Billion BiGuard 2 User Manual
  1. Manuals
  2. Brands
  3. Billion Manuals
  4. Gateway
  5. BiGuard 2
  6. User manual

Billion BiGuard 2 User Manual

Ibusiness security gateway small-office; ibusiness security gateway home-office
Hide thumbs Also See for BiGuard 2:
Table of Contents

Advertisement

Quick Links

Download this manual
BiGuard 10
iBusiness Security Gateway Small-Office
BiGuard 2
iBusiness Security Gateway Home-Office
User's Manual
Version Release 3.00 (FW:1.03)

Advertisement

Table of Contents
loading

Related Manuals for Billion BiGuard 2

Summary of Contents for Billion BiGuard 2

  • Page 1 BiGuard 10 iBusiness Security Gateway Small-Office BiGuard 2 iBusiness Security Gateway Home-Office User’s Manual Version Release 3.00 (FW:1.03)

  • Page 2: Copyright Information

    Published by Billion Electric Corporation. All rights reserved. Disclaimer Billion does not assume any liability arising out of the application of use of any products or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. Billion reserves the right to make changes in any products described herein without notice.

  • Page 3: Safety Warnings

    • DO NOT use your BiGuard 2/10 and any accessories outdoors. • If you mount your BiGuard 2/10, make sure that no electrical, water or gas pipes will be damaged during installation. • DO NOT install or use your BiGuard 2/10 during a thunderstorm.

  • Page 4: Table Of Contents

    1.3 Package Contents 1.3.1 BiGuard 10 1.3.1.1 Front Panel 1.3.1.2 Rear Panel 1.3.1.3 Rack Mounting 1.3.1.4 Cabling 1.3.2 BiGuard 2 1.3.2.1 Front Panel 1.3.2.2 Rear Panel 1.3.2.3 Cabling Chapter 2: Router Applications 2.1 Overview 2.2 Bandwidth Management with QoS 2.2.1 QoS Technology 2.2.2 QoS Policies for Different Applications...
  • Page 5 Chapter 3: Getting Started 3.1 Overview 3.2 Before You Begin 3.3 Connecting Your Router 3.4 Configuring PCs for TCP/IP Networking 3.4.1 Overview 3.4.2 Windows XP 3.4.2.1 Configuring 3.4.2.2 Verifying Settings 3.4.3 Windows 2000 3.4.3.1 Configuring 3.4.3.2 Verifying Settings 3.4.4 Windows 98 / ME 3.4.4.1 Installing Components 3.4.4.2...
  • Page 6 Chapter 4: Router Configuration 4.1 Overview 4.2 Status 4.2.1 ARP Table 4.2.2 Routing Table 4.2.3 Session Table 4.2.4 DHCP Table 4.2.5 IPSec Status 4.2.6 PPTP Status 4.2.7 System Log 4.2.8 IPSec Log 4.3 Quick Start 4.3.1 DHCP 4.3.2 Static IP 4.3.3 PPPoE 4.3.4 PPTP 4.3.5 Big Pond...
  • Page 7 5.1.2 LEDs Never Turn Off 5.1.3 LAN or Internet Port Not On 5.1.4 Forgot My Password 5.2 LAN Interface 5.2.1 Can’t Access BiGuard 2/10 from the LAN 5.2.2 Can’t Ping Any PC on the LAN 5.2.3 Can’t Access Web Configuration Interface 5.2.3.1 Pop-up Windows 5.2.3.2...
  • Page 8 5.5 Problems with Date and Time 5.6 Restoring Factory Defaults Appendix A: Product Specifications A.1 BiGuard 10 Product Specifications A.2 BiGuard 2 Product Specifications Appendix B: Customer Support Appendix C: FCC Interference Statement Appendix D: Network, Routing, and Firewall Basics D.1 Network Basics...
  • Page 9 Appendix E: Virtual Private Networking E.1 What is a VPN? E.1.1 VPN Applications E.2 What is IPSec? E.2.1 IPSec Security Components E.2.1.1 Authentication Header (AH) E.2.1.2 Encapsulating Security Payload (ESP) E.2.1.3 Security Associations (SA) E.2.2 IPSec Modes E.2.3 Tunnel Mode AH E.2.4 Tunnel Mode ESP E.2.5 Internet Key Exchange (IKE) Appendix F: IPSec Logs and Events...

  • Page 10: Chapter 1: Introduction

    Internet connection. This manual illustrates the many features and functions of BiGuard 2/10, and even takes you through the various ways you can apply this versatile device to your home or office.

  • Page 11: Intelligent Bandwidth Management

    1.2.3 Intelligent Bandwidth Management BiGuard 2/10 utilizes Quality of Service (QoS) to give you full control over the priority of both incoming and outgoing data, ensuring that critical data such as customer information moves through your network, even while under a heavy load.
  • Page 12 Link/ACT: Lit when device is connected. Blinking when data is transmitting/receiving. Lit when connected to an Ethernet device. 1 – 8 10/100M : Lit green when connected at 100Mbps. Not lit when connected at 10Mbps. Link/ACT: Lit when device is connected. Blinking when data is transmitting/receiving.

  • Page 13: Biguard

    LAN link and WAN line LEDs are lit. If they are not, check to see that you are using the proper cabling. 1.3.2 BiGuard 2 BiGuard 2 iBusiness Security Gateway Home-Office Getting Started CD-ROM Quick Start Guide Ethernet (CAT-5 LAN) Cable...

  • Page 14: Front Panel

    1.3.2.1 Front Panel Function POWER A solid light indicates a steady connection to a power source. STATUS A blinking light indicates the device is writing to flash memory. Lit when connected to an Ethernet device. 10/100M : Lit green when connected at 100Mbps. Not lit when connected at 10Mbps.

  • Page 15: Cabling

    One of the most common causes of networking problems is bad cabling. Make sure that all connected devices are turned on. On the front panel of BiGuard 2, verify that the LAN link and WAN line LEDs are lit. If they are not, check to see that you are...

  • Page 16: Chapter 2: Router Applications

    Chapter 2: Router Applications 2.1 Overview Your BiGuard 2/10 Router is a versatile device that can be configured to not only protect your network from malicious attackers, but also ensure optimal usage of available bandwidth with Quality of Service (QoS). Alternatively, BiGuard 2/10 can also be set to handle secure connections with Virtual Private Networking (VPN).

  • Page 17: Qos Policies For Different Applications

    Inbound 2.2.2 QoS Policies for Different Applications By setting different QoS policies according to the applications you are running, you can use BiGuard 2/10 to optimize the bandwidth that is being used on your network. VoIP Normal PCs Restricted PC...

  • Page 18: Guaranteed / Maximum Bandwidth

    2.2.3 Guaranteed / Maximum Bandwidth Setting a Guaranteed Bandwidth ensures that a particular service receives a minimum percentage of bandwidth. For example, you can configure BiGuard 2/10 to reserve 10% of the available bandwidth for a particular computer on the network to transfer files.

  • Page 19: Policy Based Traffic Shaping

    2.2.5 Priority Bandwidth Utilization Assigning priority to a certain service allows BiGuard 2/10 to give either a higher or lower priority to traffic from this particular service. Assigning a higher priority to an application ensures that it is processed ahead of applications with a lower priority...

  • Page 20: Management By Ip Or Mac Address

    2.2.6 Management by IP or MAC address BiGuard 2/10 can also be configured to apply traffic policies based on a particular IP or MAC address. This allows you to quickly assign different traffic policies to a specific computer on the network.

  • Page 21: Diffserv (Dscp Marking)

    As such, it is perfect for connecting branch offices to headquarter across the Internet in a secure fashion. The following section discusses Virtual Private Networking with BiGuard 2/10. 2.3.1 General VPN Setup There are typically three different VPN scenarios. The first is a Gateway to...

  • Page 22: Concentrator

    VPN tunnel. All branch office traffic will be redirected to the VPN tunnel to headquarter with the exception of LAN-side traffic. This way, all branch offices can connect to each other through headquarter via the headquarter’ firewall management. You can also configure BiGuard 2/10 to function as a VPN...
  • Page 23 Local subnet: 0.0.0.0 Remote mask: 0.0.0.0 Local mask: 0.0.0.0 Remote ID Type: Subnet Remote subnet: 192.168.3.0 200.200.200.1 192.168.3.x Remote mask: 255.255.255.0 192.168.2.x BiGuard 2 100.100.100.1 BiGuard 2 BiGuard 2 Local ID Type: Subnet 192.168.4.x Local subnet: 0.0.0.0 201.201.201.1 Local mask: 0.0.0.0...

  • Page 24: Chapter 3: Getting Started

    Linux, Mac OS, and Windows 98/Me/NT/2000/XP operating systems. The following chapter takes you through the very first steps to configuring your network for BiGuard 2/10. Take a look and see how easy it is to get your network up and running. 3.2 Before You Begin BiGuard 2/10 is a flexible and powerful networking device.

  • Page 25: Connecting Your Router

    Connecting BiGuard 2/10 is an easy three-step process: 1. Connect BiGuard 2/10 to your LAN by connecting Ethernet cables from your networked PCs to the LAN ports on the router. Connect BiGuard 2/10 to your broadband Internet connection via router’s WAN port.

  • Page 26: Configuring Pcs For Tcp/Ip Networking

    DHCP server. If using a fixed IP address, it is important to remember that it must be in the same subnet as the router. The default IP address of BiGuard 2/10 is 192.168.1.254 with a subnet mask of 255.255.255.0. Using the default configuration, networked PCs must reside in the same subnet, and have an IP address in the range of 192.168.1.1 to 192.168.1.253.

  • Page 27: Windows Xp

    If you are using Windows 3.1, you must purchase a third-party TCP/IP application package. Any TCP/IP capable workstation can be used to communicate with or through the BiGuard 2/10. To configure other types of workstations, please consult the manufacturer’s documentation. 3.4.2 Windows XP 3.4.2.1 Configuring...
  • Page 28 3. Select Internet Protocol (TCP/IP) and click Properties. 4a. To have your PC obtain an IP address automatically, select the Obtain an IP address automatically and Obtain DNS server address automatically radio buttons.
  • Page 29 4b. To manually assign your PC a fixed IP address, select the Use the following IP address radio button and enter your desired IP address, subnet mask, and default gateway in the blanks provided. Remember that your PC must reside in the same subnet mask as the router.

  • Page 30: Verifying Settings

    1. Click Start > Programs > Accessories > Command Prompt. 2. In the Command Prompt window, type ipconfig and then press ENTER. If you are using BiGuard 2/10’s default settings, your PC should have: - An IP address between 192.168.1.1 and 192.168.1.253...
  • Page 31 To verify your settings using the Windows XP GUI: 1. Click Start > Settings > Network Connections. 2. Right click one of the network connections listed and select Status from the pop-up menu.
  • Page 32 3. Click the Support tab. If you are using BiGuard 2/10’s default settings, your PC should: - Have an IP address between 192.168.1.1 and 192.168.1.253 - Have a subnet mask of 255.255.255.0...

  • Page 33: Windows 2000

    3.4.3 Windows 2000 3.4.3.1 Configuring 1. Select Start > Settings > Control Panel. 2. In the Control Panel window, double-click Network and Dial-up Connections.
  • Page 34 3. In Network and Dial-up Connections, double-click Local Area Connection. 4. In the Local Area Connection window, click Properties.
  • Page 35 5. Select Internet Protocol (TCP/IP) and click Properties. 6a. To have your PC obtain an IP address automatically, select the Obtain an IP address automatically and Obtain DNS server address automatically radio buttons.

  • Page 36: Verifying Settings

    6b. To manually assign your PC a fixed IP address, select the Use the following IP address radio button and enter your desired IP address, subnet mask, and default gateway in the blanks provided. Remember that your PC must reside in the same subnet mask as the router.

  • Page 37: Windows 98 / Me

    2. In the Command Prompt window, type ipconfig and then press ENTER. If you are using BiGuard 2/10’s default settings, your PC should have: - An IP address between 192.168.1.1 and 192.168.1.253 - A subnet mask of 255.255.255.0 3.4.4 Windows 98 / Me 3.4.4.1 Installing Components...
  • Page 38 1. On the Windows taskbar, select Start > Settings > Control Panel. 2. Double-click the Network icon. The Network window displays a list of installed components.
  • Page 39 You must have the following installed: - An Ethernet adapter - TCP/IP protocol - Client for Microsoft Networks If you need to install a new Ethernet adapter, follow these steps: a. Click Add.
  • Page 40 b. Select Adapter, then Add. c. Select the manufacturer and model of your Ethernet adapter, then click OK. If you need TCP/IP: a. Click Add.
  • Page 41 b. Select Protocol, then click Add. c. Select Microsoft. TCP/IP, then OK. If you need Client for Microsoft Networks: a. Click Add.

  • Page 42: Configuring

    b. Select Client, then click Add. c. Select Microsoft. Client for Microsoft Networks, and then click OK. 3. Restart your PC to apply your changes. 3.4.4.2 Configuring 1. Select Start > Settings > Control Panel.
  • Page 43 2. In the Control Panel, double-click Network and choose the Configuration tab.
  • Page 44 3. Select the name of your PC’s TCP/IP Network Interface Card (NIC) and click Properties. TCP/IP > ASUSTeK is illustrated in the example below. 4. Select the IP Address tab and click the Obtain an IP address automatically radio button.
  • Page 45 5. Select the DNS Configuration tab and select the Disable DNS radio button. 6. Click OK to apply the configuration.

  • Page 46: Verifying Settings

    3.4.4.3 Verifying Settings To check the TCP/IP configuration, use the winipcfg.exe utility: 1. Select Start > Run. 2. Type winipcfg, and then click OK.

  • Page 47: Factory Default Settings

    3. From the drop-down box, select your Ethernet adapter. The window is updated to show your settings. Using the default BiGuard 2/10 settings, your PC should have: - An IP address between 192.168.1.1 and 192.168.1.253 - A subnet mask of 255.255.255.0 - A default gateway of 192.168.1.254...

  • Page 48: Username And Password

    The Status LED will remain solid as the device boots. Once the boot sequence is complete, the LED will shut off, indicating that BiGuard 2/10 is ready. 3.5.2 LAN and WAN Port Addresses...

  • Page 49: Information From Your Isp

    If your account uses PPP over Ethernet (PPPoE), you will need to enter your login name and password when configuring your BiGuard 2/10. After the network and firewall are configured, BiGuard 2/10 will login automatically, and you will no longer need to run the login program from your PC.
  • Page 50 Depending on your ISP, a host name and domain suffix may also be provided. If any of these items are dynamically supplied by the ISP, your BiGuard 2/10 will automatically acquire them. If an ISP technician configured your computer or if you configured it using instructions provided by your ISP, you need to copy the configuration information from your PC’s Network TCP/IP Properties window before reconfiguring your...
  • Page 51 3. In the Network Connections window, right-click Local Area Connection and select Properties. 4. Select Internet Protocol (TCP/IP) and click Properties.
  • Page 52 5. If an IP address, subnet mask and a Default gateway are shown, write down the information. If no address is present, your account’s IP address is dynamically assigned. Click the Obtain an IP address automatically radio button. 6. If any DNS server addresses are shown, write them down. Click the Obtain DNS server address automatically radio button.

  • Page 53: Web Configuration Interface

    7. Click OK to save your changes. 3.7 Web Configuration Interface BiGuard 2/10 includes a Web Configuration Interface for easy administration via virtually any browser on your network. To access this interface, open your web browser, enter the IP address of your router, which by default is 192.168.1.254, and click Go.
  • Page 54 If the Web Configuration Interface appears, congratulations! You are now ready to configure your BiGuard 2/10. If you are having trouble accessing the interface, please refer to Chapter 5: Troubleshooting for possible resolutions.

  • Page 55: Chapter 4: Router Configuration

    Chapter 4: Router Configuration 4.1 Overview The Web Configuration Interface makes it easy for you to manage your network via any PC connected to it. On the Web Configuration homepage, you will see the navigation pane located on the left hand side. From it, you will be able to select various options used to configure your router.

  • Page 56: Status

    The following sections will show you how to configure your router using the Web Configuration Interface. 4.2 Status The Status menu displays the various options that have been selected and a number of statistics about your BiGuard 2/10. In this menu, you will find the following sections: - ARP Table - Routing Table...

  • Page 57: Arp Table

    4.2.1 ARP Table The Address Resolution Protocol (ARP) Table shows the mapping of Internet (IP) addresses to Ethernet (MAC) addresses. This is a quick way to determine the MAC address of your PC’s network interface to use with the router’s Firewall – MAC Address Filter function.

  • Page 58: Routing Table

    4.2.2 Routing Table The Routing Table displays the current path for transmitted packets. Both static and dynamic routes are displayed. No.: Number of the list. Destination: The IP address of the destination network. Netmask: The destination netmask address. Gateway/Interface: The IP address of the gateway or existing interface that this route will use.

  • Page 59: Session Table

    4.2.3 Session Table The NAT Session Table displays a list of current sessions for both incoming and outgoing traffic with protocol type, source IP, source port, destination IP and destination port, each page shows 10 sessions. No.: Number of the list. Protocol: Protocol type of the Session.

  • Page 60: Dhcp Table

    4.2.4 DHCP Table The DHCP Table displays a list of IP addresses that have been assigned to PCs on your network via Dynamic Host Configuration Protocol (DHCP). No.: Number of the list. IP Address: A list of IP addresses of devices on your LAN. Device Name: The host name (computer name) of the client.

  • Page 61: Ipsec Status

    4.2.5 IPSec Status The IPSec Status window displays the status of the IPSec Tunnels that are currently configured on your BiGuard 2/10. Name: The name you assigned to the particular IPSec entry. Enable: Whether the IPSec connection is currently Enable or Disable.

  • Page 62: Pptp Status

    4.2.6 PPTP Status The PPTP Status window displays the status of the PPTP Tunnels that are currently configured on your BiGuard 2/10. Name: The name you assigned to the particular PPTP entry. Enable: Whether the PPTP connection is currently Enable or Disable.

  • Page 63: System Log

    4.2.7 System Log This window displays BiGuard 2/10’s System Log entries. Major events are logged on this window. Refresh: Refresh the System Log. Clear Log: Clear the System Log. Send Log: Send the System Log to your email account. You can set the email address in Configuration >...

  • Page 64: Ipsec Log

    4.2.8 IPSec Log This page displays the router’s IPSec Log entries. Major events are logged to this window. Refresh: Refresh the IPSec Log. Clear Log: Clear the IPSec Log. Send Log: Send IPSec Log to your email account. You can set the email address in Configuration >...

  • Page 65: Quick Start

    4.3 Quick Start The Quick Start menu allows you to quickly configure your network for Internet access using the most basic settings. Connection Method: Select your router’s connection to the Internet. Selections include Obtain an IP Address Automatically, Static IP Settings, PPPoE Settings, PPTP Settings, and Big Pond Settings.

  • Page 66: Static Ip

    4.3.2 Static IP IP assigned by your ISP: Enter the assigned IP address from your IP. IP Subnet Mask: Enter your IP subnet mask. ISP Gateway Address: Enter your ISP gateway address. Primary DNS: Enter your primary DNS. Secondary DNS: Enter your secondary DNS. Click Apply to save your changes.

  • Page 67: Pppoe

    4.3.3 PPPoE Username: Enter your user name. Password: Enter your password. Retype Password: Retype your password. Connection: Select whether the connection should Always Connect or Trigger on Demand. If you want the router to establish a PPPoE session when starting up and to automatically re-establish the PPPoE session when disconnected by the ISP, select Always Connect.

  • Page 68: Pptp

    4.3.4 PPTP Username: Enter your user name. Password: Enter your password. Retype Password: Retype your password. PPTP Client IP: Enter the PPTP Client IP provided by your ISP. PPTP Client IP Netmask: Enter the PPTP Client IP Netmask provided by your ISP. PPTP Client IP Gateway: Enter the PPTP Client IP Gateway provided by your ISP.

  • Page 69: Big Pond

    For detailed instructions on configuring WAN settings, please refer to the WAN section of this chapter. 4.4 Configuration The Configuration menu allows you to set many of the operating parameters of the BiGuard 2/10. In this menu, you will find the following sections: - LAN - WAN - Bandwidth Settings...

  • Page 70: Lan

    - VPN - QoS - Virtual Server - Advanced These items are described below in the following sections. 4.4.1 LAN There are two items within this section: Ethernet and DHCP Server.

  • Page 71: Ethernet

    4.4.1.1 Ethernet IP Address: Enter the internal LAN IP address for BiGuard 2/10 (192.168.1.254 by default). Subnet Mask: Enter the subnet mask (255.255.255.0 by default). RIP: RIP v2 Broadcast and RIP v2 Multicast. Check to enable RIP. 4.4.1.2 DHCP Server In this menu, you can disable or enable the Dynamic Host Configuration Protocol (DHCP) server.
  • Page 72 To configure the router’s DHCP Server, select the Enable radio button, and then configure parameters of the DHCP Server including the IP Pool (starting IP address and ending IP address to be allocated to the PCs on your network), DNS Server, WINS Server, and Domain Name.

  • Page 73: Wan

    4.4.2 WAN WAN refers to your Wide Area Network connection. In most cases, this means your router’s connection to the Internet through your ISP. Connection Method: Select how your router will connect to the Internet. Selections include Obtain an IP Address Automatically, Static IP Settings, PPPoE Settings, PPTP Settings, and Big Pond Settings.

  • Page 74: Static Ip

    4.4.2.2 Static IP IP assigned by your ISP: Enter the static IP assigned by your ISP. IP Subnet Mask: Enter the IP subnet mask provided by your ISP. ISP Gateway Address: Enter the ISP gateway address provided by your ISP. MAC Address: If your ISP requires you to input a WAN Ethernet MAC, check the checkbox and enter your MAC address in the blanks below.
  • Page 75 4.4.2.3 PPPoE Username: Enter your user name. Password: Enter your password. Retype Password: Retype your password. Connection: Select whether the connection should Always Connect or Trigger on Demand. If you want the router to establish a PPPoE session when starting up and to automatically re-establish the PPPoE session when disconnected by the ISP, select Always Connect.

  • Page 76: Pptp

    4.4.2.4 PPTP Username: Enter your user name. Password: Enter your password. Retype Password: Retype your password. PPTP Client IP: Enter the PPTP Client IP provided by your ISP. PPTP Client IP Netmask: Enter the PPTP Client IP Netmask provided by your ISP. PPTP Client IP Gateway: Enter the PPTP Client IP Gateway provided by your ISP.

  • Page 77: Big Pond

    and enter your primary and secondary DNS. RIP: To activate RIP, select Send, Receive, or Both from the drop down menu. To disable RIP, select Disable from the drop down menu. MTU: Enter the Maximum Transmission Unit (MTU) for your network. Click Apply to save your changes.

  • Page 78: Bandwidth Settings

    4.4.3 Bandwidth Settings Under Bandwidth Settings, you can easily configure both inbound and outbound bandwidth. WAN: Enter your ISP inbound and outbound bandwidth for WAN. NOTE: These values entered here are referenced by QoS. 4.4.4 System The System menu allows you to adjust a variety of basic router settings, upgrade firmware, set up remote access, and more.

  • Page 79: Time Zone

    4.4.4.1 Time Zone BiGuard 2/10 does not use an onboard real time clock; instead, it uses the Network Time Protocol (NTP) to acquire the current time from an NTP server outside your network. Simply choose your local time zone, enter NTP Server IP Address, and click Apply.

  • Page 80: Firmware Upgrade

    4.4.4.3 Firmware Upgrade Upgrading your BiGuard 2/10’s firmware is a quick and easy way to enjoy increased functionality, better reliability, and ensure trouble-free operation. To upgrade your firmware, simply visit Billion’s website (http://www.billion.com) and download the latest firmware image file for BiGuard 2/10.

  • Page 81: Backup / Restore

    4.4.4.4 Backup / Restore This feature allows you to save and backup your router’s current settings, or restore a previously saved backup. This is useful if you wish to experiment with different settings, knowing that you have a backup handy. It is advisable to backup your router’s settings before making any significant changes to your router’s configuration.

  • Page 82: Restart

    4.4.4.5 Restart The Restart feature allows you to easily restart BiGuard 2/10. To restart with your last saved configuration, select the Current Settings radio button and click Restart. If you wish to restart the router using the factory default settings, select Factory Default Settings and click Restart to reboot BiGuard 2/10 with factory default settings.

  • Page 83: System Log Server

    Click Reset to reset to the default administration password (admin). 4.4.4.7 System Log Server This function allows BiGuard 2/10 to send system logs to an external Syslog Server. Syslog is an industry-standard protocol used to capture information about network activity. To enable this function, select the Enable radio button and enter your Syslog server IP address in the Log Server IP Address field.

  • Page 84: E-Mail Alert

    4.4.4.8 E-mail Alert The Email Alert function allows a log of security-related events (such as System Log and IPSec Log) to be sent to a specified email address. Email Alert: You may enable or disable this function by selecting the appropriate radio button.

  • Page 85: Firewall

    4.4.5 Firewall BiGuard 2/10 includes a full Stateful Packet Inspection (SPI) firewall for controlling Internet access from your LAN, and preventing attacks from hackers. Your router also acts as a "natural" Internet firewall when using Network Address Translation (NAT), as all PCs on your LAN will use private IP addresses that cannot be directly accessed from the Internet.
  • Page 86 The Packet Filter function is used to limit user access to certain sites on the Internet or LAN. The Filter Table displays all current filter rules. If there is an entry in the Filter Table, you can click Edit to modify the setting of this entry, or click Delete to remove this entry, or click Move to change this entry’s priority.
  • Page 87 Destination IP: Select Any, Subnet, IP Range or Single Address. Starting IP Address: Enter the destination IP or starting destination IP address this filter rule is to be applied. End IP Address: Enter the End destination IP Address this filter rule is to be applied. (for IP Range only) Netmask: Enter the subnet mask of the above IP address.
  • Page 88 Keyword Filtering: Click the checkbox to enable this feature. To edit the list of filtered keywords, click Details. Domain Filtering: Click the "enable" checkbox to enable filtering by Domain Name. Click the "Disable all WEB traffic except for trusted domains" check box to allow web access only for trusted domains.
  • Page 89 Enter a domain and selected whether this domain is trusted or forbidden with the pull-down menu. Next, click Apply. Your new domain will be added to either the Trusted Domain or Forbidden Domain listing, depending on which you selected previously. Restrict URL Features: Use this to disable certain web features.

  • Page 90: Lan Mac Filter

    Enter a name for the IP Address and then enter the IP address itself. Click Apply to save your changes. The IP address will be entered into the Exception List, and excluded from the URL filtering rules in effect. 4.4.5.3 LAN MAC Filter...

  • Page 91: Block Wan Request

    LAN Mac Filter can decide that BiGuard will serve those devices at LAN side or not by MAC Address. Default Rule: Forward or Drop all LAN requests. (Forward by default) Create: You can also input a specified MAC Address to be dropped or Forward without depending on the default rule.

  • Page 92: Intrusion Detection

    4.4.5.5 Intrusion Detection Intrusion Detection can prevent most common DoS attacks from the Internet or from LAN users. Intrusion Detection: Enable or disable this function. Intrusion Log: All the detected and dropped attacks will be shown in the system log.

  • Page 93: Vpn

    4.4.6 VPN 4.4.6.1 IPSec IPSec is a set of protocols that enable Virtual Private Networks (VPN). VPN is a way to establish secured communication tunnels to an organization’s network via the Internet. 4.4.6.1.1 IPSec Wizard Connection Name: A user-defined name for the connection. Interface: Select the interface the IPSec tunnel will apply to.
  • Page 94 Connection Type: There are 5 connection types: (1)LAN to LAN: BiGuard would like to establish an IPSec VPN tunnel with remote router using Fixed Internet IP or domain name by using main mode. Secure Gateway Address (or Domain Name): The IP address or hostname of the remote VPN device that is connected and establishes a VPN tunnel.
  • Page 95 (2)LAN to Mobile LAN: BiGuard would like to establish an IPSec VPN tunnel with remote router using Dynamic Internet IP by using aggressive mode. Remote Identifier: The Identifier of remote gateway, all input value type will be auto-defined as IP Address, FQDN(DNS) or FQUN(E-mail). Remote Network: The subnet of the remote network.
  • Page 96 (3)LAN to Host: BiGuard would like to establish an IPSec VPN tunnel with remote client software using Fixed Internet IP or domain name by using main mode. Secure Gateway Address (or Domain Name): The IP address or hostname of the remote VPN device that is connected and establishes a VPN tunnel.
  • Page 97 (4)LAN to Mobile Host: BiGuard would like to establish an IPSec VPN tunnel with remote client software using Dynamic Internet IP by using aggressive mode. Remote Identifier: The Identifier of remote gateway, all input value type will be auto-defined as IP Address, FQDN(DNS) or FQUN(E-mail). Back: Back to the Previous page.
  • Page 98 (5)LAN to Host (for BiGuard VPN Client only): BiGuard would like to establish an IPSec VPN tunnel with BiGuard VPN Client software C01 by using aggressive mode. VPN Client IP Address: The VPN Client Address for BiGuard VPN Client, this value will be apply on both remote ID and remote Network as single address.

  • Page 99: Ipsec Policy

    4.4.6.1.2 IPSec Policy Click Create to create a new IPSec VPN connection account. Configuring a New VPN Connection...
  • Page 100 Connection Name: A user-defined name for the connection. Tunnel: Select Enable to activate this tunnel. Select Disable to deactivate this tunnel. Local: This section configures the local host. ID: This is the identity type of the local router or host. Choose from the following four options: WAN IP Address: Automatically use the current WAN Address as ID IP Address: Use an IP address format.
  • Page 101 Data: Enter the ID data using the specific ID type. Network: Set the subnet, IP Range, single address, or gateway address of the remote network. Subnet: The subnet of the remote network. Selecting this option allows you to enter an IP address and netmask. IP Range: The IP Range of the remote network.
  • Page 102 public-key cryptography to change encryption keys during the second phase of VPN negotiation. This function will provide better security, but extends the VPN negotiation time. Diffie-Hellman is a public-key cryptography protocol that allows two parties to establish a shared secret over the Internet. Pre-shared Key: This is for the Internet Key Exchange (IKE) protocol.

  • Page 103: Pptp

    Remote Subnet: Displays IP address and subnet of the remote network. Remote Gateway: This is the IP address or Domain Name of the remote VPN device that is connected and has an established IPSec tunnel. IPSec Proposal: This is the selected IPSec security method. For examples on how to apply IPSec to your network, see Appendix F: IPSec Logs and Events.

  • Page 104: Qos

    PPTP Tunnel, please select Enable or Disable. 4.4.7 QoS BiGuard 2/10 can optimize your bandwidth by assigning priority to both inbound and outbound data with QoS. This menu allows you to configure QoS for both inbound and outbound traffic.
  • Page 105 To get started using QoS, you will need to establish QoS rules. These rules tell the BiGuard 2/10 how to handle both incoming and outgoing traffic. The following example shows you how to configure WAN Outbound QoS. Configuring the other traffic types follows the same process.
  • Page 106 Next, click Create to open the QoS Rule Configuration window. Application: User defined application name for the current rule. Packet Type: The type of packet this rule applies to. Choose from Any, TCP, UDP, or ICMP. Guaranteed: The guaranteed amount of bandwidth for this rule as a percentage. Maximum: The maximum amount of bandwidth for this rule as a percentage.
  • Page 107 Priority: The priority assigned to this service. Select a value from 0 to 6, 0 being highest. DSCP Marking: Used to classify traffic. Select from Best Effort, Premium, Gold Service (High Medium, Low), Silver (H,M,L), and Bronze (H,M,L). Address Type: The type of address this rule applies to. Select IP Address or MAC Address.

  • Page 108: Virtual Server

    PCs. Please see the WAN Configuration section of this manual for more information on NAT. BiGuard 2/10 can also be configured as a virtual server so that remote users accessing services such as Web or FTP services via the public (WAN) IP address can be automatically redirected to local servers in the LAN network.

  • Page 109: Port Forwarding

    does not use a port number used by any other Virtual Server entries. Caution: Such Local computer exposure to the Internet may face a variety of security risks. Enable DMZ function: Enable: Activates your router’s DMZ function. Disable: Default setting. Disables the DMZ function. DMZ IP Address: Give a static IP address to the DMZ Host when the Enable radio button is selected.
  • Page 110 When your router needs to allow outside users to access internal servers, e.g. a web server, FTP server, Email server or game server, the router can act as a "virtual server". You can set up a local server with a specific port number for the service to use, e.g.
  • Page 111 Application: User defined application name for the current rule. Helper: You could also select the application type you would like to apply for automatic input. Protocol type: please select protocol type External Port: Enter the port number of the service that will be sent to the Internal IP address.

  • Page 112: Advanced

    4.4.9 Advanced Configuration options within the Advanced section are for users who wish to take advantage of the more advanced features of BiGuard 2/10. Users who do not understand the features should not attempt to reconfigure their router, unless advised to do so by support staff.

  • Page 113: Dynamic Dns

    Rule: Select Enable to activate this rule, Disable to deactivate this rule. Destination: This is the destination subnet IP address. Netmask: This is the subnet mask of the destination IP addresses based on above destination subnet IP. Gateway: This is the gateway IP address to which packets are to be forwarded. Interface: Select the interface through which packets are to be forwarded.
  • Page 114 You will first need to register and establish an account with the Dynamic DNS provider using their website, Example: DYNDNS http://www.dyndns.org/ (BiGuard 2/10 supports several Dynamic DNS providers , such as www.zoneedit.com www.orgdns.org www.dhs.org www.dyns.cx www.3domain.hk www.dyndns.org www.3322.org Dynamic DNS: Disable: Check to disable the Dynamic DNS function.

  • Page 115: Device Management

    4.4.9.3 Device Management The Device Management Advanced Configuration settings allow you to control your router’s security options and device monitoring features. Device Name Name: Enter a name for this device. Web Server Settings HTTP Port: This is the port number the router’s embedded web server (for web-based configuration) will use.

  • Page 116: Save Configuration To Flash

    SNMP V1 and V2 Read Community: Input the string for Read community to match your SNMP software. Write Community: Input the string for Write community to match your SNMP software. Trap Community: Input the string for Trap community to match your SNMP software. IP Address: Input the device IP address with SNMP software installed.
  • Page 117 Be aware that the router is restricted to only one PC accessing the web configuration interface at a time. Once a PC has logged into the web interface, other PCs cannot gain access until the current PC has logged out. If the previous PC forgets to logout, the second PC can access the page after a user-defined period (5 minutes by default).

  • Page 118: Basic Functionality

    This section deals with issues regarding your BiGuard 2/10’s basic functions. 5.1.1 Router Won’t Turn On If the Power and other LEDs fail to light when your BiGuard 2/10 is turned on: - Make sure that the power cord is properly connected to your firewall and that the power supply adapter is properly connected to a functioning power outlet.

  • Page 119: Forgot My Password

    Please note that both the User Name and Password are case-sensitive. If this fails, you can restore your BiGuard 2/10 to its factory default settings by holding the Reset button on the back of your router until the Status LED begins to blink.

  • Page 120: Can't Access Web Configuration Interface

    - Check the 10/100 LAN LEDs on BiGuard 2/10’s front panel. One of these LEDs should be on. If they are both off, check the cables between BiGuard 2/10 and the hub or PC. - Check the corresponding LAN LEDs on your PC’s Ethernet device are on.
  • Page 121 3. Make sure that the Delete All Offline Content checkbox is checked, and click 4. Click OK under Internet Options to close the dialogue. - In Windows, type arp –d at the command prompt to clear you computer’s ARP table.

  • Page 122: Pop-Up Windows

    To use the Web Configuration Interface, you need to disable pop-up blocking. You can either disable pop-up blocking, which is enabled by default in Windows XP Service Pack 2, or create an exception for your BiGuard 2/10’s IP address. Disabling All Pop-ups In Internet Explorer, select Tools >...

  • Page 123: Java Permissions

    3. Under Scripting, check to see if Active scripting is set to Enable. 4. Ensure that Scripting of Java applets is set to Enable. 5. Click OK to close the dialogue. 5.2.3.3 Java Permissions The following Java Permissions should also be given for the Web Configuration Interface to display properly: 1.

  • Page 124: Wan Interface

    BiGuard 2/10’s system name. 5.4 ISP Connection Unless you have been assigned a static IP address by your ISP, your BiGuard 2/10 will need to request an IP address from the ISP in order to access the Internet. If your BiGuard 2/10 is unable to access the Internet, first determine if your router is able to obtain a WAN IP address from the ISP.
  • Page 125 If an IP address cannot be obtained: 1. Turn off the power to your cable or DSL modem. 2. Turn off the power to your BiGuard 2/10. 3. Wait five minutes and power on your cable or DSL modem. 4. When the modem has finished synchronizing with the ISP (generally shown by LEDs on the modem), turn on the power to your router.

  • Page 126: Problems With Date And Time

    Configuration > System > Time Zone. 5.6 Restoring Factory Defaults You can restore your BiGuard 2/10 to its factory settings by holding the Reset button on the back of your router until the Status LED begins to blink. This will reset your...

  • Page 127: Appendix A: Product Specifications

    Appendix A: Product Specifications A.1 BiGuard 10 Product Specifications Virtual Private Network - IPSec VPN, supports up to 10 IPSec tunnels - IPSec VPN performance is up to 20 Mbps - PPTP VPN, support up to 4 PPTP tunnels - PPTP VPN performance is up to 10 Mbps - Manual key, Internet Key Exchange (IKE) authentication and Key Management - Authentication (MD5 / SHA-1) - DES/3DES encryption...

  • Page 128: Physical Interface

    Quality of Service Control - Supports DiffServ approach - Traffic prioritization and bandwidth management based-on IP protocol, port number and IP or MAC address Web-Based Management - Easy-to-use WEB interface - Firmware upgradeable via WEB interface - Local and remote management via HTTP & HTTPS Network Protocols and Features - Web Diagnostics - System Logs...

  • Page 129: Biguard 2 Product Specifications

    A.2 BiGuard 2 Product Specifications Virtual Private Network - IPSec VPN, supports up to 2 IPSec tunnels - IPSec VPN performance is up to 4 Mbps - PPTP VPN, support up to 4 PPTP tunnels - PPTP VPN performance is up to 10 Mbps...
  • Page 130 Content Filtering - URL Filter settings prevent user access to certain sites on the Internet - Java Applet/Active X/Cookie Blocking Quality of Service Control - Supports DiffServ approach - Traffic prioritization and bandwidth management based-on IP protocol, port number and IP or MAC address Web-Based Management - Easy-to-use WEB interface - Firmware upgradeable via WEB interface...

  • Page 131: Appendix B: Customer Support

    Appendix B: Customer Support Most problems can be solved by referring to the Troubleshooting section in the User’s Manual. If you cannot resolve the problem with the Troubleshooting chapter, please contact the dealer where you purchased this product. Contact Billion Worldwide http://www.billion.com/...

  • Page 132: Appendix C: Fcc Interference Statement

    Appendix C: FCC Interference Statement This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: - This device may not cause harmful interference. - This device must accept any interference received, including interference that may cause undesired operations.

  • Page 133: Appendix D: Network, Routing, And Firewall Basics

    Appendix D: Network, Routing, and Firewall Basics D.1 Network Basics D.1.1 IP Addresses With the number of TCP/IP networks interconnected across the globe, ensuring that transmitted data reaches the correct destination requires each computer on the Internet has a unique identifier. This identifier is known as the IP address. The Internet Protocol (IP) uses a 32-bit address structure, and the address is usually written in dot notation.

  • Page 134: Subnet Addressing

    192.168.234.245/24, which means that the net mask is 24 ones followed by 8 zeros. (11111111 11111111 11111111 00000000). D.1.1.2 Subnet Addressing Subnet addressing enables the split of one IP network address into multiple physical networks. These smaller networks are called subnetworks, and these subnetworks can make efficient use of each address when compared to needing a different network number at each end of a routed link.

  • Page 135: Network Address Translation (Nat)

    If a particular PC on your LAN requires access from outside PCs, you can use port forwarding to accomplish this. For information on how to configure port forwarding on BiGuard 2/10, refer to the Virtual Server section of Chapter 4: Router Configuration.

  • Page 136: Why Use A Router

    Routers can vary in performance and scale, the types of physical WAN connection they support, and the number of routing protocols supported. BiGuard 2/10 offers a convenient and powerful way for small-to-medium businesses to connect their networks.

  • Page 137: Stateful Packet Inspection

    Internet. Still, there are ways for more dedicated hackers to either obtain information about your network or disrupt your network’s Internet access. Your BiGuard 2/10 provides an extra level of protection from such attacks with its built-in firewall.

  • Page 138: Appendix E: Virtual Private Networking

    Appendix E: Virtual Private Networking E.1 What is a VPN? A Virtual Private Network (VPN) is a shared network where private data is segmented from other traffic so that only the intended recipient has access. It allows organizations to securely transmit data over a public medium like the Internet.

  • Page 139: Ipsec Security Components

    data authentication, integrity, and confidentiality as data is transferred across IP networks. IPSec provides data security at the IP packet level, and protects against possible security risks by protecting data. IPSec is widely used to establish VPNs. There are three major functions of IPSec: - Confidentiality: Conceals data through encryption.

  • Page 140: Encapsulating Security Payload (Esp)

    A typical AH packet looks like this: Next Payload Reserved Header Length Sequence Number Authentication Data E.2.1.2 Encapsulating Security Payload (ESP) Encapsulating Security Payload (ESP) provides privacy for data through encryption. An encryption algorithm combines the data with a key to encrypt it. It then repackages the data using a special format, and transmits it to the destination.

  • Page 141: Security Associations (Sa)

    E.2.1.3 Security Associations (SA) Security Associations are a one-way relationships between sender and receiver that specify IPSec-related parameters. They provide data protection by using the defined IPSec protocols, and allow organizations to control according to the security policy in effect, which resources may communicate securely. SA is identified by 3 parameters: - Security Parameters Index (SPI), a locally unique value - Destination IP Address...

  • Page 142: Tunnel Mode Ah

    Transport Mode : - This mode is used to provide data security between two networks. It provides protection for the entire IP packet and is sent by adding an outer IP header corresponding to the two tunnel end-points. Since tunnel mode hides the original IP header, it provides security of the networks with private IP address space.

  • Page 143: Internet Key Exchange (Ike)

    E.2.5 Internet Key Exchange (IKE) Before either AH or ESP can be used, it is necessary for the two communication devices to exchange a secret key that the security protocols themselves will use. To do this, IPSec uses Internet Key Exchange (IKE) as a primary support protocol. IKE facilitates and automates the SA setup, and exchanges keys between parties transferring data.

  • Page 144: Appendix F: Ipsec Logs And Events

    Appendix F: IPSec Logs and Events F.1 IPSec Log Event Categories There are three major categories of IPSec Log Events for your BiGuard 2/10. These include: 1. IKE Negotiate Packet Messages 2. Rejected IKE Messages 3. IKE Negotiated Status Messages The table in the following section lists the different events of each category, and provides a detailed explanation of each.
  • Page 145 Send Main mode second response Sending the main mode second response message. Done to exchange key message of ISAKMP values. Received Main mode second Received the main mode second response message. Done to exchange response message of ISAKMP key values. Send Main mode third message of Sending the third message of main mode.
  • Page 146 Received Quick mode first Received the first response message of quick mode (Phase II). Done to response message exchange proposal and key values (IPSec). Send Quick mode second message Sending the second message of quick mode (Phase II). Received Quick mode second Received the second message of quick mode (Phase II).
  • Page 147 (Main/Aggressive) mode peer ID is (identifier string) ISAKMP SA Established IPsec SA Established...

  • Page 148: Appendix G: Bandwidth Management With Qos

    Internet. When too many are accessing the Internet at the same time, service can slow to a crawl, causing service interruptions and general frustration. Quality of Service (QoS) is one of the ways BiGuard 2/10 can optimize the use of bandwidth, ensuring a smooth and responsive Internet connection for all users.

  • Page 149: Who Needs Qos

    -Prioritization: Assigns different priority levels for different applications, prioritizing traffic. High, Normal and Low priority settings. -Outbound and Inbound IP Throttling: Controls network traffic and allows you to limit the speed of each application. -DiffServ Technology: Manages priority queues and DSCP tagging through the Internet backbone.

  • Page 150: Office Users

    broadband connection. Application Data Ratio (%) Priority On-line games High Skype High Email High Upload (High), Download (Normal) Other G.4.2 Office Users QoS is also ideal for small businesses using an office server as a web server. With QoS control, web pages served to your customers can be given top priority and delivered first so that it will not be impeded by email and office web browsing.
  • Page 151 Upload (High), Download (Normal) Other MP3 (Low), MSN (Normal)

  • Page 152: Appendix H: Router Setup Examples

    Appendix H: Router Setup Examples H.1 VPN Configuration This section outlines some concrete examples on how you can configure BiGuard 2/10 for your VPN. H.1.1 LAN to LAN Branch Office Head Office Local IP Address IP Address Data 69.121.1.30 69.121.1.3 Network Any Local Address Any Local Address...

  • Page 153: Host To Lan

    IP Address IP Address Data 69.121.1.3 69.121.1.30 Network Subnet Subnet IP Address 192.168.1.0 192.168.0.0 Netmask 255.255.255.0 255.255.255.0 Proposal IKE Pre-shared Key 12345678 12345678 Security Algorithm Main Mode; Main ESP: 3DES 3DES H.1.2 Host to LAN...
  • Page 154 Single client Head Office Local IP Address IP Address Data 69.121.1.30 69.121.1.3 Network Any Local Address Any Local Address IP Address 0.0.0.0 192.168.1.0 Netmask 0.0.0.0 255.255.255.0 Remote Secure Gateway Address(or 69.121.1.3 69.121.1.30 Hostname) IP Address IP Address Data 69.121.1.3 69.121.1.30 Network Subnet Single Address...

  • Page 155: Vpn Concentrator

    Local subnet: 192.168.4.0 Remote subnet: 192.168.4.0 Local mask: 255.255.255.0 Remote mask: 255.255.255.0 Remote ID Type: Subnet Remote subnet: 0.0.0.0 Remote mask: 0.0.0.0 Step 1: Go to Configuration > IPSec and configure the link from BiGuard 2/10 Headquarter to BiGuard 2/10 Branch A.
  • Page 156 Step 2: Go to Configuration > IPSec and configure the link from BiGuard 2/10 Headquarter to BiGuard 2/10 Branch B. Step 3: Go to Configuration > IPSec and configure the connection from BiGuard 2/10 Branch A to BiGuard 2/10 Headquarter.

  • Page 157: Intrusion Detection

    Step 4: Go to Configuration > IPSec and configure the connection from the BiGuard 2/10 Branch B to BiGuard 2/10 Headquarter. Step 5: Click Save Config to save all changes to flash memory. H.3 Intrusion Detection Hacker BiGuard Safe!! DoS Attack...

  • Page 158: Pptp Remote Access By Windows Xp

    Step 1: Go to Configuration > Firewall > Intrusion Detection and Enable the settings. Step 2: Click Apply and then Save Config to save all changes to flash memory. H.4 PPTP Remote Access by Windows XP Internet Internet Business Trip Windows XP Headquarter 100.100.100.1...
  • Page 159 Step1: Go to Configuration > VPN > PPTP and Enable the PPTP function, Click Apply. Step2: Click Create to create a PPTP Account.
  • Page 160 Step3: Click Apply, you can see the account is successfully created. Step4: Click Save Config to save all changes to flash memory. Step5: In Windows XP, go Start > Settings > Network Connections.
  • Page 161 Step6: In Network Tasks, Click Create a new connection, and press Next. Step7: Select Connect to the network at my workplace and press Next.
  • Page 162 Step8: Select Virtual Private Network connection and press Next. Step9: Input the user-defined name for this connection and press Next.
  • Page 163 Step10: Input PPTP Server Address and press Next. Step11: Please press Finish.
  • Page 164 Step12: Double click the connection, and input Username and Password that defined in BiGuard PPTP Account Settings. PS. You can also refer the Properties > Security page as below, by default.

  • Page 165: Pptp Remote Access By Biguard

    H.5 PPTP Remote Access by BiGuard Internet Internet Branch Office Headquarter 100.100.100.1 200.200.200.1 Internet Internet BiGuard &PPTP Server PPTP Tunnel Local subnet: 192.168.30.0 Local mask: 255.255.255.0 BiGuard &PPTP Client Step1: Go to Configuration > VPN > PPTP and Enable the PPTP function, Disable the Encryption, then Click Apply.
  • Page 166 Step3: Click Apply, you can see the account is successfully created. Step4: Click Save Config to save all changes to flash memory.
  • Page 167 Step5: In another BiGuard as Client, Go to Configuration > WAN. Step6: Click Apply, and Save CONFIG.

This manual is also suitable for:

Biguard 10

Table of Contents