Planet VRT-401 manuel d'utilisation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125

Aller à la page of

Un bon manuel d’utilisation

Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation Planet VRT-401. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel Planet VRT-401 ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.

Qu'est ce que le manuel d’utilisation?

Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation Planet VRT-401 décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.

Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.

Donc, ce qui devrait contenir le manuel parfait?

Tout d'abord, le manuel d’utilisation Planet VRT-401 devrait contenir:
- informations sur les caractéristiques techniques du dispositif Planet VRT-401
- nom du fabricant et année de fabrication Planet VRT-401
- instructions d'utilisation, de réglage et d’entretien de l'équipement Planet VRT-401
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes

Pourquoi nous ne lisons pas les manuels d’utilisation?

Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage Planet VRT-401 ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles Planet VRT-401 et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service Planet en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées Planet VRT-401, comme c’est le cas pour la version papier.

Pourquoi lire le manuel d’utilisation?

Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif Planet VRT-401, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.

Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation Planet VRT-401. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.

Table des matières du manuel d’utilisation

  • Page 1

    Networking & Communicat io n Broadband VPN Router VRT-401 User ’ s Manual[...]

  • Page 2

    ii Cop y right Copyright (C) 2002 PLANET Technology Corp. All rights reserved. The products and programs described in this User ’ s M anual are licensed products of PLANET Technology, This User ’ s M anual contains proprietary information protected by copyright, and this User ’ s M anual and all accompanying hard w are, soft w are, and docume[...]

  • Page 3

    i Table of Contents CH A P T ER 1 IN T RODUC T IO N ..................................................................................... .1 VR T -401 Feature s ................................................................................................. .1 Package Content s ......................................................................[...]

  • Page 4

    ii Example s ............................................................................................................. . 83 Using Certificate s ............................................................................................. . 101 CH A P T ER 9 O T HER FE A T URES A ND SE TT ING S ................................................ . [...]

  • Page 5

    1 Chapter 1 Introduction This Chapter provides an overview of VRT-401's features and capabili- ties. Congratulations on the purchase o f y our ne w VR T -401. VR T -401 is a m ulti- f unction device providing the f ollo w ing services: • Shared Broadband Internet Access f or all LAN users. • 4-Port Switching Hub f or 10Base T or 100Base T [...]

  • Page 6

    VRT-401 User Manual 2 A d v anced Internet Functions • Communication Applications. Support f or Internet co mm unication applica- tions, such as interactive Ga m es, T elephon y , and Con f erencing applications, w hich are o f ten di ff icult to use w hen behind a Fire w all, is included. • Special Internet Applications. Applications w hich us[...]

  • Page 7

    Introduction 3 tion and even the existence o f each PC is hidden. Fro m the external vie w point, there is no net w or k , onl y a single device - VR T -401. • Stateful Inspection Firewall. All inco m ing data pac k ets are m onitored and all inco m ing server requests are f iltered, thus protecting y our net w or k f ro m m alicious attac k s f [...]

  • Page 8

    VRT-401 User Manual 4 Ph y sical Details Front-mounted LEDs Figure 2: Front Panel Po w er On - Po w er on. Off - No po w er. Status (Red) On - Error condition. Off - Nor m al operation. Blinking - T his LED blin k s during start up. L A N For each port, there are 2 LEDs • LNK/ A C T • On - Corresponding LAN port is active. • Off - No active c[...]

  • Page 9

    Introduction 5 Rear Panel Figure 3: Rear Panel D M Z Use a standard LAN cable to connect a nor m al port on the other hub. Reset Button T his button has t w o (2) f unctions: • Reboot . W hen pressed and released, VR T -401 w ill reboot (restart). • Clear A ll Data . T his button can also be used to clear ALL data and restore ALL settings to th[...]

  • Page 10

    6 Chapter 2 Installation This Chapter covers the physical installation of VRT-401. Requirements • Net w or k cables. Use standard 10/100Base T net w or k (U T P) cables w ith RJ45 connectors. • T CP/IP protocol m ust be installed on all PCs. • For Internet Access, an Internet Access account w ith an ISP, and either o f a DSL or Cable m ode m [...]

  • Page 11

    Installation 7 • I f desired, connect the DMZ port to a standard port on a Hub. PCs connected to this hub w ill also gain Internet access, but w ill NO T be able to access the rest o f the LAN. 3. Connect W A N Cable Connect the DSL or Cable m ode m to the W AN port on VR T -401. Use the cable supplied w ith y our DSL/Cable m ode m . I f no cable[...]

  • Page 12

    8 Chapter 3 Setup This Chapter provides Setup details of VRT-401. O v er v ie w T his chapter describes the setup procedure f or: • Internet Access • LAN con f iguration PCs on y our local LAN m a y also require con f iguration. For details, see Chapter 4 - PC Configuration . Other con f iguration m a y also be required, depending on w hich f e[...]

  • Page 13

    Setup 9 Con f igure or use an y o f the f ollo w ing: • PC Database • Re m ote Ad m in • Routing (RIP and static Routing) • Upgrade f ir m w are • Enable/Disable UPnP Support Chapter 9: Other Features and Set- tings Where use of a certain feature requires that PCs or other L A N de v ices be configured, this is also explained in the rele [...]

  • Page 14

    VRT-401 User Manual 10 2. Start y our W EB bro w ser. 3. In the Address box, enter "H TT P://" and the IP Address o f VR T -401, as in this exa m ple, w hich uses VR T -401 ’ s de f ault IP Address: H TT P://192.168.0.1 If y ou can't connect I f VR T -401 does not respond, chec k the f ollo w ing: • VR T -401 is properl y install[...]

  • Page 15

    Setup 11 Config Wizard T he f irst ti m e y ou connect to VR T -401, the Con f ig W i z ard w ill run auto m aticall y . ( T he Setup W i z ard w ill also run i f VR T -401 ’ s de f ault settings are restored.) 1. Step through the W i z ard until f inished. • Y ou need to k no w the t y pe o f Internet connection service used b y y our ISP. Che[...]

  • Page 16

    VRT-401 User Manual 12 PP T P Mainl y used in Europe. Y ou connect to the ISP onl y w hen required. T he IP address is usuall y allocated auto m aticall y , but m a y be Static (Fixed). • PP T P Server IP Address. • User na m e and pass- w ord. • IP Address allocated to y ou, i f Static (Fixed). Other Modems (e.g. Broadband Wireless) T y pe D[...]

  • Page 17

    Setup 13 Home Screen A f ter f inishing or exiting the Setup W i z ard, y ou w ill see the Home screen. W hen y ou connect in f uture, y ou w ill see this screen w hen y ou connect. An exa m ple screen is sho w n belo w . Figure 6: Home Screen Na v igation & Data Input • Use the m enu bar on the top o f the screen, and the "Bac k " [...]

  • Page 18

    VRT-401 User Manual 14 L A N Screen Use the LAN lin k on the m ain m enu to reach the LAN screen An exa m ple screen is sho w n belo w . Figure 7: L A N Screen Data - L A N Screen T CP/IP IP A ddress IP address f or VR T -401, as seen f ro m the local LAN. Use the de f ault value unless the address is alread y in use or y our LAN is using a di ff e[...]

  • Page 19

    Setup 15 DHCP What DHCP Does A DHCP (D y na m ic Host Con f iguration Protocol) Ser v er allocates a valid IP address to a DHCP Client (PC or device) upon request. • T he client request is m ade w hen the client device starts up (boots). • T he DHCP Server provides the Gateway and DNS addresses to the client, as w ell as allocating an IP Addres[...]

  • Page 20

    16 Chapter 4 PC Configuration This Chapter details the PC Configuration required on the local ("Inter- nal") LAN. O v er v ie w For each PC, the f ollo w ing m a y need to be con f igured: • T CP/IP net w or k settings • Internet Access con f iguration Windo w s Clients T his section describes ho w to con f igure W indo w s clients f [...]

  • Page 21

    PC Configuration 17 Checking TCP/IP Settings - Windo w s 9x/ME: 1. Select Control Panel - Network . Y ou should see a screen li k e the f ollo w ing: Figure 8: Net w ork Configuration 2. Select the TCP/IP protocol f or y our net w or k card. 3. Clic k on the Properties button. Y ou should then see a screen li k e the f ollo w ing. Figure 9: IP A dd[...]

  • Page 22

    VRT-401 User Manual 18 • On the Gateway tab, enter VR T -401 ’ s IP address in the New Gateway f ield and clic k Add , as sho w n belo w . Y our LAN ad m inistrator can advise y ou o f the IP Ad- dress the y assigned to VR T -401. Figure 10: Gate w a y T ab (Win 95/98) • On the DNS Configuration tab, ensure Enable DNS is selected. I f the DNS[...]

  • Page 23

    PC Configuration 19 Checking TCP/IP Settings - Windo w s NT4.0 1. Select Control Panel - Network , and, on the Protocols tab, select the T CP/IP protocol, as sho w n belo w . Figure 12: Windo w s N T 4.0 - T CP/IP 2. Clic k the Properties button to see a screen li k e the one belo w .[...]

  • Page 24

    VRT-401 User Manual 20 Figure 13: Windo w s N T 4.0 - IP A ddress 3. Select the net w or k card f or y our LAN. 4. Select the appropriate radio button - Obtain an IP address from a DHCP Server or Specify an IP Address , as explained belo w . Obtain an IP address from a DHCP Ser v er T his is the de f ault W indo w s setting. Using this is recommend[...]

  • Page 25

    PC Configuration 21 Figure 14 - Windo w s N T 4.0 - A dd Gate w a y 2. T he DNS should be set to the address provided b y y our ISP, as f ollo w s: • Clic k the DNS tab. • On the DNS screen, sho w n belo w , clic k the Add button (under DNS Service Search Order ), and enter the DNS provided b y y our ISP.[...]

  • Page 26

    VRT-401 User Manual 22 Figure 15: Windo w s N T 4.0 - DNS[...]

  • Page 27

    PC Configuration 23 Checking TCP/IP Settings - Windo w s 2000: 1. Select Control Panel - Network and Dial-up Connection . 2. Right - clic k the Local Area Connection icon and select Properties . Y ou should see a screen li k e the f ollo w ing: Figure 16: Net w ork Configuration (Win 2000) 3. Select the TCP/IP protocol f or y our net w or k card. 4[...]

  • Page 28

    VRT-401 User Manual 24 Figure 17: T CP/IP Properties (Win 2000) 5. Ensure y our T CP/IP settings are correct, as described belo w . Using DHCP T o use DHCP, select the radio button Obtain an IP Address automatically . T his is the de f ault W indo w s setting. Using this is recommended . B y de f ault, VR T -401 w ill act as a DHCP Server. Restart [...]

  • Page 29

    PC Configuration 25 Checking TCP/IP Settings - Windo w s XP 1. Select Control Panel - Network Connection . 2. Right clic k the Local Area Connection and choose Properties . Y ou should see a screen li k e the f ollo w ing: Figure 18: Net w ork Configuration (Windo w s XP) 3. Select the TCP/IP protocol f or y our net w or k card. 4. Clic k on the Pr[...]

  • Page 30

    VRT-401 User Manual 26 Figure 19: T CP/IP Properties (Windo w s XP) 5. Ensure y our T CP/IP settings are correct. Using DHCP T o use DHCP, select the radio button Obtain an IP Address automatically . T his is the de f ault W indo w s setting. Using this is recommended . B y de f ault, VR T -401 w ill act as a DHCP Server. Restart y our PC to ensure[...]

  • Page 31

    PC Configuration 27 Internet A ccess T o con f igure y our PCs to use VR T -401 f or Internet access: • Ensure that the DSL m ode m , Cable m ode m , or other per m anent connection is f unctional. • Use the f ollo w ing procedure to con f igure y our Bro w ser to access the Internet via the LAN, rather than b y a Dial-up connection. For Windo [...]

  • Page 32

    VRT-401 User Manual 28 M acintosh Clients Fro m y our Macintosh, y ou can access the Internet via VR T -401. T he procedure is as f ollo w s. 1. Open the T CP/IP Control Panel. 2. Select Ethernet f ro m the Connect via pop-up m enu. 3. Select Using DHCP Server f ro m the Configure pop-up m enu. T he DHCP Client ID f ield can be le f t blan k . 4. C[...]

  • Page 33

    29 Chapter 5 Operation and Status This Chapter details the operation of VRT-401 and the status screens. Operation Once both VR T -401 and the PCs are configured, operation is automatic. Ho w ever, there are so m e situations w here additional Internet con f iguration m a y be required: • I f using Internet-based Communication Applications , it m [...]

  • Page 34

    VRT-401 User Manual 30 Data - Status Screen Internet Connection M ethod T his indicates the current connection m ethod, as set in the Setup W i z ard. Broadband M odem T his sho w s the connection status o f the m ode m . Internet Connection Current connection status: • Active • Idle • Un k no w n • Failed I f there is an error, y ou can cl[...]

  • Page 35

    Operation and Status 31 Connection Status - PPPoE I f using PPPoE (PPP over Ethernet), a screen li k e the f ollo w ing exa m ple w ill be dis- pla y ed w hen the "Connection Details" button is clic k ed. Figure 21: PPPoE Status Screen Data - PPPoE Screen Connection Ph y sical A ddress T he hard w are address o f this device, as seen b y [...]

  • Page 36

    VRT-401 User Manual 32 Connection Log Connection Log • T he Connection Log sho w s status m essages relating to the existing connection. • T he m ost co mm on m essages are listed in the table belo w . • T he "Clear Log" button w ill restart the Log, w hile the Re f resh button w ill update the m essages sho w n on screen. Buttons C[...]

  • Page 37

    Operation and Status 33 Error: Invalid or un- k no w n pac k et t y pe T he data received f ro m the ISP's Server could not be processed. T his could be caused b y data corruption ( f ro m a bad lin k ), or the Server using a protocol w hich is not supported b y this device.[...]

  • Page 38

    VRT-401 User Manual 34 Connection Status - PPTP I f using PP T P (Peer-to-Peer T unneling Protocol), a screen li k e the f ollo w ing exa m ple w ill be displa y ed w hen the "Connection Details" button is clic k ed. Figure 22: PP T P Status Screen Data - PP T P Screen Connection Ph y sical A d- dress T he hard w are address o f this devi[...]

  • Page 39

    Operation and Status 35 Buttons Connect I f not connected, establish a connection to y our ISP. Disconnect I f connected to y our ISP, hang up the connection. Clear Log Delete all data currentl y in the Log. T his w ill m a k e it easier to read ne w m essages. Refresh Update the data on screen. Connection Status - Telstra Big Pond An exa m ple scr[...]

  • Page 40

    VRT-401 User Manual 36 Connection Status T his indicates w hether or not the connection is currentl y established. • I f the connection does not exist, the "Connect" button can be used to establish a connection. • I f the connection currentl y exists, the "Disconnect" button can be used to brea k the connection. • Nor m al[...]

  • Page 41

    Operation and Status 37 Data - Sing T el R A S Screen Internet R A S Plan T he RAS Plan w hich is currentl y used. Ph y sical A d- dress T he hard w are address o f this device, as seen b y re m ote de- vices on the Internet. ( T his is di ff erent to the hard w are address seen b y devices on the local LAN.) IP A ddress T he IP Address o f this de[...]

  • Page 42

    VRT-401 User Manual 38 Connection Details - Fixed/D y namic IP A ddress I f y our access m ethod is "Direct" (no login), a screen li k e the f ollo w ing exa m ple w ill be displa y ed w hen the "Connection Details" button is clic k ed. Figure 25: Connection Details - Fixed/D y namic IP A ddress Data - Fixed/D y namic IP address[...]

  • Page 43

    Operation and Status 39 Buttons Release/Rene w Button w ill displa y EI T HER "Release" OR "Rene w " T his button is onl y use f ul i f the IP address sho w n above is allocated auto m aticall y on connection. (D y na m ic IP address). I f y ou have a Fixed (Static) IP address, this button has no e ff ect. • I f the ISP's[...]

  • Page 44

    40 Chapter 6 Internet Features This Chapter explains when and how to use VRT-401 ’ s "Internet" Fea- tures. O v er v ie w T he f ollo w ing advanced f eatures are provided. • Advanced Internet • Co mm unication Applications • Special Applications • DMZ • URL f ilter • D y na m ic DNS • Virtual Servers • Options A d v anc[...]

  • Page 45

    Internet Features 41 Communication A pplications Most applications are supported transparentl y b y VR T -401. But so m eti m es it is not clear w hich PC should receive an inco m ing connection. T his proble m could arise w ith the Communication Applications listed on this screen. I f this proble m arises, y ou can use this screen to set w hich PC[...]

  • Page 46

    VRT-401 User Manual 42 Figure 27: Special A pplications Screen Data - Special A pplications Screen Checkbox Use this to Enable or Disable this Special Application as required. Name Enter a descriptive na m e to identi f y this Special Application. Incoming Ports • T y pe - Select the protocol ( T CP or UDP) used w hen y ou receive data f ro m the[...]

  • Page 47

    Internet Features 43 If an application still cannot function correctl y , tr y using the "D M Z" feature. DMZ T his f eature, i f enabled, allo w s one (1) co m puter on y our LAN to be exposed to all users on the Internet, allo w ing unrestricted 2- w a y co mm unication bet w een the "DMZ PC" and other Internet users or Server[...]

  • Page 48

    VRT-401 User Manual 44 URL Filter Screen Clic k the "Con f igure URL Filter" button on the Advanced Internet screen to access the URL Filter screen. An exa m ple screen is sho w n belo w . Figure 28: URL Filter Screen Data - URL Filter Screen Filter Strings Current Entries T his lists an y existing entries. I f y ou have not entered an y [...]

  • Page 49

    Internet Features 45 D y namic DNS (Domain Name Ser v er) T his f ree service is ver y use f ul w hen co m bined w ith the Virtual Server f eature. It allo w s Internet users to connect to y our Virtual Servers using a URL, rather than an IP Ad- dress. T his also solves the proble m o f having a d y na m ic IP address. W ith a d y na m ic IP addres[...]

  • Page 50

    VRT-401 User Manual 46 Data - D y namic DNS Screen DDNS Ser v ice DDNS Ser v ice • Y ou m ust sign up f irst to create a ne w account be f ore using the service. T he service is f ree. • Clic k this lin k to connect to the www .d y ndns.org W eb site. • Y our initial pass w ord w ill be E- m ailed to y ou; y ou can change this later i f y ou [...]

  • Page 51

    Internet Features 47 Virtual Ser v ers T his f eature allo w s y ou to m a k e Servers on y our LAN accessible to Internet users. Nor m all y , Internet users w ould not be able to access a server on y our LAN because: • Y our Server does not have a valid external IP Address. • Atte m pts to connect to devices on y our LAN are bloc k ed b y the[...]

  • Page 52

    VRT-401 User Manual 48 Using the DMZ port for Virtual Ser v ers Y ou should connect y our Virtual Servers to the DMZ port, f or the f ollo w ing reasons: • T ra ff ic passing bet w een the DMZ and LAN passes through the f ire w all. T he f ire- w all w ill protect y our LAN i f y our Server is co m pro m ised and used to launch an attac k on y ou[...]

  • Page 53

    Internet Features 49 Defining y our o w n Virtual Ser v ers I f the t y pe o f Server y ou w ish to use is not listed on the Virtual Servers screen, y ou can use the Fire w all Rules to allo w particular inco m ing tra ff ic and f or w ard it to a speci f ied PC (Server). Connecting to the Virtual Ser v ers Once con f igured, an y one on the Intern[...]

  • Page 54

    VRT-401 User Manual 50 MT U MT U size M T U (Maxi m u m T rans m ission Unit) value should onl y be changed i f advised to do so b y T echnical Support. • Enter a value bet w een 1 and 1500. • T his device w ill still auto-negotiate w ith the re m ote server, to set the M T U si z e. T he s m aller o f the 2 values (auto- negotiated, or entered[...]

  • Page 55

    51 Chapter 7 Securit y Configuration This Chapter explains the settings available via the security configura- tion section of the "Security" menu. O v er v ie w T he f ollo w ing advanced con f igurations are provided. • Ad m in Login • Access Control • Fire w all Rules • Logs • Securit y Options • Scheduling • Services A dm[...]

  • Page 56

    VRT-401 User Manual 52 Figure 34: Pass w ord Dialog Enter the "User Na m e" and "Pass w ord" y ou set on the Admin Login screen above.[...]

  • Page 57

    Security Configuration 53 A ccess Control T his f eature is accessed b y the Access Control lin k on the Securit y m enu. T he Access Control f eature allo w s ad m inistrators to restrict the level o f Internet Ac- cess available to PCs on y our LAN. W ith the de f ault settings, ever y one has unrestricted Internet access. T o use this feature: 1[...]

  • Page 58

    VRT-401 User Manual 54 Data - A ccess Control Screen Group Group Select the desired Group. T he screen w ill update to displa y the settings f or the selected Group. Groups are na m ed "De- f ault", "Group 1", "Group 2", "Group 3" and "Group 4", and cannot be re-na m ed. " M embers" Button[...]

  • Page 59

    Security Configuration 55 Vie w Log Clic k this to open a sub- w indo w w here y ou can vie w the "Access Control" log. T his log sho w s atte m pted Internet accesses w hich have been bloc k ed b y the Access Control f eature. Clear Log Clic k this to clear and restart the "Access Control" log, m a k- ing ne w entries easier to[...]

  • Page 60

    VRT-401 User Manual 56 Group Members Screen T his screen is displa y ed w hen the M embers button on the Access Control screen is clic k ed. Figure 36: Group M embers Use this screen to add or re m ove m e m bers (PCs) f ro m the current group. • T he "Del >>" button w ill re m ove the selected PC (in the M embers list) f ro m the[...]

  • Page 61

    Security Configuration 57[...]

  • Page 62

    VRT-401 User Manual 58 Fire w all Rules For nor m al operation and LAN protection, it is not necessar y to use this screen. T he Fire w all w ill al w a y s bloc k DoS (Denial o f Service) attac k s. A DoS attac k does not atte m pt to steal data or da m age y our PCs, but overloads y our Internet connection so y ou can not use it - the service is [...]

  • Page 63

    Security Configuration 59 Data - Fire w all Rules Screen Rule List Vie w Rules for .. Select the desired option; the screen w ill update and list an y current rules. I f y ou have not de f ined an y rules, the list w ill be e m pt y . Data For each rule, the f ollo w ing data is sho w n: • Name - T he na m e y ou assigned to the rule. • Source [...]

  • Page 64

    VRT-401 User Manual 60 Define Fire w all Rule Clic k ing the "Add" button in the Firewall Rules screen w ill displa y a screen li k e the exa m ple belo w . Figure 38: Define Fire w all Rule Data - Define Fire w all Rule Screen Name Enter a suitable na m e f or this rule. T y pe T his deter m ines the source and destination ports f or tra[...]

  • Page 65

    Security Configuration 61 Dest IP T hese settings deter m ine w hich tra ff ic, based on their destination IP address, is covered b y this rule. Select the desired option: • An y - All tra ff ic f ro m the source port is covered b y this rule. • Single address - Enter the required IP address in the "Start IP address" f ield". Y o[...]

  • Page 66

    VRT-401 User Manual 62 Logs T he Logs record various t y pes o f activit y on VR T -401. T his data is use f ul f or trouble- shooting, but enabling all logs w ill generate a large a m ount o f data and adversel y a ff ect per f or m ance. Since onl y a li m ited a m ount o f log data can be stored in VR T -401, log data can also be E- m ailed to y[...]

  • Page 67

    Security Configuration 63 A ccess Control I f enabled, the log w ill include atte m pted outgoing connec- tions w hich have been bloc k ed b y the "Access Control" f eature. Fire w all Rules I f enabled, the log w ill details o f pac k ets bloc k ed b y user- de f ined Fire w all rules. Logging can be set f or each rule individuall y . On[...]

  • Page 68

    VRT-401 User Manual 64 Include Select the logs y ou w ish to be included.[...]

  • Page 69

    Security Configuration 65 Securit y Options T his screen allo w s y ou to set Fire w all and other securit y -related options. Figure 40: Securit y Options Screen Data - Securit y Options Screen SPI Fire w all Enable DoS Fire w all I f enabled, DoS (Denial o f Service) attac k s w ill be detected and bloc k ed. T he de f ault is enabled. It is stro[...]

  • Page 70

    VRT-401 User Manual 66 Options Respond to IC M P T he ICMP protocol is used b y the "ping" and "trace route" pro- gra m s, and b y net w or k m onitoring and diagnostic progra m s. • I f chec k ed, VR T -401 w ill respond to ICMP pac k ets received f ro m the Internet. • I f not chec k ed, ICMP pac k ets f ro m the Internet [...]

  • Page 71

    Security Configuration 67 Scheduling • T his schedule can be (optionall y ) applied to an y Access Control Group. • Bloc k ing w ill be per f or m ed during the scheduled ti m e (bet w een the "Start" and "Finish" ti m es.) • T w o (2) separate sessions or periods can be de f ined. • T i m es m ust be entered using a 24 [...]

  • Page 72

    VRT-401 User Manual 68 Ser v ices Services are used in de f ining tra ff ic to be bloc k ed or allo w ed b y the Access Control or Firewall Rules f eatures. Man y co mm on Services are pre-de f ined, but y ou can also de f ine y our o w n services i f required. T o vie w the Services screen, select the Services lin k on the Securit y m enu. Figure [...]

  • Page 73

    Security Configuration 69 service. Buttons Delete Delete the selected service f ro m the list. A dd Add a ne w entr y to the Service list, using the data sho w n in the "Add Ne w Service" area on screen. Cancel Clear the " Add Ne w Service " area, read y f or entering data f or a ne w Service.[...]

  • Page 74

    70 Chapter 8 VPN This Chapter describes the VPN capabilities and configuration required for common situations. O v er v ie w T his section describes the VPN (Virtual Private Net w or k ) support provided b y y our VR T -401. A VPN (Virtual Private Net w or k ) provides a secure connection bet w een 2 points, over an insecure net w or k - t y picall[...]

  • Page 75

    VPN 71 • Phase I is the negotiation and establish m ent up o f the IKE connection. • Phase II is the negotiation and establish m ent up o f the IPsec connection. Because the IKE and IPsec connections are separate, the y have di ff erent SAs (secu- rit y associations). Policies VPN con f iguration settings are stored in Policies . Each polic y d[...]

  • Page 76

    VRT-401 User Manual 72 Common VPN Situations VPN Pass-through Figure 43: VPN Pass-through Here, a PC on the LAN behind the Router/Gate w a y is using VPN so f t w are, but the Router/Gate w a y is NO T acting as a VPN endpoint. It is onl y allo w ing the VPN connec- tion. • T he PC so f t w are can use an y VPN protocol supported b y the re m ote[...]

  • Page 77

    VPN 73 Connecting 2 L A Ns v ia VPN Figure 45: Connecting 2 VPN Gate w a y s T his allo w s t w o (2) LANs to be connected. PCs on each endpoint gain secure access to the re m ote LAN. • T he 2 LANs MUS T use di ff erent IP address ranges. • T he VPN Policies at each end deter m ine w hen a VPN tunnel w ill be established, and w hat s y ste m s[...]

  • Page 78

    VRT-401 User Manual 74 VPN Configuration T his section covers the con f iguration required on VR T -401 w hen using Manual Ke y Exchange (Manual Policies) or IKE (Auto m atic Policies). Details o f using Certi f icates are covered in a later section. VPN Policies Screen T o vie w this screen, select VPN Policies f ro m the VPN m enu. T his screen l[...]

  • Page 79

    VPN 75 Operations A dd T o add a ne w polic y , clic k the "Add" button. See the f ollo w ing section f or details. Edit T o Edit or m odi f y an existing polic y , select it and clic k the "Edit" button. M o v e T here are 2 w a y s to change the order o f policies: • Use the up and do w n indicators on the right to m ove the[...]

  • Page 80

    VRT-401 User Manual 76 • Other w ise, clic k Next to continue. Y ou w ill see a screen li k e the f ollo w ing. Figure 48: VPN Wizard - General General Settings Polic y Name Enter a suitable na m e. T his na m e is not supplied to the re m ote VPN. It is used onl y to help y ou m anage the policies. Enable Policy Enable or disable the polic y as [...]

  • Page 81

    VPN 77 Figure 49: VPN Wizard - T raffic Selector • For outgoing VPN connections, these settings deter m ine w hich tra ff ic w ill cause a VPN tunnel to be created, and w hich tra ff ic w ill be sent through the tunnel. • For inco m ing VPN connections, these settings deter m ine w hich s y ste m s on y our local LAN w ill be available to the r[...]

  • Page 82

    VRT-401 User Manual 78 Remote IP addresses T y pe • Single address - enter an IP address in the "Start IP address" f ield. • Range address - enter the starting IP address in the "Start IP address" f ield, and the f inish IP address in the "Finish IP address" f ield. • Subnet address - enter the desired IP address[...]

  • Page 83

    VPN 79 T hese settings m ust m atch the re m ote VPN. Note that y ou cannot use both AH and ESP. M anuall y assigned Ke y s A H A uthentication AH (Authentication Header) speci f ies the authentication protocol f or the VPN header, i f used. (AH is o f ten NO T used) I f AH is not enabled, the f ollo w ing settings can be ignored. Ke y s • T he &[...]

  • Page 84

    VRT-401 User Manual 80 For Manual Ke y Exchange, con f iguration is no w co m plete. • Clic k "Next" to vie w the f inal screen. • On the f inal screen, clic k "Finish" to save y our settings, then "Close" to exit the W i z ard. IKE Phase 1 I f y ou selected IKE , the f ollo w ing screen is displa y ed a f ter the [...]

  • Page 85

    VPN 81 A uthentication • RS A Signature requires that both VPN endpoints have valid Certi f icates issued b y a CA (Certi f ication Authorit y ). • For Pre-shared key , enter the sa m e k e y value in both endpoints. T he k e y should be at least 8 characters ( m axi- m u m is 128 characters). Note that this k e y is used f or the IKE SA onl y [...]

  • Page 86

    VRT-401 User Manual 82 IKE Phase 2 (IPsec S A ) IPsec S A Life T ime T his setting does not have to m atch the re m ote VPN end- point; the shorter ti m e w ill be used. Although m easured in seconds, it is co mm on to use ti m e periods o f several hours, such 28,800 seconds. IPSec PFS I f enabled, PFS (Per f ect For w ard Securit y ) enhances sec[...]

  • Page 87

    VPN 83 Examples T his section describes so m e exa m ples o f using VR T -401 in co mm on VPN situations. Example 1: Connecting 2 VRT-401s In this exa m ple, 2 LANs are connected via VPN. Figure 53: Connecting 2 VR T -401s Note • T he LANs MUS T use di ff erent IP address ranges. • Both endpoints have f ixed W AN (Internet) IP addresses. Config[...]

  • Page 88

    VRT-401 User Manual 84 Pre-shared Ke y Xxxxxxxxxx Xxxxxxxxxx Must m atch IKE Authentica- tion algorith m MD5 MD5 Must m atch IKE Encr y ption DES DES Must m atch IKE Exchange m ode Main Mode Main Mode Must m atch DH Group Group 1 (768 bit) Group 1 (768 bit) Must m atch IKE SA Li f e ti m e 28800 28800 Does not have to m atch. Shorter period w ill b[...]

  • Page 89

    VPN 85 Example 2: Windo w s 2000/XP Client to L A N In this exa m ple, a W indo w s 2000/XP client connects to VR T -401 and gains access to the local LAN. Figure 54: Windo w s 2000/XP Client to VR T -401 T o use 3DES encr y ption, y ou need Ser v ice Pack 3 or later installed on Windo w s 2000. VR T -401 Configuration Setting Value Notes Na m e W [...]

  • Page 90

    VRT-401 User Manual 86 m ode DH Group Group 1 (768 bit) Must m atch client PC IKE SA Li f e ti m e 28800 Does not have to m atch client PC. Shorter period w ill be used. IKE PFS Disable Must m atch client PC IPSec S A Parameters IPSec SA Li f e ti m e 28800 Do not have to m atch. Shorter period w ill be used. IPSec PFS Disable Must m atch client PC[...]

  • Page 91

    VPN 87 Figure 56: Windo w s 2000/XP - Polic y Properties • Note that no rules are in use. T w o 2 rules are required - inco m ing and outgo- ing. • T he outgoing rule w ill be added f irst. 6. Deselect the "Use Add W i z ard" chec k box, then clic k "Add" to vie w the screen belo w . Figure 57: IP Filter List 7. T y pe "[...]

  • Page 92

    VRT-401 User Manual 88 Figure 58: Filter Properties: A ddressing 8. Enter the Source IP address and the Destination IP address . • Since this is the outing f ilter, the Source IP address is "M y IP address" and the Destination IP address is the address range used on the re m ote LAN. • Ensure the M irrored option is chec k ed. 9. Clic[...]

  • Page 93

    VPN 89 Figure 60: Ne w Rule Properties: Filter A ction 11. Select Require Security , then clic k the "Edit" button, to vie w the Require Security Properties screen. Figure 61: Require Securit y Properties 12. Select Negotiate security (this selects IKE), then clic k "Add".[...]

  • Page 94

    VRT-401 User Manual 90 Figure 62: M odif y Securit y M ethod 13. On the resulting screen (above), select High [ESP] then clic k "OK" to save y our changes and return to the Require Security Properties screen. Figure 63: Require Securit y Properties 14. Ensure the f ollo w ing settings are correct, then clic k "OK" to return to t[...]

  • Page 95

    VPN 91 15. Clic k the Tunnel Setting tab, then select The tunnel endpoint is specified by this IP address . Enter the W AN (Internet) IP address o f VR T -401, as sho w n belo w . Figure 64: T unnel Setting 16. Clic k the Authentication M ethods tab, then clic k the "Edit" to see the screen li k e the exa m ple belo w . Figure 65: A uthen[...]

  • Page 96

    VRT-401 User Manual 92 19. Clic k "Close" to return to the DUT to W in2K properties screen. T he " T o DU T " f ilter should no w be listed, as sho w n belo w . Figure 66: Windo w s 2000/XP Client to VR T -401 20. T o add the second (outgoing) rule, clic k "Add". For the na m e, enter " T o W in2K", then clic[...]

  • Page 97

    VPN 93 Figure 68: Filter Properties: A ddressing 22. Clic k "OK" to save y our changes, then "Close". Figure 69: Filter List 23. Ensure the " T o W in2K" f ilter is selected, then clic k the Filter Action tab.[...]

  • Page 98

    VRT-401 User Manual 94 Figure 70: Filter A ction 24. Select Require Security , then clic k "Edit". On the Require Security M ethods screen belo w , select Negotiate security . Figure 71: Securit y M ethods 25. Clic k the "Add" button. On the resulting M odify Security M ethod screen belo w , select High [ESP] .[...]

  • Page 99

    VPN 95 Figure 72: M odif y Securit y M ethod 26. Clic k "OK" to save y our changes, then clic k "OK" again to return to the Filter Action screen. 27. Select the Tunnel Setting tab, and enter the W AN (Internet) IP address o f this PC (172.10..9.10 in this exa m ple). Figure 73: T unnel Setting 28. Select the Authentication M eth[...]

  • Page 100

    VRT-401 User Manual 96 Figure 74: A uthentication M ethod 29. Select Use this string to protect the key exchange (preshared key) , then enter y our preshared k e y in the f ield provided. 30. Clic k "OK" to save y our settings, then "Close" to return to the DUT to W in2K Prop- erties screen. T here should no w be 2 IP Filers lis[...]

  • Page 101

    VPN 97 Figure 76: Properties - General T ab 32. Clic k the "Advanced" button to see the screen belo w . Figure 77: Ke y Exchange Settings 33. Clic k the "Methods" button to see the screen belo w .[...]

  • Page 102

    VRT-401 User Manual 98 Figure 78: Ke y Exchange Securit y M ethods 34. Select the f irst entr y , and clic k the "Edit" button to see the f ollo w ing screen. Figure 79: IKE Securit y A lgorithms 35. Select "SHA1" f or Integrity Algorithm , "3DES" f or Encryption algorithm , and "Lo w (1)" f or the Diffie-Hel[...]

  • Page 103

    VPN 99 Example 3: Windo w s 2000 Ser v er to VPN Gate w a y In this exa m ple, a W indo w s 2000 Server connects to VR T -401. Users on each LAN can then gain access to the re m ote LAN. Figure 81: VR T -401 to Windo w s 2000 Ser v er VR T -401 Configuration T his is the sa m e as f or the client setup earlier, w ith the exception o f the IP addres[...]

  • Page 104

    VRT-401 User Manual 100 Windo w s 2000 Ser v er Configuration Con f iguration is the sa m e as f or Example 2: W indows 2000/XP Client to except f or speci f y ing the Source and Destination addresses f or the "Filter Properties". Instead, f or both IP Filters, the Filter Properties- Addressing should be co m pleted as f ollo w s. Figure [...]

  • Page 105

    VPN 101 Using Certificates Certi f icates are used to authenticate users. Certi f icates are issued to y ou b y various CAs (Certi f ication Authorities). T hese Certi f icates are called "Sel f Certi f icates". Each CA also issues a certi f icate to itsel f . T his Certi f icate is required in order to vali- date co mm unication w ith th[...]

  • Page 106

    VRT-401 User Manual 102 A dding a Trusted Certificate 1. A f ter obtaining a ne w Certi f icate f ro m the CA, y ou need to upload it to VR T -401. 2. On the "Certi f icates" screen, clic k the "Add T rusted Certi f icate" button to vie w the Add Trusted Certificate screen, sho w n belo w . Figure 84: A dd T rusted Certificate 3[...]

  • Page 107

    VPN 103 Subject Name T his is the na m e w hich other organi z ations w ill see as the Holder (o w ner) o f this Certi f icate. T his should be y our registered business na m e or o ff icial co m pan y na m e. Generall y , all Certi f icates should have the sa m e value in the Subject f ield. Hash A lgorithm Select the desired option. Signature A l[...]

  • Page 108

    VRT-401 User Manual 104 Figure 87: A dd Self Certificate (3) 8. Upload the Certi f icate: • Clic k the "Bro w se" button, and locate the certi f icate f ile on y our PC • Select the f ile. T he na m e w ill appear in the "Certi f icate File" f ield. • Clic k "Upload" to upload the certi f icate f ile to VR T -401[...]

  • Page 109

    VPN 105 Figure 89: Upload CRL 4. Upload the CRL f ile: • Clic k the "Bro w se" button, and locate the CRL f ile on y our PC • Select the f ile. T he na m e w ill appear in the "File to Upload" f ield. • Clic k "Upload" to upload the CRL f ile to VR T -401. • Clic k "Bac k " to return to the CRL list. [...]

  • Page 110

    106 Chapter 9 Other Features and Settings This Chapter explains the screens and settings available via the " M iscellaneous" menu. O v er v ie w Nor m all y , it is not necessar y to use these screens, or change an y settings. T hese screens and settings are provided to deal w ith non-standard situations, or to provide additional options [...]

  • Page 111

    Other Features and Settings 107 PC Database T he PC Database is used w henever y ou need to select a PC (e.g. f or the "DMZ" PC). It eli m inates the need to enter IP addresses. Also, y ou do not need to use f ixed IP addresses on y our LAN. PC Database Screen An exa m ple PC Database screen is sho w n belo w . Figure 90: PC Database • [...]

  • Page 112

    VRT-401 User Manual 108 Data - PC Database Screen Kno w n PCs T his lists all current entries. Data displa y ed is name (IP Address) type . T he "t y pe" indicates w hether the PC is connected to the LAN. Name I f adding a ne w PC to the list, enter its na m e here. It is best i f this m atches the PC's "hostna m e". IP A d[...]

  • Page 113

    Other Features and Settings 109 PC Database ( A dmin) T his screen is displa y ed i f the "Advanced Ad m inistration" button on the PC Database is clic k ed. It provides m ore control than the standard PC Database screen. Figure 91: PC Database ( A dmin) Data - PC Database ( A dmin) Screen Kno w n PCs T his lists all current entries. Data[...]

  • Page 114

    VRT-401 User Manual 110 IP A ddress Select the appropriate option: • A utomatic - T he PC is set to be a DHCP client ( W indo w s: "Obtain an IP address auto m aticall y "). VR T -401 w ill allocate an IP address to this PC w hen requested to do so. T he IP address could change, but nor m all y w on't. • DCHP Client - Reser v ed [...]

  • Page 115

    Other Features and Settings 111 Remote A dministration T his f eature allo w s y ou to m anage VR T -401 via the Internet. Figure 92: Remote A dministration Screen Data - Remote A dministration Screen Remote A dministration Enable Remote A dministration Enable to allo w ad m inistration via the Internet. I f Disabled, this device w ill ignore m ana[...]

  • Page 116

    VRT-401 User Manual 112 Routing O v er v ie w • I f y ou don't have other Routers or Gate w a y s on y our LAN, y ou can ignore the "Routing" page co m pletel y . • I f VR T -401 is onl y acting as a Gate w a y f or the local LAN seg m ent, ignore the "Routing" page even i f y our LAN has other Routers. • I f y our LA[...]

  • Page 117

    Other Features and Settings 113 Figure 93: Routing Screen Data - Routing Screen RIP Enable RIP Chec k this to enable the RIP (Routing In f or m ation Protocol) f eature o f VR T -401. VR T -401 supports RIP 1 onl y . Static Routing Static Routing T able Entries T his list sho w s all entries in the Routing T able. • T he "Properties" ar[...]

  • Page 118

    VRT-401 User Manual 114 Properties • Destination Net w ork - T he net w or k address o f the re m ote LAN seg m ent. For standard class "C" LANs, the net w or k address is the f irst 3 f ields o f the Destination IP Address. T he 4th (last) f ield can be le f t at 0. • Net w ork M ask - T he Net w or k Mas k f or the re m ote LAN seg [...]

  • Page 119

    Other Features and Settings 115 Other Routers on the Local L A N Other routers on the local LAN m ust use VR T -401 ’ s Local Router as the Default Route . T he entries w ill be the sa m e as VR T -401 ’ s local router, w ith the exception o f the Gateway IP Address . • For a router w ith a direct connection to VR T -401 ’ s local Router, t[...]

  • Page 120

    VRT-401 User Manual 116 For Router B's Default Route Destination IP Address 0.0.0.0 Net w or k Mas k 0.0.0.0 Gate w a y IP Address 192.168.1.80 (VR T -401 ’ s local router) Firm w are Upgrade T he f ir m w are (so f t w are) in VR T -401 can be upgraded using y our W eb Bro w ser. Y ou m ust f irst do w nload the upgrade f ile, then select U[...]

  • Page 121

    Other Features and Settings 117 UPNP An exa m ple UPNP screen is sho w n belo w . Figure 96: UPNP Screen Data - UPNP Screen UPnP Enable UPnP Ser v ices • UPnP (Universal Plug and Pla y ) allo w s auto m atic discover y and con f iguration o f equip m ent attached to y our LAN. UPnP is b y supported b y W indo w s ME, XP, or later. • I f Enabled[...]

  • Page 122

    118 A ppendix A T roubleshooting This Appendix covers the most likely problems and their solutions. O v er v ie w T his chapter covers so m e co mm on proble m s that m a y be encountered w hile using VR T -401 and so m e possible solutions to the m . I f y ou f ollo w the suggested steps and VR T -401 still does not f unction properl y , contact y[...]

  • Page 123

    Appendi x A - Troubleshooting 119 Solution 2: VR T -401 processes the data passing through it, so it is not transpar- ent. Use the Special Applications f eature to allo w the use o f Internet applications w hich do not f unction correctl y . I f this does solve the proble m y ou can use the D MZ f unction. T his should w or k w ith al m ost ever y [...]

  • Page 124

    120 Appendix B Specifications VRT-401 Model VR T -401 Di m ensions 170 mm ( W ) * 147 mm (D) * 27 mm (H) Operating T e m pera- ture 0 ° C to 40 ° C Storage T e m perature -10 ° C to 70 ° C Net w or k Protocol: T CP/IP, NA T , DHCP, H TT P, DNS, PAP, CHAP, T F T P Net w or k Inter f ace: 6 Ethernet: 4 * 10/100Base T (RJ45) LAN connection 1 * 10/[...]

  • Page 125

    Appendi x B - Specifications 121 FCC Radiation Exposure Statement T his equip m ent co m plies w ith FCC RF radiation exposure li m its set f orth f or an uncon- trolled environ m ent. T his equip m ent should be installed and operated w ith a m ini m u m distance o f 20 centi m eters bet w een the radiator and y our bod y . T his device co m plies[...]