HotBrick VPN 800 / 2 User Manual

Dual wan firewall router

Advertisement

Quick Links

Dual WAN Firewall Router
VPN 800 / 2
User's Guide
HotBrick Network Solutions

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the VPN 800 / 2 and is the answer not in the manual?

Questions and answers

Summary of Contents for HotBrick VPN 800 / 2

  • Page 1 Dual WAN Firewall Router VPN 800 / 2 User’s Guide HotBrick Network Solutions...
  • Page 3: Table Of Contents

    IPSec Global Setting ...51 Policy Setup ...53 7: QOS CONFIGURATION ………………………………………………………………………………….58 Overview ………………………………………………………………………………………………...58 QoS Setup ...58 Policy Configuration...59 8: MANAGEMENT ASSISTANT ...61 Overview...61 SNMP ...61 Email Alert ...62 Syslog ...64 Admin Password ...66 Upgrade Firmware ...67 ABLE OF ONTENTS HotBrick Network Solutions...
  • Page 4 APPENDIX B WINDOWS TCP/IP SETUP ...78 Overview...78 TCP/IP Settings ...78 APPENDIX C TROUBLESHOOTING...84 Overview...84 General Problems ...84 Internet Access ...84 Copyright 2004. All Rights Reserved. Document Version: 1.4 All trademarks and trade names are the properties of their respective owners. HotBrick Network Solutions...
  • Page 5: 1: Introduction

    1: Introduction Congratulations on the purchase of your new HotBrick VPN 800/2 Firewall Router. The VPN 800/2 Firewall Router provides Shared Broadband Internet Access and VPN tunnels for LAN users. Internet Features • Shared Broadband Internet Access All LAN users can access the Internet through the VPN 800/2 Firewall Router, by sharing one (1) or two (2) Broadband modems and connections.
  • Page 6 • System Filter Exception With firewall exception, the packets will not be processed by firewall or NAT module, but be processed directly by system protocol stack. HotBrick Network Solutions Page 2...
  • Page 7: Other Features

    Internet phone, videoconference, etc. • UPnP To “Enable” UpnP (Universal Plug & Play), the load balancer will become one of the network devices. It is useful to discovery and control network devices, such as Internet gateway. HotBrick Network Solutions Page 3...
  • Page 8: Package Contents

    Yellow: Error Green Flash: LAN Active Yellow: Error Blinking – Data in/out Reset Button When pressed the reset button around 3 seconds, and release it. The VPN 800/2 Firewall Router will reset to factory default value. HotBrick Network Solutions Page 4...
  • Page 9 WAN, LAN Status LEDs flash alternatively. WAN & LAN LEDs flash concurrently. Caution: To re-plug the VPN 800/2 Firewall Router,it should be apart from unplug time more than 20 seconds. HotBrick Network Solutions Condition Firmware Download in progress. MAC address not assigned. Page 5...
  • Page 10 Enter the LAN IP address of the VPN 800/2 Firewall Router in the "Server IP" field. • Click "Download" to send the file to the VPN 800/2 Firewall Router. 3. When downloading is finished. It should then work normally, using the default settings. HotBrick Network Solutions Page 6...
  • Page 11 Save the current configuration settings to your PC (use the "Upload" button). • Restore a previously saved configuration file to the VPN 800/2 Firewall Router (use the "Download" button). • VPN 800/2 Firewall Router to its default values (use the "Set to Default" button). HotBrick Network Solutions Page 7...
  • Page 12: 2: Basic Setup

    Basic Setup of your HotBrick VPN 800/2 Firewall Router involves the following steps: 1. Attach the HotBrick VPN 800/2 Firewall Router to one (1) PC, and configure it for your LAN. 2. Install your HotBrick VPN 800/2 Firewall Router in your LAN, and connect the Broadband Modem or Modems.
  • Page 13 8. After the login, you will then see the Admin Password screen, as shown below. Assign a password by entering it in the "Password" and "Verify Fields. Figure 2-2: Home Screen (Admin Password) VPN 800 /2 HotBrick Network Solutions Page 9...
  • Page 14 "C") networks. For other networks, use the Subnet Mask for the LAN segment to which the VPN 800/2 Firewall Router is attached (the same value as the PCs on that LAN segment). Figure 2-3: LAN & DHCP Page 10 HotBrick Network Solutions...
  • Page 15 If Sniffed, the IP address was detected by examining the LAN, rather than allocated by the DHCP Server. In this case, the Name is usually not known. • Time Left – The time expired since which IP address is leased. HotBrick Network Solutions Page 11...
  • Page 16 2. Installing the HotBrick VPN 800/2 Firewall Router in your LAN 1. Ensure the HotBrick VPN 800/2 Firewall Router and the DSL/Cable modem are powered OFF. Leave the modem or modems connected to their data line. 2. Connect the Broadband modem or modems to the VPN 800/2 Firewall Router.
  • Page 17 Backup – Use this if you have a broadband modem on each port, and wish to normally use only one. Select Enable for the primary port, and Backup for the secondary port. The Backup port will only be used if the primary port fails. HotBrick Network Solutions Page 13...
  • Page 18 MAC address expected by your ISP in this field. Otherwise, this should be left at the default value. Setup of the HotBrick VPN 800/2 Firewall Router is now complete. PCs on your LAN must now be configured. See the following section for details.
  • Page 19 3. Select the Connection tab, and click the Setup button. 4. Cancel the pop-up "Location Information" screen. 5. Click Next on the "New Connection Wizard" screen. 6. Select "Connect to the Internet" and click Next. HotBrick Network Solutions Page 15...
  • Page 20: Macintosh Clients

    To access the Internet via the VPN 800/2 Firewall Router, it is only necessary to set the VPN 800/2 Firewall Router as the "Gateway", and ensure your Name Server settings are correct. Ensure you are logged in as "root" before attempting any changes. HotBrick Network Solutions Page 16...
  • Page 21 3. Select the "Interface" entry for your Network card. Normally, this will be called "eth0". 4. Click the Edit button, set the "protocol" to "DHCP", and save this data. 5. To apply your changes Use the "Deactivate" and "Activate" buttons, if available. OR, restart your system. HotBrick Network Solutions Page 17...
  • Page 22: 3: Advanced Port Setup

    WAN ports. It can also be used to manually connect or disconnect a PPPoE session. Otherwise, this screen can be ignored. • Advanced PPTP setup is required if using the PPTP connection method. Port Options Figure 3-1: Port Options Page 18 HotBrick Network Solutions...
  • Page 23: Port Options

    ARP Table – ARP table is used by the device to determine the bridge hosts’ location (eg, inside/outside wan and which wan) its’ size can be adjusted if needed. Page 19 HotBrick Network Solutions traffic from bridge hosts(eg. raffic from bridge hosts (eg. Load...
  • Page 24: Load Balance

    HotBrick Network Solutions Load Balance This screen is only operational if using Internet connections on both WAN ports. Figure 3-2: Load Balance These settings are only functional if using both WAN ports. If using both WAN ports, these settings determine the proportion of traffic sent over each port.
  • Page 25 Use the "Restart Counters" button to restart these counters when required. • Buttons Update – Save the settings on this screen. • Refresh – Update the data on screen. • Restart Counters – Restart the counters used in the "Interface Statistics" section. HotBrick Network Solutions Page 21...
  • Page 26: Advanced Pppoe

    IP Address – If you have a fixed IP address, enter if here. Otherwise, this field should be left at 0.0.0.0. • Host Name – This field is used by a Host to uniquely associate an access concentrator to a particular Host request. Figure 3-3: Advanced PPPoE Page 22 HotBrick Network Solutions...
  • Page 27 Action Use the "Connect" and "Disconnect" buttons to establish or terminate a connection on this session, if required. This displays the current connection status for each session. Connection Status HotBrick Network Solutions Page 23...
  • Page 28: Advanced Pptp

    Otherwise, this field should be left at 0.0.0.0. Action Use the "Connect" and "Disconnect" buttons to establish or terminate a connection on this session, if required. Connection This displays the current connection status. Status Figure 3-4: Advanced PPTP Page 24 HotBrick Network Solutions...
  • Page 29: 4: Advanced Setup

    PC to use DHCP (Windows calls this "Obtain an IP address automatically") while gaining the benefits of a fixed IP address. The PC's IP address will never change, so it can be provided to other people and applications. HotBrick Network Solutions Page 25...
  • Page 30 "obtain an IP address automatically") while having an IP address, which never changes. • Reserved IP – Enter the IP address you wish to reserve, if the setting above is Enable. Otherwise, ignore this field. Figure 4-1: Host IP Setup Page 26 HotBrick Network Solutions...
  • Page 31 Update – Use this to update the selected entry, after making the desired changes. • Reset – Reverse any changes you have made since loading the data from the VPN 800/2 Firewall Router. Host & Group This table shows the current bindings. List HotBrick Network Solutions Page 27...
  • Page 32: Virtual Server

    VPN 800/2 Firewall Router's Internet IP Address (the IP Address allocated by your ISP). e.g. http://205.20.45.34 ftp://205.20.45.34 • To Internet users, all virtual Servers on your LAN have the same IP Address. This IP Address is allocated by your ISP. Figure 4-2: Virtual Servers Page 28 HotBrick Network Solutions...
  • Page 33 Server software. Each PC should have a fixed IP address, or have a reserved IP address. (See the Host IP section earlier in this chapter for details on reserving an IP address.) Figure 4-3: Virtual Server Page 29 HotBrick Network Solutions...
  • Page 34: Custom Virtual Server

    Server software. Each PC should have a fixed IP address, or have a reserved IP address. (See the Host IP section earlier in this Chapter for details on reserving an IP address.) Page 30 HotBrick Network Solutions...
  • Page 35 Add – Create a new Special Application entry. Delete – Delete the selected entry. Update – Save any changes you have made to the current entry. Cancel – Cancel any changes you have made since the last save operation. Page 31 HotBrick Network Solutions...
  • Page 36: Special Application

    To edit an existing entry, select it from this list, and click the "Select" button. The data for the selected application will then be displayed in the Special Application Configuration section. Make any required changes, and then click the "Update" button. Page 32 HotBrick Network Solutions...
  • Page 37 Also, when 1 PC is finished using a particular Special Application, there may need to be a "Time- out" period before another PC can use the same Special Application. • If an application still cannot function correctly, try using the "DMZ" feature, if possible. HotBrick Network Solutions Page 33...
  • Page 38: Dynamic Dns

    ISP, which makes it difficult to connect to you. You must register for the Dynamic DNS service. The VPN 800/2 Firewall Router supports 4 types of service providers: • Hotbrick dynamic DNS is available at: http://www.hotbrick.dns4biz.com/hotbrick.php3 • TZO at http://www.tzo.com •...
  • Page 39 • Disable – Dynamic DNS is not used. • DNS4BIZ Hotbrick Premium – It provides reliability for normal business requirement. • DNS4BIZ Hotbrick Business – Designed for VPN connections & mission critical applications your DNS service is hosted on dedicated high-end servers with 24/7 Monitoring to ensure the highest possible availability &...
  • Page 40 • Enable backup MX – If enabled, you must enter the Mail Exchanger address below. • Mail Exchanger – If the setting above is enabled, enter the address of the backup Mail Exchanger. HotBrick Network Solutions Page 36...
  • Page 41: Multi Dmz

    HotBrick Network Solutions Multi DMZ This feature allows each WAN port IP address to be associated with one (1) computer on your LAN. All outgoing traffic from that PC will be associated with that WAN port IP address. Any traffic sent to that IP address will be forwarded to the specified PC, allowing unrestricted 2-way communication between the "DMZ PC"...
  • Page 42 IP address.) Access Group You can decide the users to have the authority of using DMZ, by define the groups. Direction For DMZ, you can allow inbound, outbound only, or both inbound and outbound both. HotBrick Network Solutions Page 38...
  • Page 43: Upnp

    You can find out there is an icon show up on network neighborhood on the window XP OS. Every time you add a new network device with port mapping, The new network device will appear on the mapping list. Figure 4-8: UPnP Page 39 HotBrick Network Solutions...
  • Page 44: Nat

    NAT Alias For each alias entry, the Wan IP acts as an alias IP of the host with Local Lan IP to internet via the specified WAN port for the specified Protocol packets Figure 4-9: NAT Page 40 HotBrick Network Solutions...
  • Page 45: Advanced Features

    ISP account. These settings are only useful if using both WAN ports. • Protocol & Port Binding – This allows you binding WAN1 or WAN2 ports by selecting TCP/UDP protocol. Figure 4-10: Advanced Feature Page 41 HotBrick Network Solutions...
  • Page 46 DNS. To avoid DNS loopback problem, please enter the Loopback following fields. • Domain Name – Enter the domain name specified by you for local host/server. • Private IP – Enter the private IP address of your local host/server. HotBrick Network Solutions Page 42...
  • Page 47 • This example assumes the WAN IP Address is 123.123.123.123, and the port number is 8080. • If using the Dynamic DNS feature, you can connect using the domain name allocated to you. e.g. HTTP://my_domain_name.dyndns.org:8080 HotBrick Network Solutions Page 43...
  • Page 48: 5: Security Management

    IP address is checked against IP address entries on this screen. • Note that a single IP address may host many Web sites. Entering the IP address on this screen will block all Web sites hosted on that IP address. HotBrick Network Solutions Page 44...
  • Page 49 • Block Internet Enable/Disable – Use this to Enable or Disable each setting, as required. Access • Block URL/IP/Keyword – Enter the URL, IP address or keyword you wish to block. Figure 5-1: Block URL Page 45 HotBrick Network Solutions...
  • Page 50: Access Filter

    Hosts on the Host IP screen. If you wish to apply different restrictions on different Groups, select the desired Group, and click the "Select" button. The screen will update with data for the selected Group. Page 46 HotBrick Network Solutions...
  • Page 51 Port No. Range – Enter the range of port numbers used by the service you wish to block. If only a single port is required, enter it in both fields. Page 47 HotBrick Network Solutions...
  • Page 52: Session Limit

    Maximum in the sampling time, any new session of the host will be dropped for the pause time. Pause Time Within the pause time, no new session of the suspended host could be served by system.( Default is 5 minutes) Figure 5-3: Session Limit Page 48 HotBrick Network Solutions...
  • Page 53: System Filter Exception

    Foreign Port Range - Select foreign port number range directly process by system protocol stack. If enable check box. Device Port Range - Select device port number range directly process by system protocol stack. If enable check box. Figure 5-4: System Filter Exception Page 49 HotBrick Network Solutions...
  • Page 54: 6: Vpn Configuration

    VPN products are not interoperable. Although the VPN 800/2 Firewall Router can interoperate with many other VPN products. It is not possible for VPN 800/2 Firewall Router to provide specific technical support for every other product. HotBrick Network Solutions Page 50...
  • Page 55: Ipsec Global Setting

    HotBrick Network Solutions IPSec Global Setting Figure 6-1: IPSec Global Setting Page 51...
  • Page 56 Force Deletion after Expiry – Once SA get expired, tunnel will be removed and related resources will be released to the system. Log Level It is a VPN Log Level. Select a VPN log level that you like to display on VPN log. HotBrick Network Solutions Page 52...
  • Page 57: Policy Setup

    HotBrick Network Solutions Policy Setup Policy Setup Figure 6-2: Policy Setup Page 53...
  • Page 58 Packets authentication proves that data comes from source you think it comes from. There are three authentications available. MD5, SHA1 and SHA2. Data encryption makes the data unreadable if intercepted. There are three encryption method available; DES/3DES and AES. The default is null. Page 54 HotBrick Network Solutions...
  • Page 59 HotBrick Network Solutions Key Management Key – Key Type: there are two key types (manual key and auto key) available for the key exchange management. Manual Key: If manual key is selected, no key negotiation is needed. AutoKey (IKE)- There are two types of operation modes can be used.
  • Page 60 If you like to utilize one of the wan port as a backup or plan failover function, you can enable Dead Peer Detection function. Check Method – You can either choose ICMP, Heartbeat, detecting the remote site VPN tunnel if it is alive or not Figure 6-3: IPSec Policy Options Page 56 HotBrick Network Solutions...
  • Page 61 HotBrick Network Solutions Set Options NetBIOS Broadcast- This is used to forward NetBIOS broadcast across the Internet. Auto Trigger–This is help to keep up the IPSec connection tunnel. It can be re-established immediately, if a connection is dropped and detected. Anti Replay – It ensures to keep track of IP packet-level security in order.
  • Page 62: 7: Qos Configuration

    HotBrick Network Solutions 7: QoS Configuration Overview The VPN 800/2 Firewall Router provides QoS, which supports the high quality of network service. Because it will classify outgoing packets based on some policies defined by users, make some real-time applications to get better response or performance.
  • Page 63: Policy Configuration

    Overwrite policy priority – Choose “yes” to set the priority of TOS field in IP packet overwrite the priority defined in policy configuration Policy Configuration When you use QoS, you must define some policies to make some packets to have higher priority to pass through. Figure 7-2: Policy Configuration Page 59 HotBrick Network Solutions...
  • Page 64 Source Port – Define the source port of packets here. • Destination Port – Define the destination port of packets here. • Priority Queue – It defines a packet if it meets all conditions defined above, it will be serviced with some priority level. HotBrick Network Solutions Page 60...
  • Page 65: 8: Management Assistant

    This section is only useful if you have SNMP (Simple Network Management Protocol) software on your PC. If you have SNMP software, you can use a standard MIB II file with the VPN 800/2 Firewall Router. Figure 8-1: SNMP Page 61 HotBrick Network Solutions...
  • Page 66: Email Alert

    Email (SMTP) Server Address – It is an email server address the warning email will be sent to. Email Recipient Address – It is an email address of system administrator the email will be sent to. Figure 8-2: Email Alert Page 62 HotBrick Network Solutions...
  • Page 67 This feature is useful to prevent ICMP attack from WAN or LAN. It will drop Notification the packets if the ping times are excessive the threshold value. It will send email to the administrator, if email is enabled. HotBrick Network Solutions Page 63...
  • Page 68: Syslog

    HotBrick Network Solutions Syslog This feature can send real time system information on the web page or to the specified PC. Syslog Configuration – Syslog Configuration allow you where to send system information to other machine or not. There are up to three machines you can choose to send your system log.
  • Page 69 Debug is the highest one. SNTP Configuration Time Zone – You can setup system up time using SNTP ( Simple Network Time Protocol), and there are 3 SNTP server that you can define on the SNTP configuration. HotBrick Network Solutions Page 65...
  • Page 70: Admin Password

    • Enter "Admin" for the User Name. • Enter the password for the VPN 800/2 Firewall Router, as set on the Admin Password screen above. Figure 8-4: Admin Password Screen Figure 8-5: Password Dialog Page 66 HotBrick Network Solutions...
  • Page 71: Upgrade Firmware

    You also can do firmware upgrade by input the correct password and the file name of your firmware. Remember do not Reset or Restart the device while update new firmware, because it may cause system to crash. Figure 8-6: Upgrade Firmware Page 67 HotBrick Network Solutions...
  • Page 72: 9: Advanced Lan Configuration

    If you don't have other Routers or Gateways on your LAN, you can ignore the Routing page completely. • If your LAN has other Gateways and Routers, you must configure the Static Routing screen as described below. You also need to configure the other Routers. Figure 9-1: Routing Page 68 HotBrick Network Solutions...
  • Page 73: Configuring Other Routers On Your Lan

    Router as the Default Route or Default Gateway, as illustrated by the example below. Static Routing - Example Segment 1 (192.168.2.xx) Router B (192.168.2.90) (192.168.2.80) (192.168.1.100) Router A (192.168.3.70) Segment 2 (192.168.3.xx) Figure 9-2: Routing Example Page 69 HotBrick Network Solutions Segment 0 (192.168.1.xx) (192.168.1.1)
  • Page 74 Network Mask Gateway IP Address Metric For Router B's Default Route Destination IP Address Network Mask Gateway IP Address Interface Metric 192.168.2.0 255.255.255.0 192.168.1.100 192.168.3.0 255.255.255.0 (Standard Class C) 192.168.1.100 0.0.0.0 0.0.0.0 192.168.1.1 0.0.0.0 0.0.0.0 192.168.2.80 Page 70 HotBrick Network Solutions...
  • Page 75: 10: Operation And Status

    HotBrick Network Solutions 10: Operation and Status Operation Once both the VPN 800/2 Firewall Router and the PCs are configured, operation is automatic. However, there are some situations where additional Internet configuration may be required: Refer to Chapter 4 - Advanced Features for further details.
  • Page 76 System UpTime – The time since the system of a device was last Statistics reinitialized. • CPU Usage – The current usage percentage of CPU. • Memory Usage – The current usage percentage of Memory (Heap & Queue). HotBrick Network Solutions Page 72...
  • Page 77: Restore Factory Defaults

    ALL of your settings will be erased. • The default IP address, password and ALL other settings will be restored to the factory default values. • The DCHP server function will be enabled. Figure 10-2: Restore Factory Defaults Page 73 HotBrick Network Solutions...
  • Page 78: Wan Status

    WAN port. • "Check NAT Detail" will display the NAT Status screen, described below. This section displays cumulative statistics. Interface Statistics Use the "Restart Counter" button to restart these counters when required. Figure 10-3: WAN Status Page 74 HotBrick Network Solutions...
  • Page 79: Nat Status

    Mask Address – The Network Mask (Subnet Mask) for the IP Address above NAT Timeouts This displays the current timeout values for TCP and UDP connections. TCP Prosperity This displays the MSS (Maximum Segment Size) and Maximum Windows size for TCP packets. Figure 10-4: NAT Status Page 75 HotBrick Network Solutions...
  • Page 80 This displays the current number of active connections. For further details, click the "View Connection" list button. Errors Statistics are displayed for Checksum errors, number of retries, and number of bad packets. Misc. This displays the total IP packets and reserved address. HotBrick Network Solutions Page 76...
  • Page 81: Appendix A Specifications

    Appendix A Specifications Model Hotbrick VPN 800/2 Firewall Router Dimensions 120mm (W) x 427mm (D) x 43.4mm (H) Operating 0° C to 40° C Temperature Storage -10° C to 70° C Temperature Network TCP/IP Protocol: Network 10 Ethernet: Interface: 8 * 10/100BaseT (RJ45) auto-Switching Hub ports for LAN devices...
  • Page 82: Appendix B Windows Tcp/Ip Setup

    1. Select Control Panel - Network. You should see a screen like the following: 2. Select the TCP/IP protocol for your network card. 3. Click on the Properties button. You should then see a screen like the following. Figure B-1: Network Configuration Page 78 HotBrick Network Solutions...
  • Page 83 Add, as shown below. (Your LAN administrator can advise you of the IP Address they assigned to the VPN 800/2 Firewall Router.) Figure B-2: IP Address (Win 95) Figure B-3: Gateway Tab (Win 95/98) Page 79 HotBrick Network Solutions...
  • Page 84: Checking Tcp/Ip Settings - Windows

    Figure B-5: Network Configuration (Win 2000) 3. Select the TCP/IP protocol for your network card. 4. Click on the Properties button. You should then see a screen like the following. Figure B-4: DNS Tab (Win 95/98) Page 80 HotBrick Network Solutions...
  • Page 85 • If the DNS Server fields are empty, select Use the following DNS server addresses, and enter the DNS address or addresses provided by your ISP, then click OK. Figure B-6: TCP/IP Properties (Win 2000) Page 81 HotBrick Network Solutions...
  • Page 86: Checking Tcp/Ip Settings - Windows Xp

    HotBrick Network Solutions Checking TCP/IP Settings - Windows XP: 1. Select Control Panel - Network Connection. 2. Right click the Local Area Connection and choose Properties. You should see a screen like the following: Figure B-7: Network Configuration (Windows XP) 3.
  • Page 87 LAN administrator can advise you of the IP Address they assigned to the VPN 800/2 Firewall Router.) • If the DNS Server fields are empty, select Use the following DNS server addresses, and enter the DNS address or addresses provided by your ISP, then click OK. HotBrick Network Solutions Page 83...
  • Page 88: Appendix C Troubleshooting

    If the VPN 800/2 Firewall Router is configured correctly, check your Internet connection (DSL/Cable modem etc) to see that it is working correctly. Problem 2: Some applications do not run properly when using the VPN 800/2 Firewall Router. HotBrick Network Solutions Page 84...
  • Page 89 If this does solve the problem you can use the DMZ function. This should work with most applications, but: • It is a security risk, since the firewall is disabled for the DMZ PC. • Only one (1) PC can use this feature. HotBrick Network Solutions Page 85...

This manual is also suitable for:

Vpn 800/2

Table of Contents