Page 1 LevelOne FBR-2000 2-WAN Load Balance Broadband Router User Manual V1.3...
Page 2: Table Of Contents
Table of Contents System ........................1 Admin ........................4 Settings ........................ 8 Entering the Settings window ............... 8 Exporting Multi-Homing Gateway Gateway settings ........9 Date/Time ......................17 ...... 17 Synchronizing the Multi-Homing Gateway with the System Clock Multiple Subnet ....................19 Multiple Subnet settings ................
Page 3 Permitted IPs ..................... 49 Add Permitted IP Address................50 Modify Permitted IP Address ..............51 Remove Permitted IP addresses ..............52 Logout ........................ 53 Interface ........................55 LAN ........................56 Internal Interface ..................57 WAN ........................58 Entering the Interface menu ............... 58 WAN 1/2 Interface ..................
Page 4 Modify an WAN Group ................83 Removing an WAN Group ................84 DMZ ........................85 Service ........................94 Pre-defined ......................95 Entering a Pre-defined window ..............95 Custom ......................96 Entering the Custom window ..............96 Adding a new Service ................. 97 Modifying Custom Services ................
Page 5 Entering the Mapped IP window ............... 120 Adding a new IP Mapping ................. 121 Modifying a Mapped IP ................122 Removing a Mapped IP ................123 Virtual Server ....................124 Adding a Virtual Server ................125 Modifying a Virtual Server IP Address ............127 Removing a Virtual Server ................
Page 6 Enter Incoming window ................239 Adding an Incoming Policy ............... 241 Modifying Incoming Policy ................ 243 Removing an Incoming Policy ..............244 ........................257 Traffic Log ......................258 Entering the Traffic Log window ..............258 Traffic Log Table ..................259 Downloading the Traffic Logs ..............
Page 7 What is Statistics ..................278 How to use Statistics ................278 WAN Statistics ....................279 Entering the Statistics window by Time ............. 280 Policy Statistics ....................282 Entering the Statistics window ..............282 Entering the Policy Statistics ..............283 Status .......................
Page 8: System
System The device FBR-2000 2-WAN Broadband Router Administration and monitoring control is set by the System Administrator. The System Administrator can add or modify System settings and monitoring mode. The sub Administrators can only read System settings but not modify them.
Page 9 Multiple Subnet This function allows local port to set multiple subnet works and connect with the internet through different WAN 1 IP Addresses. Hacker Alert When abnormal conditions occur, the Multi-Homing Gateway will send an e-mail alert to notify the Administrator, and also display warning messages in the Event window of Alarm.
Page 10 Language The software provides English version, German version, Traditional Chinese Version and Simplified Chinese Version for you to choose. Permitted IP Only the authorized IP address is permitted to manage the Multi-Homing Gateway. Logout Administrator logs out the Multi-Homing Gateway. This function protects your system while you are away.
Page 11: Admin
Admin On the left hand menu, click on Setup, and then select Admin below it. The current list of Administrator(s) shows up. Settings of the Administration table Administrator Name: The username of Administrators for the Multi-Homing Gateway. The user admin cannot be removed. Privilege: The privileges of Administrators (Admin or Sub Admin) The username of the main Administrator is Administrator with read / write privilege.
Page 12 Adding a new Sub Administrator Step 1. In the Admin window, click the New Sub Admin button to create a new Sub Administrator. Step 2. In the Add New Sub Administrator window:  Sub Admin Name: enter the username of new Sub Admin. ...
Page 13 Changing the Sub-Administrator’s Password Step 1. In the Admin window, locate the Administrator name you want to edit, and click on Modify in the Configure field. Step 2. The Modify Administrator Password window will appear. Enter in the required information: ...
Page 14 Removing a Sub Administrator Step 1. In the Administration table, locate the Administrator name you want to edit, and click on the Remove option in the Configure field. Step 2. The Remove confirmation pop-up box will appear. Step 3. Click OK to remove that Sub Admin or click Cancel to cancel. - 7 -...
Page 15: Settings
Settings The Administrator may use this function to backup the FBR-2000 2-WAN Broadband Router configurations and export (save) them to an “Administrator” computer or anywhere on the network; or restore a configuration file to the device; or restore the Multi-Homing Gateway back to default factory settings.
Page 16: Exporting Multi-Homing Gateway Gateway Settings
Exporting Multi-Homing Gateway Gateway settings Step 1. Under Multi-Homing Gateway Configuration, click on the Download button next to Export System Settings to Client. Step 2. When the File Download pop-up window appears, choose the destination place in which to save the exported file. The Administrator may choose to rename the file if preferred.
Page 17 Importing Multi-Homing Gateway settings Step 1. Under Multi-Homing Gateway Configuration, click on the Browse button next to Import System Settings. When the Choose File pop-up window appears, select the file to which contains the saved Multi-Homing Gateway Settings, then click OK. Step 2.
Page 18: Restoring Factory Default Settings
Restoring Factory Default Settings Step 1. Select Reset Factory Settings under Multi-Homing Gateway Configuration. Step 2. Click OK at the bottom-right of the screen to restore the factory settings. - 11 -...
Page 19 Enabling E-mail Alert Notification Step 1. Select Enable E-mail Alert Notification under E-Mail Settings. This function will enable the Multi-Homing Gateway to send e-mail alerts to the System Administrator when the network is being attacked by hackers or when emergency conditions occur.
Page 20 Web Management (WAN Interface) (Remote UI management) The administrator can change the port number used by HTTP port anytime. (Remote UI management) Step 1. Set Web Management (WAN Interface). The administrator can change the port number used by HTTP port anytime. - 13 -...
Page 21 MTU (set networking packet length) The administrator can modify the networking packet length. Step 1. MTU Setting. The administrator can modify the networking packet length. - 14 -...
Page 22 To-Multi-Homing Gateway Packets Log Select this option to the device‟s To-Multi-Homing Gateway Packets Log. Once this function is enabled, every packet to this appliance will be recorded for system manager to trace. - 15 -...
Page 23 Multi-Homing Gateway Reboot Select this option to the device‟s Multi-Homing Gateway Reboot. Once this function is enabled, the Multi-Homing Gateway will be reboot. Click Setting in the Administration menu to enter the settings window. Step 1. Reboot Multi-Homing Gateway：Click Reboot. Step 2.
Page 24: Date/Time
Date/Time Synchronizing the Multi-Homing Gateway with the System Clock Admin can configure the FBR-2000 Multi-Homing Gateway date and time by either syncing to an Internet Network Time Server (NTP) or by syncing to your computer clock. Follow these steps to sync to an Internet Time Server Step 1.
Page 25 - 18 -...
Page 26: Multiple Subnet
Multiple Subnet NAT mode Multiple Subnet allows local port to set multiple subnet works and connect with the internet through different WAN 1 IP Addresses. For instance：The lease line of a company applies several real IP Addresses 168.85.88.0/24，and the company is divided into R&D department, service, sales department, procurement department, accounting department，...
Page 27: Multiple Subnet Settings
Multiple Subnet settings Click Multiple Subnet in the System menu to enter Multiple Subnet window. Multiple Subnet  ：Display WAN Port IP Address and WAN Interface IP / Forwarding Mode Forwarding Mode.  Alias IP of Int. Interface / Netmask： Local port IP Address and subnet Mask.
Page 28: Add Multiple Subnet Nat Mode
Add Multiple Subnet NAT Mode. Step 1. Click the Add button below to add Multiple Subnet. Step 2. Enter the IP Address in the website name column of the new window. Alias IP of LAN Interface： Enter Local port IP Address. Netmask：Enter Local port subnet Mask.
Page 29: Modify Multiple Subnet
Modify Multiple Subnet Step 1. Find the IP Address you want to modify and click Modify Step 2. Enter the new IP Address in Modify Multiple Subnet window. Step 3. Click the OK button below to change the setting or click Cancel to discard changes. - 22 -...
Page 30: Delete Multiple Subnet
Delete Multiple Subnet Step 1.Find the IP Address you want to delete and click Delete. Step 2.A confirmation pop-up box will appear, click OK to delete the setting or click Cancel to discard changes. - 23 -...
Page 31 Routing Mode Multiple Subnet allows local port to set Multiple Subnet Routing Mode works and connect with the internet through different WAN IP Addresses. For example, the leased line of a company applies several real IP Addresses 192.168.2.0/24 and the company is divided into R&D, Customer Service, Sales, Procurement, and Accounting Department.
Page 32 Step 1. Click System Configuration on the left side menu bar, then click Multiple Subnet below it. Enter Multiple Subnet window. Step 2. The definition of Multiple Subnet :  Forwarding Mode：Display Forwarding Mode which is NAT Mode or Routing Mode.
Page 33 Adding a Multiple Subnet Routing Mode Step 1. Click the Add button below to add Multiple Subnet. Step 2. Enter the IP Address in Add Multiple Subnet window. Forwarding Mode : Click the Routing button below to setting WAN Interface IP : Add WAN IP. Alias IP of LAN Interface：...
Page 34 Step 4: Adding a new Incoming Policy. In the incoming window, click the New Entry button. - 27 -...
Page 35 Modify a Multiple Subnet Routing Mode Step 1. Find the IP Address you want to modify in Multiple Subnet menu, then click Modify button, on the right side of the service providers, click OK. Step 2. Enter the new IP Address in Modify Multiple Subnet window. Step 3.
Page 36 Removing a Multiple Subnet Routing Mode Step 1. Find the IP Address you want to delete in Multiple Subnet menu, then click Delete button, on the right side of the service providers, click OK. Step 2. A confirmation pop-up box will appear, click OK to delete the setting or click Cancel to discard changes.
Page 37: Hacker Alert
Hacker Alert The Administrator can enable the device‟s auto detect functions in this section. When abnormal conditions occur, the Multi-Homing Gateway will send an e-mail alert to notify the Administrator, and also display warning messages in the Event window of Alarm. Auto Detect functions ...
Page 38 the network/Multi-Homing Gateway. 【SYN Flood Threshold( Per Source IP) Pkts/Sec】: T he System Administrator can enter the maximum number of SYN packets per second from attacking source IP Address that is allow to enter the network/Multi-Homing Gateway. 【SYN Flood Threshold Blocking Time ( Per Source IP) Seconds】: T System Administrator can enter the blocking time when the number of SYN packets per second from attacking source IP Address that is allow to enter the network/Multi-Homing Gateway exceed the maximum number (define as...
Page 39  Detect UDP Attack: The same as ICMP Flood. 【UDP Flood Threshold( Total) Pkts/Sec】: T he System Administrator can enter the maximum number of UDP packets per second that is allow to enter the network/Multi-Homing Gateway. 【UDP Flood Threshold( Per Source IP) Pkts/Sec】: T he System Administrator can enter the maximum number of UDP packets per second from attacking source IP Address that is allow to enter the...
Page 40 specified in packet‟s header. Hackers can use this address field on disguised packets to invade LAN networks and send LAN networks‟ data back to them.  Detect Land Attack: Some Systems may shut down when receiving packets with the same source and destination addresses, the same source port and destination port, and when SYN on the TCP header is marked.
Page 41: Route Table
Route Table In this section, the Administrator can add static routes for the networks. Entering the Route Table screen Click System on the left side menu bar, then click Route Table below it. The Route Table window appears, in which current route settings are shown. Route Table functions ...
Page 42: Adding A New Static Route
 NetMask: Netmask of destination network.  Gateway: Gateway IP address for connecting to destination network.  Configure: Change settings in the route table. Adding a new Static Route Step 1. In the Route Table window, click the New Entry button. Step 2.
Page 43 Modifying a Static Route: Step 1. In the Route Table menu, find the route to edit and click the corresponding Modify option in the Configure field. Step 2. In the Modify Static Route window, modify the necessary routing addresses. Step 3. Click OK to apply changes or click Cancel to cancel it. - 36 -...
Page 44: Removing A Static Route
Removing a Static Route Step 1. In the Route Table window, find the route to remove and click the corresponding Remove option in the Configure field. Step 2. In the Remove confirmation pop-up box, click OK to confirm removing or click Cancel to cancel it.
Page 45: Dhcp
DHCP In the section, the Administrator can configure DHCP (Dynamic Host Configuration Protocol) settings for the LAN (LAN) network. Entering the DHCP window Step 1. Click System on the left hand side menu bar, then click DHCP below it. The DHCP window appears in which current DHCP settings are shown on the screen.
Page 46: Dmz Interface
 DNS Server 1 : Enter the distributed IP address of DNS Server1.  DNS Server 2 : Enter the distributed IP address of DNS Server2.  WINS Server 1 : Enter the distributed IP address of WINS Server1.  WINS Server 2 : Enter the distributed IP address of WINS Server2. Internal Interface : ...
Page 47: Enabling Dhcp Support
Enabling DHCP Support Step 1. In the Dynamic IP Address window, click Enable DHCP Support. Step 2. Enable DHCP Support：Enable /Disable DCHP Support  Domain Name：Enter the Domain Name of DHCP Automatically Get DNS：Automatically detect DNS Server.  DNS Server 1 : Enter the distributed IP address of DNS Server1. ...
Page 48 - 41 -...
Page 49: Dynamic Dns
Dynamic DNS The Dynamic DNS (require Dynamic DNS Service) allows you to alias a dynamic IP address to a static hostname, allowing your device to be more easily accessed by specific name. When this function is enabled, the IP address in Dynamic DNS Server will be automatically updated with the new IP address provided by ISP.
Page 50 - 43 -...
Page 51 How to register：Firstly, Click Dynamic DNS in the System menu to enter Dynamic DNS window, then click Add button，on the right side of the service providers, click Register, the service providers‟ website will appear, please refer to the website for the way of registration. - 44 -...
Page 52 Dynamic DNS settings Step 1: Click Add button. Step 2: Click the information in the column of the new window.  Service providers：Select service providers.  Register：to the service providers‟ website.  WAN IP Address：IP Address of the WAN port. ...
Page 53: Modify Dynamic Dns
Modify dynamic DNS Step 1: Find the item you want to change and click Modify. Step 2: Enter the new information in the Modify Dynamic DNS window. Step 3: Click OK to change the settings or click Cancel to discard changes. - 46 -...
Page 54: Delete Dynamic Dns
Delete Dynamic DNS Step 1: Find the item you want to change and click Delete. Step 2: A confirmation pop-up box will appear, click OK to delete the settings or click Cancel to discard changes. - 47 -...
Page 55: Language
Language Admins can configure the Multi-Homing Gateway Select the Language version. Step 1. Select the Language version (English Version/German Version/ Traditional Chinese Version or Simplified Chinese Version). Step 2. Click 【OK】to set the Language version or click Cancel to discard changes.
Page 56: Permitted Ips
Permitted IPs Only the authorized IP address is permitted to manage the Multi-Homing Gateway. - 49 -...
Page 57: Add Permitted Ip Address
Add Permitted IP Address Step 1. Click New Entry button. Step 2. In IP Address field, enter the LAN IP address or WAN IP address.  IP address：Enter the LAN IP address or WAN IP address.  Netmask：Enter the netmask of LAN/WAN. ...
Page 58: Modify Permitted Ip Address
Modify Permitted IP Address Step 1. In the table of Permitted IPs, highlight the IP you want to modify, and then click Modify. Step 2. In Modify Permitted IP, enter new IP address. Step 3. Click OK to modify or click Cancel to discard changes. - 51 -...
Page 59: Remove Permitted Ip Addresses
Remove Permitted IP addresses Step 1. In the table of Permitted IPs, highlight the IP you want to remove, and then click Remove. Step 2. In Remove Permitted IP, enter new IP address. Step 3. In the confirm window, click OK to remove or click Cancel to discard changes. - 52 -...
Page 60: Logout
Logout Select this option to the device‟s Logout the Multi-Homing Gateway. This function protects your system while you are away. Step 1. Click Logout the Multi-Homing Gateway. Step 2. Click OK to logout or click Cancel to discard the change. - 53 -...
Page 61: Software Update
Software Update Under Software Update, the admin may update the device‟s software with a newer software. - 54 -...
Page 62: Interface
Interface In this section, the Administrator can set up the IP addresses for the office network. The Administrator may configure the IP addresses of the LAN network, the WAN 1/2 network, and the DMZ network. The netmask and gateway IP addresses are also configured in this section.
Page 63: Lan
Entering the Interface menu: Interface Click on in the left menu bar. Then click on LAN below it. The current settings of the interface addresses will appear on the screen. - 56 -...
Page 64: Internal Interface
Configuring the Interface Settings Internal Interface Using the LAN Interface, the Administrator sets up the LAN network. The LAN network will use a private IP scheme. The private IP network will not be routable on the Internet. IP Address: The private IP address of the Multi-Homing Gateway‟s LAN network is the IP address of the LAN port of the device.
Page 65: Wan
Entering the Interface menu Click on Interface in the left menu bar. Then click on WAN below it. The current settings of the interface addresses will appear on the screen. Balance Mode： Auto: The Multi-Homing Gateway distributes the WAN 1/2 download by proportion automatically according to the WAN download bandwidth.
Page 66 bandwidths.) By Traffic: The Multi-Homing Gateway distributes the WAN 1/2 download bandwidth by traffic. (For users who are connected to the Internet via a fixed WAN IP address. By Session: The Multi-Homing Gateway distributes the WAN 1/2 download bandwidth by session.
Page 67: Wan 1/2 Interface
WAN 1/2 Interface Using the WAN 1/2 Interface, the Administrator sets up the WAN 1/2 network. These IP Addresses are real public IP Addresses, and are routable on the Internet. For PPPoE (ADSL User): This option is for PPPoE users who are required to enter a username and password in order to connect, such as ADSL users.
Page 68 - 61 -...
Page 69 For Dynamic IP Address (Cable Modem User): This option is for users who are automatically assigned an IP address by their ISP, such as cable modem users. The following fields apply: IP Address: The dynamic IP address obtained by the Multi-Homing Gateway from the ISP will be displayed here.
Page 70 - 63 -...
Page 71 For Static IP Address: This option is for users who are assigned a static IP Address from their ISP. Your ISP will provide all the information needed for this section such as IP Address, Netmask, Gateway, and DNS. Use this option also if you have more than one public IP Address assigned to you.
Page 72 - 65 -...
Page 73: Dmz
The Administrator uses the DMZ Interface to set up the DMZ network. The DMZ network consists of server computers such as FTP, SMTP, and HTTP (web). These server computers are put in the DMZ network so they can be isolated from the Internal (LAN) network traffic. Broadcast messages from the Internal network will not cross over to the DMZ network to cause congestions and slow down these servers.
Page 74 NetMask: This will be the netmask of the DMZ network. Ping: Select this to allow the DMZ network to ping the IP Address of the Multi-Homing Gateway. This will allow people from the Internet to be able to ping the Multi-Homing Gateway.
Page 75: Address
Address The Multi-Homing Gateway allows the Administrator to set Interface addresses of the Internal network, Internal network group, WAN network, WAN network group, DMZ and DMZ group. What is the Address Table? An IP address in the Address Table can be an address of a computer or a sub network. The Administrator can assign an easily recognized name to an IP address.
Page 76: Lan
Entering the LAN window Step 1. Click LAN under the Address menu to enter the LAN window. The current setting information such as the name of the LAN network, IP and Netmask addresses will show on the screen. - 69 -...
Page 77: Adding A New Lan Address
Adding a new LAN Address Step 1. In the LAN window, click the New Entry button. Step 2. In the Add New Address window, enter the settings of a new LAN network address. Step 3. Click OK to add the specified LAN network or click Cancel to cancel the changes. - 70 -...
Page 78: Modifying An Lan Address
Modifying an LAN Address Step 1. In the LAN window, locate the name of the network to be modified. Click the Modify option in its corresponding Configure field. The Modify Address window appears on the screen immediately. Step 2. In the Modify Address window, fill in the new addresses. Step 3.
Page 79: Removing An Lan Address
Removing an LAN Address Step 1. In the LAN window, locate the name of the network to be removed. Click the Remove option in its corresponding Configure field. Step 2. In the Remove confirmation pop-up box, click OK to remove the address or click Cancel to discard changes.
Page 80: Lan Group
LAN Group Entering the LAN Group window The LAN Addresses may be combined together to become a group. Click LAN Group under the Address menu to enter the LAN Group window. The current setting information for the LAN network group appears on the screen. - 73 -...
Page 81 Adding an LAN Group Step 1. In the LAN Group window, click the New Entry button to enter the Add New Address Group window. Step 2. In the Add New Address Group window:  Available Address: list the names of all the members of the LAN network. ...
Page 82: Modifying An Lan Group
Modifying an LAN Group Step 1. In the LAN Group window, locate the network group desired to be modified and click its corresponding Modify option in the Configure field. Step 2. A window displaying the information of the selected group appears: ...
Page 83: Removing An Lan Group
Removing an LAN Group Step 1. In the LAN Group window, locate the group to be removed and click its corresponding Remove option in the Configure field. Step 2. In the Remove confirmation pop-up box, click OK to remove the group or click Cancel to discard changes.
Page 84: Wan
Entering the WAN window Click WAN under the Address menu to enter the WAN window. The current setting information, such as the name of the WAN network, IP and Netmask addresses will show on the screen. - 77 -...
Page 85: Adding A New Wan Address
Adding a new WAN Address Step 1. In the WAN window, click the New Entry button. Step 2. In the Add New Address window, enter the settings for a new WAN network address. Step 3. Click OK to add the specified WAN network or click Cancel to discard changes. - 78 -...
Page 86: Modifying An Wan Address
Modifying an WAN Address Step 1. In the WAN table, locate the name of the network to be modified and click the Modify option in its corresponding Configure field. Step 2. The Modify Address window will appear on the screen immediately. In the Modify Address window, fill in new addresses.
Page 87: Removing An Wan Address
Removing an WAN Address Step 1. In the WAN table, locate the name of the network to be removed and click the Remove option in its corresponding Configure field. Step 2. In the Remove confirmation pop-up box, click OK to remove the address or click Cancel to discard changes.
Page 88: Wan Group
WAN Group Entering the WAN Group window Click the WAN Group under the Address menu bar to enter the WAN window. The current settings for the WAN network group(s) will appear on the screen. - 81 -...
Page 89: Adding An Wan Group
Adding an WAN Group Step 1. In the WAN Group window, click the New Entry button and the Add New Address Group window will appear. Step 2. In the Add New Address Group window the following fields will appear:  Name: enter the name of the new group. ...
Page 90: Modify An Wan Group
Modify an WAN Group Step 1. In the WAN Group window, locate the network group to be modified and click its corresponding Modify button in the Configure field. Step 2. A window displaying the information of the selected group appears: ...
Page 91: Removing An Wan Group
Removing an WAN Group Step 1. In the WAN Group window, locate the group to be removed and click its corresponding Modify option in the Configure field. Step 2. In the Remove confirmation pop-up box, click OK to remove the group or click Cancel to discard changes.
Page 92: Dmz
Entering the DMZ window: Click DMZ under the Address menu to enter the DMZ window. The current setting information such as the name of the internal network, IP, and Netmask addresses will show on the screen. - 85 -...
Page 93 Adding a new DMZ Address: Step 1. In the DMZ window, click the New Entry button. Step 2. In the Add New Address window, enter the settings for a new DMZ address. Step 3. Click OK to add the specified DMZ or click Cancel to discard changes. - 86 -...
Page 94 Modifying a DMZ Address: Step 1. In the DMZ window, locate the name of the network to be modified and click the Modify option in its corresponding Configure field. Step 2. In the Modify Address window, fill in new addresses. Step 3.
Page 95 Removing a DMZ Address: Step 1. In the DMZ window, locate the name of the network to be removed and click the Remove option in its corresponding Configure field. Step 2. In the Remove confirmation pop-up box, click OK to remove the address or click Cancel to discard changes.
Page 96 DMZ Group Entering the DMZ Group window: Click DMZ Group under the Address menu to enter the DMZ window. The current settings information for the DMZ group appears on the screen. - 89 -...
Page 97 Adding a DMZ Group: Step 1. In the DMZ Group window, click the New Entry button. Step 2. In the Add New Address Group window:  Available Address: list names of all members of the DMZ.  Selected Address: list names to assign to a new group. Step 3.
Page 98 - 91 -...
Page 99 Modifying a DMZ Group: Step 1. In the DMZ Group window, locate the DMZ group to be modified and click its corresponding Modify button in the Configure field. Step 2. A window displaying information about the selected group appears:  Available Address: list the names of all the members of the DMZ. ...
Page 100 Removing a DMZ Group: Step 1. In the DMZ Group window, locate the group to be removed and click its corresponding Remove option in the Configure field. Step 2. In the Remove confirmation pop-up box, click OK to remove the group. - 93 -...
Page 101: Service
Service In this section, network services are defined and new network services can be added. There are three sub menus under Service which are: Pre-defined, Custom, and Group. The Administrator can simply follow the instructions below to define the protocols and port numbers for network communication applications.
Page 102: Pre-Defined
Pre-defined Entering a Pre-defined window Click Service on the menu bar on the left side of the window. Click Pre-defined under it. A window will appear with a list of services and their associated IP addresses. This list cannot be modified. - 95 -...
Page 103: Custom
Custom Entering the Custom window Click Service on the menu bar on the left side of the window. Click Custom under it. A window will appear with a table showing all services currently defined by the Administrator. - 96 -...
Page 104: Adding A New Service
Adding a new Service Step 1 In the Custom window, click the New Entry button and a new service table appears. Step 2 In the new service table:  New Service Name: This will be the name referencing the new service. ...
Page 105: Modifying Custom Services
Modifying Custom Services Step 1. In the Custom table, locate the name of the service to be modified. Click its corresponding Modify option in the Configure field. Step 2. A table showing the current settings of the selected service appears on the screen Step 3.
Page 106: Removing Custom Services
Removing Custom Services Step 1. In the Custom window, locate the service to be removed. Click its corresponding Remove option in the Configure field. Step 2. In the Remove confirmation pop-up box, click OK to remove the selected service or click Cancel to cancel action.
Page 107: Group
Group Accessing the Group window Click Service in the menu bar on the left hand side of the window. Click Group under it. A window will appear with a table displaying current service group settings set by the Administrator. - 100 -...
Page 108: Adding Service Groups
Adding Service Groups Step 1. In the Group window, click the New Entry button. In the Add Service Group window, the following fields will appear:  Available Services: list all the available services.  Selected Services: list services to be assigned to the new group. Step 2.
Page 109: Modifying Service Groups
Modifying Service Groups Step 1. In the Group window, locate the service group to be edited. Click its corresponding Modify option in the Configure field. Step 2. In the Mod (modify) group window the following fields are displayed::  Available Services: lists all the available services. ...
Page 110: Removing Service Groups
Removing Service Groups Step 1. In the Group window, locate the service group to be removed and click its corresponding Remove option in the Configure field. Step 2. In the Remove confirmation pop-up box, click OK to remove the selected service group or click Cancel to cancel removing.
Page 111: Schedule
Schedule The Multi-Homing Gateway allows the Administrator to configure a schedule for policies to take affect. By creating a schedule, the Administrator is allowing the Multi-Homing Gateway policies to be used at those designated times only. Any activities outside of the scheduled time slot will not follow the Multi-Homing Gateway policies therefore will likely not be permitted to pass through the Multi-Homing Gateway.
Page 112: Accessing The Schedule Window
Accessing the Schedule window Click on Schedule on the menu bar and the schedule window will appear displaying the active schedules. The following items are displayed in this window: Name: the name assigned to the schedule Comment: a short comment describing the schedule Configure: modify or remove - 105 -...
Page 113: Adding A New Schedule
Adding a new Schedule Step 1: Click on the New Entry button and the Add New Schedule window will appear. Step 2: Schedule Name: Fill in a name for the new schedule. Period 1: Configure the start and stop time for the days of the week that the schedule will be active.
Page 114: Modifying A Schedule
Modifying a Schedule Step 1: In the Schedule window, find the policy to be modified and click the corresponding Modify option in the Configure field. Step 2: Make needed changes. Step 3: Click OK to save changes. - 107 -...
Page 115 Removing a Schedule Step 1: In the Schedule window, find the policy to be removed and click the corresponding Remove option in the Configure field. Step 2: A confirmation pop-up box will appear, click on OK to remove the schedule. - 108 -...
Page 116: Content Filtering
Content filtering The Administrator may setup URL Blocking to prevent LAN network users from accessing a specific website on the Internet. Any web request coming from an LAN network computer to a blocked website will receive a blocked message instead of the website. - 109 -...
Page 117: Url Blocking
URL Blocking Entering the URL blocking window Click on URL Blocking under the Configuration menu bar. Click on New Entry. - 110 -...
Page 118: Adding A Url Blocking Policy
Adding a URL Blocking policy Step 1: After clicking New Entry, the Add New Block String window will appear. Step 2: Enter the URL of the website to be blocked. Step 3: Click OK to add the policy. Click Cancel to discard changes. - 111 -...
Page 119: Modifying A Url Blocking Policy
Modifying a URL Blocking policy Step 1: In the URL Blocking window, find the policy to be modified and click the corresponding Modify option in the Configure field. Step 2: Make the necessary changes needed. Step 3: Click on OK to save changes or click on Cancel to cancel modifications. - 112 -...
Page 120 Removing a URL Blocking Step 1: In the URL Blocking window, find the policy to be removed and click the corresponding Remove option in the Configure field. Step 2: A confirmation pop-up box will appear, click on OK to remove the policy or click on Cancel to discard changes.
Page 121 Blocked URL site: When a user from the LAN network tries to access a blocked URL, the error below will appear. - 114 -...
Page 122: Script Blocking
Script Blocking To let Popup、ActiveX、Java、Cookie in or keep them out. Click Content Filtering in the menu. Step 1: 【General Blocking】detective functions. Step 2:  Popup filtering：Prevent the pop-up boxes appearing.  ActiveX filtering：Prevent ActiveX packets.  Java filtering：Prevent Java packets. ...
Page 123 When the system detects the setting, the Multi-Homing Gateway Gateway will spontaneously work. - 116 -...
Page 124: Virtual Server
Virtual Server The Multi-Homing Gateway separates an enterprise‟s Intranet and Internet into LAN networks and WAN 1/2 networks respectively. Generally speaking, in order to allocate enough IP addresses for all computers, an enterprise assigns each computer a private IP address, and converts it into a real IP address through Multi-Homing Gateway Gateway‟s NAT (Network Address Translation) function.
Page 125: How To Use Virtual Server And Mapped Ip
How to use Virtual Server and mapped IP Virtual Server and Mapped IP are part of the IP mapping scheme. By applying the incoming policies, Virtual Server and IP mapping work similarly. They map real IP addresses to the physical servers‟ private IP addresses (which is opposite to NAT), but there still exists some differences: ...
Page 126: Mapped Ip
Mapped IP Internal private IP addresses are translated through NAT (Network Address Translation). If a server is located in the LAN network, it has a private IP address, and outside users cannot connect directly to LAN servers‟ private IP address. To connect to a LAN network server, outside users have to first connect to a real IP address of the WAN 1/2 network, and the real IP is translated to a private IP of the LAN network.
Page 127: Entering The Mapped Ip Window
Entering the Mapped IP window Step 1. Click Mapped IP under the Virtual Server menu bar and the Mapped IP configuration window will appear. Definition: External IP：WAN IP Address. Map to Virtual IP：The IP address which WAN maps to the virtual network in the server. Configure：To change the setting, click Configure to modify the parameters;...
Page 128: Adding A New Ip Mapping
Adding a new IP Mapping Step 1. In the Mapped IP window, click the New Entry button. The Add New Mapped IP window will appear.  WAN IP: select the WAN public IP address to be mapped.  Internal IP: enter the LAN private IP address will be mapped 1-to-1 to the WAN IP address.
Page 129: Modifying A Mapped Ip
Modifying a Mapped IP Step 1. In the Mapped IP table, locate the Mapped IP you want it to be modified and click its corresponding Modify option in the Configure field. Step 2. Enter settings in the Modify Mapped IP window. Step 3.
Page 130: Removing A Mapped Ip
Removing a Mapped IP Step 1. In the Mapped IP table, locate the Mapped IP desired to be removed and click its corresponding Remove option in the Configure field. Step 2. In the Remove confirmation pop-up window, click OK to remove the Mapped IP or click Cancel to cancel.
Page 131: Virtual Server
Virtual Server Virtual server is a one-to-many mapping technique, which maps a real IP address from the WAN interface to private IP addresses of the LAN network. This function provides services or applications defined in the Service menu to enter into the LAN network. Unlike a mapped IP which binds an WAN IP to an LAN IP, virtual server binds WAN IP ports to LAN IP ports.
Page 132: Adding A Virtual Server
This virtual server provides four real IP addresses, which means you can setup four virtual servers at most （Setup under the Virtual Server sub-selections Virtual Server 1/2/3/4 in the menu bar on the left hand side.） The administrator can select Virtual Server1/2under Virtual Server selection in the menu bar on the left hand side, click Server Virtual IP to add or change the virtual server IP address;...
Page 133 - 126 -...
Page 134: Modifying A Virtual Server Ip Address
Modifying a Virtual Server IP Address Step 1. Click the virtual server to be modified Virtual Server under the Virtual Server menu bar. A new window appears displaying the IP address and service of the specified virtual server. Step 2. Click on the Virtual Server‟s IP Address button at the top of the screen.
Page 135: Removing A Virtual Server
Removing a Virtual Server Step 1. Click the virtual server to be removed in the corresponding Virtual Server option under the Virtual Server menu bar. A new window displaying the virtual server‟s IP address and service appears on the screen. Step 2.
Page 136: Setting The Virtual Server"S Services
Setting the Virtual Server’s services Step 1. For the Virtual Server which has already been set up with an IP address, click the New Service button in the table. Step 2. In the Virtual Server Configurations window:  Server Virtual IP: displays the WAN IP address assigned to the Virtual Server ...
Page 137: Adding New Virtual Server Service Configuration
Adding New Virtual Server Service Configuration Step 1. Select Virtual Server in the menu bar on the left hand side, and then select Virtual Server 1/2/3/4 sub-selections. Step 2. In Virtual Server 1/2/3/4/3/4 Window, click “Click here to configure” button. Step 3.
Page 138 WAN：Enter the WAN IP address that configured by the virtual server. Server Virtual IP：Enter the WAN IP address configured by the virtual server. Service Name (Port)：Click the pull-down menu the system will display you the service item port. External Service Port：The External Service Port that provided by the virtual server. Service Name：The service names that provided by the virtual server.
Page 139: Modifying The Virtual Server Configurations
Modifying the Virtual Server configurations Step 1. In the Virtual Server window‟s service table, locate the name of the service desired to be modified and click its corresponding Modify option in the Configure field. Step 2. In the Virtual Server Configuration window, enter the new settings. Step 3.
Page 140 computer IP addresses can be set at most, and the load can be maintained in a balance.Click OK to execute the change of the virtual server, or click Cancel to discard changes. If the destination Network in Policy has set a virtual server, it will not be able to change or configure this virtual server, you have to remove this configuration of Policy, and then you can execute the modification or configuration.
Page 141 If the destination Network in Policy has set a virtual server, it will not be able to change or configure this virtual server unless you have already removed this configuration of Policy. - 134 -...
Page 142: Vpn
The Multi-Homing Gateway‟s VPN (Virtual Private Network) is set by the System Administrator. The System Administrator can add, modify or remove VPN settings. What is VPN? To set up a Virtual Private Network (VPN), you don’t need to configure an Access Policy to enable encryption.
Page 143: Ipsec Autokey
IPSec Autokey The fields in the IPSec window are:  Name: The VPN name to identify the VPN tunnel definition. The name must be different for the two sites creating the tunnel.  Gateway IP: The WAN interface IP address of the remote Multi-Homing Gateway. ...
Page 144 2000 VPN Client. Example 3. Create a VPN connection between two Multi-Homing Gateway using Aggressive mode Algorithm (3 DES and MD5), and data encryption for IPSec Algorithm (3DES and MD5) Example 4. Create a VPN connection between two Multi-Homing Gateway using ISAKMP Algorithm (3DES and MD5), data encryption for IPSec Algorithm (3DES and MD5) and GRE.
Page 145 - 138 -...
Page 146 Example 1. Create a VPN connection between two Multi-Homing Gateways. Preparation Task: Company A External IP is 61.11.11.11 Internal IP is 192.168.10.X Company B External IP is 211.22.22.22 Internal IP is 192.168.20.X To suppose Company A, 192.168.10.100 create a VPN connection with company B, 192.168.20.100 for downloading the sharing file.
Page 147 - 140 -...
Page 148 Step 2. Enter the VPN name, VPN_A in IPSec Autokey window, and choose From Source to be Internal. Fill the subnet IP, 192.168.10.0 and subnet mask, 255.255.255.0. Step 3. In To Destination table, choose Remote Gateway-Fixed IP, enter the IP desired to be connected, company B‟s subnet IP and mask.
Page 149 Step 6. In IPSec Algorithm Table , choose Data Encryption + Authentication. We choose 3DES for ENC Algorithm and MD5 for AUTH Algorithm. Step 7. Choose Perfect Forward Secrecy, and enter 28800 seconds in IPSec Lifetime and Keep alive IP to keep connecting. Step 8.
Page 150 The Gateway of Company B is 192.168.20.1. The settings of company B are as the following. Step 1. Enter the default IP of Company B‟s Multi-Homing Gateway, 192.168.20.1. Click VPN in the menu bar on the left hand side, and then select the sub-select IPSec Autokey. Click Add.
Page 151 Step 2. Enter the VPN name, VPN_B in IPSec Autokey window, and choose From Source to be Internal. Fill the subnet IP, 192.168.20.0 and subnet mask, 255.255.255.0. Step 3. In To Destination table, choose Remote Gateway-Fixed IP, enter the IP desired to be connected, company A‟s subnet IP and mask, 192.168.10.0 and 255.255.255.0 respectively.
Page 152 Step 6. In IPSec Algorithm Table , choose Data Encryption + Authentication. We choose 3DES for ENC Algorithm and MD5 for AUTH Algorithm. Step 7. Choose Perfect Forward Secrecy, and enter 28800 seconds in IPSec Lifetime and Keep alive IP to keep connecting. Step 8.
Page 153 Example 2. Create a VPN connection between the Multi-Homing Gateway and Windows 2000 VPN Client. Preparation Task: Company A External IP is 61.11.11.11 Internal IP is 192.168.10.X Company B External IP is 211.22.22.22 Internal IP is 192.168.20.X To suppose Company A, 192.168.10.100 create a VPN connection with company B, 192.168.20.100 for downloading the sharing file.
Page 154 - 147 -...
Page 155 Step 2. Enter the VPN name, VPN_A in IPSec Autokey window, and choose From Source to be Internal. Fill the subnet IP, 192.168.10.0 and subnet mask, 255.255.255.0. Step 3. In To Destination table, choose Remote Gateway-Fixed IP, enter the IP desired to be connected, company B‟s subnet IP and mask.
Page 156 Step 6. In IPSec Algorithm Table , choose Data Encryption + Authentication. We choose 3DES for ENC Algorithm and MD5 for AUTH Algorithm. Step 7. Choose Perfect Forward Secrecy, and enter 28800 seconds in IPSec Lifetime and Keep alive IP to keep connecting. Step 8.
Page 157 The Gateway of Company B is 192.168.20.100. The settings of company B are as the following. Step 1. Enter Windows XP, click Start and click Execute function. - 150 -...
Page 158 Step 2. In the Execute window, enter the command, MMC in Open. - 151 -...
Page 159 Step 3. Enter the Console window, click Console(C) option and click Add/Remove Embedded Management Option. - 152 -...
Page 160 Step 4. Enter Add/Remove Embedded Management Option window and click Add. In Add/ Remove Embedded Management Option window, click Add to add Create IP Security Policy. - 153 -...
Page 161 Step 5. Choose Local Machine (L) for finishing the setting of Add. - 154 -...
Page 162 Step 6. Finish the setting of Add. - 155 -...
Page 163 Step 7. Click the right button of mouse in IP Security Policies on Local Machine and choose Create IP Security Policy(C) option. - 156 -...
Page 164 Step 8. Click Next. - 157 -...
Page 165 Step 9. Enter the Name of this VPN and optionally give it a brief description. - 158 -...
Page 166 Step 10. Disable Activate the default response rule. And click Next. - 159 -...
Page 167 Step 11. Completing the IP Security Policy setting and click Finish. Enable Edit properties. - 160 -...
Page 168 Step 12. In VPN_B window, click Add and please don‟t click Use Add Wizard. - 161 -...
Page 169 Step 13. In IP Filter List tab, click Add. - 162 -...
Page 170 Step 14. In IP Filter List window, please don‟t choose Use Add Wizard and change Name to VPN_B WAN TO LAN. Click Add. - 163 -...
Page 171 Step 15. In Filter Properties window, in Source address, click down the arrow to select the specific IP Subnet and fill Company B‟s IP Address, 211.22.22.22 and Subnet mask, 255.255.255.255. In Destination address, click down the arrow to select the specific IP Subnet and fill Company A‟s IP Address, 192.168.10.0 and Subnet mask 255.255.255.0.
Page 172 Step 16. Finish the setting and close IP Filter List window. - 165 -...
Page 173 Step 17. Click Filter Action tab and choose Require Security. Click Edit. - 166 -...
Page 174 Step 18. In Security Methods tab, choose accept unsecured communication, but always respond using IPSec. - 167 -...
Page 175 Step 19. Click Edit in Custom/ None/ 3DES/ MD5. - 168 -...
Page 176 Step 20. Click Custom(For professional user) and click Edit. - 169 -...
Page 177 Step 21. Click Data Integrity and Encapsulation and choose MD5 and 3DES. Click Generate a New key after every 28800 seconds. And click 3 times OK to return. - 170 -...
Page 178 Step 22. Click Connection Type tab and click all network connections. - 171 -...
Page 179 Step 23. Click Tunnel Setting tab, and click The tunnel endpoint is specified by the IP Address. Enter the WAN IP of Company A, 61.11.11.11. - 172 -...
Page 180 Step 24. Click Authentication Methods and click Edit. - 173 -...
Page 181 Step 25. Choose Use this string to protect the key exchange (Preshared Key). And enter the key, 123456789. - 174 -...
Page 182 Step 26. Finish the setting, and close the window. - 175 -...
Page 183 Step 27. Finish the Policy setting of VPN_B WAN TO LAN. - 176 -...
Page 184 Step 28. Enter VPN_B window again and click Add to add second IP Security Policy. Please don’t enable Use Add Wizard. - 177 -...
Page 185 Step 29. In New Rule Properties, click Add. - 178 -...
Page 186 Step 30. In IP Filter List window, please disable Use Add Wizard, and change Name to VPN_B LAN TO WAN. Click Add. - 179 -...
Page 187 Step 31. In Filter Properties window, in Source address, click down the arrow to select the specific IP Subnet and fill Company A‟s IP Address, 192.168.10.0 and Subnet mask 255.255.255.0. In Destination address click down the arrow to select the specific IP Subnet and fill Company B‟s IP Address, 211.22.22.22 and Subnet mask, 255.255.255.255., Please disable Mirrored.
Page 188 Step 32. Finish the setting and close IP Filter List window. - 181 -...
Page 189 Step 33. Click Filter Action tab and choose Require Security. Click Edit. - 182 -...
Page 190 Step 34. In Security Methods tab, choose accept unsecured communication, but always respond using IPSec. - 183 -...
Page 191 Step 35. Click Edit in Custom/ None/ 3DES/ MD5. - 184 -...
Page 192 Step 36. Click Custom(For professional user) and click Edit. - 185 -...
Page 193 Step 37. Click Data Integrity and Encapsulation and choose MD5 and 3DES. Click Generate a New key after every 28800 seconds. And click 3 times OK to return. - 186 -...
Page 194 Step 38. Click Connection Type tab and click all network connections. - 187 -...
Page 195 Step 39. Click Tunnel Setting tab, and click The tunnel endpoint is specified by the IP Address. 211.22.22.22 Enter the WAN IP of Company B, - 188 -...
Page 196 Step 40. Click Authentication Methods and click Edit. - 189 -...
Page 197 Step 41. Choose Use this string to protect the key exchange (Preshared Key). And enter the key, 123456789. - 190 -...
Page 198 Step 42. Finish the setting, and close the window. - 191 -...
Page 199 Step 43. Finish the Policy setting of VPN_B LAN TO WAN. - 192 -...
Page 200 Step 44. In VPN_B window, click General tab. And click Advanced for Key Exchange using these settings. - 193 -...
Page 201 Step 45. Click Master key Perfect Forward Secrecy. - 194 -...
Page 202 Step 46. Move IKE/ 3DES/ MD5/ up to the highest order. Finish all settings. - 195 -...
Page 203 Step 47. Finish the settings of Company B‟s Windows 2000 VPN. - 196 -...
Page 204 Step 48. Click the right button of mouse in VPN_B and enable Assign. - 197 -...
Page 205 Step 49. To restart IPSec by StartSettingsControl Panel - 198 -...
Page 206 Step 50. Enter Control Panel and click Administrative Tools. - 199 -...
Page 207 Step 51. After entering Administrative Tools, click Services. - 200 -...
Page 208 Step 52. After entering Service, click IPSec Services, Restart the Service. - 201 -...
Page 209 Step 53. Finish all settings. - 202 -...
Page 210 Example 3. Create a VPN connection between two Multi-Homing Gateway using Aggressive mode Algorithm (3 DES and MD5), and data encryption for IPSec Algorithm (3DES and MD5) Preparation Task: Company A External IP is 61.11.11.11 Internal IP is 192.168.10.X Company B External IP is 211.22.22.22 Internal IP is 192.168.20.X 192.168.10.100 To suppose Company A,...
Page 211 - 204 -...
Page 212 Step 2. Enter the VPN name, VPN_A in IPSec Autokey window, and choose From Source to be Internal. Fill the subnet IP, 192.168.10.0 and subnet mask, 255.255.255.0. Step 3. In To Destination table, choose Remote Gateway-Fixed IP, enter the IP desired to be connected, company B‟s subnet IP and mask.
Page 213 Step 6. In IPSec Algorithm Table , choose Data Encryption + Authentication. We choose 3DES for ENC Algorithm and MD5 for AUTH Algorithm. Step 7. Choose Perfect Forward Secrecy, and enter 28800 seconds in IPSec Lifetime and Keep alive IP to keep connecting. Step 8.
Page 214 The Gateway of Company B is 192.168.20.1. The settings of company B are as the following. Step 1. Enter the default IP of Company B‟s Multi-Homing Gateway, 192.168.20.1. Click VPN in the menu bar on the left hand side, and then select the sub-select IPSec Autokey. Click Add.
Page 215 Step 2. Enter the VPN name, VPN_B in IPSec Autokey window, and choose From Source to be Internal. Fill the subnet IP, 192.168.20.0 and subnet mask, 255.255.255.0. Step 3. In To Destination table, choose Remote Gateway-Fixed IP, enter the IP desired to be connected, company A‟s subnet IP and mask, 192.168.10.0 and 255.255.255.0 respectively.
Page 216 Step 6. In IPSec Algorithm Table , choose Data Encryption + Authentication. We choose 3DES for ENC Algorithm and MD5 for AUTH Algorithm. Step 7. Choose Perfect Forward Secrecy, and enter 28800 seconds in IPSec Lifetime and Keep alive IP to keep connecting. Step 8.
Page 217 Example 4. Create a VPN connection between two Multi-Homing Gateway using ISAKMP Algorithm (3DES and MD5), data encryption for IPSec Algorithm (3DES and MD5) and GRE. Preparation Task: Company A External IP is 61.11.11.11 Internal IP is 192.168.10.X Company B External IP is 211.22.22.22 Internal IP is 192.168.20.X 192.168.10.100 To suppose Company A,...
Page 218 - 211 -...
Page 219 Step 2. Enter the VPN name, VPN_A in IPSec Autokey window, and choose From Source to be Internal. Fill the subnet IP, 192.168.10.0 and subnet mask, 255.255.255.0. Step 3. In To Destination table, choose Remote Gateway-Fixed IP, enter the IP desired to be connected, company B‟s subnet IP and mask.
Page 220 Step 6. Choose GRE/ IPSec and enter GRE Source IP, 192.168.50.100 and GRE Remote IP, 192.168.50.200. Note. The Source IP and Remote IP should be in the same C Class and modified by Administrator. Step 7. In IPSec Algorithm Table , choose Data Encryption + Authentication. We choose 3DES for ENC Algorithm and MD5 for AUTH Algorithm.
Page 221 Step 10. Click OK to finish the setting of Company A. The Gateway of Company B is 192.168.20.1. The settings of company B are as the following. Step 1. Enter the default IP of Company B‟s Multi-Homing Gateway, 192.168.20.1. Click VPN in the menu bar on the left hand side, and then select the sub-select IPSec Autokey.
Page 222 Step 2. Enter the VPN name, VPN_B in IPSec Autokey window, and choose From Source to be Internal. Fill the subnet IP, 192.168.20.0 and subnet mask, 255.255.255.0. Step 3. In To Destination table, choose Remote Gateway-Fixed IP, enter the IP desired to be connected, company A‟s subnet IP and mask, 192.168.10.0 and 255.255.255.0 respectively.
Page 223 Step 6. Choose GRE/ IPSec and enter GRE Source IP, 192.168.50.200 and GRE Remote IP, 192.168.50.100. Note. The Source IP and Remote IP should be in the same C Class and modified by Administrator. Step 6. In IPSec Algorithm Table , choose Data Encryption + Authentication. We choose 3DES for ENC Algorithm and MD5 for AUTH Algorithm.
Page 224 Step 9. Click OK to finish the setting of Company B. - 217 -...
Page 225: Pptp Server
PPTP Server Entering the PPTP Server window Step 1. Select VPNPPTP Server.  PPTP Server：Click Modify to select Enable or Disable.  Client IP Range: ： Display the IP addresses range for PPTP 192.26.145.1-254 Client connection.  User Name：Displays the PPTP Client user‟s name for authentication. ...
Page 226: Modifying Pptp Server Design
 Configure：Click 【Modify】to modify the PPTP Client settings or click 【Remove】to remove the item. Modifying PPTP Server Design Step 1. Select VPNPPTP Server. Step 2. Click【Modify】after the Client IP Range. Step 3. In the【Modify Server Design 】Window, enter appropriate settings. ...
Page 227: Adding Pptp Server
the PPTP server.  Auto-Disconnect if idle minutes: Configure this device to disconnect to the PPTP Server when there is no activity for a predetermined period of time. To keep the line always connected, set the number to 0.  Schedule：Click the down arrow to select the schedule, which was pre-determined in Schedule.
Page 228 Step 3. Click OK to save modifications or click Cancel to cancel modifications - 221 -...
Page 229: Modifying Pptp Server
Modifying PPTP Server Step 1. Select VPNPPTP Server. Step 2. In the 【PPTP Server】 window, find the PPTP server that you want to modify. Click 【Configure】and click 【Modify】. Step 3. Enter appropriate settings. Step 4. Click OK to save modifications or click Cancel to cancel modifications - 222 -...
Page 230: Removing Pptp Server
Removing PPTP Server Step 1. Select VPNPPTP Server. Step 2. In the 【PPTP Server】 window, find the PPTP server that you want to modify. Click 【Configure】and click 【remove】. Step 3. Click OK to remove the PPTP server or click Cancel to exit without removal. - 223 -...
Page 231: Pptp Client
PPTP Client Entering the PPTP Client window Step 1. Select VPNPPTP Client.  Server Address：Display the PPTP Server IP addresses..  User Name：Displays the PPTP Client user‟s name for authentication.  Server IP：Displays the PPTP Server‟s IP address for authentication.。 ...
Page 232: Adding A Pptp Client
Adding a PPTP Client Step 1. Select VPNPPTP Client.  User name: Specify the PPTP client. This should be unique.  Password: Specify the PPTP client password.  Server Address: Enter the PPTP Server‟s IP address.  Encyption : Enable or Disabled the Encyption . ...
Page 233  Auto-Connect when sending packet through the link: Check to enable the auto-connection whenever there‟s packet to transmit over the connection.  Auto-Disconnect if idle minutes: Configure this device to disconnect to the PPTP Server when there is no activity for a predetermined period of time. To keep the line always connected, set the number to 0.
Page 234: Modifying Pptp Client
Modifying PPTP Client Step 1. Select VPNPPTP Client. Step 2. In the【PPTP Client】window, find the PPTP server that you want to modify. Click 【Configure】and click 【Modify】. Step 3. Enter appropriate settings. Step 4. Click OK to save modifications or click Cancel to cancel modifications - 227 -...
Page 235: Removing Pptp Client
Removing PPTP Client Step 1. Select VPNPPTP Client. Step 2. In the【PPTP Client】window, find the PPTP client that you want to modify. Click 【Configure】and click 【remove】. Step 3. Click OK to remove the PPTP client or click Cancel to exit without removal. - 228 -...
Page 236: Policy
Policy This section provides the Administrator with facilities to sent control policies for packets with different source IP addresses, source ports, destination IP addresses, and destination ports. Control policies decide whether packets from different network objects, network services, and applications are able to pass through the Multi-Homing Gateway. What is Policy? The device uses policies to filter packets.
Page 237: Outgoing
Outgoing This section describes steps to create policies for packets and services from the LAN network to the WAN 1/2 network. Entering the Outgoing window: Click Policy on the left hand side menu bar, then click Outgoing under it. A window will appear with a table displaying currently defined Outgoing policies.
Page 238  Action: control actions to permit or deny packets from LAN networks to WAN 1/2 network travelling through the Multi-Homing Gateway.  Option: specify the monitoring functions on packets from LAN networks to WAN 1/2 networks travelling through the Multi-Homing Gateway. ...
Page 239: Adding A New Outgoing Policy
Adding a new Outgoing Policy Step 1: Click on the New Entry button and the Add New Policy window will appear. Step 2: Source Address: Select the name of the LAN network from the drop down list. The drop down list contains the names of all LAN networks defined in the LAN section of the Address menu.
Page 240 Action: Select Permit，Permit WAN 1，Permit WAN 2 or Deny from the drop down list to allow or reject the packets travelling between the source network and the destination network. Logging: Select Enable to enable flow monitoring. Statistics: Select Enable to enable flow statistics. Content Filtering: Select Enable to enable Content Filtering.
Page 241: Modifying An Outgoing Policy
Modifying an Outgoing policy Step 1: In the Outgoing policy section, locate the name of the policy desired to be modified and click its corresponding Modify option under the Configure field. Step 2: In the Modify Policy window, fill in new settings. Note: To change or add selections in the drop-down list for source or destination address, go to the section where the selections are setup.
Page 242: Removing The Outgoing Policy
Removing the Outgoing Policy Step 1. In the Outgoing policy section, locate the name of the policy desired to be removed and click its corresponding Remove option in the Configure field. Step 2. In the Remove confirmation dialogue box, click OK to remove the policy or click Cancel to cancel removing.
Page 243: Enabled Monitoring Function
Enabled Monitoring function: Log: If Logging is enabled in the outgoing policy, the MULTI-HOMING GATEWAY will log the traffic and event passing through the Multi-Homing Gateway. The Administrator can click Log on the left menu bar to get the flow and event logs of the specified policy. Note: System Administrator can back up and clear logs in this window.
Page 244 Alarm: If Logging is enabled in the outgoing policy, the Multi-Homing Gateway will log the traffic alarms and event alarms passing through the Multi-Homing Gateway. Administrator can click Alarm on the left menu to get the logs of flow and event alarms of the specified policy.
Page 245 Statistics: If Statistics is enabled in the outgoing policy, the Multi-homing Gateway will display the flow statistics passing through the Multi-Homing Gateway. Note: The Administrator can also get flow statistics in Statistics. Please refer to Statistics in Chapter 11 for more details. - 238 -...
Page 246: Incoming
Incoming This chapter describes steps to create policies for packets and services from the WAN 1/2 network to the LAN network including Mapped IP and Virtual Server. Enter Incoming window Step 1: Click Incoming under the Policy menu to enter the Incoming window. The Incoming table will display current defined policies from the WAN 1/2 network to assigned Mapped IP or Virtual Server.
Page 247 network addresses created in Virtual Server menu.  Service: services supported by Virtual Servers (or Mapped IP).  Action: control actions to permit or deny packets from WAN networks to Virtual Server/Mapped IP travelling through the device.  Option: specify the monitoring functions on packets from WAN networks to Virtual Server/Mapped IP travelling through the Multi-Homing Gateway.
Page 248: Adding An Incoming Policy
Adding an Incoming Policy Step 1: Under Incoming of the Policy menu, click the New Entry button. Step 2: Source Address: Select names of the WAN networks from the drop down list. The drop down list contains the names of all WAN networks defined in the WAN section of the Address menu.
Page 249 Service: Specified services provided network servers. These services/application that are allowed to pass from the network to the LAN network. Choose ANY for all services. Action: Select Permit or Deny from the drop down list to allow or reject the packets travelling between the specified WAN network and Virtual Server/Mapped IP.
Page 250: Modifying Incoming Policy
Modifying Incoming Policy Step 1: In the Incoming window, locate the name of policy desired to be modified and click its corresponding Modify option in the Configure field. Step 2: In the Modify Policy window, fill in new settings. Step 3: Click OK to save modifications or click Cancel to cancel modifications. - 243 -...
Page 251: Removing An Incoming Policy
Removing an Incoming Policy Step 1: In the Incoming window, locate the name of policy desired to be removed and click its corresponding [Remove] in the Configure field. Step 2: In the Remove confirmation window, click Ok to remove the policy or click Cancel to cancel removing.
Page 252 WAN To DMZ & LAN To DMZ This section describes steps to create policies for packets and services from the WAN networks to the DMZ networks. Please follow the same procedures for LAN networks to DMZ networks. Enter [WAN To DMZ] or [LAN To DMZ] window: Click WAN To DMZ under Policy menu to enter the WAN To DMZ window.
Page 253 The fields in WAN To DMZ window:  Source: source networks, which are addresses specified in the WAN section of the Address menu, or all the WAN network addresses.  Destination: destination networks, which are addresses specified in DMZ section of the Address menu and Mapped IP addresses of the Virtual Server menu.
Page 254 Adding a new WAN To DMZ Policy: Step 1: Click the New Entry button and the Add New Policy window will appear. Step 2: Source Address: Select names of the WAN networks from the drop down list. The drop down list contains the names of all WAN networks defined in the WAN section of the Address menu.
Page 255 DMZ network. To create a new destination address, please go to the Virtual Server menu. (Please refer to the sections entitled Address and Virtual Server for details) Service: Select a service from drop down list. The drop down list will contain services defined in the Custom or Group section under the Service menu.
Page 256 Modifying an WAN To DMZ policy: Step 1: In the WAN To DMZ window, locate the name of policy desired to be modified and click its corresponding Modify option in the Configure field. Step 2: In the Modify Policy window, fill in new settings. Step 3: Click OK to do save modifications.
Page 257 Removing an WAN To DMZ Policy: Step 1: In the WAN To DMZ window, locate the name of policy desired to be removed and click its corresponding Remove option in the Configure field. Step 2: In the Remove confirmation pop-up box, click OK to remove the policy. - 250 -...
Page 258 DMZ To WAN & DMZ To LAN This section describes steps to create policies for packets and services from DMZ networks to WAN (WAN) networks. Please follow the same procedures for DMZ networks to LAN networks. Entering the DMZ To WAN window: Click DMZ To WAN under Policy menu and the DMZ To WAN table appears displaying currently defined DMZ To WAN policies.
Page 259  Action: control actions, to permit or deny packets from the DMZ network to WAN networks travelling through the MULTI-HOMING GATEWAY.  Option: specify the monitoring functions on packets from the DMZ network to WAN networks travelling through the Multi-Homing Gateway. ...
Page 260 Adding a DMZ To WAN Policy: Step 1: Click the New Entry button and the Add New Policy window will appear. Step 2: Source Address: Select the name of the DMZ network from the drop down list. The drop down list will contain names of DMZ networks defined in DMZ section of the Address menu. To add a new source address, please go to the DMZ section under the Address menu.
Page 261 are allowed to pass from the DMZl network to the WAN network. Choose ANY for all services. To add or modify these services, please go to the Service menu. Action: Select Permit or Deny from the drop down list to allow or reject the packets travelling from the specified DMZ network to the WAN network.
Page 262 Modifying a DMZ To WAN policy: Step 1: In the DMZ to WAN window, locate the name of policy desired to be modified and click its corresponding Modify option in the Configure field. Step 2: In the Modify Policy window, fill in new settings. Note: To change or add selections in the drop-down list, go to the section where the selections →...
Page 263 Removing a DMZ To WAN Policy: Step 1. In the DMZ To WAN window, locate the name of policy desired to be removed and click its corresponding Remove option in the Configure field. Step 2. In the Remove confirmation dialogue box, click OK. - 256 -...
Page 264 The Multi-Homing Gateway supports traffic logging and event logging to monitor and record services, connection times, and the source and destination network address. The Administrator may also download the log files for backup purposes. The Administrator mainly uses the Log menu to monitor the traffic passing through the Multi-Homing Gateway .
Page 265: Traffic Log
Traffic Log The Administrator queries the Multi-Homing Gateway for information, such as source address, destination address, start time, and Protocol port, of all connections. Entering the Traffic Log window Click the Traffic Log option under Log menu to enter the Traffic Log window. - 258 -...
Page 266: Traffic Log Table
Traffic Log Table The table in the Traffic Log window displays current System statuses:  Time: The start time of the connection.  Source: IP address of the source network of the specific connection.  Destination: IP address of the destination network of the specific connection. ...
Page 267 - 260 -...
Page 268: Clearing The Traffic Logs
Clearing the Traffic Logs The Administrator may clear on-line logs to keep just the most updated logs on the screen. Step 1. In the Traffic Log window, click the Clear Logs button at the bottom of the screen. Step 2. In the Clear Logs pop-up box, click Ok to clear the logs or click Cancel to cancel it. - 261 -...
Page 269: Event Log
Event Log When the Multi-Homing Gateway detects events, the Administrator can get the details, such as time and description of the events from the Event Logs. Entering the Event Log window Click the Event Log option under the Log menu and the Event Log window will appear. The table in the Event Log window displays the time and description of the events.
Page 270: Downloading The Event Logs
Downloading the Event Logs Step 1. In the Event Log window, click the Download Logs button at the bottom of the screen. Step 2. Save the event logs into a specific directory on the hard drive. - 263 -...
Page 271: Clearing The Event Logs
Clearing the Event Logs The Administrator may clear on-line event logs to keep just the most updated logs on the screen. Step 1. In the Event Log window, click the Clear Logs button at the bottom of the screen. Step 2. In the Clear Logs pop-up box, click OK to clear the logs or click Cancel to cancel it. - 264 -...
Page 272 Connection Log Click Log in the menu bar on the left hand side, and then select the sub-selection Connection Log. Definition: Time：The start and end time of connection. Connection Log：Event description during connection. - 265 -...
Page 273: Download Logs
Download Logs Step 1. Click Log in the menu bar on the left hand side and then select the sub-selection Connection Log. Step 2. In Connection Log window, click the Download Logs button. Step 3. Save the logs to the specified location. - 266 -...
Page 274 Clear Logs Step 1. Click Log in the menu bar on the left hand side, and then select the sub-selection Connection Logs. Step 2. In Connection Log window, click the Clear Logs button. Step 3. In Clear Logs window, click OK to clear the logs or click Cancel to discard changes.
Page 275: Log Backup
Log Backup The Log Backup Click Log Log Backup. Step 1. Step 2.  Log Mail Configuration：When the Log Mail files accumulated up to 300Kbytes, router will notify administrator by email with the traffic log and event log.。 Note: Before enabling this function, you have to enable E-mail Alarm in Administrator.
Page 276: Enable Log Mail Support & Syslog Message
Enable Log Mail Support & Syslog Message Log Mail Configuration /Enable Log Mail Support Step 1. Firstly, go to Admin –Select Enable E-mail Alert Notification under E-Mail Settings. Enter the e-mail address to receive the alarm notification. Click OK. Step 2. Go to LOG Log Backup. Check to enable Log Mail Support. Click OK. System Settings/Enable Syslog Message Step 3.
Page 277: Disable Log Mail Support & Syslog Message
Disable Log Mail Support & Syslog Message Go to LOG Log Backup. Uncheck to disable Log Mail Support. Click OK. Step 1. Go to LOG Log Backup. Uncheck to disable Settings Message. Click OK. Step 2. - 270 -...
Page 278: Alarm
Alarm In this chapter, the Administrator can view traffic alarms and event alarms that occur and the Multi-Homing Gateway has logged. Multi-Homing Gateway has two alarms: Traffic Alarm and Event Alarm. Traffic alarm: In control policies, the Administrator set the threshold value for traffic alarm. The System regularly checks whether the traffic for a policy exceeds its threshold value and adds a record to the traffic alarm file if it does.
Page 279: Traffic Alarm
Traffic Alarm Entering the Traffic Alarm window Click the Traffic Alarm option below Alarm menu to enter the Traffic Alarm window The table in the Traffic Alarm window displays the current traffic alarm logs for connections.  Time: The start and stop time of the specific connection. ...
Page 280: Downloading The Traffic Alarm Logs
Downloading the Traffic Alarm Logs The Administrator can back up traffic alarm logs regularly and download it to a file on the computer. Step 1. In the Traffic Alarm window, click the Download Logs button on the bottom of the screen.
Page 281: Clearing The Traffic Alarm Logs
Clearing the Traffic Alarm Logs Step 1. In the Traffic Alarm window, click the Clear Logs button at the bottom of the screen. Step 2. In the Clear Logs pop-up box, click Ok to clear the logs or click Cancel to cancel. - 274 -...
Page 282: Event Alarm
Event Alarm Entering the Event Alarm window Click the Event Alarm option below the Alarm menu to enter the Event Alarm window. The table in Event Alarm window displays current traffic alarm logs for connections.  Time: log time.  Event: event descriptions. - 275 -...
Page 283 Downloading the Event Alarm Logs The Administrator can back up event alarm logs regularly by downloading it to a file on the computer. Step 1. In the Event Alarm window, click the Download Logs button at the bottom of the screen.
Page 284: Clearing Event Alarm Logs
Clearing Event Alarm Logs The Administrator may clear on-line logs to keep the most updated logs on the screen. Step 1. In the Event Alarm window, click the Clear Logs button at the bottom of the screen. Step 2. In the Clear Logs pop-up box, click OK. - 277 -...
Page 285: Statistics
Statistics In this chapter, the Administrator queries the Multi-Homing Gateway for statistics of packets and data which passes across the Multi-Homing Gateway. The statistics provides the Administrator with information about network traffics and network loads. What is Statistics Statistics are the statistics of packets that pass through the Multi-Homing Gateway by control policies setup by the Administrator.
Page 286: Wan Statistics
WAN Statistics Step 1. Click Statistics in the menu bar on the left hand side, and then select WAN Statistics. Step 2. The WAN Statistics will be displayed. - 279 -...
Page 287: Entering The Statistics Window By Time
Entering the Statistics window by Time The Statistics window displays the statistics of network connections (downstream and upstream as well) by minute, hour, or day. All WAN Interface : Displays statistics of WAN 1/2 network connections (downstream and upstream as well) in a total amount by minute, hour or day. Step 1.
Page 288 - 281 -...
Page 289: Policy Statistics
Policy Statistics Entering the Statistics window Step 1. The Statistics window displays the statistics of current network connections.  Source: the name of source address.  Destination: the name of destination address.  Service: the service requested.  Action: permit or deny ...
Page 290: Entering The Policy Statistics
Entering the Policy Statistics Step 1. Click Statistics in the menu bar on the left hand side, and then select WAN Statistics. Step 2. In Statistics window, find the domain name you want to view Step 3. In the Statistics window, find the network you want to view and click Minute on the right hand side, and then you will be able to view the Statistics figure every minute;...
Page 291: Status
Status In this section, the device displays the status information about the Multi-Homing Gateway. Status will display the network information from the Configuration menu. The Administrator may also use Status to check the DHCP lease time and MAC addresses for computers connected to the Multi-Homing Gateway.
Page 292: Interface Status
Interface Status Entering the Interface Status window Click on Status in the menu bar, then click Interface Status below it. A window will appear providing information from the Configuration menu. Interface Status will list the settings for LAN Interface, WAN 1/2 Interface, and the DMZ Interface. - 285 -...
Page 293: Arp Table
ARP Table Entering the ARP Table window Click on Status in the menu bar, then click ARP Table below it. A window will appear displaying a table with IP addresses and their corresponding MAC addresses. For each computer on the LAN, WAN 1/2/3/4, and DMZ network that replies to an ARP packet, the device will list them in this ARP table.
Page 294: Dhcp Clients
DHCP Clients Entering the DHCP Clients window Click on Status in the menu bar, then click on DHCP Clients below it. A window will appear displaying the table of DHCP clients that are connected to the device. The table will list host computers on the LAN network that obtain its IP address from the Multi-Homing Gateway‟s DHCP server function.
Page 295: Setup Examples
Setup Examples Example 1: Allow the LAN network to be able to access the Internet Example 2: The LAN network can only access Yahoo.com website Example 3: Outside users can access the LAN FTP server through Virtual Servers Example 4: Install a server inside the LAN network and have the Internet (WAN 1) users access the server through IP Mapping Please see the explanation of the examples below:...
Page 296 Example 1:Allow the LAN network to be able to access the Internet Step 1 Enter the Outgoing window under the Policy menu. Step 2 Click the New Entry button on the bottom of the screen. Step 3 In the Add New Policy window, enter each parameter, then click OK. - 289 -...
Page 297 Step 4 When the following screen appears, the setup is completed. - 290 -...
Page 298 Example 2: The LAN network can only access Yahoo.com website. Step 1. Enter the WAN window under the Address menu. Step 2. Click the New Entry button. Step 3. In the Add New Address window, enter relating parameters. Step 4. Click OK to end the address table setup. - 291 -...
Page 299 Step 5. Go to the Outgoing window under the Policy menu. Step 6. Click the New Entry button. Step 7. In the Add New Policy window, enter corresponding parameters. Click OK. - 292 -...
Page 300 Step 8. When the following screen appears, the setup is completed. - 293 -...
Page 301 Example 3:Outside users can access the LAN FTP server through Virtual Servers Step 1. Enter Virtual Server under the Virtual Server menu. Step 2. Click the „click here to configure‟ button. Step 3. Select an WAN 1/2 IP address, then click OK. Step 4.
Page 302 Step 7. A new Virtual Service should appear. - 295 -...
Page 303 Step 8. Go to the Incoming window under the Policy menu, then click on the New Entry button. - 296 -...
Page 304 Step 9. In the Add New Policy window, set each parameter, then click OK. - 297 -...
Page 305 Step 10. An Incoming FTP policy should now be created. - 298 -...
Page 306 Example 4:Install a server inside the LAN network and have the Internet (WAN 1) users access the server through IP Mapping Step 1. Enter the Mapped IP window under the Virtual Server menu. Step 2. Click the New Entry button. - 299 -...
Page 307 Step 3. In the Add New IP Mapping window, enter each parameter, and then click OK. - 300 -...
Page 308 Step 4. When the following screen appears, the IP Mapping setup is completed. - 301 -...
Page 309 Step 5. Go to the Incoming window under the Policy menu. Step 6. Click the New Entry button. - 302 -...
Page 310 Step 7. In the Add New Policy window, set each parameter, then click OK. Step 8. Open all the services. (ANY) - 303 -...
Page 311 Step 9. The setup is completed. - 304 -...
Page 312: General Public License
If you would like a copy of the GPL or other open source code in this software on a physical CD medium, LevelOne (Digital Data Communications) offers to mail this CD to you upon request, for a price of US$9.99 plus the cost of shipping.

LevelOne FBR-2000 User Manual

System

Interface

Address

Service

Schedule

Content Filtering

Virtual Server

Vpn

Policy

Alarm

Statistics

Status

Setup Examples

Quick Links

Need help?

Questions and answers

Related Manuals for LevelOne FBR-2000

Summary of Contents for LevelOne FBR-2000