1. Manuals
  2. Brands
  3. AirLive Manuals
  4. Gateway
  5. RS-2500
  6. User manual

AirLive RS-2500 User Manual

Dual wan security vpn gateway
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
RS-2500
Dual WAN Security VPN
Gateway
User's Manual

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the RS-2500 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for AirLive RS-2500

Summary of Contents for AirLive RS-2500

  • Page 1 RS-2500 Dual WAN Security VPN Gateway User’s Manual...
  • Page 2 OvisLink Corp. has made the best effort to ensure the accuracy of the information in this user’s guide. However, we are not liable for the inaccuracies or errors in this guide. Please use with caution. All information is subject to change without notice. All Trademarks are properties of their respective holders. AirLive RS-2500 User’s Manual...

  • Page 3: Table Of Contents

    1.3 Firmware Upgrade and Tech Support ..........4 1.4 Features....................5 2. Installing the RS-2500................6 2.1 Before You Start ...................6 2.2 Package Content .................6 2.3 Knowing your RS-2500 ................7 2.4 Hardware Installation ................7 2.5 LED Table ....................8 2.6 Restore Settings to Default ..............8 3. Configuring the RS-2500 ................9 3.1 Important Information................9...
  • Page 4 9.2 Custom ....................55 9.3 Group....................58 10. Schedule ....................60 11. QoS......................62 12. Authentication ..................68 12.1 Auth Setting ..................68 12.2 Auth User ..................71 13. Content Blocking ...................75 13.1 URL....................75 13.2 Script....................77 13.3 Download..................79 13.4 Upload .....................81 14. Application Blocking ................83 AirLive RS-2500 User’s Manual...
  • Page 5 19.5 Configuration Example (5) - QoS, Virtual Server, MAX. Concurrent Sessions ....................169 20. Web VPN / SSL VPN................171 20.1 Setting....................171 20.2 Hardware Auth ................174 20.3 Status.....................175 20.4 Configuration Example..............176 21. Anomaly Flow IP ..................184 22. Monitor....................190 AirLive RS-2500 User’s Manual...
  • Page 6 22.4 Diagnostic ..................216 22.5 Wake On Lan .................220 22.6 Status.....................221 23. Frequent Asked Questions ..............225 24. Specifications..................229 24.1 Hardware Features ................229 25. Network Glossary ................234 25.1 Interface..................234 25.2 System...................235 25.3 VPN ....................238 25.4 Anomaly Flow IP ................240 AirLive RS-2500 User’s Manual...

  • Page 7: Introduction

    Introduction 1.1 Overview The RS-2500 is powered by a powerful IXP425 533 MHz RISC processor, and increased of memory capacity in order to make the performance better. Furthermore, it also provides Web VPN/ SSL VPN Sever function, so remote users can easily connect to IPSec server by using IE browser and access LAN resource.
  • Page 8  Chapter 6 Configure:  6.1 Setting: You can backup or restore RS-2500 config file, reset device to default setting, define the mail address for notification, change the port number of web management, change MTU value, enable RIP, SIP pass-through function, and else.
  • Page 9  Chapter 18 Policy: It is recommended to read this chapter, because it is the most important setting for RS-2500. No matter how you configure QoS, VPN, or else function, you have to enable them at Policy setting. ...

  • Page 10: Firmware Upgrade And Tech Support

    FAQ are frequently updated with latest information. In addition, you might find new firmware that either increase software functions or provide bug fixes for RS-2500. You can reach our on-line support center at the following link: http://www.airlive.com/support/support_2.jsp Since 2009, AirLive has added the “Newsletter Instant Support System” on our website.

  • Page 11: Features

     Dual WAN Load Balance and Fail-over  Multiple Subnet  Custom Service Definition for IP, TCP, UDP  Detect and block the anomaly flow IP  Policy based Firewall  DMZ Transparent  Schedule  Static Route, RIPv2  Web Management irLive RS-2500 User’s Manual...

  • Page 12: Installing The Rs-2500

    The RS-2500 comes with everything you need to start installation. You can use CAT-5 Ethernet cable according to the length you need.  The RS-2500 must be installed with 5V adapter. Please do not use the other voltage of adapter. ...

  • Page 13: Knowing Your Rs-2500

    RS-2500 LAN port electric 3. Wait for RS-2500 Status LED to stop 4. PC should get the IP address from RS-2500 blinking the light DHCP server, and now you can login to RS-2500 and configure the setting.

  • Page 14: Led Table

    If you have forgotten your RS-2500’s IP address or password, you can restore your RS-2500 to the default settings by pressing on the “reset button” for more than 10 seconds. You can find the reset button at back panel. Please see diagram below for details.

  • Page 15: Configuring The Rs-2500

    The default password is: airlive  After power on, please wait for 2 minutes for RS-2500 to finish boot up 3.2 Prepare your PC The default IP address of this product is 192.168.1.1, and the default subnet mask is 255.255.255.0. These addresses can be changed on your need, but the default values are used in this manual.

  • Page 16: Management Interface

    3.3 Management Interface The RS-2500 can be configured using one the management interfaces below:  Web Management (HTTP): You can manage your RS-2500 by simply typing its IP address in the web browser. We recommend using this interface for initial configurations.
  • Page 17 The only difference is HTTPS are encrypted for extra security. Therefore, we will discuss them together as “Web Management” on this guide. If you are placing the RS-2500 behind router or firewall, you might need to open virtual server ports to RS-2500 on your firewall/router ...
  • Page 18 Secured Web Management (HTTPS) To get into the Secured Web Management, just type “https://192.168.1.1” into the web browser’s address field. The “192.168.1.1” is RS-2500’s default IP address. If the IP address is changed, the address entered in the browser should change also.
  • Page 19 3. Configuring the RS-2500 Click on “Add Exception” Click on “Get Certificate”. Then, please enter RS-2500’s IP address. Finally, please click on “Confirm Security Exception.” AirLive RS-2500 User’s Manual...

  • Page 20: Initial Configurations

    3. Configuring the RS-2500 3.5 Initial Configurations We recommend users to browse through RS-2500’s web management interface to get an overall picture of the functions and interface. Below are the recommended initial configurations for first time login: STEP 1: Connect the Admin’s PC and the LAN port of the Security VPN Gateway.
  • Page 21 3. Configuring the RS-2500 STEP 3: Click on the Policy tab from the main function menu, and then click on Outgoing from the sub-function list. STEP 4: Click on New Entry button. STEP 5: When the New Entry option appears, enter the following configuration: Source Address –...
  • Page 22 3. Configuring the RS-2500 STEP 6: The configuration is successful when the screen below is displayed. Make sure that all the computers that are connected to the LAN port have their Default Gateway IP Address set to the Security VPN Gateway’s LAN IP Address (i.e. 192.168.1.1). At this point, all the computers on the LAN network should gain access to the Internet immediately.

  • Page 23: Web Management

    Policy Object, Policy, Web VPN / SSL VPN, Anomaly IP Flow, and Monitor. Each subject includes several sub-object settings, and each sub-object also includes several functions for user’s configuration. RS-2500 was designed as the policy based firewall, it means user should configure Policy Object setting, and enable the function at Policy. Main Subject...

  • Page 24: Remote Web Management

    You must configure Policy setting to enable the Policy Object settings. Please refer to chapter 18.  Web VPN / SSL VPN: RS-2500 provides Web VPN / SSL VPN function to allow remote user connecting and accessing to router’s LAN resource. Please refer to chapter 20.

  • Page 25: Administration

    “System” is the managing of settings such as the privileges of packets that pass through the RS-2500 and monitoring controls. The System Administrators can manage, monitor, and configure RS-2500 settings. But all configurations are “read-only” for all users other than the System Administrator; those users are not able to change any setting of the RS-2500.
  • Page 26 The Modify Administrator Password WebUI will appear. Enter the following STEP 2 information: Password: admin  New Password: 52364  Confirm Password: 52364 (Figure 5-2)  ﹒ Click OK to confirm password change. STEP 3 Figure 5-2 Modify Admin Password AirLive RS-2500 User’s Manual...

  • Page 27: Permitted Ip

    HTTP, and HTTPS selection in LAN, WAN, or DMZ Interface setting. Before canceling the WebUI selection of Interface, user must set up the Permitted IPs first, otherwise, it would cause the situation that user cannot enter WebUI by appointed Interface. AirLive RS-2500 User’s Manual...

  • Page 28: Software Update

    To obtain the version number from Version Number and obtain the latest  version from Internet. And save the latest version in the hardware of the PC, which manage the RS-2500 Click Browse and choose the latest software version file. ...

  • Page 29: Configure

    6. Configure Configure The Configure is according to the basic setting of the RS-2500. In this chapter the definition is Setting, Date/Time, Multiple Subnet, Route Table, DHCP, Dynamic DNS, Hosts Table, and Language settings. 6.1 Setting  System Settings- Exporting ﹒...
  • Page 30 ﹒ STEP 1 Setting from Client. When the Choose File pop-up window appears, select the file to which contains the saved RS-2500 Settings, then click OK. (Figure 6-2) ﹒ Click OK to import the file into the RS-2500 (Figure 6-3)
  • Page 31 Select Enable E-mail Alert Notification under E-mail Settings. This function will enable the RS-2500 to send e-mail alerts to the System Administrator when the network is being attacked by hackers or when emergency conditions occur. (It can be set from Anomaly Flow IP Setting to detect Hacker Attacks) ...
  • Page 32 By this function can set the transmission speed and mode of WAN Port when connecting other device.  Dynamic Routing (RIPv2) Select to enable the function of AirLive RS-2500 LAN, WAN1, WAN2 or DMZ Port to send/receive RIPv2 packets, and communication between Internal Router or External Router, to update Dynamic Routing.
  • Page 33 6. Configure  SIP protocol pass-through Select to enable the function of RS-2500 of passing SIP protocol. It is also possible that the SIP protocol can pass through RS-2500 without enabling this function depends on the SIP device’s type you have.

  • Page 34: Date/Time

    6. Configure 6.2 Date/Time  Synchronize system clock The administrator can configure the RS-2500’s date and time by either syncing to an Internet Network Time Server (NTP) or by syncing to your computer’s clock. ﹒ Select Enable synchronize with an Internet time Server (Figure 6-7) STEP 1 ﹒...

  • Page 35: Multiple Subnet

    The Multiple Subnet IP address range setting   Configuration Example RS-2500 WAN1 (10.10.10.1) connect to the ISP Router (10.10.10.2) and the subnet that provided by ISP is 162.172.50.0/24 To connect to Internet, WAN2 IP (211.22.22.22) connects with ATUR.  Adding Multiple Subnet...

  • Page 36: Multiple Subnet

    Routing mode, then it cannot access to Internet by its virtual IP) 162.172.50.xx, it uses Routing mode through WAN1 (The Internet Server can see your IP 162.172.50.xx directly). And uses NAT mode through WAN2 (The Internet Server can see your IP as WAN2 IP) AirLive RS-2500 User’s Manual...
  • Page 37 It is the same as NAT mode approximately but does not have to correspond to the real WAN IP address, which let internal PC to access to Internet by its own IP. (External user also can use the IP to connect with the Internet) AirLive RS-2500 User’s Manual...

  • Page 38: Route Table

    6. Configure 6.4 Route Table Route Table works to connect RS-2500 with another router, and make those users with different IP subnet can access Internet at the same time. (Figure 6-10, 11) Figure 6-10 Route Table UI Figure 6-11 Route Table UI ...

  • Page 39: Dhcp

    DMZ Interface: the same as LAN Interface. (DMZ works only if to enable DMZ  Interface) Leased Time: Enter the leased time for Dynamic IP. The default time is 24 hours.  Click OK and DHCP setting is completed. (Figure 6-12)  AirLive RS-2500 User’s Manual...
  • Page 40 When selecting Automatically Get DNS, the DNS Server will be locked as LAN Interface IP. (Using Occasion: When the system Administrator starts Authentication, the users’ first DNS Server must be the same as LAN Interface IP in order to enter Authentication WebUI) AirLive RS-2500 User’s Manual...

  • Page 41: Dynamic Dns

    Sign up then can enter the website of the provider. If you do not select Automatically in WAN IP and then you can enter a specific IP in WAN IP. DDNS corresponds to that specific IP address. AirLive RS-2500 User’s Manual...

  • Page 42: Host Table

     Figure 6-15 Add New Host Table To use Host Table, the user PC’s first DNS Server must be the same as the LAN Port or DMZ Port IP of RS-2500. That is, the default gateway. 6.8 Language Select the Language version (English Version/ Traditional Chinese Version or Simplified Chinese Version) and click OK.

  • Page 43: Interface

    LAN: Using the LAN Interface, the Administrator can set up the LAN network of  RS-2500 WAN: The System Administrator can set up the WAN network of RS-2500.  Connection Test: The function works to identify WAN port’s connection ...
  • Page 44  Ping: Select this function to allow the LAN users to ping the Interface IP Address.  HTTP: Select to enable the user to enter the WebUI of RS-2500 from Interface IP.  HTTPS: Select to enable the user to enter the secure WebUI of RS-2500 from Interface ...

  • Page 45: Lan

    System to make the new IP address effective. (when the computer obtain IP by DHCP) Do not cancel WebUI selection before not setting Permitted IPs yet, because the Administrator cannot be allowed to enter the RS-2500 WebUI from LAN. AirLive RS-2500 User’s Manual...

  • Page 46: Wan

    Figure 7-3 ICMP Connection Figure 7-4 DNS Service Connection test is used for RS-2500 to detect if the WAN can connect or not. So the Alive Indicator Site IP, DNS Server IP Address, or Domain Name must be able to use permanently. Or it will cause judgmental mistakes of the device.
  • Page 47 6. Enter the value on the setting of “Auto Disconnect if idle for □ minutes (Range: 1-99999, 0 means always connected)”, the default value is 0 (Always connected). 7. Select Ping, HTTP and HTTPS, and click OK (Figure 7-6) Figure 7-5 PPPoE Connection AirLive RS-2500 User’s Manual...
  • Page 48 Authentication way of DHCP + protocol Enter Max. Downstream Bandwidth and Max. Upstream Bandwidth (According to the flow applied by user) Select Ping, HTTP and HTTPS, and click OK (Figure 7-8) Figure 7-7 Dynamic IP Address Connection AirLive RS-2500 User’s Manual...
  • Page 49 Enter Max. Downstream Bandwidth and Max. Upstream Bandwidth (According to the flow applied by user) Select Ping, HTTP and HTTPS, and click OK (Figure 7-10) Figure 7-9 Static IP Address Connection Figure 7-10 Complete Static IP Address Connection Setting AirLive RS-2500 User’s Manual...
  • Page 50 Server setting of WAN1 Interface. When selecting Ping, HTTP, and HTTPS on WAN network Interface, users will be able to ping the RS-2500 and enter the WebUI WAN network. It may influence network security. The suggestion is to Cancel Ping, HTTP, and HTTPS after all the settings have finished.

  • Page 51: Dmz

    Select Ping, HTTP and HTTPS STEP 3 Click OK (Figure 7-13) ﹒ STEP 4 Figure 7-13 Setting DMZ Interface Address (Transparent Mode) WebUI The Transparent Mode of DMZ setting is only available when WAN interface is set to Static IP. AirLive RS-2500 User’s Manual...

  • Page 52: Address

    8. Address Address The RS-2500 allows the Administrator to set Interface addresses of the LAN network, LAN network group, WAN network, WAN network group, DMZ and DMZ group. An IP address in the Address Table can be an address of a computer or a sub network. The Administrator can assign an easily recognized name to an IP address.

  • Page 53: Lan

    MAC Address : Enter the user’s MAC Address (00:4F:F3:F5:D3:54)  Select Get static IP address from DHCP Server  Click OK (Figure 8-2)  Figure 8-1 Setting LAN Address Book WebUI Figure 8-2 Complete the Setting of LAN AirLive RS-2500 User’s Manual...
  • Page 54 When the System Administrator creates the Address list, he/she can choose the way of clicking on to make the RS-2500 to fill out the user’s MAC Address automatically. The setting mode of WAN and DMZ of Address are the same as LAN;...

  • Page 55: Lan Group

    8. Address In LAN of Address function, the RS-2500 will default an Inside Any address represents the whole LAN network automatically. Others like WAN, DMZ also have the Outside Any and DMZ Any default address setting to represent the whole subnet.
  • Page 56 Enter the following settings in WAN of Address function: STEP 3  Click New Entry (Figure 8-8)  Enter the following data (Name, IP Address, Netmask)  Click OK (Figure 8-9) Figure 8-8 Add New WAN Address AirLive RS-2500 User’s Manual...
  • Page 57 In Outgoing Policy, select LAN Group as Source Address, and select WAN STEP 4 Address as the Destination Address. (Figure 8-10, 8-11) Figure 8-10 To Exercise Address Setting in Policy Figure 8-11 Complete the Policy Setting The Address function really takes effect only if uses with Policy. AirLive RS-2500 User’s Manual...

  • Page 58: Service

    TCP and UDP protocols support varieties of services, and each service consists of a TCP Port or UDP port number, such as TELNET (23), SMTP (21), SMTP (25), POP3 (110), etc. The RS-2500 includes two services: Pre-defined Service and Custom Service The common-use services like TCP and UDP are defined in the Pre-defined Service and cannot be modified or removed.

  • Page 59: Pre-Defined

    InterLocator, IRC, L2TP, LDAP, NetMeeting, NNTP, PPTP, Real-Media, RLOGIN, SSH, TCP-ANY, TELNET, VDO-Live, WAIS, WINFRAME, X-WINDOWS, MSN, …etc. UDP Service, For example : IKE, DNS, NFS, NTP, PC-Anywhere, RIP, SNMP, SYSLOG, TALK, TFTP, ICMP Service, Foe example:PING, TRACEROUTE…etc. AirLive RS-2500 User’s Manual...

  • Page 60: Custom

    TCP 1720, TCP 15328-15333, UDP 15328-15333) ﹒ Set LAN and LAN Group in Address function as follows: (Figure 9-1, 9-2) STEP 1 Figure 9-1 Setting LAN Address Book WebUI Figure 9-2 Setting LAN Group Address Book WebUI AirLive RS-2500 User’s Manual...
  • Page 61 (for example: 15328:15333). And if the port number that enters in the two spaces is the same port number, then enable the port number as one (for example: 1720:1720). AirLive RS-2500 User’s Manual...
  • Page 62 In Outgoing Policy, complete the setting of internal users using VoIP to connect STEP 5 with external network VoIP: (Figure 9-7) Figure 9-7 Complete the Policy for Internal VoIP to connect with External VoIP Service must cooperate with Policy and Virtual Server that the function can take effect. AirLive RS-2500 User’s Manual...

  • Page 63: Group

    9.3 Group Create a service group to collect service port for certain source or destination addresses can simplify RS-2500 setting, and also improve the performance of RS-2500. Because more Policy rules you create, the less performance you get.  Configuration Example Restrict the specific users can only access specific service resources (HTTP, POP3, SMTP, DNS).
  • Page 64 In LAN Group of Address function, set up an Address Group that can include the STEP 2 service of access to Internet. (Figure 9-10) Figure 9-10 Setting Address Book Group ﹒ Compare Service Group to Outgoing Policy. (Figure 9-11) STEP 3 Figure 9-11 Setting Policy AirLive RS-2500 User’s Manual...

  • Page 65: Schedule

    10. Schedule Schedule In this chapter, the RS-2500 provides the Administrator to configure a schedule for policy to take effect and allow the policies to be used at those designated times. And then the Administrator can set the start time and stop time or VPN connection in Policy or VPN. By using the Schedule function, the Administrator can save a lot of management time and make the network system most effective.
  • Page 66 10. Schedule Figure 10-2 Complete the Setting of Schedule Compare Schedule with Outgoing Policy (Figure 10-3) ﹒ STEP 2 Figure 10-3 Complete the Setting of Comparing Schedule with Policy The Schedule must compare with Policy. AirLive RS-2500 User’s Manual...

  • Page 67: Qos

     QoS Priority: To configure the priority of distributing Upstream/Downstream and unused bandwidth. The RS-2500 configures the bandwidth by different QoS, and selects the suitable QoS through Policy to control and efficiently distribute bandwidth. The RS-2500 also makes it convenient for the administrator to make the Bandwidth to reach the best utility.
  • Page 68 Policy will preserve the basic bandwidth.  Maximum Bandwidth The maximum bandwidth of QoS. The connection that uses the IPSec Autokey of  VPN or Policy, which bandwidth will not exceed the amount you set. AirLive RS-2500 User’s Manual...
  • Page 69 When the administrator are setting QoS, the bandwidth range that can be set is the value that system administrator set in the WAN of Interface. So when the System Administrator sets the downstream and upstream bandwidth in WAN of Interface, he/she must set up precisely. AirLive RS-2500 User’s Manual...
  • Page 70 STEP 4 Click New Entry (Figure 11-7)  Name: The name of the QoS you want to configure.  Enter the bandwidth in WAN1  Select QoS Priority as High  Click OK (Figure 11-8)  AirLive RS-2500 User’s Manual...
  • Page 71 Figure 11-7 Second QoS WebUI Setting Figure 11-8 Complete the both QoS Setting Policy  Outgoing: Create Outgoing Policy and assign each user with its QoS ﹒ STEP 5 rule. (Figure 11-9) Figure 11-9 Setting the QoS in Policy AirLive RS-2500 User’s Manual...
  • Page 72 6. QoS rule with high priority can get extra bandwidth first 7. G. Bandwidth + extra bandwidth will not exceed M. Bandwidth 8. If all QoS rules were set to same level priority, the first user who needs the extra bandwidth can get the bandwidth AirLive RS-2500 User’s Manual...

  • Page 73: Authentication

    By configuring the Authentication, you can control the user’s connection authority. The user has to pass the authentication to access to Internet. The RS-2500 configures the authentication of LAN’s user by setting account and password to identify the privilege. 12.1 Auth Setting Provide the Administrator the port number and valid time to setup RS-2500 authentication.
  • Page 74 1. Add the following setting in this function: (Figure 12-1) Figure 12-1 Authentication Setting WebUI 2. When the user connect to external network by Authentication, the following page will be displayed: (Figure 12-2) Figure 12-2 Authentication Login WebUI AirLive RS-2500 User’s Manual...
  • Page 75 3. It will connect to the appointed website after passing Authentication: (Figure 12-3) Figure 12-3 Connecting to the Appointed Website After Authentication If user asks for authentication positively, he/she can enter the LAN IP with the Authentication port number. And then the Authentication WebUI will be displayed. AirLive RS-2500 User’s Manual...

  • Page 76: Auth User

    Figure 12-4 Setting Several Auth Users WebUI To use Authentication, the DNS Server of the user’s network card must be the same as the LAN Interface Address of RS-2500. ﹒ User also can select to authenticate user with RADIUS server. Just need to enter STEP 2 the Server IP, Port number, password, and enable the function.

  • Page 77: Auth User

     Name: Enter Product_dept  Select the Auth User you want and Add to Selected Auth User  Click OK  Complete the setting of Auth User Group (Figure 12-7) Figure 12-7 Setting Auth Group WebUI AirLive RS-2500 User’s Manual...
  • Page 78 STEP 5 (Figure 12-8) Figure 12-8 Add first Policy rule to allow DNS passing through ﹒ Add second policy in Outgoing Policy and select the Authentication item. STEP 6 (Figure 12-9, 12-10) Figure 12-9 Auth-User Policy Setting AirLive RS-2500 User’s Manual...
  • Page 79 If the user does not need to access to Internet anymore and is going to logout, STEP 8 he/she can click LOGOUT Auth-User to logout the system. Or enter the Logout Authentication WebUI (http:// LAN Interface: Authentication port number/ logout.html) to logout (Figure 12-12) Figure 12-12 Logout Auth-User WebUI AirLive RS-2500 User’s Manual...

  • Page 80: Content Blocking

    Warning! The order to forbid all must be placed at the last. If you want to open a new website, you must delete the order of forbidding all and then input the new domain name. At last, re-type in the “forbid all” order again. AirLive RS-2500 User’s Manual...
  • Page 81 Complete setting a URL Blocking policy (Figure 13-1)  Figure 13-1 Content Filtering Table Policy  Outgoing: Add a Outgoing Policy and use in Content Blocking ﹒ STEP 2 function: (Figure 13-2) Figure 13-2 URL Blocking Policy Setting AirLive RS-2500 User’s Manual...

  • Page 82: Script

    Content Blocking function Select Popup Blocking  Select ActiveX Blocking  Select Java Blocking  Select Cookie Blocking  Click OK  Complete the setting of Script Blocking (Figure 13-4)  Figure 13-4 Script Blocking WebUI AirLive RS-2500 User’s Manual...
  • Page 83 Website in Outgoing Policy: (Figure 13-6) Figure 13-6 Complete Script Blocking Policy Setting The users may not use the specific function (like JAVA, cookie…etc.) to browse the website through this policy. It can forbid the user browsing stock exchange website…etc. AirLive RS-2500 User’s Manual...

  • Page 84: Download

    Click OK  Complete the setting of Download Blocking. (Figure 13-7)  Figure 13-7 Download Blocking WebUI Policy  Outgoing: Add a new Outgoing Policy and use in Content Blocking ﹒ STEP 2 function. (Figure 13-8) AirLive RS-2500 User’s Manual...
  • Page 85 Figure 13-8 Add New Download Blocking Policy Setting ﹒ Complete the Outgoing Policy of restricting the internal users to download video, STEP 3 audio, and some specific sub-name file by http protocol directly: (Figure 13-9) Figure 13-9 Complete Download Blocking Policy Setting AirLive RS-2500 User’s Manual...

  • Page 86: Upload

    Click OK  Complete the setting of Upload Blocking. (Figure 13-10)  Figure 13-10 Upload Blocking WebUI Policy  Outgoing: Add a new Outgoing Policy and use in Content Blocking ﹒ STEP 2 function. (Figure 13-11) AirLive RS-2500 User’s Manual...
  • Page 87 Figure 13-11 Add New Upload Blocking Policy Setting ﹒ Complete the Outgoing Policy of restricting the internal users to upload some STEP 3 specific sub-name file by http protocol directly: (Figure 13-12) Figure 13-12 Complete Upload Blocking Policy Setting AirLive RS-2500 User’s Manual...

  • Page 88: Application Blocking

    14. Application Blocking Application Blocking RS-2500 Application Blocking offers the system to block the connection of applications, such as IM, P2P, Video/Audio Application, Webmail, Game Application, Tunnel Application, and Remote Control Application.  Application Signature Definition: System will automatically check new signature per every one hour, or user can also click “Update NOW”...

  • Page 89: Application Blocking

    14. Application Blocking Due to RS-2500 hardware limitation, it is not possible to block all kinds of application in the world, so we just choose to block some popular application. If you require RS-2500 to block a specific application please contact with AirLive Support Team. We will evaluate the application and try to improve it.
  • Page 90 VNN Client, Ultra-Surf, Tor, and Hamachi. (Figure 14-8) Figure 14-8 Tunnel Application WebUI  Remote Control Application: Restrict the authority to access remote control application such as TeamViewer, VNC, and RemoteDestop. (Figure 14-9) Figure 14-9 Tunnel Application WebUI AirLive RS-2500 User’s Manual...
  • Page 91 Policy Object  Application Blocking  Setting: Create Second Application ﹒ STEP 4 Blocking rule for GroupB. So the user in GroupB can access MSN, but can not send files using MSN. (Figure 14-12) Figure 14-12 Create Second Application Groups AirLive RS-2500 User’s Manual...
  • Page 92 Figure 14-13 Create Second Application Groups Policy  Outgoing: Create three Outgoing Policy rules and assign the group with ﹒ STEP 6 its Application Blocking setting. (Figure 14-14) Figure 14-14 Create Policy rules with groups and enable Application Blocking AirLive RS-2500 User’s Manual...
  • Page 93 Transfer efficiently. It is suggested not to enable all Application Blocking, just select the Application type you need to block it. Because RS-2500 will examine every packet and analyze the packets’ behavior, so more application item you select to block, less performance you will have.

  • Page 94: Virtual Server

    IP addresses for all computers, an enterprise assigns each computer a private IP address, and converts it into a real IP address through RS-2500’s NAT (Network Address Translation) function. If a server that provides service to WAN network is located in LAN networks, external users cannot directly connect to the server by using the server’s...

  • Page 95: Mapped Ip

    RS-2500’s WAN subnet’s Real IP and then map Real IP to Private IP of LAN by the RS-2500. It is a one-to-one mapping. That is, to map all the service of one WAN Real IP Address to one LAN Private IP Address.
  • Page 96 Policy  Outgoing: Add a policy that includes STEP2, 4 in Outgoing Policy. It ﹒ STEP 6 makes the server to send e-mail to external mail server by mail service. (Figure 15-5) Figure 15-5 Complete the Outgoing Policy AirLive RS-2500 User’s Manual...

  • Page 97: Virtual Server

    Internet easily and may be attacked by Hacker. Be careful when you assign WAN interface IP address to Mapped IP function, the remote user may not access RS-2500 web console again. If you only apply one real IP address from ISP, we suggest choosing Virtual Server function instead of Mapped IP.
  • Page 98 15. Virtual Server  Configuration Example - Server Load Balance Create a Web Server and three mirror sites on LAN, configure RS-2500 Virtual Server function and assign 4 Server IP addresses to it. The Server Load Balance function works as Round Robin type, so each server will receives the access session in turn.
  • Page 99 Add a new policy in Incoming Policy, which includes the virtual server, set by ﹒ STEP 3 STEP2. (Figure 15-9) Figure 15-9 Complete Virtual Server Policy Setting ﹒ Complete the setting of providing a single service by virtual server. STEP 4 AirLive RS-2500 User’s Manual...
  • Page 100 Click the button next to Virtual Server Real IP (“click here to configure”) in  Server1 Virtual Server Real IP: Enter 60.250.158.65 (click Assist for assistance)  (Use WAN) Click OK (Figure 15-12)  Figure15-12 Virtual Server Real IP Setting WebUI AirLive RS-2500 User’s Manual...
  • Page 101 VoIP in Outgoing Policy (Figure 15-15) Figure 15-15 Complete the Policy Setting of VoIP Connection ﹒ Complete the setting of the external/internal user using specific service to STEP 7 communicate with each other by Virtual Server. AirLive RS-2500 User’s Manual...
  • Page 102 LAN server, and RS-2500 must translate the port so Internet user can access LAN service as well. Create a Web server on LAN site, and specify IP address 192.168.1.10 to the ﹒...
  • Page 103 Outgoing Policy. It makes server can send e-mail to external mail server by mail service. (Figure 15-21) Figure 15-21 Complete Outgoing Policy Setting ﹒ Complete the setting of providing several services by Virtual Server. STEP 7 AirLive RS-2500 User’s Manual...

  • Page 104: Vpn

    16. VPN The RS-2500 adopts VPN to set up safe and private network service. And combine the remote Authentication system in order to integrate the remote network and PC of the enterprise. Also provide the enterprise and remote users a safe encryption way to have best efficiency and encryption when delivering data.

  • Page 105: One-Step Ipsec

    ﹒ STEP 1 One-Step IPSec setting. Name: Quick_1  WAN Interface: WAN1  Subnet / Mask: 192.168.1.0 / 255.255.255.0  Remote Gateway: airlive15.dyndns.org  Subnet Mask: 192.168.100.0 / 255.255.255.0  Preshared Key: 12345678 (Figure 16-2)  AirLive RS-2500 User’s Manual...

  • Page 106: Ipsec Autokey

    Figure 16-4 One-Step IPSec Example - Trunk Figure 16-5 One-Step IPSec Example - Outgoing Policy Figure 16-6 One-Step IPSec Example - Incoming Policy The Incoming and Outgoing Policy rule with VPN enabled will be added to the top one automatically. AirLive RS-2500 User’s Manual...

  • Page 107: Ipsec Autokey

    To display the Algorithm way.   Configure: Click Modify to change the argument of IPSec; click Remove to remote the  setting. (Figure 16-7). Figure 16-7 IPSec Autokey WebUI  Necessary Item (Figure 16-8) Figure 16-8 Necessary Item WebUI AirLive RS-2500 User’s Manual...
  • Page 108 A message-digest hash algorithm that takes a message less than 264 bits and  produces a 160-bit digest.  MD5: MD5 is a common message digests algorithm that produces a 128-bit message  digest from an arbitrary length input, developed by Ron Rivest. AirLive RS-2500 User’s Manual...
  • Page 109  Aggressive mode: This is the first phase of the Oakley protocol in establishing a security association  using three data packets.  GRE/IPSec: The device Select GRE/IPSec (Generic Routing Encapsulation) packet seal  technology. AirLive RS-2500 User’s Manual...

  • Page 110: Pptp Server

     Uptime: Displays the connection time between PPTP Server and Client   Configure: Click Modify to modify the PPTP Server Settings or click Remove to remove the  setting. (Figure 16-10) Figure 14-10 PPTP Server WebUI AirLive RS-2500 User’s Manual...

  • Page 111: Pptp Client

     Uptime: Displays the connection time between PPTP Server and Client   Configure: Click Modify to change the argument of PPTP Client; click Remove to remote the  setting. (Figure 16-11) Figure 16-11 PPTP Client WebUI AirLive RS-2500 User’s Manual...

  • Page 112: Configuration Example: Ipsec & Pptp Vpn

    (Figure 17-1) Figure 17-1 Example 1 Topology  RS-2500 configuration of Company A: Enter the default IP of Gateway of Company A’s RS-2500 with 192.168.10.1, and ﹒ STEP 1 select IPSec Autokey in VPN. Click New Entry. (Figure 17-2) Figure 17-2 IPSec Autokey WebUI In the list of IPSec Autokey, fill in Name with VPN_A.
  • Page 113  ENC Algorithm: 3DES/DES/AES/NULL  AUTH Algorithm: MD5/SHA1 Here we select 3DES for ENC Algorithm and MD5 for AUTH Algorithm to make sure the encapsulation way for data transmission (Figure 17-7) Figure 17-7 IPSec Algorithm Setting AirLive RS-2500 User’s Manual...
  • Page 114 To Remote Subnet / Mask: Enter 192.168.20.0 / 255.255.255.0.  Tunnel: Select VPN_A.  Enter 192.168.20.1 (the Default Gateway of Company B) as the Keep alive IP  Select Show remote Network Neighborhood and Click OK. (Figure 17-11) Figure 17-10 New Entry Trunk Setting AirLive RS-2500 User’s Manual...
  • Page 115 ﹒ Enter the following setting in Outgoing Policy:(Figure 17-12) STEP 10  Trunk: Select VPN_Tunnel_A.  Click OK.(Figure 17-13) Figure 17-12 Setting the VPN Tunnel Outgoing Policy Figure 17-13 Complete the VPN Tunnel Outgoing Policy Setting AirLive RS-2500 User’s Manual...
  • Page 116 Enter the following setting in Incoming Policy: (Figure 17-14) ﹒ STEP 11  Trunk: Select VPN_Tunnel_A.  Click OK.(Figure 17-15) Figure 17-14 Setting the VPN Tunnel Incoming Policy Figure 17-15 Complete the VPN Tunnel Incoming Policy Setting AirLive RS-2500 User’s Manual...
  • Page 117 17. Configuration Example: IPSec & PPTP VPN  RS-2500 configuration of Company B: Enter the default IP of Gateway of Company B’s RS-2500, 192.168.20.1 and select STEP 1. IPSec Autokey in VPN. Click New Entry. (Figure 17-16) Figure 17-16 IPSec Autokey Web UI In the list of IPSec Autokey, fill in Name with VPN_B.
  • Page 118 After selecting GROUP1 in Perfect Forward Secrecy, enter 3600 seconds in STEP 7. ISAKMP Lifetime, enter 28800 seconds in IPSec Lifetime, and selecting Main mode in Mode. (Figure 17-22) Figure 17-22 IPSec Perfect Forward Secrecy Setting AirLive RS-2500 User’s Manual...
  • Page 119 Enter 192.168.10.1 (the Default Gateway of Company A) as the Keep alive IP  Select Show remote Network Neighborhood.  Click OK. (Figure 17-25) Figure 17-24 New Entry Trunk Setting Figure 17-25 Complete New Entry Trunk Setting AirLive RS-2500 User’s Manual...
  • Page 120 Enter the following setting in Outgoing Policy: (Figure 17-26) STEP 10.  Trunk: Select VPN_Tunnel_B.  Click OK.(Figure 17-27) Figure 17-26 Setting the VPN Tunnel Outgoing Policy Figure 17-27 Complete the VPN Tunnel Outgoing Policy Setting AirLive RS-2500 User’s Manual...
  • Page 121 If WAN IP address will be changed after a certain time, user can apply DDNS service and configure the domain name on VPN setting. So, user should type in the domain name in Remote Gateway item, instead of typing IP address. AirLive RS-2500 User’s Manual...

  • Page 122: Ipsec Vpn - Office To Office (2)

    This example takes two RS-2500s as work platform. The Company B of RS-2500 is installed behind a PPPoA modem router and the WAN interface is set to private IP address. So, the RS-2500 in Company B can create an IPSec VPN tunnel to RS-2500 in Company A. (Figure 17-30) Figure 17-30 Example 2 Topology ...
  • Page 123  ENC Algorithm: 3DES/DES/AES/NULL  AUTH Algorithm: MD5/SHA1 Here we select 3DES for ENC Algorithm and MD5 for AUTH Algorithm to make sure the encapsulation way for data transmission (Figure 17-36) Figure 17-36 IPSec Algorithm Setting AirLive RS-2500 User’s Manual...
  • Page 124 STEP 7 Lifetime, enter 28800 seconds in IPSec Lifetime, and selecting Main mode in Mode. Enter Company B’s RS-2500 WAN IP address as the peer ID of Company A’s RS-2500 VPN setting. (Figure 17-37) Figure 17-37 IPSec Perfect Forward Secrecy Setting ﹒...
  • Page 125 Figure 17-39 New Entry Trunk Setting Figure 17-40 Complete New Entry Trunk Setting ﹒ Enter the following setting in Outgoing Policy:(Figure 17-41) STEP 10  Trunk: Select VPN_Tunnel_A.  Click OK.(Figure 17-42) Figure 17-41 Setting the VPN Tunnel Outgoing Policy AirLive RS-2500 User’s Manual...
  • Page 126 Enter the following setting in Incoming Policy: (Figure 17-43) ﹒ STEP 11  Trunk: Select VPN_Tunnel_A.  Click OK.(Figure 17-44) Figure 17-43 Setting the VPN Tunnel Incoming Policy Figure 17-44 Complete the VPN Tunnel Incoming Policy Setting AirLive RS-2500 User’s Manual...
  • Page 127 17. Configuration Example: IPSec & PPTP VPN  RS-2500 configuration of Company B: Enter the default IP of Gateway of Company B’s RS-2500, 192.168.30.1 and select STEP 1. IPSec Autokey in VPN. Click New Entry. (Figure 17-45) Figure 17-45 IPSec Autokey Web UI STEP 2.
  • Page 128 ISAKMP Lifetime, enter 28800 seconds in IPSec Lifetime, and selecting Main mode in Mode. (Figure 17-51) Figure 17-51 IPSec Perfect Forward Secrecy Setting Complete the IPSec Autokey setting. (Figure 17-52) STEP 8. Figure 17-52 Complete Company B IPSec Autokey Setting AirLive RS-2500 User’s Manual...
  • Page 129 Enter 192.168.10.1 (the Default Gateway of Company A) as the Keep alive IP  Select Show remote Network Neighborhood.  Click OK. (Figure 17-54) Figure 17-53 New Entry Trunk Setting Figure 17-54 Complete New Entry Trunk Setting AirLive RS-2500 User’s Manual...
  • Page 130 Enter the following setting in Outgoing Policy: (Figure 17-55) STEP 10.  Trunk: Select VPN_Tunnel_B.  Click OK.(Figure 17-56) Figure 17-55 Setting the VPN Tunnel Outgoing Policy Figure 17-56 Complete the VPN Tunnel Outgoing Policy Setting AirLive RS-2500 User’s Manual...
  • Page 131 Enter the following setting in Incoming Policy: (Figure 17-57) STEP 11.  Trunk: Select VPN_Tunnel_B.  Click OK.(Figure 17-58) Figure 17-57 Setting the VPN Tunnel Incoming Policy Figure 17-58 Complete the VPN Tunnel Incoming Policy Setting Complete IPSec VPN Connection. STEP 12. AirLive RS-2500 User’s Manual...

  • Page 132: Ipsec Vpn - Office To Client

    SOHO Router - WAN IP: PPPoE with any IP, LAN IP: 192.168.1.x User installs VPN client software at PC, and create IPSec VPN tunnel from home or any place to RS-2500, so user can access RS-2500 LAN resource safely. (Figure 17-59) Figure 17-59 Example 3 Topology...
  • Page 133  ENC Algorithm: 3DES/DES/AES/NULL  AUTH Algorithm: MD5/SHA1 Here we select 3DES for ENC Algorithm and MD5 for AUTH Algorithm to make sure the encapsulation way for data transmission (Figure 17-65) Figure 17-65 IPSec Algorithm Setting AirLive RS-2500 User’s Manual...
  • Page 134 Mode. (Figure 17-66) Figure 17-66 IPSec Perfect Forward Secrecy Setting ﹒ Complete the IPSec Autokey setting. (Figure 17-67) STEP 8 Figure 17-67 Complete RS-2500 IPSec Autokey Setting ﹒ Enter the following setting in Trunk of VPN function: (Figure 17-68) STEP 9 ...
  • Page 135 ﹒ Enter the following setting in Outgoing Policy:(Figure 17-70) STEP 10  Trunk: Select VPN_Tunnel_A.  Click OK.(Figure 17-71) Figure 17-70 Setting the VPN Tunnel Outgoing Policy Figure 17-71 Complete the VPN Tunnel Outgoing Policy Setting AirLive RS-2500 User’s Manual...
  • Page 136 Enter the following setting in Incoming Policy: (Figure 17-72) ﹒ STEP 11  Trunk: Select VPN_Tunnel_A.  Click OK.(Figure 17-73) Figure 17-72 Setting the VPN Tunnel Incoming Policy Figure 17-73 Complete the VPN Tunnel Incoming Policy Setting AirLive RS-2500 User’s Manual...
  • Page 137 Right click “To_RS25” (Phase 1) and select “Add Phase 2”. STEP 3 Enter following information at Phase 2 page: (Figure 17-75) ﹒ STEP 4  Name: To_RS25_Tunnel  VPN Client Address: 192.168.1.2  Remote Address Type: Subnet Address  Remote LAN Address: 192.168.10.0 AirLive RS-2500 User’s Manual...
  • Page 138 Figure 17-75 Phase2 setting of IPSec VPN Client Software ﹒ Press “Open Tunnel” to build up IPSec VPN connection. STEP 5 When VPN Tunnel is established, the icon in tool bar will be changed to ﹒ STEP 6 AirLive RS-2500 User’s Manual...

  • Page 139: Pptp Vpn - Office To Office

    (Figure 17-76) Figure 17-76 PPTP connection Example-1  RS-2500 configuration of Company A: Enter PPTP Server of VPN function in the RS-2500 of Company A. Select Modify STEP 1. and enable PPTP Server:  Client IP Range: Keep the setting with original, ex. 192.3.106.1-254.
  • Page 140 PPTP function will not be workable. Idle Time: the setting time that the VPN Connection will auto-disconnect under unused situation. (Unit: minute) Add the following settings in PPTP Server of VPN function in the RS-2500 of STEP 2. Company A: ...
  • Page 141 To Remote Subnet / Mask: Enter 192.168.20.0 / 255.255.255.0.  Tunnel: Select PPTP_Server_jacky.  Select Show remote Network Neighborhood.  Click OK. (Figure 17-81) Figure 17-80 New Entry Trunk Setting Figure 17-81- Complete New Entry Trunk Setting AirLive RS-2500 User’s Manual...
  • Page 142 Enter the following setting in Outgoing Policy: (Figure 17-82) STEP 4.  Trunk: Select PPTP_Tunnel.  Click OK.(Figure 17-83) Figure 17-82 Setting the VPN Tunnel Outgoing Policy Figure 17-83 Complete the VPN Tunnel Outgoing Policy Setting AirLive RS-2500 User’s Manual...
  • Page 143 Enter the following setting in Incoming Policy: (Figure 17-84) STEP 5.  Trunk: Select PPTP_Tunnel.  Click OK.(Figure 17-85) Figure 17-84 Setting the VPN Tunnel Incoming Policy Figure 17-85 Complete the VPN Tunnel Incoming Policy Setting AirLive RS-2500 User’s Manual...
  • Page 144 17. Configuration Example: IPSec & PPTP VPN  RS-2500 configuration of Company B: Add the following settings in PPTP Client of VPN function in the RS-2500 of STEP 1. Company B:  Click New Entry Button. (Figure 17-86)  User Name: Enter jacky.
  • Page 145 To Remote Subnet / Mask: Enter 192.168.10.0 / 255.255.255.0.  IPSec / PPTP Setting: Select PPTP_Client_jacky.  Select Show remote Network Neighborhood.  Click OK. (Figure 17-89) Figure 17-88 New Entry Trunk Setting Figure 17-89 Complete New Entry Trunk Setting AirLive RS-2500 User’s Manual...
  • Page 146 Enter the following setting in Outgoing Policy: (Figure 17-90) STEP 3.  Trunk: Select PPTP_Client.  Click OK.(Figure 17-91) Figure 17-90 Setting the VPN Tunnel Outgoing Policy Figure 17-91 Complete the VPN Tunnel Outgoing Policy Setting AirLive RS-2500 User’s Manual...
  • Page 147 Enter the following setting in Incoming Policy: (Figure 17-92) STEP 4.  Trunk: Select PPTP_Client.  Click OK.(Figure 17-93) Figure 17-92 Setting the VPN Tunnel Incoming Policy Figure 17-93 Complete the VPN Tunnel Incoming Policy Setting Complete PPTP VPN Connection. STEP 5. AirLive RS-2500 User’s Manual...

  • Page 148: Pptp Vpn - Office To Client

    This example presents how the home user can connect to remote PPTP server. (Figure 17-94) Figure 17-94 PPTP connection Example-1  RS-2500 configuration: Enter PPTP Server of VPN function in the RS-2500 of Company A. Select Modify STEP 1. and enable PPTP Server: ...
  • Page 149 PPTP function will not be workable. Idle Time: the setting time that the VPN Connection will auto-disconnect under unused situation. (Unit: minute) Add the following settings in PPTP Server of VPN function in the RS-2500 of STEP 2. Company A: ...
  • Page 150 To Remote Subnet / Mask: Enter 192.168.20.0 / 255.255.255.0.  Tunnel: Select PPTP_Server_jacky.  Select Show remote Network Neighborhood.  Click OK. (Figure 17-99) Figure 17-98 New Entry Trunk Setting Figure 17-99- Complete New Entry Trunk Setting AirLive RS-2500 User’s Manual...
  • Page 151 Enter the following setting in Outgoing Policy: (Figure 17-100) STEP 4.  Trunk: Select PPTP_Tunnel.  Click OK.(Figure 17-101) Figure 17-100 Setting the VPN Tunnel Outgoing Policy Figure 17-101 Complete the VPN Tunnel Outgoing Policy Setting AirLive RS-2500 User’s Manual...
  • Page 152 Enter the following setting in Incoming Policy: (Figure 17-102) STEP 5.  Trunk: Select PPTP_Tunnel.  Click OK.(Figure 17-103) Figure 17-102 Setting the VPN Tunnel Incoming Policy Figure 17-103 Complete the VPN Tunnel Incoming Policy Setting AirLive RS-2500 User’s Manual...
  • Page 153  PPTP client setting on WinXP configuration: Control Panel  Network Connections: Press Create a new connection on left STEP 1. banner. (Figure 17-104) Figure 17-104 Control Panel > Network Connections Press Next. (Figure 17-105) STEP 2. Figure 17-105 Network Connections Wizard-1 AirLive RS-2500 User’s Manual...
  • Page 154 Select Connect to the network at my workplace, and press Next. STEP 3. (Figure 17-106) Figure 17-106 Network Connections Wizard-2 Select Virtual Private Network connection, and press Next. (Figure 17-107) STEP 4. Figure 17-107 Network Connections Wizard-3 AirLive RS-2500 User’s Manual...
  • Page 155 17. Configuration Example: IPSec & PPTP VPN Enter a name for the connection, and press Next. (Figure 17-108) STEP 5. Figure 17-108 Network Connections Wizard-4 Enter PPTP server IP address, and press Next. (Figure 17-109) STEP 6. Figure 17-109 Network Connections Wizard-5 AirLive RS-2500 User’s Manual...
  • Page 156 Press Finish to complete WinXP PPTP client setting. (Figure 17-110) STEP 7. Figure 17-110 Network Connections Wizard-6 Enter user name and password, and press Connect to connect PPTP server. STEP 8. (Figure 17-111) Figure 17-111 Connect to PPTP server AirLive RS-2500 User’s Manual...

  • Page 157: Policy

    Every packet has to be detected if it corresponds with Policy or not when it passes the RS-2500. When the conditions correspond with certain policy, it will pass the RS-2500 by the setting of Policy without being detected by other policy. But if the packet cannot correspond with any Policy, the packet will be intercepted.
  • Page 158  Define the required fields of Policy Source and Destination  Source IP and Destination IP is according to the RS-2500’s point of view. The active side is the source; passive side is destination. Service ...
  • Page 159 Policy). MAX. Bandwidth Per Source IP  Set the maximum bandwidth that permitted by policy. And if the IP bandwidth exceed the setting value, the surplus connection cannot be set successfully. AirLive RS-2500 User’s Manual...
  • Page 160 IP subnet. Move  Every packet that passes the RS-2500 is detected from the front policy to the last one. So it can modify the priority of the policy from the selection. AirLive RS-2500 User’s Manual...

  • Page 161: Configuration Example: Policy Setting

     Select Statistics  Click OK (Figure 19-1) Figure 19-1 Setting the different Policies ﹒ Complete the setting of Logging, Statistics, and Alarm Threshold in Outgoing STEP 2 Policy: (Figure 19-2) Figure 19-2 Complete Policy Setting AirLive RS-2500 User’s Manual...
  • Page 162 19. Configuration Example: Policy Obtain the information in Traffic of Log function if you want to monitor all the ﹒ STEP 3 packets of the RS-2500. (Figure 19-3) Figure 19-3 Traffic Log Monitor WebUI AirLive RS-2500 User’s Manual...
  • Page 163 19. Configuration Example: Policy To display the traffic record that through Policy to access to Internet in Policy ﹒ STEP 4 Statistics of Statistics function. (Figure 19-4) Figure 19-4 Statistics WebUI AirLive RS-2500 User’s Manual...

  • Page 164: Configuration Example (2) - Specific Wan Addresses, Content Blocking, Application Blocking

    Enter the following setting in URL Blocking, Script Blocking, and Download ﹒ STEP 1 Blocking in Content Blocking function, and Application Blocking Function: (Figure 19-5, 19-6, 19-7, 19-8) Figure 19-5 URL Blocking Setting Figure 19-6 Script Blocking Setting Figure 19-7 Download Blocking Setting AirLive RS-2500 User’s Manual...
  • Page 165 19. Configuration Example: Policy Figure 19-8 Application Blocking Setting URL Blocking can restrict the Internal Users only can access some specific Website. Script Blocking can restrict the Internal Users to access to Script file of Website. (Java, Cookies…, etc.) AirLive RS-2500 User’s Manual...
  • Page 166 STEP 2 (Figure 19-9, 19-10) Figure 19-9 Setting the WAN IP that going to block Figure 19-10 WAN Address Group The Administrator can group the custom address in Address. It is more convenient when setting policy rule. AirLive RS-2500 User’s Manual...
  • Page 167 Click New Entry  Destination Address: Select WAN_Group that set by STEP 2. (Blocking by  Action, WAN Port: Select Deny  Click OK (Figure 19-11) Figure 19-11 Setting first Policy rule to restrict accessing specific WAN Network AirLive RS-2500 User’s Manual...
  • Page 168 Figure 19-13 Complete Policy Setting Deny in Policy can block the packets that correspond to the policy rule. The System Administrator can put the policy rule in the front to prevent the user connecting with specific IP. AirLive RS-2500 User’s Manual...

  • Page 169: Configuration Example (3) - Authentication, Schedule

    Enter the following in Schedule function: (Figure 19-14) ﹒ STEP 1 Figure 19-14 Add New Schedule Enter the following in Auth User and Auth User Group in Authentication function: ﹒ STEP 2 (Figure 19-15) Figure 19-15 Setting Auth User Group AirLive RS-2500 User’s Manual...
  • Page 170 Service. It is more convenient when setting policy. ﹒ Create first Outgoing Policy to allow DNS service passing through: STEP 3  Click New Entry  Service: Select DNS.  Click OK (Figure 19-16) Figure 19-16 DNS Policy Setting AirLive RS-2500 User’s Manual...
  • Page 171 Figure 19-17 Setting a Policy of Authentication and Schedule ﹒ Complete the policy rule of only allows the users who pass authentication to STEP 5 access to Internet in particular time. (Figure 19-18) Figure 19-18 Complete Policy Setting AirLive RS-2500 User’s Manual...

  • Page 172: Configuration Example (4) - Virtual Server

    Create a custom service of VNC port. (TCP 5800, 5900) (Figure 19-19) STEP 1 Figure 19-19 Setting Custom Service ﹒ Select the following setting in Virtual Server1 of Virtual Server function, and STEP 2 assign to LAN IP 192.168.1.2 device. (Figure 19-20) Figure 19-20 Setting Virtual Server AirLive RS-2500 User’s Manual...
  • Page 173 Figure 19-21 Setting the External User Control the Internal PC Policy ﹒ Complete the policy for the external user to control the internal PC through remote STEP 4 control software. (Figure 19-22) Figure 19-22 Complete Policy Setting AirLive RS-2500 User’s Manual...

  • Page 174: Configuration Example (5) - Qos, Virtual Server, Max. Concurrent

    When using the function of Incoming or WAN to DMZ in Policy, strong suggests that cannot select ANY in Service. It may be attacked by Hacker easily. ﹒ Enter the following in QoS: (Figure 19-24) STEP 3 Figure 19-24 QoS Setting AirLive RS-2500 User’s Manual...
  • Page 175 Figure 19-25 Add New Policy ﹒ Complete the policy of restricting the external users to access to internal network STEP 5 server (which may occupy the resource of network) (Figure 19-26) Figure 19-26 Complete the Policy Setting AirLive RS-2500 User’s Manual...

  • Page 176: Web Vpn / Ssl Vpn

    20.1 Setting  Term of Setting (Figure 20-1) VPN IP of Client: Various settings between the client and the RS-2500 can be set  when establishing an SSL VPN including IP range, encryption algorithm,...
  • Page 177 VPN IP Range: The IP subnet of Web/SSL VPN connection. When user connects  to RS-2500 via Web/SSL VPN, he will obtain the IP address of this IP range. By default, the VPN IP Range is set to the different IP subnet with RS-2500 LAN IP, but remote user can still access RS-2500 LAN resource.
  • Page 178 User or Group: The client PC may not pass hardware authentication, however, if he can pass authentication User or Group, the client pc can still access RS-2500 LAN resource. Auto-disconnect if idle for □ Minutes: When client user does not access ...

  • Page 179: Hardware Auth

    Accepted Hardware Authentication User: A list of the permitted client hardware  can establish an SSL VPN connec tion to the RS-2500. Dropped Hardware Authentication User: A list of the client hardware is not  permitted to establish an SSL VPN connection with the RS-2500.

  • Page 180: Status

    Web / SSL VPN are supported for IE, Firefox, Safari, and Google Chrome browser. When user connects to RS-2500 Web/SSL VPN Server at first time, server will download java program to client pc. What if the client pc had pre-installed the other version of java program, and encountered...

  • Page 181: Configuration Example

    Click Interface  WAN, activate the HTTPS function. (Figure 20-5) ﹒ STEP 1 Figure 20-5 WAN Interface Click Policy Object  Authentication  User, add the following entries: ﹒ STEP 2 (Figure 20-6) Figure 20-6 User Authentication entries AirLive RS-2500 User’s Manual...
  • Page 182 Enter 0 in the Auto- disconnect if id le field.  Click OK. (Figure 20-8)  A new Internal Subnet of Server appears that shows the internal subnet that  the client is permitted to access. (Figure 20-9) AirLive RS-2500 User’s Manual...
  • Page 183 20. Web VPN / SSL VPN Figure 20-8 Enable Web VPN Setting Figure 20-9 New Web/SSL VPN is created AirLive RS-2500 User’s Manual...
  • Page 184 Enter http://61.11.11.11/sslvpn or http://59.124.36.170/webvpn in the URL  field (the RS-2500 interface address plus sslvpn or webvpn). (Figure 20-10) Figure 20-10 Login SSL VPN Screen Click Yes in the Security Alert window. (Figure 20-11)  Figure 20-11 Security Alert Window...
  • Page 185 In the Authentication window, enter josh in the User Name field. Enter 3333 in  the Password field. Click OK. (Figure 20-13) Figure 20-13 Authentication Window Installation in progress. (Figure 20-14)  Figure 20 -14 SSL VPN Software installation in p rogress AirLive RS-2500 User’s Manual...
  • Page 186 Accepted User list by clicking on to Accept. (Figure 20-17, 18, 19) Figure 20-17 Select the er and move to Accept Figure 20-18 Confirming To Move the User to the Accepted User List AirLive RS-2500 User’s Manual...
  • Page 187 The accepted user settings have now been complete. When a user establishes an STEP 8 SSL VPN conn ection through the RS-2500, the har dware can be directly authenticated without the need for entering a username and password again. When hardware authentication and user/group authentication are...
  • Page 188 Web VPN connection. If the client users' PC doesn't have SUN JAVA Runtime Environment software installed then it will automatically be downloaded and installed during the SSL VPN connection login phase AirLive RS-2500 User’s Manual...

  • Page 189: Anomaly Flow Ip

    21. Anomaly Flow IP Anomaly Flow IP hen the RS-2500 had detected attacks from hackers and internal PC who are sending rge DDoS attacks. The Anomaly Flow IP will start on blocking these packets to maintain e whole network. this chapter, we will have the detailed illustration about Anomaly Flow IP: ...

  • Page 190: Anomaly Flow Ip

    Virus-infec ted IP or send NetBIOS Alert notification to the infected PC Administrator’s PC. If the Administrator starts the E-Mail Alert Notification in Setting, the RS-2500 will send e-mail to Administrator automatically. AirLive RS-2500 User’s Manual AirLive RS-2500 User’s Manual...
  • Page 191 Administrator can enter the maximum number of ICMP packets per second from attacking source IP Address that is allow to enter the network / RS-2500. If the value exceeds the setting one, and then the device will determine it as an attack.
  • Page 192 【UDP Flood Threshold Blocking Time (Pe r Source IP) Seconds】: When  RS-2500 determines as being attacked, it will block the attacking source IP in the blocking time you set. After blocking for certain seconds, the device will start to calculate the max number of UPD packets from attacking source IP. If...
  • Page 193 IP. We can u se this function to avoid the problem. After System Manager enable Anomaly Flow IP, if the RS-2500 has detected any abnormal situation, the alarm message will appear in Virus-infected IP or Attack Event. And if the system manager starts...
  • Page 194 21. Anomaly Flow IP  Configuration Example To record the attack alarm about Hacker attacks the RS-2500 and Intranet. ﹒ lect the following settings in DoS / Anti-Attack Setting function: (Figure 2 1-2) STEP 1 Figure 21-2 DoS / Anti-Attack Setting WebUI ﹒...

  • Page 195: Monitor

    Administrator such as the time of change, settings that change, the IP address used to log in…etc.  Connection Log records all of the connections of RS-2500. When the connection occurs some problem, the Administrator can trace back the problem from the information.
  • Page 196 Add new policy setting and select to enable Traffic Log. TEP 1 (Figur e 22-1) Figure 22-1 Logging Policy Setting ﹒ Complete the Logging Setting in Policy: (Figure 22-2) STEP 2 Figure 22-2 Complete the Logging Setting AirLive RS-2500 User’s Manual...
  • Page 197 22. Monitor Click Traffic Log. It will show up the p ackets records that pass this policy. ﹒ STEP 3 (Figure 22-3) Figure 22-3 Traffic Log WebUI AirLive RS-2500 User’s Manual...
  • Page 198 Click on a specific IP of Source IP or Destination IP in Figure22-3, it will p rompt ﹒ STEP 4 out a WebUI a bout Protocol and Port of the IP. (Figure 22-4) Figure 22-4 The WebUI of detecting the Traffic Log by IP Address AirLive RS-2500 User’s Manual...
  • Page 199 22. Monitor ﹒ Click on Download Logs, RS-2500 will pop up a notepad file with the log recorded. STEP 5 User can choose the place to save in PC instantly. (Figure 22- Figure 22-5 Download Traffic Log Records WebUI AirLive RS-2500 User’s Manual...
  • Page 200 22. Monitor  Configuration Example (2) - Event Log To record the detailed management events (such as Interface and event description of RS-2500) of the Administrator ﹒ Click Event log of LOG. The management event records of the administrator will...
  • Page 201 22. Monitor Click on Download Logs, RS-2500 w ill pop up a notepad file with the log recorded. ﹒ STEP 2 User can choose the place to save in PC instantly. (Figure 22-7) Figure 22-7 Download Event Log Records WebUI...
  • Page 202 22. Monitor  Configuration Example (3) - Connection Log Click Connection in LOG. It can show up WAN Connection records of the RS-2500. (Figure 22-8) Figure 22-8 Connection records WebUI AirLive RS-2500 User’s Manual...
  • Page 203 22. Monitor Click on Download Logs, RS-2500 will pop up a notepad file with the log recorded. ﹒ STEP 1 User can choose the place to save in PC instantly. (Figure 22-9) Figure 22-9 Download Connection Log Records WebUI If the content of notepad file is not in order, user can read the file with WordPad or MS Word, Excel program, the logs will be displayed with good order.
  • Page 204 STEP 1 RS-2500. (Figure 22-10) Figure 22-10 Application Blocking records WebUI Click on Download Logs, RS-2500 will pop up a notepad file with the log recorded. ﹒ STEP 2 User can choose the place to save in PC instantly. (Figure 22-11) Figure 22-11 Download Application Blocking Log Records WebUI AirLive RS-2500 User’s Manual...
  • Page 205 RS-2500. (Figure 22-12) Figure 22-12 Content Blocking records WebUI ﹒ Click on Download Logs, RS-2500 will pop up a notepad file with the log recorded. TEP 2 User can choose the place to save in PC instantly. (Figure 22-13) Figure 22-13 Download Content Blocking Log Records WebUI...
  • Page 206 Figure 22-15 Log Mail and Syslog Configuration WebUI After Enable Log Mail Support, every time when LOG is up to 300Kbytes and it will accumulate the log records instantly. And the device will e-mail to the Administrator and clear logs automatically. AirLive RS-2500 User’s Manual...

  • Page 207: Accounting Report

    Administrator can use this Accounting Report to inquire the LAN IP users and WAN IP sers, and to gather the statistics of Downstrea m/Upstream, First packet/Last packet/Duration and the Service for the entire user’s IPs that pass the RS-2500.  Accounting Report Setting ...
  • Page 208 The IP address used by WAN users who use RS-2500  Destination IP:  The IP address used by LAN service server which uses RS-2500.  Service:  The communication service which listed in the menu when WAN users use RS-2500 to connect to LAN service server.
  • Page 209 LAN user, the sent time will be recorded by the RS-2500.  Duration:The period of time between the first packet and the last packet.  Total Traffic:The RS-2500 will record and display the amount of Downstream and Upstream packets passing from LAN user to WAN Server.
  • Page 210 RS-2500.  Duration:The period of time between the first packet and the last packet.  Total Traffic:The RS-2500 will record and display the amount of Downstream and Upstream packets passing from WAN Server to LAN user.
  • Page 211 : According to the downstream / upstream report of the selected TOP numbering to draw the Protocol Distribution chart. (Figure 22-20)  Service:To display the report sorted by Port, which LAN users use the RS-2500 to connect to WAN service server.
  • Page 212 List Table of Accounting Report window. Accounting Report function will occupy lots of hardware resource, so users must take care to choose the necessary items, in order to avoid slowing down the total performance. AirLive RS-2500 User’s Manual...
  • Page 213  Duration:The period of time starts from the first packet to the last packet to be recorded.  Total Traffic:The RS-2500 will record and display the amount of Downstream and Upstream packets passing from WAN users to LAN service server.
  • Page 214 The period of time st arts from the first packet to the last packet to be recorded.  Total Traffic:The RS-2500 will record the sum of time and show the percentage of each WAN user’s upstream / do wnstream to LAN service server.
  • Page 215  Duration:The period of time starts from the first packet to the last packet to be recorded.  Total Traffic:The RS-2500 will record the sum o f time and show the percentage of each Communication Service’s upstream / downstream to LAN service server.

  • Page 216: Statistic

    22. Monitor 22.3 Statistic In this chapter, the Administrator can inquire the RS-2500 for statistics of packets and data that passes across the RS-2500. The statistics provides the Administrator with information about network traffics and network loads.  WAN Statistics:...
  • Page 217 Statistics figure every week; click Month to check the Statistics figure every month; click Year to check the Statistics figure every year. ﹒ Statistics Chart (Figure 22-23) STEP 3  Y-Coordinate :Network Traffic(Kbytes/Sec)  X-Coordinate:Time(Hour/Minute) AirLive RS-2500 User’s Manual...
  • Page 218 22. Monitor Figure 22-23 To Detect WAN Statistics AirLive RS-2500 User’s Manual...
  • Page 219 Week to check the Statistics figure every week; click Month to check the Statistics figure every month; click Year to check the Statistics figure every year. ﹒ Statistics Chart (Figure 22-25) STEP 3  Y-Coordinate:Network Traffic(Kbytes/Sec)  X-Coordinate:Time(Hour/Minute/Day) AirLive RS-2500 User’s Manual...
  • Page 220 22. Monitor Figure 22-25 To Detect Policy Statistics AirLive RS-2500 User’s Manual...

  • Page 221: Diagnostic

     In Count, configure the quantity of packets to send out. (4 by default)  In Wait time, specify the duration to wait between successive pings. (1 second by default)  Select the interface from the Interface drop-down list.  Click OK. (Figure 22-27) Figure 22-26 Ping Settings AirLive RS-2500 User’s Manual...
  • Page 222 Destination IP / Domain name field.  When the VPN connection is established between the local subnet and remote subnet, the following method can be employed to test the packet transfer between the two subnets. (Figure 22-28) AirLive RS-2500 User’s Manual...
  • Page 223 Under Monitor > Diagnostic  Traceroute, the Traceroute command can be ﹒ STEP 1 used by the RS-2500 to send out packets to a specific address to diagnose the quality of the traversed network. (Figure 22-29)  In Destination IP / Domain name enter the destination address for the packets.
  • Page 224 22. Monitor Figure 22-30 Traceroute Results AirLive RS-2500 User’s Manual...

  • Page 225: Wake On Lan

    Normally the broadcast packets are not allowed to transfer within Internet, but user can login RS-2500 remotely and enable Wake on Lan function to boot up the LAN computer.  Configuration Example - Wake On Lan ﹒...

  • Page 226: Status

    Rx/Tx Pkts, Error Pkts: To display the received/sending packets and error packets of the Interface  Ping, HTTP: To display whether the users can Ping to the RS-2500 from the Interface or not; or enter its WebUI AirLive RS-2500 User’s Manual...
  • Page 227 STEP 1 (Figure 22-34)  IP Address: Th e authentication user IP  Auth-User Name: The account of the auth-user to login  Login Time: The login time of the user (Year/Month/DayHour/Minute/Second) Figure 22-34 Authentication Status WebUI AirLive RS-2500 User’s Manual...
  • Page 228 Enter ARP Table in Status function; it will display a table about IP Address, MAC ﹒ STEP 1 Address, and the Interface information which is connecting to the RS-2500: (Figure 22-35)  Anti-ARP virus software: Works to rewrite LAN ARP table as default ...
  • Page 229 ﹒ In DHCP Clients of Status function, it will display the table of DHCP Clients that STEP 1 are connected to the RS-2500: (Figure 22-36)  IP Addre ss: The dynamic IP that provided by DHCP Server  MAC Address: The IP that corresponds to the dynamic IP ...

  • Page 230: Frequent Asked Questions

    So, you can configure NTP server function for RS-2500 to refresh time when it boot up, but you have to make sure in advance that the WAN port of RS-2500 is working, and the time server you select is also working, or the time still will be reset as default setting after you reboot RS-2500.
  • Page 231 Once User Group A needs more bandwidth, the available bandwidth will be taken back from User Group C and assign to User Group A, because User Group A is designed to have the guarantee bandwid th, no matter the priority level is. =================================================================== AirLive RS-2500 User’s Manual...
  • Page 232 When I enable Application Blocking, why the performance will become slow? Answer: RS-2500 must check every packet to collect the data, in order to analyze the application type. So we strongly suggests user not to enable all Application Blocking items, just select the application type you would like to block.
  • Page 233 23. Frequent Asked Questions ==================================================================== uestion: Can I connect Web / SSL VPN from my Linux or MAC PC to RS-2500? Answer: No, you can only use Microsoft Windows or Vista system to connect RS-2500 eb / SSL VPN server.

  • Page 234: Specifications

    24. Specifications Specifications The specification of RS-2500 is subject to change without notice. Please use the information with caution. 24.1 Hardware Features Hardware Intel IXP 425, 533MHz DRAM 128 MB Flash ROM 16MB (Flash) Shield RJ-45 Ethernet UTP port 1 (10/100) LAN port (Switch Hub) ○...

  • Page 235: Specifications

    ○ ( LAN & DMZ ) DHCP Client / S erver DHCP Server assign dynamic IP Up to 512 Protocols Supported ○ DHCP Server assign static IP (MAC+IP) ○ NTP ( Network Time Protocol) ○ Wake on Lan AirLive RS-2500 User’s Manual...
  • Page 236 Connection Tunnels PPTP Client(Max entry) 16 / ○ Stateful Packet Inspectio ○ Supports Windows VPN Client ○ VPN Hub VPN Trunk(Max entry) Internal Su bnet of Server SSL VPN (Web VPN) Connection Tunnels(Max entry) ○ Hardware Auth AirLive RS-2500 User’s Manual...
  • Page 237 Max. Concurr nt Sessions ○ Incoming NAT mode & External To DMZ NAT mode Outgoing(Max entry) Incoming(Max entry) LAN T o DMZ(Max entry) WAN To DMZ(Max entry) DMZ To LAN(Max entr y) DMZ To WAN(Max entry) ○ Tips AirLive RS-2500 User’s Manual...
  • Page 238 IM / P2P Rule ○ Drop Intruding Packets ○/○/○ Traffic Log / Event Log / Connection Log ○ Syslog Settings Log Backup ○ E-mail alert when WAN link failure ○ H/W Watch-Dog Auto rebooting when detecting system fails AirLive RS-2500 User’s Manual...

  • Page 239: Network Glossary

    It is a computer network covering a small physical area or small group of buildings. Demilitarized Zone. When a router opens a DMZ port to an internal network device, it opens all the TCP/UDP service ports to this particular device. AirLive RS-2500 User’s Manual...

  • Page 240: System

    DDNS capability has a built-in DDNS client that updates the IP address information to DDNS service provider whenever there is a change. Therefore, users can build website or other Internet servers even if they don’t have f ixed IP connection. AirLive RS-2500 User’s Manual...
  • Page 241 Internet. ser Datagram Protocol. A layer-4 network protocol for transmitting data that does not require acknowledgement from the recipient of the data. AirLive RS-2500 User’s Manual...
  • Page 242 Wake on Lan Wake on Lan (WOL) function works to power on the computer remotely. The computer’s network card must also support WOL function, when it receive the waked up packets and e computer will auto boot up. AirLive RS-2500 User’s Manual...

  • Page 243: Vpn

    ISP for user authentication, particularly when pairing with legacy Alcatel / Thomson DSL modem. reshare Key he IKE VPN must be defined with a Preshared Key. The Key may be up to 128 bytes long. AirLive RS-2500 User’s Manual...
  • Page 244 NULL Algorithm doesn’t provide any other safety services but a way to substitute ESP Encryption. HA-1 (Secure Hash Algorithm-1) message-digest hash algorithm that takes a message less than 264 bits and produces a 160-bit digest. AirLive RS-2500 User’s Manual...

  • Page 245: Anomaly Flow Ip

    Microsoft operating systems: Windows XP and Windows 2000. Code Red The Code Red worm was a computer worm observed on the Internet on July 13, 2001. It ttacked computers running Microsoft's IIS web server. AirLive RS-2500 User’s Manual...
  • Page 246 Spoofing Hackers dis guise themselves as trusted users of the network in Spoof attacks. They use a fake identity to try to pass through the firewall system and invade the network. AirLive RS-2500 User’s Manual...
  • Page 247 DoS Attack Denial of Service. A type of network attack that floods the network with useless traffic. any DoS attacks, such as the Ping of Death and Teardro p attacks, exploit limitations in e TCP/IP protocols. AirLive RS-2500 User’s Manual...

Table of Contents