1. Manuals
  2. Brands
  3. Planet Manuals
  4. Network Router
  5. CS-5800
  6. User manual

Planet CS-5800 User Manual

Gigabit content security router
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Gigabit Content Security Router User's Manual
User's Manual
CS-5800
Gigabit Content Security Router

Advertisement

Table of Contents
loading

Related Manuals for Planet CS-5800

Summary of Contents for Planet CS-5800

  • Page 1 Gigabit Content Security Router User’s Manual User’s Manual CS-5800 Gigabit Content Security Router...

  • Page 2: Ce Mark Warning

    Gigabit Content Security Router User’s Manual Copyright Copyright© 2012 by PLANET Technology Corp. All rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language or computer language, in any form or by any means, electronic, mechanical, magnetic, optical, chemical, manual or otherwise, without the prior written permission of PLANET.

  • Page 3: Fcc Caution

    Any error messages that displayed when the problem occurred ♦ Any software running when the problem occurred ♦ Steps you took to resolve the problem on your own Revision User’s Manual for PLANET Gigabit Content Security Router Model: CS-5800 Rev: 1.0 (July, 2012)

  • Page 4: Table Of Contents

    Gigabit Content Security Router User’s Manual Table of Contents CHAPTER 1: INTRODUCTION ........................1 1.1 F EATURES ................................1 1.2 P ACKAGE ONTENTS .............................. 2 1.3 P HYSICAL PECIFICATION ............................2 1.4 S PECIFICATION ................................ 4 CHAPTER 2: INSTALLATION PROCEDURE ....................6 2.1 S YSTEMATIC ETTING...
  • Page 5 Gigabit Content Security Router User’s Manual 6.2.1 Load Balance Mode ........................... 40 6.2.2 Network Detection Service........................47 6.2.3 Protocol Binding............................49 CHAPTER 7: PORT MANAGEMENT......................59 7.1 S ETUP ..................................59 7.2 P TATUS ................................ 61 7.3 IP/ DHCP................................62 7.3.1 IPv4................................
  • Page 6 Gigabit Content Security Router User’s Manual 10.7 I NBOUND ALANCE ..........................110 CHAPTER 11: SYSTEM TOOL........................117 11.1 D IAGNOSTIC ............................... 117 11.2 F IRMWARE PGRADE ............................118 11.3 C ONFIGURATION ACKUP ..........................119 11.4 SNMP ................................121 11.5 S YSTEM ECOVER ............................

  • Page 7: Chapter 1: Introduction

    As Internet becomes essential for your business, the only way to prevent your Internet connection from failure is to have more than one connection. PLANET’s Gigabit Content Security Router, CS-5800, reduces the risks of potential shutdown if one of the Internet connections fails. Moreover, it allows you to perform load-balancing by distributing the traffic through three or four WAN connections.

  • Page 8: Package Contents

    1.2 Package Contents The following items should be included: CS-5800 x 1 Power Cord x 1 Quick Installation Guide x 1 User’s Manual CD x 1...
  • Page 9 Gigabit Content Security Router User’s Manual LED definition Color Status Description Green Steady Power On Power Off Steady on System is crashed. Amber Blinking System is on self-test after power on the device. DIAG System is ready. Steady on Port has been connected & Get IP WAN/ DMZ: Green Blinking...

  • Page 10: Specification

    Gigabit Content Security Router User’s Manual 1.4 Specification Product Gigabit Content Security Router Model CS-5800 Hardware 8x 10/100/1000 Mbps RJ-45 Ethernet 4~5 x 10/100/1000 Mbps RJ-45, configurable with WAN 5 (WAN 5 / DMZ) 1 x 10/100/1000 Mbps RJ-45 Reset...
  • Page 11 Gigabit Content Security Router User’s Manual Firmware upgrade through Web browser VPN Pass through IPSec, PPTP ,L2TP Pass through - 5 -...

  • Page 12: Chapter 2: Installation Procedure

    Gigabit Content Security Router User’s Manual Chapter 2: Installation Procedure In this chapter we are going to introduce hardware installation. Through the understanding of multi-WAN setting process, users can easily setup and manage the network, making security router functioning and having best performance.

  • Page 13: Setting Flow Chart

    Gigabit Content Security Router User’s Manual 2.2 Setting Flow Chart Below is the description for each setting process, and the correspondent contents and purposes. Setting Content Purpose Hardware installation User’s demand. Install Security router hardware based on user physical requirements. Login Login the device with Login Security router web-based UI.
  • Page 14 Gigabit Content Security Router User’s Manual window. We will follow the process flow to complete the network setting in the following chapters. - 8 -...

  • Page 15: Chapter 3: Hardware Installation

    Gigabit Content Security Router User’s Manual Chapter 3: Hardware Installation In this chapter we are going to introduce hardware interface as well as physical installation. 3.1 Installing the Device on a Standard 19” Rack We suggest to either place the device on a desk or install it in a rack with attached brackets. Do not place other heavy objects together with the device on a rack.

  • Page 16: Security Router Network Connection

    Gigabit Content Security Router User’s Manual 3.2 Security router Network Connection The device has 4 WAN ports and a hardware DMZ port; therefore, users can connect the device to the Internet, and configure a connection to a Public IP server at the same time. WAN connection:A WAN port can be connected with xDSL Modem, Fiber Modem, Switching Hub, or through an external router to connect to the Internet.
  • Page 17 Gigabit Content Security Router User’s Manual DMZ : The DMZ port can be connected to servers that have legal IP addresses, such as Web servers, mail servers, etc. - 11 -...

  • Page 18: Chapter 4: Login Security Router

    Gigabit Content Security Router User’s Manual Chapter 4: Login Security router This chapter is mainly introducing Web-based UI after connecting Security router. First, check up Security router IP address by connecting to DOS through the LAN PC under Security router. Go to Start →...
  • Page 19 Gigabit Content Security Router User’s Manual Security router default username and password are both “admin”. Users can change the login password in the setting later. For security, we strongly suggest that users must change password after login. Please keep the password safe, or you cannot login to Security router.

  • Page 20: Chapter 5: System Status

    Gigabit Content Security Router User’s Manual Chapter 5: System Status This chapter introduces the device specification and status after login as well as change password and system time settings for security. 5.1 Home Page In the Home page, all Security router parameters and status are listed for users’ reference. 5.1.1 WAN Status Item Description...
  • Page 21 Gigabit Content Security Router User’s Manual “Off”. Indicates how many QoS rules are set. Quality of Service When “Obtain an IP automatically” is selected, two buttons (Release and Manual Connect Renew) will appear. If a WAN connection, such as PPPoE or PPTP, is selected, “Disconnect”...

  • Page 22: Physical Port Status

    Gigabit Content Security Router User’s Manual 5.1.2 Physical Port Status The status of all system ports, including each connected and enabled port, will be shown on this Home page (see above table). Click the respective status button and a separate window will appeare to show detailed data (including setting status summary and statisitcs) of the selected port.

  • Page 23: System Information

    Gigabit Content Security Router User’s Manual 5.1.3 System Information Item Description Identifies the current device IP address and subnet mask. The default is LAN IP Address/ Subnet 192.168.1.1 and 255.255.255.0 Mask Identifies the current device IPv6 address and prefix length. The default is IPv6 Address/Prefix fc00::1/7 Length...

  • Page 24: Log Setting Status

    Gigabit Content Security Router User’s Manual configuration is “On”. Inspection) Indicates if DoS attack prevention is activated.The default configuration is “On”. DoS (Denial of Service) Indicates that denying the connection from Internet is activated. The default Block WAN Request configuration is “On”. Indicates that preventing Arp virus attack is acitvated.

  • Page 25: Network Time

    Gigabit Content Security Router User’s Manual Item Description The default is “admin”. User Name Input the original password.(The default is “admin”.) Password Input the new user name. e.x. Planet New User Name Input the new password. New Password Input the new password again for verification. Confirm New Password Click “Apply”...
  • Page 26 Gigabit Content Security Router User’s Manual Item Description Select your location from the pull-down time zone list to show correct local time. Time Zone If there is Daylight Saving Time in your area, input the date range. The device Daylight Saving will adjust the time for the Daylight Saving period automatically.

  • Page 27: Chapter 6: Network

    Gigabit Content Security Router User’s Manual Chapter 6: Network This Network page contains the basic settings. For most users, completing this general setting is enough for connecting with the Internet. However, some users need advanced information from their ISP. Please refer to the following descriptions for specific configurations.

  • Page 28: Ipv4 Only

    Gigabit Content Security Router User’s Manual 6.1.3.1 IPv4 Only This is configuration information for CS-5800 current LAN IP address. The default configuration is 192.168.1.1 and the default Subnet Mask is 255.255.255.0. It can be changed according to the actual network structure.

  • Page 29: Dual-Stack Ip (Ipv4 And Ipv6)

    Gigabit Content Security Router User’s Manual This function enables users to input IP segments that differ from the router network segment to the multi-net segment configuration; the Internet will then be directly accessible. In other words, if there are already different IP segment groups in the Intranet, the Internet is still accessible without making any changes to internal PCs.
  • Page 30 Gigabit Content Security Router User’s Manual Click “Unified IP Management” to enter the configuration page, as shown in the following figure. Input the respective IP addresses and subnet masks. To configure global IPv6 prefixes for your LAN devices, go to the WAN Setting, click the IPv6 tab, and click Edit for the WAN interface.

  • Page 31: Wan & Dmz Settings

    Gigabit Content Security Router User’s Manual 6.1.4 WAN & DMZ Settings 6.1.4.1 IPv4 Only WAN Setting Item Description An indication of which port is connected. Interface Obtain an IP automatically, Static IP connection, PPPoE (Point-to-Point Connection Type Protocol over Ethernet), PPTP (Point-to-Point Tunneling Protocol) or Transparent Bridge.
  • Page 32 Gigabit Content Security Router User’s Manual Item Description Select a user-defined DNS server IP address. Use the following DNS Server Addresses: Input the DNS IP address set by ISP. At least one IP group should be input. DNS Server: The maximum acceptable groups are two IP groups. The WAN disconnection schedule will be activated by checking this option.
  • Page 33 Gigabit Content Security Router User’s Manual Item Description Input the available static IP address issued by ISP. WAN IP address Input the subnet mask of the static IP address issued by ISP, such as: Subnet Mask Issued eight static IP addresses: 255.255.255.248 Issued 16 static IP addresses: 255.255.255.240 Input the default gateway issued by ISP.
  • Page 34 Gigabit Content Security Router User’s Manual Input the time rule for the disconnection of this WAN service. Line-Dropped Period Input how long the WAN service may be disconnected before the newly added Line-Dropped connections should go through another WAN to connect with the Internet. Scheduling Select another WAN port as link backup when port binding is configured.
  • Page 35 Gigabit Content Security Router User’s Manual Item Description Input the user name issued by ISP. User Name Input the password issued by ISP. Password This function enables the auto-dialing function to be used in a PPPoE dial Connect on Demand connection.
  • Page 36 Gigabit Content Security Router User’s Manual After the changes are completed, click “Apply” to save the configuration, or click “Cancel" to leave without making any change. PPTP This option is for the PPTP time counting system. Input the user’s connection name and password issued by ISP, and use the built-in PPTP software to connect with the Internet.
  • Page 37 Gigabit Content Security Router User’s Manual Input the password issued by ISP. Password This function enables the auto-dialing function to be used for a PPTP dial Connect on Demand connection. When the client port attempts to connect with the Internet, the device will automatically connect with the default ISP auto dial connection;...
  • Page 38 Gigabit Content Security Router User’s Manual Transparent Bridge If all Intranet IP addresses are applied as Internet IP addresses, and users don’t want to substitute private network IP addresses for all Intranet IP addresses (ex. 192.168.1.X), this function will enable users to integrate existing networks without changing the original structure.
  • Page 39 Gigabit Content Security Router User’s Manual Input the DNS IP address set by ISP. At least one IP group should be input. DNS Server The maximum acceptable is two IP groups. Input the available IP range issued by ISP. If ISP issued two discontinuous IP Internal LAN IP Range address ranges, users can input them into Internal LAN IP Range 1 and Internal LAN IP Range 2 respectively.
  • Page 40 Gigabit Content Security Router User’s Manual Router Plus NAT Mode: When you apply a public IP address as your default gateway, you can setup this public IP address into a LAN PC, and this PC can use this public IP address to reach the Internet. Others PCs can use NAT mode to reach the Internet.
  • Page 41 Gigabit Content Security Router User’s Manual Enter the WAN default gateway, which provided by your ISP. WAN default gateway Enter the DNS server IP address, you must have to enter a DNS server IP DNS Servers address, maximum two DNS servers IP addresses available.. Enter one of IP addresses that provide by the ISP as your default gateway.

  • Page 42: Dual-Stack Ip (Ipv4 And Ipv6)

    Gigabit Content Security Router User’s Manual 6.1.4.2 Dual-Stack IP (IPv4 and IPv6) rs have to enable Dual-Stack IP in the IP mode section in advance to configure the WAN with IPv6 addressing. Obtain an Automatic IP automatically: s mode is often used in the connection mode to obtain an automatic DHCP IP. This is the device system default connection mode.
  • Page 43 Gigabit Content Security Router User’s Manual Static IP: If an ISP issues a static IP (such as one IP or eight IP addresses, etc.), please select this connection mode and follow the steps below to input the IP numbers issued by an ISP into the relevant boxes. Item Description Input the available static IP address issued by ISP.
  • Page 44 Gigabit Content Security Router User’s Manual DMZ Setting For some network environments, an independent Configurable DMZ port may be required to set up externally connected servers such as WEB and Mail servers. Therefore, the device supports a set of independent Configurable DMZ ports for users to set up connections for servers with real IP addresses.
  • Page 45 Gigabit Content Security Router User’s Manual Range DMZ and WAN are within same Subnet Item Description Select a WAN Port witch is the same subnet with DMZ Interface Input the IP range located at the DMZ port. IP Range for DMZ port After the changes are completed, click “Apply”...

  • Page 46: Multi- Wan Setting

    Gigabit Content Security Router User’s Manual 6.2 Multi- WAN Setting 6.2.1 Load Balance Mode Auto Load Balance Mode When Auto Load Balance mode is selected, the device will use sessions or IP and the WAN bandwidth automatically allocate connections to achieve load balancing for external connections. The network bandwidth is set by what users input for it.
  • Page 47 Gigabit Content Security Router User’s Manual Please refer to the explanations in 6.2.3 Configuring Protocol Binding for setting up Protocol Binding and for examples of collocating router modes with Protocol Binding. Unbinding WAN Balance Mode This mode enables users to assign specific intranet IP addresses, destination application service ports or destination IP addresses to go through an assigned WAN for external connection.
  • Page 48 Gigabit Content Security Router User’s Manual for Netcom and Telecom can be divided. Set WAN Grouping If more than one WAN is connected with Netcom, to apply a similar division of traffic policy to these WANs, a combination for the WANs must be made. Click “Set WAN Grouping”; an interactive window as shown in the figure below will be displayed.
  • Page 49 Gigabit Content Security Router User’s Manual Import Strategy A division of traffic policy can be defined by users too. In the “Import Strategy” window, select the WAN or WAN group (ex. WAN 1) to be assigned and click the “Import IP Range” button; the dialogue box for document importation will be displayed accordingly.
  • Page 50 Gigabit Content Security Router User’s Manual China Netcom strategy and self-defined strategy can coexist. However, if a destination IP is assigned by both China Netcom strategy and self-defined strategy, China Netcom strategy will take priority. In other words, traffic to that destination IP will be transmitted through the WAN (or Note WAN group) under China Netcom strategy.
  • Page 51 Gigabit Content Security Router User’s Manual Item Description Indicates that the session will be connected with the same WAN IP when the Destination Auto Binding destination IP is in the same Class B range. For example, there are WAN1-1 200.10.10.1 and WAN2- 200.10.10.2, and two intranet IP addresses. When 192.168.1.100 visits Internet 61.222.81.100 for the first time, the connection is through WAN1- 200.10.10.1.
  • Page 52 Gigabit Content Security Router User’s Manual Not all intranet IP will visit the same Class B range with the same WAN IP. It depends on which WAN the first connection goes to. If the destination IP is in the same Class B range, the Note connection will go through with the same WAN IP based on the first time learning.

  • Page 53: Network Detection Service

    Gigabit Content Security Router User’s Manual When any intranet IP connects with TCP443 port or any destination (0.0.0.0 to 0 represents any destination), it will go through the same WAN IP. As for which WAN will be selected, this follows the first- chosen WAN IP distributed by the original session balance mechanism.
  • Page 54 Gigabit Content Security Router User’s Manual This option is suitable under the condition that one of the WAN connections has failed; the traffic going through this WAN to the destination IP cannot shift to another WAN to reach the destination. For example, if users want the traffic to 10.0.0.1 ~ 10.254.254.254 to go only through WAN1, while WAN2 is not to support these destinations, users should select this option.

  • Page 55: Protocol Binding

    Gigabit Content Security Router User’s Manual In the load balance mode for Assigned Routing, the first WAN port (WAN1) will be saved for the traffic of the IP addresses or the application service ports that are not assigned to other WANs (WAN2, WAN3, and WAN4).
  • Page 56 Gigabit Content Security Router User’s Manual Protocol Binding Users can define specific IP addresses or specific application service ports to go through a user-assigned WAN for external connections. For any other unassigned IP addresses and services, WAN load balancing will still be carried out.
  • Page 57 Gigabit Content Security Router User’s Manual Item Description This is to select the Binding Service Port to be activated. The default (such as Service ALL-TCP&UDP 0~65535, WWW 80~80, FTP 21 to 21, etc.) can be selected from the pull-down option list. The default Service is All 0~65535. Option List for Service Management: Click the button to enter the Service Port configuration page to add or remove default Service Ports on the option list.
  • Page 58 Gigabit Content Security Router User’s Manual be restricted to a specific WAN. If only specific Service Ports need to be designated, while a specific IP destination assignment is not required, input “0” into the IP boxes. Select the WAN for which users want to set up the binding rule. Interface To activate the rule.
  • Page 59 Gigabit Content Security Router User’s Manual Show Table Click the “Show Table” button. A dialogue box as shown in the following figure will be displayed. Users can choose to sort the list by priorities or by interface. Click “Refresh” and the page will be refreshed; click “Close” and the dialogue box will be closed.
  • Page 60 Gigabit Content Security Router User’s Manual up to 100 services into the list. To remove the selected activated Services. Delete selected service Click the “Apply” button to save the modification. Apply Click the “Cancel” button to cancel the modification. This only works before Cancel “Apply”...
  • Page 61 Gigabit Content Security Router User’s Manual Example 2:How do I set up Auto Load Balance Mode to keep Intranet IP 192.168.1.150 ~ 200 from going through WAN2 when the destination port is Port 80? As in the figure below, select “HTTP [TCP/80~80]” from the pull-down option list “Service”, and then in the boxes for “Source IP”...
  • Page 62 Gigabit Content Security Router User’s Manual include all Internet IP addresses). Select WAN1 from the pull-down option list “Interface”, and then click “Enable”. Finally, click “Add New” and the rule will be added to the mode. The device will transmit packets that are not going to Port 80 to the Internet through WAN1.
  • Page 63 Gigabit Content Security Router User’s Manual Select WAN2 from the pull-down option list “Interface”, and then click “Enable”. Finally, click “Add New” and the rule will be added to the mode. After the rule is set up, only packets that go to Port 80 will be transmitted through WAN2, while other traffics will be transmitted through WAN1.
  • Page 64 Gigabit Content Security Router User’s Manual - 58 -...

  • Page 65: Chapter 7: Port Management

    Gigabit Content Security Router User’s Manual Chapter 7: Port Management This chapter introduces how to configure ports and understand how to configure intranet IP addresses. 7.1 Setup Through the device, users can easily manage the setup for WAN ports, LAN ports and the DMZ port by choosing the number of ports, speed, priority, and duplex and enable/disable the auto-negotiation feature for connection setting of each port.
  • Page 66 Gigabit Content Security Router User’s Manual administrators. This feature allows administrators to set the LAN port to be one or more VLAN disconnected network sessions. All of them will be able to log on to the Internet through the device. Members in the same network session (within the same VLAN) can see and communicate with each other.

  • Page 67: Port Status

    Gigabit Content Security Router User’s Manual 7.2 Port Status Summary There are Network Connection Type, Interface, Link Status (Up/Down), Port Activity (Port Enabled), Priority Setting (High or Normal), Speed Status (10Mbps, 100Mbps or 1000Mbps), Duplex Status (half duplex or full duplex), Auto Neg.

  • Page 68: Ip/ Dhcp

    Gigabit Content Security Router User’s Manual 7.3 IP/ DHCP With an embedded DHCP server, it supports automatic IP assignation for LAN computers. (This function is similar to the DHCP service in NT servers.) It benefits users by freeing them from the inconvenience of recording and configuring IP addresses for each PC respectively.
  • Page 69 Gigabit Content Security Router User’s Manual DHCP Dynamic IP Item Description Check the option to activate the DHCP server automatic IP lease function. If the Enable DHCP Server function is activated, all PCs will be able to acquire IP automatically. Otherwise, users should configure static virtual IP for each PC individually.

  • Page 70: Ipv6

    Cancel DNS Local Database Normally, DNS sever will be directed to ISP DNS server or internal self- defined DNS server. CS-5800 also provides “easy” self-defined DNS services, called “DNS Local Database”, which can map website host domain names and the corresponding IP addresses.
  • Page 71 Gigabit Content Security Router User’s Manual DHCP Dynamic IP: Item Description Check the option to activate the DHCP server automatic IP lease function. If Enable DHCP Server the function is activated, all PCs will be able to acquire IP automatically. Otherwise, users should configure static virtual IP for each PC individually.

  • Page 72: Dhcp Status

    Gigabit Content Security Router User’s Manual 7.4 DHCP Status This is an indication list of the current status and setup record of the DHCP server. The indications are for the administrator’s reference when a network modification is needed. - 66 -...
  • Page 73 Gigabit Content Security Router User’s Manual Item Description This is the current DHCP IP. DHCP Server The amount of dynamic IP leased by DHCP. Dynamic IP Used The amount of static IP assigned by DHCP. Static IP Used The amount of IP still available in the DHCP server. IP Available The total IP which the DHCP server is configured to lease.

  • Page 74: Ip & Mac Binding (Ipv4 Only)

    Gigabit Content Security Router User’s Manual 7.5 IP & MAC Binding (IPv4 Only) Administrators can apply IP & MAC Binding function to make sure that users can not add extra PCs for Internet access or change private IP addresses. There are two methods for setting up this function: Block MAC address on the list with wrong IP address: This method only allows MAC addresses on the list to receive IP addresses from DHCP and have Internet access.
  • Page 75 Gigabit Content Security Router User’s Manual IP & MAC Binding - 69 -...
  • Page 76 Gigabit Content Security Router User’s Manual Item Description There are two ways to input static IP: Static IP: 1. If users want to set up a MAC address to acquire IP from DHCP, but the IP need not be a specific assigned IP, input 0.0.0.0 in the boxes. The boxes cannot be left empty.

  • Page 77: Ip Grouping

    Gigabit Content Security Router User’s Manual 7.6 IP Grouping IP Group function can combine several IP addresses or IP address ranges into several groups. When you manage user internet access privileges by IP address, you can set up every management functions for users who have same internet access privileges in the same IP group in order to decrease the effort of setting rules for each IP address.
  • Page 78 Gigabit Content Security Router User’s Manual You can choose from the IP list on the left side to set up a local IP group. Local Group Set Choose IP Group that you would like to modify. If you would like to add new IP Group groups, please push “Add new group”...
  • Page 79 Gigabit Content Security Router User’s Manual Remote IP Group Management: Basically, Remote IP Group setups are exactly the same as Local IP Group setups. However, remote IP group does not have automatically learning functions. Instead, you need to define addresses, ranges and groups manually.

  • Page 80: Port Group Management

    Gigabit Content Security Router User’s Manual 7.7 Port Group Management Service ports can be grouping as IP grouping. It is convenient to set QoS, firewall access rules, and other functions. Item Description Input the name, protocol, and port range for the specific service port. User edit port Name the Port in order to identify its property.

  • Page 81: Chapter 8: Qos (Quality Of Service)

    Gigabit Content Security Router User’s Manual Chapter 8: QoS (Quality of Service) QoS is an abbreviation for Quality of Service. The main function is to restrict bandwidth usage for some services and IP addresses to save bandwidth or provide priority to specific applications or services, and also to enable other users to share bandwidth, as well as to ensure stable and reliable network transmission.

  • Page 82: The Maximum Bandwidth Provided By Isp

    Gigabit Content Security Router User’s Manual 8.1.1 The Maximum Bandwidth provided by ISP In the boxes for WAN1 and WAN2 bandwidth, input the upstream and downstream bandwidth which users applied for from bandwidth supplier. The bandwidth QoS will make calculations according to the data users input.
  • Page 83 Gigabit Content Security Router User’s Manual IP would be 1024Kbit/50=20Kbit/Sec. Thus, 20Kbit/Sec can be input for “Mini. Rate” Downstream bandwidth can be calculated in the same way. The rules configured in Protocol Binding will be executed by the device according to their priorities too.

  • Page 84: Qos

    Gigabit Content Security Router User’s Manual 8.1.2 QoS To satisfy the bandwidth requirements of certain users, the device enables users to set up QoS with Rate Control method. Rate Control The network administrator can set up bandwidth or usage limitations for each IP or IP range according to the actual bandwidth.
  • Page 85 Gigabit Content Security Router User’s Manual Item Description Select on which WAN the QoS rule should be executed. It can be a single Interface selection or multiple selections. Select what bandwidth control is to be configured in the QoS rule. If the Service Port bandwidth for all services of each IP is to be controlled, select “All (TCP&UDP) 1~65535”.
  • Page 86 Gigabit Content Security Router User’s Manual example, If the rule is set for the IP of each PC, the IP of each PC will have the same bandwidth. If “Share-Bandwidth” is selected, be aware of the actual usage conditions and avoid an improper configuration that might cause a malfunction of the network when the bandwidth is too small.

  • Page 87: Smart Qos

    Gigabit Content Security Router User’s Manual 8.1.3 Smart QoS Item Description Choose to apply QoS function. Enabled QoS Input the required rate value into the column. The default is 60%. When the usage of any WAN’s bandwidth is over___%, Enable Smart Input the max.
  • Page 88 Gigabit Content Security Router User’s Manual Item Description When the usage of certain WAN’s bandwidth is under __%, will When the usage of certain WAN's stop to punish the IP which is over the limit. While the bandwidth bandwidth is under__%, then stop to is over the certain percentage, penalty mechanism will be add new punished IP actived.

  • Page 89: Exception Ip Address

    Gigabit Content Security Router User’s Manual 8.1.4 Exception IP address If some users are allowed to avoid traffic management control, you can use this function to fulfill the requirement. Item Description Select WAN ports. Enter the exempted IP range, or select the exempted IP group. Source IP Select do not control upload, download, or both of them.

  • Page 90: Session Control

    Gigabit Content Security Router User’s Manual 8.2 Session control Session management controls the acceptable maximum simultaneous sessions of Intranet PCs. This function is very useful for managing connection quantity when P2P software such as BT, Thunder, or emule is used in the Intranet causing large numbers of sessions.
  • Page 91 Gigabit Content Security Router User’s Manual lines that this user is connected with will be removed, and the user will not be abl to connect with the Internet for five minutes. New connections cannot be made until the delay time ends. If “Always”...

  • Page 92: Chapter 9 : Firewall

    Gigabit Content Security Router User’s Manual Chapter 9 : Firewall This chapter introduces firewall general policy, access rule, and content filter settings to ensure network security. 9.1 General Policy The firewall is enabled by default. If the firewall is set as disabled, features such as SPI, DoS, and outbound packet responses will be turned off automatically.
  • Page 93 Gigabit Content Security Router User’s Manual may allow the client end to receive this type of packet message format. This Through feature is off by default. This feature is designed to prevent the intranet from being attacked by ARP Prevent ARP Virus spoofing, causing the connection failure of the PC.
  • Page 94 Gigabit Content Security Router User’s Manual Item Description This device provides three types of data packet transmission: TCP-SYN-Flood, Packet Type UDP-Flood and ICMP-Flood. When all packet values from external attack or from single external IP attack WAN Threshold reach the maximum amount (the default is 15000 packets/Sec and 2000 packets/Sec respectively), if these conditions above occurs, the IP will be blocked for 5 minutes ( the default is 5 minutes OBJ 176 ).

  • Page 95: Access Rule

    Gigabit Content Security Router User’s Manual 9.2 Access Rule Users may turn on/off the setting to permit or forbid any packet to access internet. Users may select to set different network access rules: from internal to external or from external to internal. Users may set different packets for IP address and communication port numbers to filter Internet access rules.

  • Page 96: Add New Access Rule

    Gigabit Content Security Router User’s Manual Item Description Define the network access rule item Edit Remove the item. Delete Create a new network access rule Add New Rule Restore all settings to the default values and delete all the self-defined settings. Return to Default Rule 9.2.2 Add New Access Rule Item...
  • Page 97 Gigabit Content Security Router User’s Manual WAN2 or Any). Select from the drop-down menu. Select the source IP range (for example: Any, Single, Range, or preset IP group name). Source IP If Single or Range is selected, please enter a single IP address or an IP address within a session.

  • Page 98: Url Filter

    Gigabit Content Security Router User’s Manual 9.3 URL Filter The device supports two webpage restriction modes: one is to block certain forbidden domains, and the other is to give access to certain web pages. Only one of these two modes can be selected. Block Forbidden Domain Fill in the complete website such as www.sex.com to have it blocked.
  • Page 99 Gigabit Content Security Router User’s Manual Item Description Click to enable the forbidden domains function. Default is Disabled. Forbidden Domains Enabled Input the website to be controlled. For example, www.playboy.com Input the IP or IP ranges not to be controlled. Exception IP Address Click ”Add to list”...
  • Page 100 Gigabit Content Security Router User’s Manual Click “Apply” to save the modified parameters. Apply Click “Cancel” to cancel all the changes made to the parameters. Cancel Accept Allowed Domains In some companies or schools, employees and students are only allowed to access some specific websites. This is the purpose of the function.
  • Page 101 Gigabit Content Security Router User’s Manual Item Description Enter the exempted IP addresses or IP group. Exception IP address/Group Click this button to add exempted IP addresses or IP group. Add to list Click this button to delete selected exempted IP address or IP group. Delete selected range Content Filter Scheduling Select “Always”...

  • Page 102: Chapter 10: Advanced Function

    Gigabit Content Security Router User’s Manual Chapter 10: Advanced Function This chapter will introduce to you the advance router settings In the advance settings, you can: 1. S etup DMZ servers forwarding to WAN, for example, the Web or FTP servers. 2.
  • Page 103 Gigabit Content Security Router User’s Manual directly to the Intranet virtual IP addresses, as follows: If the “DMZ Host” function is selected, to cancel this function, users must input "0” in the following “DMZ Private IP”. This function will then be closed. After the changes are completed, click “Apply” to save the network configuration modification, or click “Cancel"...

  • Page 104: Port Range Forwarding

    Gigabit Content Security Router User’s Manual 10.1.2 Port Range Forwarding Setting up a Port Forwarding Virtual Host: If the server function (which means the server for an external service such as WWW, FTP, Mail, etc) is contained in the network, we recommend that users use the firewall function to set up the host as a virtual host, and then convert the actual IP addresses (the Internet IP addresses) with Port 80 (the service port of WWW is Port 80) to access the internal server directly.

  • Page 105: Service Port Management

    Gigabit Content Security Router User’s Manual Item Description To select from this option the default list of service ports of the virtual host that users Service want to activate. Such as: All (TCP&UDP) 0~65535, 80 (80~80) for WWW, and 21~21 for FTP. Please refer to the list of default service ports.

  • Page 106: Upnp

    Gigabit Content Security Router User’s Manual activate. Add the service to the service list. Add to list To remove the selected services. Delete selected item Click the “Apply” button to save the modification. Apply Click the “Cancel” button to cancel the modification. This only works before “Apply” is Cancel clicked.

  • Page 107: Routing

    Gigabit Content Security Router User’s Manual Add to active service content. Add to List Remove selected services. Delete Selected Item This is a list which displays the current active UPnP functions. Show Table Click “Apply” to save the network configuration modification. Apply 10.3 Routing In this chapter we introduce the Dynamic Routing Information Protocol and Static Routing Information...

  • Page 108: Static Routing

    Gigabit Content Security Router User’s Manual Static Routing will be used. RIP is used when there is more than one router in a network, and if an administrator doesn’t want to assign a path list one by one to all of the routers, RIP can help refresh the paths. RIP is a very simple routing protocol, in which Distance Vector is used.
  • Page 109 Gigabit Content Security Router User’s Manual Item Description Input the remote network IP locations and subnet that is to be routed. For example, the Dest. IP IP/subnet is 192.168.2.0/255.255.255.0. Subnet Mask The default gateway location of the network node which is to be routed. Gateway This is the router layer count for the IP.

  • Page 110: One To One Nat

    Gigabit Content Security Router User’s Manual 10.4 One to One NAT As both the device and ATU-R need only one actual IP, if ISP issued more than one actual IP (such as eight ADSL static IP addresses or more), users can map the remaining real IP addresses to the intranet PC virtual IP addresses.
  • Page 111 Gigabit Content Security Router User’s Manual Item Description To activate or close the One-to-One NAT function. (Check to activate the function). Enabled One to One NAT Input the Private IP address for the Intranet One-to-One NAT function. Private IP Range Begin Input the Public IP address for the Internet One-to-One NAT function.
  • Page 112 Gigabit Content Security Router User’s Manual One-to-One NAT mode will change the firewall working mode. If this function has been set up, the Internet IP server or PC which is mapped with a LAN port will be exposed on the Internet. Attentio To prevent Internet users from actively connecting with the One-on-One NAT server or PC, please set up a proper denial rule for access, as described Firewall.

  • Page 113: Ddns- Dynamic Domain Name Service

    Gigabit Content Security Router User’s Manual range Click “Apply” to save the network configuration modification. Apply Click “Cancel" to leave without making any changes. Cancel 10.5 DDNS- Dynamic Domain Name Service DDNS supports the dynamic web address transfer for 3322.org、DynDNS.org and DtDNS.com. This is for connections to a website that is built with dynamic IP addresses, and for dynamic IP remote control.
  • Page 114 Gigabit Content Security Router User’s Manual Item Description This is an indication of the WAN port the user has selected. Interface Check either of the boxes before DynDNS.org, 3322.org and DtDNS.com to select one DDNS of the four DDNS website address transfer functions. The name which is set up for DDNS.

  • Page 115: Mac Clone

    Gigabit Content Security Router User’s Manual 10.6 MAC Clone Some ISP will request for a fixed MAC address (network card physical address) for distributing IP address, which is mostly suitable for cable mode users. Users can input the network card physical address (MAC address: 00-xx-xx-xx-xx-xx) here.

  • Page 116: Inbound Load Balance

    Gigabit Content Security Router User’s Manual 10.7 Inbound Load Balance -4800 not only supports efficient Outbound Load Balance, but Inbound Load Balance. It distributes inbound traffic equally to every WAN port to make best use of bandwidth. It also can prevent traffic from unequally distribution and congested.
  • Page 117 Gigabit Content Security Router User’s Manual - 111 -...
  • Page 118 Gigabit Content Security Router User’s Manual - 112 -...
  • Page 119 Gigabit Content Security Router User’s Manual 3. Configure SG-4800 Domain Name Item Description Input the Domain Name which is users applied before. The domain name will be shown Domain Name in following configuration automatically without entering again. Time To Live (the abbreviation is TTL) is time interval of DNS inquiring (second, Time To Live 0~65535).
  • Page 120 Gigabit Content Security Router User’s Manual Item Description Input registered NS Record, ex. ns1, ns2. DNS Server Assign WAN IP address as corresponding IP of NS Record. The system will show all Interface acquired enabled WAN IP addresses automatically so that users can check directly. But users have to check if the IP addresses are the same as the corresponding settings on DNS service provider.
  • Page 121 Gigabit Content Security Router User’s Manual corresponding server IP, and the others will be alias of A record domain. If you change your server IP, you don’t have to modify every domain one by one. Just changing A record domain, and the other domains will be assigned to new IP address automatically.
  • Page 122 Gigabit Content Security Router User’s Manual Item Description Check “Allow”. Action From the drop-down menu, select “DNS [UDP/53~53].” Service Port Check “Enable” if DNS Query data should be recorded. Check the WAN port on which Inbound Load Balance is enabled. Interface Select “Any”.

  • Page 123: Chapter 11: System Tool

    Gigabit Content Security Router User’s Manual Chapter 11: System Tool System Tool This chapter introduces the management tool for controlling the device and testing network connection. For security consideration, we strongly suggest to change the password. Password and Time setting is in Chapter 5.2.

  • Page 124: Firmware Upgrade

    Gigabit Content Security Router User’s Manual 11.2 Firmware Upgrade Users may directly upgrade the device firmware on the Firmware Upgrade page. Please confirm all information about the software version in advance. Select and browse the software file, click "Firmware Upgrade Right Now" to complete the upgrade of the designated file. Please read the warning before firmware upgrade.

  • Page 125: Configuration Backup

    Gigabit Content Security Router User’s Manual 11.3 Configuration Backup Import Configuration File This feature allows users to integrate all backup content of parameter settings into the device. Before upgrade, confirm all information about the software version. Select and browse the backup parameter file: "config.exp." Select the file and click "Import"...
  • Page 126 Gigabit Content Security Router User’s Manual Save The Configuration into the Flash Memory Item Description Set how many time to save the Configuration File into Flash Memory. The default time Every_ hours is 24 hours. Save the We recommend don’t un-tick this item, cause if the rule not save to the Configuration flash memory, after reset the router the configuration will be clear.

  • Page 127: Snmp

    Gigabit Content Security Router User’s Manual 11.4 SNMP Simple Network Management Protocol (SNMP) refers to network management communications protocol and it is also an important network management item. Through this SNMP communications protocol, programs with network management (i.e. SNMP Tools-HP Open View) can help communications of real-time management.

  • Page 128: System Recover

    Gigabit Content Security Router User’s Manual 11.5 System Recover Users can restart the device with System Recover button. Restart As the figure below, if clicking “Restart Router” button, the dialog block will pop out, confirming if users would like to restart the device. Return to Factory Default Setting If clicking “Return to Factory Default Setting, the dialog block will pop out, if the device will return to factory default.
  • Page 129 Gigabit Content Security Router User’s Manual Besides general HA, Planet also provides advanced HA function that enables two devices to operate simultaneously. It brings full cost efficiency without making another device idle. It does not have to be the same model. All of Planet devices which support HA can achieve the function. Item Description Enable: Activate HA function.
  • Page 130 Gigabit Content Security Router User’s Manual Following is the description of the two different modes. Item Description Indicates the master device will operate for all outbound links. When the master Operation-Master Mode device fails transmitting, the backup device will take over. “Status- Normal”...
  • Page 131 Gigabit Content Security Router User’s Manual setting of Backup device should be the same as Master device. The Backup device can keep DHCP functioning and there will be no LAN disconnection. Input LAN IP of Master mode, which is backed up. LAN IP of the backup device Input Master device MAC address, which is backed up.
  • Page 132 Gigabit Content Security Router User’s Manual “Status-Normal” means both two devices operate normally. “Status-Backup” Status indicates Slave mode has problems, and the device enables backup to take over Item Description Although working with master device, Backup device’s DHCP server is disabled. Operation-Slave Mode LAN users need to transmit traffic through the WAN on Slave device.

  • Page 133: Chapter 12. Log

    Gigabit Content Security Router User’s Manual Chapter 12. Log From the log management and look up, we can see the relevant operation status, which is convenient for us to facilitate the setup and operation. 12.1 System Log Its system log offers three options: system log, E-mail alert, and log setting. System Log - 127 -...
  • Page 134 Gigabit Content Security Router User’s Manual Item Description If this option is selected, the System Log feature will be enabled. Enabled The device provides external system log servers with log collection feature. Syslog Server System log is an industrial standard communications protocol. It is designed to dynamically capture related system message from the network.
  • Page 135 Gigabit Content Security Router User’s Manual General Log The device provides the following warning message. Click to activate the feature. System error message, blocked regulations, regulation of passage permission, system configuration change and registration verification. Item Description If remote users fail to enter the system because of the access rules; for instance, Deny Policies message will be recorded in the system log.
  • Page 136 Gigabit Content Security Router User’s Manual Incoming Packet Log View system packet log of those entering the firewall. The log includes information about the external source IP addresses, destination IP addresses, and service ports. It is illustrated as below. Clear Log Now This feature clears all the current information on the log.

  • Page 137: System Statistic

    Gigabit Content Security Router User’s Manual 12.2 System Statistic The device has the real-time surveillance management feature that provides system current operation information such as port location, device name, current WAN link status, IP address, MAC address, subnet mask, default gateway, DNS, number of received/ sent/ total packets , number of received/ sent/ total Bytes, Received and Sent Bytes/Sec., total number of error packets received, total number of the packets dropped, number of session, number of the new Session/Sec., and upstream as well as downstream broadband usage (%).

  • Page 138: Traffic Statistic

    12.3 Traffic Statistic Six messages will be displayed on the Traffic Statistic page to provide better traffic management and control. By Inbound IP Address The figure displays the source IP address, bytes per second, and percentage. By outbound IP Address The figure displays the source IP address, bytes per second, and percentage.
  • Page 139 Gigabit Content Security Router User’s Manual By Inbound Service The figure displays the network protocol type, destination IP address, bytes per second, and percentage. By Outbound Session The figure displays the source IP address, network protocol type, source port, destination IP address, destination port, bytes per second and percentage.
  • Page 140 Gigabit Content Security Router User’s Manual destination port, bytes per second and percentage. - 134 -...

  • Page 141: Ip/ Port Statistic

    Gigabit Content Security Router User’s Manual 12.4 IP/ Port Statistic The device allows administrators to inquire a specific IP (or from a specific port) about the addresses that this IP had visited, or the users (source IP) who used this service port. This facilitates the identification of websites that needs authentication but allows a single WAN port rather than Multi-WANs.
  • Page 142 Gigabit Content Security Router User’s Manual Specific Port Status Enter the service port number in the field and IP that are currently used by this port will be displayed. - 136 -...

Table of Contents