Page 1: User Manual
Citadel, CITADEL, Citadel CL, Citadel CL-100, Citadel CL-100W, Citadel CL-200, and Citadel CL-200W are trademarks. All other trademarks mentioned in this manual are properties...
Page 2 Citadel CL Series Security and Network Appliance User Manual...
Page 3: Table Of Contents
Table of Contents Table of Contents Chapter 1: Introduction................. 1 "In-a-Box" Office Network ................1 Rock Solid Security ..................2 Advanced Traffic-shaping Engine ..............2 Feature-rich Server Applications............... 2 Chapter 2: Specifications............... 3 Hardware Configuration .................. 3 IPSec VPN..................... 3 PPTP VPN......................
Page 4 Citadel CL Series Security and Network Appliance User Manual Modem Connection ...............38 Load Balancing................44 Dynamic Host Configuration Protocol (DHCP) Server ......... 46 Static LAN IP Allocation ..............48 DHCP Clients and Lease Times ............49 Dynamic Domain Name Service (DDNS) ............50 Third Party DDNS Services.............50 Firewall ......................
Page 5 Table of Contents Reboot..................100 Miscellaneous ................101 USB Applications..................102 Prerequisites to Using a USB Disk ..........102 Web Camera................103 Printer ..................105 Storage..................108 Users..................110 FTP Server ................111 WWW Server ................114 Mail Server ................115...
Page 6 Citadel CL Series Security and Network Appliance User Manual Table of Figures Figure 1: Citadel Router in a Typical Office Network Setting ........... 1 Figure 2: Home Screen of the Web Management Console..........6 Figure 3: LAN IP Address Screen ................23 Figure 4: WAN IP Address Setting Screen for PPPoE/ADSL Connection ......
Page 7 Table of Figures Figure 31: Schematic Illustration of QoS Traffic Shaping..........81 Figure 32: QoS Traffic Shaping Configuration box on the QoS Traffic Shaping Screen..82 Figure 33: Profile Definition on the QoS Traffic Shaping Screen........83 Figure 34: Traffic Definition on the QoS Traffic Shaping Screen........84 Figure 35: Security Screen ..................
Page 8 Citadel CL Series Security and Network Appliance User Manual viii...
Page 9: Chapter 1: Introduction
Chapter 1: Introduction Chapter 1: Introduction The Citadel is a security and network appliance, designed to meet the specific needs of small to medium-sized businesses. It offers an easy to install office network, advanced security and traffic-shaping capabilities, and a broad range of key server applications.
Page 10: Rock Solid Security
Citadel CL Series Security and Network Appliance User Manual Rock Solid Security A remote office network becomes part of a secure central office network by using the Citadel's VPN features for IPSec, PPTP and firewall that utilizes stateful inspection architecture. The Citadel also supports a DMZ network (CL-200 and CL-200W), and the additional WAN port can be used as a hardware DMZ port.
Page 11: Chapter 2: Specifications
Chapter 2: Specifications Chapter 2: Specifications Hardware Configuration • 1 WAN (10/100Mbps auto-sensing Ethernet) for CL-100 and CL-100W • 2 WAN (10/100Mbps auto-sensing Ethernet) for CL-200 and CL-200W • 4 LAN (10/100Mbps auto-sensing Ethernet) • 1 Serial (RS232), DB9 connector •...
Page 12: Wlan-802.11B/G
Citadel CL Series Security and Network Appliance User Manual • L2TP Client • NAT- Static or Dynamic • NAPT/PAT- Port forwarding • NAT traversal • Connection sharing • Local and remote logging • DDR - Dial on Demand • Remote Dial-in •...
Page 13: Management
Weight: 0.5kg (1lb) • Operating temperature: 0° to 40C° (32°F to 104°F) • Storage temperature: -20°C to 70°C (-4°F to 158°F) • Humidity: 10 to 90%, non-condensing Comparison of Models Models CL-100 CL-100W CL-200 CL-200W WLAN AP √ √ (802.11b/g) Fail-over and...
Page 14: Chapter 3: User Interface Elements And Basic Functions
Citadel CL Series Security and Network Appliance User Manual Chapter 3: User Interface Elements and Basic Functions This chapter describes the user interface elements of the Citadel's Web Management Console and its basic functions. The Home Screen When you log on to the Citadel, the Home screen of the Web Management Console appears.
Page 15 Chapter 3: User Interface Elements and Basic Functions You configure the Citadel by selecting from the main menu options in the navigation pane on the left side of the Web Management Console screen. For the required initial configuration, you may also use the Citadel Wizard, located at top of the Home screen.
Page 16 Citadel CL Series Security and Network Appliance User Manual Menu Option Description IPSEC VPN Configuring the Citadel to establish an IPSec VPN that securely connects two different sites over the Internet. See IPSec VPN, page 77. Configuring Quality of Service (QoS) traffic shaping in order to ensure a high performance level of selected types of traffic, even when the Internet connection is loaded.
Page 17: Basic Operations
Chapter 3: User Interface Elements and Basic Functions Basic Operations There are basic operations necessary for completing the configuration of the Citadel appliance. These include changing, editing, and deleting configurations, as well as enabling and disabling functions. You perform these basic operations through clearly defined buttons located on the configuration screens.
Page 18: Chapter 4: Getting Started
Citadel CL Series Security and Network Appliance User Manual Chapter 4: Getting Started This chapter includes information and procedures to get the Atera Citadel up and running in your office network. It includes the following sections: • Basic Requirements, page 10.
Page 19: Cable/L2Tp Connection
Chapter 4: Getting Started Cable/L2TP Connection The specific requirements for a Cable/L2TP connection are as follows: • IP address or domain name of the ISP's LNS (L2TP Network Server) (Provided by the ISP) • Username and password for the L2TP account (Provided by the ISP) •...
Page 20: Establishing Access To The Citadel Web Management Console
Citadel CL Series Security and Network Appliance User Manual Connection Type Use it when you have… Static IP A direct broadband Ethernet connection, and you • need to manually enter the IP address. An xDSL Internet connection, and you need to •...
Page 21 Chapter 4: Getting Started Do one of the following: • If you are running Windows XP, click Internet Protocol (TCP/IP) and then click Properties. • If you are running Windows 95/98/Me, click TCP/IP and then click Properties. (If there are multiple entries, choose the appropriate NIC before clicking properties.) The Internet Protocol (TCP/IP) Properties dialog box is displayed: Select Use the following IP address and enter the following:...
Page 22: Connecting To The Citadel Web Management Console
Citadel CL Series Security and Network Appliance User Manual Connecting to the Citadel Web Management Console After connecting to the Citadel Web Management Console, a summary of the system information and connections appears on the Home page of the Web Management Console.
Page 23: Completing Basic Settings With The Citadel Wizard
Chapter 4: Getting Started The Citadel Web Management Console appears with a summary of system information and statistics as well as a link to the Citadel Wizard™ quick setup wizard. Note: If you cannot access the Web Management Console, on the back of the Citadel, press the Reset button for more than 10 seconds and then release the button.
Page 24 If you have the Citadel CL-100W or the Citadel CL-200W, the Wireless Settings screen appears. Continue to step 4 to configure the wireless LAN. If you have the Citadel CL-100 or the Citadel CL-200, continue to step 6 to complete the Citadel Wizard.
Page 25 Chapter 4: Getting Started In the SSID field, enter a name for the wireless LAN. See Wireless LAN (Citadel CL-100W and Citadel CL-200W only), page 34, for more information about SSID. To prevent others from finding your wireless network, select Block broadcast SSID.
Page 26: Setting Up Pcs On The Lan For Internet Access
Citadel CL Series Security and Network Appliance User Manual A message appears to confirm that the quick setup completed successfully. See Chapter 5: Configuring the Citadel, page 22 to continue configuring the Citadel. Note: If you have a wireless LAN, continue setting up the wireless LAN from Interface ->...
Page 27 Chapter 4: Getting Started Configure the IP address pool of your DHCP server to exclude the IP address set for the Citadel's LAN connection by removing it from the pool of available addresses. For example, if you are using the default settings for the Citadel's LAN connection, the pool of IP address for the DHCP server might be 192.168.1.2 –...
Page 28 Citadel CL Series Security and Network Appliance User Manual Click Internet Protocol (TCP/IP) and then click Properties. (Under Windows 95/98/Me, click TCP/IP -> [NIC's Name]; if there are multiple entries, click the IP Address tab and then click Properties). The Internet Protocol (TCP/IP) Properties dialog box is displayed. Select Obtain an IP address automatically and Obtain DNS server address automatically.
Page 29 Chapter 4: Getting Started Click Use the following IP address and fill in the information as follows: • IP address: Use an address matching the Citadel's LAN connection setting. For example, if the Citadel's default setting is used, the PC should fall in the IP address range of 192.168.1.2 –...
Page 30: Chapter 5: Configuring The Citadel
Citadel CL Series Security and Network Appliance User Manual Chapter 5: Configuring the Citadel Interfaces When configuring the interfaces for the Citadel, you set the LAN connection and the WAN (Internet) connection. For the Citadel CL-200 and the Citadel CL-200W models, you also set up a second WAN connection or a demilitarized zone (DMZ).
Page 31: Wan Connection
Chapter 5: Configuring the Citadel Figure 3: LAN IP Address Screen The following parameters can be configured: Option Description LAN IP Address The IP address of Citadel's LAN connection. The default setting is 192.168.1.1. Subnet Mask The subnet mask of the LAN IP address, which indicates the net mask of the LAN.
Page 32: Figure 4: Wan Ip Address Setting Screen For Pppoe/Adsl Connection
Citadel CL Series Security and Network Appliance User Manual PPPoE/ADSL Configuration When PPPoE/ADSL is selected, the following WAN IP Address Setting screen appears. (There are additional settings at the bottom of this screen, which are not shown in the figure below.) Figure 4: WAN IP Address Setting Screen for PPPoE/ADSL Connection Interfaces...
Page 33 Chapter 5: Configuring the Citadel The following parameters can be configured: Option Description Ping Check Runs a Ping test that detects whether or not the gateway is accessible. Some ISPs deny Ping requests. If this is the case, clear this option. For example, if you find that the working status of the Internet connection indicator on the front panel of the Citadel is normal, but the Internet is not...
Page 34: Figure 5: Multi-Pppoe Screen Section
Citadel CL Series Security and Network Appliance User Manual You configure the multiple PPPoE connections in the Multi-PPPoE box on the WAN tab. Figure 5: Multi-PPPoE Screen Section Option Description Username The username provided by the ISP for an additional PPPoE connection. Password The password provided by the ISP for the above username.
Page 35: Figure 6: Wan Ip Address Setting Screen For Dhcp Connection
Chapter 5: Configuring the Citadel DHCP Configuration A DHCP connection is often used with cable networks. One of the advantages of this type of connection is that the configuration details are obtained automatically from the DHCP server. After configuring the connection, you may also need to configure the L2TP dialer as well.
Page 36: Figure 7: Dhcp Information Screen
Citadel CL Series Security and Network Appliance User Manual The following parameters can be configured: Option Description Load Balance Weight (For Citadel CL-200 and Citadel 200W only) Distributes the traffic and load for the two WAN connections according to this value. The default value is 128.
Page 37 Chapter 5: Configuring the Citadel The following parameters are displayed in the DHCP screen: Parameter Description IP Address The IP address of the WAN port provided by ISP. Subnet Mask The Subnet mask of the IP address. Default Gateway The IP address of the default gateway that enables the Citadel CL to access a remote network.
Page 38: Figure 8: Wan Ip Address Setting Screen For Static Ip Connection
Citadel CL Series Security and Network Appliance User Manual Static IP Configuration When Static IP is selected, the following WAN IP Address Setting screen appears. Figure 8: WAN IP Address Setting Screen for Static IP Connection Option Description Load Balance Weight (For Citadel CL-200 and Citadel 200W only) Distributes the traffic and load for the two WAN connections according to this value.
Page 39: Figure 9: Mac Address Clone
Chapter 5: Configuring the Citadel Option Description Ping Check Runs a Ping program that detects whether or not the gateway is accessible. Some ISPs deny Ping requests. If this is the case, clear this option. For example, if you find that the working status of the Internet connection indicator on the front panel of the Citadel is normal, but the Internet is not...
Page 40: Wan2 And Dmz Ports
Citadel CL Series Security and Network Appliance User Manual Note: A secondary WAN IP address belongs to the same WAN. You configure secondary WAN IP addresses in the Secondary WAN IP box on the WAN tab. Figure 10: Secondary WAN IP Address Screen The following parameters can be configured: Option Description...
Page 41: Figure 11: Working Mode Screen For Choosing Wan2 Or Dmz
Chapter 5: Configuring the Citadel When you click the WAN2-DMZ tab, the WAN2-DMZ screen appears: Figure 11: Working Mode Screen for Choosing WAN2 or DMZ The following options are available in the Working Mode box: Option Description WAN2 An additional WAN port. See WAN Connection, page 23, for information on how to configure the port.
Page 42: Wireless Lan (Citadel Cl-100W And Citadel Cl-200W Only)
Citadel CL Series Security and Network Appliance User Manual Option Description Demilitarized zone. A small subnetwork that sits between a trusted internal network, such as a corporate private LAN, and an untrusted external network, such as the public Internet. Typically, the DMZ contains devices accessible to Internet traffic, such as Web (HTTP) servers, FTP servers and SMTP (mail-relay) servers.
Page 43: Figure 12: Wireless Lan Screen
Chapter 5: Configuring the Citadel When you click the WLAN tab, the Wireless Setup screen appears. Figure 12: Wireless LAN Screen The following parameters can be configured: Option Description Enable Wireless LAN Enables the wireless LAN to be configured. When this option is cleared, you need to reboot the Citadel to complete the procedure of disabling the wireless LAN.
Page 44 Citadel CL Series Security and Network Appliance User Manual Option Description SSID A 32-character string that differentiates Wireless LAN access points (APs) from each other. By default, the SSID is set to “Citadel-SN”. (SN is the serial number of the Citadel). The SSID is also referred to as the “ESSID”...
Page 45 Chapter 5: Configuring the Citadel Option Description Passphrase A text string of up to 32 characters that automatically generates the four WEP keys. WEP-64bits key: 10 hexadecimal digits (0~9, a~f, and A~F) WEP-128bits key: 26 hexadecimal digits (0~9, a~f, and A~F) Default Key Specifies which one of the four WEP keys should be used to transmit data on the wireless LAN.
Page 46: Modem Connection
Citadel CL Series Security and Network Appliance User Manual Modem Connection You may connect an external modem to the Citadel through its serial port. This modem can serve as a back-up connection in case the DNS server fails and as a remote access server for workstations dialing in to the network from an off-site location.
Page 47 Chapter 5: Configuring the Citadel Option Description Parity The options for the parity check are: Odd, Even or None. The default setting is None. Stop bits The default setting is 1 bit. The avaiable options are: 1 bit or 2 bits. RTS/CTS Enable or disables the hardware flow control.
Page 48: Figure 14: Internet Connection Backup Screen
Citadel CL Series Security and Network Appliance User Manual Internet Connection Backup The external modem can back up the ADSL or Cable line. If the Citadel is in back- up mode, you can see that the external modem is active and that nothing else is active on the Home page of the Web Management Console.
Page 49 Chapter 5: Configuring the Citadel Option Description Always Online Keeps the narrowband Internet connection even after the broadband Internet connection is restored. This option is only available when Enable Internet connection backup is selected. Maximum Transmission Unit. The largest physical packet size, measured in bytes, that a network can transmit.
Page 50: Figure 15: Remote Access Server Screen
Citadel CL Series Security and Network Appliance User Manual Remote Access Server Setup The Citadel can be configured as a Remote Access Server through the serial port. This enables remote users to connect to the office network even when there is no access to an ADSL or a broadband connection.
Page 51 Chapter 5: Configuring the Citadel Option Description Authentication Scheme The method by which the Citadel verifies the validity of remote users dialing into the local network. The three options are: None: A username or password is not • required by the Citadel. It is simple to use but not secure.
Page 52: Load Balancing
Citadel CL Series Security and Network Appliance User Manual If PAP or CHAP is selected as an authentication method, the user account needs to be created and configured correctly. Option Description Username A username provided by your office for dial-in user authentication.
Page 53 Chapter 5: Configuring the Citadel Option Description Enable Load Balance Enables load balancing between the two WAN ports. The Citadel distributes the traffic according to the load balance weight value defined when configuring the WAN and WAN2 ports. See WAN Connection, page 23, for more information.
Page 54: Dynamic Host Configuration Protocol (Dhcp) Server
Citadel CL Series Security and Network Appliance User Manual Dynamic Host Configuration Protocol (DHCP) Server A Dynamic Host Configuration Protocol (DHCP) server dynamically provides protocol configuration parameters, such as IP addresses, a default gateway, and a DNS server, to hosts running a DHCP client. The Citadel can function as a DHCP server when enabled to do so.
Page 55 Chapter 5: Configuring the Citadel Option Description IP Pool Ending Address The ending IP address in the pool. If the IP address range in the pool is 192.168.1.2-192.168.1.254, enter 192.168.1.254 here. Default Lease Time The amount of time the dynamic IP address is (seconds) enabled to be valid for a specific workstation.
Page 56: Static Lan Ip Allocation
Citadel CL Series Security and Network Appliance User Manual Static LAN IP Allocation You can assign static IP address to specific LAN users, which means that the DHCP server will always assign the same IP address to specific hosts, based on their MAC address.
Page 57: Dhcp Clients And Lease Times
Chapter 5: Configuring the Citadel Option Description Allocated LAN IP The static IP address allocated to the LAN user specified above. Note: This IP address must belong to same network segment as the IP addresses in the address pool of the DHCP server.
Page 58: Dynamic Domain Name Service (Ddns)
Citadel CL Series Security and Network Appliance User Manual Dynamic Domain Name Service (DDNS) The Dynamic Domain Name Service (DDNS) establishes a map between a permanent Internet domain name and a dynamic IP address. It is useful for those who have no static, public IP address. When the IP address changes, the update is immediately sent to the DDNS server and the relevant domain name record is updated accordingly.
Page 59 Chapter 5: Configuring the Citadel Option Description Third Party DDNS Service The third-party DDNS service. The available options are: dyndns and dhs. Username The username assigned by the third party DDNS service provider. Password The password associated with the above username.
Page 60: Firewall
Citadel CL Series Security and Network Appliance User Manual Firewall The firewall enables you to control both incoming and outgoing traffic. You may restrict the access from the LAN to the Internet and protect the local network from external attacks. Firewall Rules Group You first create the firewall rules group before creating the rules that belong to it.
Page 61 Chapter 5: Configuring the Citadel The following parameters can be configured: Option Description Rules Group Name A descriptive name for the firewall rules group. Temporarily disabled Temporarily disables the selected rules group. By disabling the group, you automatically disable all the rules in this group. Effective Time Period Limits this rules group only to the defined period.
Page 62: Firewall Rules
Citadel CL Series Security and Network Appliance User Manual Firewall Rules After creating a new firewall rules group, you define firewall rules consistent with your own network security policy. Multiple firewall rules are saved inside a single firewall rules group. Firewall rules can accept, reject, or drop packets based on pre-defined rules.
Page 63 Chapter 5: Configuring the Citadel The following parameters can be configured: Option Description Descriptive Name The name for the firewall rule. It is recommended that to use a meaningful name that includes the action the rule performs. For example, such a name may be AcceptHTTP. The length of the name is limited to 18 characters.
Page 64 Citadel CL Series Security and Network Appliance User Manual Option Description Destination IP The destination IP address or host name of the Address/Hostname traffic. To restrict the IP address format, refer to the description of the Source IP Address/Hostname option in this table. IP Protocol The protocol type of the traffic.
Page 65: Network Address Translation (Nat) Configuration
Chapter 5: Configuring the Citadel The following buttons appear below the rules list table: Button Description Delete Deletes the selected firewall rule. Move up, Move down Moves the selected firewall rule up or down. The place of the firewall rule in the list determines which rule is executed first.
Page 66: Figure 22: Port Address Translation Screen
Citadel CL Series Security and Network Appliance User Manual When you sekect NAT in the navigation pane, the Port Address Translation screen appears: Figure 22: Port Address Translation Screen The Enable Port Address Translation option is the only option available. By default, it is enabled.
Page 67: Virtual Server
Chapter 5: Configuring the Citadel Multi-NAT By default, all NAT requests are forwarded to the Internet through any port of the Citadel. With Multi-NAT, you can assign a specific port of the Citadel to handle NAT requests from a specific network segment. Figure 23: Multi-NAT Screen The following parameters can be configured: Option...
Page 68: Figure 24: Virtual Server Screen
Citadel CL Series Security and Network Appliance User Manual When you click the Virtual Server tab, the Virtual Server screen appears: Figure 24: Virtual Server Screen The following parameters can be configured: Option Description Enable Virtual Server When enabled, selected incoming traffic to the WAN port is redirected to a specified IP address that provides specified services, such as WWW, Telnet, POP3, and FTP.
Page 69: Virtual Dmz
Chapter 5: Configuring the Citadel Option Description Port The port number provided by the host as a service port. This field may be blank if a port range is defined in the Incoming Port field. Protocol The protocol used. The options are TCP and UDP.
Page 70: Vpn Configuration
Citadel CL Series Security and Network Appliance User Manual The following parameters can be configured: Option Description Enable Virtual DMZ Enables an IP address on the LAN to function as a virtual DMZ. Public IP Address A valid public IP address. Usually, it is one of the WAN/WAN2 interface IP address.
Page 71: Pptp Vpn
Chapter 5: Configuring the Citadel PPTP VPN The Citadel can function as a PPTP VPN Server to enable remote access to your office's LAN, without having to expose LAN devices to the Internet. The PPTP VPN Server supports both Windows and Linux VPN clients. When you select PPTP VPN in the navigation pane, the PPTP VPN Server screen appears: Figure 26: PPTP VPN Server Screen...
Page 72 Citadel CL Series Security and Network Appliance User Manual Option Description Local IP Address A free IP address from the same network segment specified above. This IP address is used as the virtual gateway for the remote VPN clients. For example, you can specify 192.168.1.1 in this field.
Page 73: Figure 27: Pptp User Account Screen
Chapter 5: Configuring the Citadel PPTP User Account To connect to the PPTP server, the remote user needs a username and password. You set up this user account in the PPTP User Account screen. Figure 27: PPTP User Account Screen The following parameters can be configured: Option Description...
Page 74 Citadel CL Series Security and Network Appliance User Manual PPTP Connections The PPTP Connection table is located at the bottom of the PPTP User Account screen and lists all active VPN connections between the server and the clients. After configuring the PPTP VPN on the Citadel, remote users need to create and then configure PPTP connections on their computers.
Page 75 Chapter 5: Configuring the Citadel Click Next to continue. The Network Connection Type window is displayed. Choose Connect to the network at my workplace and then click Next. The Network Connection window is displayed. VPN Configuration...
Page 76 Citadel CL Series Security and Network Appliance User Manual Choose Virtual Private Network connection and click Next. The Connection Name window is displayed. Enter your company name and then click Next. The VPN Server Selection window is displayed. VPN Configuration...
Page 77 Chapter 5: Configuring the Citadel Enter the IP address or the hostname of the Citadel's WAN (Internet) connection. The Completing the New Connection Wizard window is displayed. (Optional) Select Add a shortcut… to create a shortcut to this connection on your desktop.
Page 78 Citadel CL Series Security and Network Appliance User Manual On the Security tab, select Advanced (custom settings) and then click Settings…. The Advanced Security Settings dialog box is displayed. Do one of the following: • To configure a non-encrypted connection, continue to step 5. •...
Page 79 Chapter 5: Configuring the Citadel In the Advanced Security Settings dialog box, choose the following options: • Data encryption type should be Optional encryption (connect even if no encryption). • In the Logon security box, select Allow these protocols and then select Microsoft CHAP Version 2 (MS-CHAP v2).
Page 80 Citadel CL Series Security and Network Appliance User Manual In the Advanced Security Settings dialog box, choose the following options: • The data encryption type should be Require encryption (disconnect if server declines) or Maximum strength encryption. • In the Logon security box, select Allow these protocols and then select Microsoft CHAP Version 2 (MS-CHAP v2).
Page 81 Chapter 5: Configuring the Citadel On the Networking tab, select PPTP VPN from the Type of VPN dropdown list. From the This connection uses the following items list, select Internet Protocol (TCP/IP) and then click Properties. Select Advanced…. The Internet Protocol (TCP/IP) Properties dialog box is displayed. VPN Configuration...
Page 82 Citadel CL Series Security and Network Appliance User Manual On the General tab, clear the Use default gateway on remote network check box. Click OK and then click OK again to accept the configuration. Enter your username and password as configured on Citadel's PPTP VPN screen and click Connect to establish the PPTP connection.
Page 83: L2Tp Vpn
Chapter 5: Configuring the Citadel L2TP VPN The Citadel can function as an L2TP client, which establishes a VPN connection through a third-party L2TP server. Note: Before configuring the L2TP client, you need to configure a cable WAN connection (DHCP) and an L2TP server with a user account and other relevant parameters.
Page 84 Citadel CL Series Security and Network Appliance User Manual L2TP Tunnel Option Description Tunnel name The descriptive label/name of the L2TP tunnel. Interface The designated interface, either WAN1 or WAN2. Server IP address The public IP address or valid domain name of the L2TP server provided by the ISP.
Page 85: Ipsec Vpn
Chapter 5: Configuring the Citadel IPSec VPN An IPSec VPN connection safely connects two network connections over the Internet. When you select IPSec VPN in the navigation pane, the IPSec VPN screen appears: Figure 29: IPSec VPN Screen Notes: On the IPSec VPN screen, fill in all the options from Tunnel Name through Remote Network Subnet Mask.
Page 86 Citadel CL Series Security and Network Appliance User Manual The following parameters can be configured: Option Description Enable IPSec VPN Enables the Citadel to function as an IPSec VPN. Maximum Transmission Unit. You may change this value according to your application needs.
Page 87 Chapter 5: Configuring the Citadel Option Description Authentication There are two authentication options: Pre- shared Key and RSA Digital Signature. Pre-shared Key: Need to enter a text string • known as a passphrase. Both ends of the IPSec tunnel need to use the same passphrase.
Page 88: Figure 30: Rsa Digital Key Configuration On The Ipsec Vpn Screen
Citadel CL Series Security and Network Appliance User Manual The following box appears at the bottom of the IPSec VPN screen: Figure 30: RSA Digital Key Configuration on the IPSec VPN Screen ➣ To generate an RSA digital key In the RSA Digital Key box at the bottom of the IPSec VPN screen, select the bit size of the key from the Bits dropdown list.
Page 89: Quality Of Service (Qos) Traffic Shaping
Chapter 5: Configuring the Citadel Quality of Service (QoS) Traffic Shaping Quality of Service (QoS) traffic shaping enables more efficient use of existing network resources and guarantees that critical applications receive high quality service over networks. It does so by prioritizing network traffic through a specified interface.
Page 90: Figure 32: Qos Traffic Shaping Configuration Box On The Qos Traffic Shaping Screen
Citadel CL Series Security and Network Appliance User Manual When you select QoS in the navigation pane, the QoS Traffic Shaping screen appears: Figure 32: QoS Traffic Shaping Configuration box on the QoS Traffic Shaping Screen The following parameters can be configured: Parameter Description Interface...
Page 91: Profile Definition
Chapter 5: Configuring the Citadel Parameter Description Traffic Shaping Method None: Disables QoS traffic shaping. • Auto: Implements traffic shaping • automatically with built-in policies. Class-Based Queue: Implements traffic • shaping with policies defined by the user. Profile Definition (For Class-Based Queue Traffic Shaping Only) The network administrator first needs to identify the network's mission-critical applications and then create a dedicated traffic profile for each application or group of applications.
Page 92: Traffic Definition
Citadel CL Series Security and Network Appliance User Manual Parameter Description Bandwidth The percentage of bandwidth assigned to the traffic profile. Priority There are 7 priority levels, where 1 is the highest priority. Queues are transferred based on their priority level when there is not enough bandwidth.
Page 93: Advanced Features
Chapter 5: Configuring the Citadel The following parameters can be configured: Parameter Description Classifies traffic according to the ToS field of the IP packet. Enter a number between 1 and 7 to classify the packet. IP Protocol The type of IP packets. Available options are: Any, TCP, UDP, ICMP, IGMP and Protocol No.
Page 94: Security
Citadel CL Series Security and Network Appliance User Manual Security The built-in security mechanisms of Citadel can repel various DoS attacks effectively including: Ping of Death, Tear Drop, SYN Flooding, Fragment Bomb and more. When you click the Security tab, the Security screen appears: Figure 35: Security Screen The following parameters can be configured: Parameter...
Page 95: Diagnostics
Chapter 5: Configuring the Citadel Parameter Description Ping Speed Limitation The allowed ping frequency to prevent ping attacks. The default setting is 1 ping/second. It is recommended to maintain the default settings. 0 indicates no limitation. Diagnostics The Citadel provides two diagnostics tools to measure connectivity from within the router itself as opposed to connectivity through a workstation.
Page 96: Routing
Citadel CL Series Security and Network Appliance User Manual The following parameters can be configured: Parameter Description Remote Machine The IP address or hostname of the remote machine. Note: If the hostname is used, the Citadel gets the IP address according to the DNS server set on the WAN tab.
Page 97 Chapter 5: Configuring the Citadel The following parameters can be configured: Parameter Description Destination IP Address The IP address of destination network or host. Example: 192.168.3.0/255.255.255.0 is for a network address; 192.168.2.1/255.255.255.255 is for a specific host address. Netmask A proper subnet mask associated with the IP address above.
Page 98: Simple Network Management Protocol (Snmp)
Citadel CL Series Security and Network Appliance User Manual The following Dynamic Routing box and Route Table box are displayed in the lower part of the Routing screen: Figure 38: Dynamic Routing and Route Table Boxes There is only one option available, Enable Dynamic Routing, which enables the dynamic routing protocol.
Page 99: Figure 39: Snmp Screen
Chapter 5: Configuring the Citadel Note: The Citadel supports SNMP v1 and v2. When you click the SNMP tab, the SNMP screen appears: Figure 39: SNMP Screen The following parameters can be configured: Parameter Description Enable SNMP Agent Provides SNMP monitoring capabilities. SNMP Port The port number of the SNMP Agent service port The default port is 161.
Page 100: Email Indication
Citadel CL Series Security and Network Appliance User Manual Parameter Description Read Community Name The read-only SNMP community name. The SNMP management center cannot access your SNMP Agent without the correct Community Name. It acts as a password. Email Indication The “status”...
Page 101: System Settings
Chapter 5: Configuring the Citadel Parameter Description Mail Server Port The port number used by the email server. The default setting is 110. Username/Password The mail account to be monitored on the Mail server. System Settings This section includes the following system settings: •...
Page 102: Time
Citadel CL Series Security and Network Appliance User Manual The following parameters can be configured: Parameter Description Old Password The current password. New Password The new password. The password may include all ASCII characters from "!" to "~" (ASCII code 33 to 126), except "`"...
Page 103: Configuration Settings
Chapter 5: Configuring the Citadel Parameter Description Set Router Time to that of Synchronizes the Citadel's clock to that of a remote NTP Server remote NTP server. There are two available options: Use Citadel NTP Server: Default. • Use the following NTP Server: Enter the •...
Page 104: Log Settings
Citadel CL Series Security and Network Appliance User Manual ➣ To save the current configuration for back-up In the Download Current Configuration box, click the word "HERE". The File Download dialog box is displayed. Name the file and save it. The configuration file is saved with a .cfg file extension.
Page 105: Figure 44: Log Screen
Chapter 5: Configuring the Citadel When you click the Log tab, the Log screen appears: Figure 44: Log Screen System Settings...
Page 106 Citadel CL Series Security and Network Appliance User Manual Sending the Log In the Send Log to Remote Machine box, the following parameters can be configured: Parameter Description Log Server The IP address or domain name of the remote syslog server. Messages are sent in syslog protocol.
Page 107: Upgrade
PC during the upgrade process. For this reason, do not upgrade the firmware when connected to a wireless network. Contact Atera Networks for the latest firmware upgrade. In the Software Upgrade screen, click Browse to locate and select the firmware upgrade file. It is in IMG format.
Page 108: Reboot
Citadel CL Series Security and Network Appliance User Manual Reboot You may reboot the Citadel at anytime or schedule a time for it to automatically reboot. When you click the Reboot tab, the Reboot screen appears: Figure 46: Reboot Screen ➣...
Page 109: Miscellaneous
Chapter 5: Configuring the Citadel Miscellaneous The Citadel can act as a Telnet server to enable you to view information regarding the router. In addition, the Citadel can emit a series of beeps that provide information regarding the status of the router. When you click the Misc tab, the Miscellaneous Settings screen appears: Figure 47: Miscellaneous Settings Screen The following parameters can be configured:...
Page 110: Usb Applications
PC during the upgrade process. For this reason, do not upgrade the firmware when connected to a wireless network. Contact Atera Networks for the latest firmware upgrade. Select System in the navigation pane and then click the Software Upgrade tab.
Page 111: Web Camera
Internet either by viewing streaming videos of what the Webcam captures or by receiving email alerts when motion is detected. Note: Refer to the specifications section of the Citadel product brochure on Atera Networks Website (http://www.ateranetworks.com/Products/citadelCL200W.pdf) for a list of supported Web cameras.
Page 112 Citadel CL Series Security and Network Appliance User Manual The following parameters can be configured: Web Camera Settings Parameter Description Enable Video Streaming Enables the web camera for video streaming. When this option is selected, the Enable Motion Detection option is disabled. Connection Port The port number used by the Citadel, as a server, to communicate with the client.
Page 113: Printer
When a USB printer is connected to the USB port of the Citadel, it acts as a print server so that all LAN users may connect to this printer and share it. Note: Refer to the specifications section of the Citadel product brochure on Atera Networks Website (http://www.ateranetworks.com/Products/citadelCL200W.pdf) for a list of supported USB printers.
Page 114: Figure 49: Printer Screen - Usb Apps Tab
Citadel CL Series Security and Network Appliance User Manual Figure 49: Printer Screen – USB Apps Tab The following parameters can be configured: Parameter Description Enable Print Server Enables the Citadel to serve as a print server. Queue Name The share name of the printer. It is a text string no longer than 32 characters.
Page 115 Chapter 5: Configuring the Citadel The Add Standard TCP/IP Printer Port Wizard appears. Click Next. You are prompted to enter the printer name or IP address and a port name. In the Printer Name box or IP Address box, enter the IP address of the Citadel and then click Next.
Page 116: Storage
USB applications. Note: Refer to the specifications section of the Citadel product brochure on the Atera Networks Website (http://www.ateranetworks.com/Products/citadelCL200W.pdf) for a list of supported USB disks. USB Applications...
Page 117: Figure 50: Disk Management Screen
Chapter 5: Configuring the Citadel When you click the Storage tab, the Disk Management screen appears. Figure 50: Disk Management Screen The following parameters can be configured: Parameter Description Status The current status of the USB disk. The available options are: Invalid, Uninitialized, Mounted, Working, Waiting to be removed, and Disconnected.
Page 118: Users
Citadel CL Series Security and Network Appliance User Manual Users You need to define the users for the FTP and Mail server applications. For each user, a new user account is automatically created, which gives access to the FTP server and the Mail server. Important Note: You may not change a username.
Page 119: Ftp Server
Chapter 5: Configuring the Citadel The following parameters can be configured: Parameter Description Username The name of the user account. You must have a username for the account to be valid. Note: You may not change the username after creating the account. Real name The actual name of the user.
Page 120: Figure 52: Ftp Server Screen
Citadel CL Series Security and Network Appliance User Manual Note: After defining the upload and download speeds, the actual speed ranges from 80% to 120% of these values. For instance, if the defined upload speed is 100kbytes/s, the real upload speed ranges from 80kbytes/s to 120kbytes/s.
Page 121 Chapter 5: Configuring the Citadel Parameter Description Maximum anonymous Maximum speed of an anonymous user account download speed for downloading files. (Kbytes/s) Allow clients to resume Transfers only the remaining part of the file from transmit the point when the file transfer was interrupted. When this option is disabled, the entire file is transferred again.
Page 122: Www Server
Citadel CL Series Security and Network Appliance User Manual Parameter Description Support PASV Enables PASV for the FTP server. By default, it is not enabled. PASV needs to be supported on the client computer as well. Note: When PASV is enabled, the FTP server can support the most popular applications, such as FXP, but is more vulnerable to FXP...
Page 123: Mail Server
Chapter 5: Configuring the Citadel The following parameters can be configured: Parameter Description Enable WWW server Enables the Citadel to function as a WWW server. WWW Server Port The service port used by WWW server. The default setting is 80. Note: The service port cannot be port 10000 since it is in use by Citadel's Web console.
Page 124: Figure 54: Mail Server Screen
Citadel CL Series Security and Network Appliance User Manual Note: The user accounts created on the Users tab automatically become valid user accounts for the Email server. For example, the user account sysadmin automatically has the email address: sysadmin@mail.mydomain.com. When you click the Mail Server tab, the Mail Server screen appears: Figure 54: Mail Server Screen USB Applications...
Page 125 Chapter 5: Configuring the Citadel Mail Server Configuration The following parameters can be configured for the Email server. Parameter Description Enable Mail Server Enables the Citadel's to function as an Email server. The Citadel supports two Email server protocols: POP3 (Post Office Protocol 3) and SMTP (Simple Mail Transmission Protocol).
Page 126 Citadel CL Series Security and Network Appliance User Manual Access List You may decide which emails are forwarded or rejected from defined domain names. The following parameters can be configured for the access list: Parameter Description Match All or part of a domain name. For example, yahoo.com or .com.
Page 127 Chapter 5: Configuring the Citadel Parameter Description Incoming mail server The email user account and password for the defined email server. Select or clear the Remember password and Log on using Secure Password Authentication options according to your network policy. Outgoing mail server Select or clear the My server requires authentication option according to your...
Page 128 Citadel CL Series Security and Network Appliance User Manual USB Applications...

This manual is also suitable for:

Cl-100w Cl-200w Cl-200

Atera CL-100 User Manual

Chapter 1: Introduction

Chapter 2: Specifications

Chapter 3: User Interface Elements and Basic Functions

Chapter 4: Getting Started

Chapter 5: Configuring the Citadel

Quick Links

User Manual

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Summary of Contents for Atera CL-100

This manual is also suitable for:

Table of Contents