1. Manuals
  2. Brands
  3. ShareTech Manuals
  4. Gateway
  5. SG-100N
  6. Administrator's manual

ShareTech SG-100N Administrator's Manual

Security gateway
Hide thumbs
Table of Contents

Advertisement

Quick Links

Conventions Used in This Book
ShareTech Security Gateway
IP Address
Account / Password
1
SG-100N Administrator Manual
LAN default IP and Password
192.168.1.1
admin / admin
Version 6.1.9

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SG-100N and is the answer not in the manual?

Questions and answers

Summary of Contents for ShareTech SG-100N

  • Page 1 Conventions Used in This Book ShareTech Security Gateway SG-100N Administrator Manual Version 6.1.9 LAN default IP and Password IP Address 192.168.1.1 Account / Password admin / admin...

  • Page 2: Table Of Contents

    Conventions Used in This Book Table of Contents CONVENTIONS USED IN THIS BOOK .............. 5 CHAPTER 0:DESCRIPTION ................6 0-1 H ....................... 7 ARDWARE VERVIEW 0-2 F ........................... 8 RONT ANEL 0-3 R ..........................9 ANEL 0-4 S ........................14 YSTEM ETTING 0-5 S...
  • Page 3 Conventions Used in This Book CHAPTER 3:POLICY ................. 105 3-1 W ......................... 106 OLICY 3-2 LAN P ......................... 106 OLICY 3-3 DMZ P ........................108 OLICY 3-4 WAN P ........................108 OLICY CHAPTER 4:OBJECTS ................109 4-1 A ........................110 DDRESS ABLE 4-2 S...
  • Page 4 Conventions Used in This Book 7-3 VPN P ......................... 197 OLICY 7-4 SSL F .................... 199 ROM YOUR NDROID PHONE CHAPTER 8:VPN ..................209 8-1 IPS ........................210 UNNEL 8-2 PPTP S ........................216 ERVER 8-3 PPTP C ........................222 LIENT 8-4 VPN P .........................

  • Page 5: Conventions Used In This Book

    Conventions Used in This Book Conventions Used in This Book The following typographical conventions are used in this book Content Style Menu > Submenu > Right Side Banner Selections e.g. Configuration > Administrator > System Setup Constant width bold Indicates chapter and section "Italic"...

  • Page 6: Chapter 0:Description

    Chapter 0:Description Chapter 0:Description In this chapter, it will not only tell you how to install and connect your network system but also configure and monitor it. Many explanations in detail functions are shown as well as the examples of the operation for interface. In the description chapter you can enable the following lists: ․...

  • Page 7: Hardware Overview

    Unlike the traditional way building a gateway firewall and then installing shared storage space via NAS or Network Neighborhood, ShareTech SG-100N is a gateway device integrated NAS into firewall, protecting user’s network against threats from web activities with URL filtering. Users can define search by keywords and sort options.

  • Page 8: Front Panel

    Figure 0-2. 1 Front Panel  Model Name:please see the Figure 0-2.1 (Figure 0-2.1) Appliance LED Behavior State Description POWER Blinking ShareTech appliance is activity Green ShareTech appliance in ON Take off adapter power(+12V DC) Flashing Amber Activity going on No activity Ethernet Ports...

  • Page 9: Rear Panel

    Chapter 0:Description 0-3 Rear Panel Figure 0-3. 1 Rear Panel  Power supply: +12 DC in  Console Port: By using RJ-45 to DB-9 Female cable, you can connect to a computer terminal for diagnostic or configuration purpose. Terminal Configuration Parameters: 115200 baud Rate, 8 data bits, 1 stop bit, no parity, XON/XOFF flow control.
  • Page 10 How to use condole cale: The SG-100N can be configured via the "Console" port located on the SG-100N’s Rear panel using a terminal-emulation program (e.g. HyperTerminal). (Figure 0-3.3) Please purchase USB to RS232/DB9 Serial Cable and download its driver (Figure 0-3.2)
  • Page 11 Chapter 0:Description Figure 0-3. 3 using console Downlaod PuTTY: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html Use the following configuration settings for terminal-emulation programs: (Figure 0-3.4) Figure 0-3. 4 PuTTY Configuration...
  • Page 12 Chapter 0:Description Please check your COM and LPT (Figure 0-3.5) Figure 0-3. 5 USB-SERIAL Enter Information: (Figure 0-3.6)  Choose "serial"  Serial line: COM(?), please refer to Figure 0-3.5, and enter your COM number.  Speed : 115200  Choose "Open" Figure 0-3.
  • Page 13  admin_pw_def: reset your login User Name and Password to be default(admin/admin)  admin_ip_def: reset your IP to be 192.168.1.1  Apache_port: shows http and https port  Restart: reboot SG-100N and every setting still exist on equipment.  Poweroff: shutdown SG-100N. Figure 0-3. 7 Console Screen...

  • Page 14: System Setting

    Chapter 0:Description 0-4 System Setting Deployment Your PC connect the device’s LAN port directly or, with the same hub / switch, and launch a web browser (ex. Internet Explorer, Mozilla Firefox, or Chrome) to access the management interface address which is set to http://192.168.1.1 by default.
  • Page 15 Chapter 0:Description Login completed (Figure 0-4.3) Figure 0-4. 3 Login completed Change Language Default management interface language is English. Select Configuration > Language > Language. Then, there are three languages, English, Traditional Chinese, and Simplified Chinese. Select one language which belongs to you. Click on (Figure 0-4.4) Figure 0-4.

  • Page 16: Setting Internal And External Network

    Chapter 0:Description 0-5 Setting internal and external network In this section, follow two parts below, LAN setup and WAN setup, and to start machine up. When configure a new LAN interface address accordingly. If the company’s LAN IP address is not belong to subnet of 192.168.1.0/24 (default), and then the Administrator must add/change PC IP address to be within the same range of the LAN subnet.
  • Page 17 Chapter 0:Description Setting Internal Network Select Network > Interface > Port 1, and Interface Type is LAN. (Figure 0-5.2) Administrator clicks on Network > Interface > Port 1 (LAN) to enter internal network information. At last, click on “save” to complete the setup. Figure 0-5.
  • Page 18 Chapter 0:Description Step 1: Network > Interfaces > Port 2 (WAN) (Figure 0-5.4) (Figure 0-5.5) Figure 0-5. 4 WAN 1 Setting Figure 0-5. 5 WAN1 Connection Type Step 2: Port 2 (WAN) Alive Detection (Figure 0-5.6) Figure 0-5. 6 WAN1 Alive Detection...
  • Page 19 Chapter 0:Description Step 3: General Setting on Port 2 (WAN) (Figure 0-5.7) Figure 0-5. 7 General Setting on Port 2 Step 4: After finish configuring LAN and WAN, SG-100N setup is successful.

  • Page 20: Homepage Information

    Chapter 0:Description 0-6 Homepage Information Menu Bar From top of the screen, menu bar, you can know different models depend on the different colors. SG series is Blue color. (Figure 0-6.1) Figure 0-6. 1 Menu Bar MENU On the other hand, from the left side of the screen, MENU, it shows difference depend on the different models.
  • Page 21 Chapter 0:Description System Information and Server Service The Server Model and Server Version of the machine (Figure 0-6.4) : Service works. : Service does not work. Figure 0-6. 4 System Information and Server Service Interface Equipment Interface details: (Figure 0-6.5) ...
  • Page 22 Chapter 0:Description Click (Figure 0-6.6) Figure 0-6. 6 Interface more detailed...

  • Page 23: Chapter 1:Configuration

    Chapter 1:Configuration Chapter 1:Configuration In this chapter, you will know how to configure your machine of Date, Time, Administrator, Backup, Notification, and Language. In the Description chapter you can enable the following lists: ․ 1-1 Data & Time ․ 1-2 Administration ․...

  • Page 24: Date & Time

    Finally, this might be necessary if you are running a setup that does not allow ShareTech to reach the internet. You can add a host on User Defined Time Server field. In the Date & Time section you can enable the following lists: (Figure 1-1.1)
  • Page 25  Click on Method 3: This might be necessary if you are running a setup that does not allow ShareTech to reach the internet.  Select Enabled in Network Time Retrieval.

  • Page 26: Administration

    Chapter 1:Configuration 1-2 Administration This section mainly explains the authorization settings for accessing. It covers the subjects of Administrator Setup, System Setup, Manage IP Address, Clear Data, and SMTP Server Setting. In this section you can enable the following lists: Select Configuration >...
  • Page 27 Chapter 1:Configuration Figure 1-2. 1 User Defined Menu Select Configuration > Administration > System. This function shows view of the screen and system default setting. General Setting: (Figure 1-2.2)  Login Message: Enter a name, and then click on . The name you enter will be showed when you login.
  • Page 28 Chapter 1:Configuration Figure 1-2. 2 System Setup Figure 1-2. 3 Login Message Figure 1-2. 4 Homepage Message...
  • Page 29 Chapter 1:Configuration Figure 1-2. 5 Browser Message Figure 1-2. 6 Upload Logo...
  • Page 30 Chapter 1:Configuration Login Failure Block Settings: (Figure 1-2.7)  Temporarily block when login failed more than:  IP blocking period:  Unblocked IP: (Figure 1-2.9) Figure 1-2. 7 Login failure block Settings Here is an example: enter wrong username and password more than five times, and browser shows the following figure.
  • Page 31 Chapter 1:Configuration Reset/Reboot Setting:  Reset to Default Setting: If you need keep LAN, WAN and DMZ IP setting or you need to format hard disk, please select what you need. If you do not select, it means that you just want to reset to default setting.
  • Page 32 Chapter 1:Configuration If don’t set up any IP address here , system would follow Network > Network > IP (Figure 1-2.13) Address > Ports what you set up. (Figure 1-2.14) (Figure 1-2.15) Figure 1-2. 13 Administrator Management Figure 1-2. 14 Port 1 Administrator Management...
  • Page 33 Chapter 1:Configuration Figure 1-2. 15 Port 2 Administrator Here is an example: Please note Action should ne “Allow all of the Following.” Click on to create a new IP and Netmask for Interface management. (Figure 1-2.17) Figure 1-2. 16 IP Address Then, others which are not among the IP range don’t have permission to access the server even if server works fine.
  • Page 34 Chapter 1:Configuration Select Configuration > Administration > Clear Data. There are two methods, manually or system clear it auto. Clear Data: In order to more space for Hard Dish, delete some records & logs which are not necessary. Click on .
  • Page 35 Chapter 1:Configuration  TLS: The TLS protocol allows client-server applications to communicate across a network in a way designed to prevent eavesDropping and tampering.  Delivery Domain Name: If Delivery Domain Name is the same with the domain of receiver, the email will be sent from this SMTP setting;...
  • Page 36 Chapter 1:Configuration If users got email as blow, your setting is correct, or else, user has to check users’ SMTP server setting again. (Figure 1-2.24) Figure 1-2. 23 Got SMTP TEST Email...

  • Page 37: System

    Chapter 1:Configuration 1-3 System In the System section you can enable the following lists: Select Configuration > System > System Backup, you will see two parts, System Backup and System Recovery. (Figure 1-3.1) Clear Data: System Backup: Click on , and then please wait a minute. You will see another window.
  • Page 38 Chapter 1:Configuration Figure 1-3. 2 Auto Backup Figure 1-3. 3 Backup Logs...
  • Page 39  Firmware Upgrade: You could know information about server model and current Firmware Version. Besides, ShareTech offer Software Upgrade file constantly on the ShareTech website. Therefore, you could follow the link below to download the most new one on the Internet.

  • Page 40: Package

    Chapter 1:Configuration 1-4 Package It’s an optional item. (Figure 1-4.1)  WiFi: 802.11 b/g/n wireless. (2.4Ghz, 3T3R, 2dBi) Figure 1-4. 1 Package...

  • Page 41: Language

    Chapter 1:Configuration 1-5 Language Select Configuration > Language > Language. It offers three languages that you are able to select, English, Traditional Chinese, and Simplified Chinese. Select a language which belongs to you. (Figure 1-5.1) Figure 1-5. 1 Language...

  • Page 42: Notification

    Chapter 1:Configuration 1-6 Notification This function is in order to remind users if items are strange or happened. This advance notification helps administrator plan for effective deployment of security problems, and includes information about the number of security happened and information about any detection tools relevant to the updates.
  • Page 43 Chapter 1:Configuration Users will get email as below. (Figure 1-6.2) (Figure 1-6.3) Figure 1-6. 2 notification mail-1 Figure 1-6. 3 notification mail-2...
  • Page 44 Chapter 1:Configuration Select Configuration > Notification > Log. (Figure 1-6.4)  Date: Set date and time.  Event: Set information what you want to search.  Recipient: The mail receiver  Record / Page: Select how many data would be shown on the screen. ...

  • Page 45: Backup & Mount

    Chapter 1:Configuration 1-7 Backup & Mount Some of IT administrators are afraid of the hard disk which is belonging to SG-100N broken; even through IT administrators do backup system usually or users forget where those files location are. Otherwise, users are also afraid of the device doesn’t have enough free space to store those files.
  • Page 46 Chapter 1:Configuration Backup Setting  Scheduled Backup: Select when does the system backup data?  Send Backup Result Notification: User has to go to Configuration > Notification > Notification set your information first. Then, you will get mail after system backup successfully. (Figure 1-7.3) Figure 1-7.
  • Page 47 Chapter 1:Configuration If you want to see previous contents, but you have ever reset machine to default setting or have ever Clear Data, for these reasons, there are no data contents in this machine hardisk. Fortunately, you have ever use Backup & Mount application to backup contents to another server or computer. Then, you can mount these contents to search Content Record items.

  • Page 48: Signature Update

    Chapter 1:Configuration 1-8 Signature Update Select Configuration > Signature Update > Signature Update. (Figure 1-8.1) Default is manual update.  Automatic Update (Figure 1-8.1) Please select check box, and then system automatically updates the signature version. Figure 1-8. 1 Signature Update ...

  • Page 49: Cms

    For example, you have 4 sets of SG-100N in one building or different places, and be able to view the each SG-100N interfaces from all of them on the same screen or monitor.
  • Page 50 Chapter 1:Configuration Figure 1-9. 2 Branch CMS Client setting  Head office-A (Figure 1-9.3) 4. Mode: Client 5. Server: Head office and Head office-A at the same Internal subnet, so enter Head office LAN IP 192.168.163 or domain 6. Alias: Enter a name for recognition 7.
  • Page 51 Chapter 1:Configuration Figure 1-9. 5 Click “New client requests (1) 4. Click "Accept. " (Figure 1-9.6) Figure 1-9. 6 it shows CMS client(s) 5. Set up group (Figure 1-9.7) Figure 1-9. 7 it shows CMS client site information :Connect succeed. :Connections fail.

  • Page 52: A Pmanagement

    Chapter 1:Configuration 1-10 Ap Management The rise in popularity of smartphones and tablets, combined with enterprise Bring Your Own Device (BYOD) programs, has sent the demand for enterprise Wi-Fi connectivity in many organizations. Wi-Fi becomes as popular and easy to access as cellular is now. You can connect your smartphone or laptop wirelessly at public locations (airports, hotels, coffee shops) to the establish Internet service.
  • Page 53 Chapter 1:Configuration  HiGuard SOHO/HOME : (Figure 1-10.3) (Figure 1-10.4) 1. System > Overview Figure 1-10. 3 HiGuard SOHO/HOME AP mode 2. Network > AP Management: enable it and enter SG-100N LAN IP Figure 1-10. 4 HiGuard SOHO/HOME manager IP...
  • Page 54 Chapter 1:Configuration  AP-200: (Figure 1-10.5) Service > UTM Client: Enable it and enter SG-100N LAN IP Figure 1-10. 5 AP-200 SG-100N Client Network Services > DHCP Before “Start” Ap management, please enable DHCP on (Figure 1-10.6) Figure 1-10. 6 DHCP...
  • Page 55 Centralized architectures have gained popularity recently. Without a single unified controller, it is very difficult for administrators to configure, manage, and rapidly discover which AP is the problematic one among other 20 APs, or even more. ShareTech provides a total AP management solution- HiGuard HOME/SOHO (2 antenna wireless 802.11N/B/G...
  • Page 56 Chapter 1:Configuration router integrates flows to ShareTech SG-100N which independently manages as a separate network entity on the network. (Figure 1-10.8) Figure 1-10. 8 ShareTech SG-100N AP Control Platform On ShareTech SG-100N AP management interface, administrators can easily monitor and...

  • Page 57: Ssl Proof

    Certification at local SSL Certification organizations. It depends on company domain, your company WAN IP, company logo, and others. (Figure 1-11.1) Figure 1-11. 1 Privacy error Noted: ShareTech doesn’t suggest and guarantee any one of SSL Certification organizations, the following are examples. GeoTrust: https://www.geotrust.com/ Symantec: http://www.symantec.com/verisign/ssl-certificates?inid=us_ps_flyout_prdts_ssl...
  • Page 58 Chapter 1:Configuration Select Configuration > SSL Proof > SSL Proof Set. 1. Please import three files (server.Key, server.crt, and intermediate certificate) which you apply for your own SSL Certification from organizations. (Figure 1-11.2) Figure 1-11. 2 import SSL Proof 2. Sometimes, organizations will ask for server.cst and server.key. Therefore, please enter information and download files.

  • Page 59: Mycloud Setting

    Chapter 1:Configuration 1-12 MyCloud Setting SG-100N comes with a slick cloud storage solution for SMB to have their own private cloud ensuring safety, integrity and real-time availability. My Cloud satisfies users with easy access, multi-language support, real-time file synchronization, group accounts management, priority-based control, and online data storage of all type of files.
  • Page 60 Chapter 1:Configuration Select Configuration > My Cloud Setting > MyCloud Setting (Figure 1-12.2) MyCloud Setting  Http Port Setting: allow Http when you enabled it  Https Port Setting: allow Https when you enabled it Restart MyCloud service  Restart MyCloud service: Reset MyCloud admin password ...
  • Page 61 Chapter 1:Configuration Or open the browser; enter Port 1, or Port 2 IP in the address bar. (Figure 1-12.4) Default username / Password: admin/ admin Figure 1-12. 4 enter IP to login My cloud Login completed (Figure 1-12.5) Figure 1-12. 5 MyCloud Homepage Information...
  • Page 62 Chapter 1:Configuration Personal  Password: set up Adminisrtator’s password (Figure 1-12.6)  Full Name: set up Adminisrtator’s username (Figure 1-12.6)  Language: Choose your native language (Figure 1-12.6) Figure 1-12. 6 Password, Full Name, and Language...
  • Page 63 Chapter 1:Configuration Users Shows every group and its members Members who are in Group (admin) have high permission to manage settings. (Figure 1-12.7) Figure 1-12. 7 High Permission to manage settings.
  • Page 64 Chapter 1:Configuration  Add a New Group (Figure 1-12.8) Figure 1-12. 8 Add a new GroupAdd a new member into the group. (Figure 1-12.8)  Add a New member into a group (Figure 1-12.9) Figure 1-12. 9 Add a new member...
  • Page 65 Chapter 1:Configuration  Set up users’ Quota (Figure 1-12.10) Default Quota: unlimited Figure 1-12. 10 Set Up user’s Quota  A member is able to be with more than a group (Figure 1-12.11) Figure 1-12. 11 a member within two groups...
  • Page 66 Chapter 1:Configuration Group Admin: group leader Others are its’ members. (Figure 1-12.11) Figure 1-12. 12 Group admin Admin HDD usage: it shows total HDD usage (Figure 1-12.13) Depend on your HDD usage. Default is 320G Figure 1-12. 13 HDD usage File handling (Figure 1-12.14) maximum Upload possible: 2 GB...
  • Page 67 Chapter 1:Configuration Remote Shares  Allow other instances to mount public links shared from this server  Allow users to mount public link shares Upload Logo  Login Logo (Figure 1-12.15) Figure 1-12. 15 Login Logo  Logined Logo (Figure 1-12.16) Figure 1-12.
  • Page 68 Chapter 1:Configuration  Share Link Logo (Figure 1-12.17) When you copy your file link and share it with your friends, your friends will Figure 1-12. 17 Copy Link Your friends will open the browser; enter share link in the address bar, will see this (Figure 1-12.18) logo which you uploaded...
  • Page 69 Chapter 1:Configuration  Page icon (Figure 1-12.19) Figure 1-12. 19 Page icon  Page icon(iPad, iPhone) Background Color (Figure 1-12.20) Figure 1-12. 20 Background Color  Login BackGround: Default is #5ED8EE and #17A4BE Example: #E9EE5E #BE1717 (Figure 1-12.21) Figure 1-12. 21 Login BackGround...
  • Page 70 Chapter 1:Configuration  Logined Logo BackGround: default #31B5CD Example: #4B31CD (Figure 1-12.22) Figure 1-12. 22 Logined logo BackGround Upload User Manual  Upload User Manual: upload a file which guide user how to use their cloud files. (Figure 1-12.24) File extension: pdf, and only one file existed (Figure 1-12.23) Figure 1-12.
  • Page 71 Chapter 1:Configuration User List (Figure 1-12.25)  Enable User List: every users has permission to see each other Members who are in Admin Group have high to manage settings. Default: disable Figure 1-12. 25 User List Sharing  Allow apps to use the Share API ...
  • Page 72 Chapter 1:Configuration Figure 1-12. 27 Allow users to share via link-2 Figure 1-12. 28 disable “Allow users to share via link”-1 Figure 1-12. 29 disable “Allow users to share via link”-2...
  • Page 73 Chapter 1:Configuration 1. Enforce password protection: must enter password for protecting. (Figure 1-12.30) Default: Disable Figure 1-12. 30 Enforce password protection 2. Allow public uploads: users are able to decide whether others upload files or not (Figure 1-12.31) Default: Enabled Figure 1-12.
  • Page 74 Chapter 1:Configuration 3. Set default expiration date: The public link will expire no later than 7 days after it is created (Figure 1-12.32) Default: Disable Figure 1-12. 32 Set default expiration date  Allow resharing Default: Enabled  Restrict users to only share with users in their groups Default: Enabled (Figure 1-12.33) Figure 1-12.
  • Page 75 Chapter 1:Configuration admin and lois are in the same group so that they can share files each other only. However, both admin and lois are not able to share files to others. (Figure 1-12.34) Figure 1-12. 34 Restrict users to only share with users in their groups-2 Here is the other example, Disable (Figure 1-12.35) Figure 1-12.
  • Page 76 Chapter 1:Configuration admin is able to share its files with others even if different groups. (Figure 1-12.36) Figure 1-12. 36 admin able to share its file with others  Exclude groups from sharing: These groups will still be able to receive shares, but not to initiate them.
  • Page 77 Chapter 1:Configuration So others are still share their own file with Randy, however, Engineering group members who are not able to share their files to others. (Figure 1-12.38) Figure 1-12. 38 Exclude groups from sharing Security  Enforce HTTPS: Forces the clients to connect to via an encrypted connection.
  • Page 78 Chapter 1:Configuration My Cloud Homepage Information: All files (Figure 1-12.39) Figure 1-12. 39 All files Shared with you (Figure 1-12.40) you are able to click on to unshare it. Figure 1-12. 40 Shared with you...
  • Page 79 Chapter 1:Configuration Shared with others You have shared this documents with randy (Figure 1-12.41) Figure 1-12. 41 Shared with others Shared by Link You haven’t shared any files by link yet. (Figure 1-12.42) Figure 1-12. 42 Shared by Link...

  • Page 80: Chapter 2:Network

    Chapter 2:Network Chapter 2:Network In this chapter, the Administrator can set the office network. There are two sections, Interfaces and Routing. The Administrator may configure the IP address of the LAN, the WAN, and the DMZ. Besides, not only IPv4 address setting, but also IPv6 address settings. ․...

  • Page 81: Interface

    Chapter 2:Network 2-1 Interface In the Interface section you can enable the following lists: Select Network > Interface> Port LAN Interface Setting: (Figure 2-1.1)  Name: Enter any words for recognition.  Interface Name: eth0  IP Address: Enter an IP address. ...
  • Page 82 Chapter 2:Network that all hosts must be prepared to accept, which has a value of 576 for IPv4 and of 1280 for IPv6. Media Maximum Transmission Unit Notes (Bytes) Internet IPv4 Path MTU At Least 68 Practical path MTUs are generally higher. IPv4 links must be able to forward packets of size up to 68 bytes.
  • Page 83 Chapter 2:Network ARP Spoofing Prevention: (Figure 2-1.1) Figure 2-1. 2 ARP Spoofing Prevention What Is ARP Spoofing ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker’s MAC address with the IP address of a legitimate computer or server on the network.
  • Page 84 Chapter 2:Network 1. NAT mode 2. Routing For example, a company, divided into Engineering department, Marketing Department, Sales Department, Purchasing Department and Accounting Department has a lease line with multiple Public IP addresses; 168.85.88.0/24. In order to facilitate the network management, the IT administrator may designate a subnet to each department respectively.
  • Page 85 Chapter 2:Network Completed Figure 2-1. 6 Multiple Subnet The IT administrator must renew his / her own PC’s IP address upon using a DHCP server. It is to assure the access validity of the management interface after the change of LAN interface IP address.
  • Page 86 3. Manual: According administrator demand to share loading on the WAN. 4. By Destination IP: Once a session is created between the ShareTech SG-100N and a specific host, then the following sessions linking to that host will be automatically distributed to the same WAN port.
  • Page 87 Chapter 2:Network Figure 2-1. 8 WAN 1 Setting WAN Alive Detection (Figure 2-1.9)  Detection Method: Using DNS, ICMP or NONE to check WAN is on or off. Both DNS and ICMP need to setup IP address for test. In addition, you can click on to see more detail Logs.
  • Page 88 Chapter 2:Network You are able to see attack logs which through Port2 of SG-100N machine on Objects > Firewall Protection > Attack Log. (Figure 2-1.11) Figure 2-1. 11 Firewall Protection Port Scan General Setting (Figure 2-1.12)  DNS Server 1: The IP address of the DNS server used for the bulk of DNS lookups.
  • Page 89 Chapter 2:Network Figure 2-1. 13 Interface Config Figure 2-1. 14 Port 3 setting Please note that Interface Type depend on what you set up on Network > Interface > Interface Config For example: Configure the IP address and subnet mask of your demilitarized zone (DMZ) here.
  • Page 90 Figure 2-1. 15 Port 3 Setting What’s the difference between DMZ (Transparent Routing) and DMZ (Transparent Bridge)? In the past, most of SG-100N supports NAT and Transparent mode usually in order to satisfy customers with different network framework requirement. DMZ is an independent virtual (internal) network within NAT mode.
  • Page 91 Transparent Routing and Transparent Bridge Transparent Routing: (Figure 2-1.16) When DMZ packets pass through ShareTech SG-100N, system follows routing table rule and then deliver packets to their destination. Network Environment: When enterprise has more than two WANs, and must do load balance necessarily.
  • Page 92 Please see the following figure, if we put gateway in front of SG-100N, and then gateway bind DMZ’s IP and MAC. So, as we know the packets is allowed pass out if having the same IP and MAC. On the other hand, the packets will be block if it’s with Transparent Routing mode, because gateway just analyze...
  • Page 93 Chapter 2:Network Figure 2-1. 18 Transparent Routing / Transparent Bridge Compare Transparent Routing with Transparent Bridge Transparent Routing Transparent Bridge Load Balance Environment More than two WANs Only one WAN The packets form DMZ WAN Port MAC Original MAC Figure 2-1. 19 Compare Transparent Routing with Transparent Bridge...
  • Page 94 Chapter 2:Network It’s an optional item. If you never purchase WiFi on Configuration > Package, you will not see this Please enable one of SSID. (Figure 2-1.20) Figure 2-1. 20 WiFi Custom Port (Fixed LAN & WAN1) (Figure 2-1.21) Please note systme will reboot after modify Figure 2-1.

  • Page 95: Interface (Ipv6)

    Chapter 2:Network 2-2 Interface (IPv6) IPv4 is not enough anymore until 2021, and previously technical administrators are used to rely on IPv4 with NAT mode. As for now, IPv6 which offer more flexible for distributing IP address and routing table turn up. Compared to IPv4, the most obvious advantage of IPv6 is its larger address space.
  • Page 96 Chapter 2:Network Select Network > Interface (IPv6) > Port (Figure 2-2.3) Please note that Interface Type depend on what you set up on Network > Interface > Interface Config. (Figure 2-1.9) The following is WAN2 IPv6 figure, so you are able to choose static, Tunnel, or PPPoE IPv6 ways.
  • Page 97 Chapter 2:Network The current IETF recommendation is to use AAAA (Quad A) RR for forward mapping and PTR RRs for reverse mapping when defining IPv6 networks. (Figure 2-2.5) The Google Public DNS IPv6 addresses are as follows: 2001:4860:4860::8888 2001:4860:4860::8844 Figure 2-2. 5 DNS IPv6...

  • Page 98: Routing

    Chapter 2:Network 2-3 Routing Routing tables contain a list of IP addresses. Each IP address identifies a remote router (or other network gateway) that the local router is configured to recognize. For each IP address, the routing table additionally stores a network mask and other data that specifies the destination IP address ranges that remote device will accept.
  • Page 99 Chapter 2:Network  Setting Routing Table completed. The network subnets of 192.168.20.1/24 and 192.168.1.1/24 now not only communicate with each other, but as well use NAT mode to access the Internet. In addition, select Mark tick box, and click on to create a new sub-content, modify contents, or to cancel list.
  • Page 100 Chapter 2:Network On Windows and Unix/Linux computers, the netstat -r command also displays the contents of the routing table configured on the local computer. IPV6 Routing Table setting way is the same as Routing Table section. (Figure 2-3.5) Figure 2-3. 5 IPV6 Routing Table...

  • Page 101: 2-4

    Chapter 2:Network 2-4 802.1Q IEEE 802.1Q is the networking standard that supports Virtual LANs (VLANs) on an Ethernet network. The standard defines a system of VLAN tagging for Ethernet frames and the accompanying procedures to be used by bridges and switches in handling such frames. The IEEE's 802.1Q standard was developed to address the problem of how to break large networks into smaller parts so broadcast and multicast traffic wouldn't grab more bandwidth than necessary.
  • Page 102 Chapter 2:Network Here I use ML-9324 switch for testing, and let’s create some VLANs. (Figure 2-4.2) Figure 2-4. 2 switch VLANs Then, distribute some ports among one group. (Figure 2-4.3) Figure 2-4. 3 VLAN Setup...
  • Page 103 Chapter 2:Network Select Port 1 to Port7 of packets should be with Tagged 3. (Figure 2-4.4) Figure 2-4. 4 VLAN per Port Configuration As your port is like the following figure. (Figure 2-4.5) Figure 2-4. 5 switch status...
  • Page 104 Chapter 2:Network  Comment: Enter any word for recognition  Multiple Subnet: choose one  IP Address: Enter an IP address.  Netmask: Enter Netmask  Interface: Select interface, LAN or DMZ.  VLAN ID: It is the identification of the VLAN, which is basically used by the standard 802.1Q. Add "VLAN ID 3"...

  • Page 105: Chapter 3:Policy

    Chapter 3:Policy Chapter 3:Policy ShareTech SG-100N inspects each packet passing through the device to see if it meets the criteria of any policy. Every packet is processed according to the designated policy; consequently any packets that do not meet the criteria will not be permitted to pass. The items of a policy include Policy Name,...

  • Page 106: Wifi Policy

    Chapter 3:Policy 3-1 WiFi Policy It’s an optional item. If you don’t purchase WiFi on Configuration > Package, you will not see this. Please check whether enable WiFi SSID or not It allows all packets if you set up nothing (Figure 3-1.1) Figure 3-1.
  • Page 107 Chapter 3:Policy  Software Access Control: It can restrict the use of application software. Set this function in the section of 4-5 Software Blocking  QoS: The guaranteed and maximum bandwidth settings (The bandwidth is distributed to users. Setting this in the section of 4-4 QoS) ...

  • Page 108: Dmz Policy

    Chapter 3:Policy  Traffic Analysis: Click on this button, you can see the detail illustration of traffic analysis.  Packet tracing: Record Logs of packet transmissions managed by the policy. You can click button to see packet logs. Fire wall Protection ...

  • Page 109: Chapter 4:Objects

    Chapter 4:Objects Chapter 4:Objects In the Objects chapter you can enable the following lists: ․ 4-1 Address Table ․ 4-2 Services ․ 4-3 Schedule ․ 4-4 ․ 4-5 Application Control ․ 4-6 URL Filter ․ 4-7 Virtual Server ․ 4-8 Firewall Protection ․...

  • Page 110: Address Table

    Chapter 4:Objects 4-1 Address Table In Address section, the IT administrator may configure network settings of LAN, WAN and DMZ, as well as designate specific addresses in a network as a group. An IP address might represent a host or a domain, in either case, the IT administrator may give it an easily identifiable name for better management.
  • Page 111 Chapter 4:Objects Setting LAN IP Address completed. In addition, select checkbox, and click on to create a new sub-content, to modify contents, or to cancel list. (Figure 4-1.2) (Figure 4-1.3) Figure 4-1. 2 LAN IP Address List Figure 4-1. 3 Static IP Select Objects >...
  • Page 112 Chapter 4:Objects Figure 4-1. 4 LAN Group 1. Select From LAN Address: The left user lists which you add in LAN IP Address. (Figure 4-1.5) Figure 4-1. 5 Select from LAN Address 2. Select From IP Rang: Enter the range IP addresses which you want to restrict to. (Figure 4-1.6) Figure 4-1.
  • Page 113 Chapter 4:Objects 3. Select From IP/Mask: (Figure 4-1.7) Figure 4-1. 7 Select from IP/Mask 4. Select From DHCP Users: It shows range of DHCP users, and these will be restricted. If you select IP-MAC Binding tick box, it will show list of IP MAC. (Figure 4-1.8) Figure 4-1.
  • Page 114 Chapter 4:Objects There is an example of how LAN Group is used. 1. Select Policy > LAN Policy > LAN to WAN or LAN to DMZ. 2. Click on , and select Action to DROP or Permit, and then select Source to group A which you have just set in 4-1 Address.
  • Page 115 Chapter 4:Objects The way of DMZ Group settings are the same as LAN Group. When you want to use DMZ Group, please select Policy > DMZ Policy> DMZ to WAN or DMZ to LAN. Click on , and select Action to DROP or Permit, and then select Source to which you have just set in 4-1 Address DMZ Group.
  • Page 116 Example application Usually, most administrator use URL filter application to avoid internal users surfing Internet, however, we may figure out it cannot block “https.” Therefore, ShareTech released FQDN application within filter in order to block domain exactly. (Figure 4-1.14) Figure 4-1.
  • Page 117 Chapter 4:Objects Figure 4-1. 16 WAN Group Select Policy > LAN Policy > LAN to WAN. Click on to create a new policy. (Figure 4-1.17) (Figure 4-1.18) Figure 4-1. 17 setting Policy Figure 4-1. 18 Completed setting Policy...
  • Page 118 Chapter 4:Objects Now, let’s check domain ip. (Figure 4-1.19) Figure 4-1. 19 ns lookup As we know, internal user cannot surf facebook even if it go through https (Figure 4-1.20) Figure 4-1. 20 block https...

  • Page 119: Services

    Chapter 4:Objects 4-2 Services TCP and UDP protocols support a variety of services, and each service consists of a TCP port or UDP port number, such as TELNET (23), FTP (21), SMTP (25), POP3 (110), etc. This section has two types of services, that is, Pre-defined service and Service group.
  • Page 120 Chapter 4:Objects Figure 4-2. 1 Pre-defined description To facilitate policy management, the IT administrator may create a service group including a group of necessary services. For example, given that ten users from ten different IP addresses requesting access to five types of services, namely HTTP, FTP, SMTP, POP3 and TELNET, it merely takes one policy with a service group to satisfy the service request of 50 combinations (10 users times 5 services equals to 50 service requests).
  • Page 121 Chapter 4:Objects If you made wrong selection, you want to remove one port. Please blank out the port. (Figure 4-2.3) Figure 4-2. 3 Service group Setting Service group completed. In addition, select checkbox, and click on to create a new sub-content, to modify contents, or to cancel list.
  • Page 122 Chapter 4:Objects There is an example that administrator deny these services. 1. Select Policy > LAN Policy, DMZ Policy, or WAN Policy. Then, select the function you need on the right side. 2. Click on , and select Action to DROP or Permit, and then select Service Port or Group to test service which you have just set in 4-2 Services.

  • Page 123: Schedule

    Chapter 4:Objects 4-3 Schedule The IT Administrator to configure a schedule for policy to take effect and allow the policies to be used at those designated times. And then the Administrator can set the start time and stop time or VPN connection in Policy or in VPN.
  • Page 124 Chapter 4:Objects Setting Schedule List completed. In addition, select checkbox, and click on to create a new sub-content, to modify contents, or to cancel list. (Figure 4-3.3)  Pass  Disable Figure 4-3. 3 Schedule List There is an example of how Schedule List is used. 1.
  • Page 125 Chapter 4:Objects 3. Setting Schedule Policy completed, and it means internal users able to use during period. (Figure 4-3.5) Figure 4-3. 5 Schedule Policy List...

  • Page 126: Qos

    Chapter 4:Objects 4-4 QoS By configuring the QoS, IT administrator can control the Outbound and Inbound Upstream/Downstream Bandwidth. The administrator can configure the bandwidth according to the WAN bandwidth. The QoS feature not only facilitates the bandwidth management but optimizes the bandwidth utilization as well.
  • Page 127 Chapter 4:Objects Figure 4-4. 1 QoS Setup Setting QoS List completed. In addition, select checkbox, and click on to create a new sub-content, to modify contents, or to cancel list. (Figure 4-4.2) Figure 4-4. 2 QoS List There is an example of how QoS List is used. 1.
  • Page 128 Chapter 4:Objects Figure 4-4. 3 QoS Policy 3. Setting QoS Policy completed. (Figure 4-4.4) Figure 4-4. 4 QoS Policy List...

  • Page 129: Application Control

    Chapter 4:Objects 4-5 Application Control Select Objects > Application Control > Software Block. It offers five kinds of software blocking, P2P Software, IM Software, WEB Application, Fun Software, and Other Application. Click on first.  Group Name: Enter any word for recognition. ...
  • Page 130 Chapter 4:Objects  Not Commonly Used Software: File Sharing Application, Instant Messaging Client, WEB File Extension Download Block, WEB File Extension Upload Block, Video Software Block, Game Virus, Worms, Spyware Block , Stock Software Block, and others. (Figure 4-5.2) Figure 4-5. 2 Not Commonly Used Software...
  • Page 131 Chapter 4:Objects Setting Software Blocking List completed. In addition, select check box, and click on create a new sub-content, to modify contents, or to cancel list. (Figure 4-5.3) Figure 4-5. 3 Application Control List There is an example of how Software Blocking is used. 1.
  • Page 132 Chapter 4:Objects 3. Setting Software Blocking Policy completed. (Figure 4-5.5) Figure 4-5. 5 Software Blocking Policy List Select Objects > Application Control > Block Log (Figure 4-5.6) Figure 4-5. 6 Block Log...

  • Page 133: Url Filter

    Chapter 4:Objects 4-6 URL Filter URL Filtering (URLF) is widely used for parental control, compliance and productivity. In schools, for instance, URLF is used to help deter exposure to inappropriate websites, such as pornography, nudity, aggressive sites, etc. In offices, URL filtering is especially an indispensible tool for web security policy.
  • Page 134 Chapter 4:Objects Figure 4-6. 1 List Settings Setting URL List completed. In addition, select Mark tick box, and click on to create a new sub-content, to modify contents, or to cancel list. (Figure 4-6.2) Figure 4-6. 2 URL List Select Objects >...
  • Page 135 Chapter 4:Objects Figure 4-6. 4 Block Warning Message Setting URL List completed. In addition, select Mark tick box, and click on to create a new sub-content, to modify contents, or to cancel list. (Figure 4-6.5) Figure 4-6. 5 URL Settings There is an example of how 4-6 URL Filter is used.
  • Page 136 Chapter 4:Objects Figure 4-6. 6 URL Policy Setting URL Policy completed. Afterward the users can browse the website except “youtube,” “google,” and “yahoo” in domain name by the above policy. (Figure 4-6.7) Figure 4-6. 7 URL Policy List...
  • Page 137 Chapter 4:Objects You are able to modifty your own waring Subject and content here (Figure 4-6.8) (Figure 4-6.9) Figure 4-6. 8 Other Settings Figure 4-6. 9 warning Subject Enter the data that you want to search, and click on (Figure 4-6.10) Figure 4-6.

  • Page 138: Virtual Server

    Chapter 4:Objects 4-7 Virtual Server The real IP address provided from ISP is always not enough for all the users when the system manager applies the network connection from ISP. Generally speaking, in order to allocate enough IP addresses for all computers, an enterprise assigns each computer a private IP address, and converts it into a real IP address through UR’s NAT (Network Address Translation) function.
  • Page 139 Chapter 4:Objects  After selected Virtual WAN IP. Figure 4-7. 2 Virtual Server  Setting Virtual Server WAN IP completed. (Figure 4-7.3) Figure 4-7. 3 Virtual Server List  Click on to edit content, and then click on , enter Virtual Server IP Address. (Figure 4-7.4) Figure 4-7.
  • Page 140 Chapter 4:Objects  Setting Virtual Server completed. In addition, click on to create a new sub-content, Edit to modify contents, or Del to cancel list. (Figure 4-7.7) Figure 4-7. 7 Virtual Server List There is an example, how to open mail server port in order to make outside person connect to. Assume your Mail Server IP is 192.168.99.250.
  • Page 141 Chapter 4:Objects Then, enter WAN IP and port number. For example, http://111.252.76.144:88 (Figure 4-7.10) Figure 4-7. 10 WAN Virtual server 88port Otherwise, enter WAN IP and port number, https://111.252.76.144:888 (Figure 4-7.11) Figure 4-7. 11 WAN Virtual 888port...
  • Page 142 Chapter 4:Objects Because of the intranet is transferring the private IP by NAT Mode, so, using NAT to map a wan Real IP address to a LAN Private IP address. It is a one-to-one mapping. That is, to gain access to internal servers with private IP addresses from an external network, mapping is required.

  • Page 143: Firewall Protection

    Chapter 4:Objects 4-8 Firewall Protection This section allows setting up the rules that specify if and how IP traffic flows through your UTM Appliance. It offers a standard firewall and creates its firewall rules using firewall function. In the Firewall Function section you can enable the following lists: Firewall protection primarily uses packet filtering to detect and block intruders.
  • Page 144 Chapter 4:Objects There is an example, how to set up firewall protection. Assume your Mail Server IP is 192.168.99.250. Please follow the previous steps, and then create a WAN policy in Policy > Policy > LAN to WAN or WAN to LAN.
  • Page 145 Firewall Protection > Attack Log. (Figure 4-8.6) Figure 4-8. 6 Search Condition Select Objects > Firewall Protection > Attack Log. You are able to search see all of attack logs which through SG-100N machine. (Figure 4-8.7) Figure 4-8. 7 Attack Log...

  • Page 146: Authentication

    Chapter 4:Objects 4-9 Authentication Internet Authentication serves as a gateway to filter out unauthorized users from accessing the Internet. Configuring the Authentication provides an effective method of managing the network’s use. Therefore, IT administration can control the user’s connection authority by setting account and password to identify the privilege, and then users have to pass the authentication to access to Internet.
  • Page 147 Chapter 4:Objects 0 means permanent blocking  Permanently block when login failed more than: 0 means no limit  Unblocked IP: here, will show up total blocked IP, and then you are able to see detailed on status.  Account expiration notification: 0 represents the day ...
  • Page 148 Chapter 4:Objects  Subject: Enter some words to be website subject.  Content: Enter some message which shown in the login screen. Leaving it blank will result in no message be show.  Upload logo: Click on . This picture will show when users use Internet by through the Internet authentication way.
  • Page 149 Chapter 4:Objects  Before start to set up "Apply Bulletin Layout" we should set up Bulletin Board first. (Figure 4-9.5) Figure 4-9. 5 Add user Define Settings Figure 4-9. 6 Apply Bulletin Layout You are able to click PC Version Mobile Version to see login screen which your settings.
  • Page 150 Chapter 4:Objects Figure 4-9. 8 Mobile Version Select Objects > Authentication > Local User. (Figure 4-9.9)  User List: If you have many accounts, you can click on to bring in accounts. After selected, click on . Then, you do not have to enter account step by step. Click on first.
  • Page 151 Chapter 4:Objects Figure 4-9. 9 Add User Account Setting Local Users completed. In addition, click on to create a new sub-content, Edit to modify contents, or Del to cancel list. (Figure 4-9.10) Figure 4-9. 10 Users list Then, please see User Group part to see how to use Internet Authentication.
  • Page 152 Chapter 4:Objects Then, add a POP3 server info. (Figure 4-9.12) Figure 4-9. 12 Add a server Second, we suggest importing all of POP3 accounts, it will faster than enter each of accounts. We use "sharetech01@randoll.com.tw" for testing here. (Figure 4-9.13) Figure 4-9.
  • Page 153 Chapter 4:Objects Create one account successfully. Also, you are able to import file (Figure 4-9.16) Figure 4-9. 16 Server Member Setting Then, please see User Group part to see how to use Internet Authentication. On the other hand, If mail server is internal, and do not allow external personal yet. We advise set up DNS first in UTM.
  • Page 154 Chapter 4:Objects Click to check A of domain. (Figure 4-9.19) Figure 4-9. 19 check A of domain Select Objects > Authentication> AD User  AD Settings; After you enter your AD address and AD Domain Name, please click on settings first. Then, click on to make sure whether it is correct or not.
  • Page 155 Chapter 4:Objects Select Objects > Authentication > User Group. Click on  Group name; Enter some words for recognition.  Auth Settings: 1. Use a shared set: It is accord with Auth Settings. 2. Use custom settings: The settings of When asked how long the idle re-registration, How long after the user logs requested a re-registration, and Select Authentication Mode are defined by yourself.
  • Page 156 Chapter 4:Objects Setting User Group with Local Users mode completed. In addition, click on to create a new sub-content, Edit to modify contents, or Del to cancel list. (Figure 4-9.12) Figure 4-9. 23 Setting user group with Local Users mode completed 2.
  • Page 157 Chapter 4:Objects 3. AD  AD accounts import:Click on to bring in accounts. After selected, click on  Setting User Group with AD mode completed. In addition, click on to create a new sub-content, Edit to modify contents, or Del to cancel list. There is an example of how User Group is used with Local Users mode.
  • Page 158 Chapter 4:Objects 3. Setting Internet Auth Policy completed. (Figure 4-9.27) Figure 4-9. 27 Internet Auth Policy List 4. Let’s login. (Figure 4-9.28) Figure 4-9. 28 login There is an example of how User Group is used with POP3 mode. 1. 1 Select Objects >...
  • Page 159 Chapter 4:Objects Figure 4-9. 29 Internet Auth policy 3. Setting Internet Auth Policy completed. (Figure 4-9.30) Figure 4-9. 30 Auth policy 4. Let’s login. (Figure 4-9.31) Figure 4-9. 31 login...
  • Page 160 Chapter 4:Objects This function is accords with the section of Auth Settings, Local Users, User Group, and Policy Chapter. If the user has been Login, the records will be shown. (Figure 4-9.32) Figure 4-9. 32 Internet Auth Record It shows the users who is on the Internet at present. You can click on Kick link to kick out the user or user group, and then you cannot use Internet.

  • Page 161: Bulletin Board

    Chapter 4:Objects 4-10 Bulletin Board In a workplace environment, bulletin boards can save time, promote productivity, and efficiency. The bulletin board offered as part of a company's internal extranet communication systems saves people the hassle of sorting through superfluous emails that aren't work-related. Instead, assignments, memos and messages from clients can be posted on the company's bulletin board.
  • Page 162 Chapter 4:Objects Then, click Layout to edit content of bulletin board. (Figure4-10.3) Figure 4-10. 3 edit mobile authentication content Click on (Figure 4-10.4) Figure 4-10. 4 Mobile version Bulletin Board Preview...
  • Page 163 Chapter 4:Objects Click Layout to edit content of bulletin board. (Figure 4-10.5) Figure 4-10. 5 edit PC authentication content Click on (Figure 4-10.6) Figure 4-10. 6 PC Version Bulletin Board Preview...
  • Page 164 Chapter 4:Objects Select Policy > LAN Policy (or DMZ Policy) > LAN to WAN or LAN to DMZ. Click on to add new policy. (Figure 4-10.7) Figure 4-10. 7 add policy Figure 4-10. 8 add Policy completed Then, internal users will see bulletin board when they use Web Browser. (Figure 4-10.9) Figure 4-10.
  • Page 165 Chapter 4:Objects After users read bulletin content and click on , URL redirect to what Administrator enter. (Figure 4-10.10) Figure 4-10. 10 URL redirect to Select Objects > Bulletin Board > Has read the bulletin board. (Figure 4-10.11) Administrator sees which IP had read content of bulletin board. Internal user has to read again if Kick out.

  • Page 166: Chapter 5:Network Services

    Chapter 5:Network Services Chapter 5:Network Services In the Network Services chapter you can enable the following lists: ․ 5-1 DHCP ․ 5-2 DDNS ․ 5-3 DNS Procy ․ 5-4 SNMP ․ 5-5 Remote Syslog Server...

  • Page 167: Dhcp

    IP address configuration of all your network devices from ShareTech UR Appliance in a centralized way. When a client (host or other device such as networked printer, etc.) joins your network it will automatically get a valid IP address from a range of addresses and other settings from the DHCP service.
  • Page 168 Chapter 5:Network Services Figure 5-1. 1 LAN DHCP Server After enable LAN DHCP server, please check your Network Services > DHCP > LAN User List. (Figure 5-1.2) Figure 5-1. 2 LAN User List Please note that Interface Type depend on what you set up on Network >...
  • Page 169 Chapter 5:Network Services After enable DMZ DHCP server, please check your Network Services > DHCP > DMZ User List. (Figure 5-1.4) 3. If you don’t enable DMZ DHCP server, and it doesn’t show IP list. Figure 5-1. 4 DMZ User List Select Network Services >...

  • Page 170: Ddns

    Chapter 5:Network Services 5-2 DDNS DDNS , it allows you to make your server available to the Internet even though it does not have a static IP address. To use DDNS you must first register a sub-domain with a DDNS provider. Then whenever your server connects to the Internet and is given an IP address by your ISP it must tell the DDNS server this IP address.
  • Page 171 Chapter 5:Network Services will automatically connect to the dynamic DNS provider and tell it the new IP address after every address change. Figure 5-2. 1 DDNS server  Setting DDNS Server completed. In addition, click on to create a new sub-content, Edit to modify contents, or Del to cancel list.

  • Page 172: Dns Proxy

    ShareTech SG-100N offers a DNS proxy which receives DNS queries from the local networks and forwards them to DNS servers on the Internet. The responses are cached, thus IP addresses of sites frequently accessed are delivered quickly.
  • Page 173 Chapter 5:Network Services Figure 5-3. 3 Allow recursive quires...
  • Page 174 Chapter 5:Network Services...

  • Page 175: Snmp

    Chapter 5:Network Services 5-4 SNMP SNMP is an "Internet-standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more." It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention.
  • Page 176 Chapter 5:Network Services Here, IT administrator can use ShareTech SNMP client plus MRTG to see more network status. (Figure In this section you can enable the following lists: 5-4.1) Please select Network Services > SNMP > SNMP. (Figure 5-5.2) Figure 5-4. 2 SNMP Agent...

  • Page 177: Remote Syslog Server

    Chapter 5:Network Services 5-5 Remote Syslog Server SG-100N logs all its security functions so that you can analyze and do statistics. Also, there is a search function in all these log pages. Some abnormal behaviors of network can be located and then help you to fix.
  • Page 178 Chapter 5:Network Services 7. Select ″I Agree″ (Figure 5-5.2) Figure 5-5. 2 Select ″I Agree″ 8. Select ″Install Kiwi Syslog Server as a Service,″ and ″Next″ (Figure 5-5.3) Figure 5-5. 3 Select ″Install Kiwi Syslog Server as a Service″...
  • Page 179 Chapter 5:Network Services 9. Select ″The localSystem Account,″ and ″Next″ (Figure 5-5.4) Figure 5-5. 4 Select ″The LocalSystem Account″ Don’t select ″Install Kiwi Syslog Web Access,″ and ″Next″ (Figure 5-5.5) Figure 5-5. 5 Don’t select ″Install Kiwi Syslog Web Access″ 10.
  • Page 180 Chapter 5:Network Services 11. Select ″Install″ (Figure 5-5.7) (Figure 5-5.8) Figure 5-5. 7 Choose Install Location Figure 5-5. 8 Installing 12. Select ″Finish.″ (Figure 5-5.9) Figure 5-5. 9 Completing the Kiwi Syslog server 9.2.0 Setup Wizard...
  • Page 181 Chapter 5:Network Services 13. Please select Policy. 14. Choose Permit, and must select ″Packet Tracing.″ (Figure 5-5.10) (Figure 5-5.11) Figure 5-5. 10 Select ″Packet Tracing″ Figure 5-5. 11 Policy setting...
  • Page 182 Chapter 5:Network Services 15. Then, you will see Syslog such as the following figure. It’s similar like packet Tracing (Figure 5-5.12). (Figure 5-5.13) Figure 5-5. 12 Kiwi Syslog Service 16. Please click on (Figure 5-5.13) Figure 5-5. 13 Packet Tracing Log...
  • Page 183 Chapter 5:Network Services If you want to export syslog to .txt file, please follow the steps. Please select ″File > Setup″ (Figure 5-5.14) Figure 5-5. 14 Kiwi Setup Please select ″Log to file″ and depend on how your setting. (Figure 5-5.15) Figure 5-5.
  • Page 184 Chapter 5:Network Services Then, completing export syslog file. (Figure 5-5.16) Figure 5-5. 16 export syslogs Besides, users also can use mail Notification. Please select ″E-mail.″ (Figure 5-5.17) Figure 5-5. 17 syslog E-mail setting...

  • Page 185: Chapter 6:Idp

    As for the file-based virus, it is outside the scope of firewall protection. ShareTech UTM built-in IDP with huge database can inspect all the packets from WEB, P2P, IM, NetBIOS etc.

  • Page 186: Idp Setting

    Thus, it ensures that the network's performance remains efficient and uninhibited. This section deals with the configuration settings of IDP. ShareTech AW models include the well-known IDS and IPS system Snort.
  • Page 187 Chapter 6:IDP Figure 6-1. 2 IDP Advanced Setting  Click on » More to see more detail risk group name. (Figure 6-1. 3) Figure 6-1. 3 Risk Group Name 17. Usually, we set up with WAN to LAN or WAN to DMZ (Figure 6-1.

  • Page 188: Idp Log

    Chapter 6:IDP 6-2 IDP Log  Select or type information you want to search, and click on (Figure 6-2.1) Figure 6-2. 1 IDP Log Search  After click on , you will see logs search result as example below. (Figure 6-2.2) Figure 6-2.

  • Page 189: Chapter 7:Ssl Vpn

    Chapter 7:SSL VPN Chapter 7:SSL VPN Since the Internet is in widespread use these days, the demand for secure remote connections is increasing. To meet this demand, using SSL VPN is the best solution. Using SSL VPN and just a standard browser, clients can transfer data securely by utilizing its SSL security protocol, eliminating the need to install any software or hardware.

  • Page 190: Ssl Vpn Setting

    Chapter 7:SSL VPN 7-1 SSL VPN Setting In the SSL VPN Settings section you can enable the following lists: Users have to click on Modify the Server Setting link, to modify SSL VPN settings. In addition, users must select “Start” because default setting is Stop.
  • Page 191 Chapter 7:SSL VPN Figure 7-1. 1 SSL VPN Setting Please create an account in 4-9 Objects > Authentication > Local User. (Figure 7-1.2) Figure 7-1. 2 Create Authentication account Figure 7-1. 3 Authentication User List...
  • Page 192 Chapter 7:SSL VPN Then, select Objects > Authentication > User Group. Click on to create a new Authentication User Group. (Figure 7-1.4) Figure 7-1. 4 Local Users Setting User Group with Local Users mode completed. In addition, click on to create a new sub-content, Edit to modify contents, or Del to cancel list.
  • Page 193 Chapter 7:SSL VPN Figure 7-1. 7 Setting SSL VPN Client with Authentication Local Users completed IT networking Administrator can click on to see SSL VPN clinet status. (Figure 7-1.8) Figure 7-1. 8 SSL VPN clinet status...
  • Page 194 Chapter 7:SSL VPN User should download generate certificate into their computer, laptop, or iPad by using https:// [Wan IP Address or Domain] [HTTPS Port] /sslvpn.php 18. For example, https://111.252.70.234:443/sslvpn.php (Figure 7-1.9) Figure 7-1. 9 check you interface IP and HTTPS Port Enter https://111.252.70.234:443/sslvpn.php in your browser, and then enter your user account and user password.
  • Page 195 Chapter 7:SSL VPN Download generate certificate into their computer, laptop, or iPad. (Figure 7-1.11) Figure 7-1. 11 Download generate certificate sslvpn_gui_V1.2_ting.zip Open zip file , or else update your driver that choose tap-win32 (Figure 7-1.12) or tap-win64. Figure 7-1. 12 sslvpn gui Then, click on , and enter your username and password.

  • Page 196: Ssl Vpn Log

    Chapter 7:SSL VPN 7-2 SSL VPN Log In this section you can enable the following lists:  Connection refused to record start: Select Start to on this function, on the other hand, select Stop to off this function. In addition, you can click on to see SSL VPN logs.

  • Page 197: Vpn Policy

    Chapter 7:SSL VPN 7-3 VPN Policy This section is the same as 8-4 Policy. In this section you can enable the following lists: SSL VPN on internal control and external control through the SSL VPN connection points connected to internal network, the protocol, Service group port, QoS bandwidth and Schedule, Packet tracing, and Traffic Analysis.
  • Page 198 Chapter 7:SSL VPN group functions , need to develop a total of 10x5=50 policies, but use the service group name applied to the service option on , you only need a policy can achieve the function of 50.  QoS: Select Objects >...

  • Page 199: Ssl From Your Android Phone

    7-4 SSL From your Android phone Securely Connect Your Android Smartphone via SSLVPN. ShareTech roll out full SSL VPN support for Android Smartphones for more secure remote access to UTM and other corporate applications because of the Android system support and flexibility.
  • Page 200 Chapter 7:SSL VPN 3. Add an authentication group (Figure 7-4.3) (Figure 7-4.4) Objects > Authentication > User Group Figure 7-4. 3 add Group Member Figure 7-4. 4 Group List...
  • Page 201 Chapter 7:SSL VPN 4. Add a New Certification Group (Figure 7-4.5) (Figure 7-4.6) SSL VPN > SSL VPN Setting > SSL Client List Figure 7-4. 5 Add a New Certification Group SSL VPN > SSL VPN Setting > SSL Client List Figure 7-4.
  • Page 202 Chapter 7:SSL VPN 5. Start SSL VPN SSL VPN > SSL VPN Setting > SSL VPN Setup Figure 7-4. 7 Start SSL VPN...
  • Page 203 Chapter 7:SSL VPN 20. Configure Your Android Device 6. Download "ShareTech SSL VPN, " and Install it. 7. Add a new SSL VPN connection.
  • Page 204 Chapter 7:SSL VPN Network > Interface > HTTPS Port 8. Enter Server Information...
  • Page 205 Chapter 7:SSL VPN 9. Connection establish and Authorizing 10. Address of information message 11. Your smartphone is now successfully connected to the SSL VPN...
  • Page 206 Chapter 7:SSL VPN 12. SSL VPN Log 13. How to disconnect SSL VPN? Other Information Using a SSL VPN to connect your smartphone to your home or work network can expand the usability of your phone and help you to be productive no matter where you are. 14.
  • Page 207 Chapter 7:SSL VPN 15. What are Details? Route Information 16. Setting...
  • Page 208 Chapter 7:SSL VPN 17. SSL Version 18. SSL VPN Connection Logs...

  • Page 209: Chapter 8:Vpn

    Chapter 8:VPN Chapter 8:VPN To obtain a private and secure network link, the UR is capable of establishing VPN connections. When used in combination with remote client authentication, it links the business’ remote sites and users, conveniently providing the enterprise with an encrypted network communication method. By allowing the enterprise to utilize the Internet as a means of transferring data across the network, it forms one of the most effective and secures options for enterprises to adopt in comparison to other methods.

  • Page 210: Ipsec Tunnel

    Chapter 8:VPN 8-1 IPSec Tunnel IPSec is a generic standardized VPN solution. IPSec must be implemented in the IP stack which is part of the kernel. Since IPSec is a standardized protocol it is compatible to most vendors that implement IPSec. It allows users to have an encrypted network session by standard IKE .
  • Page 211 Chapter 8:VPN  Connection Type: There are two types. 1. Main 2. Aggressive  Preshare Key: Enter a pass phrase to be used to authenticate the other side of the tunnel.  ISAKMP : It provides the way to create the SA between two PCs.
  • Page 212 Chapter 8:VPN 5. Auto Pairing  Perfect Forward Secrecy(PFS) : Set Yes to start the function. DH Group, when the encryption technique is aes, it can be choice2, 5, 14, 15, 16, 17, 18, but the encryption technique is 3des, only can choice 2, 5.
  • Page 213 Chapter 8:VPN For A company: Select VPN > IPSec Tunnel > Add VPN Tunnel. Its WAN IP is 211.20.227.193, and LAN subnet is 192.168.168.0/24. Default gateway for the A company LAN IP 192.168.168.1. Step 1. VPN Tunnel Name: Enter "VPN_B" in the field. Step 2.
  • Page 214 Chapter 8:VPN For B Company: B Company setting steps is similar to A Company setting. WAN IP is 61.11.11.11, LAN subnet is 192.168.99.0/24 Figure 8-1. 2 How to Add IPSec Tunnel for B company Setting IPSec Tunnel completed, and please notices the status. (Figure 8-1.3) Figure 8-1.
  • Page 215 Chapter 8:VPN : Stand for start : Stand for suspension : Stand for edit the VPN setting Log: This VPN communication record,IPSec VPN channel , if has the communication record with opposite party , select the "Log" will open the new Windows, the data will be according to time sorting, most recent news in last page.

  • Page 216: Pptp Server

    Chapter 8:VPN 8-2 PPTP Server This section shows you how to set of VPN-PPTP server. Uses the IP address and the scope option needs to match the far-end the PPTP server, its goal uses the PPTP channel technology, establishes Site to Site VPN, its function the channel has meaning of the equally good results from different methods with IPSec.
  • Page 217 Chapter 8:VPN Figure 8-2. 1 PPTP Server Select VPN > PPTP Server > Add Account. (Figure 8-2.2)  Enabled: Select Enabled to start this account.  Account: Enter an account.  Password: Enter a password.  Client IP Address Assign: It offers two ways. 1.
  • Page 218 Chapter 8:VPN How do users create VPN connection in their computer? Step 1: Create new connection (Figure 8-2.3) Figure 8-2. 3 create new connection Step 2: Select VPN connection (Figure 8-2.4) Figure 8-2. 4 select connect working place by VPN...
  • Page 219 Chapter 8:VPN Step 3: Enter WAN IP address (Figure 8-2.5) Figure 8-2. 5 Enter WAN IP address Step 4: Enter your username and password (Figure 8-2.6) Figure 8-2. 6 Enter username and password...
  • Page 220 Chapter 8:VPN Step 5: Users can check their status in their computer (Figure 8-2.7) Figure 8-2. 7 check users’ computer Step 6: In addition, user can enter "ipconfig" in cmd (Figure 8-2.8) Figure 8-2. 8 ipconfig in cmd Select VPN > PPTP Server >...
  • Page 221 Chapter 8:VPN : Enable : Disable  Edit / Del: Click on the pencil signature to modify contents, and click on another one to delete PPTP account. : to modify contents : to delete PPTP account  Log: Click on , it shows the PPTP account connection logs.

  • Page 222: Pptp Client

    Chapter 8:VPN 8-3 PPTP Client In the PPTP Client section you can enable the following lists: Select VPN > PPTP Client > Add PPTP Client. (Figure 8-3.1)  Name: The description for PPTP Client  Account: It displays the name of clients using PPTP to log in to PPTP server. ...

  • Page 223: Vpn Policy

    The control of the VPN in the past, most were carried out from the policies or is unable to monitor, but ShareTech UTM for the VPN is direct control from the VPN.VPN on internal control and external control through the VPN connection points connected to internal network, the Protocol, Service port, QoS bandwidth and Schedule, Packet tracing, and Traffic Analysis.
  • Page 224 Chapter 8:VPN  Action: It offers two movements. 1. ACCEPT means any meet the Policy of the packet will be released. 2. DROP means discarded.  Protocol: The protocol used for communication between two devices. TCP and UDP are the two most frequently seen protocols among others.
  • Page 225 Chapter 8:VPN Figure 8-4. 2 Internal to VPN...

  • Page 226: Chapter 9:Tools

    Chapter 9:Tools Chapter 9:Tools In the Tools chapter you can enable the following lists: ․ 9-1 Connection Test ․ 9-2 Packet Capture...

  • Page 227: Connection Test

     Wait Time: It specifies the duration to wait between successive pings. Default setting is 1 second.  Using Interface & IP: Select an interface. Figure 9-1. 1 Ping Traceroute command can be used by the SG-100N to send out packets to a specific address to diagnose the quality of the traversed network. Select Tools >...
  • Page 228 Chapter 9:Tools  Source Interface:Select the interface that the packets will originate from. Figure 9-1. 2 Trace Route Inquires the DNS detailed material, at present may inquire the datas of ANY, SOA, NS, A Record, MX, CNAME, PTR, may user specific DNS server achievement inquires the basis. Select Tools >...
  • Page 229 . Then, you will see Port Scan Result. (Figure 9-1.4) (Figure 9-1.5)  Domain or IP to Scan: Enter the domain or IP address for the packets. Figure 9-1. 4 Port Scan "scan.sharetech.com.tw" Figure 9-1. 5 Port Scan "www.google.com.tw"...
  • Page 230 IP Route shows router status in order to know router information; it also shows multiple subnet status. (Figure 9-1.6) Figure 9-1. 6 IP Route It shows SG-100N of the present interface information. (Figure 12-1.7) (Figure 12-1.8) (Figure 12-1.9) (Figure 12-1.10) Figure 9-1. 7 LAN Information...
  • Page 231 Chapter 9:Tools Figure 9-1. 9 WAN1 Information Figure 9-1. 10 WAN2 Information Select Tools > Connection Test > Wake Up and please click on (Figure 9-1.11) (Figure 9-1.12) Figure 9-1. 11 wake up Figure 9-1. 12 wake up...
  • Page 232 Chapter 9:Tools Ping your IPv6 in order to check whether LAN/WAN/DMZ Alive Detection. (Figure 9-1.13) Select Tools > Connection Test > IPv6, and enter your IPv6  Target IP: Enter IPv6 IP The Google Public DNS IPv6 addresses are as follows: 2001:4860:4860::8888 2001:4860:4860::8844 Figure 9-1.
  • Page 233 Chapter 9:Tools For instance, select Tools > Connection Test > SNMP, and enter your switch IP, Read permissions, and OID. It shows switch SNMP result. (Figure 9-1.15) Figure 9-1. 15 SNMP result...

  • Page 234: Packet Capture

    Chapter 9:Tools 9-2 Packet Capture The following are some examples people uses Packet Capture for network administrators use it to troubleshoot network problems and network security engineers use it to examine security problems. Select Tool > Packet Capture > Schedule List. Click to create a new schedule.
  • Page 235 Chapter 9:Tools Transfer Direction: src, dst, src or dst, dst and src C-like Type Description and Example src 210.27.48.2 source It means filtering source match 210.27.48.2 dst net 202.0.0.0 distance It means filtering distance match 202.0.0.0 Filter Logical Operations English C-like Description and Example &&...
  • Page 236 Chapter 9:Tools 24. Ping is ICMP protocol. (Figure 9-2.2) (Figure 9-2.3) Figure 9-2. 2 Add listen Schedule Figure 9-2. 3 Listen Schedule List Select Tool > Packet Capture > Completed List. (Figure 9-2.4) Figure 9-2. 4 Completed List Click , and download pcap file. (Figure 9-2.5) Figure 9-2.
  • Page 237 Chapter 9:Tools Please install Wireshark software (http://www.wireshark.org/), and open pcap file by Wireshark. As you see the following figure, we may know 192.168.1.111 have been transfer ICMP packets to 192.168.1.161. They have had communication each other. (Figure 9-2.6) Figure 9-2. 6 open pcap file by Wireshark What is Wireshark? Wireshark is a network packet analyzer.
  • Page 238 Chapter 9:Tools 25. There is another example to show how wireshark is used. Select Capture > Options… (Figure 9-2.7) Figure 9-2. 7 Wireshark collection Select your network card. (Figure 9-2.8) Figure 9-2. 8 select network card...
  • Page 239 Chapter 9:Tools Select FileZilla FTP server after you start collect packets by wireshark. (Figure 9-2.9) Figure 9-2. 9 connect FTP server Select "Stop the running live capture" after Disconnected FTP server (Figure 9-2.10) Figure 9-2. 10 stop the running live capture...
  • Page 240 Chapter 9:Tools Because of Wireshark collect wide range packets, and we just need FTP detailed packets information. We have used FTP so that filter type is "FTP Protocol." Select Expression > FTP (Figure 9-2.11) Figure 9-2. 11 Wireshark Expression You may figure out username/password. (Figure 9-2.12) Figure 9-2.

  • Page 241: Chapter 10:Logs

    Chapter 10:Logs Chapter 10:Logs In the Logs chapter you can enable the following lists: ․ 10-1 System Operation...

  • Page 242: System Operation

    Chapter 10:Logs 10-1 System Operation Log records all connections that pass through the SG-100N. The information is classified as Configuration, Networking, Policy, Object, and so on. Event log has the records of any system configurations made. Each log denotes who, when, what and where that a configuration is being modified.
  • Page 243 Search. (Figure 10-1.2)  Account: Available account which administrator you had made before.  Computer Name: All of available computers which are ever through the SG-100N  IP Address: Internal IP addresses.  Login Setting: Recording users login system logs.
  • Page 244 Chapter 10:Logs After click on , you will see logs search result as example below. (Figure10-1.3) Figure 10-1. 3 Logs Search Result...

  • Page 245: Chapter 11:Status

    Chapter 11:Status Chapter 11:Status This function provides current information about the device and the network including addresses for LAN / WAN, subnet masks, default gateways, etc. as well as current network connection status and other information. In the Status chapter you can enable the following lists: ․...

  • Page 246: Performance

    Chapter 11:Status 11-1 Performance There are three parts, System Status, Interface Flow, and History Status. Performance section shows the utilization of CPU Usage, Memory Usage, System Usage, Each interface's on downloads the current capacity also to be possible to inquire the above information historical current capacity. Generally speaking, system status shows graphs of resource usage.
  • Page 247 Chapter 11:Status Figure 11-1. 3 System Usage Select Status > Performance> Interface Flow. It shows graphs of incoming and outing traffic through that interface.  LAN: Last 12 Hours LAN Interface Flow Status (Figure 11-1.4)  WAN 1: Last 12 Hours WAN1 Interface Flow Status (Figure 11-1.4) ...
  • Page 248 Chapter 11:Status Figure 11-1. 6 Last 12 Hours DMZ Interface Flow Status Select Status > Performance > History Status. Set information, and click on . Then, you will see Search Result. It shows the history system condition. (Figure 11-1.6)  Search Object(s): There are CPU, System Load, RAM, LAN, DMZ, WAN 1, and WAN 2. ...

  • Page 249: Connection Status

    Chapter 11:Status 11-2 Connection Status The Connection Status section records all the connection status of host PCs that have ever connected to the SG-100N. It shows computer list and connect tract. Select Status > Connection Status> Computer List. It shows the current connection status information.
  • Page 250 Chapter 11:Status Figure 11-2. 2 Client OS Detection It’s an optional item. If you don’t purchase WiFi on Configuration > Package, you will not see this. (Figure 11-2.3) Figure 11-2. 3 Wireless Computer List After you “Start” AP Management on 1-10 Configuration >...
  • Page 251 Chapter 11:Status  Computer Name: The computer’s network identification name.  IP Address: It shows the computer IP Address.  Session: It shows the current number of sessions connected to the computer.  Up Speed bits: It shows the upstream bandwidth for the computer. Eight bits is a unit of a bytes/Second.

  • Page 252: Flow Analysis

    Chapter 11:Status 11-3 Flow Analysis It shows all main flow of connection. This function not only records the Downstream Flow and Up Flow, but also provides the IT administrator with detailed statistical reports and charts. In this section, it shows Top Flow List, Top Flow List by Port, and Top Flow Search. Select Status >...
  • Page 253 Chapter 11:Status If you want to know which service port is the IP address connecting to, select the rectangular form. You will see a figure as below. (Figure 11-3.2) Figure 11-3. 2 Top N Flow Detail Click on to see a figure as below. (Figure 11-3.3) Figure 11-3.
  • Page 254 Chapter 11:Status Select Status > Flow Analysis > Top N Port Flow. (Figure 11-3.4)  Flow Direction: There are two selections. Default setting is OutBound. 1. Outgoing 2. Incomingd  Top N Flow: Select how many lists would be shown. Default setting is 10. ...
  • Page 255 Chapter 11:Status Figure 11-3. 5 Top Flow Search If you would like to know which service is the IP address connects to, select the rectangular from. You will see a figure as below. (Figure 11-3.6) Figure 11-3. 6 Top N Search Detail You are able to click on to see more detailed.
  • Page 256 Chapter 11:Status If you have ever set up Quota on Policy, you are able to search history log here. (Figure 11-3.8) (Figure 11-3.9) Figure 11-3. 8 Quota / Day Figure 11-3. 9 Search Quota History...

Table of Contents