Go to page of
Similar user manuals
-
Switch
Billion Electric Company BiPAC 5210S
20 pages 4.07 mb -
Switch
Billion Electric Company GS08
1 pages 0.46 mb -
Switch
Billion Electric Company BiPAC 3100SN
47 pages 3.27 mb -
Switch
Billion Electric Company BiPAC 5200
20 pages 4.07 mb -
Switch
Billion Electric Company BiPAC 7402 R2
20 pages 4.07 mb -
Switch
Billion Electric Company BIPAC-5100S
72 pages 1.63 mb -
Switch
Billion Electric Company BiPAC 5200SRC
20 pages 4.07 mb -
Switch
Billion Electric Company BiGuard 2
170 pages 13.69 mb
A good user manual
The rules should oblige the seller to give the purchaser an operating instrucion of Billion Electric Company BiGuard 2, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.
What is an instruction?
The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of Billion Electric Company BiGuard 2 one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.
Unfortunately, only a few customers devote their time to read an instruction of Billion Electric Company BiGuard 2. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.
What should a perfect user manual contain?
First and foremost, an user manual of Billion Electric Company BiGuard 2 should contain:
- informations concerning technical data of Billion Electric Company BiGuard 2
- name of the manufacturer and a year of construction of the Billion Electric Company BiGuard 2 item
- rules of operation, control and maintenance of the Billion Electric Company BiGuard 2 item
- safety signs and mark certificates which confirm compatibility with appropriate standards
Why don't we read the manuals?
Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of Billion Electric Company BiGuard 2 alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of Billion Electric Company BiGuard 2, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the Billion Electric Company service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of Billion Electric Company BiGuard 2.
Why one should read the manuals?
It is mostly in the manuals where we will find the details concerning construction and possibility of the Billion Electric Company BiGuard 2 item, and its use of respective accessory, as well as information concerning all the functions and facilities.
After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.
Table of contents for the manual
-
Page 1
BiGuard 10 iBusiness Security Gateway Small-Office BiGuard 2 iBusiness Security Gateway Home-Office User ’ s Manual V ersion Release 4.00 (FW:1.05)[...]
-
Page 2
2 BiGuard 2/10 User’s Manual (Updated June 1, 2006) Copyright Information © 2006 Billion Electric Corporation, Ltd. The contents of this publica tion may not be reproduced in whole or in part, transcribed, stored, tr anslated, or transmitted in an y form or any mea ns, without the prior written consent of Billio n Electr ic Co rporation. Publish[...]
-
Page 3
3 Safety Warn ings Y o ur BiGuard 2/10 is built for reliability and long service life. For your safety , be sur e to rea d and fo llow the f ollowin g safety warnings . • Read this installation guide thoro ughly be fo re attempting to set up y our BiGuard 2/10. • Y our B iGuard 2/ 10 is a co mplex elec tronic device. DO NOT open o r attemp t to[...]
-
Page 4
4 Table of C ontents Chapter 1: Intr oduction 1.1 Overview 1.2 Product Highlights 1.2.1 Virtual Private Networ k Support 1.2.2 Advanced Firewall Se curity 1.2.3 Int elligent Bandwidt h Management 1.3 Package Contents 1.3.1 BiGuard 10 1.3.1. 1 Front Pane l 1.3.1.2 Rear Panel 1.3.1.3 Rack Mounti ng 1.3. 1.4 Cab ling 1.3.2 BiGuard 2 1.3.2. 1 Front Pan[...]
-
Page 5
5 Chapter 3: Getting Sta rted 3.1 Overview 3.2 Before You Begin 3.3 Connecting Your Router 3.4 Configuring PCs for TCP/IP Networking 3.4.1 Overview 3.4.2 Wind ows XP 3.4.2.1 Configu ring 3.4.2.2 Verifying Settings 3.4.3 Wind ows 2000 3.4.3.1 Configu ring 3.4.3.2 Verifying Settings 3.4.4 Windows 98 / ME 3.4.4.1 Instal ling Compon ents 3.4.4.2 Config[...]
-
Page 6
6 Chapter 4: Router Configuration 4.1 Overview 4.2 Status 4.2.1 ARP Table 4.2.2 Routing Table 4.2.3 Session Table 4.2.4 DHCP Table 4.2.5 IPSec Status 4.2.6 PPTP Status 4.2.7 System Log 4.2.8 IPSec Log 4.3 Quick Start 4.3.1 DHCP 4.3.2 Stat ic IP 4.3.3 PPPoE 4.3.4 PPTP 4.3.5 Big Pond 4.4 Configuration 4.4.1 LAN 4.4.1. 1 Etherne t 4.4.1. 2 DHCP Serv e[...]
-
Page 7
7 4.4.3. 7 System Log Server 4.4.3. 8 E-mail Alert 4.4.4 Firewall 4.4.4. 1 Packet Filter 4.4.4. 2 URL Filter 4.4.4. 3 LAN MAC Filte r 4.4.4. 4 Block WAN Req uest 4.4.4. 5 Intrusio n Detect ion 4.4.5 VPN 4.4.5. 1 IPSe c 4.4.5.1.1 IPSec Wizard 4.4.5.1.2 IPSec Policy 4.4.5.2 PPTP 4.4.6 QoS 4.4.7 Virtual Serv er 4.4.7.1 DMZ 4.4.7.2 Port Forwar ding 4.4[...]
-
Page 8
8 5.2.3.2 Javascr ipts 5.2.3.3 Java Permission s 5.3 WAN Interface 5.3.1 Can’t Get WAN IP Address fr om the ISP 5.4 ISP Connection 5.5 P roblems with Date an d Time 5.6 Restoring Facto ry Defaults Appendix A: Produc t Specifications A.1 BiGuard 10 Product Specifications A.2 BiGuard 2 P roduct Specifications Appendix B: Custome r Support Appendix [...]
-
Page 9
9 Appendix E: Virtua l Private Netw orking E.1 What is a VPN? E.1.1 VPN Applications E.2 What is IPSec? E.2.1 IPSec Security Co mponents E.2.1.1 Authentication Hea der (AH) E.2.1.2 Encapsulating Securi ty Payload (ESP) E.2.1.3 Security Associations (SA) E.2.2 IPSec Modes E.2.3 Tunnel Mode AH E.2.4 Tunnel Mode ESP E.2.5 Internet Key Exchange (IKE) A[...]
-
Page 10
10 Chapter 1: Intr oduction 1.1 Overview Congratulations on purchasing BiGuard 2/10 Router from Billion. Combining a router with an Ethernet network switch, BiGua rd 2/10 is a state-of -the-art device that provides ev erything y ou need to get your network connected to the Internet over your Cable or DSL connection quickly and easily . The Quick St[...]
-
Page 11
11 1.2.3 Intelligent Bandwidth Manage ment BiGuard 2/10 u tilizes Quality of Service (QoS) to give you full control over the priority of both incoming and outgoing d ata, ensuring that critica l data such as customer informat ion moves thr ough your net work, even while under a heav y load. T rans mission speeds can be t hrottled to mak e sure user[...]
-
Page 12
12 Link/ACT: Lit when device is connected. Blinking when data is transmitting/receiving. LAN 1 – 8 Lit when connected to an Ethernet device. 10/100M : Lit green when connected at 100Mbps. Not lit when connected at 10Mbps. Link/ACT: Lit when device is connected. Blinking when data is transmitting/receiving. 1.3.1.2 Rear Panel Port Meaning 1 RESET [...]
-
Page 13
13 1.3.1.3 Rack Mounting T o rack mount BiGuard 10, caref ully secure the device to your r ack on both sides using the included brack ets and screws. Se e the diagr am below for a m ore detailed explan ation. 1.3.1.4 Cabling Most Ethernet networks currently use unsh ielded twisted pair (UTP) cabling. The UTP cable contains eight condu ctors, arran [...]
-
Page 14
14 4 3 2 1 1.3.2.1 Front Panel LED Function POWER A solid l ight indica tes a stea dy connec tion to a power s ource. STATUS A blinking light indic ates the devi ce is writing to flash memory. WAN Lit when connected to an Ethernet device. 10/100M : Lit green when connected at 100Mbps. Not lit when connected at 10Mbps. Link/ACT: Lit when device is c[...]
-
Page 15
15 Port Meaning 1 RESET After the device is powered on, press it to reset the device or restore to factory default settings. 0-3 seconds: The Status LED w ill light 6 seconds above: resto re to factory default settings (this is used when you cannot login to the router . E.g. forgot the password) 2 LAN 1X — 8X (RJ-45 co nnector) Connect a UTP Ethe[...]
-
Page 16
16 Chapter 2: Router Applications 2.1 Overview Y o ur BiGuar d 2/10 R outer is a versa tile device that can be configured to not o nly protect your network from malicious attackers, but also ensure optimal usage of available bandwidth with Quality of Servic e (QoS). Alternatively , BiGuard 2/10 can also be set to handle secure connection s with Vir[...]
-
Page 17
17 2.2.2 Q oS Policie s for Differ ent Applicatio ns By setting different QoS policies accordin g to the applicati ons yo u are r unning, you can use BiGuard 2 /10 to optimize the bandwidth tha t is being used on y our network. Inboun d Outboun d Scheduler Meter Classifier Restricted PC Normal PCs Vo I P[...]
-
Page 18
18 As illustrated in the diagram above, applicat ions such as V o iceover IP (V oIP) require low network latencies to fu nction properly . If bandwidth is being used by other applications such as an FTP server , user s using V oIP will experience network lag and/or service interr uptions during use. T o av oid this scenario, t his network has assig[...]
-
Page 19
19 2.2.4 Policy Ba se d Traffic Shaping Policy Based T raffic Shaping allows you to apply specific traffic policies across a range of IP addresses or ports. This is particularly useful for a ssigning different policies for diff erent PCs o n the network . Policy based traffic shaping lets you better manage your bandwidth, providing reliable Interne[...]
-
Page 20
20 2.2.6 Management by IP or MAC address BiGuard 2/10 can also be configured to appl y traffic policies based on a particular IP or MAC address. This allows you t o quickly assign different traffic policies to a specific computer on the network.[...]
-
Page 21
21 2.2.7 DiffServ (DSCP Marking) DiffServ (a.k.a. DSCP Marking) allows y o u to classify tr affic based on IP DSCP v alues. Thes e markin gs can be used to identify traffic w ithin the netw ork. O ther inte rface s can ma tch traffic based o n the DSCP mark ings. DSCP marking s are us ed to deci de how packets should be tre ated, and is a useful to[...]
-
Page 22
22 secure tunnel. The next t ype of VPN setup is the Gateway to Mu ltiple G ateway setup, where one gateway (Headquarter) is communicat ing with multiple gateways (Br anch Offices) over the Int ernet. As wit h all VPNs, data is ke pt secure with secure t unnels. The final type of VPN setup is t he Client to Gatew ay . A good example of where this c[...]
-
Page 23
23 Concentrat or: Please refer to appendix H for example settings. 100.100.100. 1 200.200.200. 1 192.168.2.x 192.168.3.x 201.201.201. 1 192.168.4.x Local ID T ype: Subnet Local subnet: 0.0. 0.0 Local mask: 0. 0.0.0 Remote ID T ype: Subn et Remote subnet: 1 92.168.3.0 Remote mask: 25 5.255.255.0 Local ID T ype: Subnet Local subnet: 192. 168 .3.0 Loc[...]
-
Page 24
24 Chapter 3: Getting Sta rted 3.1 Overview BiGuard 2/10 is designed to be a powerful and fl exible network device that is also easy to use. With an intuitive web-based configuration, BiG uard 2/10 allows you to administer y our network via virtually any Java -enabled web browser and is ful ly compatible with Linux, Mac OS, and Windows 98/Me/NT/2 0[...]
-
Page 25
25 Be sure to als o review th e Saf ety W a r n ing s located in th e prefa c e o f th is manu a l before working with your BiGuard 2/10. 3.3 Connecting Your Router Connecting BiGuard 2/10 is an easy three-step process: 1. Connect BiGua rd 2/10 to y our LAN by connecti ng Ethernet cabl es from your networked PCs to the L AN ports on the router . Co[...]
-
Page 26
26 3.4 Configuring PCs for TCP/IP Networking Now that your BiGuard 2/10 is conne cted properly to your ne twork, it’s t ime to configure y our network ed PCs for TCP / IP networking. In or der fo r your ne tworked PCs to comm unicate wi th your router , th ey mus t have the following characteristi cs: 1. Have a properly i nstalled and functionin [...]
-
Page 27
27 - Mac OS 7 and later - All versions of UNIX/Linux If you are using Windows 3.1, you must purc hase a third-party TCP/IP application package. Any T CP/IP capable wor k station can be used to communicate wi th or through the BiGuard 2/10. T o configure other types of workstations, please consult the manufacturer’ s documentation. 3.4.2 Wind ows [...]
-
Page 28
28 3. Select Internet Protocol (TCP/IP) an d click Properties . 4a. T o have your PC obtain an IP address automati cally , select the Obtain an IP address automatically and Obtai n DNS server address automat i cally ra di o buttons.[...]
-
Page 29
29 4b. T o manually assign y o ur PC a fixed IP address, select the Use the following IP address radio b utton and enter y our desired IP address, s ubnet mask, and default gateway in the blanks provided. Remember t hat your PC must reside in the same subnet mask as the router . T o designate a DNS server , select the Use the followi ng DNS serve r[...]
-
Page 30
30 3.4.2.2 Verify ing Settings T o verify your settings using a command prompt: 1. Click Start > Programs > Accessories > Command Prompt . 2. In the Command Prompt wind ow, type i pconfig and then press ENTER . If you are using BiGuard 2/10’ s default setting s, your PC should have: - An IP addr ess between 192.168.1.1 and 192.168.1.253 [...]
-
Page 31
31 T o verify your setti ngs using the Windows XP GUI: 1. Click Start > Settings > Netw ork Connections . 2. Right click on e of the netw ork connectio ns listed and select Status from the pop-up menu.[...]
-
Page 32
32 3. Click the Support tab. If you are using BiGuard 2/10’ s default setting s, your PC should: - Have an IP address b etween 192.168.1.1 and 192.168.1.253 - Have a subne t mask of 255.255.255.0[...]
-
Page 33
33 3.4.3 Wind ows 20 00 3.4.3.1 Config uring 1. Select Start > Settings > Control Panel . 2. In the Control Panel window, double-click Netwo rk and Dial- up Conn ecti ons .[...]
-
Page 34
34 3. In Network and Dial-u p Connections, dou ble-click Local Area Connec ti on . 4. In the Local Area Conne ction window , click Properties .[...]
-
Page 35
35 5. Select Internet Protocol (TCP/IP) and click Pro perti es . 6a. T o have your PC obtain an IP address automati cally , select the Obtain an IP address automatically and Obtai n DNS server address automat i cally ra di o buttons.[...]
-
Page 36
36 6b. T o manually assign your PC a fixe d IP address, select the Use the following IP address radio b utton and enter y our desired IP address, s ubnet mask, and default gateway in the blanks provided. Remember t hat your PC must reside in the same subnet mask as the router . T o designate a DNS server , select the Use the followi ng DNS serve r [...]
-
Page 37
37 2. In the Command Prompt wind ow, type i pconfig and then press ENTER . If you are using BiGuard 2/10’ s default setting s, your PC should have: - An IP address between 192.168.1.1 and 192 .168.1.253 - A subnet mask of 255.255.255.0 3.4.4 Wi ndows 98 / Me 3.4.4.1 Installi ng Components T o prepare Windows 98/Me PCs for T CP/IP networking, you [...]
-
Page 38
38 1. On the Windows taskbar , select Start > Settings > Control Panel . 2. Double- click the Network icon. The Netwo rk window displays a list of installed components.[...]
-
Page 39
39 Y o u must have the f ollowing ins talled: - An Ethernet adapter - TCP/IP protocol - Client for Microsoft Networks If you need t o install a new Ethernet adapter , follow these steps: a. Click Add .[...]
-
Page 40
40 b. S ele ct Adapter , then Add . c. Select the manufacturer a nd model of your Ethernet adapter , then click OK . If you need TCP/IP: a. Click Add .[...]
-
Page 41
41 b. S ele ct Protocol , then click Add . c. Select Microsoft . Æ TCP/IP , then OK . If you need Cl ient for Microsoft Net works: a. Click Add .[...]
-
Page 42
42 b. S ele ct Cli ent , then click Add . c. Select Microsoft . Æ Client for Microsoft Networks , and then click OK . 3. Resta rt your PC to apply y our changes. 3.4.4.2 Config uring 1. Select Start > Settings > Control Panel .[...]
-
Page 43
43 2. In the Con tro l Panel, do uble -clic k Network and choos e the Configuration tab.[...]
-
Page 44
44 3. Select the name of y our PC’ s TCP/IP Network Interface Card (NIC) and click Properties . TCP/IP > ASUST eK is illustr ated in the example below . 4. Select the IP Address tab and click the Obtain an IP ad dress autom atically radio butt on.[...]
-
Page 45
45 5. Select the DNS Con figurat ion tab and select the Disable DNS r adio button. 6. Click OK to appl y the co nfiguration.[...]
-
Page 46
46 3.4.4.3 Verify ing Settings T o check the TCP /IP configur ation, use the winipcfg.ex e utilit y: 1. Select Start > Run . 2. T y pe winipcf g , and then cl ick OK .[...]
-
Page 47
47 3. From the drop-down box, select your Ethernet adapter . The window is updated to show your settings. Us ing th e defau lt BiGua rd 2/1 0 settings, your PC shoul d have: - An IP addr ess between 192.168.1.1 and 192.168.1.253 - A subnet mask of 255.255.255.0 - A default gatewa y of 192.168.1.254 3.5 Factory Default Settings Before configuri ng y[...]
-
Page 48
48 IP Address: 192.168.1.254 Subnet Mask: 255.255.255.0 ISP setting in WAN site: Obtain an IP Address automatical ly (DHCP Client) DHCP server: DHCP server is enabled. Start IP Address: 192.168.1.100 End IP Address: 192.168.1.199 3.5.1 Userna me and Passw ord The default user name and password are "adm in" and "admin" respective[...]
-
Page 49
49 3.6 Information From Your ISP 3.6.1 Protocols Before config uring this de vice, you ha ve to check with y o ur ISP (Internet Service Provider) to find out what kind of service is provided such as DHCP , Static IP , PPPoE, or PPTP . The follow ing table ou tlines ea ch of th ese pro tocols: DHCP Configure this WAN interface to use DHCP client pro[...]
-
Page 50
50 Depending on your ISP , a host name and domain suffix may also be provided. If any of these items are dynamically supplied by the ISP , your BiGuard 2/10 will automatically acquire them. If an ISP technician confi gured your co mputer or if you c onfigured it usi ng instructions provided by your ISP , you n eed to copy the configuration in forma[...]
-
Page 51
51 3. In the Network Connections window , right-click Local Area Co nnection and select Properties . 4. Select Internet Protocol (TCP/IP) an d click Properties .[...]
-
Page 52
52 5. If an IP address , subnet mask and a Default gateway are shown, write down the information. If no address is present, y o ur account’ s IP address is dynamically assigned. Cl ick t he Obt ain an IP a ddr ess aut omat icall y radio bu tto n. 6. If any DNS serv er addr esses are shown, write them down. Click the Obtain DNS server address auto[...]
-
Page 53
53 7. Click OK to save your changes. 3.7 Web Configuration Interface BiGuard 2/10 i ncludes a W eb Configurati o n Interface for ea sy administr ation via virtually an y browser on y our network. T o access this interface, open your web browser , enter the IP address of your r outer , which by default is 192.1 68.1.254, and click Go . A u ser name [...]
-
Page 54
54 If the W eb Configurati on Interface appears, co ngratulations! Y ou are now ready to configure your B iGuard 2/10. If yo u are having troubl e accessing the inter face, please refer to Chapter 5: Tr oubleshooting for possible resolutions.[...]
-
Page 55
55 Chapter 4: Router Configuration 4.1 Overview The W eb Configur ation Interface make s it easy for you to manage y our network via any PC connected to it. On the W eb Configuration homepage, you will see the navigation pa ne located on the left hand side. From it, y o u will be able to select various options used to configure y our router . 1. Cl[...]
-
Page 56
56 restricted to only one PC accessing the we b configur at ion in terface a t a t ime. Once a PC has logged into the web interface, other PCs cannot gain access until the current PC has logged out. If the previous PC forgets to logout, the second PC ca n access the page after a user-defined period (5 minutes by default). The following section s wi[...]
-
Page 57
57 address of your PC’ s network interface to use with the router’s Firew all – MAC Address Filter function. See the Firewall section of this chapter for more information on this feature. No.: Numb er of th e list. IP Address: A list of IP addresses of devices on your LAN. MAC Address: The Media Access Cont rol (MAC) addresses for each device[...]
-
Page 58
58 No.: Numb er of th e list. Destination: Th e IP address of the destinatio n network. Netmask: The dest ination n etmask address. Gateway/ Interf ace: Th e IP add ress of t he gate way or exis ting in terfac e that th is route will use. Cost: The number of hops counted as the cost of the route. 4.2.3 Session Table The NA T Session T able displays[...]
-
Page 59
59 Last: T o the last page. Jump to the session: please input the session number you would like to see and press “GO” 4.2.4 DHCP Tab le The DHCP T able displays a list of IP addre sses that ha ve been assigned to PCs on your net work via Dynami c Host Configurati on Protocol (DHCP). No.: Numb er of th e list. IP Address: A list of IP addresses [...]
-
Page 60
60 Enable: Whether th e IPSec connection is currently Enable or Disable. Status: Whether the IPSec is Active, Inactive or Disable. Local Subnet: The local IP address or subnet used. Rem ote Subnet: The subnet of the remote site. Remote Gat eway: The r emote gateway IP addr ess. SA: The Security Assoc i ation for this IPSec entry . Action: Manually [...]
-
Page 61
61 Re fresh: Refresh the S ystem Log. Clear Log: Clear the System Log. Send Log: Send the Sy stem Log to yo ur emai l account. Y ou can set the email address in Configuration > Syst em > Email Alert . See the Email Alert section for more details. Save Log: Save the System log to a t ext file. 4.2.8 IPSec Log This page displays the router’ s[...]
-
Page 62
62 details. Save Log: Save the IPSec log t o a text file. Please refer to Appendix F: IPSec Log Events for more information on log events. 4.3 Quick Start The Quick Start menu allows you to qu ickly configure you r network for Int ernet access using the most basic settings. Connection Meth od: Select your router ’ s con nection to the In ternet. [...]
-
Page 63
63 IP assigned by your ISP: Enter the assigned IP address from yo ur IP . IP Subnet Mask: Enter your IP sub net mask. ISP Gateway Address: Enter your ISP gatew ay address. Primary DNS: Enter your primary DNS. Secondary DNS: Enter yo ur secondary DNS . Click Apply to save y our changes. T o reset to defaults, click Reset . 4.3.3 PPPoE Username: Ente[...]
-
Page 64
64 4.3.4 PPTP Username: Enter your user name. Password : Enter your password. Re type Pas sword: Re type your pas sword. PPTP Clie nt IP: Enter the PPTP Client IP pro vided by yo ur ISP . PPTP Client IP Netmask: Enter th e PPTP Client IP Net mask provided by your ISP . PPTP Client IP Gateway: Ent er the PPTP Client IP Gateway provided by your ISP .[...]
-
Page 65
65 Username: Enter your user name. Password : Enter your password. Re type Pas sword: Re type your pas sword. Login Server: Enter the IP of the Lo gin server provided by your ISP . Click Apply to save y our changes. T o reset to defaults, click Reset . For detailed instructions on configurin g WAN settings, please refer t o the WAN section of this [...]
-
Page 66
66 4.4.1 LAN There are two items wi thin this section: Ethernet , DHCP Ser ver and LAN Address Mapping. 4.4.1.1 Ethernet IP Address: Enter the internal LAN IP address for BiGuard 2/10 (192.168.1.254 by default). Subnet Mask: Enter the subnet ma sk (255.255.255.0 by default). RIP: RIP v2 Broadcast and RIP v2 Multicast. Check to enable RIP . 4.4.1.2 [...]
-
Page 67
67 T o disable the router’s DHCP Serve r , select the Disable radio button, a nd then click Apply . When the DHCP Server is disabled, yo u will need to manual ly assign a fix ed IP ad dr es s to ea ch PC on you r n etw or k, and set the default gatew ay for each PC to the IP address of the router (192.168.1.254 by default). T o configure the rout[...]
-
Page 68
68 reserved IP . Candidates: Y ou can also select the Candidates which are referred from the ARP table for automatic input. Click the Apply button to add the configur ation into the Host T able. Press the Delete button to delete a configuration from the Host T able. 4.4.1.3 LAN Address Mapping LAN Address Mapping is a function that can support mult[...]
-
Page 69
69 Name: Please input the name of the rule. IP Address: Please input the LAN Gate way I P Address you woul d like to use. Netmask: Please input the Netmask you would like to use. WAN IP Add ress: Please click Candidates to select the W AN IP address you would like to use from WAN Alias list. Click the Apply button to add the configur ation into the[...]
-
Page 70
70 4.4.2.1 WAN Connection Meth od: Select how your router will connect t o the Internet. Selection s include Obtain an IP Address Automatically , Static IP Settings , PPPoE Settings , PPTP Settings , an d Big Pond Settings . F or each WAN port, the factory default is DHCP . If your ISP does n ot use DHCP , select the correct connection method and c[...]
-
Page 71
71 RIP: T o activate RIP , select Send , Recei ve , or Both from the drop do wn menu. T o disable RIP , select Disable from the drop down menu. MTU: Enter the Max imum T ransmission Unit (MT U) for your network . Click Apply to save y our changes. T o reset to defaults, click Reset . 4.4.2.1.2 Static IP IP assigned by your ISP: Enter the static IP [...]
-
Page 72
72 4.4.2.1.3 PPPoE Username: Enter your user name. Password : Enter your password. Re type Pas sword: Re type your pas sword. Connection: Select w hethe r the connection should Always Con nect or Trigger on Demand . If yo u want the router to establi sh a PPP oE session when sta rting up and to automatically re-establi sh the PPP oE se ssion when d[...]
-
Page 73
73 MTU: Enter the Max imum T ransmission Unit (MT U) for your network . Click Apply to save y our changes. T o reset to defaults, click Reset . 4.4.2.1.4 PPTP Username: Enter your user name. Password : Enter your password. Re type Pas sword: Re type your pas sword. PPTP Clie nt IP: Enter the PPTP Client IP pro vided by yo ur ISP . PPTP Client IP Ne[...]
-
Page 74
74 MAC Address: If your ISP requ ires you to inp ut a WAN Ethern et MAC, check the checkbox and enter your MA C address in the blanks below . Candidates: Y ou can also select the MAC address from the list in t he Candidates. DNS: If your ISP requires you to manu ally setup DNS settings, check the checkbox and enter your primary and secondary DNS . [...]
-
Page 75
75 Click Apply to save y our changes. T o reset to defaults, click Reset . A simpler alternative is to select Quic k Star t from the main menu. Please see the Quick Start section of this chap te r for more information. 4.4.2.2 Bandwidt h Settings Under Bandwidth Settings, you can easily configure bot h inbound and outbound bandwidth. WA N: Enter yo[...]
-
Page 76
76 Please click Create to create a LAN Address Mapping rule. Name: Please input the name of the rule. IP Address: Please input the additional W AN IP address you would like to use. Click the Apply button to add the configur ation into the W AN IP Alias. 4.4.3 System The System menu allows you to adjust a variety of basic router settings, upgr ade f[...]
-
Page 77
77 4.4.3.1 Time Zone BiGuard 2/10 does not use an onboard real time clock; instead, it uses the Network Time Protocol (NTP) to acquire the current time from an NTP server outsi de your network. Simply choose you r local time zone , enter NTP Server IP Addr ess, and click Apply . After connecting to the Intern et, BiGuard 2/10 will retrieve t he cor[...]
-
Page 78
78 Time, please check the Automatic checkbox. Re sync Pe riod: Please input the resy nc circle of time zon e update. Click Apply to apply the ru le, Clic k Cancel to discard the changes. 4.4.3.2 Remote Access T o allow remote users to configure and manage BiGuard 2/10 thro ugh the Internet, select the Enable r adio button. T o de activate remote ac[...]
-
Page 79
79 Allow Re mote Access By: Everyone: Please check if you allow any IP addresses for the remote us er to access. Only the PC: Please specify the IP A ddress that is allowed to access. PC from the subnet: Please specify th e subnet that is allowed t o access. 4.4.3.3 Firmware Upgrade[...]
-
Page 80
80 Upgrading y our BiGuard 2/10’ s firmware is a quick and easy way to enjo y increased functionality , bett er reliability , and ensure trouble-f ree operation. T o upgrade your firmware, simpl y visit Billion’ s website ( http://www.billion.com ) and down load the latest firmware image file f or BiGuard 2/10. Next, click Browse and select the[...]
-
Page 81
81 select a file from yo ur PC to restore. Be su re to only restore setting fi les that hav e been genera ted by the Backup function, a n d that were created when using the same firmware version. Setting s files saved to your PC should not be manually edited in any way . After selectin g the settings file you wish to use, click ing Restore will loa[...]
-
Page 82
82 In order to prevent unauth orized access to your router ’ s con figuration interface, it requires the admini strator to lo gin with a pass word. Y ou can change y our password by entering your new password in both fields. Click Apply to sa ve your changes. Click Reset to reset to the defaul t administr ation password (admin). 4.4.3.7 System Lo[...]
-
Page 83
83 This function allows BiGu ard 2/10 to send sy stem logs to an external S yslog Server . Syslog is an industry -standard protocol used to capture inf ormation about network activity . T o enable this functi on, select the En able r adio button and enter your Syslog server IP addres s in the Log Server IP Ad dress field. Click Apply to save your c[...]
-
Page 84
84 Select Enable to activ ate SMTP server l ogin function, disa ble to deactivate. Username: Input the SMTP server’ s username. Password : Input the SMTP serv er’s password. Alert via Email when: Select the frequency of each email update. Choose one of the five options: Immediately: The router will send an alert immediately . Hourly: The router[...]
-
Page 85
85 The Pack et Filter function is used to limit user access to ce rtain sites on the Internet or LAN. The Filt er T able displays all curren t filter rules. If th ere is an entry in the Filter T able, you can click Edit to modify the setting of this entry , or click Delete to remove this entry , or cli ck Move to change this entry’ s priority . W[...]
-
Page 86
86 rules prevent unauthorized computers or a pplications accessing the Internet. Select if the new filter ru le is incoming or outgoing . Source IP: Select Any , Subnet , IP Range or Single Address . Starting IP Address: Enter the source IP or star ting source IP address this filter rule is to be applied. End IP Address: Enter the End sour ce IP Ad[...]
-
Page 87
87 The URL Filter is a powerful t ool that can be used to limit access to certain URLs on the Internet. Y ou can block we b site s based on keywords or even block out an entire domain. Certain web features ca n also be blocked to grant added sec urity to your network. URL Filtering: Y ou can choose to Enable or Disable th is feature. K eyword Filte[...]
-
Page 88
88 checkbox. T o edit the list of f iltered domains, click Details . Enter a domain and select ed whether this domain is t rusted or forbidden with the pull-down menu . Next, click Apply . Y our new domain will be added to either the T rusted Domain or Fo rbidden Domain li s ting, depending on which yo u selected previously . Re strict URL Fe ature[...]
-
Page 89
89 Enter a name for the IP Address and then enter the I P address itself . Click Apply to save your changes. The IP address will be ent ered into the Exception List, an d excluded from the URL f iltering rules in effect. 4.4.4.3 LAN MAC F ilter LAN Mac Filter can decide that BiGuard will serve those devices at LAN side or not by MAC Address. Defaul[...]
-
Page 90
90 Rule: Enable or disable this ent ry . Action When Matched: Select to Drop or For ward the packet specified in this filt er entry . MAC Address: The MAC Address you would like to apply . Candidates: Y ou can also sele ct the Candidat es which are referred from the AR P table for automatic input. 4.4.4.4 Block WAN Request Blocking W AN requests is[...]
-
Page 91
91 4.4.4.5 Intrusion Detection Intrusion Detection can prevent most common DoS attacks from the Internet or from LAN users. Intrusion Detection: Enable or disable this function. Intrusion Log: All the detected and dropped attacks will be shown in the system log. 4.4.5 VPN 4.4.5.1 IPSec IPSec is a set of protocols th at enable Virtual Private Networ[...]
-
Page 92
92 Connection Name: A user-defin ed name for the connection. Pre-shared K ey: This is for the Internet K ey Exchange (IKE) protocol. IKE is used to establish a shared security po licy and aut henticated keys for services (such as IPSec) that require a key . Before any IPSec traffic can be passed, each router must be able to verify th e identity of [...]
-
Page 93
93 Re mote Secure Gateway Address ( or Host Name): The IP address or hostname of the remote VPN device that i s connected and establishes a VPN t unnel. Re mote Network: The subnet of the remote network. Allows yo u to enter an IP address and netmask. Back: Back to the Previous page. Next: Go to the next page. (2)LAN to LAN (Mobile LAN): BiGuard wo[...]
-
Page 94
94 Re mote Secure Gateway Address ( or Hostna me): T he IP address or hostname of the remote VPN device that is connected and establishes a VPN tunnel. Back: Back to the Previous page. Next: Go to the next page. (4)LAN to Host (M obile Client): BiGu ard would like to establish an IPSec VPN tunnel with remote client software using Dyn amic Internet [...]
-
Page 95
95 (5)LAN to Host (F or BiGuard VPN Client only): Bi Guard would lik e to establish an IPSec VPN tunnel w ith BiGuard VPN Client software C01 by using aggressive mode. VPN Client IP Address: The VPN C lient Address for BiGuard VPN Client, t his value will be apply on both remote ID and remote Network as single address. Back: Back to the Previous pa[...]
-
Page 96
96 After your confi guratio n is done, you will see a Con figuration Summary . Back: Back to the Previous page. Done: Click Done to apply the rule. 4.4.5.1.2 IPSec Policy Click Create to create a new IPSec VPN connection account. Configuring a New VPN Connection[...]
-
Page 97
97 Connection Name: A user-defin ed name for the connection. T unn el: Select Enable to activa te this tunnel. Select Disable to deactiv ate this tunnel. Local: This section configures t he local host. ID: This is the ident ity type of th e local router or host. Choose from the following four options: W A N I P A d d r e s s : A u t o m a tically u[...]
-
Page 98
98 VPN.COM is the domain na me. When you enter th e FQDN of the local host, the router will aut omatically seek the IP address of the FQDN . FQUN E-Mail(Fu lly Qualified User Name): Consists of a username and its domain name. For example, user@vpn.com is a F QUN. "user" is the username an d "vpn.c om" is the domain name. Data: E[...]
-
Page 99
99 degrees of security and speed of negotiation: Main Mode: Uses the automated Inte rnet K ey Exchange (IKE) setup; m ost secure method with the hi ghest level of security . Aggressive Mode: Uses the automate d Internet K ey Exchange (IKE) setup; mid-level security . Speed is faster than Main mode. Manual Key: Standard level of secu rity . It is th[...]
-
Page 100
100 K ey Life Time: Allows you to specify the timer interval for renegotiation of another key . The value is in second s e.g. 3600 seconds = 1 hour . Netbios Broadcast: Allows BiGuard to send local Netbios Broadcast packet throug h the IPSec T unnel, please select Enable or Disabl e . DPD Setting: DPD , Dead Peer Detecti on. DPD Function: Sel ect E[...]
-
Page 101
101 PPTP function: Select Enable to activ ate PPTP Server . Disable to deacti vate PPT P Server function. Auth. T ype: The authentication t ype, Pap or Chap, PaP, Chap. Data Encryption: Select Enable or Dis able the Data Encrypti on. Encryption K ey Length: Auto , 40 bits or 128 bits . Peer En cryption Mode: Only Stateless or Allow Stateles s and S[...]
-
Page 102
102 Connection Name: A user-defin ed name for the connection. T unn el: Select Enable to activa te this tunnel. Select Disable to deactiv ate this tunnel. Username: Please input the userna me for this account. Password : Please input the password for this account. Re type Pass word: Please repeat the same password as previous field. Connection T yp[...]
-
Page 103
103 The first menu screen gives you an overview of which WAN ports currently have QoS active, and the bandwidth settings for each. W AN Outbound: QoS Function: QoS status for WAN outbound. Select Enable to activ ate QoS for WAN’ s outgoing traffic. Select Disable to deacti vate. Max ISP Bandwidth: The maximum bandwidth afforded by the ISP for W A[...]
-
Page 104
104 Next, click Create to open the QoS Rule Conf iguration window . Application: User defined applicati on name for the current rule. Pack et T ype: The type of packet this rule applies to . Choose from Any , TCP , UDP , or ICMP . Guaranteed: The guar an teed amount of bandw idth for this rule as a percentage. Maximum: The maximum amount of bandwi [...]
-
Page 105
105 Bandwidth per source IP Address: Please select Bandwidth per s ource IP Address if you would like the speci f ied bandwidth to be a pplied individually per source IP address in specified IP r ange. Fo r IP Address (default)… Source IP Address Ra nge: The ra nge of source IP Addresses this r ule applies to. Destination IP Address Range: The ra[...]
-
Page 106
106 application program (usually a server) incoming connections shou ld be delivered to. Some ports have numbers that are pre-assi gned to them by th e Internet Assigne d Numbers Authority (IANA), and these are re ferred to as "well-kn own ports". Servers follow the well-known p ort assignme nts so clients can locate them. If you wish t o[...]
-
Page 107
107 Enable DMZ fu nction: Enable: Activ ates your router’ s DMZ function. Disable: Default setting . Disables the DMZ fun ction. DMZ IP Address: Give a static IP address to the DMZ Host when the Enable ra d io button is selected. Be aware t his IP will be exposed to the WAN/Internet. Candidates: Y ou can also select the Candidates which are refer[...]
-
Page 108
108 Click Create to add a new port forwarding ru le. There are two port forwarding modes: Port Range Mapp ing and Port Redirection . This function allows any incomin g data addressed to a range of service port numbers (from the Inte rnet/W AN P ort) to be re-di rected to a particular LAN private/internal IP address. This option gives you the abilit[...]
-
Page 109
109 Internal IP Address: Enter the LAN server /host IP address that the service request from the Intern et will be sent to. Candidates: Y ou can also select the Candidates which are referred from the ARP table for automatic input. N O TE: Y ou need to give your LAN server/host a stat ic IP address for the Virtual Server to work properly . Click App[...]
-
Page 110
11 0 (subnet). The routing t able stores the routing informat ion so the router kn ows where to redirect the IP packets. Click on Static Route and then click Create to add a routing table. Rule: Sele ct Enable to activ ate this rule, Di sable to deactiv ate this rule. Destination: This is the destinat ion subnet IP address. Netmask: This is the sub[...]
-
Page 111
111 Click Apply to save your c hanges. 4.4.8.2 Dynamic DNS The Dynamic DNS f unction allows y ou to alias a dynamic IP address to a static hostname, allowing users whose ISP does not assign them a static IP address to use a domain name. This is especially u seful when hosting servers v ia your W A N connection, so that an yone wishing to conn ect t[...]
-
Page 112
11 2 Enable: Check to enable the Dynamic DN S function. The f ollowing fields w ill be activated and required: Dynamic DNS Server: Select the DDNS service you have established an account with. Wildcard: Select this check box to enable the DYNDNS Wildca rd. Domain Name: Enter your registered domain name for this service. Username: Enter your registe[...]
-
Page 113
11 3 Management IP Address: Y ou may specify an IP address allowed to logon a nd access the router’ s web server . Setting the IP a ddress to 0.0.0.0 will disable IP address restrictions, allo wing users to login from an y IP address. Expire to auto-logout: S pecify a time fr ame for the system to auto-l ogout the user’ s configuration session.[...]
-
Page 114
11 4 IGMP Snooping: Please select enabl e or disable IGMP Snoopi ng function. IGMP Proxy: Please select enable or disable the IGMP Pro xy function. Click Apply to apply this f unc tion, and please note that th e setting wi ll become effective after y ou save to flash and restart the router . 4.4.8.5 VLAN Bridge This section allows yo u to create VL[...]
-
Page 115
11 5 VLAN Name: Please input VLAN na me of this rule. VLAN ID: Please input VLAN ID that will be used for T agged member port(s ). T agged Member port(s): Please check the interface that you would like to use in this VLAN ID group . Untagged Member port(s): Plea se check the interf ace that you would like to use in this VLAN ID group. Click Apply t[...]
-
Page 116
11 6 your config urati on settings before you logout. Be aware that the router is restricted to only one PC accessing the web configur ation interface at a time. Once a PC has logged into the web interfac e, other PCs cannot gain access until the curren t PC has logged out. If the previous PC forgets t o logout, the second PC can access the page af[...]
-
Page 117
11 7 Chapter 5: Troubleshooting 5.1 Basic Functionality This section deals with issues regardin g your BiGuard 2/10’ s basic functions. 5.1.1 Ro uter Won’ t Turn On If the Po wer and other LEDs fail to ligh t when y our BiGuard 2/10 is turned on: - Make sure that the power cord is properly connected to your firewall and that the power supply ad[...]
-
Page 118
11 8 - Make sure each Ethernet cable connection is secure at the firewall and at the hub or workstation. - Make sure that power is tur ned on to the con nected hub or workstati on. - Be sure you are using the correct cable. When connecting the firewall’ s Internet port to a cable or DSL modem, use the cabl e that w as supplied with the cable or D[...]
-
Page 119
11 9 - Check the 10/100 LAN LEDs on BiGuard 2/10’ s front panel. One of these LEDs should be on. If th ey are both off , ch eck the cables between BiGuard 2/10 and the hub or PC. - Check the correspondi ng LAN LEDs on yo ur PC’ s Ethernet device are on. - Make sure that driver softw are for your PC’ s Ethernet adapter and TCP/IP software is c[...]
-
Page 120
120 3. Make sur e that the Delete All O ffline Content checkbox is check ed, and click OK . 4. Click OK under Internet Options to close the dialogue. - In Windows, type ar p –d at the command pr ompt to clear you computer’ s ARP table.[...]
-
Page 121
121 5.2.3.1 Pop-up Windows T o use the W eb Configuration Interface, y ou need to disable pop-up blocking. Y ou can either di sable pop-up blocking, which i s enabled by de fault in Wi ndows XP Service P ack 2, or create an exce ption for your BiGuard 2/10’ s IP address. Disablin g All Pop-ups In Internet Explorer , select Tools > Pop-up Block[...]
-
Page 122
122 3. Enter the IP address of your r outer . 4. Click Add to add the IP address to the list of Allowed sites . 5. Click Close to return to the Pri vacy tab of the Internet Options dialog ue. 6. Click App ly to sav e your change s. 5.2.3.2 Javascrip ts If the W eb Configuration Int erface is not displayi ng properly in your browse r , check to ma k[...]
-
Page 123
123 3. Under Scripting , check to se e if Active script ing is set to Enable . 4. Ensure that Scripting of Java applets is set to Enable . 5. Click OK to clo se th e dialo gue. 5.2.3.3 Java Permissions The following J av a Permissions should also be given fo r the W eb Conf iguration Interf ace to disp lay properly: 1. In Internet Explorer , click [...]
-
Page 124
124 5.3 WAN Interface If you are having problems with the W AN Interface, refer to the tips below . 5.3.1 Ca n’t Get WAN IP Ad dress from the ISP If the W AN IP address cannot be obtained from the ISP: - If you are us ing PPPoE or PPTP , you will need a user name and password. Ensure that y ou have entered the correct Se rvice T ype , User Name ,[...]
-
Page 125
125 2. Access the W eb Configura tion Interface by entering your route r’s IP address (default is 192.168.1.254). 3. The WAN IP Status is displayed on the first page. 4. Check to see that the W AN port is properly connected to the ISP . If a Connected by (x) wher e (x) is your con nection method i s not shown, your router has n ot successfully ob[...]
-
Page 126
126 account as y our PC’ s host name on the router . - Y our ISP m ay check for your PCs MAC address. Either inform yo ur ISP that you have purchased a ne w network device and ask them to use your r outer’s MAC address, or config ure your rout er to spoof you r PC’ s MAC address. If an IP address can be obtained, but your PC cannot load any w[...]
-
Page 127
127 Appendix A: Produc t Specifications A.1 BiGuard 10 Product Specifications Virtu al Priva te Ne twork - IPSec VPN, supports up to 10 IPSec tunnel s - IPSec VPN performance is up to 20 Mbps - PPTP VPN, support up to 4 PPTP tunnels - PPTP VPN performance is up to 10 Mbps - Manual k ey , Internet K ey Exchange (IK E) authent ication and K ey Manage[...]
-
Page 128
128 - Intrusion detecti on Conte nt Filteri ng - URL Filter settings prevent user access to certain sites on the Intern et - Java Apple t/Active X/Cookie Blocking Quality of Servi ce Control - Supports DiffServ approach - T raffic prioritization and bandwidth managemen t based-on IP protocol, p ort number and IP or MAC address Web-Based Management [...]
-
Page 129
129 Physical Specificatio ns Dimensions: 18.98" x 6.54" x 1.77" (482mm x 1 66 mm x 45mm, with Br acket) 9.84" x 6.54" x 1.38" (250mm x 166 mm x 35mm, non Brack et) Power Requirement Input: 12VDC, 1A Operating E nvironment - Operating temp erature: 0 ~ 40 degree s Celsiu s - Storage temper ature: -20 ~ 70 degrees Celsiu[...]
-
Page 130
130 A.2 BiGuard 2 P roduct Specifications Virtu al Priva te Ne twork - IPSec VPN, supports up to 2 IPSec tunnel s - IPSec VPN performance is up to 4 Mbps - PPTP VPN, support up to 4 PPTP tunnels - PPTP VPN performance is up to 10 Mbps - Manual k ey , Internet K ey Exchange (IK E) authent ication and K ey Management - Authentication (MD5 / SHA -1) -[...]
-
Page 131
131 Firewall - Stateful P acket Inspection (SPI) and Denial of Service (DoS) preve ntion - P acket filter un-permitted inbound (WA N)/Inbound (LAN) Internet access by IP addre ss, port number and packet t ype - Email alert and lo gs of attack - MAC Address Filtering - Intrusion detecti on Conte nt Filteri ng - URL Filter settings prevent user acces[...]
-
Page 132
132 Physical Interface Ethernet W AN 1 ports (10/100 Base- T) , support Auto- Cross over (MDI/MDIX) Ethernet LAN 8 ports (10/100 Base- T) switch, support Auto- Crossover (MDI/MDIX) Physical Specificatio ns Dimensions: 10.43" x 6.93" x 1.73" (265 mm x 176 mm x 44mm) Power Requirement Input: 12VDC, 1A Operating E nvironment - Operating[...]
-
Page 133
133 Appendix B: Custome r Support Most problems can be solved by referring to the T roubleshoot ing s ection in the User’ s Manual. If y ou cannot resolv e the problem with the T rou bleshooting chap ter , please contact the dealer where you pur chased this product. Conta ct Billi on Wo r ld wi d e http://www.billion.com/[...]
-
Page 134
134 Appendix C: FCC Inte rference Statement This device complies with Part 15 of FCC rules. Oper ation is subj ect to the following two conditio ns: - This device ma y no t cause har mful interference. - This device must accept an y interference received, including interference that may cause undesired oper ations. This equipment has been tested an[...]
-
Page 135
135 Appendix D: Network, R outing, an d Firewa ll Basics D.1 Network Basics D.1.1 IP Addresses With the number of TCP/IP networks interconne cted across the globe, ensuring that transmitted data reache s the correct destination requires each computer on the Internet has a uniqu e identifier . This identifier is k nown as the IP ad dress. The Intern[...]
-
Page 136
136 192.168.234.245/24, which means that the net mask is 24 ones followed by 8 zeros. (11111111 11111111 11111111 000 00000). D.1.1.2 Subnet Addressing Subn et address ing enables the spli t of one IP network address into multiple physical networks. These smaller networks are cal l ed subnetworks, and these subnetworks can ma ke effic ient us e of [...]
-
Page 137
137 D.1.2 Network Address Translat ion ( NAT) T raditionally , multiple PCs that needed simu ltaneous Internet access also required a range of IP addresses from the Internet Se rv ice Provider (ISP). Not only was th is method very costly , but the number of a vailable IP addresses for PCs is limited. Instead, BiGuard 2/10 uses a t ype of address sh[...]
-
Page 138
138 connected to at least two networks. Usually , this is a LAN and a WAN that is connected to an ISP network. R outers are located at gatew ays, the places where two or more net works connect. R outers use headers and forwarding tables to determine the best path for forwar ding the packets, and t hey use protocols to communicate with each other an[...]
-
Page 139
139 firewall adds features t hat deal with outside Internet intrusion and attacks. When an attack or intrusion is detected, the firewa ll can be configured to log the in trusion attemp t, and c an also notify th e admin istrato r of the in cident. With this informatio n, the administrator can work with the ISP to take action agai nst the hacker . A[...]
-
Page 140
140 Appendix E: Virtua l Private Netw orking E.1 What is a VPN? A Virtual Privat e Network (VPN) is a sh ared network where pr ivate data is segmented from other tr affic so that only the intended recipient has access. It allows org anizations to securely transmit data over a public medium like the Internet. VPNs utilize tunnels, whic h allow data [...]
-
Page 141
141 Internet Protocol Securit y (IPSec) is a set of protocols and algorithms that provide data authentication, integrity , and confiden tialit y as data is transferr ed across IP networks. IPSec provides data se curity at the IP packet level, and protects against possible security risks by protecting data. IPSec is widely us ed to es tablish V PNs.[...]
-
Page 142
142 A typical AH packet looks like this: E.2.1.2 Encapsulating Se curity Payload (ESP) Encapsulating Security P ayload (ESP) provid es privacy f or data through encrypt ion. An encryption algorithm combines the da ta with a key to encrypt it. It then repackages the data using a special format , and tr ansmits it to the destination. The receiver the[...]
-
Page 143
143 like this: E.2.1.3 Security Associations (SA) Security Associations are a one- way relationships bet ween sender and receiver that specify IPSec-related par ameters. They provide data protection by using the defined IPSec protocols, a nd allow organizati ons to control according to the securit y policy in effect, which resources may communicate[...]
-
Page 144
144 Tr a n s p o r t M o d e : - This mode is used to provide data se curity be tween t wo netw orks . It provid es protection for the entire IP pack et and is sent by adding an out er IP header corresponding to the two tunnel end-points. Since tunnel mode hides the original IP header , it provides security of the networks wi th private IP address [...]
-
Page 145
145 E.2.5 Internet Key Exc hange (IKE) Before either AH or ESP can be use d, it is necessary for the two communication devices to exchange a secret key that the security protocols themselv es will use. T o do this, IPSec uses Internet K ey Exchange (IKE) as a primary support protocol. IKE facilitates and autom ates the SA setup, and exchanges keys [...]
-
Page 146
146[...]
-
Page 147
147 Appendix F: IPSec Log s and Events F.1 IPSec Log Event Categories There are three major cate gories of IPSec Log Events for your BiGuard 2/10. These include: 1. IKE Negotiate P acket Messages 2. Rejecte d IKE Messages 3. IKE Negotiated Status Messages The table in the following section lists th e different events of each category , and provides[...]
-
Page 148
148 Send Main mo de second respon se message of ISAKMP Sending the main mod e second r esponse me ssage. Do ne to exc hange key values. Received Main mod e second response me s sage of ISAKMP Received the main mode se cond response message. Done to exch ange key values. Send Main mode third message of ISAKMP Sending the third message of m ain mode.[...]
-
Page 149
149 Received Quick mode first response message Received the first response message of quick mode (Phase II). Done to exchange propos al and key values (IPSec). Send Quick mode seco nd message Sending the second message of qui ck mode (Phase II). Received Quick mo de second message Received the sec ond message of quic k mode (Phase II). ISAKMP IKE P[...]
-
Page 150
150 (Main/Aggressive) mode peer ID is (identifier string) ISAKMP SA Established IPsec SA Established[...]
-
Page 151
151 Appendix G: Bandwidth Management with QoS G.1 Overview I n a h o m e o r o f f i c e e n v i r o n m e n t , u s e r s c o n s t a n t l y h a v e t o t r a n s m i t d a t a t o a n d f r o m the Internet. When too many are accessing the Internet at the same time, service can slow to a crawl, causing service interruptions and general frustrati[...]
-
Page 152
152 -Prioritization: Assign s different priority levels for different applica tions, prioritizing traffic. High, Normal and Low priority settings. -Outbound and In bound IP Throttli ng: Controls net work traffi c and allows y ou to limit the speed of each application. -DiffServ T echnology: Manages priority queues and DSCP tagg ing through the Inte[...]
-
Page 153
153 broadband connection. Application Data Ratio (%) Priority On-line game s 30% High Skype 5% High Email 10% High FTP 20% Upload (High), Download (Normal) Other 35% G.4.2 Office Users QoS is also ideal for small bu sinesses using an office server as a web server . With QoS control, web pages served to your customers can be given top priorit y and [...]
-
Page 154
154 FTP 10% Upload (H igh), Downlo ad (Norm al) Other 30% MP3 (Low), MSN (Normal)[...]
-
Page 155
155 Appendix H: Router Setup Examp les H.1 VPN Configuration This section outlines some concrete ex amples on how you can configure BiGuard 2/10 for your VPN. H.1.1 LAN to LAN Branch Office Head Office Local ID IP Address IP Address Data 69.121.1.30 69.121.1.3 Network Any Local Add ress Any Local Address IP Address 192.168.0.0 192.168.1.0 Netmask 2[...]
-
Page 156
156 ID IP Address IP Address Data 69.121.1.3 69.121.1.30 Network Subnet Subnet IP Address 192.168.1.0 192.168.0.0 Netmask 255.255.2 55.0 255.255.255.0 Proposal IKE Pre-shared Ke y 12345678 12345 678 Security Algorithm Main Mode; ESP: MD5 3DES PFS Main ESP MD5 3DES PFS H.1.2 Host to LAN[...]
-
Page 157
157 Single client Head Office Local ID IP Address IP Address Data 69.121.1.30 69.121.1.3 Network Any Local Add ress Any Local Address IP Address 0.0.0.0 192.168.1.0 Netmask 0.0.0.0 255.255.255.0 Remote Secure Gateway Address(or Hostname) 69.121.1.3 69.121.1.30 ID IP Address IP Address Data 69.121.1.3 69.121.1.30 Network Subnet Single Address IP Add[...]
-
Page 158
158 H.2 VPN Concentrator Step 1: Go to Confi guratio n > IPSec and co nfigure the link f rom BiGuard 2/10 Headquarter to BiGuard 2/10 Branch A . 100.100.100. 1 200.200.200. 1 192.168.2.x 192.168.3.x 201.201.201. 1 192.168.4.x Local ID T ype: Subnet Local subnet: 0.0. 0.0 Local mask: 0. 0.0.0 Remote ID T ype: Subn et Remote subnet: 1 92.168.3.0 R[...]
-
Page 159
159 Step 2: Go to Confi guratio n > IPSec and co nfigure the link f rom BiGuard 2/10 Headquarter to BiGuard 2/10 Branch B . Step 3: Go to Config urati on > IPSec and configure the connection from BiGuard 2/10 Branch A t o BiGuard 2/10 Headquarter .[...]
-
Page 160
160 Step 4: Go to Confi guratio n > IPSec and configure the connection from the BiGuard 2/10 Branch B to BiGuard 2/10 Headquarter . Step 5: Click Save Con fig to save all changes t o flash memory . H.3 Intrusion Detection Intr usion Detecti on on Internet Internet Detected! Droppe d BiGuard Safe!! Server Safe!! Hacker DoS A tta ck DoS A t tac k [...]
-
Page 161
161 Step 1: Go to Confi guratio n > Fir ewall > Intrusion Detection and En able the settings. Step 2: Click App ly and then Save Config to save all changes to flash memory . H.4 PPTP Remote Access by Windows XP Internet Internet Window s XP PPTP Clien t Internet Internet 100. 10 0.100 .1 Headquarter BiGuard &PPTP Server Bus ine ss Trip PP[...]
-
Page 162
162 Step1: Go to C onf igurat ion > VPN > PPTP and Enable the PPTP functio n, Click Apply . Step2: Click Create to create a PPTP Account.[...]
-
Page 163
163 Step3: Click Apply , y ou can see the account is successfully created. Step4: Click Sav e Config to sa ve all changes to flash memory . Step5: In Windows XP , go Start > Settings > N etwor k Conn ecti ons .[...]
-
Page 164
164 Step6: In Network Tas ks , Click Cr eate a new conn ection , and press Nex t. Step7: Select Connect t o the net work at my w orkplace and press Next .[...]
-
Page 165
165 Step8: Select Virtual Private Ne twork conn ection and press Next . Step9: Input the user-defined name for this connection and press Ne xt .[...]
-
Page 166
166 Step10: Input PPTP Server Address and press Next . Step11: Please press Finish .[...]
-
Page 167
167 Step12: Double click the connection, and input Username and Password th at defined in BiGuard PPTP Account Setting s . PS. Y ou can also refer the Properties > Se curity page as below , by default.[...]
-
Page 168
168 H.5 PPTP Remote Access by BiGuard Internet Internet Internet Internet 100.100. 100.1 Headquarter BiGuard &PPTP S erver PPTP Tunnel Branch Office 200.200.200 .1 BiGuard &PPTP C lient Local subne t: 192.168.30.0 Local mask : 255.255.255.0 Step1: Go to Configur ation > VPN > PPTP and Enable the PPTP function, Disable the Encryption ,[...]
-
Page 169
169 Step3: Click Apply , y ou can see the account is successfully created. Step4: Click Sav e Config to sa ve all changes to flash memory .[...]
-
Page 170
170 Step5: In another BiGuard as Client, Go to Config uration > WAN . Step6: Click Apply , and Save CON FIG .[...]