1. Manuals
  2. Brands
  3. Multitech Manuals
  4. Firewall
  5. RouteFinder RF850
  6. User manual

Multitech RouteFinder RF850 User Manual

Multi-tech routefinder rf850: user guide
Hide thumbs Also See for RouteFinder RF850:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Reference Manual
®
RouteFinder
Internet Security Appliance
RF850
RF860
User Guide

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the RouteFinder RF850 and is the answer not in the manual?

Questions and answers

Related Manuals for Multitech RouteFinder RF850

Summary of Contents for Multitech RouteFinder RF850

  • Page 1 ® RouteFinder Internet Security Appliance RF850 RF860 User Guide...
  • Page 2 Furthermore, Multi-Tech Systems, Inc. reserves the right to revise this publication and to make changes from time to time in the content hereof without obligation of Multi-Tech Systems, Inc. to notify any person or organization of such revisions or changes.

  • Page 3: Table Of Contents

    Setting Up HTTP Proxy and URL Filtering ... 38 Chapter 6 – RouteFinder Software ... 41 Menu Bar ... 41 Administration ... 42 Administration > System Setup ...42 Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Contents Table of Contents...
  • Page 4 DHCP Server > Subnet Settings ...101 DHCP Server > Fixed Addresses...101 Tracking ... 102 Tracking > Accounting...102 Tracking > Update Services ...103 Tracking > Backup ...105 Tracking > Version Control...107 Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Table of Contents...
  • Page 5 Appendix D – Hardware Upgrades & Add-ons and Software Add-ons ... 162 Hardware Upgrades and Add-ons ... 162 Software Add-ons ... 163 Appendix E – RouteFinder Maintenance ... 164 Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Table of Contents...
  • Page 6 Appendix F – Ordering Accessories ... 166 SupplyNet Online Ordering Instructions...166 Appendix G – Multi-Tech Systems, Inc. Warranty, Repairs and Replacement Policies ... 167 Appendix H – Regulatory Compliance ... 169 Appendix I – License Agreements... 171 GNU GENERAL PUBLIC LICENSE...173 URL Content Filtering End-User License Agreement ...175...

  • Page 7: Chapter 1 - Product Description And Specifications

    The Quick Start Guide is intended to provide the experienced system administrator the information needed to quickly get the RouteFinder up and running. The User Guide with more detailed information is provided on the RouteFinder CD or the Multi-Tech Systems, Inc. Web site.

  • Page 8: Safety Warnings

    The battery has an estimated life expectancy of ten years. When it starts to weaken, the date and time may be incorrect. If the battery fails, send the board back to Multi-Tech for battery replacement.

  • Page 9: Ship Kit Contents

    RouteFinder hard drive. Note: If any of these items are missing, contact Multi-Tech Systems or your dealer or distributor. Inspect the contents for signs of any shipping damage. If damage is observed, do not power up the RouteFinder; contact Technical Support at Multi-Tech Systems, Inc. for advice.

  • Page 10: Typical Applications

    The RouteFinder provides a full- featured firewall based on Stateful Packet Inspection technology and NAT protocol to provide security from intruders attempting to access the office LAN. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 1 – Product Description and Specifications...

  • Page 11: Specifications

    QoS/Bandwidth Allocation PPPoE DHCP Client/Server User Authentication (Web Access) Live Updates Warranty Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 1 – Product Description and Specifications RF850 10/100BaseT (LAN, WAN, WAN2/DMZ) 512MB (can be upgraded to a total of 2GB)
  • Page 12 Power & Physical Description Power - Voltage & Frequency Power Consumption Physical Description Operating Environment Approvals Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 1 – Product Description and Specifications RF850 100-240v AC, 50-60 Hz 42 Watts +12Vdc @ 3.5A Dimensions: 12"...

  • Page 13: Chapter 2 - Installation And Setup

    (LAN on eth0) Network Card connected to the external network (WAN on eth1) Network Card connected to the WAN2 / DMZ (eth2) Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) IP Address Net Mask ___.___.___.___ ___.___.___.___ ___.___.___.___ ___.___.___.___...

  • Page 14: Front Panel

    RouteFinder is booting up, saving the configuration, restarting, or updating the firmware. Power Lights when power is being supplied to the RouteFinder. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 2 – Installation and Setup Blinks when it is receiving or transmitting data.

  • Page 15: Basic Connections

    RouteFinder as shown below. It is up to you to provide the bracket-to-rack mounting screws. Use the rack manufacturer’s documentation and procedures to safely and securely install the RouteFinder into the rack. RouteFinder Shown from the Back Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 2 – Installation and Setup...

  • Page 16: Setting Up A Workstation And Starting The Routefinder

    Click Start | Settings | Control Panel. Double-click the Network Connections icon. The Network Connections screen displays. Right-click the Local Area Connection icon and choose Properties from the drop down list. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 2 – Installation and Setup...
  • Page 17 Close out of the Control Panel. Repeat these steps for each PC on your network. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 2 – Installation and Setup Once you click the Properties button, the following screen displays. To have your DHCP client obtain a dynamic IP address, click the button for Obtain an IP address automatically.

  • Page 18: Open A Web Browser

    Be sure to type https (http will not work). Note: Make sure your PC’s IP address is in the same network as the router’s IP address. IPCONFIG is a tool for finding a computer’s default gateway and MAC address. In some environments, one or more Security Alert screen(s) may display. At the following Security Alert screen, click Yes and follow any additional on-screen prompts.

  • Page 19: Web Management Software Opens

    When you click one of the Menu Bar buttons, the first sub-menu option displays. You can choose other sub-menu screens by clicking the screen name in the sub-menu list. This is an example of the Networks & Services sub-menu. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 2 – Installation and Setup Other...

  • Page 20: Screen Buttons

    Packet Filters Accounting Packet Filter Update Services Rules Backup ICMP Version Control Advanced Enable/Disable Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 2 – Installation and Setup Proxy Network Setup HTTP Proxy Interface Custom Filters SMTP Proxy PPPoE...

  • Page 21: Chapter 3 - Configuration Using Web Management Software

    System Setup Submenu and first screen listed on the submenu (System Setup) display when you click on your Menu choice (Administration) System Time Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 3 – Configuration Using Web Management Software...

  • Page 22: Second Configuration Step - Using The Wizard Setup

    It is suggested that you read the legal information and license agreements before beginning the configuration. This information can be found in the RouteFinder User Guide on the RouteFinder CD. RouteFinder Initial Configuration Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E)

  • Page 23: The Wizard Setup Screen - Configuration Example

    Enter the WAN IP Address. This is the PUBLIC STATIC IP address. Set this option based on information provided by your ISP. Example: 204.26.122.103 Change the Gateway IP address. This is the IP address of the router that connects to the Internet. Example: 204.26.122.1 Place a checkmark in the Packet Filter Rule LAN-ANY-ANY-ACCEPT box to enable the rule.

  • Page 24: Chapter 4 - Configuration Examples

    Mask. For this example, enter the following: Name: Remote-LAN IP Address: 192.168.25.0 Subnet Mask: 255.255.255.0 Click Add to add the network to the list. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Side A Chapter 4 – Configuration Examples Side B...

  • Page 25: Vpn Setup

    Click the VPN Status check box to enable IPSec. Then click the Save button. Select Add IKE Connection by clicking the corresponding Add button. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 4 – Configuration Examples Example 1, Side A...
  • Page 26 The VPN > IPSec Status screen displays; this time showing the newly-created VPN tunnel. Important Note: Make sure to check the Status box for this VPN tunnel in order to activate it. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 4 – Configuration Examples Example 1, Side A...
  • Page 27 Click Add to add the network to the list Note: The same address/mask pair should not be present in the current list displayed on the screen. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 4 – Configuration Examples Example 1, Side B Side B...
  • Page 28 Click the VPN Status check box to enable IPSec. Then click the Save button. Select Add an IKE Connection by clicking the corresponding Add button. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 4 – Configuration Examples Example 1, Side B...
  • Page 29 The VPN > IPSec Status screen displays; this time showing the newly-created VPN tunnel. Important Note: Make sure to check the Status box for this VPN tunnel in order to activate it. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 4 – Configuration Examples Example 1, Side B...

  • Page 30: Example 2 - Set Up Two Routefinders Behind A Nat Device

    Name: RF850-LAN IP Address: 65.126.90.248 Subnet Mask: 255.255.255.255 Click the Add button to add the new network to the list. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 4 – Configuration Examples Example 2, Side A Side B...
  • Page 31 Click on the VPN Status check box to enable IPSec. Then click the Save button. Select Add an IKE Connection by clicking the corresponding Add button. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 4 – Configuration Examples...
  • Page 32 The VPN > IPSec Status screen displays; this time showing the newly-created VPN tunnel. Important Note: Make sure to check the Status box for this VPN tunnel in order to activate it. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 4 – Configuration Examples Example 2, Side A...
  • Page 33 Name: RF850-LAN IP Address: 192.168.10.0 Subnet Mask: 255.255.255.0 Click the Add button to add the new network to the list. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 4 – Configuration Examples Example 2, Side B Side B...
  • Page 34 Click on the VPN Status check box to enable IPSec. Then click the Save button. Select Add an IKE Connection by clicking the corresponding Add button. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 4 – Configuration Examples...
  • Page 35 The VPN > IPSec Status screen displays; this time showing the newly-created VPN tunnel. Important Note: Make sure to check the Status box for this VPN tunnel in order to activate it. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 4 – Configuration Examples Example 2, Side B...

  • Page 36: Example 3 - Remote Client-To-Lan Configuration Using Dnat And Aliasing

    Add User Defined Packet Filter Rules LAN – ANY – ANY – Accept ANY – Telnet – Win2k_Pro – Accept ANY – Telnet – Win2k_Server – Accept Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 4 – Configuration Examples Example 3...

  • Page 37: Example 4 - Client-To-Lan Configuration Using Pptp Tunneling

    IPSec Live Log. You will see the connection up and running (if connected), and you will see the statistics related to the data being sent across the tunnel. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 4 – Configuration Examples...

  • Page 38: Chapter 5 - Url Categorization

    If you check and Save Transparency, User Authentication is not available. The Transparency option is not shown on this screen since it was not checked and User Authentication was selected. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 5 – URL Categorization...
  • Page 39 Save. These fields are now visible: URL Categories (allowed / filtered) and Networks / Hosts to bypass URL Filtering. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) The URL License number must be entered on the Administration > Chapter 5 – URL Categorization...
  • Page 40 If you decide you do not want one or more of the networks/hosts bypassing the filter, select the name and click the Delete button. The name moves back into the Available Networks/Host box. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 5 – URL Categorization...

  • Page 41: Chapter 6 - Routefinder Software

    If you close the browser while configuring the RouteFinder, the last session stays active until the end of the time-out, and no new administrator can log in. The timeout period is set at Administration > Administrative Access > Time Before Automatic Disconnect. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Menu Bar...

  • Page 42: Administration

    You can delete the entry and change it at any time, if desired. At least one email address must be entered in this field. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Administration > System Setup...
  • Page 43 Messages, IPSec Debug Messages, IKE Debug Messages, Kernel Messages, Web Access Messages, Boot Messages, Cron Messages, Daemon Messages, and PPTP Debug Messages. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) SMTP/POP3 Messages, SNTP/UUCP/FTP Messages, SMTP Debug Chapter 6 – RouteFinder Software...

  • Page 44: Administration > Ssh

    RouteFinder to shut down and you will have to manually reboot. For manual reboot instructions, see Administration > Restart > Manual Restart. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Administration > System Setup...

  • Page 45: Administration > Sntp Client

    Enter the IP address of the SNTP Server for which the firewall will contact to synchronize its clock. Then click the Save button. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) The options in the drop-down box are different when Load Balancing is Chapter 6 –...

  • Page 46: Administration > Administrative Access

    When Load Balancing is disabled, the options are: Any, LAN, WAN, DMZ, WAN Interface, DMZ Interface Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Administration > Administrative Access The options in the drop-down box are different when Load Balancing is...

  • Page 47: Administration > Change Root Password

    Password field, enter the new password into the New Password field, and confirm the new password by re- entering it in the Confirmation field. The default password is root. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software...

  • Page 48: Administration > Site Certificate

    When the certificate has been added to the Root Store, the Completing the Certificate Manager Import Wizard displays. Click Finish. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) If you access Administration Access with https://192.168.10.1, the Host Chapter 6 – RouteFinder Software...

  • Page 49: Administration > License Key

    License Key and serial number information in order for us to update your RouteFinder. • With a valid License Key, you are entitled to use Multi-Tech’s Update service and support. AntiVirus License Key The AntiVirus license key can be purchased from Multi-Tech sales support. Enter the license key.

  • Page 50: Administration > Intrusion Detection

    Detection for the WANLINK1. Then click the Save button. • Network Intrusion Detection for WANLINK2: Detection for the WANLINK2. Then click the Save button. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Administration > Intruder Detection...
  • Page 51 Services menu. After the rules are defined/selected, click the Add button. The commands can be deleted by clicking Delete under the Command option. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Administration > Intruder Detection...

  • Page 52: Administration > Tools

    Host entry field (e.g., port 25 for SMTP). Timeout Specify the time that packets can exist. Packet Size Specify the number of data bytes to be sent. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Administration > Tools...
  • Page 53 "Close the PING Statistics Window to A Sample" PING log is shown below. Trace Route Trace Route is a tool for finding errors in the network routing. It lists each router’s addresses on the way to remote systems. If the path for the data packets is temporarily unavailable, the interruption is indicated by asterisks (*).
  • Page 54 Forcing the DDNS to update more than 5 times without a change in the IP address will result in the IP address being blocked at the DDNS server. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software...

  • Page 55: Administration > System Scheduler

    This will change all the settings you have modified. You may want to record current settings for referencing later on. You have the option to Clear All Logs before resetting the factory defaults. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Administration > System Scheduler...

  • Page 56: Administration > User Authentication > Local Users

    You can edit or delete entries in the table by highlighting the desired entries and clicking Edit or Delete under Command. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Administration > User Authentication > Local Users...

  • Page 57: Administration > User Authentication > Radius & Sam

    It also manages technical information needed for the communication of the router with the equipment of the caller. This includes, for example, the protocols used, IP addresses, telephone numbers, timeouts, routes, etc. Together they create a user profile that is stored in a file or a database on the RADIUS server.
  • Page 58 Enter the address of the Backup Domain Controller. Save After entering the above parameters, click the Save button. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Administration > User Authentication > RADIUS & SAM This is not an Internet domain (e.g., Company.com) but a simple If you are using SAM authentication, you should deactivate the Chapter 6 –...

  • Page 59: Administration > Version Information

    In the worst case, data could be lost. Since the RouteFinder is now also checking the consistency of the file system, it may have to restart up to three times. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Administration >...

  • Page 60: Networks & Services

    Confirm your entries by clicking the Add button. After clicking the Add button, the Networks you have setup display on the lower part of the screen. Example: Name RemoteLAN RemoteWAN_IP 204.26.122.3 Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) IP Address Subnet Mask Options 192.168.100 255.255.255.0 255.255.255.255...
  • Page 61 Mac address filtering (destination IP address) on the Packet Filters > Advanced screen Remote Gateway IP and Remote LAN dropdown boxes on the VPN > IPSec > IKE screen Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Networks &...

  • Page 62: Networks & Services > Services

    Specifies the ICMP type. It is displayed if the type of protocol is ICMP and the ICMP Type is Redirect Network, Network Unreachable, or Time to Live Exceeded. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software...
  • Page 63 Network Intrusion Detection SNAT Add rule DNAT Add rule Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Add packet filter rules MAC Address Based Filtering Add specific services for Network Intrusion Detection Chapter 6 – RouteFinder Software Networks & Services > Services...

  • Page 64: Networks & Services > Network Groups

    Deleting Networks from a Group Networks can be deleted from the newly created group by clicking the Delete Network button. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Networks & Services > Network Groups...

  • Page 65: Networks & Services > Service Groups

    Deleting Services from a Group Services can be deleted from the newly created group by clicking the Delete Service button. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Networks & Service > Service Groups...

  • Page 66: Proxy

    No unassigned networks can use the HTTP proxy if the proxy is configured in the browser. • You must set up the RouteFinder internal IP and port 3128 • User Authentication is possible only in non-transparent mode. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Proxy...

  • Page 67: Proxy > Http Proxy

    To enable one or any combination of these filters, check the box. Click the corresponding Save button each time you enable a filter. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Proxy > HTTP Proxy...
  • Page 68 HTTP Proxy. This take precedence over the status for all networks/hosts. HTTP Transparent Networks Listed When Load Balancing Is Disabled HTTP Transparent Networks Listed When Load Balancing Is Enabled Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Networks (Allowed or Denied) Network Setup >...
  • Page 69 Allow and Filter buttons will move a URL Category from Allowed to Filtered box and back again. Categories are setup and controlled by a URL filtering software program built into your RouteFinder. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Proxy > HTTP Proxy > URL Categorization...
  • Page 70 When the HTTP proxy functions in non-transparent mode, then the authentication mechanism through which the user can be authentication can be configured. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Proxy > HTTP Proxy > User Authentication...

  • Page 71: Proxy > Http Proxy > Custom Filters

    Users from Net2 trying to access google.com will not be allowed to access the site. • Users from any other network will be allowed/denied access based on the URL Categorization rules. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Proxy > HTTP Proxy > Custom Filters...

  • Page 72: Proxy > Smtp Proxy

    SMTP is disabled. The RouteFinder processes up to 25 incoming SMTP connections simultaneously preventing Denial of Service (DoS) attacks. The 26 not accepted. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Proxy > SMTP Proxy...
  • Page 73 SMTP proxy. If a valid virus license scanner license key is not entered, this option will not be displayed. An anti-virus license must be purchased from Multi-Tech in order to use virus protection, and the license can be uploaded to the RouteFinder from the Administration > License Keys screen.
  • Page 74 All outgoing mail is then forwarded via the SMTP proxy of the RouteFinder. All settings are immediately active and are preserved after leaving the Proxies > SMTP menu. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Proxy > SMTP Proxy...

  • Page 75: Proxy > Smtp Proxy > Smtp Spam Filtering

    SMTP SPAM Filtering On this screen the SPAM filtering parameters can be set so that all incoming and outgoing emails sent to the internal mail server(s) will go through the SPAM filtering process. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E)
  • Page 76 Exclamation mark (!): Bypass the SPAM check for this entry alone. Example: All email from or to the domain abc.com will be stopped except for test@abc.com: Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Proxy > SMTP Proxy > SMTP SPAM Filtering testuser@routefinder.yourdomain.com *@abc.com...
  • Page 77 The address should be RFC compliant. This is a mandatory field if you checked the Remote SMTP Spam Quarantine Status box. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Proxy > SMTP Proxy > SMTP SPAM Filtering 234.com...

  • Page 78: Proxy > Pop3 Proxy

    Enter the address of the POP3 Virus Email Account. All POP3 virus quarantined emails will be forwarded to this account. Click the Save button. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Proxy > POP3 Proxy...

  • Page 79: Proxy > Pop3 Proxy > Pop3 Spam Filtering

    Once you enter the ID and click the Add button, the ID displays in a list below the entry field. You may enter more than one email ID, and each ID can be deleted. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software...
  • Page 80 “as is" is to be searched for in the email, add the words as is. If the entry is to be used as a regular expression, the entry should be enclosed in < >. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Proxy > POP3 Proxy > POP3 SPAM Filtering Asterisk (*) is a general pattern-matching character.

  • Page 81: Proxy > Pop3 Advanced Configuration

    1080. Almost all clients will default to this port setting, so it normally does not need to be configured. Note: All changes in Proxy become effective immediately without additional notice. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Proxy > POP3 Proxy > Advanced Configurations Proxy > SOCKS Proxy...
  • Page 82 The left box contains SOCKS users and the right box consists of all the local users who are not allowed to access SOCKS. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Proxy > SOCKS Proxy...

  • Page 83: Proxy > Dns Proxy

    This is a list of all the networks which are allowed to access the DNS proxy. Any other requests are not forwarded to the DNS proxy. Note: You can delete these networks at any time. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Proxy > DNS Proxy...

  • Page 84: Network Setup

    The description is for clarity purposes and is used in all further configurations. Make sure that the RouteFinder IP address is entered as the default gateway in the protected networks. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software...

  • Page 85: Network Setup > Interface

    Chapter 6 – RouteFinder Software Network Setup > Interface Network Setup > Interface Network Setup > Interfaces Screen (with Load Balancing Disabled) Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E)
  • Page 86 IP Address: Subnet Mask: Primary DNS Address: Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) If the gateway address and DNS addresses are assigned by a The length of the Host Name should not be greater than 64 characters. For...
  • Page 87 A DMZ (De-militarized Zone) is a special LAN on the public network side of a firewall to allow a single WAN router to support both private (VPN) and public access to resources. Using a DMZ allows one IP Address (computer) to be exposed to the Internet. Some applications require multiple TCP/IP ports to be open.

  • Page 88: Network Setup > Ppp

    If the checkbox Enable IP is checked, the IP address has to be entered in this field. Save Click Save to activate these settings. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Network Setup > PPP...

  • Page 89: Change Your Country/Region Code

    The country/region code displays: Example: Country/Region AT Command (hexadecimal) Result code (decimal) Euro/NAM A list of country/region codes can be found on the Multi-Tech Web site at: http://www.multitech.com/PRODUCTS/Categories/Device_Networking/global_modems/approvals.asp Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software AT%T19,0,34 (default) Network Setup >...

  • Page 90: Network Setup > Pppoe

    Check this box if you want to obtain DNS server addresses from the peer (i.e., the ISP). Save Click Save to activate these settings. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Network Setup > PPPoE...

  • Page 91: Network Setup > Dhcp Client

    If you have Load Balancing enabled, there will be two DHCP Clients: DHCP Client on eth1 and DHCP Client on eth2. Save Click the Save button after enabling this function. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Network Setup > DHCP Client...

  • Page 92: Network Setup > Dynamic Dns (Ddns)

    For example, if you have registered test.dyndns.org, and the IP address assigned to it is resolved to a.b.c.d, all the sub domains (e.g., dns.test.dyndns.org) will also be resolved to a.b.c.d. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Network Setup > Dynamic DNS (DDNS)

  • Page 93: Network Setup > Routes

    Routes. Further entries for networks in which the RouteFinder itself is NOT a member must be made manually (e.g., if there is a second router on the network and a particular network is to be routed to it, for example if the second router is to be responsible for this network).

  • Page 94: Network Setup > Masquerading

    IP address. For all data packets that are to go into the Internet, the IP address of the sender is exchanged for the IP address of the external network card. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software...

  • Page 95: Network Setup > Snat

    The entry is confirmed by clicking the Add button. Existing entries can be deleted or edited by clicking the Edit or the Delete buttons. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software...

  • Page 96: Network Setup > Dnat

    IP-Range ⇒ IP-Range IP ⇒ IP-Range (load balancing) The “way back" (return) translation is done automatically; you do not need a rule for it. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Network Setup > DNAT...

  • Page 97: Network Setup > Load Balancing

    The same IP address cannot be entered for two different interfaces • Assigning of the IP address through PPP dial backup is applicable only for WANLink1 (eth1). Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Network Setup > Load Balancing...
  • Page 98 WANLINK1 to be sent out through WANLINK2 and vice versa. This is important when the WANLINK1 and WANLINK2 subnets are different. To enable spoofing, check the box, and then click the Save button. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Network Setup > Load Balancing...

  • Page 99: Network Setup > High Availability

    Select either Master or Slave to indicate whether the RouteFinder is to act as a Master or Slave in the current cluster. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Network Setup > High Availability...
  • Page 100 Click this button to synchronize the configuration to the peer system. SSH should be enabled on the LAN for the synchronization to work. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Network Setup > High Availability...

  • Page 101: Dhcp Server

    DHCP Server Fixed Addresses Add Fixed Address Enter both a MAC address and an IP address. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software DHCP Server > Subnet Settings DHCP Server > Fixed Addresses...

  • Page 102: Tracking

    VPN Accounting VPN-Based Accounting Check the VPN Accounting Status box to have the VPN status monitored by the accounting function. Click the Save button. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Tracking > Accounting...

  • Page 103: Tracking > Update Services

    RouteFinder. The patterns and URL categories database can also be updated. System Update service uses FTP connections to download packages. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E)
  • Page 104 Virus Update - Livelog After clicking the Virus - Livelog button, a log file of the virus pattern updates will be displayed. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Tracking > Update Services...

  • Page 105: Tracking > Backup

    Once you are sure of the file you want, click the Import button. Passwords will be saved. Note: Backups taken from a previous version cannot be imported. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Tracking > Backup...
  • Page 106 Set the maximum number of backups that you want to be retained in the server. Enter a number between 1-20. Adaptive Database Backup Enables Adaptive Database Backup. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Tracking > Backup...

  • Page 107: Tracking > Version Control

    = no user = root server = /usr/bin/cvs server_args = -f --allow-root=/usr/local/cvs pserver log_on_failure += USERID log_type = FILE /root/bin/temp Restart xinetd Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Tracking > Version Control...

  • Page 108: Packet Filters

    Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Packet Filters > Packet Filter Rules...
  • Page 109 The entries can then be edited. The changes are saved by clicking the Save button. Delete Rules can be deleted by clicking the Delete button. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Packet Filters > Packet Filter Rules To Broadcast on One Network Segment: Open the Networks &...

  • Page 110: Packet Filters > Icmp

    After a successful startup of the RouteFinder, it is recommended that you disable this rule so that the RouteFinder cannot be pinged anymore. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Packet Filters > ICMP...

  • Page 111: Packet Filters > Advanced

    By default, packets from / via the WAN interface of the RouteFinder, destined to any private address, will be dropped. This option allows enabling/disabling of this feature. Click Save when you make a change. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Packet Filters > Advanced...
  • Page 112 The protocol – port part for which the filter rule has to be added. Action Select whether you want the packet to be forwarded or dropped. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Packet Filters > Advanced...

  • Page 113: Packet Filters > Enable/Disable Log

    Check this box to enable the logging of all access requests from private (LAN), service (DMZ), and public (WAN) network clients to send traffic to the RouteFinder itself on the administrative access port. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Packet Filters > Enable/Disable Log...

  • Page 114: Packet Filters > Qos

    In other words, it is based on “best effort” mechanism. IP does not provide a facility to either drop or send packets based on priority – it treats every packet the same. The QoS function adds priority to the dropping/sending of packets. Uplink Bandwidth Options When Load Balancing Is Enabled Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E)
  • Page 115 For level one service rules, network rules will be configurable for level two, and vice versa for the network. This priority indicates the order in which the extra bandwidth is distributed. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software...

  • Page 116: Introduction To Virtual Private Networks

    Click the Add IKE Connection button. A screen displays for setting up an IKE connection. Add Manual Connection Click the Add Manual Connection button. A separate screen displays for setting up a manual connection. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software VPN > IPSec...

  • Page 117: Vpn (Virtual Private Networks)

    VPN endpoints; it must be configured at both endpoints of the tunnel. Select Encryption Select the encryption method. 3DES is recommended. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software VPN > IPSec > Add IKE Connection...

  • Page 118: Vpn > Ipsec

    Check this option to enable broadcasts over the connection. It will allow computers on the network to share Microsoft file and printer sharing information. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software VPN > IPSec > IKE...
  • Page 119 0xhex (a number between 0x100 - 0xfff is recommended). If you have more than one manual connection, then the SPI Base must be different for each one. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software 1.
  • Page 120 Check this option to enable broadcasts over the connection. It will allow computers on the network to share Microsoft file and printer sharing information. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software The VPN firewall box uses 3DES as its encryption algorithm.

  • Page 121: Vpn > X.509 Certificates

    The above concept can be extended to link more than two tunnels, provided they all have one common endpoint. The common endpoint between tunnels is called a hub. The other endpoints are called bridge endpoints. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software VPN > X.509 Certificates VPN > IPSec Bridging...
  • Page 122 If any packet has a specified source and destination network, the packet will be sent encrypted via the tunnel. Note: Packets are sent via the tunnels only if the tunnels are up and running. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software VPN > IPSec Bridging...

  • Page 123: Vpn > Pptp

    Range (the total number of IP addresses that can be assigned to remote clients; e.g., 253) Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) (the first IP address in a range of IP addresses to be assigned to (the last IP address in a range of IP addresses to be assigned to remote Chapter 6 –...
  • Page 124 The names of the users entered above display in this text box. If you wish to delete a name, click the Delete button. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software VPN > PPTP...

  • Page 125: Wizard Setup - Screen Description

    Click the PPPoE button. The corresponding entry fields will display. Enter the ADSL User Name and Password provided by the ISP for the PPPoE connection. DHCP Client When selected, no other fields display. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Wizard Setup...
  • Page 126 It is highly recommended that you change passwords. Save or Cancel When all of the parameters are set, click the Save button to activate them. Your RouteFinder is now configured. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Wizard Setup...

  • Page 127: Statistics & Logs

    Messages that someone should examine, such as why someone is sending UDP packets from port 20 to some arbitrary port above port 1024 (doesn‘t match any known protocol). Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Messages that should cause some action (email the administrator, start Chapter 6 –...

  • Page 128: Statistics & Logs > Uptime

    Interface routes are inserted by the system and cannot be edited. Additional routes can be added in Network Setup > Routes. This is an example of the Statistics & Logs Routing Table report. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Statistics & Logs > Uptime Statistics &...
  • Page 129 SOCK_RDM – This one serves reliably-delivered messages. SOCK_SEQPACKET – This is a sequential packet socket. SOCK_PACKET – Raw interface access socket. UNKNOWN Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Statistics & Logs > Networks TIME_WAIT.
  • Page 130 Process ID (PID) and process name of the process that has the socket open. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) included in the output if you specify - - listening (-I ) or - -all (-a) option.

  • Page 131: Statistics & Logs > Interfaces

    SMTP Status The SMTP Status displays the number of emails in the queue and the number of emails waiting to be processed. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Statistics & Logs > Interfaces...

  • Page 132: Statistics & Logs > Accounting

    Click the Self Monitor Live Log button to open the report, which provides a record of the processes that have been restarted due to possible abnormal termination. Example of a Self Monitor Live Log Report Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Statistics & Logs > Accounting...

  • Page 133: Statistics & Logs > Ipsec

    IP address of the user, and total traffic transmitted and received. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Statistics & Logs > IPSec...

  • Page 134: Statistics & Logs > Packet Filter

    Backup Logs Use this section of the screen to backup your log files or to delete the current log files. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Statistics & Logs > Packet Filter...

  • Page 135: Statistics & Logs > Port Scans

    Search for a pattern in the file • Download the file Click Go. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Statistics & Logs > Port Scan Logs Statistics & Logs > View Logs...

  • Page 136: Statistics & Logs > Http Access

    The report provides IP addresses / user names of the users who have tried to access denied sites. You must configure Proxy > HTTP Proxy > URL Categorization in order to view this report. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Statistics & Logs > HTTP Access...

  • Page 137: Statistics & Logs > Dhcp

    Shows all traffic that is directed at the RouteFinder's currently configured administrative HTTP access port. This log view is enabled on the Administration > Administrative Access screen. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 6 – RouteFinder Software Statistics &...

  • Page 138: Statistics & Logs > Qos

    Statistics & Logs > DDNS Log This screen provides information about the updating of the domain name or IP Address. It lets you know whether the process succeeded or failed on the DDNS Server. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E)

  • Page 139: Chapter 7 - User Authentication Methods

    Accounts. Typically, this is also the case if you are running MS Exchange on your network and you want every valid user to be able to use the proxy services. You should use NT SAM (SMB) user authentication. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 7 – User Authentication Methods Methods...

  • Page 140: Authentication Setup

    You can add groups from the local machine or from Domains in which the RADIUS server is a member. Specify the user name as <DOMAIN>\<USER> for authentication to succeed, if required. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) RADIUS RADIUS server (this will be the "internal"...

  • Page 141: Setting Up Nt/2000 Sam (Smb) Authentication

    <DOMAIN>\<USERNAME>. Otherwise, it will be filled in as the <DOMAIN> part. Caution: Disable the Guest account of your NT domain, since this one will allow Any username/password combination to pass! Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 7 – User Authentication Methods...

  • Page 142: Chapter 8 - Frequently Asked Questions (Faqs)

    In a typical environment, the RouteFinder is installed between the internal network and an external network. Refer to Chapter 1 and 2 of this manual for more information. If DMZ is used, does the exposed user share the public IP with the Router? Yes.
  • Page 143 4. Add one Rule in Packet Filters > Packet Filter Rules: Any NAT_SSH SSH_Server Allow. This way, the destination address of every TCP packet will be translated from a.b.c.d:22 (Firewall) to e.f.g.h:22 (SSH-Server) and back again. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 8 – Frequently Asked Questions (FAQs) New:...
  • Page 144 DES to companies that demonstrate plans to implement key recovery systems in a few years. Today, Triple-DES is exportable under the regulations described above. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 8 – Frequently Asked Questions (FAQs)
  • Page 145 MAC address of this NIC. You can do this in Network Setup > Interface (refer to Chapter 3). Tell your router to send those packets directly to the RouteFinder's interface by adding a static routing entry to the RouteFinder.
  • Page 146 A21. A multi-homed firewall has multiple network interfaces and does not forward packets. Single-homed firewalls have one network interface card. You would use a single-homed firewall with a choke router that filters packets not originating from the SOCKS server. Q22. Is there an RFC for SOCKS? A22.

  • Page 147: Chapter 9 - Troubleshooting

    Default Gateway of the Client PC is correctly configured • verify proper Network Cable installation Check for updates to the product documentation on the Multi-Tech Web site at http://www.multitech.com/DOCUMENTS/. To troubleshoot TCP/IP connections in Windows 2000, use the Ping, Tracert, and Pathping commands. The Ping command sends an Internet Control Message Protocol (ICMP) packet to a host and waits for a return packet, listing the transit time.
  • Page 148 Attach a monitor and keyboard to the RouteFinder for monitoring and debugging (refer to Chapter 5 of this manual for keyboard and monitor connection information). Run the applicable Statistics & Logs function for the RouteFinder's status and performance. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Chapter 9 – Troubleshooting...

  • Page 149: Appendix A - Disposition Of Events For The Routefinder V3

    Figure 4 shows Outbound Access diagram. Figure 5 shows a snapshot of Outbound Access Figure 6 shows a snapshot of Outbound Access with connection tracking. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) For ICSA Certification Based on The Modular Firewall Certification Criteria Baseline module - version 4.0...
  • Page 150 7. kernel: mtrfToFWd – Denotes the packets that are not accepted by the firewall due to security policy violation. These packets are dropped. 8. kernel: mtrfAR – Denotes the accepted HTTP and HTTPS WEB configuration traffic to the firewall . Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Appendix A – Disposition of Events...
  • Page 151 26. FIN – TCP Flag indicates no more data from sender 27. URGP – TCP Urgent pointer 28. PREC – Precedence field II. Inbound Access Log Figure 1 – Inbound Access Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Appendix A – Disposition of Events...
  • Page 152 “CONTROL connection information” for this data connection. • Dnat ip:port = DNATTED ipaddress” for this data connection. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) 192.168.1.76:20:21” Inbound Log 192.168.1.76:21” – This corresponds to the “CONTROL connection’s Inbound Log 192.168.1.76:21”...
  • Page 153 192.168.1.212, on destination port: 32824 Remarks: “Outbound [SRC=192.168.1.212:DST=195.220.108.108:SPORT=32823:DPORT=21]” Outbound – [SRC=192.168.1.212: DST=195.220.108.108: SPORT=32823: corresponds to the CONTROL connection information for this data connection. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Outbound Log Appendix A – Disposition of Events DPORT=21]” – This...
  • Page 154 Figure 9 – Snapshot of To Firewall Dropped Log VI. Administrative Authentication Logs Figure 10 – Snapshot of Administrative Authentication Log Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Outbound Log Appendix A – Disposition of Events DPORT=21]” – This...
  • Page 155 Figure 13 – Snapshot of User Log X. Fragmented Dropped Log Figure 14 – Snapshot of Fragmented Dropped Log XI. ICMP Information Figure 15 – Snapshot of Log with ICMP Information Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E)

  • Page 156: Appendix B - The Routefinder Rescue Kernel

    Links You Will Need During the Install Process Link to Download Windows FTP Server: http://support.jgaa.com Link to Download Windows WinSCP Client: http://winscp.sourceforge.net/eng/ Link to Download Putty Telnet/SSH Client: http://www.chiark.greenend.org.uk/ Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Appendix B – The RouteFinder Rescue Kernel Kernel...
  • Page 157 Configure your RouteFinder with live internet access. Then perform the live update to match the version you were running. Then import the backup configuration file. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Appendix B – The RouteFinder Rescue Kernel...
  • Page 158 Configure your RouteFinder with live internet access. Then perform the live update to match the version you were running. Then import the backup configuration file. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Appendix B – The RouteFinder Rescue Kernel...
  • Page 159 Configure your RouteFinder with live internet access. Then perform the live update to match the version you were running. Then import the backup configuration file. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Appendix B – The RouteFinder Rescue Kernel...

  • Page 160: Appendix C - Table Of Commonly Supported Subnet Addresses

    N.N.N.112 N.N.N.120 N.N.N.128 N.N.N.136 N.N.N.144 N.N.N.152 N.N.N.160 N.N.N.168 N.N.N.176 N.N.N.184 Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Appendix C – Table of Commonly Supported Subnets Hosts Available Broadcast Address N.N.N.1-126 N.N.N.127 N.N.N.129-254 N.N.N.255 Hosts Available Broadcast Address N.N.N.1-62 N.N.N.63...
  • Page 161 N.N.N.208 N.N.N.212 N.N.N.216 N.N.N.220 N.N.N.224 N.N.N.228 N.N.N.232 N.N.N.236 N.N.N.240 N.N.N.244 N.N.N.248 N.N.N.252 Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Appendix C – Table of Commonly Supported Subnets N.N.N.193-198 N.N.N.199 N.N.N.201-206 N.N.N.207 N.N.N.209-214 N.N.N.215 N.N.N.217-222 N.N.N.223 N.N.N.225-230 N.N.N.231 N.N.N.233-238 N.N.N.239...

  • Page 162: Appendix D - Hardware Upgrades & Add-Ons And Software Add-Ons

    Remove the RouteFinder top cover using the procedure earlier in this chapter. Connect the monitor to the RouteFinder back panel DB15 High Density DSUB connector using a DB9-to-DB15 cable. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Appendix D – Hardware Upgrades & Add-ons and Software Add-ons...

  • Page 163: Email Anti-Virus Code

    You will receive renewal notices from Multi-Tech prior to the end of your subscription. The latest virus pattern updates can then be downloaded from the Multi-Tech server. The RouteFinder's auto-update feature lets it connect to the server and automatically download and install these new virus pattern files at user-defined intervals.

  • Page 164: Appendix E - Routefinder Maintenance

    Authentication, Tracking, and Statistics & Logs in Chapter 3). For information on RouteFinder upgrades and add-ons refer to the preceding section, Software Upgrades and Add-ons. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Maintenance Appendix E – RouteFinder Maintenance...
  • Page 165 Several commercial vulnerability scanners may also be used to scan for these vulnerabilities, and the SANS Institute maintains a list of all scanners that provide a focused Top Twenty scanning function at www.sans.org/ Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Appendix E – RouteFinder Maintenance...

  • Page 166: Appendix F - Ordering Accessories

    Appendix F – Ordering Accessories SupplyNet, Inc. supplies replacement transformers, cables, and connectors for select Multi-Tech products. You can place an order with SupplyNet via mail, phone, fax, or the Internet at: Mail: SupplyNet, Inc. 614 Corporate Way Valley Cottage, NY 10989...

  • Page 167: Appendix G - Multi-Tech Systems, Inc. Warranty, Repairs And Replacement Policies

    Multi-Tech Warranty Statement Multi-Tech Systems, Inc., (hereafter “MTS”) warrants that its products will be free from defects in material or workmanship for a period of two, five, or ten years (depending on model) from date of purchase, or if proof of purchase is not provided, two, five, or ten years (depending on model) from date of shipment.

  • Page 168: Repair Procedures For International Distributors

    Repair Procedures for International Distributors International distributors should contact their MTS International sales representative for information about the repair of Multi-Tech product(s). Please direct your questions regarding technical matters, product configuration, verification that the product is defective, etc., to our International Technical Support department at +(763)717-5863.

  • Page 169: Appendix H - Regulatory Compliance

    No repairs are to be made by you. Repairs are to be made only by Multi-Tech Systems or its licensees. Unauthorized repairs void registration and warranty.
  • Page 170 This precaution may be particularly important in rural areas. Caution: Users should not attempt to make such connections themselves, but should contact the appropriate electric inspection authority, or electrician, as appropriate. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Appendix H – Regulatory Compliance...

  • Page 171: Appendix I - License Agreements

    Woodale Drive, Mounds View, MN 55112. This is a legal agreement between you (either an individual or a single entity) and Multi-Tech Systems, Inc. for the Multi-Tech software product enclosed, which includes computer software and may include associated media, printed materials, and "online" or electronic documentation ("SOFTWARE PRODUCT").
  • Page 172 Multi-Tech Systems, Inc. Copies of the Software may be made to replace worn or deteriorated copies, for archival, or back-up purposes.

  • Page 173: Gnu General Public License

    Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Appendix I – License Agreements...
  • Page 174 FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Appendix I – License Agreements...

  • Page 175: Url Content Filtering End-User License Agreement

    TO IMMEDIATELY NOTIFY US OF CHANGES TO ANY PASSWORDS USED WITH THE PRODUCTS TO ENABLE US TO MAINTAIN SUCH CONTINUAL SERVER AND ROOT ACCESS AND THEREFORE CONTINUE TO PROVIDE SUPPORT SERVICES. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) 1. LICENSE AGREEMENT...
  • Page 176 IF YOU DO NOT MEET THIS CRITERION OR YOU DO NOT AGREE TO ANY OF THE TERMS OF THIS AGREEMENT, PLEASE CLICK ON THE “I DON’T ACCEPT” BUTTON BELOW OR USE YOUR BROWSER’S BACK BUTTON TO EXIT THIS PAGE. [I ACCEPT] ACCEPT] Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Appendix I – License Agreements [I DON’T...

  • Page 177: Kaspersky Standard End User License Agreement

    (ii) Support Services will terminate unless renewed annually by payment of the then current annual support charge and by successful completion of the Support Services Subscription Form again. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Appendix I – License Agreements...
  • Page 178 (iii) The liability of Kaspersky Lab for Misrepresentation as to a fundamental matter, including a matter fundamental to the maker's ability to perform its obligations under this Agreement, shall be subject to the limitation of liability set out in paragraph 7(iii). Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Appendix I – License Agreements...

  • Page 179: Appendix J - Waste Electrical And Electronic Equipment Directive (Weee)

    WEEE Directive by banning the presence of specific hazardous substances in the products at the design phase. The WEEE Directive covers all Multi-Tech products being sold into the EU as of August 13, 2005. Manufacturers, distributors and retailers are obliged to finance the costs of recovery from municipal collection points, reuse, and recycling of specified percentages per the WEEE requirements.

  • Page 180: Glossary

    Authentication establishes the integrity of a data stream, ensures that it is not tampered with in transit, and confirms the data stream’s origin. Authentication establishes the legitimacy of users and defines the allowed parameters of the session they establish. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E)
  • Page 181 – The unintended disclosure or discovery of a cryptographic key or secret. – Certificate Revocation List. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) – An IETF standard for authentication using PPP – A protocol defining the online interactions between the end entities...
  • Page 182 – A special LAN on the public network side of a firewall to allow a single WAN router to support both private (VPN) and public access to resources. A DMZ allows a single WAN router to support both private (VPN) and public access to resources. Using a DMZ allows one IP Address (computer) to be exposed to the Internet.
  • Page 183 Windows NT or Windows 2000 you must first access a command-prompt window to use it. You then type the command followed by an email address. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E)
  • Page 184 HTTP browsing File Service IMAP4/SMTP Mail Service Naming Service DNS/LDAP Directory Services Bootp/DHCP Booting Services SNMP Network Administration Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) – The international standards body that has standardized the IP Glossary...
  • Page 185 The message digest serves as a "fingerprint" for data. As such, it is an element of most data security mechanisms (e.g., Digital Signatures, SSL, etc.). The hashing function takes variable-length data as input, performs a function on it, and generates a fixed-length hash value. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E)
  • Page 186 For example, when adding a service from Networks & Services > Services, enter the source (client) port. The entry options are a single port (e.g. 80), a list separated by commas (e.g. 25, 80, 110), or a port range (e.g. 1024:64000). Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E)
  • Page 187 – The technique in which one machine, usually a router, answers ARP requests intended for another machine. By "faking" its identity, the router accepts responsibility for routing packets to the "real" destination. Proxy ARP allows a site to use a single IP address with two physical networks. Subnetting would normally be a better solution.
  • Page 188 – A router is a device that selects intelligent pathways for network packets. Strictly speaking, a gateway is something different than a router, but in connection with TCP/IP, both terms are synonyms. To establish connections throughout world and not just stay within one’s own network, one has to introduce this router (gateway) to one’s computer.
  • Page 189 Other firewall technologies (e.g., packet filters or application layer gateways) alone may not provide the same level of security as with stateful inspection. Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E)
  • Page 190 Glossary Static Route – A directive in a node that tells it to use a certain router or gateway to reach a given IP subnet. The simplest and most common example is the default router/gateway entry entered onto any IP-connected node (i.e., a static route telling the node to go to the Internet router for all subnets outside of the local subnet).

  • Page 191: Index

    Change Status for LAN ...39 Change the country/region code ...89 Change the root password ...47 Check for NULL Sender ...76 Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Index Continuous PING ... 52 Controlling High Disk Usage... 55 Cookie Filter... 68 Country/region code...
  • Page 192 Agreement...177 Lithium Battery Caution ...8 Load Balancing...97 Local Authentication ...56 Local RouteFinder User Authentication ...139 Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Local Users ... 56 Login ... 18 Logo on logon page ... 47 Logout ... 41 MAC address-based filtering ...
  • Page 193 Reverse DNS Test ...76 Routes ...93 Routing table ...128 RSA Key ...105 Rules for Using SMTP Proxy...72 Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) Safe password ... 18 Safety... 8 SAM ... 58 SAM Prerequisite ... 58 Save Settings... 41 Select encryption method ...
  • Page 194 Update Service...103 Updating ...165 Uptime Logs ...128 URL categories...69 URL Categories (Allowed/Filtered)...40 Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) URL Categorization Key ... 49 URL Categorization License Key... 9 URL License Key ... 39 User Authentication ... 56 User Authentication >...

This manual is also suitable for:

Routefinder rf860

Table of Contents