Digicom Michelangelo SHDSL manuel d'utilisation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122

Aller à la page of

Un bon manuel d’utilisation

Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation Digicom Michelangelo SHDSL. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel Digicom Michelangelo SHDSL ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.

Qu'est ce que le manuel d’utilisation?

Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation Digicom Michelangelo SHDSL décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.

Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.

Donc, ce qui devrait contenir le manuel parfait?

Tout d'abord, le manuel d’utilisation Digicom Michelangelo SHDSL devrait contenir:
- informations sur les caractéristiques techniques du dispositif Digicom Michelangelo SHDSL
- nom du fabricant et année de fabrication Digicom Michelangelo SHDSL
- instructions d'utilisation, de réglage et d’entretien de l'équipement Digicom Michelangelo SHDSL
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes

Pourquoi nous ne lisons pas les manuels d’utilisation?

Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage Digicom Michelangelo SHDSL ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles Digicom Michelangelo SHDSL et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service Digicom en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées Digicom Michelangelo SHDSL, comme c’est le cas pour la version papier.

Pourquoi lire le manuel d’utilisation?

Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif Digicom Michelangelo SHDSL, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.

Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation Digicom Michelangelo SHDSL. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.

Table des matières du manuel d’utilisation

  • Page 1

    Michelangelo SHD SL SHDSL VPN Firew all Bridge/ Router User’s Manual V er . 1.0[...]

  • Page 2

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 1: Introduction 2 Chapter 1: Introduction Introduction to your Router W elcome to the Digicom MICHELANGELO SHDSL Router . Y our Digicom SHDSL router is an “all-in-one” unit, combining an SH DSL modem, SHDSL router and Ethernet network switch, providing everything you need to get the machines[...]

  • Page 3

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 1: Introduction 3 Dynamic Domain Name System (DDNS) The Dynamic DNS service allows you to alias a dynamic IP address to a static hostname. This dynamic IP address is the W AN IP address. For example, to use the service, you must first apply for an account from a DDNS service like http://www .dyn[...]

  • Page 4

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 2: Installing the Router 4 Chapter 2: Installing the Router Important note for using this router Package Contents SHDSL Router CD-ROM containing the online manual RJ-1 1 SHDSL / telephone Cable Ethernet (CA T -5 LAN) Cable Console (PS2-RS232) Cable AC-DC power adapter (12V DC, 1A) Quick Start Gu[...]

  • Page 5

    MICHELANGELO SHDSL VPN Firewall Bridge/Router 5 The Front LEDs of MICHLANGELO SHDSL LED Meaning 1 2 LINE 1 & 2 Lit when successfully connected to SHDSL line and it is synchronized. 3 LAN Port 1X — 4X (RJ-45 connector) Lit when connected to an Ethernet device. Green for 100Mbps; Orange for 10Mbps. Blinking when data is Transmitted / Received. [...]

  • Page 6

    MICHELANGELO SHDSL VPN Firewall Bridge/Router 6 The Rear Ports of MICHELANGELO SHDSL Port Meaning 1 Power Switch Power ON/OFF switch 2 PWR Connect the supplied power adapter to this jack. 3 RESET T o be sure the device is being turned on ‡ press RESET button for: 1-3 seconds : quick reset the device. 6 seconds above, and power off, power on the d[...]

  • Page 7

    MICHELANGELO SHDSL VPN Firewall Bridge/Router 7 Cabling One of the most common causes of problems is bad cabling or SHDSL line(s) . Make sure that all connected devices are turned on. On the front of the product is a bank of LEDs. V erify that the LAN Link and SHDSL line LEDs are lit. If they are not, verify that you are using the proper cables.[...]

  • Page 8

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 3: Basic Installation 8 Any TCP/IP capable workstation can be used to communicate with or through the router . T o configure other types of workstations, please consult the manufacturer’s documentation. Chapter 3: Basic Installation The router can be configured with your w eb browser . A web b[...]

  • Page 9

    Chapter 3: Basic Installation 9 Configuring PCs in W indows in W indow XP 1. Go to Start / Control Panel (in Classic View). In the Control Panel, double-click Network Connections . 2. Double-click Local Area Connection . (See Figure 3.1) 3. In the LAN Area Connection Status window , click Properties . ( See Figure 3.2) 4. Select Internet Protocol ([...]

  • Page 10

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 3: Basic Installation 10 Configuring PCs in W indows 2000 1. Go to Start / Settings / Control Panel . In the Control Panel, double-click Network and Dial-up Connections . 2. Double-click Local Area (“LAN”) Connection . (See Figure 3.5) 3. In the LAN Area Connection Status window , click Prop[...]

  • Page 11

    Chapter 3: Basic Installation 1 1 Configuring PC in W indows 95/98/ME 1. Go to Start / Settings / Control Panel . In the Control Panel, double-click Network and choose the Configuration tab. 2. Select TCP / IP -> NE2000 Compatible , or the name of any Network Interface Card (NIC) in your PC. ( See Figure 3.9) 3. Click Properties . 4. Select the [...]

  • Page 12

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 3: Basic Installation 12 Configuring PC in W indows NT4.0 1. Go to Start / Settings / Control Panel . In the Control Panel, double-click Network and choose the Protocols tab. 2. Select TCP/IP Protocol and click Properties . ( See Figure 3.12) 3. Select the Obtain an IP address from a DHCP server[...]

  • Page 13

    Chapter 3: Basic Installation 13 Factory Default Settings Before configuring your , you need to know the following default settings. W eb Interface (Username and Password) Username: admin Password: admin The default username and password are “ admin ” and “ admin ” respectively . Device LAN IP settings: IP Address: 192.168.1.254 Subnet Mask[...]

  • Page 14

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 3: Basic Installation 14 Information from your ISP Before configuring this device, you have to check with your ISP (Internet Service Provider) to find out what kind of service is provided such as DHCP (Obtain an IP Address Automatically , Static IP (Fixed IP Address) and PPPoE. Gather the inform[...]

  • Page 15

    Chapter 3: Basic Installation 15 Configuring with your W eb Browser Open your web browser , enter the IP address of your router , which by default is 192.168.1.254 , and click “ Go ”, a user name and password window prompt will appear . The default username and password are “admin” and “admin” respectively . (See Figure 3.14) Figure 3.1[...]

  • Page 16

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 16 Chapter 4: Configuration At the configuration homepage, the left navigation pane where bookmarks are provided links you directly to the desired setup page, including: Status - ARP T able - Routing T able - DHCP T able - PPTP Status - IPSec Status - L2TP Status - Email Status [...]

  • Page 17

    Chapter 4: Configuration 17 Status ARP T able This section displays the router’s ARP (Address Resolution Protocol) T able, which shows the mapping of Internet (IP) addresses to Ethernet (MAC) addresses. This is useful as a quick way of determining the MAC address of the network interface of your PCs to use with the router’s Firewall – MAC Add[...]

  • Page 18

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 18 DHCP T able Leased: The DHCP assigned IP addresses information. IP Address: A list of IP addresses of devices on your LAN (Local Area Network). Expired: The expired IP addresses information. Permanent: The fixed host mapping information Leased T able IP Address: The IP addres[...]

  • Page 19

    Chapter 4: Configuration 19 PPTP Status This shows details of your configured PPTP VPN Connections. Name: The name you assigned to the particular PPTP connection in your VPN configuration. T ype: The type of connection (dial-in/dial-out). Enable: Whether the connection is currently enabled. Active: Whether the connection is currently active. T unne[...]

  • Page 20

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 20 L2TP Status This shows details of your configured L2TP VPN Connections. Name: The name you assigned to the particular L2TP connection in your VPN configuration. T ype: The type of connection (dial-in/dial-out). Enable: Whether the connection is currently enabled. Active: Whet[...]

  • Page 21

    Chapter 4: Configuration 21 Event Log This page displays the router’s Event Log entries. Major events are logged to this window , such as when the router’s SHDSL connection is disconnected, as well as Firewall events when you have enabled Intrusion or Blocking Logging in the Configuration – Firewall section of the interface. Please see the Fi[...]

  • Page 22

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 22 NA T Sessions This section lists all current NA T sessions between interface of types external (W AN) and internal (LAN). Diagnostic It tests the connection to computer(s) which is connected to LAN ports and also the W AN Internet connection. If PING www .google.com is shown [...]

  • Page 23

    Chapter 4: Configuration 23 UPnP Portmap The section lists all port-mapping established using UPnP (Universal Plug and Play). Please see the Advanced section of this manual for more details on UPnP and the router’s UPnP configuration options.[...]

  • Page 24

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 24 Quick Start For detailed instructions on configuring your W AN settings, please see the W AN section of this manual. Usually , the only details you will need for the Quick Start wizard to get you online are your login (often in the form of username@ispname ), your password an[...]

  • Page 25

    Chapter 4: Configuration 25 Select the desired option from the list and click Apply to return to the Quick Start interface to continue configuring your ISP connection. Please note that the contents of this list will vary , depending on what is supported by your ISP .[...]

  • Page 26

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 26 Configuration When you click this item, you get following sub-items to configure your router . LAN, W AN, System, Firewall, VPN, QoS, Virtual Server , T ime Schedule and Advanced These functions are described below in the following sections. LAN (Local Area Network) Here are [...]

  • Page 27

    Chapter 4: Configuration 27 Ethernet Primary IP Address IP Address: The default IP on this router . SubNetmask: The default subnet mask on this router . RIP: RIP v1, RIP v2, and RIP v2 Multicast. Check to enable RIP function. IP Alias This function supports to create multiple virtual IP interfaces on this router . It helps to connect two or more lo[...]

  • Page 28

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 28 Ethernet Client Filter The Ethernet Client Filter supports up to 16 Ethernet network machines that helps you to manage your network control to accept traf fic from specific authorized machines or can restrict unwanted machine(s) to access your LAN. There are no pre-define Eth[...]

  • Page 29

    Chapter 4: Configuration 29 Y ou can easily by checking the box next to the IP address to be blocked or allowed. Then, Add to insert to the Ethernet Client Filter table. The maximum Ethernet client is 16. Port Setting This section allows you to configure the settings for the router’s Ethernet ports to solve some of the compatibility problems that[...]

  • Page 30

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 30 DHCP Server Y ou can disable or enable the DHCP (Dynamic Host Configuration Protocol) server or enable the router’s DHCP relay functions. The DHCP protocol allows your router to dynamically assign IP addresses to PCs on your network if they are configured to obtain IP addre[...]

  • Page 31

    Chapter 4: Configuration 31 W AN - Wide Area Network W AN refers to your Wide Area Network connection, i.e. your router’s connection to your ISP and the Internet. Here are the items within the W AN section: ISP , DNS and SHDSL . ISP The factory default is PPPoE. If your ISP uses th is access protocol, click Edit to input other parameters as below[...]

  • Page 32

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4:Configuration 32 RFC 1483 Routed Connections Description: User-definable name for the connection. VPI and VCI: Enter the information provided by your ISP . A TM Class: The Quality of Service for A TM layer . NA T : The NA T (Network Address T ranslation) feature allows multiple users to access[...]

  • Page 33

    Chapter 4: Configuration 33 RFC 1483 Bridged Connections Description: User-definable name for the connection. VPI and VCI: Enter the information provided by your ISP . A TM Class: The Quality of Service for A TM layer . Encapsulation method: Select the encapsulation format, this is provided by your ISP . Acceptable Frame T ype: Specify what kind of[...]

  • Page 34

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4:Configuration 34 PPPoA Routed Connections Description: User-definable name for the connection. VPI/VCI: Enter the information provided by your ISP . A TM Class: The Quality of Service for A TM layer . NA T : The NA T (Network Address T ranslation) feature allows multiple users to access the In[...]

  • Page 35

    Chapter 4: Configuration 35 MTU: Maximum T ransmission Unit. The size of the largest datagram (excluding media-specific headers) that IP will attempt to send through the interface. Advanced Options (PPPoA) LLC Header: Selects encapsulation mode, true for using LLC or false for using VC-Mux. Create Route: This setting specifies whether a route is ad[...]

  • Page 36

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4:Configuration 36 IPoA Routed Connections Description: User-definable name for the connection. VPI/VCI: Enter the information provided by your ISP . A TM Class: The Quality of Service for A TM layer . NA T : The NA T (Network Address T ranslation) feature allows multiple users to access the Int[...]

  • Page 37

    Chapter 4: Configuration 37 PPPoE Connections Description: User-definable name for this connection. VPI/VCI: Enter the information provided by your ISP . A TM Class: The Quality of Service for A TM layer . NA T : The NA T (Network Address T ranslation) feature allows multiple users to access the Internet through a single ISP account, sharing a sing[...]

  • Page 38

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4:Configuration 38 § Detail: Y ou can define the destination port and packet type (TCP/UDP) without checking by timer . It allows you to set which outgoing traf fic will not trigger and reset the idle timer . RIP: RIP v1, RIP v2, and RIP v2 Multicast. Check to enable RIP function. MTU: Maximum [...]

  • Page 39

    Chapter 4: Configuration 39 PPPoE with Pass-through Connections PPPoE with pass-through adapts the following method: PPPoE Routed mode + 1483 Bridge Mode. With pure PPPoE connection, the router can get one W AN address to the router . With the PPPoE and PPPoE pass- through, concurrently , it allows user to have a W AN address assigned to the router[...]

  • Page 40

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4:Configuration 40 § Connect on Demand: If you want to establish a PPPoE session only when there is a packet requesting access to the Internet (i.e. when a program on your computer attempts to access the Internet). Idle Timeout: Auto-disconnect the broadband firewall gateway when there is no ac[...]

  • Page 41

    Chapter 4: Configuration 41 DNS A Domain Name System (DNS) contains a mapping table for domain name and IP addresses. On the Internet, every host has a unique and user-friendly name (domain name) such as www .helloworld .com and an IP address. An IP address is a 32-bit number in the form of xxx.xxx.xxx.xxx , for example 192.168.1.254. Y ou can thin[...]

  • Page 42

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4:Configuration 42 SHDSL 4-wired Mode 2-wired Mode 4-Wired Connection: MICHELANGELO SHDSL supports either 2-wire and 4-wires SHDSL connection. Activate the device to 4-wired by enabling the function; otherwise, disable it to be used as 2-wire mode connection. Note: When select 2-wired mode , onl[...]

  • Page 43

    Chapter 4: Configuration 43 System Here are items within the System section: T ime Zone, Remote Access, Firmware Upgrade, Backup/Restore, Restart and User Management. T ime Zone The router does not have a real time clock on board; instead, it uses the Simple Network T ime Protocol (SNTP) to get the current time from an SNTP server outside your netw[...]

  • Page 44

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4:Configuration 44 Remote Access T o temporarily permit remote administration of the router (i.e. from outside your LAN), select a time period the router will permit remote access for and click Enable. Y ou may change other configuration options for the web administration interface using Device [...]

  • Page 45

    Chapter 4: Configuration 45 DO NOT power down the router or interrupt the firmware upgrading while it is still in process. Improper operation could damage the router . Firmware Upgrade Y our router’s “firmware” is the software that allows it to operate and provides all its functionality . Think of your router as a dedicated computer , and the[...]

  • Page 46

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4:Configuration 46 Backup / Restore These functions allow you to save and backup your router’s current settings to a file on your PC, or to restore a previously saved backup. This is useful if you wish to experiment with dif ferent settings, knowing that you have a backup handy in the case of [...]

  • Page 47

    Chapter 4: Configuration 47 Restart Router Click Restart with option Current Settings to reboot your router (and restore your last saved configuration). If you wish to restart the router using the factory default settings (for example, after a firmware upgrade or if you have saved an incorrect configuration), select Factory Default Settings to rese[...]

  • Page 48

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 48 User Management In order to prevent unauthorized access to your router’s configuration interface, it requires all users to login with a password. Y ou can set up multiple user accounts, each with their own password. Y ou are able to Edit existing users and Create new users [...]

  • Page 49

    Chapter 4: Configuration 49 When using V irtual Servers your PCs will be exposed to the degree specified in your V irtual Server settings provided the ports specified are opened in your firewall packet filter settings. Firewall and Access Control Y our router includes a full SPI (Stateful Packet Inspection) firewall for controlling Internet access [...]

  • Page 50

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 50 General Settings Y ou can choose not to enable Firewall, you will not able to add filter rules by yourself in the Packet Filter , or enable the Firewall using preset filter rules and modify the packet filter rules as required. The Packet Filter is used to filter packets based[...]

  • Page 51

    Chapter 4: Configuration 51 Packet Filter This function is only available when the Firewall is enabled and one of these four security levels is chosen (All blocked, High, Medium and Low). The predefined port filter rules in the Packet Filter must modify accordingly to the level of Firewall, which is selected. See T able1: Predefined Port Filter for[...]

  • Page 52

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 52 Example: Predefined Port Filters Rules The predefined port filter rules for High, Medium and Low security levels are listed. See T able 1. Note: Firewall – All Blocked/User-defined, you must define and create the port filter rules yourself. No predefined rule is being preco[...]

  • Page 53

    Chapter 4: Configuration 53 Packet Filter – Add TCP/UDP Filter Rule Name: Users-define description to identify this entry or click to select existing predefined rules. The maximum name length is 32 characters. T ime Schedule: It is self-defined time period. Y ou may specify a time schedule for your prioritization policy . For setup and detail, re[...]

  • Page 54

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 54 Packet Filter – Add Raw IP Filter Rule Name: Users-define description to identify this entry or click to select existing predefined rules. T ime Schedule: It is self-defined time period. Y ou may specify a time schedule for your prioritization policy . For setup and detail,[...]

  • Page 55

    Chapter 4: Configuration 55 Example: Configuring your firewall to allow for a publicly accessible web server on your LAN The predefined port filter rule for HTTP (TCP port 80) is the same no matter whether the firewall is set to a high, medium or low security level. T o setup a web server located on the local network when the firewall is enabled, y[...]

  • Page 56

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 56 Configuring Packet Filter: 1. Click Port Filters . Y ou will then be presented with the predefined port filter rules screen (in this case for the low security level), shown below: Note: Y ou may click Edit the predefined rule instead of Delete it. This is an example to show t[...]

  • Page 57

    Chapter 4: Configuration 57 5. The new port filter rule for HTTP is shown below: 6. Configure your V irtual Server (“port forwarding”) settings so that incoming HTTP requests on port 80 will be forwarded to the PC running your web server: Note: For how to configure the HTTP in Virtual Server, go to Add Virtual Server in Virtual Server section f[...]

  • Page 58

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 58 Intrusion Detection The router’s Intrusion Detection System (IDS) is used to detect hacker attacks and intrusion attempts from the Internet. If the IDS function of the firewall is enabled, inbound packets are filtered and blocked depending on whether they are detected as po[...]

  • Page 59

    Chapter 4: Configuration 59 T able 2: Hacker attack types recognized by the IDS Intrusion Name Detect Parameter Blacklist T ype of Block Duration Drop Packet Show Log Ascend Kill Ascend Kill data Src IP DoS Y es Y es WinNuke TCP Port 135, 137~139, Flag: URG Src IP DoS Y es Y es Smurf ICMP type 8 Des IP is broadcast Dst IP Victim Protection Y es Y e[...]

  • Page 60

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 60 URL Filter URL (Uniform Resource Locator – e.g. an address in the form of http://www .abcde.com or http://www .example.com) filter rules allow you to prevent users on your network from accessing particular websites by their URL. There are no pre-defined URL filter rules; yo[...]

  • Page 61

    Chapter 4: Configuration 61 dropped. 3. If the packet does not match either of the above two items, it is sent to the remote web server . 4. Please be note that the completed URL, “www” + domain name, shall be specified. For example to block traf fic to www .google.com.au, enter “www .google” or “www .google.com” In the example below , [...]

  • Page 62

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 62 IM / P2P Blocking IM, short for Instant Message, is required to use client program software that allows users to communicate, in exchanging text message, with other IM users in real time over the Internet. A P2P application, known as Peer-to-peer , is group of computer users [...]

  • Page 63

    Chapter 4: Configuration 63 Firewall Log Firewall Log display log information of any unexpected action with your firewall settings. Check the Enable box to activate the logs. Log information can be seen in the Status – Event Log after enabling.[...]

  • Page 64

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 64 VPN - Virtual Private Networks V irtual Private Networks is ways to establish secured communication tunnels to an organization’s network via the Internet. Y our router supports three main types of VPN (V irtual Private Network), PPTP , IPSec and L2TP . PPTP (Point-to-Point [...]

  • Page 65

    Chapter 4: Configuration 65 PPTP Connection - Remote Access Connection Name: User-defined name for the connection (e.g. “connection to of fice”). T ype: Check Dial Out if you want your router to operate as a client (connecting to a remote VPN server , e.g. your office server), check Dial In operates as a VPN server . § When configuring your ro[...]

  • Page 66

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 66 Example: Configuring a Remote Access PPTP VPN Dial-out Connection A company’s office establishes a PPTP VPN connection with a file server located at a separate location. The router is installed in the of fice, connected to a couple of PCs and Servers. Dial-out[...]

  • Page 67

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 67 Configuring the PPTP VPN in the Office Y ou can either input the IP address (69.1.121.33 in this case) or hostname to reach the server . Item Function Description 1 Connection Name VPN_PPTP Given name of PPTP connection Dial out Check Dial out 2 Server IP Address (or Hostname[...]

  • Page 68

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 68 PPTP Connection - LAN to LAN Connection Name: User-define description of the connection. T ype: Check Dial Out if you want your router to operate as a client (connecting to a remote VPN server , e.g. your office server), check Dial In operates as a VPN server . § When config[...]

  • Page 69

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 69 Example: Configuring a PPTP LAN-to-LAN VPN Connection The branch office establishes a PPTP VPN tunnel with head of fice to connect two private networks over the Internet. The routers are installed in the head of fice and branch office accordingly . Both of fice LAN networks M[...]

  • Page 70

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 70 Configuring PPTP VPN in the Head Office The IP address 192.168.1.201 will be assigned to the router located in the branch of fice. Please make sure this IP is not used in the head of fice LAN. Item Function Description 1 Connection Name HeadOf fice Given a name of PPTP connec[...]

  • Page 71

    Chapter 4: Configuration 71 Configuring PPTP VPN in the Branch Office The IP address 69.1.121.30 is the Public IP address of the router located in head of fice. If you registered the DDNS (please refer to the DDNS section of this manual), you can also use the domain name instead of the IP address to reach the router . Item Function Description 1 Co[...]

  • Page 72

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 72 IPSec (IP Security Protocol) Click Create to create a new IPSec VPN connection account. After you have created the IPSec connection, account information will be displayed. (See example above). § Enable / Disable: This function activates or deactivates the IPSec connection. T[...]

  • Page 73

    Chapter 4: Configuration 73 IPSec VPN Connection Connection Name: User-defined name for the connection (e.g. “connection to of fice”). Local Network: Set the IP address, subnet or address range of the local network. § Single Address: The IP address of the local host. § Subnet: The subnet of the local network. For example, IP: 192.168.1.0 with[...]

  • Page 74

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 74 change encryption keys during the second phase of VPN negotiation. This function will provide better security , but extends the VPN negotiation time. Dif fie-Hellman is a public-key cryptography protocol that allows two parties to establish a shared secret over an unsecured c[...]

  • Page 75

    Chapter 4: Configuration 75 Advanced Option This function is only available after completed creating an IPSec account. Click Advanced Option to change the following settings: IKE (Internet key Exchange) Mode: Select IKE mode to Main mode or Aggressive mode. This IKE provides secured key generation and key management. IKE Proposal: Hash Function: It[...]

  • Page 76

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 76 Local ID: § T ype: Specify local ID type. § Content: Input ID’s information, like domain name www .ipsectest.com. Remote ID: § T ype: Specify Remote ID type. § Identifier: Input remote ID’s information, like domain name www .ipsectest.com. SA Lifetime: Specify the num[...]

  • Page 77

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 77 Example: Configuring a IPSec LAN-to-LAN VPN Connection T able 3: Network Configuration and Security Plan Branch Office Head Office Local Network ID 192.168.0.0/24 192.168.1.0/24 Local Router IP 69.1.121.30 69.1.121.3 Remote Network ID 192.168.1.0/24 192.168.0.0/24 Remote Rout[...]

  • Page 78

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 78 Configuring IPSec VPN in the Head Office Item Function Description 1 Connection Name IPSec_HeadOf fice Given a name of IPSec connection Subnet Check Subnet radio button IP Address 192.168.1.0 2 Netmask 255.255.255.0 Head office network 3 Secure Gateway Address (or Hostname) 6[...]

  • Page 79

    Chapter 4: Configuration 79 Configuring IPSec VPN in the Branch Office Item Function Description 1 Connection Name IPSec_Branch Office Given a name of IPSec connection Subnet Check Subnet radio button IP Address 192.168.0.0 2 Netmask 255.255.255.0 Branch office network 3 Secure Gateway Address (or Hostname) 69.121.1.3 IP address of the head of fice[...]

  • Page 80

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 80 Example: Configuring a IPSec Host-to-LAN VPN Connection[...]

  • Page 81

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 81 Configuring IPSec VPN in the Office Item Function Description 1 Connection Name IPSec Given a name of IPSec connection Subnet Check Subnet radio button IP Address 192.168.1.0 2 Netmask 255.255.255.0 Head office network 3 Secure Gateway Address (or Hostname) 69.121.1.30 IP add[...]

  • Page 82

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 82 L2TP (Layer T wo T unneling Protocol) T wo types of L2TP VPN are supported Remote Access and LAN-to-LAN (please refer below for more information.). Click Create to create a new VPN connection account. After you have created L2TP connection, account status will be displayed. ([...]

  • Page 83

    Chapter 4: Configuration 83 L2TP Connection - Remote Access L2TP VPN Connection Connection Name: User-defined name for the connection (e.g. “connection to of fice”). T ype: Check Dial Out if you want your router to operate as a client (connecting to a remote VPN server , e.g. your office server), check Dial In operates as a VPN server . § When[...]

  • Page 84

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 84 IPSec: Enable for enhancing your L2TP VPN security . Authentication: Authentication establishes the integrity of the datagram and ensures it is not tampered with in transmit. There are three options, Message Digest 5 ( MD5 ), Secure Hash Algorithm ( SHA1 ) or NONE . SHA1 is m[...]

  • Page 85

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 85 Example: Configuring a L2TP VPN - Remote Access Dial-in Connection A remote worker establishes a L2TP VPN connection with the head office using Microsoft's VPN Adapter (included with Windows XP/2000/ME, etc.). The router is installed in the head of fice, connected to a c[...]

  • Page 86

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 86 Configuring L2TP VPN in the Office The input IP address 192.168.1.200 will be assigned to the remote worker . Please make sure this IP is not used in the Of fice LAN. Item Function Description 1 Connection Name VPN_L2TP Given a name of L2TP connection Dial in Check Dial in 2 [...]

  • Page 87

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 87 Example: Configuring a Remote Access L2TP VPN Dial-out Connection A company’s of fice establishes a L2TP VPN connection with a file server located at a separate location. The router is installed in the of fice, connected to a couple of PCs and Servers. Dial-out[...]

  • Page 88

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 88 Configuring the L2TP VPN in the Office Item Function Description 1 Connection Name VPN_L2TP Given name of L2TP connection Dial out Check Dial out 2 Server IP Address (or Hostname) 69.121.1.33 An Dialed server IP Username username 3 Password 123456 A given username & passw[...]

  • Page 89

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 89 Example: Configuring your Router to Dial-in to the Server Currently , Microsoft Windows operation system does not support L2TP incoming service. Additional software may be required to set up your L2TP incoming service.[...]

  • Page 90

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 90 L2TP Connection - LAN to LAN L2TP VPN Connection Connection Name: User-define description of the connection. T ype: Check Dial Out if you want your router to operate as a client (connecting to a remote VPN server , e.g. your office server), check Dial In operates as a VPN ser[...]

  • Page 91

    Chapter 4: Configuration 91 L2TP over IPSec (L2TP/IPSec) VPN Connection IPSec: Enable for enhancing your L2TP VPN security . Authentication: Authentication establishes the integrity of the datagram and ensures it is not tampered with in transmit. There are three options, Message Digest 5 ( MD5 ), Secure Hash Algorithm ( SHA1 ) or NONE . SHA-1 is mo[...]

  • Page 92

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 92 Example: Configuring L2TP LAN-to-LAN VPN Connection The branch office establishes a L2TP VPN tunnel with head of fice to connect two private networks over the Internet. The routers are installed in the head office and branch of fice accordingly . Both office LAN networks MUST[...]

  • Page 93

    Chapter 4: Configuration 93 Configuring L2TP VPN in the Head Office The IP address 192.168.1.200 will be assigned to the router located in the branch of fice. Please make sure this IP is not used in the head of fice LAN. Item Function Description 1 Connection Name HeadOf fice Given a name of L2TP connection Dial in Check Dial in 2 Private IP Addres[...]

  • Page 94

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 94 Configuring L2TP VPN in the Branch Office The IP address 69.1.121.30 is the Public IP address of the router located in head of fice. If you registered the DDNS (please refer to the DDNS section of this manual), you can also use the domain name instead of the IP address to rea[...]

  • Page 95

    Chapter 4: Configuration 95 QoS (Quality of Service) QoS function helps you to control your network traf fic for each application from LAN (Ethernet and/or Wireless) to W AN (Internet). It facilitates you to control the dif ferent quality and speed of through put for each application when the system is running with full loading of upstream. Here ar[...]

  • Page 96

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 96 DSCP Marking : Dif ferentiated Services Code Point (DSCP), it is the first 6 bits in the T oS byte. DSCP Marking allows users to assign specific application traf fic to be executed in priority by the next Router based on the DSCP value. See T able 4. The DSCP Mapping T able: [...]

  • Page 97

    Chapter 4: Configuration 97 Outbound IP Throttling (LAN to W AN) IP Throttling allows you to limit the speed of IP traf fic. The value entered will limit the speed of the application that you set to the specified value’s multiple of 32kbps. Application : A user-define description to identify this new policy/application. T ime Schedule : Schedulin[...]

  • Page 98

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 98 Inbound IP Throttling (W AN to LAN) IP Throttling allows you to limit the speed of IP traf fic. The value entered will limit the speed of the application that you set to the specified value’s multiple of 32kbps. Application : A user-define description to identify this new p[...]

  • Page 99

    Chapter 4: Configuration 99 Example: QoS for your Network Connection Diagram Information and Settings Upstream: 928 kbps Downstream: 8 Mbps V oIP User : 192.168.1.1 Normal Users : 192.168.1.2~192.168.1.5 Restricted User: 192.168.1.100 0 100 200 300 400 500 kbps VoIP/VPN HIGH Others NORMAL Restricted LOW Throughput VoIP/VPN HIGH Others NORMAL Restri[...]

  • Page 100

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 100 Mission-critical application Mostly the VPN connection is mission-critical application for doing data exchange between head and branch office. The mission-critical application must be sent out smoothly without any dropping. Set priority as high level for preventing any other[...]

  • Page 101

    Chapter 4: Configuration 101 Sometime your customers or friends may upload their files to your FTP server and that will saturate your downstream bandwidth. The settings below help you to limit bandwidth for the restricted application.[...]

  • Page 102

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 102 V irtual Server (“Port Forwarding”) In TCP/IP and UDP networks a port is a 16-bit number used to identify which application program (usually a server) incoming connections should be delivered to. Some ports have numbers that are pre-assigned to them by the IANA (the Inte[...]

  • Page 103

    Chapter 4: Configuration 103 Add Virtual Server Because NA T can act as a “natural” Internet firewall, your router protects your network from being accessed by outside users when using NA T , as all incoming connection attempts will point to your router unless you specifically create V irtual Server entries to forward those ports to a PC on you[...]

  • Page 104

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 104 If you like to remote accessing your Router through the Web/HTTP at all time, you would need to enable port number 80 (W eb/HTTP) and map to Router’s IP Address. Then all incoming HTTP requests from you (Remote side) will be forwarded to the Router with IP address of 192.1[...]

  • Page 105

    Chapter 4: Configuration 105 Edit DMZ Host The DMZ Host is a local computer exposed to the Internet. When setting a particular internal IP address as the DMZ Host, all incoming packets will be checked by the Firewall and NA T algorithms then passed to the DMZ host, when a packet received does not use a port number used by any other V irtual Server [...]

  • Page 106

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 106 Edit One-to-One NA T (Network Address T ranslation) One-to-One NA T maps a specific private/local IP address to a global/public IP address. If you have multiple public/W AN IP addresses from you ISP , you are eligible for One-to-One NA T to utilize these IP addresses. NA T T[...]

  • Page 107

    Chapter 4: Configuration 107 T ime Schedule: A self-defined time period to enable your virtual server . Y ou may specify a time schedule or Always on for the usage of this V irtual Server Entry . For setup and detail, refer to Time Schedule section Application : Users-defined description to identify this entry or click to select existing predefined[...]

  • Page 108

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 108 Example: List of some well-known and registered port numbers. The Internet Assigned Numbers Authority (IANA) is the central coordinator for the assignment of unique parameter values for Internet protocols. Port numbers range from 0 to 65535, but only ports numbers 0 to 1023 [...]

  • Page 109

    Chapter 4: Configuration 109 Time Schedule The T ime Schedule supports up to 16 time slots which helps you to manage your Internet connection. In each time profile, you may schedule specific day(s) i.e. Monday through Sunday to restrict or allowing the usage of the Internet by users or applications. This T ime Schedule correlates closely with route[...]

  • Page 110

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 1 10 Configuration of T ime Schedule Edit a Time Slot 1. Choose any T ime Slot (ID 1 to ID 16) to edit, click Edit. Note: Watch it carefully, the days you have selected will present in capital letter. Lower case letter shows the day(s) is not selected, and no rule will apply on [...]

  • Page 111

    Chapter 4: Configuration 1 1 1 Advanced Configuration options within the Advanced section are for users who wish to take advantage of the more advanced features of the router . Users who do not understand the features should not attempt to reconfigure their router , unless advised to do so by support staf f. Here are items within the Advanced secti[...]

  • Page 112

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 1 12 Dynamic DNS The Dynamic DNS function allows you to alias a dynamic IP address to a static hostname, allowing users whose ISP does not assign them a static IP address to use a domain name. This is e specially useful for hosting servers via your SHDSL connection, so that anyo[...]

  • Page 113

    Chapter 4: Configuration 1 13 Check Email This function allows you to have the router check your POP3 mailbox for new Email messages. The Mail LED on your router will light when it detects new messages waiting for download. Y ou may also view the status of this function using the Status – Email Checking section of the web interface, which also pr[...]

  • Page 114

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 1 14 Device Management The Device Management advanced configuration settings allow you to control your router’s security options and device monitoring features. Embedded W eb Server ( 2 Management IP accounts) HTTP Port: This is the port number the router’s embedded web serv[...]

  • Page 115

    Chapter 4: Configuration 1 15 Universal Plug and Play (UPnP) UPnP offers peer-to-peer network connectivity for PCs and other network devices, along with control and data transfer between devices. UPnP of fers many advantages for users running NA T routers through UPnP NA T T raversal, and on supported systems makes tasks such as port forwarding muc[...]

  • Page 116

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 1 16 ˛ SNMP group From RFC1650 (EtherLike-MIB): ˛ dot3Stats From RFC 1493 (Bridge MIB): ˛ dot1dBase group ˛ dot1dTp group ˛ dot1dStp group (if configured as spanning tree) From RFC 1471 (PPP/LCP MIB): ˛ pppLink group ˝ pppLqr group (not applicable) From RFC 1472 (PPP/Secu[...]

  • Page 117

    Chapter 4: Configuration 1 17 IGMP IGMP , known as Internet Group Management Protocol , is used to management hosts from multicast group. IGMP Forwarding: Accepting multicast packet. Default is set to Enable. IGMP Snooping: Allowing switched Ethernet to check and make correct forwarding decisions. Default is set to Disable. VLAN Bridge This section[...]

  • Page 118

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 1 18 Step 1: Setup Member Ports Go to Configuration ‡ LAN ‡ Bridge Interface. Y ou can setup member ports for each VLAN group under Bridge Interface section. From the example, two VLAN groups need to be created. Ethernet: P1 (Port 1) Ethernet1: P2, P3 and P4 (Port 2, 3, 4) P[...]

  • Page 119

    Chapter 4: Configuration 1 19 From the example, PVC 0/33 to 0/39 is assigned for video using 1483 Bridged mode. Check RFC 1483 Bridged and click Next to continue the setup. Spaces next to VPI and VCI, type 0 and 33 in respectively . Select appropriate A TM Class, Encapsulation Method, Acceptable Frame T ype, Filter T ype and PVID for Untagged Frame[...]

  • Page 120

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 4: Configuration 120 Step 3: Setup VLAN Service Go to Configuration ‡ Advanced ‡ VLAN Bridge DefaultVlan lists all member ports. It is necessary to group specific member ports for each VLAN. From the example, two VLAN groups are requested: Data and V ideo. T o create another VLAN group for V[...]

  • Page 121

    Chapter 4: Configuration 121 Mapping the VLAN Bridge with Bridge Interface created in Step1, you will see the conformable relationship in these two screenshots. Step 4: IGMP Snooping Enable Go Configuration ‡ Advanced ‡ IGMP . IGMP Snooping must be enabled in order to allow video stream forwarding correctly . Save Configuration to Flash After c[...]

  • Page 122

    MICHELANGELO SHDSL VPN Firewall Bridge/Router Chapter 5: T roubleshooting Chapter 5: T roubleshooting If the router is not functioning properly , first check this chapter for simple troubleshooting before contacting your service provider or Digicom support. Problems starting up the router Problem Corrective Action None of the LEDs are on when you t[...]