Billion Electric Company 30 инструкция обслуживания
- Просмотреть online или скачать инструкцию
- 209 страниц
- 12.68 mb
Идти на страницу of
Похожие руководства по эксплуатации
-
Network Card
Billion Electric Company CO1
42 страниц 0.49 mb -
Network Card
Billion Electric Company BiGuard 50G
223 страниц 6.5 mb -
Network Card
Billion Electric Company BIPAC 3012G
5 страниц 0.34 mb -
Network Card
Billion Electric Company BiPAC 2073
9 страниц 2.2 mb -
Network Card
Billion Electric Company BIPAC 7500
12 страниц 0.41 mb -
Network Card
Billion Electric Company 3013G
36 страниц 2.86 mb -
Network Card
Billion Electric Company 30
209 страниц 12.68 mb -
Network Card
Billion Electric Company S100N
2 страниц 2.29 mb
Хорошее руководство по эксплуатации
Законодательство обязывает продавца передать покупателю, вместе с товаром, руководство по эксплуатации Billion Electric Company 30. Отсутствие инструкции либо неправильная информация, переданная потребителю, составляют основание для рекламации в связи с несоответствием устройства с договором. В законодательстве допускается предоставлении руководства в другой, чем бумажная форме, что, в последнее время, часто используется, предоставляя графическую или электронную форму инструкции Billion Electric Company 30 или обучающее видео для пользователей. Условием остается четкая и понятная форма.
Что такое руководство?
Слово происходит от латинского "instructio", тоесть привести в порядок. Следовательно в инструкции Billion Electric Company 30 можно найти описание этапов поведения. Цель инструкции заключается в облегчении запуска, использования оборудования либо выполнения определенной деятельности. Инструкция является набором информации о предмете/услуге, подсказкой.
К сожалению немного пользователей находит время для чтения инструкций Billion Electric Company 30, и хорошая инструкция позволяет не только узнать ряд дополнительных функций приобретенного устройства, но и позволяет избежать возникновения большинства поломок.
Из чего должно состоять идеальное руководство по эксплуатации?
Прежде всего в инструкции Billion Electric Company 30 должна находится:
- информация относительно технических данных устройства Billion Electric Company 30
- название производителя и год производства оборудования Billion Electric Company 30
- правила обслуживания, настройки и ухода за оборудованием Billion Electric Company 30
- знаки безопасности и сертификаты, подтверждающие соответствие стандартам
Почему мы не читаем инструкций?
Как правило из-за нехватки времени и уверенности в отдельных функциональностях приобретенных устройств. К сожалению само подсоединение и запуск Billion Electric Company 30 это слишком мало. Инструкция заключает ряд отдельных указаний, касающихся функциональности, принципов безопасности, способов ухода (даже то, какие средства стоит использовать), возможных поломок Billion Electric Company 30 и способов решения проблем, возникающих во время использования. И наконец то, в инструкции можно найти адресные данные сайта Billion Electric Company, в случае отсутствия эффективности предлагаемых решений. Сейчас очень большой популярностью пользуются инструкции в форме интересных анимаций или видео материалов, которое лучше, чем брошюра воспринимаются пользователем. Такой вид инструкции позволяет пользователю просмотреть весь фильм, не пропуская спецификацию и сложные технические описания Billion Electric Company 30, как это часто бывает в случае бумажной версии.
Почему стоит читать инструкции?
Прежде всего здесь мы найдем ответы касательно конструкции, возможностей устройства Billion Electric Company 30, использования отдельных аксессуаров и ряд информации, позволяющей вполне использовать все функции и упрощения.
После удачной покупки оборудования/устройства стоит посвятить несколько минут для ознакомления с каждой частью инструкции Billion Electric Company 30. Сейчас их старательно готовят или переводят, чтобы они были не только понятными для пользователя, но и чтобы выполняли свою основную информационно-поддерживающую функцию.
Содержание руководства
-
Страница 1
BiGuard 30 iBusiness Security Gateway SMB User ’ s Manual V ersion Release 7.01 (FW:1.06p)[...]
-
Страница 2
2 BiGuard 30 User’s Manual (Updated March 28, 2007) Copyright Information © 2007 Billion Electric Corporation, Ltd. The contents of this publication may n o t be reproduced in whole or in part, transcribed, stored, tr anslated, or transmi tted in any form or any means, without the prior written con sent of Billion Electric Corporation. Published[...]
-
Страница 3
3 Safety Warnings Y our BiGuard 30 is built for reliability and long service life. For your safety , be sure to read and follow the fol lowing safety w arnings. • Read this installation guide thoroughly bef ore attempting to set up your BiGuard 30. • Y our BiGuard 30 is a complex electronic device. DO NO T open or attempt to repair it yourself [...]
-
Страница 4
4 Table of Contents Chapter 1: Introduction 1.1 Overview 1.2 Product Highlights 1.2.1 Increased Bandwidth, Scalability and Resilience 1.2.2 Virtual Private Network Support 1.2.3 Advanced Firewall Security 1.2.4 Intelligent Bandwidth Management 1.3 Package Contents 1.3.1 Front Panel 1.3.2 Rear Panel 1.3.3 Rack Mounting 1.3.4 Cabling Chapter 2: Route[...]
-
Страница 5
5 2.6.1 General VPN Setup 2.6.2 VPN Planning - Fail Over 2.6.3 Concentrato r Chapter 3: Getting Started 3.1 Overview 3.2 Before You Begin 3.3 Connecting Your Router 3.4 Configuring PCs for TCP/IP Networking 3.4.1 Overview 3.4.2 Windows XP 3.4.2.1 Configuri ng 3.4.2.2 Verifying Settings 3.4.3 Windows 2000 3.4.3.1 Configuri ng 3.4.3.2 Verifying Setti[...]
-
Страница 6
6 4.2.5 IPSec Status 4.2.6 PPTP Status 4.2.7 Traffic Stati stics 4.2.8 System Log 4.2.9 IPSec Log 4.3 Quick Start 4.3.1 DHCP 4.3.2 Static IP 4.3.3 PPPoE 4.3.4 PPTP 4.3.5 Big Pond 4.4 Configuration 4.4.1 LAN 4.4.1.1 Ethernet 4.4.1.2 DHCP Server 4.4.1.3 LAN Address Mapping 4.4.2 WAN 4.4.2.1 ISP Settings 4.4.2.1.1 DHCP 4.4.2.1.2 Static IP 4.4.2.1.3 PP[...]
-
Страница 7
7 4.4.4.8 Email Alert 4.4.5 Firewall 4.4.5.1 Packet Filter 4.4.5.2 URL Filter 4.4.5.3 LAN MAC Filter 4.4.5.4 Block WAN Request 4.4.5.5 Intrusion Detection 4.4.6 VPN 4.4.6.1 IPSec 4.4.6.1.1 IPSec Wizard 4.4.6.1.2 IPSec Policy 4.4.6.2 PPTP 4.4.7 QoS 4.4.8 Virtual Server 4.4.8.1 DMZ 4.4.8.2 Port Forwarding Table 4.4.9 Advanced 4.4.9.1 Static Route 4.4[...]
-
Страница 8
8 5.2.3.3 Java Permissions 5.3 WAN Interface 5.3.1 Can’t Get WAN IP Ad dress from the ISP 5.4 ISP Connection 5.5 Problems with Date and Time 5.6 Restoring Factory De faults Appendix A: Product Specifications Appendix B: Customer Support Appendix C: FCC Interference Statement Appendix D: Network, Routing, and Firewall Basics D.1 Network Basics D.1[...]
-
Страница 9
9 E.2 What is IPSec? E.2.1 IPSec Security Components E.2.1.1 Authentication Header (AH) E.2.1.2 Encapsulating Security Payload (ESP) E.2.1.3 Security Associations (SA) E.2.2 IPSec Modes[...]
-
Страница 10
10 E.2.3 Tunnel Mode AH E.2.4 Tunnel Mode ESP E.2.5 Internet Key Exchange (IKE) Appendix F: IPSec Logs and Events F.1 IPSec Log Event Categories F.2 IPSec Log Event Table Appendix G: Bandwidth Management with QoS G.1 Overview G.2 What is Quality of Service? G.3 How Does QoS Work? G.4 Who Needs QoS? G.4.1 Home Users G.4.2 Office Users Appendix H: Ro[...]
-
Страница 11
11 Chapter 1: Introduction 1.1 Overview Congrat ulations on purchasi ng BiGuard 30 R outer from Billion. Combining a router with an Ethe rnet network switch, BiGuard 30 is a stat e-of -the-art devi ce that provides everything yo u need to get your ne twork connected to the Internet ov er your Cable or DSL connection quickly and easil y . The Quick [...]
-
Страница 12
12 connections are possible on BiGuard 30, with performance of up to 10 Mbps. 1.2.3 Advanced Firewall Security Aside from intelligent broadband sharing, BiGuard 30 offers in tegrated firewall protection with adv anced fe atures to secure y our network from outside attacks. Stateful P acket Inspection (SPI) de termines if a data packet i s permitted[...]
-
Страница 13
13 LED Function Power A solid light indicates a steady connection to a power source. Status A blinking light indicates the device is writing to flash memory. LAN 1 – 8 Lit when connected to an Ethernet device. 10/100M : Lit green when connected at 100Mbps. Not lit when connected at 10Mbps. Link/ACT: Lit when device is connected. Blinking when dat[...]
-
Страница 14
14 Port Function 1 RESET To reset the device and restor e factory default settings, after the device is fully booted, press and hold RESET until the Status LED begins to blink. 2 WAN2 WAN2 10/100M Ethernet port (w ith auto crossover support); connect xDSL/Cable modem here. 3 WAN1 WAN1 10/100M Ethernet port (w ith auto crossover support); connect xD[...]
-
Страница 15
15 1.3.4 Cabling Most Ethernet networks cu rrently use unshielded tw isted pair (UTP) cabling. The UTP cable contains eigh t conductors, arr anged in four twisted pairs, and terminated with an RJ45 t ype connector . One of the most common causes of networking problems is bad cabling. Make sure that all connected devices are turned on. On the front [...]
-
Страница 16
16 Chapter 2: Router Applications 2.1 Overview Y our BiGuard 30 router is a versatile device t hat can be configured t o not only protect your network from malicious attack ers, but also ensure optimal usage of available bandwidth with Quality of Service (QoS) and both Inbound and Outbo und Load Balancing. Altern atively , BiGuard 30 can also be se[...]
-
Страница 17
17 2.2.2 QoS Policies for Different Applications By setting differen t QoS policies according to the applicatio ns you are running, you can use BiGuard 30 to optimiz e the bandwidt h that is being used on your network. As illustrated in the diagram above, applications such as V oiceover IP (V oIP) requ ire Restricted PC Normal PCs Vo I P[...]
-
Страница 18
18 low network laten cies to function properly . If bandwidth is being used by other applications such as an FTP server , users using V oIP will experience netw ork lag and/or service interruption s during use. T o avoid this scenario, this network has assigned V oIP with a guaranteed bandwidt h and higher priority to ensure smooth communications. [...]
-
Страница 19
19 policies for differen t PCs on the network. Policy based traffic shaping lets you better manage your bandwidth, providing reliable In ternet and network service to your organization. 2.2.5 Priority Bandwidth Utilization Assigning priority to a certain serv ice allo ws BiGuard 30 to give either a higher or lower priority to traffic from this part[...]
-
Страница 20
20 2.2.6 Management by IP or MAC address BiGuard 30 can also be configured to apply tr affic policies based on a particular IP or MAC address. This allow s you to quickly assign differen t traffic policies to a specific computer on the network. 2.2.7 DiffServ (DSCP Mar king)[...]
-
Страница 21
21 DiffServ (a.k .a. DSCP Marking) allows you to classify t raffic based on IP DSCP v alues. Other interfaces can match tr affic ba sed on the DSCP markings. DSC P markings are used to decide how packets sho uld be tr eated, and is a useful tool to give precedence to varying t ypes of data. 2.2.8 DSCP (Matching) Just like the DSCP M arking, DSCP is[...]
-
Страница 22
22 In the above example, PC 1 (I P_192. 168.2.2 ) and PC 2 (IP_192.168.2.3) are connected to the Internet via W AN1 (I P_230 .100.100.1) on BiGuard 30. Sho uld WAN1 fai l, Outbound F ail Over tells BiGuard 30 to reroute outgoi ng traffi c to W AN2 (IP_213.10.10.2). Configuring your BiGuar d 30 for Outbound F ail Over provides a more reliable connec[...]
-
Страница 23
23 In the above example, PC 1 (I P_192. 168.2.2 ) and PC 2 (IP_192.168.2.3) are connected to the Internet via W AN1 (IP_230.1 00.100.1) and W AN2 (IP_213.10.10.2) on BiGuard 30. Y ou can co nfigure BiGuard 30 to balance the load of each WA N port with one of two mechanisms: 1. Session (by session/by traffic/weight of link capability) 2. IP Hash (by[...]
-
Страница 24
24 In the above example, an FTP Server (IP_192.168.2.2) and an HT TP Server (IP_192.168.2.3) are connected to the I nternet via W AN1 (ftp.billion.dyndns.org) on BiGuard 30. A remote computer is trying to access these servers via the Internet. Under normal circumstances, the remote compu ter will gain access to the network via WAN1. Should WAN1 fai[...]
-
Страница 25
25 In the above example, an FTP server (IP_192.168.2.2) and an HT TP server (IP_192.168.2.3) are connected to the I nternet via W AN1 (www.billion2.dyndns.org) an d W AN2 (www.billion3.dyndns.org) on BiGuard 30. Re mote PCs are attempting to access the serv ers via the Internet. Usi ng Inbound Load Balancing, BiGuard 30 can direct inco ming request[...]
-
Страница 26
26 DNS Inbound is a three step process. First, a DNS request is made to the router via a remote PC. BiGuard 30, based on sett ings specified by the user , will direct the requesting PC to the correct W AN port by replying the selected W AN IP address through the bui lt-i n DNS server . The remote PC then accesses the network via the specified WAN p[...]
-
Страница 27
27 In the above example, an FTP Server (IP_192.168.2.2) and an HT TP Server (IP_192.168.2.3) are connected to the I n ternet via W AN1 (IP_200.20 0.200.1) on BiGuard 30. A remote computer is trying to access these servers via the Internet, and makes a DNS request. The DNS request ( www .mydomain.com ) will be sent through WAN1 (200.200.200.1) to th[...]
-
Страница 28
28 In the above example, an FTP server (IP_192.168.2.2) and an HT TP server (IP_192.168.2.3) are connected to the I nternet via W AN1 (IP_200.200.200.1) and WAN2 (IP_1 00.100.100.1) on BiGuard 30. R e mote PCs are attempting to access the servers via the Internet by making a DNS request, entering a URL (www.m ydomain.com). Using a load balanc ing a[...]
-
Страница 29
29 In the example above, the client is making a DNS reques t. The request is sent to the DNS server of BiGuard 30 through WAN2 (1). W AN2 will route th is request to the embedded DNS server of BiGu ard 30 (2). BiGuard 30 will analyze the bandwidth of both WAN1 and W AN2 and decide which WAN IP to repl y to the request ( 3). After the decision is ma[...]
-
Страница 30
30 The following section discusses Virtual Private Networking with BiGuard 30. 2.6.1 General VPN Setup There are typically thr ee different VPN scenarios. The first is a Gateway to Gateway setup, where two remote gatewa ys communicate o ver the Internet vi a a secure tunnel. The next type of VPN setup is the G ateway to Multiple Gateway setup, wher[...]
-
Страница 31
31 planning. The foll owing sections de monstrate the va rious wa ys of using BiGuard 30 to setup your VP N. 2.6.2 VPN Planning - Fail Over Configurin g your VPN with F ail Over allow s BiGuard 30 to automatically def ault to W AN2 should W AN1 fai l. Because the dynamic domain name biguard.bi llion.com is configured fo r both W AN1 and WAN2, the a[...]
-
Страница 32
32 Configurin g BiGuard 30 for F ail Over provides added reliability to your VPN. 2.6.3 Concentrato r The VPN Concentr ator provides an easy way for branch offices to connect to headquarter through a VPN tunnel . All br anch office tr affic will be redirected to the VPN tunnel to headquarter with the exceptio n of LAN-side tr affic. This way , all [...]
-
Страница 33
33 Chapter 3: Getting Started 3.1 Overview BiGuard 30 is designed to be a powe rful and flexible network device that is also easy to use. With an intu itive web-based configu ration, BiGuard 30 allows you to administer your network via virt ually any Java-enabled web browser and is fully compatible with Linux, Mac OS, an d Windows 98/Me/NT/2000/XP [...]
-
Страница 34
34 password for security reason. 4. Prepare to physically connect BiGuard 30 to Cable or DSL modems and a computer . Be sure to also review the Safety Warn ings located in the preface of this m anual before working with your BiGuard 30. 3.3 Connecting Your Router Connecting BiGuard 30 is an easy three-step process: 1. Connect BiGuard 30 to y our LA[...]
-
Страница 35
35 3.4 Configuring PCs for TCP/IP Networking Now that your BiGuard 30 is connected properly t o your network, it’s time to configure your net worked PC s for T CP/IP networking. In order for your network ed PCs to communi cate with your router , they must have the following characteristics: 1. Have a properly installed and f unctioning Eth ernet [...]
-
Страница 36
36 - Mac OS 7 and later If you are using Windows 3.1, you must pu rchase a third-party TCP/IP application package. Any T CP/IP capable workstation can be used to communicate wi th or through BiGuard 30. T o configure other types of workstations, please consult the manufacturer’ s documentation. 3.4.2 Windows XP 3.4.2.1 Configuri ng 1. Select Star[...]
-
Страница 37
37 3. Select Internet Protocol (TCP/IP) and click Properties . 4a. T o have your PC obtain an IP address au tomatically , select t he Obtain an IP[...]
-
Страница 38
38 address automaticall y and Obtain DNS server address aut omatically rad io buttons. 4b. T o manually assign your PC a fix ed IP address, select the Use the followin g IP address r adio button a nd enter your desired IP ad dress, subnet mask, and default gateway in the blanks provided. R emember that your PC must reside in the same subnet mask as[...]
-
Страница 39
39 3.4.2.2 Verifying Settings T o verify your setting s using a command prom pt: 1. Click Start > Programs > Accessories > Command Prompt . 2. In the Command Pro mpt window , type ipco nfig and then press ENTER . If you are using BiGuard 30’ s default settings, your PC should have:[...]
-
Страница 40
40 - An IP address between 192.168.1.1 and 192 .168.1.253 - A subnet mask of 255.255.255.0 T o verify your setting s using the Windows XP GUI: 1. Click Start > Settings > Network Connections .[...]
-
Страница 41
41 2. Right click one of the networ k connections listed and select Status from the pop-up menu. 3. Click the Support tab .[...]
-
Страница 42
42 If you are usi ng BiGuard 30’ s defaul t settings, yo ur PC should: - Have an IP address be tween 192.168.1.1 and 192.168.1.253 - Have a subnet mask of 255.255.255.0 3.4.3 Windows 2000 3.4.3.1 Configuring 1. Select Start > Settings > Cont rol Panel .[...]
-
Страница 43
43 2. In the Cont rol Panel window , double-click Network and Dial-up Connections . 3. In Network and Dial-up Connections, double -click Local Area Connection .[...]
-
Страница 44
44 4. In the Local Area Connection window , click Properties . 5. Select Internet Protocol (TCP/IP) and cl ick Properties .[...]
-
Страница 45
45 6a. T o have your PC obtain an IP address au tomatically , select t he Obtain an IP address automaticall y and Obtain DNS server address aut omatically rad io buttons. 6b. T o manually assign your PC a fixed IP address, select the Use the following IP address r adio button a nd enter your desired IP ad dress, subnet mask, and default gateway in [...]
-
Страница 46
46 7. Click OK to finish the configurati on. 3.4.3.2 Verifying Settings 1. Click Start > Programs > Accessories > Command Prompt .[...]
-
Страница 47
47 2. In the Command Pro mpt window , type ipco nfig and then press ENTER . If you are using BiGuard 30’ s default settings, your PC should have: - An IP address between 192.168.1.1 and 192 .168.1.253 - A subnet mask of 255.255.255.0[...]
-
Страница 48
48 3.4.4 Windows 98 / Me 3.4.4.1 Installing Components T o prepare Windows 98/Me PCs for T CP/IP networking, you may need to manually install TCP/IP on each PC. T o do this, follow the steps below. Be sure to have your Windows CD handy , as you may need to insert it during the inst allation process. 1. On the Windows tas kbar , select Start > Se[...]
-
Страница 49
49 Y ou mu st have the follow ing installed:[...]
-
Страница 50
50 - An Ethernet adapter - TCP/IP pr otocol - Client for Microsoft Networks If you need to in stall a new Ethern et adapter , follow these steps: a. Click Add . b. Select Adapter , then Add . c. Select the manufactu rer and model of your Ethernet adapt er , then click OK .[...]
-
Страница 51
51 If you need TCP/IP: a. Click Add . b. Select Protocol , then click Add .[...]
-
Страница 52
52 c. Select Microsoft . Æ TCP/IP , then OK . If you need Client for Microsoft Networks: a. Click Add .[...]
-
Страница 53
53 b. Select Client , then click Add . c. Select Microsoft . Æ Client for Microsoft Networks , and then click OK . 3. Re start your PC to a pply your changes. 3.4.4.2 Configuring 1. Select Start > Settings > Cont rol Panel .[...]
-
Страница 54
54 2. In the Con trol Panel, double-click Network and choose the Confi guratio n tab.[...]
-
Страница 55
55 3. Select TCP / IP > ASUSTek or the name of any Network Interface Card (N IC) in your PC and click Properties . 4. Select the IP Address tab and click the Obtain an IP address au tomatic all y radio butto n.[...]
-
Страница 56
56 5. Select the DNS Conf igura tion tab and select the Disable DN S r adio button. 6. Click OK to apply the configurati on.[...]
-
Страница 57
57 3.4.4.3 Verifying Settings T o ch eck the TCP/IP configuration, use the winipcfg.exe utility: 1. Select Start > Run . 2. T y pe winipcfg , and then click OK. 3. From the drop-down bo x, se lect your Ethernet adapter .[...]
-
Страница 58
58 The window i s updated to show your settings. Us ing the defaul t BiGuard 30 settings, your PC should h ave: - An IP address between 192.168.1.1 and 192 .168.1.253 - A subnet mask of 255.255.255.0 - A default gatewa y of 192.168.1.254 3.5 Factory Default Settings Before configuring your BiGuard 30, you need to know the following default settings[...]
-
Страница 59
59 ISP setting in W AN si te: Obtain an IP Address automatically ( DHCP Clie nt) DHCP server: DHCP server is enabled. Start IP Address: 192.168.1.100 End IP Address: 192.16 8.1.199 3.5.1 User Name and Password The default user name and passw ord are "admin" and "admin" respectively . If you ever forget your user name and/or pass[...]
-
Страница 60
60 Before configurin g this device, you have to check with your ISP (Internet Service P r o v i d e r ) t o f i n d o u t w h a t k i n d o f s e r v i c e is provided such as D HCP , St atic IP , PPP oE, or PPTP . The following table out lines each of these protocols: DHCP Configure this WAN interface to use DHCP client protocol to get an IP addre[...]
-
Страница 61
61 If an ISP technician co nfigured yo ur computer or if you c onfigured it usi ng instructions prov ided by your ISP , you n eed to copy the configuration information from your PC’ s Network T C P/IP Properti es wi ndow before reconfiguring yo ur computer for use with B iGuard 30. The follo wing sections descri be how you can obtain this inf orm[...]
-
Страница 62
62 3. In the Network Connections window , right-click Local Area Connection and select Properties . 4. Select Internet Protocol (TCP/IP) and click Properties .[...]
-
Страница 63
63 5. If an IP address , subnet mask and a Default gateway are shown, write down the information. If no address is present, your account’ s IP address is dynamically assigned. Click the Obtain an IP address automatically radio button. 6. If any DNS ser ver addresses are shown, write them down. C lick the Obtain DNS[...]
-
Страница 64
64 server address automa ti cally r adio button. 7. Click OK to save your changes.[...]
-
Страница 65
65 3.7 Web Configuration Interface BiGuard 30 includes a W eb Configur ation Inte rface for easy administr ation via virtually any browser on your network. T o access th is interface, open your web browser , enter the IP address of your ro uter , which by default is 192.168 .1.254, and click Go . A user name and password wind ow prompt will appear [...]
-
Страница 66
66 Chapter 4: Router Configuration 4.1 Overview The W eb Configuration Interface makes it ea sy for you to manage your net work via any PC connected to it. On the W eb Configur atio n homepage, you will see the navigation pane l ocated on the left ha nd si de. From it, you will be able to select various opti ons used to configure y our router . 1. [...]
-
Страница 67
67 access the page after a user-defined period (5 minutes by default). The following sectio ns will show y ou how to configure y our router usin g the W eb Configurati on Interface. 4.2 Status The Status menu displays the v arious option s that have been se lected and a number of statistics about your BiGuard 30. In t his menu, you w ill find the f[...]
-
Страница 68
68 No.: Numbe r of the list. IP Address: A list of IP addresses of devices on yo ur LAN. MAC Address: The Media Access Co ntrol (MAC) addresses for each device on your LAN. Interface: The interface name (on the router) that this IP address connects to. Static: Static status of the ARP table entry . NO indicates dynami cally-gener ated ARP table ent[...]
-
Страница 69
69 4.2.3 Session Table The NA T Session T able displays a list of current sessions for both inco ming and outgoing tr affic with protoc ol type, source IP , source port, destination IP and destination port, each page shows 10 sessions. No.: Numbe r of the list. Protocol: Protocol type of the Session. From IP: Source IP of the session. From port: so[...]
-
Страница 70
70 your network via D ynamic Host Confi gurati on Protocol (DHCP) . No.: Numbe r of the list. IP Address: A list of IP addresses of devices on yo ur LAN. Device Name: The host name (c omputer name) of the client. MAC Address: The MAC address of cl ient. 4.2.5 IPSec Status The IPSec Status window displa ys the status of the IPSec T unnels that are c[...]
-
Страница 71
71 4.2.6 PPTP Status The PPTP Status wi ndow displa ys the status of the PPTP T unnels that are currently configured on your BiGuard 30. Name: The name yo u assigned to t he particular PPTP entr y . Enable: Whether t he PPTP connection is cu rrently Enable or Disable. Status: Whether the PPTP is Activ e, Inactive or Disable. T ype: Whether the Conn[...]
-
Страница 72
72 WAN1: T ransmitted (Tx) and Received (Rx) bytes and packets for WAN1. WAN2: T ransmitted (Tx) and Received (Rx) bytes and packets for WAN2. Display: Allows you to change the units of me asurement for the tr affic gr aph. 4.2.8 System Log This window displays BiGuard 30’ s System Log entries. Major events are logged on this window . Re fresh: R[...]
-
Страница 73
73 Re fresh: R efresh the IPSec Log. Clear Log: Clear the IPSec Log. Send Log: Send IPSec Log to your email account. Y ou can set the email address in Configuration > System > Email Alert . See the Email Alert section for more details. Please refer to Appendix F: IPSec Log Events for more information on log events. 4.3 Quick Start The Quick S[...]
-
Страница 74
74 4.3.2 Static IP IP assigned by your ISP: Enter the assigned IP address from yo ur IP . IP Subnet Mask: Enter your IP sub net mask. ISP Gateway Address: Enter your ISP gatew ay address. Primary DNS: Enter your primary DNS. Secondary DNS: Enter yo ur secondary DNS . Click Apply to save y our changes. T o reset to defaul ts, click Reset . 4.3.3 PPP[...]
-
Страница 75
75 4.3.4 PPTP Username: Enter your user name. Password : Enter your password. Re type Pas sword: R etype yo ur password. PPTP Clie nt IP: Enter the PPTP Client IP pro vided by yo ur ISP . PPTP Client IP Netmask: Enter th e PPTP Client IP N etmask provided by your ISP . PPTP Client IP Gateway: Ent er the PPTP Client IP Gateway provided by your ISP .[...]
-
Страница 76
76 Username: Enter your user name. Password : Enter your password. Re type Pas sword: R etype yo ur password. Login Server: Enter the IP of the Lo gin server provided by your ISP . Click Apply to save y our changes. T o reset to defaul ts, click Reset . For detailed instructions on configurin g WAN settings, please refer to the WAN section of this [...]
-
Страница 77
77 4.4.1 LAN There are three items wi thin this section: Ethernet , DHC P Server and LAN Address Mapping. 4.4.1.1 Ethernet IP Address: Enter the internal LAN IP address for BiGuard 30 (192.168.1.254 by default). Subnet Mask: Enter the subnet ma sk (255.255.255.0 by default). RIP: RIP v2 Broadcast and RIP v2 Multicast. Check to enable RIP .[...]
-
Страница 78
78 4.4.1.2 DHCP Server In this menu, yo u can disabl e or enable the Dynamic Host Co nfigur ation Protocol (DHCP) server . The DHCP protocol allows your BiGuard 30 to dy namically assign IP addresses to PCs on your network if they are configured to aut omatically obtain IP addresses. T o disable the router ’ s DHCP Server , select the Disable rad[...]
-
Страница 79
79 Name: Enter the name you want to give for the IP+Mac Address Fix ed Host account. Active: Select whether you wan t to Enable or Disable this particular Fixed Host account. IP Address: Enter the IP address that you w a nt to reserve for the above MAC address. MAC Address: Enter the MAC address of the PC or server you wish to be assigned a reserve[...]
-
Страница 80
80 Please click Create to create a LAN Address Mapping rule. Name: Please input the name of the rule. IP Address: Please input the LAN Gate way I P Address you would lik e to use. Netmask: Please input the Netmask you would like to us e. WAN IP Add ress: Please click Candidates to select the W AN IP a ddress you would like to use from WAN Alias lis[...]
-
Страница 81
81 The W AN menu contains two items: ISP Settings , Bandwidth Settings and WAN IP Alias . 4.4.2.1 ISP Settings This W AN Servi ce T able displays th e different W AN conne ctions that are configured on BiGuard 30. T o edit any of these connections, click Edit . Y ou will be taken to the following menu.[...]
-
Страница 82
82 Connection Meth od: Select how your router will connect t o the Internet. Selection s include Obtain an IP Address Automatically , Static IP Settings , PPPoE Settings , PPTP Settings , and Big Pond Settings . F or each WAN port, the factory default is DHCP . If your ISP does not use DHCP , select the correct connection method and configure the c[...]
-
Страница 83
83 and enter your primary and secondary DNS . RIP: T o activate RIP , select Send , Recei ve , or Both from the drop down menu. T o disable RIP , select Disa ble from the drop down menu. MTU: Enter the Max imum T ransmission Unit (MTU) f or your network. Network Address T ranslation: Enables or Di sables the NA T function. T o apply this interface [...]
-
Страница 84
84 would like to use router mode, you have to input the packet filter rules you wo uld like to forward in Configuration -> Firewall -> Packet filter Click Apply to save y our changes. T o reset to defaul ts, click Reset . 4.4.2.1.3 PPPoE Username: Enter your user name. Password : Enter your password. Re type Pas sword: R etype yo ur password.[...]
-
Страница 85
85 MAC Address: If your ISP requ ires you to input a WAN Ethern et MAC, check the checkbox and enter your MA C address in the blanks below . Candidates: Y o u can also select the MAC address from the list in the Candidat es. DNS: If your ISP requires you to manu ally setup DNS setting s, check the checkbox and enter your primary and secondary DNS .[...]
-
Страница 86
86 PPTP Client IP Gateway: Ent er the PPTP Client IP Gateway provided by your ISP . PPTP Server IP: E nter the PPTP Serv er IP provided by your ISP . Connection: Select w hethe r the connection should Always Con nect or Trigger on Demand . If yo u want the router to establi sh a PPTP session when star ting up and to automatically re-establish the P[...]
-
Страница 87
87 Username: Enter your user name. Password : Enter your password. Re type Pas sword: R etype yo ur password. Login Server: Enter the IP of the Lo gin server provided by your ISP . MAC Address: If your ISP requ ires you to input a WAN Ethern et MAC, check the checkbox and enter your MA C address in the blanks below . Candidates: Y o u can also sele[...]
-
Страница 88
88 bandwidth for each WA N port. W AN1: Enter yo ur ISP inbound a nd outbound b andwidth for W AN1. W AN2: Enter yo ur ISP inbound a nd outbound b andwidth for W AN2. NO TE: These values entered here are refe renced by both QoS and Load Balancing functions. 4.4.2.3 WAN IP Alias WAN IP Alias allows you to input addition al WAN IP addresses. W AN IP [...]
-
Страница 89
89 Name: Please input the name of the rule. IP Address: Please input the additional W AN IP address you would lik e to use. Interface: Please select th e W AN Interface that you would like to add the additional WAN I P t o. Click the Apply button to add the configur ation into the W AN IP Alias. 4.4.3 Dual WAN In this section, you can setup the fai[...]
-
Страница 90
90 Mode: Y ou can select L oad Balance or F a il Over . Service Detection: En ables or disables the service detection feature. For fail over , the service detection fun ction is enabled. For load balance, user is able to enable or disable it. Connectivity Decisi on: Establishes the num ber of times probing the connection has to fail before the conn[...]
-
Страница 91
91 Outbound Load Balancing on BiGuard 30 can be based on one of two methods: 1. By session mechanism 2. By IP address hash mechanism Choose one by clicking the corresponding r adio button. Based on Session Mechanism: The source IP address and destination IP address might go through WAN1 or W AN2 according to policy settings in this mechanism. Y ou [...]
-
Страница 92
92 authenticate the source IP addres s. Balance by weight of lin k capacity: Uses an IP hash to balance tr affic based on weight of link ba ndwidth capaci ty . Balance by weight: U ses an IP hash to bal ance traffi c based on a r atio . Enter the desired ra tio into the blanks pro vided. Click Apply to save your c hanges. 4.4.3.3 Inbound Load Balan[...]
-
Страница 93
93 SOA: Domain Name: The domain name of DNS Server 1. It is the name that you register on DNS organizat ion. Y ou have to fill-out the Fu lly Qualified Do main Name (FQDN) with an ending character (a dot) for this text fiel d.(ex:abc.com.).When y ou enter the follow ing domain name, you can only inpu t different chars with out an ending dot, its na[...]
-
Страница 94
94 T o edit t he Host Mapping URL list, click Edit . This w ill open the Host Mapping URL table, which lists the c urrent Host Mapping UR Ls. T o add a host mapping URL to the list, click Create . Domain Name: The domain name of the local host. Host URL: The URL to be mapped. Private IP Address: The IP address of the local host. Helper: Y ou could [...]
-
Страница 95
95 Port R ange: The port r ange of all incomi ng packets are accepted and processed by a local host with the specif ied private IP address. Candidates: Y o u can also select the Ca ndidates which are referred from t he ARP table for automatic input. Name1: The Alias Host URL Name2: The Alias Host URL Click Apply to save your c hanges. 4.4.3.4 Proto[...]
-
Страница 96
96 Interface: Choose which W AN port to use: W AN1, W AN2 Pack et T ype: The particular protocol of Internet traffic for the specified policy . Choose from TC P , UDP , or An y . Source IP R ange: All Source IP: Click it to specify all source IPs. Specified Source IP: Click to specify a sp ecific source IP address and source IP netmask. Source IP A[...]
-
Страница 97
97 4.4.4 System The System menu allows you to adjust a v ariety of basic router settings, upgr ade firmware, set up remote access, an d more. In this menu are the following sections: Time Zone , Remote Access , Firmware Upgrade , Backup /Res tore , Restart , Password , System Log an d E-mail Alert . 4.4.4.1 Time Zone BiGuard does not use an onboard[...]
-
Страница 98
98 Time Z one: Select Enab le or Disable this f unction. Local Time Z one(+-GMT Time): Please select the time zone that belongs to your area. NTP Server Address: Please input the NTP serv er address you would lik e to use. Daylight Sa ving: T o hav e BiGuard 30 automaticall y adjust for Dayli ght Savings Time, please check the Automatic checkbo x. [...]
-
Страница 99
99 Allow Re mote Access By: Everyone: Please check if you allow any IP addresses for the remote user to access. Only the PC: Please specify the IP A ddress that is allowed to access. PC from the subnet: Please specify th e subnet that is allowed t o access. 4.4.4.3 Firmware Upgrade Upgrading y our BiGuard 30’ s firmw are is a quick and easy way t[...]
-
Страница 100
100 functionality , better reliability , and ensure trouble-f ree operation. T o upgrade your firmware, simpl y visit Billion’ s website ( http://www.billion.com ) and dow nload the latest firmware image file for BiGu ard 30. Next, click Browse and select the newly downloaded firmw are file. Click Upgrade to complete the update. NOTE: DO NO T pow[...]
-
Страница 101
101 T o rest ore a previously saved backup file, cl ick Browse . Y ou will be prompted to select a file from yo ur PC to restore. Be su re to only restore setti ng files that ha ve been genera ted by the Backup function, a n d that were created when using the same firmware version. Setting s files saved to your PC should not be manually edited in a[...]
-
Страница 102
102 In order to prevent unauth orized access to your router ’ s configuration interface, it requires the admini strator to l ogin with a password. Y ou can change your pass word by entering your new password in both fields. Click Apply to save your c hanges. Click Reset to reset to the defaul t administr ation passwor d (admin). 4.4.4.7 System Lo[...]
-
Страница 103
103 activity . T o enable this functi on, select the Enable r adio button and enter your Syslog server IP addres s in the Log Server IP Address field. Click Apply to save your changes. T o disable this featur e, simply select the Disable r adio button and click Apply . 4.4.4.8 E-mail Alert The Email Alert function allows a log of se curity-related [...]
-
Страница 104
104 the five options: Immediately: The router will send an alert immediat ely . Hourly: The router will send an alert once ev ery hour . Daily: T h e r o u t e r w i l l s e n d a n a l e r t o n c e a day . The exact time can be specified using the pu ll down menu. Weekly: The router will send an alert once a week. When log is full: The router wil[...]
-
Страница 105
105 The Pack et Filter function is used to limit user access to ce rtain sites on the Internet or LAN. The Filt er T able displays all current filter ru les. If there is an ent ry in the Filter T ab le, you can click Edit to modify the setting of th is entry , click Delete to remove this entry , or click Move to change this entry’ s priority . Wh[...]
-
Страница 106
106 applications accessing your local n etwork from the In ternet. Outgoin g P acket Filter rules prevent unauthorized computers or a pplications accessing the Internet. Select if the new filter ru le is incoming or outgoin g. Source IP: Select An y , Subnet , IP Range or Single Address . Starting IP Address: Enter the source IP or starting source [...]
-
Страница 107
107 The URL Filter is a powerful t ool that can be used to limit access to certain URLs on the Internet. Y ou can block we b sites based on k eywords or even block out an e ntire domain. Certain web features ca n also be blocked to gr ant added security to your network. URL Filtering: Y ou can choose to Enable or Disable this feature. K eyword Filt[...]
-
Страница 108
108 Domains Filtering: Click the top checkb ox to enable this feature. Y ou can also choose to disable all web tr affic except for tr usted sites by clicking the bottom checkbox. T o edit t he list of filtered domain s, click Details. Enter a domain and select whether this domain is trusted or forbidden w ith the pull-down menu. Next, click Apply .[...]
-
Страница 109
109 Enter a name for the IP Address and then enter the I P address itself . Click Ap ply to save your changes. The IP address will be ent ered into the Exception List, an d excluded from the URL f iltering rules in effect. 4.4.5.3 LAN MAC Filter LAN Mac Filter can decide that BiGuard will serve those dev ices at LAN side or not by MAC Address. Defa[...]
-
Страница 110
11 0 Create: Y ou can also input a specified MAC Add ress to be dropped or F orward without depending on the default rule. Rule: Enable or disable this ent ry . Action When Matched: Select to Drop or For ward the packet specified in this filter entry . MAC Address: The MAC Address you would like to apply . Candidates: Y ou can also select the Candi[...]
-
Страница 111
111 Blocking W AN requests is one w ay to prev ent DDOS attac ks by preve nting ping requests from the Internet . Use t his menu to enable or di sable function. 4.4.5.5 Intrusion Detection Intrusion Detection can prevent most common DoS attacks from the Internet or from LAN users. Intrusion Detection : Enable or disable this function. Intrusion Log[...]
-
Страница 112
11 2 Limit Maximum sessions per IP to (with reject an d dr op opti ons ): Jus t like the previous option, this option expands on w hat to do with additional sessions above the maximum limit. Y ou can either rej e ct the additional se ssions for a period of time or just drop all packets from those sessions for a period of time. 4.4.6 VPN VPN is a wa[...]
-
Страница 113
11 3 Connection Name: A user-defin ed name for the connection. Interface: Select t he interface the IP Sec tunnel will apply to. WAN1: Select interface WAN1 WAN2: Select interface WAN2 Auto: The devi ce will automatically apply t he tunnel to W AN1 or W AN 2 depending on which WAN interface is active when the IPSec tunn el is being established. Not[...]
-
Страница 114
11 4 Secure Gateway Address (or Domain Name ): The IP address or hostname of the remote VPN gatewa y . Re mote Network: The subnet of the remote network. Allows y ou to enter an IP address and netmask. Back: Back to the Previous page. Next: Go to the next page. (2)LAN to Mobile LAN: BiGuard would lik e to establish an IPSec VPN tunnel with remote r[...]
-
Страница 115
11 5 Re mote Identifier: The Identifi er of the remote gatewa y . According to the input value, the ID type will be auto-defi ned as IP Address, FQDN(DNS) or FQ UN(E-mail). Re mote Network: The subnet of the remote network. Allows y ou to enter an IP address and netmask. Back: Back to the Previous page. Next: Go to the next page. (3)LAN to Host: Bi[...]
-
Страница 116
11 6 remote VPN device that is connected and establishes a VPN tunnel. Back: Back to the Previous page. Next: Go to the next page. (4)LAN to Mobile Host: BiGuard would lik e to establish an IPSec VP N tunnel with remote client software using Dynamic In ternet IP by using aggressive mode. Re mote Identifier: The Identifi er of the remote gatewa y . [...]
-
Страница 117
11 7 VPN Client IP Address: The VPN C lient Address for BiGuard VPN Client, this value will be applied on both remote I D and Remote Network as single address. Back: Back to the Previous page. Next: Go to the next page. After your confi gurati on is done, yo u will see a Configuration Summary . Back: Back to the Previous page. Done: Click Done to a[...]
-
Страница 118
11 8 4.4.6.1.2 IPSec Policy Click Create to create a new IPSec VPN connection account. Configuring a New VPN Connection[...]
-
Страница 119
11 9 Connection Name: A user-defin ed name for the connection. T unnel: Select Enable to activate this tunnel. Sel ect Disable to deacti vate this tunnel. Interface: Select t he interface the IP Sec tunnel will apply to. WAN1: Select interface WAN1 WAN2: Select interface WAN2 Auto: The devi ce will automatically apply t he tunnel to W AN1 or W AN 2[...]
-
Страница 120
120 interface if Aut o is selected. Local: This section configures t he local host. ID: This is the ident ity type of th e local router or host. Choose from the following four options: WAN IP Add ress: Automatically use the current W AN Address as ID . IP Address: Use an IP address format. FQDN DNS(Fully Qualified Domain Name): Consists of a hostna[...]
-
Страница 121
121 Any Local Address: Will enable any local address on the netw ork. Subnet: The subnet of the remote network. Selectin g this option allows you to enter an IP address and netmask. IP Ra nge: The IP Ra ng e of the remote netw ork. Single Address: The IP address of the remote host. Gateway Address: The gatewa y address of the remote host. Proposal:[...]
-
Страница 122
122 negotiation time. Diff ie-Hellman is a public-key cryptography protocol that allows two parties to establish a shar ed secret ov er the Internet. Pre-shared K ey: This is for the Intern et K ey Exchange (IKE) protocol. IKE is used to establi sh a shared security pol icy and authenticated k eys for services (suc h as IPSec) that require a key . [...]
-
Страница 123
123 Local Subnet: Displays I P address and subnet of the local network. Re mote Subnet: Displays IP address and subnet of the remote netw ork. Re mote Gateway: This is the I P address or Domain Name of the remote VPN device that is connected and has an es tablished IPSec tunnel . IPSec Proposal: This is the se lected IPSec security method. 4.4.6.2 [...]
-
Страница 124
124 Connection Name: A user-defin ed name for the connection. T unnel: Select Enable to activate this tunnel. Sel ect Disable to deacti vate this tunnel. Username: Please input the userna me for this account. Password : Please input the password for this account. Re type Pass word: Please repeat the same password as pr evious field. Connection T y [...]
-
Страница 125
125 The first menu screen gives you an overview of which WAN ports currently have QoS active, and the bandwidth settings for each. WA N1 Outbound: QoS Function: QoS status for W AN1 outbound. Select Enable to activ ate QoS for W AN1’ s outgoi ng traffi c. Select Dis able to deacti vate. Max ISP Bandwidth: The maximum bandwidth afforded by the ISP[...]
-
Страница 126
126 Creating a New QoS Rule T o get started using QoS, you will need t o establish QoS rules. These rules tell BiGuard 30 how to handl e both incoming and outgoi ng tr affic. The followi ng example shows you how to configure WAN1 Outbound QoS. Configuring t he other traffic types follows the same process. T o make a new ru le, click Rule T able. Th[...]
-
Страница 127
127 Interface: The current tr affic t ype. This can be W AN1 (ou tbound, inbound) and W AN2 (outbound, i nbound). Application: User defined appli cation name for the current rule . Packet Type: The type of packet this ru le applies to . Choose from Any , TCP , UDP , or ICMP . Guarantee d: The guar anteed amount of bandwidth for this rule as a perce[...]
-
Страница 128
128 Helper: Y ou could also select the application ty pe you would like to apply for automatic input. Click Apply to save your c hanges. For MAC Address: Source MAC Addre ss: The source MAC Address of the de vice this rule applies to. Candidates: Y ou can also select the Candidates whi ch are referred from the ARP table for automatic input. Source [...]
-
Страница 129
129 ports to the PC on your netw ork running th e application. Y ou will also need to us e port forwarding if you want to host an onlin e game server . The reason for this is t hat when using NA T , your publicly accessible IP address will be used by and point to your router , which then needs to deliver all t raffic to the private IP addresses use[...]
-
Страница 130
130 table for automatic input. Select the Apply button to ap ply your change s. 4.4.8.2 Port Forwarding Table Because NA T can act as a "natural" Internet firewall, your router protect s your network from being accessed by outside user s, as all incoming connecti on attempts will point to your router u nless you specifically create Virtua[...]
-
Страница 131
131 Application: User defined appli cation name for the current rule . Helper: Y ou could also select the application ty pe you would like to apply for automatic input. Protocol type: please select protocol type External Port: Enter the port number of the service that will be sent to the Internal IP address. Redirect Port: Enter a new port number f[...]
-
Страница 132
132 advantage of the more adv anced featur es of BiGuard 30. Users who do not understand the features shoul d not attempt to r econfigure their router , unless advised to do so by support sta ff . There are five items within the Adv anced section: Static Route , Dynamic DNS , Device Management , IGMP and VLAN Bridge . 4.4.9.1 Static Route The stati[...]
-
Страница 133
133 Rule: Sele ct Enable to activ ate this rule , Disable to deactiv ate this rul e. Destination: This is the destination subnet IP address. Netmask: This is the subnet mask of the destination IP addresses base d on above destination subn et IP . Gateway: This is the gatewa y IP address to which pack ets are to be forwarded. Interface: Select the i[...]
-
Страница 134
134 Y ou will first need t o register and establish an account with the Dyn amic DNS provider using their website, Example: DYNDNS http://www .dyndns.org/ (BiGuard 30 supports sever al Dynamic DNS providers , su ch as w ww .dynd ns.org , www .orgdns.org , www .dhs.org , www .dyns.cx , www .3domain.hk , www .dyndn s.org , www .3322.org ) Dynamic DNS[...]
-
Страница 135
135 4.4.9.3 Device Management The Device Management Advan ced Configur ation settings allow you t o control your router’s security options and device monitoring features . Device Name Name: Enter a name for this device. Web Server Settings HTTP Port: This is the port number the ro uter’ s embedded web server (for web-based configuration) will u[...]
-
Страница 136
136 SNMP Function: Select Enable to activ ate this functi on, Disabl e to deactiv ate this function. SNMP V1 and V2 Read Community: In put the string for R ead community to match y our SNMP software. Write Community: Input the string for W rite community to match your SN MP software. Trap Community: Input the string for T rap community to match yo [...]
-
Страница 137
137 Click Apply to apply this f unc tion, and please note that the setting will become effective after y ou save to flash and restart th e router . 4.4.9.5 VLAN Bridge This section allows you to create VLAN group and specify th e member. VLAN Mode : Select Disable to disable VLAN mode, select Bridge M ode to use VLAN Bridge function and sel ect Tag[...]
-
Страница 138
138 Tagged Member port( s): Please check the interface th at y ou would lik e to use in this VLAN ID group. Untagged Member port(s): Please check the interface that you would like to use in this VLAN ID group. Click Apply to add this rule. 4.5 Save Configuration To Flash After changing the router’s configuration settings, you must save all of the[...]
-
Страница 139
139 Chapter 5: Troubleshooting 5.1 Basic Functionality This section deals with issues regarding your BiGuard 30’ s basic functions. 5.1.1 Router Won’t Turn O n If the Po wer and other LEDs fai l to ligh t when y our BiGuard 30 is turned on: - Make sure that the power cord is properly connected to your firewa ll and that the power supply adapter[...]
-
Страница 140
140 or workstation. - Make sure that power is tur ned on to the connected hub or worksta tion. - Be sure you are using the correct cable. When connecting the firew all’ s Internet port to a cable or DSL modem, use the cabl e that w as supplied with the cable or DSL modem. This cable could be a standard str aight -through Ethernet cable or an Ethe[...]
-
Страница 141
141 - Check the 10/100 LAN LEDs on BiGuard 30’ s front panel. One of these LEDs should be on. If they are both off , check the ca bles between BiGuard 30 and the hub or PC. - Check the correspondi ng LAN LEDs on y our PC’ s Ethernet device are on. - Make sure that driver softw are for your PC’ s Ethernet adapter and T CP/IP software is correc[...]
-
Страница 142
142 3. Make sur e that the Delete All O ffline Content checkbo x is checked, and click OK . 4. Click OK under Internet Options to close the dialogue. - In Windows, type ar p –d at the command p rompt to clear you computer’ s ARP table.[...]
-
Страница 143
143 5.2.3.1 Pop-up Windows T o use the W eb Configuration Inte rface, you n eed to disable pop-up blocki ng. Y ou can either disable pop-up blocking, whic h is enabled by default in Windows X P Service Pack 2, or create an ex cept ion for your BiGuard 30’ s IP address. Disabling All Pop-ups In Internet Explorer , select Tools > Pop-up Blocker [...]
-
Страница 144
144 3. Under Scripting , check to see if Active scripting is set to Enable . 4. Ensure that Scripting o f J ava applets i s set to Enabl ed . 5. Click OK to close the dialogue. 5.2.3.3 Java Permissions The following Java P ermissions should also be given for the W eb Configuration Interface to display properl y: 1. In Internet Explorer , click Tool[...]
-
Страница 145
145 4. Click OK to close the dialogue. NOTE: If Jav a from Sun Microsystems is installed, scroll d own to Java (Sun) and ensure that the ch eckbox is filled. 5.3 WAN Interface If you are ha ving problems with the W AN Interface, refer to the tips bel ow . 5.3.1 Can’t Get WAN IP Ad dress from the ISP If the W AN IP address cannot be o btained from[...]
-
Страница 146
146 4. Check to see that the WA N port is properly connected to the ISP . If a Connected by (x) where (x) is yo ur connection method is not shown, your ro uter has not successfully obtained an IP address from your ISP . If an IP address cannot be obtained: 1. T u rn off the power to yo ur cable or DSL modem. 2. T urn off the power to your BiGuard 3[...]
-
Страница 147
147 If an IP address can be obtained, but yo ur PC cannot load an y web pages from the Internet: - Y our PC may not recognize DNS s erver addresses. Confi gure your PC manually with DNS addresses. - Y our PC may not hav e the router correctly confi gured as its T CP/IP ga teway . 5.5 Problems with Date and Time If the date and time is not being dis[...]
-
Страница 148
148 Appendix A: Product Specifications Availability and Resilience - Dual- W AN ports - Load balancing for increased bandwi dth o f inbound and outbound tr affic - Automatic failo ver to redirect the pa cket whe n one broadband conne ction is broken. It will k eep your Internet connectio n alwa ys online whenever one connection should fail. Virtual[...]
-
Страница 149
149 Firewall - Stateful P acket Inspe ction (SPI) and Denial of Service ( DoS) prevention - Pack et filter un- permitted inbound (W AN)/I nbound (LAN) Internet access by IP addre ss, port number and packet type - Email alert and logs of attack - MAC Address Filterin g - Intrusion detecti on Content Filtering - URL Filter settings prevent user acce [...]
-
Страница 150
150 Physical Interface Ethernet W AN 2 ports (10/100 Base- T), support Auto- Crossover (MDI/MDIX) Ethernet LAN 8 ports (10/100 Base- T) swit ch support Auto- Crossover (MDI/MDIX) Physical Specifications Dimensions: 18.98" x 6.54" x 1 .77" (482mm x 166 mm x 45mm, with Br acket) 9.84" x 6.54" x 1.38" (250mm x 166 mm x 35[...]
-
Страница 151
151 Appendix B: Customer Support Most problems can be solved by referring to the T roubleshooting section in the User’s Manual. If you cannot resolve the problem w ith the T roubleshootin g chapter , please contact the dealer wher e yo u purchased this prod uct. Contact Billion Wo r l d w i d e http://www.billion.com/[...]
-
Страница 152
152 Appendix C: FCC Interference Statement This device complies with Part 15 of FCC rules. Operation is subject to the follow ing two condition s: - This device may not c ause harmful interference. - This device must accept any interference received, includin g interference th at may cause undesired oper ations. This equipment has been tested and f[...]
-
Страница 153
153 Appendix D: Network, Routing, and Firewall Basics D.1 Network Basics D.1.1 IP Addresses With the number of T CP/IP networks interconne cted across the globe, ensuring that transmitted data reaches the corre ct dest ination requires each computer on the Internet has a unique ident ifier . T his iden tifier is known as the IP address. The Interne[...]
-
Страница 154
154 back slash (/). F or example, a typica l Class C address could be written as 192.168.234.245/24, which means th at the net mask is 24 ones followed by 8 zeros. (11111111 11111111 11111111 00000000). D.1.1.2 Subnet Addressing Subnet addressing enables t he split of one IP network address into mu ltiple physical networks. These smaller networks a[...]
-
Страница 155
155 from these r anges. D.1.2 Network Address Translation (NAT) T raditionally , mult iple PCs that needed simult aneous Intern et access also required a range of IP addresses from the Internet Se rvice Provider (ISP). Not on ly was this method very costly , but t he number of available IP addresses for PCs is limited. Instead, BiGuard 30 uses a ty[...]
-
Страница 156
156 D.2 Router Basics D.2.1 What is a Router? A router is a device that forw ards da ta packets along netwo rks. A router is connected to at least two net works. Usua lly , th is is a LAN and a WAN that is connected to an ISP network. R outers ar e located at gateways, the places where two or more networks connect. R outers use headers and forwardi[...]
-
Страница 157
157 D.3 Firewall Basics D.3.1 What is a Firewall? Firewalls prevent un authoriz ed Internet users from accessing private networks connected to the Internet. All messages entering or leaving the int ranet pass through the fi rewall, whi ch examines each message and blocks those that do not meet the specified security criteria. With the functionality[...]
-
Страница 158
158 D.3.2 Why Use a Firewall? With a LAN connected to the Internet throug h a router , there is a chance for hackers to access or disrupt your networ k. A simp le NA T router provides a basic level of protection by sh ielding your network from the out side Internet . Still, there are ways for more dedicated hackers to ei ther obtain informati on ab[...]
-
Страница 159
159 Appendix E: Virtual Private Networking E.1 What is a VPN? A Virtual Private Network (VPN ) is a shared network where private data is segmented from other tr affic so that only the intended recipi ent has a ccess. It allows organizations to securely tr ansm it data over a publ ic medium like the Internet. VPNs utilize tunnels , which allow data [...]
-
Страница 160
160 data authentication, inte grity , and confidentialit y as data is tr ansferred across IP networks. IPSec provides data security at the IP packet level, and protects against possible security risks by pr otecting data. IPSec is widely used to esta blish VPNs. There are three major functions of IPSec: - Confidentiali ty: Conce als data through e [...]
-
Страница 161
161 E.2.1.2 Encapsulating Security Payload (ESP) Encapsulating Security P ayload (ESP) pro vid es privacy for data through encryption. An encryption algorithm combi nes the data with a k ey to encrypt it. It then repackages the data using a speci al format, and tr ansmits it to the desti nation. The receiver then decrypts the data usi ng the same a[...]
-
Страница 162
162 E.2.1.3 Security Associations (SA) Security Associations are a on e-way relationships between sender and receiver th at specify IPSec-related parameters. They provide data protection by using the defined IPSec protocols, and allow organizati ons to control according to the security policy in effect, wh ich resour ces may communicate securely . [...]
-
Страница 163
163 T ransport Mode - This mode is used to provide data se cu rity between tw o networks. It provides protection for the entire IP packet and is sent by adding an outer IP header corresponding to the two tu nnel end-points. Since tunnel mode hides the original IP header , it provides security of the ne tworks with private I P address space. E.2.3 T[...]
-
Страница 164
164 E.2.4 Tunnel Mode ESP Here is an example of a packet with ESP applied: E.2.5 Internet Key Exchange (IKE) Before either AH or ESP can be used, it is necessary for the two communication devices to exchange a secret key that the security prot ocols themselves will use. T o do this, IPSec uses Internet K ey Exchange (IKE) as a primary support proto[...]
-
Страница 165
165 encryption, and is more vulnerable to Denial of Service attack s. Phase II, known as Quick M ode, establishes symmetrical IPSec Security Associations for both AH and ESP . It do es this by negotiating IPSec parameters, exchange nonces to derive session k eys from the IKE shared secret, ex change DH values to generate a new key , and identify wh[...]
-
Страница 166
166 Appendix F: IPSec Logs and Events F.1 IPSec Log Event Categories There are three major categories of IPSe c Log Events for y our BiGuard 30. These include: 1. IKE Negotiate P acket Messages 2. Rejected IKE Messages 3. IKE Negotiated Status Messages The table in the follow ing section lists th e different events of each category , and provides a[...]
-
Страница 167
167 Send Main mode second response message of ISAKMP Sending the main mode second response message. Done to exchange key values. Received Main mode second response message of ISAKMP Received the main mode second response message. Done to exchange key values. Send Main mode third message of ISAKMP Sending the third message of main mode. Done for aut[...]
-
Страница 168
168 Received Quick mode first response message Received the first response message of quick mode (Phase II). Done to exchange proposal and key values (IPSec). Send Quick mode second message Sending the second message of quick mode (Phase II). Received Quick mode second message Received the second message of quick mode (Phase II). ISAKMP IKE Packet [...]
-
Страница 169
169 Received Delete SA payload: Deleting ISAKMP State ( integer ) (Main/Aggressive) mode peer ID is (identifier string) ISAKMP SA Established IPsec SA Established[...]
-
Страница 170
170 Appendix G: Bandwidth Management with QoS G.1 Overview In a home or office envi ronment, users cons tantly ha ve to transmi t data to and from the Internet. When too many are accessing the Internet at the same time, service can slow to a crawl, causing service interruption s and general frustration. Quality of Service (QoS) is one of the wa ys [...]
-
Страница 171
171 -Prioritizat ion: Assigns diff erent priority levels for diff erent applications, prioritizing traffic. Hi gh, Normal an d Low priority setting s. -Outbound and Inbound IP Throttling: Cont rols network tr affic and allows you to limit the speed of each application. -DiffServ T echnology: Manages priority queues and DSCP tagging through the Inte[...]
-
Страница 172
172 Application Data Ratio (%) Priority On-line games 30% High Skype 5% High Email 10% High FTP 20% Upload (High), Download (Normal) Other 35% G.4.2 Office Users QoS is also ideal for small businesses u sin g an office server as a web server . With QoS control, web pages served to y our customers can be given top priority and delivered first so tha[...]
-
Страница 173
173 Appendix H: Router Setup Examples H.1 Outbound Fa il Over Step 1: Go to Configur ation > WAN > ISP Settings . Select WAN1 and WAN2 and click Edit . Step 2: Configure WAN1 and WAN2 according to the information given by your ISP .[...]
-
Страница 174
174 Step 3: Go to Configur ation > Dual W AN > Gener al Settings. Select t he Fail Over radio butto n. Under Connectivity Decision , input the num ber of times BiGuard 30 should probe the WAN before deciding that the ISP is in service or not (3 by default). Next, input the dur ation of the probe cycl e (30 sec. by default) a nd choose the w a[...]
-
Страница 175
175 Please ensure the W AN ports are functioning by performing a ping oper ation on each before proceeding. Finally , choose whethe r or not BiGuard 30 should fail back to WAN 1 . Step 4: Click Save Config to save all changes to flash memory . H.2 Outbound Load Balancing With Outbound Load Balanci ng, you can impro ve upload p erformance by optimiz[...]
-
Страница 176
176 Step 2: Configure your WAN2 ISP settings and click Apply . Step 3: Go to Configuration > Dual WAN > Gener al Settings . Select the Load Balance radio button.[...]
-
Страница 177
177 Step 4: Go to Configur ation > Dual WAN > Outbound Load Balance . Choose the Load Balance mechanism you want and click Apply . Step 5: Complete. T o check tr affic stati stics, go to Status > Tr affic Stati s tics . Step 6: Click Save Config to save all changes to flash memory .[...]
-
Страница 178
178 H.3 Inbound Fail Over Configurin g your BiGuard 30 for Inbound Fail Over is a great way to ensure a more reliable connection for i ncoming requ ests. T o do so, follow these steps: NO TE: Before you begin, ensure that both W AN1 and W AN2 have been properly configured. See Chapter 4: Router Configuration for more details. Step 1: From the W eb [...]
-
Страница 179
179 Step 2: Configure F ail Over options if necessary . Step 3: Go to Configuration > Adva nced > Dynamic DNS . Set the WAN1 DDNS settings.[...]
-
Страница 180
180 Step 4: From the same menu, set the WAN2 DDNS settings. Step 5: Click Save Config to save all changes to flash memory .[...]
-
Страница 181
181 H.4 DNS Inbound Fail Over NO TE: Before proceeding, please ensure that both W AN1 and W AN2 are properly configured according to the sett ings provided by your ISP . If not, please refer to Chapter 4.2.2. 1 ISP Settings for details on h ow to configure your WAN ports. Step 1: Go to Configur ation > Dual WAN > General Settings . Select the[...]
-
Страница 182
182 Enable radio button an d configure DNS Server 1 by clicking Edit . Step 3: Input DNS Server 1 se ttings and click Ap ply . Step 4: Configure your Host URL Ma pping for DNS Server 1 by clicking Edit to enter the Host URL Mappings List. Click Create and input the settings for Host URL Mappings and click New .[...]
-
Страница 183
183 Step 5: Click Save Config to save all changes to flash memory . H.5 DNS Inbound Load Balancing Step 1: Go to Configuration > Dual WAN > General Settings . Select the Load Built-in DNS 192.168.2. 2 192.168.2. 3 FTP HTTP 200.200.200.1 www .m ydomain.com 200.200.200.1 Authoritative Domain Name Server 100.100.100.1 100.100.100.1 DNS Request D[...]
-
Страница 184
184 Balance radio button. Step 2: Go to Configur ation > Dual WAN > Inbound Load Balance > Server Settings and configur e DNS Server 1. Step 3: Go to Configuration > Dual WAN > Inbound Load Balance > Host URL[...]
-
Страница 185
185 Mapping and configur e your FTP mappi ng. Step 4: Next configure your HTTP mapping. Step 5: Click Save Config to save all changes to flash memory .[...]
-
Страница 186
186 H.6 Dynamic DNS Inbound Load Balancing Step 1: Go to Configuration > WAN > Bandwidth Settings. Configure your WA N inbound and outbound bandwidth. www.billion2.dyndns.org Remote Access from Internet www.billion3.dyndns.org www.billion3.dyndns.org www.billion2.dyndns.org 192.168.2.2 192.168.2.3 FTP HTTP[...]
-
Страница 187
187 Step 2: Go to Configuration > Dual WAN > General Settings and enable Load Balance mode. Y ou may then dec ide whether to enable Service Detection or not. Step 3: Go to Configur ation > Dual WA N > Outbound Load Balance . Choose your load balance policy and click Apply to apply your changes. If you selected Based on session mechanism[...]
-
Страница 188
188 Step 4: Go to Configuration > Ad vanced > Dynamic DN S and input the dynamic DNS settings for W AN1 and W AN2. WAN 1 :[...]
-
Страница 189
189 WAN 2: Step 5: Go to Configuration > Virtual Se rver and set up a virtual server for both FTP a n d H T TP .[...]
-
Страница 190
190 Step 6: Click Save Config to save all changes to flash memory . H.7 VPN Configuration This section outlin es some concrete examples on how you can co nfigure BiGuard 30 for your VPN. H.7.1 LAN to LAN [[...]
-
Страница 191
191 Branch Office Head Office Local ID IP Address IP Address Data 69.121.1.30 69.121.1.3 Network Any Local Address Any Local Address IP Address 192.168.0.0 192.168.1.0 Netmask 255.255.255.0 255.255.255.0 Remote Secure Gateway Address(or Hostname) 69.121.1.3 69.121.1.30 ID IP Address IP Address Data 69.121.1.3 69.121.1.30 Network Subnet Subnet IP Ad[...]
-
Страница 192
192 H.7.2 Host to LAN Single client Head Office Local ID IP Address IP Address Data 69.121.1.30 69.121.1.3 Network Any Local Address Any Local Address IP Address 0.0.0.0 192.168.1.0 Netmask 0.0.0.0 255.255.255.0 Remote Secure Gateway Address(or Hostname) 69.121.1.3 69.121.1.30 ID IP Address IP Address Data 69.121.1.3 69.121.1.30[...]
-
Страница 193
193 Network Subnet Single Address IP Address 192.168.1.0 69.121.1.30 Netmask 255.255.255.0 255.255.255.255 Proposal IKE Pre-shared Key 12345678 12345678 Security Algorithm Main Mode; ESP: MD5 3DES PFS Main ESP MD5 3DES PFS H.8 IP Sec Fail Over (Gateway to Gateway) Before Fail Over After Fail Over 192.168.2.x 192.168.2.x 200.200.200.1 200.200.200.1 [...]
-
Страница 194
194 Step 1: Go to Configuration > Dual WAN > General Settings . Enable F a il Over by selecting the Fail Over radio button. Then, configure your F ail Over policy . Step 2: Go to Configur ation > Advanced > Dy namic DNS and configure your dynamic DNS settings (Both W AN1 and W AN2).[...]
-
Страница 195
195 Step 3: Go to Configur ation > VPN > IPSec > IPSec Policy . Click Create to configure VPN settings. Step 4: Click Save Config to save all changes to flash memory . T o configure BiGuard 10 gateway , refer to the screenshot below .[...]
-
Страница 196
196 H.9 VPN Concentrator Step 1: Go to Configur ation > VPN > IPSec > IPSec Policy and confi gure the link from BiGuard 30 to BiGuard 10 Br anch A. 100.100.100. 1 200.200.200. 1 192.168.2.x 192.168.3.x 201.201.201. 1 192.168.4.x Local ID T ype: Subnet Local subnet: 0. 0. 0.0 Local mask: 0. 0.0.0 Remote ID T ype: Subn et Remote subnet : 192[...]
-
Страница 197
197 Step 2: Go to Configur ation > VPN > IPSec > IPSec Policy and confi gure the link from BiGuard 30 to BiGuard 10 Br anch B. Step 3: Go to Configur ation > VPN > IPSec > IPSec Policy and confi gure the connection from BiGuard 10 Branch A to BiGuard 30.[...]
-
Страница 198
198 Step 4: Go to Configur ation > VPN > IPSec > IPSec Policy and confi gure the connection from BiGuard 10 Branch B to BiGuard 30. Step 5: Click Save Config to save all changes to flash memory . H.10 Protocol Binding Step 1: Go to Configuration > Dual WAN > General Settings. Select the Load Balancing radio butto n.[...]
-
Страница 199
199 Step 2: Go to Configur ation > Dual WA N > Protocol Binding and configure settings for WA N1. Step 3: Go to Configur ation > Dual WA N > Protocol Binding and configure settings for WA N2. Step 4: Click Save Config to save all changes to flash memory .[...]
-
Страница 200
200 H.11 Intrusion Detection Intrusion Detection on Internet Internet Detected! Dropped BiGuard Safe!! Server Safe!! Hacker DoS Attack DoS Attack Hacker Hacker DoS Attack DoS Attack Step 1: Go to Configur ation > Firewall > Intrusion Detection and Enable th e settings. Step 2: Click Apply and then Save Config to sa ve all changes to flash mem[...]
-
Страница 201
201 Step1: Go to Configuration > VP N > PPTP and Enable the PPTP f unction, Click Apply . Step2: Click Create to create a PPTP Account. Step3: Click Apply , you can see the account is successfully created.[...]
-
Страница 202
202 Step4: Click Save Config to save all changes to flash me mory . Step5: In Windows XP , go Start > Settings > Network Connections .[...]
-
Страница 203
203 Step6: In Netwo rk T asks , Click Create a new connection , and press Next. Step7: Select Connect to the net work at my workplac e and press Next .[...]
-
Страница 204
204 Step8: Select Virtual Private Netw ork connection and press Next . Step9: Input the user-defined na m e for this connection and press Next .[...]
-
Страница 205
205 Step10: Input PPTP Server Address and press Next . Step11: Please press Finish .[...]
-
Страница 206
206 Step12: Double cl ick the connection, a nd input Username and Passwor d that defined in BiGuard PPTP Account Settings . PS. Y ou can also refer the Properties > Security page as below , by default.[...]
-
Страница 207
207 H.13 PPTP Remote Access by BiGuard Internet Internet Internet Internet 100. 10 0.10 0.1 Headquarter BiGuard &PPTP S erver PPTP Tunnel Branch Office 200.200.200.1 BiGuard &PPTP Client Local s ubnet: 192.168.30.0 Local mask : 255.255.255.0 Step1: Go to Configuration > VP N > PPTP and Enable the PPTP function, Dis able the Encryption[...]
-
Страница 208
208 Step2: Click Create to create a PPTP Account. Step3: Click Apply , you can see the account is successfully created. Step4: Click Save Config to save all changes to flash me mory .[...]
-
Страница 209
209 Step5: In another BiGuard as Client, Go to Configur ation > WAN > ISP Settings . Step6: Click Apply , and Save CONFIG .[...]