Billion Electric Company BiGuard 2 manual
- Ver online ou baixar oubaixar o manual
- 170 páginas
- 13.69 mb
Ir para a página of
Manuais similares
-
Switch
Billion Electric Company BiPAC 5200
20 páginas 4.07 mb -
Switch
Billion Electric Company BiPAC 7800
20 páginas 4.07 mb -
Switch
Billion Electric Company BiPAC 7402 R2
20 páginas 4.07 mb -
Switch
Billion Electric Company BiPAC 7300RA
20 páginas 4.07 mb -
Switch
Billion Electric Company BiPAC 3100SN
47 páginas 3.27 mb -
Switch
Billion Electric Company BIPAC-5100S
72 páginas 1.63 mb -
Switch
Billion Electric Company BiPAC 5210SRC
20 páginas 4.07 mb -
Switch
Billion Electric Company BiGuard 10
170 páginas 13.69 mb
Bom manual de uso
As regras impõem ao revendedor a obrigação de fornecer ao comprador o manual com o produto Billion Electric Company BiGuard 2. A falta de manual ou informações incorretas fornecidas ao consumidor são a base de uma queixa por não conformidade do produto com o contrato. De acordo com a lei, pode anexar o manual em uma outra forma de que em papel, o que é frequentemente utilizado, anexando uma forma gráfica ou manual electrónicoBillion Electric Company BiGuard 2 vídeos instrutivos para os usuários. A condição é uma forma legível e compreensível.
O que é a instrução?
A palavra vem do latim "Instructio" ou instruir. Portanto, no manual Billion Electric Company BiGuard 2 você pode encontrar uma descrição das fases do processo. O objetivo do manual é instruir, facilitar o arranque, a utilização do equipamento ou a execução de determinadas tarefas. O manual é uma coleção de informações sobre o objeto / serviço, um guia.
Infelizmente, pequenos usuários tomam o tempo para ler o manual Billion Electric Company BiGuard 2, e um bom manual não só permite conhecer uma série de funcionalidades adicionais do dispositivo, mas evita a formação da maioria das falhas.
Então, o que deve conter o manual perfeito?
Primeiro, o manual Billion Electric Company BiGuard 2 deve conte:
- dados técnicos do dispositivo Billion Electric Company BiGuard 2
- nome do fabricante e ano de fabricação do dispositivo Billion Electric Company BiGuard 2
- instruções de utilização, regulação e manutenção do dispositivo Billion Electric Company BiGuard 2
- sinais de segurança e certificados que comprovam a conformidade com as normas pertinentes
Por que você não ler manuais?
Normalmente, isso é devido à falta de tempo e à certeza quanto à funcionalidade específica do dispositivo adquirido. Infelizmente, a mesma ligação e o arranque Billion Electric Company BiGuard 2 não são suficientes. O manual contém uma série de orientações sobre funcionalidades específicas, a segurança, os métodos de manutenção (mesmo sobre produtos que devem ser usados), possíveis defeitos Billion Electric Company BiGuard 2 e formas de resolver problemas comuns durante o uso. No final, no manual podemos encontrar as coordenadas do serviço Billion Electric Company na ausência da eficácia das soluções propostas. Atualmente, muito apreciados são manuais na forma de animações interessantes e vídeos de instrução que de uma forma melhor do que o o folheto falam ao usuário. Este tipo de manual é a chance que o usuário percorrer todo o vídeo instrutivo, sem ignorar especificações e descrições técnicas complicadas Billion Electric Company BiGuard 2, como para a versão papel.
Por que ler manuais?
Primeiro de tudo, contem a resposta sobre a construção, as possibilidades do dispositivo Billion Electric Company BiGuard 2, uso dos acessórios individuais e uma gama de informações para desfrutar plenamente todos os recursos e facilidades.
Após a compra bem sucedida de um equipamento / dispositivo, é bom ter um momento para se familiarizar com cada parte do manual Billion Electric Company BiGuard 2. Atualmente, são cuidadosamente preparados e traduzidos para sejam não só compreensíveis para os usuários, mas para cumprir a sua função básica de informação
Índice do manual
-
Página 1
BiGuard 10 iBusiness Security Gateway Small-Office BiGuard 2 iBusiness Security Gateway Home-Office User ’ s Manual V ersion Release 4.00 (FW:1.05)[...]
-
Página 2
2 BiGuard 2/10 User’s Manual (Updated June 1, 2006) Copyright Information © 2006 Billion Electric Corporation, Ltd. The contents of this publica tion may not be reproduced in whole or in part, transcribed, stored, tr anslated, or transmitted in an y form or any mea ns, without the prior written consent of Billio n Electr ic Co rporation. Publish[...]
-
Página 3
3 Safety Warn ings Y o ur BiGuard 2/10 is built for reliability and long service life. For your safety , be sur e to rea d and fo llow the f ollowin g safety warnings . • Read this installation guide thoro ughly be fo re attempting to set up y our BiGuard 2/10. • Y our B iGuard 2/ 10 is a co mplex elec tronic device. DO NOT open o r attemp t to[...]
-
Página 4
4 Table of C ontents Chapter 1: Intr oduction 1.1 Overview 1.2 Product Highlights 1.2.1 Virtual Private Networ k Support 1.2.2 Advanced Firewall Se curity 1.2.3 Int elligent Bandwidt h Management 1.3 Package Contents 1.3.1 BiGuard 10 1.3.1. 1 Front Pane l 1.3.1.2 Rear Panel 1.3.1.3 Rack Mounti ng 1.3. 1.4 Cab ling 1.3.2 BiGuard 2 1.3.2. 1 Front Pan[...]
-
Página 5
5 Chapter 3: Getting Sta rted 3.1 Overview 3.2 Before You Begin 3.3 Connecting Your Router 3.4 Configuring PCs for TCP/IP Networking 3.4.1 Overview 3.4.2 Wind ows XP 3.4.2.1 Configu ring 3.4.2.2 Verifying Settings 3.4.3 Wind ows 2000 3.4.3.1 Configu ring 3.4.3.2 Verifying Settings 3.4.4 Windows 98 / ME 3.4.4.1 Instal ling Compon ents 3.4.4.2 Config[...]
-
Página 6
6 Chapter 4: Router Configuration 4.1 Overview 4.2 Status 4.2.1 ARP Table 4.2.2 Routing Table 4.2.3 Session Table 4.2.4 DHCP Table 4.2.5 IPSec Status 4.2.6 PPTP Status 4.2.7 System Log 4.2.8 IPSec Log 4.3 Quick Start 4.3.1 DHCP 4.3.2 Stat ic IP 4.3.3 PPPoE 4.3.4 PPTP 4.3.5 Big Pond 4.4 Configuration 4.4.1 LAN 4.4.1. 1 Etherne t 4.4.1. 2 DHCP Serv e[...]
-
Página 7
7 4.4.3. 7 System Log Server 4.4.3. 8 E-mail Alert 4.4.4 Firewall 4.4.4. 1 Packet Filter 4.4.4. 2 URL Filter 4.4.4. 3 LAN MAC Filte r 4.4.4. 4 Block WAN Req uest 4.4.4. 5 Intrusio n Detect ion 4.4.5 VPN 4.4.5. 1 IPSe c 4.4.5.1.1 IPSec Wizard 4.4.5.1.2 IPSec Policy 4.4.5.2 PPTP 4.4.6 QoS 4.4.7 Virtual Serv er 4.4.7.1 DMZ 4.4.7.2 Port Forwar ding 4.4[...]
-
Página 8
8 5.2.3.2 Javascr ipts 5.2.3.3 Java Permission s 5.3 WAN Interface 5.3.1 Can’t Get WAN IP Address fr om the ISP 5.4 ISP Connection 5.5 P roblems with Date an d Time 5.6 Restoring Facto ry Defaults Appendix A: Produc t Specifications A.1 BiGuard 10 Product Specifications A.2 BiGuard 2 P roduct Specifications Appendix B: Custome r Support Appendix [...]
-
Página 9
9 Appendix E: Virtua l Private Netw orking E.1 What is a VPN? E.1.1 VPN Applications E.2 What is IPSec? E.2.1 IPSec Security Co mponents E.2.1.1 Authentication Hea der (AH) E.2.1.2 Encapsulating Securi ty Payload (ESP) E.2.1.3 Security Associations (SA) E.2.2 IPSec Modes E.2.3 Tunnel Mode AH E.2.4 Tunnel Mode ESP E.2.5 Internet Key Exchange (IKE) A[...]
-
Página 10
10 Chapter 1: Intr oduction 1.1 Overview Congratulations on purchasing BiGuard 2/10 Router from Billion. Combining a router with an Ethernet network switch, BiGua rd 2/10 is a state-of -the-art device that provides ev erything y ou need to get your network connected to the Internet over your Cable or DSL connection quickly and easily . The Quick St[...]
-
Página 11
11 1.2.3 Intelligent Bandwidth Manage ment BiGuard 2/10 u tilizes Quality of Service (QoS) to give you full control over the priority of both incoming and outgoing d ata, ensuring that critica l data such as customer informat ion moves thr ough your net work, even while under a heav y load. T rans mission speeds can be t hrottled to mak e sure user[...]
-
Página 12
12 Link/ACT: Lit when device is connected. Blinking when data is transmitting/receiving. LAN 1 – 8 Lit when connected to an Ethernet device. 10/100M : Lit green when connected at 100Mbps. Not lit when connected at 10Mbps. Link/ACT: Lit when device is connected. Blinking when data is transmitting/receiving. 1.3.1.2 Rear Panel Port Meaning 1 RESET [...]
-
Página 13
13 1.3.1.3 Rack Mounting T o rack mount BiGuard 10, caref ully secure the device to your r ack on both sides using the included brack ets and screws. Se e the diagr am below for a m ore detailed explan ation. 1.3.1.4 Cabling Most Ethernet networks currently use unsh ielded twisted pair (UTP) cabling. The UTP cable contains eight condu ctors, arran [...]
-
Página 14
14 4 3 2 1 1.3.2.1 Front Panel LED Function POWER A solid l ight indica tes a stea dy connec tion to a power s ource. STATUS A blinking light indic ates the devi ce is writing to flash memory. WAN Lit when connected to an Ethernet device. 10/100M : Lit green when connected at 100Mbps. Not lit when connected at 10Mbps. Link/ACT: Lit when device is c[...]
-
Página 15
15 Port Meaning 1 RESET After the device is powered on, press it to reset the device or restore to factory default settings. 0-3 seconds: The Status LED w ill light 6 seconds above: resto re to factory default settings (this is used when you cannot login to the router . E.g. forgot the password) 2 LAN 1X — 8X (RJ-45 co nnector) Connect a UTP Ethe[...]
-
Página 16
16 Chapter 2: Router Applications 2.1 Overview Y o ur BiGuar d 2/10 R outer is a versa tile device that can be configured to not o nly protect your network from malicious attackers, but also ensure optimal usage of available bandwidth with Quality of Servic e (QoS). Alternatively , BiGuard 2/10 can also be set to handle secure connection s with Vir[...]
-
Página 17
17 2.2.2 Q oS Policie s for Differ ent Applicatio ns By setting different QoS policies accordin g to the applicati ons yo u are r unning, you can use BiGuard 2 /10 to optimize the bandwidth tha t is being used on y our network. Inboun d Outboun d Scheduler Meter Classifier Restricted PC Normal PCs Vo I P[...]
-
Página 18
18 As illustrated in the diagram above, applicat ions such as V o iceover IP (V oIP) require low network latencies to fu nction properly . If bandwidth is being used by other applications such as an FTP server , user s using V oIP will experience network lag and/or service interr uptions during use. T o av oid this scenario, t his network has assig[...]
-
Página 19
19 2.2.4 Policy Ba se d Traffic Shaping Policy Based T raffic Shaping allows you to apply specific traffic policies across a range of IP addresses or ports. This is particularly useful for a ssigning different policies for diff erent PCs o n the network . Policy based traffic shaping lets you better manage your bandwidth, providing reliable Interne[...]
-
Página 20
20 2.2.6 Management by IP or MAC address BiGuard 2/10 can also be configured to appl y traffic policies based on a particular IP or MAC address. This allows you t o quickly assign different traffic policies to a specific computer on the network.[...]
-
Página 21
21 2.2.7 DiffServ (DSCP Marking) DiffServ (a.k.a. DSCP Marking) allows y o u to classify tr affic based on IP DSCP v alues. Thes e markin gs can be used to identify traffic w ithin the netw ork. O ther inte rface s can ma tch traffic based o n the DSCP mark ings. DSCP marking s are us ed to deci de how packets should be tre ated, and is a useful to[...]
-
Página 22
22 secure tunnel. The next t ype of VPN setup is the Gateway to Mu ltiple G ateway setup, where one gateway (Headquarter) is communicat ing with multiple gateways (Br anch Offices) over the Int ernet. As wit h all VPNs, data is ke pt secure with secure t unnels. The final type of VPN setup is t he Client to Gatew ay . A good example of where this c[...]
-
Página 23
23 Concentrat or: Please refer to appendix H for example settings. 100.100.100. 1 200.200.200. 1 192.168.2.x 192.168.3.x 201.201.201. 1 192.168.4.x Local ID T ype: Subnet Local subnet: 0.0. 0.0 Local mask: 0. 0.0.0 Remote ID T ype: Subn et Remote subnet: 1 92.168.3.0 Remote mask: 25 5.255.255.0 Local ID T ype: Subnet Local subnet: 192. 168 .3.0 Loc[...]
-
Página 24
24 Chapter 3: Getting Sta rted 3.1 Overview BiGuard 2/10 is designed to be a powerful and fl exible network device that is also easy to use. With an intuitive web-based configuration, BiG uard 2/10 allows you to administer y our network via virtually any Java -enabled web browser and is ful ly compatible with Linux, Mac OS, and Windows 98/Me/NT/2 0[...]
-
Página 25
25 Be sure to als o review th e Saf ety W a r n ing s located in th e prefa c e o f th is manu a l before working with your BiGuard 2/10. 3.3 Connecting Your Router Connecting BiGuard 2/10 is an easy three-step process: 1. Connect BiGua rd 2/10 to y our LAN by connecti ng Ethernet cabl es from your networked PCs to the L AN ports on the router . Co[...]
-
Página 26
26 3.4 Configuring PCs for TCP/IP Networking Now that your BiGuard 2/10 is conne cted properly to your ne twork, it’s t ime to configure y our network ed PCs for TCP / IP networking. In or der fo r your ne tworked PCs to comm unicate wi th your router , th ey mus t have the following characteristi cs: 1. Have a properly i nstalled and functionin [...]
-
Página 27
27 - Mac OS 7 and later - All versions of UNIX/Linux If you are using Windows 3.1, you must purc hase a third-party TCP/IP application package. Any T CP/IP capable wor k station can be used to communicate wi th or through the BiGuard 2/10. T o configure other types of workstations, please consult the manufacturer’ s documentation. 3.4.2 Wind ows [...]
-
Página 28
28 3. Select Internet Protocol (TCP/IP) an d click Properties . 4a. T o have your PC obtain an IP address automati cally , select the Obtain an IP address automatically and Obtai n DNS server address automat i cally ra di o buttons.[...]
-
Página 29
29 4b. T o manually assign y o ur PC a fixed IP address, select the Use the following IP address radio b utton and enter y our desired IP address, s ubnet mask, and default gateway in the blanks provided. Remember t hat your PC must reside in the same subnet mask as the router . T o designate a DNS server , select the Use the followi ng DNS serve r[...]
-
Página 30
30 3.4.2.2 Verify ing Settings T o verify your settings using a command prompt: 1. Click Start > Programs > Accessories > Command Prompt . 2. In the Command Prompt wind ow, type i pconfig and then press ENTER . If you are using BiGuard 2/10’ s default setting s, your PC should have: - An IP addr ess between 192.168.1.1 and 192.168.1.253 [...]
-
Página 31
31 T o verify your setti ngs using the Windows XP GUI: 1. Click Start > Settings > Netw ork Connections . 2. Right click on e of the netw ork connectio ns listed and select Status from the pop-up menu.[...]
-
Página 32
32 3. Click the Support tab. If you are using BiGuard 2/10’ s default setting s, your PC should: - Have an IP address b etween 192.168.1.1 and 192.168.1.253 - Have a subne t mask of 255.255.255.0[...]
-
Página 33
33 3.4.3 Wind ows 20 00 3.4.3.1 Config uring 1. Select Start > Settings > Control Panel . 2. In the Control Panel window, double-click Netwo rk and Dial- up Conn ecti ons .[...]
-
Página 34
34 3. In Network and Dial-u p Connections, dou ble-click Local Area Connec ti on . 4. In the Local Area Conne ction window , click Properties .[...]
-
Página 35
35 5. Select Internet Protocol (TCP/IP) and click Pro perti es . 6a. T o have your PC obtain an IP address automati cally , select the Obtain an IP address automatically and Obtai n DNS server address automat i cally ra di o buttons.[...]
-
Página 36
36 6b. T o manually assign your PC a fixe d IP address, select the Use the following IP address radio b utton and enter y our desired IP address, s ubnet mask, and default gateway in the blanks provided. Remember t hat your PC must reside in the same subnet mask as the router . T o designate a DNS server , select the Use the followi ng DNS serve r [...]
-
Página 37
37 2. In the Command Prompt wind ow, type i pconfig and then press ENTER . If you are using BiGuard 2/10’ s default setting s, your PC should have: - An IP address between 192.168.1.1 and 192 .168.1.253 - A subnet mask of 255.255.255.0 3.4.4 Wi ndows 98 / Me 3.4.4.1 Installi ng Components T o prepare Windows 98/Me PCs for T CP/IP networking, you [...]
-
Página 38
38 1. On the Windows taskbar , select Start > Settings > Control Panel . 2. Double- click the Network icon. The Netwo rk window displays a list of installed components.[...]
-
Página 39
39 Y o u must have the f ollowing ins talled: - An Ethernet adapter - TCP/IP protocol - Client for Microsoft Networks If you need t o install a new Ethernet adapter , follow these steps: a. Click Add .[...]
-
Página 40
40 b. S ele ct Adapter , then Add . c. Select the manufacturer a nd model of your Ethernet adapter , then click OK . If you need TCP/IP: a. Click Add .[...]
-
Página 41
41 b. S ele ct Protocol , then click Add . c. Select Microsoft . Æ TCP/IP , then OK . If you need Cl ient for Microsoft Net works: a. Click Add .[...]
-
Página 42
42 b. S ele ct Cli ent , then click Add . c. Select Microsoft . Æ Client for Microsoft Networks , and then click OK . 3. Resta rt your PC to apply y our changes. 3.4.4.2 Config uring 1. Select Start > Settings > Control Panel .[...]
-
Página 43
43 2. In the Con tro l Panel, do uble -clic k Network and choos e the Configuration tab.[...]
-
Página 44
44 3. Select the name of y our PC’ s TCP/IP Network Interface Card (NIC) and click Properties . TCP/IP > ASUST eK is illustr ated in the example below . 4. Select the IP Address tab and click the Obtain an IP ad dress autom atically radio butt on.[...]
-
Página 45
45 5. Select the DNS Con figurat ion tab and select the Disable DNS r adio button. 6. Click OK to appl y the co nfiguration.[...]
-
Página 46
46 3.4.4.3 Verify ing Settings T o check the TCP /IP configur ation, use the winipcfg.ex e utilit y: 1. Select Start > Run . 2. T y pe winipcf g , and then cl ick OK .[...]
-
Página 47
47 3. From the drop-down box, select your Ethernet adapter . The window is updated to show your settings. Us ing th e defau lt BiGua rd 2/1 0 settings, your PC shoul d have: - An IP addr ess between 192.168.1.1 and 192.168.1.253 - A subnet mask of 255.255.255.0 - A default gatewa y of 192.168.1.254 3.5 Factory Default Settings Before configuri ng y[...]
-
Página 48
48 IP Address: 192.168.1.254 Subnet Mask: 255.255.255.0 ISP setting in WAN site: Obtain an IP Address automatical ly (DHCP Client) DHCP server: DHCP server is enabled. Start IP Address: 192.168.1.100 End IP Address: 192.168.1.199 3.5.1 Userna me and Passw ord The default user name and password are "adm in" and "admin" respective[...]
-
Página 49
49 3.6 Information From Your ISP 3.6.1 Protocols Before config uring this de vice, you ha ve to check with y o ur ISP (Internet Service Provider) to find out what kind of service is provided such as DHCP , Static IP , PPPoE, or PPTP . The follow ing table ou tlines ea ch of th ese pro tocols: DHCP Configure this WAN interface to use DHCP client pro[...]
-
Página 50
50 Depending on your ISP , a host name and domain suffix may also be provided. If any of these items are dynamically supplied by the ISP , your BiGuard 2/10 will automatically acquire them. If an ISP technician confi gured your co mputer or if you c onfigured it usi ng instructions provided by your ISP , you n eed to copy the configuration in forma[...]
-
Página 51
51 3. In the Network Connections window , right-click Local Area Co nnection and select Properties . 4. Select Internet Protocol (TCP/IP) an d click Properties .[...]
-
Página 52
52 5. If an IP address , subnet mask and a Default gateway are shown, write down the information. If no address is present, y o ur account’ s IP address is dynamically assigned. Cl ick t he Obt ain an IP a ddr ess aut omat icall y radio bu tto n. 6. If any DNS serv er addr esses are shown, write them down. Click the Obtain DNS server address auto[...]
-
Página 53
53 7. Click OK to save your changes. 3.7 Web Configuration Interface BiGuard 2/10 i ncludes a W eb Configurati o n Interface for ea sy administr ation via virtually an y browser on y our network. T o access this interface, open your web browser , enter the IP address of your r outer , which by default is 192.1 68.1.254, and click Go . A u ser name [...]
-
Página 54
54 If the W eb Configurati on Interface appears, co ngratulations! Y ou are now ready to configure your B iGuard 2/10. If yo u are having troubl e accessing the inter face, please refer to Chapter 5: Tr oubleshooting for possible resolutions.[...]
-
Página 55
55 Chapter 4: Router Configuration 4.1 Overview The W eb Configur ation Interface make s it easy for you to manage y our network via any PC connected to it. On the W eb Configuration homepage, you will see the navigation pa ne located on the left hand side. From it, y o u will be able to select various options used to configure y our router . 1. Cl[...]
-
Página 56
56 restricted to only one PC accessing the we b configur at ion in terface a t a t ime. Once a PC has logged into the web interface, other PCs cannot gain access until the current PC has logged out. If the previous PC forgets to logout, the second PC ca n access the page after a user-defined period (5 minutes by default). The following section s wi[...]
-
Página 57
57 address of your PC’ s network interface to use with the router’s Firew all – MAC Address Filter function. See the Firewall section of this chapter for more information on this feature. No.: Numb er of th e list. IP Address: A list of IP addresses of devices on your LAN. MAC Address: The Media Access Cont rol (MAC) addresses for each device[...]
-
Página 58
58 No.: Numb er of th e list. Destination: Th e IP address of the destinatio n network. Netmask: The dest ination n etmask address. Gateway/ Interf ace: Th e IP add ress of t he gate way or exis ting in terfac e that th is route will use. Cost: The number of hops counted as the cost of the route. 4.2.3 Session Table The NA T Session T able displays[...]
-
Página 59
59 Last: T o the last page. Jump to the session: please input the session number you would like to see and press “GO” 4.2.4 DHCP Tab le The DHCP T able displays a list of IP addre sses that ha ve been assigned to PCs on your net work via Dynami c Host Configurati on Protocol (DHCP). No.: Numb er of th e list. IP Address: A list of IP addresses [...]
-
Página 60
60 Enable: Whether th e IPSec connection is currently Enable or Disable. Status: Whether the IPSec is Active, Inactive or Disable. Local Subnet: The local IP address or subnet used. Rem ote Subnet: The subnet of the remote site. Remote Gat eway: The r emote gateway IP addr ess. SA: The Security Assoc i ation for this IPSec entry . Action: Manually [...]
-
Página 61
61 Re fresh: Refresh the S ystem Log. Clear Log: Clear the System Log. Send Log: Send the Sy stem Log to yo ur emai l account. Y ou can set the email address in Configuration > Syst em > Email Alert . See the Email Alert section for more details. Save Log: Save the System log to a t ext file. 4.2.8 IPSec Log This page displays the router’ s[...]
-
Página 62
62 details. Save Log: Save the IPSec log t o a text file. Please refer to Appendix F: IPSec Log Events for more information on log events. 4.3 Quick Start The Quick Start menu allows you to qu ickly configure you r network for Int ernet access using the most basic settings. Connection Meth od: Select your router ’ s con nection to the In ternet. [...]
-
Página 63
63 IP assigned by your ISP: Enter the assigned IP address from yo ur IP . IP Subnet Mask: Enter your IP sub net mask. ISP Gateway Address: Enter your ISP gatew ay address. Primary DNS: Enter your primary DNS. Secondary DNS: Enter yo ur secondary DNS . Click Apply to save y our changes. T o reset to defaults, click Reset . 4.3.3 PPPoE Username: Ente[...]
-
Página 64
64 4.3.4 PPTP Username: Enter your user name. Password : Enter your password. Re type Pas sword: Re type your pas sword. PPTP Clie nt IP: Enter the PPTP Client IP pro vided by yo ur ISP . PPTP Client IP Netmask: Enter th e PPTP Client IP Net mask provided by your ISP . PPTP Client IP Gateway: Ent er the PPTP Client IP Gateway provided by your ISP .[...]
-
Página 65
65 Username: Enter your user name. Password : Enter your password. Re type Pas sword: Re type your pas sword. Login Server: Enter the IP of the Lo gin server provided by your ISP . Click Apply to save y our changes. T o reset to defaults, click Reset . For detailed instructions on configurin g WAN settings, please refer t o the WAN section of this [...]
-
Página 66
66 4.4.1 LAN There are two items wi thin this section: Ethernet , DHCP Ser ver and LAN Address Mapping. 4.4.1.1 Ethernet IP Address: Enter the internal LAN IP address for BiGuard 2/10 (192.168.1.254 by default). Subnet Mask: Enter the subnet ma sk (255.255.255.0 by default). RIP: RIP v2 Broadcast and RIP v2 Multicast. Check to enable RIP . 4.4.1.2 [...]
-
Página 67
67 T o disable the router’s DHCP Serve r , select the Disable radio button, a nd then click Apply . When the DHCP Server is disabled, yo u will need to manual ly assign a fix ed IP ad dr es s to ea ch PC on you r n etw or k, and set the default gatew ay for each PC to the IP address of the router (192.168.1.254 by default). T o configure the rout[...]
-
Página 68
68 reserved IP . Candidates: Y ou can also select the Candidates which are referred from the ARP table for automatic input. Click the Apply button to add the configur ation into the Host T able. Press the Delete button to delete a configuration from the Host T able. 4.4.1.3 LAN Address Mapping LAN Address Mapping is a function that can support mult[...]
-
Página 69
69 Name: Please input the name of the rule. IP Address: Please input the LAN Gate way I P Address you woul d like to use. Netmask: Please input the Netmask you would like to use. WAN IP Add ress: Please click Candidates to select the W AN IP address you would like to use from WAN Alias list. Click the Apply button to add the configur ation into the[...]
-
Página 70
70 4.4.2.1 WAN Connection Meth od: Select how your router will connect t o the Internet. Selection s include Obtain an IP Address Automatically , Static IP Settings , PPPoE Settings , PPTP Settings , an d Big Pond Settings . F or each WAN port, the factory default is DHCP . If your ISP does n ot use DHCP , select the correct connection method and c[...]
-
Página 71
71 RIP: T o activate RIP , select Send , Recei ve , or Both from the drop do wn menu. T o disable RIP , select Disable from the drop down menu. MTU: Enter the Max imum T ransmission Unit (MT U) for your network . Click Apply to save y our changes. T o reset to defaults, click Reset . 4.4.2.1.2 Static IP IP assigned by your ISP: Enter the static IP [...]
-
Página 72
72 4.4.2.1.3 PPPoE Username: Enter your user name. Password : Enter your password. Re type Pas sword: Re type your pas sword. Connection: Select w hethe r the connection should Always Con nect or Trigger on Demand . If yo u want the router to establi sh a PPP oE session when sta rting up and to automatically re-establi sh the PPP oE se ssion when d[...]
-
Página 73
73 MTU: Enter the Max imum T ransmission Unit (MT U) for your network . Click Apply to save y our changes. T o reset to defaults, click Reset . 4.4.2.1.4 PPTP Username: Enter your user name. Password : Enter your password. Re type Pas sword: Re type your pas sword. PPTP Clie nt IP: Enter the PPTP Client IP pro vided by yo ur ISP . PPTP Client IP Ne[...]
-
Página 74
74 MAC Address: If your ISP requ ires you to inp ut a WAN Ethern et MAC, check the checkbox and enter your MA C address in the blanks below . Candidates: Y ou can also select the MAC address from the list in t he Candidates. DNS: If your ISP requires you to manu ally setup DNS settings, check the checkbox and enter your primary and secondary DNS . [...]
-
Página 75
75 Click Apply to save y our changes. T o reset to defaults, click Reset . A simpler alternative is to select Quic k Star t from the main menu. Please see the Quick Start section of this chap te r for more information. 4.4.2.2 Bandwidt h Settings Under Bandwidth Settings, you can easily configure bot h inbound and outbound bandwidth. WA N: Enter yo[...]
-
Página 76
76 Please click Create to create a LAN Address Mapping rule. Name: Please input the name of the rule. IP Address: Please input the additional W AN IP address you would like to use. Click the Apply button to add the configur ation into the W AN IP Alias. 4.4.3 System The System menu allows you to adjust a variety of basic router settings, upgr ade f[...]
-
Página 77
77 4.4.3.1 Time Zone BiGuard 2/10 does not use an onboard real time clock; instead, it uses the Network Time Protocol (NTP) to acquire the current time from an NTP server outsi de your network. Simply choose you r local time zone , enter NTP Server IP Addr ess, and click Apply . After connecting to the Intern et, BiGuard 2/10 will retrieve t he cor[...]
-
Página 78
78 Time, please check the Automatic checkbox. Re sync Pe riod: Please input the resy nc circle of time zon e update. Click Apply to apply the ru le, Clic k Cancel to discard the changes. 4.4.3.2 Remote Access T o allow remote users to configure and manage BiGuard 2/10 thro ugh the Internet, select the Enable r adio button. T o de activate remote ac[...]
-
Página 79
79 Allow Re mote Access By: Everyone: Please check if you allow any IP addresses for the remote us er to access. Only the PC: Please specify the IP A ddress that is allowed to access. PC from the subnet: Please specify th e subnet that is allowed t o access. 4.4.3.3 Firmware Upgrade[...]
-
Página 80
80 Upgrading y our BiGuard 2/10’ s firmware is a quick and easy way to enjo y increased functionality , bett er reliability , and ensure trouble-f ree operation. T o upgrade your firmware, simpl y visit Billion’ s website ( http://www.billion.com ) and down load the latest firmware image file f or BiGuard 2/10. Next, click Browse and select the[...]
-
Página 81
81 select a file from yo ur PC to restore. Be su re to only restore setting fi les that hav e been genera ted by the Backup function, a n d that were created when using the same firmware version. Setting s files saved to your PC should not be manually edited in any way . After selectin g the settings file you wish to use, click ing Restore will loa[...]
-
Página 82
82 In order to prevent unauth orized access to your router ’ s con figuration interface, it requires the admini strator to lo gin with a pass word. Y ou can change y our password by entering your new password in both fields. Click Apply to sa ve your changes. Click Reset to reset to the defaul t administr ation password (admin). 4.4.3.7 System Lo[...]
-
Página 83
83 This function allows BiGu ard 2/10 to send sy stem logs to an external S yslog Server . Syslog is an industry -standard protocol used to capture inf ormation about network activity . T o enable this functi on, select the En able r adio button and enter your Syslog server IP addres s in the Log Server IP Ad dress field. Click Apply to save your c[...]
-
Página 84
84 Select Enable to activ ate SMTP server l ogin function, disa ble to deactivate. Username: Input the SMTP server’ s username. Password : Input the SMTP serv er’s password. Alert via Email when: Select the frequency of each email update. Choose one of the five options: Immediately: The router will send an alert immediately . Hourly: The router[...]
-
Página 85
85 The Pack et Filter function is used to limit user access to ce rtain sites on the Internet or LAN. The Filt er T able displays all curren t filter rules. If th ere is an entry in the Filter T able, you can click Edit to modify the setting of this entry , or click Delete to remove this entry , or cli ck Move to change this entry’ s priority . W[...]
-
Página 86
86 rules prevent unauthorized computers or a pplications accessing the Internet. Select if the new filter ru le is incoming or outgoing . Source IP: Select Any , Subnet , IP Range or Single Address . Starting IP Address: Enter the source IP or star ting source IP address this filter rule is to be applied. End IP Address: Enter the End sour ce IP Ad[...]
-
Página 87
87 The URL Filter is a powerful t ool that can be used to limit access to certain URLs on the Internet. Y ou can block we b site s based on keywords or even block out an entire domain. Certain web features ca n also be blocked to grant added sec urity to your network. URL Filtering: Y ou can choose to Enable or Disable th is feature. K eyword Filte[...]
-
Página 88
88 checkbox. T o edit the list of f iltered domains, click Details . Enter a domain and select ed whether this domain is t rusted or forbidden with the pull-down menu . Next, click Apply . Y our new domain will be added to either the T rusted Domain or Fo rbidden Domain li s ting, depending on which yo u selected previously . Re strict URL Fe ature[...]
-
Página 89
89 Enter a name for the IP Address and then enter the I P address itself . Click Apply to save your changes. The IP address will be ent ered into the Exception List, an d excluded from the URL f iltering rules in effect. 4.4.4.3 LAN MAC F ilter LAN Mac Filter can decide that BiGuard will serve those devices at LAN side or not by MAC Address. Defaul[...]
-
Página 90
90 Rule: Enable or disable this ent ry . Action When Matched: Select to Drop or For ward the packet specified in this filt er entry . MAC Address: The MAC Address you would like to apply . Candidates: Y ou can also sele ct the Candidat es which are referred from the AR P table for automatic input. 4.4.4.4 Block WAN Request Blocking W AN requests is[...]
-
Página 91
91 4.4.4.5 Intrusion Detection Intrusion Detection can prevent most common DoS attacks from the Internet or from LAN users. Intrusion Detection: Enable or disable this function. Intrusion Log: All the detected and dropped attacks will be shown in the system log. 4.4.5 VPN 4.4.5.1 IPSec IPSec is a set of protocols th at enable Virtual Private Networ[...]
-
Página 92
92 Connection Name: A user-defin ed name for the connection. Pre-shared K ey: This is for the Internet K ey Exchange (IKE) protocol. IKE is used to establish a shared security po licy and aut henticated keys for services (such as IPSec) that require a key . Before any IPSec traffic can be passed, each router must be able to verify th e identity of [...]
-
Página 93
93 Re mote Secure Gateway Address ( or Host Name): The IP address or hostname of the remote VPN device that i s connected and establishes a VPN t unnel. Re mote Network: The subnet of the remote network. Allows yo u to enter an IP address and netmask. Back: Back to the Previous page. Next: Go to the next page. (2)LAN to LAN (Mobile LAN): BiGuard wo[...]
-
Página 94
94 Re mote Secure Gateway Address ( or Hostna me): T he IP address or hostname of the remote VPN device that is connected and establishes a VPN tunnel. Back: Back to the Previous page. Next: Go to the next page. (4)LAN to Host (M obile Client): BiGu ard would like to establish an IPSec VPN tunnel with remote client software using Dyn amic Internet [...]
-
Página 95
95 (5)LAN to Host (F or BiGuard VPN Client only): Bi Guard would lik e to establish an IPSec VPN tunnel w ith BiGuard VPN Client software C01 by using aggressive mode. VPN Client IP Address: The VPN C lient Address for BiGuard VPN Client, t his value will be apply on both remote ID and remote Network as single address. Back: Back to the Previous pa[...]
-
Página 96
96 After your confi guratio n is done, you will see a Con figuration Summary . Back: Back to the Previous page. Done: Click Done to apply the rule. 4.4.5.1.2 IPSec Policy Click Create to create a new IPSec VPN connection account. Configuring a New VPN Connection[...]
-
Página 97
97 Connection Name: A user-defin ed name for the connection. T unn el: Select Enable to activa te this tunnel. Select Disable to deactiv ate this tunnel. Local: This section configures t he local host. ID: This is the ident ity type of th e local router or host. Choose from the following four options: W A N I P A d d r e s s : A u t o m a tically u[...]
-
Página 98
98 VPN.COM is the domain na me. When you enter th e FQDN of the local host, the router will aut omatically seek the IP address of the FQDN . FQUN E-Mail(Fu lly Qualified User Name): Consists of a username and its domain name. For example, user@vpn.com is a F QUN. "user" is the username an d "vpn.c om" is the domain name. Data: E[...]
-
Página 99
99 degrees of security and speed of negotiation: Main Mode: Uses the automated Inte rnet K ey Exchange (IKE) setup; m ost secure method with the hi ghest level of security . Aggressive Mode: Uses the automate d Internet K ey Exchange (IKE) setup; mid-level security . Speed is faster than Main mode. Manual Key: Standard level of secu rity . It is th[...]
-
Página 100
100 K ey Life Time: Allows you to specify the timer interval for renegotiation of another key . The value is in second s e.g. 3600 seconds = 1 hour . Netbios Broadcast: Allows BiGuard to send local Netbios Broadcast packet throug h the IPSec T unnel, please select Enable or Disabl e . DPD Setting: DPD , Dead Peer Detecti on. DPD Function: Sel ect E[...]
-
Página 101
101 PPTP function: Select Enable to activ ate PPTP Server . Disable to deacti vate PPT P Server function. Auth. T ype: The authentication t ype, Pap or Chap, PaP, Chap. Data Encryption: Select Enable or Dis able the Data Encrypti on. Encryption K ey Length: Auto , 40 bits or 128 bits . Peer En cryption Mode: Only Stateless or Allow Stateles s and S[...]
-
Página 102
102 Connection Name: A user-defin ed name for the connection. T unn el: Select Enable to activa te this tunnel. Select Disable to deactiv ate this tunnel. Username: Please input the userna me for this account. Password : Please input the password for this account. Re type Pass word: Please repeat the same password as previous field. Connection T yp[...]
-
Página 103
103 The first menu screen gives you an overview of which WAN ports currently have QoS active, and the bandwidth settings for each. W AN Outbound: QoS Function: QoS status for WAN outbound. Select Enable to activ ate QoS for WAN’ s outgoing traffic. Select Disable to deacti vate. Max ISP Bandwidth: The maximum bandwidth afforded by the ISP for W A[...]
-
Página 104
104 Next, click Create to open the QoS Rule Conf iguration window . Application: User defined applicati on name for the current rule. Pack et T ype: The type of packet this rule applies to . Choose from Any , TCP , UDP , or ICMP . Guaranteed: The guar an teed amount of bandw idth for this rule as a percentage. Maximum: The maximum amount of bandwi [...]
-
Página 105
105 Bandwidth per source IP Address: Please select Bandwidth per s ource IP Address if you would like the speci f ied bandwidth to be a pplied individually per source IP address in specified IP r ange. Fo r IP Address (default)… Source IP Address Ra nge: The ra nge of source IP Addresses this r ule applies to. Destination IP Address Range: The ra[...]
-
Página 106
106 application program (usually a server) incoming connections shou ld be delivered to. Some ports have numbers that are pre-assi gned to them by th e Internet Assigne d Numbers Authority (IANA), and these are re ferred to as "well-kn own ports". Servers follow the well-known p ort assignme nts so clients can locate them. If you wish t o[...]
-
Página 107
107 Enable DMZ fu nction: Enable: Activ ates your router’ s DMZ function. Disable: Default setting . Disables the DMZ fun ction. DMZ IP Address: Give a static IP address to the DMZ Host when the Enable ra d io button is selected. Be aware t his IP will be exposed to the WAN/Internet. Candidates: Y ou can also select the Candidates which are refer[...]
-
Página 108
108 Click Create to add a new port forwarding ru le. There are two port forwarding modes: Port Range Mapp ing and Port Redirection . This function allows any incomin g data addressed to a range of service port numbers (from the Inte rnet/W AN P ort) to be re-di rected to a particular LAN private/internal IP address. This option gives you the abilit[...]
-
Página 109
109 Internal IP Address: Enter the LAN server /host IP address that the service request from the Intern et will be sent to. Candidates: Y ou can also select the Candidates which are referred from the ARP table for automatic input. N O TE: Y ou need to give your LAN server/host a stat ic IP address for the Virtual Server to work properly . Click App[...]
-
Página 110
11 0 (subnet). The routing t able stores the routing informat ion so the router kn ows where to redirect the IP packets. Click on Static Route and then click Create to add a routing table. Rule: Sele ct Enable to activ ate this rule, Di sable to deactiv ate this rule. Destination: This is the destinat ion subnet IP address. Netmask: This is the sub[...]
-
Página 111
111 Click Apply to save your c hanges. 4.4.8.2 Dynamic DNS The Dynamic DNS f unction allows y ou to alias a dynamic IP address to a static hostname, allowing users whose ISP does not assign them a static IP address to use a domain name. This is especially u seful when hosting servers v ia your W A N connection, so that an yone wishing to conn ect t[...]
-
Página 112
11 2 Enable: Check to enable the Dynamic DN S function. The f ollowing fields w ill be activated and required: Dynamic DNS Server: Select the DDNS service you have established an account with. Wildcard: Select this check box to enable the DYNDNS Wildca rd. Domain Name: Enter your registered domain name for this service. Username: Enter your registe[...]
-
Página 113
11 3 Management IP Address: Y ou may specify an IP address allowed to logon a nd access the router’ s web server . Setting the IP a ddress to 0.0.0.0 will disable IP address restrictions, allo wing users to login from an y IP address. Expire to auto-logout: S pecify a time fr ame for the system to auto-l ogout the user’ s configuration session.[...]
-
Página 114
11 4 IGMP Snooping: Please select enabl e or disable IGMP Snoopi ng function. IGMP Proxy: Please select enable or disable the IGMP Pro xy function. Click Apply to apply this f unc tion, and please note that th e setting wi ll become effective after y ou save to flash and restart the router . 4.4.8.5 VLAN Bridge This section allows yo u to create VL[...]
-
Página 115
11 5 VLAN Name: Please input VLAN na me of this rule. VLAN ID: Please input VLAN ID that will be used for T agged member port(s ). T agged Member port(s): Please check the interface that you would like to use in this VLAN ID group . Untagged Member port(s): Plea se check the interf ace that you would like to use in this VLAN ID group. Click Apply t[...]
-
Página 116
11 6 your config urati on settings before you logout. Be aware that the router is restricted to only one PC accessing the web configur ation interface at a time. Once a PC has logged into the web interfac e, other PCs cannot gain access until the curren t PC has logged out. If the previous PC forgets t o logout, the second PC can access the page af[...]
-
Página 117
11 7 Chapter 5: Troubleshooting 5.1 Basic Functionality This section deals with issues regardin g your BiGuard 2/10’ s basic functions. 5.1.1 Ro uter Won’ t Turn On If the Po wer and other LEDs fail to ligh t when y our BiGuard 2/10 is turned on: - Make sure that the power cord is properly connected to your firewall and that the power supply ad[...]
-
Página 118
11 8 - Make sure each Ethernet cable connection is secure at the firewall and at the hub or workstation. - Make sure that power is tur ned on to the con nected hub or workstati on. - Be sure you are using the correct cable. When connecting the firewall’ s Internet port to a cable or DSL modem, use the cabl e that w as supplied with the cable or D[...]
-
Página 119
11 9 - Check the 10/100 LAN LEDs on BiGuard 2/10’ s front panel. One of these LEDs should be on. If th ey are both off , ch eck the cables between BiGuard 2/10 and the hub or PC. - Check the correspondi ng LAN LEDs on yo ur PC’ s Ethernet device are on. - Make sure that driver softw are for your PC’ s Ethernet adapter and TCP/IP software is c[...]
-
Página 120
120 3. Make sur e that the Delete All O ffline Content checkbox is check ed, and click OK . 4. Click OK under Internet Options to close the dialogue. - In Windows, type ar p –d at the command pr ompt to clear you computer’ s ARP table.[...]
-
Página 121
121 5.2.3.1 Pop-up Windows T o use the W eb Configuration Interface, y ou need to disable pop-up blocking. Y ou can either di sable pop-up blocking, which i s enabled by de fault in Wi ndows XP Service P ack 2, or create an exce ption for your BiGuard 2/10’ s IP address. Disablin g All Pop-ups In Internet Explorer , select Tools > Pop-up Block[...]
-
Página 122
122 3. Enter the IP address of your r outer . 4. Click Add to add the IP address to the list of Allowed sites . 5. Click Close to return to the Pri vacy tab of the Internet Options dialog ue. 6. Click App ly to sav e your change s. 5.2.3.2 Javascrip ts If the W eb Configuration Int erface is not displayi ng properly in your browse r , check to ma k[...]
-
Página 123
123 3. Under Scripting , check to se e if Active script ing is set to Enable . 4. Ensure that Scripting of Java applets is set to Enable . 5. Click OK to clo se th e dialo gue. 5.2.3.3 Java Permissions The following J av a Permissions should also be given fo r the W eb Conf iguration Interf ace to disp lay properly: 1. In Internet Explorer , click [...]
-
Página 124
124 5.3 WAN Interface If you are having problems with the W AN Interface, refer to the tips below . 5.3.1 Ca n’t Get WAN IP Ad dress from the ISP If the W AN IP address cannot be obtained from the ISP: - If you are us ing PPPoE or PPTP , you will need a user name and password. Ensure that y ou have entered the correct Se rvice T ype , User Name ,[...]
-
Página 125
125 2. Access the W eb Configura tion Interface by entering your route r’s IP address (default is 192.168.1.254). 3. The WAN IP Status is displayed on the first page. 4. Check to see that the W AN port is properly connected to the ISP . If a Connected by (x) wher e (x) is your con nection method i s not shown, your router has n ot successfully ob[...]
-
Página 126
126 account as y our PC’ s host name on the router . - Y our ISP m ay check for your PCs MAC address. Either inform yo ur ISP that you have purchased a ne w network device and ask them to use your r outer’s MAC address, or config ure your rout er to spoof you r PC’ s MAC address. If an IP address can be obtained, but your PC cannot load any w[...]
-
Página 127
127 Appendix A: Produc t Specifications A.1 BiGuard 10 Product Specifications Virtu al Priva te Ne twork - IPSec VPN, supports up to 10 IPSec tunnel s - IPSec VPN performance is up to 20 Mbps - PPTP VPN, support up to 4 PPTP tunnels - PPTP VPN performance is up to 10 Mbps - Manual k ey , Internet K ey Exchange (IK E) authent ication and K ey Manage[...]
-
Página 128
128 - Intrusion detecti on Conte nt Filteri ng - URL Filter settings prevent user access to certain sites on the Intern et - Java Apple t/Active X/Cookie Blocking Quality of Servi ce Control - Supports DiffServ approach - T raffic prioritization and bandwidth managemen t based-on IP protocol, p ort number and IP or MAC address Web-Based Management [...]
-
Página 129
129 Physical Specificatio ns Dimensions: 18.98" x 6.54" x 1.77" (482mm x 1 66 mm x 45mm, with Br acket) 9.84" x 6.54" x 1.38" (250mm x 166 mm x 35mm, non Brack et) Power Requirement Input: 12VDC, 1A Operating E nvironment - Operating temp erature: 0 ~ 40 degree s Celsiu s - Storage temper ature: -20 ~ 70 degrees Celsiu[...]
-
Página 130
130 A.2 BiGuard 2 P roduct Specifications Virtu al Priva te Ne twork - IPSec VPN, supports up to 2 IPSec tunnel s - IPSec VPN performance is up to 4 Mbps - PPTP VPN, support up to 4 PPTP tunnels - PPTP VPN performance is up to 10 Mbps - Manual k ey , Internet K ey Exchange (IK E) authent ication and K ey Management - Authentication (MD5 / SHA -1) -[...]
-
Página 131
131 Firewall - Stateful P acket Inspection (SPI) and Denial of Service (DoS) preve ntion - P acket filter un-permitted inbound (WA N)/Inbound (LAN) Internet access by IP addre ss, port number and packet t ype - Email alert and lo gs of attack - MAC Address Filtering - Intrusion detecti on Conte nt Filteri ng - URL Filter settings prevent user acces[...]
-
Página 132
132 Physical Interface Ethernet W AN 1 ports (10/100 Base- T) , support Auto- Cross over (MDI/MDIX) Ethernet LAN 8 ports (10/100 Base- T) switch, support Auto- Crossover (MDI/MDIX) Physical Specificatio ns Dimensions: 10.43" x 6.93" x 1.73" (265 mm x 176 mm x 44mm) Power Requirement Input: 12VDC, 1A Operating E nvironment - Operating[...]
-
Página 133
133 Appendix B: Custome r Support Most problems can be solved by referring to the T roubleshoot ing s ection in the User’ s Manual. If y ou cannot resolv e the problem with the T rou bleshooting chap ter , please contact the dealer where you pur chased this product. Conta ct Billi on Wo r ld wi d e http://www.billion.com/[...]
-
Página 134
134 Appendix C: FCC Inte rference Statement This device complies with Part 15 of FCC rules. Oper ation is subj ect to the following two conditio ns: - This device ma y no t cause har mful interference. - This device must accept an y interference received, including interference that may cause undesired oper ations. This equipment has been tested an[...]
-
Página 135
135 Appendix D: Network, R outing, an d Firewa ll Basics D.1 Network Basics D.1.1 IP Addresses With the number of TCP/IP networks interconne cted across the globe, ensuring that transmitted data reache s the correct destination requires each computer on the Internet has a uniqu e identifier . This identifier is k nown as the IP ad dress. The Intern[...]
-
Página 136
136 192.168.234.245/24, which means that the net mask is 24 ones followed by 8 zeros. (11111111 11111111 11111111 000 00000). D.1.1.2 Subnet Addressing Subn et address ing enables the spli t of one IP network address into multiple physical networks. These smaller networks are cal l ed subnetworks, and these subnetworks can ma ke effic ient us e of [...]
-
Página 137
137 D.1.2 Network Address Translat ion ( NAT) T raditionally , multiple PCs that needed simu ltaneous Internet access also required a range of IP addresses from the Internet Se rv ice Provider (ISP). Not only was th is method very costly , but the number of a vailable IP addresses for PCs is limited. Instead, BiGuard 2/10 uses a t ype of address sh[...]
-
Página 138
138 connected to at least two networks. Usually , this is a LAN and a WAN that is connected to an ISP network. R outers are located at gatew ays, the places where two or more net works connect. R outers use headers and forwarding tables to determine the best path for forwar ding the packets, and t hey use protocols to communicate with each other an[...]
-
Página 139
139 firewall adds features t hat deal with outside Internet intrusion and attacks. When an attack or intrusion is detected, the firewa ll can be configured to log the in trusion attemp t, and c an also notify th e admin istrato r of the in cident. With this informatio n, the administrator can work with the ISP to take action agai nst the hacker . A[...]
-
Página 140
140 Appendix E: Virtua l Private Netw orking E.1 What is a VPN? A Virtual Privat e Network (VPN) is a sh ared network where pr ivate data is segmented from other tr affic so that only the intended recipient has access. It allows org anizations to securely transmit data over a public medium like the Internet. VPNs utilize tunnels, whic h allow data [...]
-
Página 141
141 Internet Protocol Securit y (IPSec) is a set of protocols and algorithms that provide data authentication, integrity , and confiden tialit y as data is transferr ed across IP networks. IPSec provides data se curity at the IP packet level, and protects against possible security risks by protecting data. IPSec is widely us ed to es tablish V PNs.[...]
-
Página 142
142 A typical AH packet looks like this: E.2.1.2 Encapsulating Se curity Payload (ESP) Encapsulating Security P ayload (ESP) provid es privacy f or data through encrypt ion. An encryption algorithm combines the da ta with a key to encrypt it. It then repackages the data using a special format , and tr ansmits it to the destination. The receiver the[...]
-
Página 143
143 like this: E.2.1.3 Security Associations (SA) Security Associations are a one- way relationships bet ween sender and receiver that specify IPSec-related par ameters. They provide data protection by using the defined IPSec protocols, a nd allow organizati ons to control according to the securit y policy in effect, which resources may communicate[...]
-
Página 144
144 Tr a n s p o r t M o d e : - This mode is used to provide data se curity be tween t wo netw orks . It provid es protection for the entire IP pack et and is sent by adding an out er IP header corresponding to the two tunnel end-points. Since tunnel mode hides the original IP header , it provides security of the networks wi th private IP address [...]
-
Página 145
145 E.2.5 Internet Key Exc hange (IKE) Before either AH or ESP can be use d, it is necessary for the two communication devices to exchange a secret key that the security protocols themselv es will use. T o do this, IPSec uses Internet K ey Exchange (IKE) as a primary support protocol. IKE facilitates and autom ates the SA setup, and exchanges keys [...]
-
Página 146
146[...]
-
Página 147
147 Appendix F: IPSec Log s and Events F.1 IPSec Log Event Categories There are three major cate gories of IPSec Log Events for your BiGuard 2/10. These include: 1. IKE Negotiate P acket Messages 2. Rejecte d IKE Messages 3. IKE Negotiated Status Messages The table in the following section lists th e different events of each category , and provides[...]
-
Página 148
148 Send Main mo de second respon se message of ISAKMP Sending the main mod e second r esponse me ssage. Do ne to exc hange key values. Received Main mod e second response me s sage of ISAKMP Received the main mode se cond response message. Done to exch ange key values. Send Main mode third message of ISAKMP Sending the third message of m ain mode.[...]
-
Página 149
149 Received Quick mode first response message Received the first response message of quick mode (Phase II). Done to exchange propos al and key values (IPSec). Send Quick mode seco nd message Sending the second message of qui ck mode (Phase II). Received Quick mo de second message Received the sec ond message of quic k mode (Phase II). ISAKMP IKE P[...]
-
Página 150
150 (Main/Aggressive) mode peer ID is (identifier string) ISAKMP SA Established IPsec SA Established[...]
-
Página 151
151 Appendix G: Bandwidth Management with QoS G.1 Overview I n a h o m e o r o f f i c e e n v i r o n m e n t , u s e r s c o n s t a n t l y h a v e t o t r a n s m i t d a t a t o a n d f r o m the Internet. When too many are accessing the Internet at the same time, service can slow to a crawl, causing service interruptions and general frustrati[...]
-
Página 152
152 -Prioritization: Assign s different priority levels for different applica tions, prioritizing traffic. High, Normal and Low priority settings. -Outbound and In bound IP Throttli ng: Controls net work traffi c and allows y ou to limit the speed of each application. -DiffServ T echnology: Manages priority queues and DSCP tagg ing through the Inte[...]
-
Página 153
153 broadband connection. Application Data Ratio (%) Priority On-line game s 30% High Skype 5% High Email 10% High FTP 20% Upload (High), Download (Normal) Other 35% G.4.2 Office Users QoS is also ideal for small bu sinesses using an office server as a web server . With QoS control, web pages served to your customers can be given top priorit y and [...]
-
Página 154
154 FTP 10% Upload (H igh), Downlo ad (Norm al) Other 30% MP3 (Low), MSN (Normal)[...]
-
Página 155
155 Appendix H: Router Setup Examp les H.1 VPN Configuration This section outlines some concrete ex amples on how you can configure BiGuard 2/10 for your VPN. H.1.1 LAN to LAN Branch Office Head Office Local ID IP Address IP Address Data 69.121.1.30 69.121.1.3 Network Any Local Add ress Any Local Address IP Address 192.168.0.0 192.168.1.0 Netmask 2[...]
-
Página 156
156 ID IP Address IP Address Data 69.121.1.3 69.121.1.30 Network Subnet Subnet IP Address 192.168.1.0 192.168.0.0 Netmask 255.255.2 55.0 255.255.255.0 Proposal IKE Pre-shared Ke y 12345678 12345 678 Security Algorithm Main Mode; ESP: MD5 3DES PFS Main ESP MD5 3DES PFS H.1.2 Host to LAN[...]
-
Página 157
157 Single client Head Office Local ID IP Address IP Address Data 69.121.1.30 69.121.1.3 Network Any Local Add ress Any Local Address IP Address 0.0.0.0 192.168.1.0 Netmask 0.0.0.0 255.255.255.0 Remote Secure Gateway Address(or Hostname) 69.121.1.3 69.121.1.30 ID IP Address IP Address Data 69.121.1.3 69.121.1.30 Network Subnet Single Address IP Add[...]
-
Página 158
158 H.2 VPN Concentrator Step 1: Go to Confi guratio n > IPSec and co nfigure the link f rom BiGuard 2/10 Headquarter to BiGuard 2/10 Branch A . 100.100.100. 1 200.200.200. 1 192.168.2.x 192.168.3.x 201.201.201. 1 192.168.4.x Local ID T ype: Subnet Local subnet: 0.0. 0.0 Local mask: 0. 0.0.0 Remote ID T ype: Subn et Remote subnet: 1 92.168.3.0 R[...]
-
Página 159
159 Step 2: Go to Confi guratio n > IPSec and co nfigure the link f rom BiGuard 2/10 Headquarter to BiGuard 2/10 Branch B . Step 3: Go to Config urati on > IPSec and configure the connection from BiGuard 2/10 Branch A t o BiGuard 2/10 Headquarter .[...]
-
Página 160
160 Step 4: Go to Confi guratio n > IPSec and configure the connection from the BiGuard 2/10 Branch B to BiGuard 2/10 Headquarter . Step 5: Click Save Con fig to save all changes t o flash memory . H.3 Intrusion Detection Intr usion Detecti on on Internet Internet Detected! Droppe d BiGuard Safe!! Server Safe!! Hacker DoS A tta ck DoS A t tac k [...]
-
Página 161
161 Step 1: Go to Confi guratio n > Fir ewall > Intrusion Detection and En able the settings. Step 2: Click App ly and then Save Config to save all changes to flash memory . H.4 PPTP Remote Access by Windows XP Internet Internet Window s XP PPTP Clien t Internet Internet 100. 10 0.100 .1 Headquarter BiGuard &PPTP Server Bus ine ss Trip PP[...]
-
Página 162
162 Step1: Go to C onf igurat ion > VPN > PPTP and Enable the PPTP functio n, Click Apply . Step2: Click Create to create a PPTP Account.[...]
-
Página 163
163 Step3: Click Apply , y ou can see the account is successfully created. Step4: Click Sav e Config to sa ve all changes to flash memory . Step5: In Windows XP , go Start > Settings > N etwor k Conn ecti ons .[...]
-
Página 164
164 Step6: In Network Tas ks , Click Cr eate a new conn ection , and press Nex t. Step7: Select Connect t o the net work at my w orkplace and press Next .[...]
-
Página 165
165 Step8: Select Virtual Private Ne twork conn ection and press Next . Step9: Input the user-defined name for this connection and press Ne xt .[...]
-
Página 166
166 Step10: Input PPTP Server Address and press Next . Step11: Please press Finish .[...]
-
Página 167
167 Step12: Double click the connection, and input Username and Password th at defined in BiGuard PPTP Account Setting s . PS. Y ou can also refer the Properties > Se curity page as below , by default.[...]
-
Página 168
168 H.5 PPTP Remote Access by BiGuard Internet Internet Internet Internet 100.100. 100.1 Headquarter BiGuard &PPTP S erver PPTP Tunnel Branch Office 200.200.200 .1 BiGuard &PPTP C lient Local subne t: 192.168.30.0 Local mask : 255.255.255.0 Step1: Go to Configur ation > VPN > PPTP and Enable the PPTP function, Disable the Encryption ,[...]
-
Página 169
169 Step3: Click Apply , y ou can see the account is successfully created. Step4: Click Sav e Config to sa ve all changes to flash memory .[...]
-
Página 170
170 Step5: In another BiGuard as Client, Go to Config uration > WAN . Step6: Click Apply , and Save CON FIG .[...]