ...on failure is detected an error message will be recorded in the System Log This line will not be removed therefore the some of the users on this line will not have normal connections This option is su...

Страница 50: ...teways of an ADSL network will not affect packet detection If users have an optical fiber box or the IP issued by ISP is a public IP and the gateway is located at the port of the net caf rather than a...

Страница 51: ...Bandwidth and the Network service detection by each WAN Port correctly In Interface Configuration click Edit to enter the WAN port configuration Bandwidth Configuration When Auto Load Balance mode is...

Страница 52: ...out Note In the load balance mode of Assigned Routing the first WAN WAN1 cannot be assigned It is to be saved for the IP addresses and the application Service Ports that are not assigned to other WAN...

Страница 53: ...example if connections to destination IP address 210 11 1 1 are to be restricted to WAN1 the external static IP address 210 1 1 1 210 1 1 1 should be input If a range of destinations is to be assigne...

Страница 54: ...will be closed Add or Remove Service Port If the Service Port users want to activate is not in the list users can add or remove service ports from Service Management to arrange the list as described i...

Страница 55: ...l the modification This only works before Apply is clicked Exit To quit this configuration window Auto Load Balancing mode when enabled The collocation of the Auto Load Balance Mode and the Auto Load...

Страница 56: ...Enable Finally click Add New and the rule will be added to the mode Example 2 How do I set up Auto Load Balance Mode to keep Intranet IP 192 168 1 150 200 from going through WAN2 when the destination...

Страница 57: ...es Select WAN2 from the pull down option list Interface and then click Enable Finally click Add New and the rule will be added to the mode The device will transmit packets to Port 80 through WAN2 Howe...

Страница 58: ...an it bring the function into full play Example 1 How do I set up the Assigned Routing Mode to keep all Intranet IP addresses from going through WAN2 when the destination is Port 80 and keep all other...

Страница 59: ...ich means to include all Intranet IP addresses In the boxes for Destination IP input 211 1 1 1 211 254 254 254 Select WAN2 from the pull down option list Interface and then click Enable Finally click...

Страница 60: ...S SS SL L I IP PS Se ec c V VP PN N Q Qo oS S R Ro ou ut te er r 53...

Страница 61: ...N ports and the DMZ port by choosing the number of ports speed priority duplex and enable disable the auto negotiation feature for connection setting of each port Mirror Port Users can configure LAN 1...

Страница 62: ...tions are 10Mbps and 100Mbps Duplex Status This feature allows users to select the network hardware connection speed working mode for the Ethernet The options are full duplex and half duplex Auto Neg...

Страница 63: ...hould be constructed for the intranet so that all VLAN group can visit this server Set one of the network ports as VLAN All Connect the server to VLAN All so that computers of different VLAN groups ca...

Страница 64: ...tion Type Interface Link Status Up Down Port Activity Port Enabled Priority Setting High or Normal Speed Status 10Mbps or 100Mbps Duplex Status half duplex or full duplex Auto Neg Enabled Disabled and...

Страница 65: ...S SS SL L I IP PS Se ec c V VP PN N Q Qo oS S R Ro ou ut te er r 58 receive transmit packet Byte count and error packet count Users may press the refresh button to update all real time messages...

Страница 66: ...nation for LAN computers This function is similar to the DHCP service in NT servers It benefits users by freeing them from the inconvenience of recording and configuring IP addresses for each PC respe...

Страница 67: ...ase function If the function is activated all PCs will be able to acquire IP automatically Otherwise users should configure static virtual IP for each PC individually Range Start This is to set up a l...

Страница 68: ...from which an IP address has been leased to a PC port Input the IP address of this server directly DNS Required 1 Input the IP address of the DNS server DNS Optional 2 Input the IP address of the DNS...

Страница 69: ...the administrator s reference when a network modification is needed DHCP Server This is the current DHCP IP Dynamic IP Used The amount of dynamic IP leased by DHCP Static IP Used The amount of static...

Страница 70: ...ord of an IP lease DNS Local Database Normally DNS sever will be directed to ISP DNS server or internal self defined DNS server Qno router also provides easy self defined DNS services called DNS Local...

Страница 71: ...the router LAN IP For example LAN is 10 10 10 1 as shown in the following figure Therefore DCHP DNS IP address must be 10 10 10 1 to make DNS local database in effect 3 After enabling DNS local databa...

Страница 72: ...I IP PS Se ec c V VP PN N Q Qo oS S R Ro ou ut te er r 65 1 System Tool Diagnostic DNS Name Lookup 2 Enter tw yahoo com for lookup 3 The IP is 10 10 10 199 confirming the corresponding IP in DNS local...

Страница 73: ...rs can not add extra PCs for Internet access or change private IP addresses There are two methods for setting up this function Block MAC address not on the list This method only allows MAC addresses o...

Страница 74: ...S SS SL L I IP PS Se ec c V VP PN N Q Qo oS S R Ro ou ut te er r 67 IP MAC Binding...

Страница 75: ...P input 0 0 0 0 in the boxes The boxes cannot be left empty 2 If users want DHCP to assign a static IP for a PC every single time users should input the IP address users want to assign to this compute...

Страница 76: ...t with the Internet Show New IP user This function can reduce administrator s effort on checking MAC addresses one by one for the binding Furthermore it is easy to make mistakes to fill out MAC addres...

Страница 77: ...for each IP address For example you can choose to set up QoS or Access Rule by IP grouping Thus you will simplify setting rules IP Grouping consists of Local IP Group and Remote IP Group Local IP Gro...

Страница 78: ...e IP list below If this IP or range is already in the list you can not add it again Local Group Set You can choose from the IP list on the left side to set up a local IP group IP Group Choose IP Group...

Страница 79: ...PN N Q Qo oS S R Ro ou ut te er r 72 It is the same setting methods You should set the IP address or the range of remote IP from the left side first and choose to add IP address information from the l...

Страница 80: ...me protocol and port range for the specific service port Name Name the Port in order to identify its property For example Virus 135 Protocol Choose the port protocol form the pull down list like TCP U...

Страница 81: ...ke to delete from the pull down list and push the Delete Group button System will ask you again if you would like to delete the group After pushing the confirmation button the group will be deleted bu...

Страница 82: ...dwidth or provide priority to specific applications or services and also to enable other users to share bandwidth as well as to ensure stable and reliable network transmission To maximize the bandwidt...

Страница 83: ...S SS SL L I IP PS Se ec c V VP PN N Q Qo oS S R Ro ou ut te er r 76 8 1 Bandwidth Management...

Страница 84: ...supplier The bandwidth QoS will make calculations according to the data users input In other words it will guarantee a minimum rate of upstream and downstream for each IP and Service Port based on the...

Страница 85: ...speed with the unit KB 1KB 8Kbit 8 1 2 QoS To satisfy the bandwidth requirements of certain users the device enables users to set up QoS Rate Control and Priority Control Users can select only one of...

Страница 86: ...e a single selection or multiple selections Service Port Select what bandwidth control is to be configured in the QoS rule If the bandwidth for all services of each IP is to be controlled select All T...

Страница 87: ...tream If a Server for external connection has been built in the device this option is to control the bandwidth for the traffic coming from outside to this Server Server in LAN Downstream If there are...

Страница 88: ...an FTP to occupy too much bandwidth users can select the Share Bandwidth Mode so that no matter how much users use FTPs to download information the total occupied bandwidth is fixed Enable Activate th...

Страница 89: ...ndwidth usage In addition if any Intranet PC is attacked by a virus like Worm Blaster and sends a huge number of session requests session control will restrict that as well Session Control and Schedul...

Страница 90: ...h the limit all the lines that this user is connected with will be removed and the user will not be able to connect with the Internet for five minutes New connections cannot be made until the delay ti...

Страница 91: ...e Port Choose the service port Source IP Input the IP address range or IP group Enabled Activate the rule Add to list Add this rule to the list Delete seleted item Remove the rules selected from the S...

Страница 92: ...stem resources Hardware optimization will speed up the router processing carry huge connection sessions and PCs and provide stable and excellent network environment Service Optimization Service ports...

Страница 93: ...h source IP addresses 2 Destination IP address Hardware optimization will only be effective to guarantee the traffic in high priorities when the traffic rules match destination IP addresses 3 None The...

Страница 94: ...ax upstream rate for intranet IPs Each IP s downstream bandwidth threshold for all WAN Input the max downstream rate for intranet IPs If any IP s bandwidth is over maximum threshold its maximum bandwi...

Страница 95: ...sm will be shown on the list Scheduling If Always is selected the rule will be executed around the clock If From is selected the rule will be executed according to the configured time range For exampl...

Страница 96: ...hile the remote management feature will be activated The network access rules and content filter will be turned off Firewall This feature allows users to turn on off the firewall SPI Stateful Packet I...

Страница 97: ...ed In the field of remote browser IP a valid external IP address WAN IP for the device should be filled in and the modifiable default control port should be adjusted the default is set to 80 modifiabl...

Страница 98: ...just the threshold value and the blocking duration to effectively deal with external attack The threshold value should be adjusted from high to low LAN Threshold When all packet values from internal a...

Страница 99: ...es contained in the web pages from the trust domains Apply Click Apply to save the configuration Cancel Click Cancel to leave without making any change Restrict Application Users can check MSN QQ Yaho...

Страница 100: ...Q Qo oS S R Ro ou ut te er r 93 User Name Input the information of the QQ number etc Exempted QQ Number Input the number Add to list Add the number to the list Delete selected item Delete the selecte...

Страница 101: ...S SS SL L I IP PS Se ec c V VP PN N Q Qo oS S R Ro ou ut te er r 94 Exception IP address Input Exception IP...

Страница 102: ...the network so as to protect all internet access The following describes the internet access rules All traffic from the LAN to the WAN is allowed by default All traffic from the WAN to the LAN is den...

Страница 103: ...fine the priority of each network access rule The device will follow the rule priorities one by one so please make sure the priority for all the rules can suit the setting rules Edit Define the networ...

Страница 104: ...wn menu press Service Management to add the new service From the pop up window enter a service name and communications protocol and port and then click the Add to list button to add the new service Lo...

Страница 105: ...according to the defined time Apply this rule Select Always to apply the rule on a round the clock basis If From is selected the activation time is introduced as below to This control rule has time li...

Страница 106: ...ter The device supports two webpage restriction modes one is to block certain forbidden domains and the other is to give access to certain web pages Only one of these two modes can be selected Block F...

Страница 107: ...u ut te er r 100 Add Enter the websites to be controlled such as www playboy com Add to list Click Add to list to create a new website to be controlled Delete selected item Click to select one or more...

Страница 108: ...Keywords Only for English keyword Enter keywords Add to List Add this new service item content to the list Delete selected item Delete the service item content from the list Apply Click Apply to save...

Страница 109: ...the rule to list Delete selected item Users can select one or more rules and click to delete Content Filter Scheduling Select Always to apply the rule on a round the clock basis Select from and the op...

Страница 110: ...k basis Select from and the operation will run according to the defined time to Select Always to apply the rule on a round the clock basis If From is selected the activation time is introduced as belo...

Страница 111: ...tual Private Network 10 1 VPN 10 1 1 Display All VPN Summary This VPN Summary displays the real time data with regard to VPN status Detail Push this button to display the following information with re...

Страница 112: ...N tunnel page Or users can select the page number directly to view all VPN tunnel statuses such as 3 5 10 20 or All Tunnel No To set the embedded VPN feature please select the tunnel number It support...

Страница 113: ...ES authentication MD5 SHA1 and Group 1 2 5 If users select Manual setting for IPSec Phase 2 DH group will not display Local Group Displays the setting for VPN connection secure group of the local end...

Страница 114: ...p Displays the VPN connection secure setting for the local group Remote Client Displays the name of this group for remote VPN Connection secure group setting Remote Client Status Click on Detail List...

Страница 115: ...ent to Gateway tunnel The VPN tunnel connections are done by 2 VPN devices via the Internet When a new tunnel is added the setting page for Gateway to Gateway or Client to Gateway will be displayed Ga...

Страница 116: ...to avoid confusion Note If this tunnel is to be connected to the other VPN device some device requires that the tunnel name is identical to the name of the host end to facilitate verification This tun...

Страница 117: ...rs don t need to do further settings 2 IP Domain Name FQDN Authentication If users select IP domain name type please enter the domain name and IP address The WAN IP address will be automatically fille...

Страница 118: ...to connect to the device users may select this option to connect to VPN without entering IP address When VPN Gateway requires for VPN connection the device will start authentication and respond to VP...

Страница 119: ...range which is entered after the VPN tunnel is connected Reference When this VPN tunnel is connected computers with the IP address of 192 168 1 0 254 can establish connection Remote Group Setup This...

Страница 120: ...esponding IP address will be displayed under the remote gateway of Summary 2 IP Domain Name FQDN Authentication If users select IP domain name please enter IP address and the domain name to be verifie...

Страница 121: ...the corresponding IP address will be displayed under the remote gateway of Summary 4 Dynamic IP Domain Name FQDN Authentication If users use dynamic IP address to connect with the device users may sel...

Страница 122: ...cted computers with the IP address of 192 168 2 1 can establish connection 2 Subnet This option allows local computers in this subnet can be connected to the VPN tunnel Reference When this VPN tunnel...

Страница 123: ...forget to activate the PFS function of the VPN device and the VPN Client as well Phase 1 Phase 2 DH Group This option allows users to select Diffie Hellman groups Group 1 Group 2 Group 5 Phase 1 Phase...

Страница 124: ...or 1hours by default This allows the automatic generation of other exchange password within the valid time of the VPN connection so as to guarantee security Preshared Key For the Auto IKE option enter...

Страница 125: ...ection This is mostly used to connect the remote node of the branch office and headquarter or used for the remote dynamic IP address AH hash calculation For AH Authentication Header users may select M...

Страница 126: ...Set the embedded VPN feature please select the Tunnel number Tunnel Name Displays the current VPN tunnel connection name such as XXX Office Users are well advised to give them different names to avoi...

Страница 127: ...mic IP E mail Addr USER FQDN Authentication Dynamic IP address Email address name 1 IP only If users decide to use IP only entering the IP address is the only way to gain access to this tunnel The WAN...

Страница 128: ...nd to this VPN tunnel connection if users select this option to link to VPN please enter the domain name 5 Dynamic IP E mail Addr USER FQDN Authentication If users use dynamic IP address to connect to...

Страница 129: ...subnet to be connected to the VPN tunnel Reference When this VPN tunnel is connected only computers with the session of 192 168 1 0 and with subnet mask as 255 255 255 0 can connect with remote VPN 6...

Страница 130: ...n Name FQDN Authentication IP E mail Addr USER FQDN Authentication Dynamic IP Domain Name FQDN Authentication Dynamic IP E mail Addr USER FQDN Authentication 1 IP only If users decide to use IP only e...

Страница 131: ...ic IP Domain Name FQDN Authentication If users use dynamic IP address to connect to the device users may select this option to link to VPN If the remote VPN gateway requires connection to the device f...

Страница 132: ...e device provides the following two encrypted Key Managements They are Manual and IKE automatic encryption mode IKE with Preshared Key automatic By using the drop down menu select the desired encrypti...

Страница 133: ...lows users to select Diffie Hellman groups Group 1 Group 2 Group 5 Phase 1 Phase 2 Encryption This option allows users to set this VPN tunnel to use any encryption mode Note that this parameter must b...

Страница 134: ...e password can be made up of up to 30 characters Manual Mode Future Feature If the Manual mode is selected users need to set encryption key manually without negotiation It is divided into two types En...

Страница 135: ...ection This is mostly used to connect the remote node of the branch office and headquarter or used for the remote dynamic IP address AH hash calculation For AH Authentication Header users may select M...

Страница 136: ...n thus be successfully enabled Interface From the pull down list users can select the Interface for this VPN tunnel Enabled Click to Enabled the VPN tunnel This option is set to Enabled by default Aft...

Страница 137: ...is connected Reference When this VPN tunnel is connected computers with the IP address of 192 168 1 0 254 can establish connection Remote Group Setup Remote Security client Type This setting offers t...

Страница 138: ...ism the encryption mechanism of these two VPN channel settings must be identical in order to establish connection And the transmission data must be encrypted with IPSec key which is also known as the...

Страница 139: ...t supports 128 bit 192 bit and 256 bit encryption keys Phase 1 Phase 2 Authentication This authentication option allows users to set this VPN tunnel to use any authentication mode Note that this param...

Страница 140: ...by remote devices The IP connection is designed to enhance the security control if dynamic IP is used for connection Use IP Header Compression Protocol If this option is selected in the connected VPN...

Страница 141: ...e is connection between the two ends of the VPN tunnel If one end is disconnected the device will disconnect the tunnel automatically and then create new connection Users can define the transmission t...

Страница 142: ...lease enter PPTP IP address range so as to provide the remote users with an entrance IP into the local network Enter Range Start Enter the value into the last field Enter Range End Enter the value int...

Страница 143: ...r does not accept two connections with the same IP and same source port the second connection needs to change source port from UDP 500 to the other random port If choosing Fixed Source Port the second...

Страница 144: ...ey menu to display the page that summarizes the current status information of QnoKey as illustrated below QnoKey Tunnel Number Displays how many tunnels are applied and the total tunnel number of QnoK...

Страница 145: ...QnoKey in use Online Number Displays the number of connected devices that are using QnoKey Delete Deletes one user name group setting rule Go to page Goes to the page where summarized information is n...

Страница 146: ...nnection facilitating management If WAN1 is selected QnoKey group users can connect through only WAN1 If both WAN 1and WAN 2 are selected QnoKey group users are allowed to make connection via WAN 1or...

Страница 147: ...nhance VPN security Select Do Nothing to do no change after the Key is lost Select Clear Key to clean up the QnoKey settings when the VPN connection is established again after the QnoKey is lost Selec...

Страница 148: ...3 Qnokey Account List Click Show List to show the Account List page applying this rule Group Account ID Displays the group ID to which the user belongs to Enabled Click this option to activate QnoKey...

Страница 149: ...142 Bind MAC If there is hardware binding QnoKey can only execute on the bound PC MAC Address If hardware binding function is enabled it will show the MAC address which Qnokey is bound with not the PC...

Страница 150: ...ated VPN setup process by entering Server IP User Name and Password 2 Central Control Feature Displays a clear VPN connection status of all remote ends and branches Its central control screen allows s...

Страница 151: ...Please enter the remote client user name in either English or Chinese Password Confirm Password Must be identical to that of the remote client end Please enter the password and confirm again IP Addre...

Страница 152: ...button to save the network setting or push Cancel to keep the settings unchanged 10 3 2 QVM Status Account Displays the remote client user Green means connection blue waiting for connection and red fo...

Страница 153: ...e status of waiting for connection Config Click Edit to enter the setting items to be changed 10 3 3 QVM Client Settings Future Feature Select QVM feature as Client mode Account ID Must be identical t...

Страница 154: ...addresses or domain names for backup Once the connection is dropped the function will be automatically enabled to backup the VPN connection and ensure data transition security Advanced Function Change...

Страница 155: ...server with dual bradband connection As the result the linking problem between different ISP network will be sloved As the figure showed above Caf A has only one ISP service Because of narrow bandwid...

Страница 156: ...9 Caf A can enable virtual route function and link to Caf B s device They can access another ISP service through Caf B s network It seems that Caf A employ dual ISP service too If users in Caf A want...

Страница 157: ...uces how to configure a Virtue Route server Virtue Route builds PPTP on the basis of PPP Point to point Protocol it strengthens the security of PPP Virtue Route enables encryption transmission between...

Страница 158: ...local network Enter Range Start Enter the value into the last field Enter Range End Enter the value into the last field Username Please enter the name of the remote user Password Confirm Password Ent...

Страница 159: ...ng IP range Binding Service Port To select the port that will execute virtual route All port Game or Self defined Import Port Range Click Browse to import binding port range When connection failed Ret...

Страница 160: ...stination IP address is to be assigned it should follow the same format For example if the destination IP address is 210 66 161 54 it should be keyed in as 210 66 161 54 210 66 161 54 After the docume...

Страница 161: ...that ensures secure data transmission over the Internet via HTTPS encryption including server authentication user authentication and SSL data link integrity and security SSL VPN is an LAN application...

Страница 162: ...lay current SSL tunnel users login time User Type Display whether the user is an administrator or a staff Logout Logout when clicking on the icon 12 2 Group Summary Group Summary table displays group...

Страница 163: ...Management User management and Service Resource management In addition SSL VPN s unique One Click makes your basic configurations fast One Click SSL VPN provides one click setting With fewest configu...

Страница 164: ...S SS SL L I IP PS Se ec c V VP PN N Q Qo oS S R Ro ou ut te er r 157...

Страница 165: ...tab to save recent changed settings new group names will appear in the drop down menu Cancel Click Cancel to clear any recent changes to the settings Each group must follow below steps Domain Managem...

Страница 166: ...to be assigned to this group Each group can only be assigned to one type of authentication server Default is Local Database If there are changes to the domain servers designated by All Users other gro...

Страница 167: ...n user database and other smaller groups use the Customize User Database Select the Customize User Database the administrator must add a new user to the group See step two User management If users hav...

Страница 168: ...n server type from the drop down menu Domain Names Name the selected authentication server Submit Click on the Submit tab to save changes Cancel Click Cancel to clear any recent changes to the setting...

Страница 169: ...nt changes to the settings 3 Radius CHAP Authentication Type Select the authentication server type from the drop down menu Domain Names Name the selected authentication server RADIUS Server Enter auth...

Страница 170: ...r RADIUS Submit Click on the Submit tab to save changes Cancel Click Cancel to clear any recent changes to the settings 5 Radius MSCHAPV2 Authentication Type Select the authentication server type from...

Страница 171: ...NT Domain authentication domain name For example qno com Submit Click on the Submit tab to save changes Cancel Click Cancel to clear any recent changes to the settings 7 Active Directory Authenticati...

Страница 172: ...ver s authentication domain name LDAP BaseDN Submit Click on the Submit tab to save changes Cancel Click Cancel to clear any recent changes to the settings If you want to use the one click function af...

Страница 173: ...imeout This option is activated on all users no matter in which group System can log off idle users to release connection bandwidth and system resource You can fill the idle time in minutes to the fie...

Страница 174: ...th group setting of idle time Step 2 User Management User Management determines who belongs to this group and have the rights to use specific resources Newly added users will appear on the user list c...

Страница 175: ...not display on the user list Edit User passwords if Local Database expiration dates user classifications and inactive timeouts can be edited or modified but user authentication servers and user names...

Страница 176: ...used Expiration Date yyyy mm dd Enter users permitted time limit For example if the expiration date is set to November 1 2007 then the user will be denied beginning on November 2 2007 at 12 00 AM User...

Страница 177: ...ompletely This is factory default users can access some specific services within servers that are in the same subnet the subnet which virtual passage was destined The traffic which is irrelevant to in...

Страница 178: ...outer 3 Force the traffic of SSL users to transfer to the router completely To incicate the traffic of each user connecting the Virtual Passage successful will be forwarded to central SSL VPN server o...

Страница 179: ...ement Step 2 User Management Step 3 Service Resource Management Domain Name All newly added authentication services will be displayed on the Domain Management list Authentication Type Authentication s...

Страница 180: ...that can be appointed to groups All User Group Supervisor Group Mobile User Group Branch Staff Group Step One Domain Management Step 2 User Management Step 3 Service Resource Management Domain Name S...

Страница 181: ...elete it and then add a new user name You can also select an authentication server to edit IP address and domain name Delete Click on the Delete tab to delete selected users Add New User Click on Add...

Страница 182: ...only be User and cannot login on the router management UI Inactive timeout Even though a user has logged in via the web portal he she will be forced to logout timeout due to inactivity after 10 minute...

Страница 183: ...7 Link to Portal If user management settings have the user type set to Administrator the user will login on the router management UI For login to the web portal click Link to Portal 12 8 Advanced Sett...

Страница 184: ...SL client connection When remote users use a secure tunnel to connect SSL VPN will establish a virtual web interface For this reason you will need to set SSL VPN s secure tunnel client address range s...

Страница 185: ...bnet mask you want to add This function is to add the router s different LAN IPs in different ranges to the router identified LAN Therefore PCs in LAN already having configured IPs which are different...

Страница 186: ...to the user You can use SSL VPN s supported SSL tunnels to adjust client start addresses and client end addresses to provide ample LAN IP the SSL secure tunnel clients Ensure that the secure tunnel IP...

Страница 187: ...f error times for the single account login when this account login times are over the number administrators set system will block this account for a period of time To enter Apply it will take effect w...

Страница 188: ...Enable graphics verification and enter Apply the login web page will display graphics verification as below figure when users login next time Users not only key in the user name password but also need...

Страница 189: ...ite name users account digital key and validity date of certificate Web browser will request the web site to show digital certificate when the web browser requests to use SSL mode https If web browser...

Страница 190: ...S SS SL L I IP PS Se ec c V VP PN N Q Qo oS S R Ro ou ut te er r 183...

Страница 191: ...S SS SL L I IP PS Se ec c V VP PN N Q Qo oS S R Ro ou ut te er r 184 The browser older than IE8 0 may display as below figure...

Страница 192: ...essages won t influence the operation and usage of the SSL VPN But if you want to apply a integrity SSL certificate from a third party organization you need contact these third party organizations for...

Страница 193: ...nslate file to PEM file format by Windows build in translation tool Please access to Qno web site to search the related documentation of technology instructions or contact Qno technical department if...

Страница 194: ...to the Intranet virtual IP addresses as follows If the DMZ Host function is selected to cancel this function users must input 0 in the following DMZ Private IP This function will then be closed After...

Страница 195: ...dress such as http 211 243 220 43 At this moment the device actual IP will be converted into 192 168 1 50 by Port 80 to access the web page In the same way to set up other services please input the se...

Страница 196: ...ers use Service Port Management to add or remove ports as follows Service Name Input the name of the service port users want to activate on the list such as E donkey etc Protocol To select whether a s...

Страница 197: ...t te er r 190 Delete selected item To remove the selected services Apply Click the Apply button to save the modification Cancel Click the Cancel button to cancel the modification This only works befor...

Страница 198: ...is 21 21 Please refer to the default service number list Host Name or IP Address Input the Intranet virtual IP address or name that maps with UPnP such as 192 168 1 100 Enabled Activate this function...

Страница 199: ...outing The abbreviation of Routing Information Protocol is RIP There are two kinds of RIP in the IP environment RIP I and RIP II Since there is usually only one router in a network ordinarily just Sta...

Страница 200: ...open the RIP function Receive RIP versions Use Up Down button to select one of None RIPv1 RIPv2 Both RIPv1 and v2 as the TX function for transmitting dynamic RIP Transmit RIP versions Use Up Down butt...

Страница 201: ...is is the router layer count for the IP If there are two routers under the device users should input 2 for the router layer the default is 1 Max is 15 Interface This is to select WAN port or LAN port...

Страница 202: ...their own public IP addresses For example if there are more than 2 web servers requiring public IP addresses administrators can map several public IP addresses directly to internal private IP addresse...

Страница 203: ...ternet IP addresses Please do not include IP addresses in use by WANs Add to List Add this configuration to the One to One NAT list Delete Seleted Item Remove a selected One to One NAT list Apply Clic...

Страница 204: ...time based system or the actual IP of a cable modem will be changed from time to time To overcome this problem for users who want to build services such as a website it offers the function of dynamic...

Страница 205: ...elect one of the four DDNS website address transfer functions Username The name which is set up for DDNS Input a complete website address such as abc qnoddns org cn as a user name for QnoDDNS Password...

Страница 206: ...ou ut te er r 199 Status An indication of the status of the current IP function refreshed by DDNS Apply After the changes are completed click Apply to save the network configuration modification Cance...

Страница 207: ...Users can input the network card physical address MAC address 00 xx xx xx xx xx here The device will adopt this MAC address when requesting IP address from ISP Select the WAN port to which the configu...

Страница 208: ...Attention In For some models of Qno routers user can try the function for a period but with time limit If the function can match your network demand you can apply for the official version License Key...

Страница 209: ...S SS SL L I IP PS Se ec c V VP PN N Q Qo oS S R Ro ou ut te er r 202...

Страница 210: ...e Server NS ns1 abc com tw ns2 abc com tw Go to website of your DNS service provider to modify your own DNS Host IP as the following figure Choose DNS mode and then fill in the Host name and correspon...

Страница 211: ...f Inbound Load Balance will be more correct You can adjust according your reality application Administrator Enter administrator s E mail address e g test abc com tw 6 DNS Server Settings Add or Modify...

Страница 212: ...8 Alias Record Add or modify alias record CNAME Record This kind of record allows you to assign several names to one computer host which may provide several services on it For instance there is a com...

Страница 213: ...server It orientates to a mail server according to the domain name of an E mail address For example someone on internet sends a mail to user myhomain com The mail server will search MX Record of mydo...

Страница 214: ...eed to be enabled Action Check Allow Service Port From the drop down menu select DNS UDP 53 53 Log Check Enable if DNS Query data should be recorded Interface Check the WAN port on which Inbound Load...

Страница 215: ...te the service port of A Record server e g SMTP TCP 25 25 for Mail Internal IP Input the internal IP of A Record e g 192 168 8 100 of Mail server Interface Select the WAN port of A Record and correspo...

Страница 216: ...Time setting is in Chapter 5 2 14 1 Diagnostic The device provides a simple online network diagnostic tool to help users troubleshoot network related problems This tool includes DNS Name Lookup Domai...

Страница 217: ...em informs users of the status quo of the outbound session and allows the user to know the existence of computers online On this test screen please enter the host IP that users want to test such as 19...

Страница 218: ...the Firmware Upgrade page Please confirm all information about the software version in advance Select and browse the software file click Firmware Upgrade Right Now to complete the upgrade of the desig...

Страница 219: ...content of parameter settings into the device Before upgrade confirm all information about the software version Select and browse the backup parameter file config exp Select the file and click Import...

Страница 220: ...o an important network management item Through this SNMP communications protocol programs with network management i e SNMP Tools HP Open View can help communications of real time management The device...

Страница 221: ...Set the name of the group or community that can view the device SNMP data The default setting is Public Set Community Name Set the name of the group or community that can receive the device SNMP data...

Страница 222: ...Ro ou ut te er r 215 14 5 System Recover Users can restart the device with System Recover button System Recover As the figure below if clicking Restart Router button the dialog block will pop out conf...

Страница 223: ...IP PS Se ec c V VP PN N Q Qo oS S R Ro ou ut te er r 216 Return to Factory Default Setting If clicking Return to Factory Default Setting the dialog block will pop out if the device will return to fact...

Страница 224: ...general HA Qno also provides advanced HA function that enables two devices to operate simultaneously It brings full cost efficiency without making another device idle It does not have to be the same...

Страница 225: ...ription of the two different modes Hardware Backup Operation Master Mode Indicates the master device will operate for all outbound links When the master device fails transmitting the backup device wil...

Страница 226: ...keep DHCP functioning and there will be no LAN disconnection LAN IP of the backup device Input LAN IP of Master mode which is backed up MAC Address of the backup device Input Master device MAC addres...

Страница 227: ...MAC of Slave device It should be different from LAN MAC of Master device Status Status Normal means both two devices operate normally Status Backup indicates Slave mode has problems and the device en...

Страница 228: ...t the LAN IP of Master device It should be different from Slave device s IP Must be in the same subnet MAC Address of the backup device Input the LAN MAC of Master device It should be different from S...

Страница 229: ...aracters Enter the key and click Submit and the system will check whether the License Key is valid If the key is valid users will be allowed to use the feature The Official Version column of that feat...

Страница 230: ...SL L I IP PS Se ec c V VP PN N Q Qo oS S R Ro ou ut te er r 223 Status Information Indicate remaining trial date or supported amount of QnoSoftkey VPN Tunnels Refresh Refresh current system status and...

Страница 231: ...t and look up we can see the relevant operation status which is convenient for us to facilitate the setup and operation 15 1 System Log Its system log offers three options system log E mail alert and...

Страница 232: ...arning will be enabled Mail Server If users wish to send out all the logs please enter the E mail server name or the IP address for instance mail abc com E mail This is set as system log recipient ema...

Страница 233: ...n the network After they access the information the IP address from the sender is changed so that they can access the resource in the source system Win Nuke Servers are attacked or trapped by the Troj...

Страница 234: ...are changed this message will be sent back to the system log Authorized Login Successful entry into the system includes login from the remote end or from the LAN into this device These messages will b...

Страница 235: ...evice will detect which parameter either entries or intervals reaches the threshold first and send the log message of that parameter to the user Send Log to E mail Users may send out the log right awa...

Страница 236: ...ncludes LAN IP destination IP and service port that is applied It is illustrated as below Incoming Packet Log View system packet log of those entering the firewall The log includes information about t...

Страница 237: ...ation such as port location device name current WAN link status IP address MAC address subnet mask default gateway DNS number of received sent total packets number of received sent total Bytes Receive...

Страница 238: ...S SS SL L I IP PS Se ec c V VP PN N Q Qo oS S R Ro ou ut te er r 8...

Страница 239: ...es will be displayed on the Traffic Statistic page to provide better traffic management and control Inbound IP Source Address The figure displays the source IP address bytes per second and percentage...

Страница 240: ...ut te er r 10 Inbound IP Service The figure displays the network protocol type destination IP address bytes per second and percentage Outbound IP Service The figure displays the network protocol type...

Страница 241: ...e allows administrators to inquire a specific IP or from a specific port about the addresses that this IP had visited or the users source IP who used this service port This facilitates the identificat...

Страница 242: ...c V VP PN N Q Qo oS S R Ro ou ut te er r 12 Specific IP Status Enter the IP address that users want to inquire and then the entire destination IP connected to remote devices as well as the number of...

Страница 243: ...ction Statistic function is used to record the numbers of network connections including outbound sessions and intranet users PC It also displays the user connection sessions Enable When enabling Conne...

Страница 244: ...the data by how many entries of data per page will be displayed Also you can select the page you would like to see from the drop down menu Data List field IP Address Display PC s IP address which has...

Страница 245: ...e QRTG function system will pop up a warning massage to remind you this function will be enabled which may influence router efficiency You can use drop down menu to select current status that includin...

Страница 246: ...S SS SL L I IP PS Se ec c V VP PN N Q Qo oS S R Ro ou ut te er r 16 II WAN Traffic Statistic hourly graphic and average up down stream As in the following figures...

Страница 247: ...Se ec c V VP PN N Q Qo oS S R Ro ou ut te er r 17 The UI might vary from model to model depending on different product lines III WAN Traffic Statistic Day graphic and average up down stream As in the...

Страница 248: ...Se ec c V VP PN N Q Qo oS S R Ro ou ut te er r 18 The UI might vary from model to model depending on different product lines IV WAN Traffic Statistic Week graphic and average up down stream As in the...

Страница 249: ...S SS SL L I IP PS Se ec c V VP PN N Q Qo oS S R Ro ou ut te er r 19 The UI might vary from model to model depending on different product lines...

Страница 250: ...R Ro ou ut te er r 20 XVI Log out On the top right corner of the web based UI there is a Logout button Click on it to log out of the web based UI To enter next time open the Web browser and enter the...

Страница 251: ...terface Users can find how to setup quickly and understand the VPN Router capability at the same time VPN Router overall interface is as below Category Sub category Chapter Home V Device Spec Verifica...

Страница 252: ...olicy 9 1 General Policy 9 2 Restricted Application Access Rule 9 3 Access Rule Content Filter 9 4 Content Filter Advanced Function XII Advanced Setting DMZ Forwarding 12 1 DMZ Host Port Range Forward...

Страница 253: ...ary Gateway to Gateway 10 1 2 1 Gateway to Gateway Client to Gateway 10 1 2 2 Client to Gateway PPTP Setup 10 1 3 PPTP Setup PPTP Status 10 1 3 PPTP Status VPN Pass Through 10 1 4 VPN Pass Through Qno...

Страница 254: ...e er r 24 Appendix II Troubleshooting 1 Block BT Download To block BT and prevent downloading by users go to the Firewall Content Filter and select Enable Website Block by Keywords followed by the inp...

Страница 255: ...d Worm viruses recently the internet transmission speed was brought down and the Session bulky increase result in the massive processing load of the device The following guides users to block this vir...

Страница 256: ...S SS SL L I IP PS Se ec c V VP PN N Q Qo oS S R Ro ou ut te er r 26 Use the same method to add UDP UDP135 139 and TCP 445 445 Ports c Enhance the priority level of these three to the highest...

Страница 257: ...Log into the device web based UI and enter Firewall Access Rule b Click Add New Rule under Access Rule page Select Deny in Action under the Service rule setting followed by the selection of All Traff...

Страница 258: ...wing IP address in Dest IP with repeat operation 121 14 75 115 60 28 234 117 60 28 235 119 222 28 155 17 QQ LiveVersion QQ Live 2008 7 0 4017 0 Tested on 2008 07 29 After repeated addition users may s...

Страница 259: ...down to the definition of ARP Address Resolution Protocol In LAN what is actually transmitted is frame in which there is MAC address of the destination host device So called Address Analysis refers t...

Страница 260: ...e NT 2000 XP 2003 There are two attack methods affecting the network connection speed cheat on the ARP table in the device or LAN PC The former intercepts the gateway data and send ceaselessly a serie...

Страница 261: ...8 252 points to the same MAC address as 00 0f 3d 83 74 28 Evidently this is a cheat by ARP 3 ARP Solution Now we understand ARP ARP cheat and attack as well as how to identify this type of attack What...

Страница 262: ...ate cmd to enter the dos operation Enter arp s 192 168 1 1 0a as illustrated s within the network follow the same way to enter the IP and MAC address of to complete the binding work However if this ac...

Страница 263: ...s from both of the PC and device ends in order to carry out the prevention work However this is more complicated because the search for the IP and address and MAC increases the workload Moreover there...

Страница 264: ...ch method is not recommended because the inquiry of IP MAC addresses of all hosts creates heavy workload Another method to bind IP and MAC is more recommended because of easy operation reducing worklo...

Страница 265: ...nding IP and MAC address corresponding to the PC are displayed Enter the Name of the computer and click on Enabled with the display of the icon and push the option on the top right corner of the scree...

Страница 266: ...h virus killing and the system re installation This operation is more important because it solves the source PC which is attacked by ARP This can better shelter the network from being attacked 2 Cyber...

Страница 267: ...r measures for protection 6 Close some unnecessary services and some unnecessary sharing if the condition is applicable which includes such management sharing as C and D Single device user can directl...

Страница 268: ...onto the Qno s bandwidth forum refer to the examples of the FTP server or contact the technical department of Qno s dealers as well as the Qno s Mainland technical center Qno Official Website http ww...

Результаты поиска

Содержание QVF7411

Отзывы:

Похожие инструкции для QVF7411

Бренды по названию

Популярные бренды

QNO QVF7411, Руководство пользователя

Результаты поиска

Содержание QVF7411

Отзывы:

Похожие инструкции для QVF7411

Бренды по названию

Популярные бренды