QNO VPN QoS Скачать руководство пользователя страница 1

Страница: 1 / 210

English User’s Manual

VPN QoS Wireless Router

1x100Mbps WAN + 4x100Mbps Switch LAN + 2xUSB

Family &Small Business IPSec VPN Solution

Содержание VPN QoS

Страница 1: ...English User s Manual VPN QoS Wireless Router 1x100Mbps WAN 4x100Mbps Switch LAN 2xUSB Family Small Business IPSec VPN Solution...

Страница 2: ...ns of intellectual property When the user copies the Manual this statement of intellectual property must also be copied and indicated Otherwise Qno regards it as tort and relevant duty will be prosecu...

Страница 3: ...nd condition of the corresponding information The guarantee and condition include tacit guarantee and condition about marketability suitability for special purposes ownership and non infringement The...

Страница 4: ...t Status 16 5 1 3 System Information 18 5 1 4 Firewall Status 19 5 2 Change and Set Login Password and Time 20 5 2 1 Password Setting 20 5 2 2 Time 21 VI Network 23 6 1 Network Connection 23 6 1 1 Hos...

Страница 5: ...l Policy 100 10 2 Access Rule 104 10 2 1 Add New Access Rule 105 10 3 Content Filter 108 XI L7 Management 113 11 1 L7 Filter 1 Rule list 113 11 2 L7 VIP Priority Channel 117 11 3 L7 QoS 122 11 4 Appli...

Страница 6: ...2 3 Configuration Backup 179 12 4 SNMP 180 12 5 System Recover 182 XV Log 184 13 1 System Log 184 13 2 System Statistic 189 13 3 Traffic Statistic 190 13 4 IP Port Statistic 192 XVI Log out 195 Append...

Страница 7: ...of the IPSec Protocol IPSec VPN provides DES 3DES AES128 AES192 AES256 encryption MD5 SH1 certification IKE Pre Share Key or manual password interchange VPN Router also supports aggressive mode When a...

Страница 8: ...p networks easy to understand It also reinforces the management of network access rules VPN and all other network services VPN Router fully protects the safety of communication between all offices and...

Страница 9: ...ily This simplifies the management and maintenance making the user network settings be done at one time The main process is as below 1 Hardware installation 2 Login 3 Verify device specification and s...

Страница 10: ...N Configure bandwidth to optimize data transmission 5 Set QoS bandwidth management avoid bandwidth occupation Restrict bandwidth and session of WAN ports LAN IP and application To assure transmission...

Страница 11: ...backup Administrators can look up system log and monitor system status and inbound outbound flow in real time 9 VPN Virtual Private Network Configure VPN tunnels Configure different types of VPN to me...

Страница 12: ...thernet is running at 10Mbps WLAN Green Green LED on Wireless function is enabled Green LED blinking Packets are transmitting WPS Green Green LED on WPS function is working Reset Action Description Pr...

Страница 13: ...ing Hub or through an external router to connect to the Internet LAN Connection The LAN port can be connected to a Switching Hub or directly to a PC Users can use servers for monitoring or filtering t...

Страница 14: ...o Start Run enter cmd to commend DOS and enter ipconfig for getting Default Gateway address as the graphic below 192 168 1 1 Make sure Default Gateway is also the default IP address of the router Atte...

Страница 15: ...change the login password in the setting later Attention For security we strongly suggest that users must change password after login Please keep the password safe or you can not login to the device...

Страница 16: ...ge all the device s parameters and status are listed for users reference 5 1 1 WAN Status IP Address Indicates the current IP configuration for WAN port Default Gateway Indicates current WAN gateway I...

Страница 17: ...s Release and Renew will appear If a WAN connection such as PPPoE or PPTP is selected Disconnect and Connect will appear DMZ IP Address Indicates the current DMZ IP address 5 1 2 Physical Port Status...

Страница 18: ...s type 10Base T 100Base TX iniferface WAN LAN DMZ link status Up Down physical port status Port Enabled Port Disabled priority high or normal speed status 10Mbps or 100Mbps duplex status Half Full aut...

Страница 19: ...cates how long the Router has been running Serial Number This number is the Router serial number Firmware Version Information about the Router present software version Current Time Indicates the devic...

Страница 20: ...efault configuration is On Block WAN Request Indicates that denying the connection from Internet is activated The default configuration is On Prevent ARP Virus Attack Indicates that preventing Arp vir...

Страница 21: ...rongly recommend that you must change your password after first login Please keep the password safe or you might not login to the device You can press Reset button for more than 10 sec the device will...

Страница 22: ...know the exact time of event occurrences that are recorded in the System Log and the time of closing or opening access for Internet resources You can either select the embedded NTP Server synchroniza...

Страница 23: ...he server IP address Apply After the changes are completed click Apply to save the configuration Cancel Click Cancel to leave without making any change This action will be effective before Apply to sa...

Страница 24: ...he following descriptions for specific configurations 6 1 Network Connection 6 1 1 Host Name and Domain Name Device name and domain name can be input in the two boxes Though this configuration is not...

Страница 25: ...ddresses and subnet masks This function enables users to input IP segments that differ from the router network segment to the multi net segment configuration the Internet will then be directly accessi...

Страница 26: ...advanced configuration page Obtain an Automatic IP automatically This mode is often used in the connection mode to obtain an automatic DHCP IP This is the device system default connection mode It is...

Страница 27: ...herefore to avoid a huge number of disconnection users can activate this function to arrange new connections to be made through another WAN to the Internet In this way the effect of any disconnection...

Страница 28: ...such as Issued eight static IP addresses 255 255 255 248 Issued 16 static IP addresses 255 255 255 240 Default Gateway Input the default gateway issued by ISP For ADSL users it is usually an ATU R IP...

Страница 29: ...net In this way the effect of any disconnection can be minimized Line Dropped Period Input the time rule for disconnection of this WAN service Line Dropped Scheduling Input how long the WAN service ma...

Страница 30: ...o connect with the Internet the device will automatically make a dial connection If the line has been idle for a period of time the system will break the connection automatically The default time for...

Страница 31: ...ers can activate this function to arrange new connections to be made through another WAN to the Internet In this way the effect of any disconnection can be minimized Line Dropped Period Input the time...

Страница 32: ...s installed Contact ISP for relevant information Subnet Mask Input the subnet mask of the static IP address issued by ISP such as Issued eight static IP addresses 255 255 255 248 Issued 16 static IP a...

Страница 33: ...l connections that go through this WAN will be disconnected too Only after the disconnected lines are reconnected can they go through the standby system to connect with the Internet Therefore to avoid...

Страница 34: ...load balancing will be achieved as usual WAN IP Address Input one of the static IP addresses issued by ISP Subnet Mask Input the subnet mask of the static IP address issued by ISP such as Issued eight...

Страница 35: ...ough the standby system to connect with the Internet Therefore to avoid a huge number of disconnection users can activate this function to arrange new connections to be made through another WAN to the...

Страница 36: ...ing limited PIN code trial errors If you enter wrong PIN code too many times the SIM card will be locked by ISP and the setting UI will show PUK PIN Unlocked Key Products do not support PIN code unloc...

Страница 37: ...ice Status 4 3G modem is connected but the SIM card is locked Please enter the PUK code to unlock Status 5 3G modem is connected and works normally 3 DNS Server Choose the self defined DNS server IP a...

Страница 38: ...es ss s R Ro ou ut te er r 37 6 2 Multi WAN Setting When you have multiple WAN gateways you can use Traffic Management and Protocol Binding function to fulfill WAN road balancing so that we can have...

Страница 39: ...onnections based on session number to achieve network load balance IP Session Balance If By IP is selected the WAN bandwidth will automatically allocate connections based on IP amount to achieve netwo...

Страница 40: ...e WAN bandwidth will automatically allocate connections based on session number to achieve network load balance IP Balance If By IP is selected the WAN bandwidth will automatically allocate connection...

Страница 41: ...e WAN is connected with Netcom to apply a similar division of traffic policy to these WANs a combination for the WANs must be made Click Set WAN Grouping an interactive window as shown in the figure b...

Страница 42: ...will then dispatch the traffic to the assigned destination IP through the WAN ex WAN 1 or WAN grouping users designated to the Internet To build a policy document users can use a text based editor suc...

Страница 43: ...her words traffic to that destination IP will be transmitted through the WAN or WAN group under China Netcom strategy 6 2 2 Network Service Detection This is a detection system for network external se...

Страница 44: ...n failure is detected an error message will be recorded in the System Log This line will not be removed therefore the some of the users on this line will not have normal connections This option is sui...

Страница 45: ...detection If users have an optical fiber box or the IP issued by ISP is a public IP and the gateway is located at the port of the net caf rather than at the IP provider s port do not activate this opt...

Страница 46: ...the WAN port configuration Bandwidth Configuration When Auto Load Balance mode is selected the device will select sessions or IP and the WAN bandwidth will automatically allocate connections to achie...

Страница 47: ...nd the application Service Ports that are not assigned to other WANs WAN2 for external connections In other words the first WAN WAN1 cannot be configured with the Protocol Binding rule This is to avoi...

Страница 48: ...restricted to WAN1 the external static IP address 210 1 1 1 210 1 1 1 should be input If a range of destinations is to be assigned input the range such as 210 11 1 1 210 11 255 254 This means the Clas...

Страница 49: ...rt If the Service Port users want to activate is not in the list users can add or remove service ports from Service Management to arrange the list as described in the following Service Name In this bo...

Страница 50: ...re Apply is clicked Exit To quit this configuration window Auto Load Balancing mode when enabled The collocation of the Auto Load Balance Mode and the Auto Load Mode will enable more flexible use of b...

Страница 51: ...Enable Finally click Add New and the rule will be added to the mode Example 2 How do I set up Auto Load Balance Mode to keep Intranet IP 192 168 1 150 200 from going through WAN2 when the destination...

Страница 52: ...s Select WAN2 from the pull down option list Interface and then click Enable Finally click Add New and the rule will be added to the mode The device will transmit packets to Port 80 through WAN2 Howev...

Страница 53: ...V VP PN N Q Qo oS S W Wi ir re el le es ss s R Ro ou ut te er r 52...

Страница 54: ...n it bring the function into full play Example 1 How do I set up the Assigned Routing Mode to keep all Intranet IP addresses from going through WAN2 when the destination is Port 80 and keep all other...

Страница 55: ...ch means to include all Intranet IP addresses In the boxes for Destination IP input 211 1 1 1 211 254 254 254 Select WAN2 from the pull down option list Interface and then click Enable Finally click A...

Страница 56: ...ced features of 3G 3 5G USB Modems Qno provides Intelligent USB Power Saving feature to be power efficient and extend 3G 3 5G USB dongle lifetime Based on bandwidth usage rate time and behaviors there...

Страница 57: ...V VP PN N Q Qo oS S W Wi ir re el le es ss s R Ro ou ut te er r 56...

Страница 58: ...e switched back to the original state setting Click the box the make all the setting changes are logged Note 1 3G feature is disabled by default Please go to USB Setting UI to enable 3G feature by cho...

Страница 59: ...k is back 3G 3 5G USB dongles will return to power saving state When the WAN connection is detected failed the traffic will transfer to USB A Trigger Condition When ALL the chosen wired connections ar...

Страница 60: ...g the USB port idle time helps you have time for dialing 3G 3 5G USB dongles Take the figure above as example If the idle time is 10 minutes the system will provide power for USB prots for 10 minutes...

Страница 61: ...column shows You can decide 3G 3 5G USB dongle backup when WAN port is disconnected as well as 3G 3 5G dongle load balance Must click the box first to enable the bandwidth threshold configuration 1 Se...

Страница 62: ...0 3G 3 5G will return to power saving state B Return condition When the trigger conditions no longer exist 3G 3 5G USB dongle will return to power saving state Example 1 3G 3 5G USB dongle is for WAN...

Страница 63: ...You can schedule the USB port usage time on the time table which is shown in hour The figure above is an example of USB Port 1 schedule for one private enterprise Administrator would like to incread b...

Страница 64: ...Connection Type Interface Link Status Up Down Port Activity Port Enabled Priority Setting High or Normal Speed Status 10Mbps or 100Mbps Duplex Status half duplex or full duplex Auto Neg Enabled Disab...

Страница 65: ...ation for LAN computers This function is similar to the DHCP service in NT servers It benefits users by freeing them from the inconvenience of recording and configuring IP addresses for each PC respec...

Страница 66: ...e time unit is minute Range End This is an initial IP automatically leased by DHCP It means DHCP will start the lease from this IP The default initial IP is 192 168 1 100 DNS Domain Name Service This...

Страница 67: ...he administrator s reference when a network modification is needed DHCP Server This is the current DHCP IP Dynamic IP Used The amount of dynamic IP leased by DHCP Static IP Used The amount of static I...

Страница 68: ...Local Database Normally DNS sever will be directed to ISP DNS server or internal self defined DNS server Qno router also provides easy self defined DNS services called DNS Local Database which can map...

Страница 69: ...0 1 as shown in the following figure Therefore DCHP DNS IP address must be 10 10 10 1 to make DNS local database in effect 3 After enabling DNS local database if there is no host domain names in the l...

Страница 70: ...V VP PN N Q Qo oS S W Wi ir re el le es ss s R Ro ou ut te er r 69 2 Enter tw yahoo com for lookup 3 The IP is 10 10 10 199 confirming the corresponding IP in DNS local database...

Страница 71: ...S S W Wi ir re el le es ss s R Ro ou ut te er r 70 7 4 IP MAC Binding Administrators can apply IP MAC Binding function to make sure that users can not add extra PCs for Internet access or change priva...

Страница 72: ...e two methods for setting up this function 1 Block MAC address not on the list This method only allows MAC addresses on the list to receive IP addresses from DHCP and have Internet access When this me...

Страница 73: ...signed IP input 0 0 0 0 in the boxes The boxes cannot be left empty 2 If users want DHCP to assign a static IP for a PC every single time users should input the IP address users want to assign to this...

Страница 74: ...with the Internet Show New IP user This function can reduce administrator s effort on checking MAC addresses one by one for the binding Furthermore it is easy to make mistakes to fill out MAC address...

Страница 75: ...ss s R Ro ou ut te er r 74 VIII Wireless Network Wireless function is enabled by default The WLAN LED will be on after system booting Client device can find SSID as QNO_AP_1 Please refer to following...

Страница 76: ...hoose the country where you are Freqeuncy Channel Means the channel of frequency of the wireless LAN Please choose the channel which is still available to avoid interference Users can also check Auto...

Страница 77: ...etup DLS This function will greatly improve the data transfer rate between WMM enabled wireless devices WMM AP Parameter Setting Tx Power The default value is 100 To narrow down covering range users c...

Страница 78: ...V VP PN N Q Qo oS S W Wi ir re el le es ss s R Ro ou ut te er r 77 8 2 Security Setting...

Страница 79: ...SSID Check Enabled box to reveal SSID in the wireless network If Disabled is checked wireless client device will not find this SSID Users have to input SSID manually to connect to this device AP Isol...

Страница 80: ...128 bit 26 hex digits Input 26 hex digits 0 9 a f A F as WEP key 64 bit 5 ASCII Input 5 ASCII code English letter or number as key 128 bit 13ASCII Input 13 ASCII code English letter or number as key 2...

Страница 81: ...AP s coverage area to another it performs an authentication procedure exchanging security information with the new AP Instead of re authenticating a client each time it returns to the AP s coverage a...

Страница 82: ...Personal Mixed Mode When WPS is enabled the mode will continue for 2 minutes If there is no connection established in two minutes this connection wil be stopped 1 Use personal PIN code to configure W...

Страница 83: ...network to extand covering range Two devices should be set in the same subnet as figure above Configurations of two devices should be the same Basic Setting Under WDS mode channel bandwidth should be...

Страница 84: ...S W Wi ir re el le es ss s R Ro ou ut te er r 83 If WEP mode is enabled system will arrange 4 sets of key for those MACs Make sure the order is correct 2 Or check Scanning to select existing AP and t...

Страница 85: ...lling the wireless LAN MAC address of client Only the valid MAC address that has been configured can access the wireless LAN interface Policy Deny Connection from the disabled MAC list will be denied...

Страница 86: ...client device Rate The quality of Wifi signal 8 4 Statistic Tx Success Number of successfully transmitted frames Tx Retry Count Number of retransmitted frames Tx Fail after Retry Number of failed fra...

Страница 87: ...idth or provide priority to specific applications or services and also to enable other users to share bandwidth as well as to ensure stable and reliable network transmission To maximize the bandwidth...

Страница 88: ...V VP PN N Q Qo oS S W Wi ir re el le es ss s R Ro ou ut te er r 87 9 1 Bandwidth Management...

Страница 89: ...r words it will guarantee a minimum rate of upstream and downstream for each IP and Service Port based on the total actual bandwidth of WAN1 and WAN2 For example if the upstream bandwidths of both WAN...

Страница 90: ...n users the device enables users to set up QoS Rate Control and Priority Control Users can select only one of the above QoS choices Rate Control The network administrator can set up bandwidth or usage...

Страница 91: ...e a single selection or multiple selections Service Port Select what bandwidth control is to be configured in the QoS rule If the bandwidth for all services of each IP is to be controlled select All T...

Страница 92: ...tream If a Server for external connection has been built in the device this option is to control the bandwidth for the traffic coming from outside to this Server Server in LAN Downstream If there are...

Страница 93: ...download information the total occupied bandwidth is fixed Enable Activate the rule Add to list Add this rule to the list Move up Move down QoS rules will be executed from the bottom of the list to th...

Страница 94: ...ge e g 192 168 1 1 254 in Direction part open the dropdown box and choose Downstream Import 2Kbit Sec in Mini Rate which guarantees the minimum bandwidth for FTP downloading And import 50Kbit Sec in M...

Страница 95: ...Direction part open the dropdown box and choose Downstream Import 2Kbit Sec in Mini Rate which guarantees the minimum bandwidth And import 512Kbit Sec in Max Rate for a maximum limitation Choose Assig...

Страница 96: ...ndwidth usage In addition if any Intranet PC is attacked by a virus like Worm Blaster and sends a huge number of session requests session control will restrict that as well Session Control and Schedul...

Страница 97: ...session has been closed new sessions cannot be made until the setting time ends If this function is selected when the user s port connections reach the limit all the lines that this user is connected...

Страница 98: ...Port Choose the service port Source IP Input the IP address range or IP group Enabled Activate the rule Add to list Add this rule to the list Delete seleted item Remove the rules selected from the Se...

Страница 99: ...s downstream bandwidth threshold for all WAN Input the max downstream rate for intranet IPs If any IP s bandwidth is over maximum threshold its maximum bandwidth will remain When any IP uses more band...

Страница 100: ...Always is selected the rule will be executed around the clock If From is selected the rule will be executed according to the configured time range For example if the time control is from Monday to Fr...

Страница 101: ...hile the remote management feature will be activated The network access rules and content filter will be turned off Firewall This feature allows users to turn on off the firewall SPI Stateful Packet I...

Страница 102: ...ed In the field of remote browser IP a valid external IP address WAN IP for the device should be filled in and the modifiable default control port should be adjusted the default is set to 80 modifiabl...

Страница 103: ...just the threshold value and the blocking duration to effectively deal with external attack The threshold value should be adjusted from high to low LAN Threshold When all packet values from internal a...

Страница 104: ...ked IP Show the blocked IP list and the remained blocked time Restricted WEB Features It supports the block that is connected through Java Cookies Active X and HTTP Proxy access Apply Click Apply to s...

Страница 105: ...ernet access The following describes the internet access rules All traffic from the LAN to the WAN is allowed by default All traffic from the WAN to the LAN is denied by default Users may define acces...

Страница 106: ...ass of packets compliant with this control rule Deny Prevents the pass of packets not compliant with this control rule Service From the drop down menu select the service that users grant or do not giv...

Страница 107: ...ivation time is introduced as below to This control rule has time limitation The setting method is in 24 hour format such as 08 00 18 00 8 a m to 6 p m Day Control Everyday means this period of time w...

Страница 108: ...200 to 230 to access service port 80 Action Forbid Service Port TCP 80 Source Interface LAN Meaning to service port 80 which blocks the traffic from intranet to internet Source IP 192 168 1 200 192 16...

Страница 109: ...ter The device supports two webpage restriction modes one is to block certain forbidden domains and the other is to give access to certain web pages Only one of these two modes can be selected Block F...

Страница 110: ...ut te er r 109 Add Enter the websites to be controlled such as www playboy com Add to list Click Add to list to create a new website to be controlled Delete selected item Click to select one or more...

Страница 111: ...Keywords Only for English keyword Enter keywords Add to List Add this new service item content to the list Delete selected item Delete the service item content from the list Apply Click Apply to save...

Страница 112: ...nction The default setting is Disabled Add Input the allowed domain name etc www google com Add to list Add the rule to list Delete selected item Users can select one or more rules and click to delete...

Страница 113: ...ion will run according to the defined time For example if the control time runs from 8 a m to 6 p m Monday to Friday users may control the operation according to the following illustrated example Alwa...

Страница 114: ...V VP PN N Q Qo oS S W Wi ir re el le es ss s R Ro ou ut te er r 113 XI L7 Management 11 1 L7 Filter 1 Rule list...

Страница 115: ...V VP PN N Q Qo oS S W Wi ir re el le es ss s R Ro ou ut te er r 114 2 Add new rule click...

Страница 116: ...tion support list 1 After choosing Category the Item column will show the crosponding list Hint Directly click on the applications to put them effective Cancel the application by double clicks Click C...

Страница 117: ...ional user setting Please note that the exceptional user setting will be applied to all the rules in the application For example if there is a Google Talk rule with no exceptional IP when adding a new...

Страница 118: ...V VP PN N Q Qo oS S W Wi ir re el le es ss s R Ro ou ut te er r 117 11 2 L7 VIP Priority Channel 1 Rule List 2 Add New Rule Click...

Страница 119: ...will be shown on the list so administrator could name the rule by users or usages Select one WAN as VIP For example only the traffic of president room on WAN1 and WAN2 is VIP traffic on other WAN por...

Страница 120: ...riority Set source IP Group as VIP For instance if General Manager Room IP group is chosen they will have VIP priority no matter what application is used Set VIP application and source IP Group at the...

Страница 121: ...After choosing Category the Item column will show the crosponding list Hint Directly click on the applications to put them effective Cancel the application by double clicks Click Choose All to put all...

Страница 122: ...V VP PN N Q Qo oS S W Wi ir re el le es ss s R Ro ou ut te er r 121 Step 4 Click to save the rules...

Страница 123: ...V VP PN N Q Qo oS S W Wi ir re el le es ss s R Ro ou ut te er r 122 11 3 L7 QoS 1 Rule List...

Страница 124: ...some of the software applications display by KB 1KB 8kbit Calculating bandwidth utility of QoS rule minimize of bandwidth IP set up number For example IP range is 192 168 1 101 110 minimize bandwidth...

Страница 125: ...V VP PN N Q Qo oS S W Wi ir re el le es ss s R Ro ou ut te er r 124 2 Add New Rule Click...

Страница 126: ...rence Please visit the official website for the actual application support list After choosing Category the Item column will show the crosponding list Hints Directly click on the applications to put t...

Страница 127: ...for Intranet IP Bandwidth sharing Sharing total bandwidth with all IP addresses If this option is selected all IP addresses or Service Ports will share the bandwidth range from minimum to maximum band...

Страница 128: ...o ou ut te er r 127 Step 4 Make sure the time setting is correct to make the rule in effective only during the set time All time is set as the default The time frame could be modified in the following...

Страница 129: ...the URL destination IP address or the port number You can see the Application Define feature on the Application Status Table or on the APP List of all L7 Management features Application Status Figure...

Страница 130: ...an IP range is to be controlled input the range such as 100 100 100 105 200 Dest IP Group Apply the Dest IP Group from the Group Management function Domain Name Use Domain Name to define the applicat...

Страница 131: ...of the policies Figures are used for reference Please visit the official website for the actual application support list 1 Sorting and ordering the applications Sorting the applications or ordering th...

Страница 132: ...u ut te er r 131 11 6 Database Update Database Update function provides administrator to know the server side informations on this web page whether the newest version to update moreover to set up the...

Страница 133: ...diatly after you downloaded this version will reserve in system you can download manually from downloaded version in Version Management 3 Latest Version Check The latest time of server version checkin...

Страница 134: ...nstallation Disable the Automatic Update Installation System will not update the database administrator can update the database manually by press the Enable Automatic Update Installastion Download and...

Страница 135: ...V VP PN N Q Qo oS S W Wi ir re el le es ss s R Ro ou ut te er r 134 XII VPN Virtual Private Network 10 1 VPN...

Страница 136: ...nt to Gateway tunnel The VPN tunnel connections are done by 2 VPN devices via the Internet When a new tunnel is added the setting page for Gateway to Gateway or Client to Gateway will be displayed Gat...

Страница 137: ...o avoid confusion Note If this tunnel is to be connected to the other VPN device some device requires that the tunnel name is identical to the name of the host end to facilitate verification This tunn...

Страница 138: ...rs don t need to do further settings 2 IP Domain Name FQDN Authentication If users select IP domain name type please enter the domain name and IP address The WAN IP address will be automatically fille...

Страница 139: ...rs use dynamic IP address to connect to the device users may select this option to connect to VPN without entering IP address When VPN Gateway requires for VPN connection the device will start authent...

Страница 140: ...gateway authentication type Remote Security Gateway Type must be identical to the remotely connected local security gateway authentication type Local Security Gateway Type Remote Security Gateway Type...

Страница 141: ...fied FQDN refers to the combination of host name and domain name Users may enter any name that corresponds to the domain name of FQDN This IP address and domain name must be identical to those of the...

Страница 142: ...Dynamic IP Domain Name FQDN Authentication If users use dynamic IP address to connect with the device users may select the combination of the dynamic IP address host name and domain name 5 Dynamic IP...

Страница 143: ...rs 1 IP address This option allows the only IP address which is entered to build the VPN tunnel Reference When this VPN tunnel is connected computers with the IP address of 192 168 2 1 can establish c...

Страница 144: ...ect the desired encryption mode as illustrated below Encryption Management Protocol When users set this VPN tunnel to use any encryption and authentication mode users must set the parameter of this ex...

Страница 145: ...PN tunnel to use any authentication mode Note that this parameter must be identical to that of the remote authentication mode MD5 or SHA1 Phase 1 SA Life Time The life time for this exchange code is s...

Страница 146: ...ection This is mostly used to connect the remote node of the branch office and headquarter or used for the remote dynamic IP address AH hash calculation For AH Authentication Header users may select M...

Страница 147: ...nd point for the Heart Beat detection the end point should be a strong and stable server which is able to send reply quickly We suggest using the LAN IP address of the VPN remote end point device as t...

Страница 148: ...PN feature please select the Tunnel number Tunnel Name Displays the current VPN tunnel connection name such as XXX Office Users are well advised to give them different names to avoid confusion Note If...

Страница 149: ...ER FQDN Authentication Dynamic IP address Email address name 1 IP only If users decide to use IP only entering the IP address is the only way to gain access to this tunnel The WAN IP address will be a...

Страница 150: ...connection if users select this option to link to VPN please enter the domain name 5 Dynamic IP E mail Addr USER FQDN Authentication If users use dynamic IP address to connect to the device users may...

Страница 151: ...uters with the IP address of 192 168 1 0 can establish connection 2 Subnet This option allows local computers in this subnet to be connected to the VPN tunnel Reference When this VPN tunnel is connect...

Страница 152: ...uthentication Dynamic IP E mail Addr USER FQDN Authentication 1 IP only If users decide to use IP only entering the IP address is the only way to gain access to this tunnel The WAN IP address will be...

Страница 153: ...users may select this option to link to VPN If the remote VPN gateway requires connection to the device for VPN connection this device will start authentication and respond to this VPN tunnel connecti...

Страница 154: ...elect the desired encryption mode as illustrated below Encryption Management Protocol When users set this VPN tunnel to use any encryption and authentication mode users must set the parameter of this...

Страница 155: ...PN tunnel to use any authentication mode Note that this parameter must be identical to that of the remote authentication mode MD5 or SHA1 Phase 1 SA Life Time The life time for this exchange code is s...

Страница 156: ...ection This is mostly used to connect the remote node of the branch office and headquarter or used for the remote dynamic IP address AH hash calculation For AH Authentication Header users may select M...

Страница 157: ...stable server which is able to send reply quickly We suggest using the LAN IP address of the VPN remote end point device as the target of the Heart Beat detection Interval The default time for the He...

Страница 158: ...l le es ss s R Ro ou ut te er r 157 Enabled PPTP Server When this option is selected the point to point tunnel protocol PPTP server can be enabled PPTP IP Address Range Please enter PPTP IP address ra...

Страница 159: ...All PPTP Status Displays all successfully connected users including username remote IP address and PPTP address 10 1 3 VPN Pass Through IPSec Pass Through If this option is enabled the PC is allowed...

Страница 160: ...cess by entering Server IP User Name and Password 2 Central Control Feature Displays a clear VPN connection status of all remote ends and branches Its central control screen allows setup from remote i...

Страница 161: ...contention drops The range is 1 60 mins QVM Backup Tunnel You can input at most 3 backup IP addresses or domain names for backup Once the connection is dropped the function will be automatically enab...

Страница 162: ...he DMZ Host function is selected to cancel this function users must input 0 in the following DMZ Private IP This function will then be closed After the changes are completed click Apply to save the ne...

Страница 163: ...80 to access the web page In the same way to set up other services please input the server TCP or UDP port number and the virtual host IP addresses Service To select from this option the default list...

Страница 164: ...elect whether a service port is TCP or UDP Port Range To activate this function input the range of the service port locations users want to activate such as 500 500 or 2300 2310 etc Add to list Add th...

Страница 165: ...is 21 21 Please refer to the default service number list Host Name or IP Address Input the Intranet virtual IP address or name that maps with UPnP such as 192 168 1 100 Enabled Activate this function...

Страница 166: ...rmation Protocol When there are more than one router and IP subnets the routing mode for the device should be configured as static routing Static routing enables different network nodes to seek necess...

Страница 167: ...s is the router layer count for the IP If there are two routers under the device users should input 2 for the router layer the default is 1 Max is 15 Interface This is to select WAN port or LAN port f...

Страница 168: ...heir own public IP addresses For example if there are more than 2 web servers requiring public IP addresses administrators can map several public IP addresses directly to internal private IP addresses...

Страница 169: ...ase do not include IP addresses in use by WANs Add to List Add this configuration to the One to One NAT list Delete Seleted Item Remove a selected One to One NAT list Apply Click Apply to save the net...

Страница 170: ...nged from time to time To overcome this problem for users who want to build services such as a website it offers the function of dynamic web address transfer This service can be applied from http www...

Страница 171: ...ct one of the four DDNS website address transfer functions Username The name which is set up for DDNS Input a complete website address such as abc qnoddns org cn as a user name for QnoDDNS Password Th...

Страница 172: ...171 Apply After the changes are completed click Apply to save the network configuration modification Cancel Click Cancel to leave without making any changes Register for Qno DDNS 1 Please go to Qno w...

Страница 173: ...ress which users used to register this product and the serial number of the product to log in to the QnoDDNS Service System Be sure to input an available e mail address so that the password sent from...

Страница 174: ...u ut te er r 173 3 Rules for Applying a Domain Name The Domain should have at least 4 letters and no more than 63 letters The Domain name should only consist of a z lowercase letter and 0 9 numerals a...

Страница 175: ...V VP PN N Q Qo oS S W Wi ir re el le es ss s R Ro ou ut te er r 174...

Страница 176: ...Users can input the network card physical address MAC address 00 xx xx xx xx xx here The device will adopt this MAC address when requesting IP address from ISP Select the WAN port to which the configu...

Страница 177: ...nd Time setting is in Chapter 5 2 12 1 Diagnostic The device provides a simple online network diagnostic tool to help users troubleshoot network related problems This tool includes DNS Name Lookup Dom...

Страница 178: ...m informs users of the status quo of the outbound session and allows the user to know the existence of computers online On this test screen please enter the host IP that users want to test such as 192...

Страница 179: ...he Firmware Upgrade page Please confirm all information about the software version in advance Select and browse the software file click Firmware Upgrade Right Now to complete the upgrade of the design...

Страница 180: ...content of parameter settings into the device Before upgrade confirm all information about the software version Select and browse the backup parameter file config exp Select the file and click Import...

Страница 181: ...Through this SNMP communications protocol programs with network management i e SNMP Tools HP Open View can help communications of real time management The device supports standard SNMP v1 v2c and is...

Страница 182: ...Set the name of the group or community that can view the device SNMP data The default setting is Public Set Community Name Set the name of the group or community that can receive the device SNMP data...

Страница 183: ...o ou ut te er r 182 12 5 System Recover Users can restart the device with System Recover button System Recover As the figure below if clicking Restart Router button the dialog block will pop out confi...

Страница 184: ...Qo oS S W Wi ir re el le es ss s R Ro ou ut te er r 183 Return to Factory Default Setting If clicking Return to Factory Default Setting the dialog block will pop out if the device will return to fact...

Страница 185: ...nt and look up we can see the relevant operation status which is convenient for us to facilitate the setup and operation 13 1 System Log Its system log offers three options system log E mail alert and...

Страница 186: ...ng warning message Click to activate these features Syn Flooding IP Spoofing Win Nuke Ping of Death Unauthorized Login Attempt Syn Flooding Bulky syn packet transmission in a short time causes the ove...

Страница 187: ...or instance message will be recorded in the system log Allow Policies If remote users enter the system because of compliance with access rules for instance message will be recorded in the system log C...

Страница 188: ...le es ss s R Ro ou ut te er r 187 Outgoing Packet Log View system packet log which is sent out from the internal PC to the Internet This log includes LAN IP destination IP and service port that is ap...

Страница 189: ...Packet Log View system packet log of those entering the firewall The log includes information about the external source IP addresses destination IP addresses and service ports It is illustrated as be...

Страница 190: ...mation such as port location device name current WAN link status IP address MAC address subnet mask default gateway DNS number of received sent total packets number of received sent total Bytes Receiv...

Страница 191: ...es will be displayed on the Traffic Statistic page to provide better traffic management and control Inbound IP Source Address The figure displays the source IP address bytes per second and percentage...

Страница 192: ...t te er r 191 Inbound IP Service The figure displays the network protocol type destination IP address bytes per second and percentage Outbound IP Service The figure displays the network protocol type...

Страница 193: ...e allows administrators to inquire a specific IP or from a specific port about the addresses that this IP had visited or the users source IP who used this service port This facilitates the identificat...

Страница 194: ...Enter the IP address that users want to inquire and then the entire destination IP connected to remote devices as well as the number of ports will be displayed Specific Port Status Enter the service...

Страница 195: ...V VP PN N Q Qo oS S W Wi ir re el le es ss s R Ro ou ut te er r 194...

Страница 196: ...R Ro ou ut te er r 195 XVI Log out On the top right corner of the web based UI there is a Logout button Click on it to log out of the web based UI To enter next time open the Web browser and enter the...

Страница 197: ...er r 196 Appendix I Troubleshooting 1 Block BT Download To block BT and prevent downloading by users go to the Firewall Content Filter and select Enable Website Block by Keywords followed by the inpu...

Страница 198: ...d Worm viruses recently the internet transmission speed was brought down and the Session bulky increase result in the massive processing load of the device The following guides users to block this vir...

Страница 199: ...V VP PN N Q Qo oS S W Wi ir re el le es ss s R Ro ou ut te er r 198 Use the same method to add UDP UDP135 139 and TCP 445 445 Ports c Enhance the priority level of these three to the highest...

Страница 200: ...and enter Firewall Access Rule b Click Add New Rule under Access Rule page Select Deny in Action under the Service rule setting followed by the selection of All Traffic TCP UDP 1 65535 from the servi...

Страница 201: ...ut te er r 200 121 14 75 115 60 28 234 117 60 28 235 119 222 28 155 17 QQ LiveVersion QQ Live 2008 7 0 4017 0 Tested on 2008 07 29 After repeated addition users may see the links to the QQLive Server...

Страница 202: ...Protocol In LAN what is actually transmitted is frame in which there is MAC address of the destination host device So called Address Analysis refers to the transferring process of the target IP addres...

Страница 203: ...in the device or LAN PC The former intercepts the gateway data and send ceaselessly a series of wrong MAC messages to the device which sends out wrong MAC address The PC thus cannot receive the messag...

Страница 204: ...idently this is a cheat by ARP 3 ARP Solution Now we understand ARP ARP cheat and attack as well as how to identify this type of attack What comes next is to find out effective prevention measures to...

Страница 205: ...in the network follow the same way to enter the IP and MAC address of the corresponding device to complete the binding work However if this act restarts the computer the setting will be cancelled Ther...

Страница 206: ...carry out the prevention work However this is more complicated because the search for the IP and address and MAC increases the workload Moreover there is greater possibility of making errors during th...

Страница 207: ...ore recommended because of easy operation reducing workload and time efficiency It is described in the following Enter Setup under the DHCP page and look for IP and MAC binding On the right there is a...

Страница 208: ...c operations can help solve the problem but Qno s technical engineers suggest that further measures should be taken to prevent the ARP attack 1 Deal with virus source as well as the source device affe...

Страница 209: ...and invasion of the virus Some users of the pirate version of Windows cannot install patches successfully Users are advised to use network firewall and other measures for protection 6 Close some unne...

Страница 210: ...onto the Qno s bandwidth forum refer to the examples of the FTP server or contact the technical department of Qno s dealers as well as the Qno s Mainland technical center Qno Official Website http www...

Результаты поиска

Содержание VPN QoS

Отзывы:

Похожие инструкции для VPN QoS

Бренды по названию

Популярные бренды

QNO VPN QoS, Руководство пользователя

Результаты поиска

Содержание VPN QoS

Отзывы:

Похожие инструкции для VPN QoS

Бренды по названию

Популярные бренды