Page 4
APPENDIX B WINDOWS TCP/IP SETUP ...77 Overview...77 TCP/IP Settings ...77 APPENDIX C TROUBLESHOOTING...83 Overview...83 General Problems ...83 Internet Access ...83 Copyright 2004. All Rights Reserved. Document Version: 1.4 All trademarks and trade names are the properties of their respective owners. HotBrick Network Solutions...
Firewall Router provides Shared Broadband Internet Access and VPN tunnels for LAN users. Internet Features • Shared Broadband Internet Access All LAN users can access the Internet through the VPN 800/2 Firewall Router, by sharing one (1) or two (2) Broadband modems and connections. • High-Performance Dual Modem Support The VPN 800/2 Firewall Router has two (2) WAN ports, allowing connection of two (2) Broadband modems.
Page 6
• System Filter Exception With firewall exception, the packets will not be processed by firewall or NAT module, but be processed directly by system protocol stack. HotBrick Network Solutions Page 2...
Use your favorite WEB browser for configuration. • Remote Management The VPN 800/2 Firewall Router can be managed from any PC on your LAN. And, if the Internet connection exists, it can also (optionally) be configured via the Internet. •...
Yellow: Error Green Flash: LAN Active Yellow: Error Blinking – Data in/out Reset Button When pressed the reset button around 3 seconds, and release it. The VPN 800/2 Firewall Router will reset to factory default value. HotBrick Network Solutions Page 4...
Page 9
Also, some Status and Error conditions are indicated by combinations of LEDs, as shown below LED Action WAN, LAN Status LEDs flash alternatively. WAN & LAN LEDs flash concurrently. HotBrick Network Solutions Condition Firmware Download in progress. MAC address not assigned. Page 5...
Password cleared (no password) TFTP Download This setting should be used only if your VPN 800/2 Firewall Router is unusable, and you wish to restore it by downloading new firmware. Follow this procedure: 1. Power On the VPN 800/2 Firewall Router.
Page 11
• Save the current configuration settings to your PC (use the "Upload" button). • Restore a previously saved configuration file to the VPN 800/2 Firewall Router (use the "Download" button). • VPN 800/2 Firewall Router to its default values (use the "Set to Default" button).
1: Configuring the VPN 800/2 Firewall Router for your LAN 1. Use a standard LAN cable to connect your PC to any Hub port on the VPN 800/2 Firewall Router. 2. Connect the power core and power up the VPN 800/2 Firewall Router. Only use the power core provided;...
Page 13
192.168.1.254, with a Network Mask of 255.255.255.0. See Appendix B – Windows TCP/IP Setup for details. • Check that the VPN 800/2 Firewall Router is properly installed, LAN connection is OK, and it is powered ON. 8. After the login, you will then see the Admin Password screen, as shown below.
Page 14
The default settings are suitable for many situations. • See the following table for details of each setting. 11. Save your data, then go to Step 2, Installing the VPN 800/2 Firewall Router in your LAN. Settings – LAN & DHCP IP Address IP address for the VPN 800/2 Firewall Router, as seen from the local LAN.
Page 15
DHCP Server Setup - If you are already using a DHCP Server, the DHCP Server setting must be disabled, and the existing DHCP server must be set to provide the IP address of the VPN 800/2 Firewall Router as the Default Gateway.
Page 16
• Use the cable supplied with your DSL/Cable modem. If no cable was supplied, use a standard cable. 3. Use standard LAN cables to connect PCs to the Switching Hub ports on the VPN 800/2 Firewall Router. • Both 10BaseT and 100BaseT connections can be used simultaneously.
Page 17
Figure 2-4: Primary Setup Screen VPN 800/2 Firewall Router Settings – Primary Setup Connection Select the appropriate setting: Mode • Enable – Select this if you have connected a broadband modem to this port. • Disable – Select this if there is no broadband modem connected to this port.
Page 18
MAC address expected by your ISP in this field. Otherwise, this should be left at the default value. Setup of the HotBrick VPN 800/2 Firewall Router is now complete. PCs on your LAN must now be configured. See the following section for details.
For all non-Server versions of Windows, the default TCP/IP setting is to act as a DHCP client. In Windows, this is called Obtain an IP address automatically. Just start (or restart) your PC and it will obtain an IP address from the VPN 800/2 Firewall Router. •...
Ensure your DNS settings are correct. Linux Clients To access the Internet via the VPN 800/2 Firewall Router, it is only necessary to set the VPN 800/2 Firewall Router as the "Gateway", and ensure your Name Server settings are correct.
Page 21
By default, most Unix installations use a fixed IP Address. If you wish to continue using a fixed IP Address, make the following changes to your configuration. • Set your Default Gateway to the IP Address of the VPN 800/2 Firewall Router. • Ensure your DNS (Name server) settings are correct.
WAN ports. It can also be used to manually connect or disconnect a PPPoE session. Otherwise, this screen can be ignored. • Advanced PPTP setup is required if using the PPTP connection method. Port Options Figure 3-1: Port Options Page 18 HotBrick Network Solutions...
Page 23
Indicator” input box is left blank. Alive Indicator – This is the IP address used to check if the WAN connection is operating. The VPN 800/2 Firewall Router will contact this system to check if the WAN connection is working. Change this address if you wish.
HotBrick Network Solutions Load Balance This screen is only operational if using Internet connections on both WAN ports. Figure 3-2: Load Balance These settings are only functional if using both WAN ports. If using both WAN ports, these settings determine the proportion of traffic sent over each port.
Page 25
Use the "Restart Counters" button to restart these counters when required. Buttons • Update – Save the settings on this screen. • Refresh – Update the data on screen. • Restart Counters – Restart the counters used in the "Interface Statistics" section. HotBrick Network Solutions Page 21...
IP Address – If you have a fixed IP address, enter if here. Otherwise, this field should be left at 0.0.0.0. • Host Name – This field is used by a Host to uniquely associate an access concentrator to a particular Host request. Figure 3-3: Advanced PPPoE Page 22 HotBrick Network Solutions...
Page 27
Action Use the "Connect" and "Disconnect" buttons to establish or terminate a connection on this session, if required. Connection This displays the current connection status for each session. Status HotBrick Network Solutions Page 23...
Otherwise, this field should be left at 0.0.0.0. Action Use the "Connect" and "Disconnect" buttons to establish or terminate a connection on this session, if required. Connection This displays the current connection status. Status Figure 3-4: Advanced PPTP Page 24 HotBrick Network Solutions...
PC to use DHCP (Windows calls this "Obtain an IP address automatically") while gaining the benefits of a fixed IP address. The PC's IP address will never change, so it can be provided to other people and applications. HotBrick Network Solutions Page 25...
Page 30
"obtain an IP address automatically") while having an IP address, which never changes. • Reserved IP – Enter the IP address you wish to reserve, if the setting above is Enable. Otherwise, ignore this field. Figure 4: Host IP Setup Page 26 HotBrick Network Solutions...
Page 31
Update – Use this to update the selected entry, after making the desired changes. • Reset – Reverse any changes you have made since loading the data from the VPN 800/2 Firewall Router. Host & Group This table shows the current bindings. List...
Your Server's IP address is only valid on your LAN, not on the Internet. • Attempts to connect to devices on your LAN are blocked by the firewall in the VPN 800/2 Firewall Router. The "Virtual Server" feature solves these problems and allows Internet users to connect to your servers, as illustrated below.
Page 33
Each PC should have a fixed IP address, or have a reserved IP address. (See the Host IP section earlier in this chapter for details on reserving an IP address.) Figure 4-3: Virtual Server Page 29 HotBrick Network Solutions...
Server software. Each PC should have a fixed IP address, or have a reserved IP address. (See the Host IP section earlier in this Chapter for details on reserving an IP address.) Page 30 HotBrick Network Solutions...
Add – Create a new Special Application entry. Delete – Delete the selected entry. Update – Save any changes you have made to the current entry. Cancel – Cancel any changes you have made since the last save operation. Page 31 HotBrick Network Solutions...
To edit an existing entry, select it from this list, and click the "Select" button. The data for the selected application will then be displayed in the Special Application Configuration section. Make any required changes, and then click the "Update" button. Page 32 HotBrick Network Solutions...
Add – Create a new Special Application entry. Delete – Delete the selected entry. Update – Save any changes you have made to the current entry. Cancel – Cancel any changes you have made since the last save operation. Page 33 HotBrick Network Solutions...
This also solves the problem of having a dynamic IP address. With a dynamic IP address, your IP address may change whenever you connect to your ISP, which makes it difficult to connect to you. You must register for the Dynamic DNS service. The VPN 800/2 Firewall Router supports 4 types of service providers: •...
• Disable – Dynamic DNS is not used. • DNS4BIZ Hotbrick Premium – It provides reliability for normal business requirement. • DNS4BIZ Hotbrick Business – Designed for VPN connections & mission critical applications your DNS service is hosted on dedicated high-end servers with 24/7 Monitoring to ensure the highest possible availability &...
Page 40
Settings • Enable backup MX – If enabled, you must enter the Mail Exchanger address below. • Mail Exchanger – If the setting above is enabled, enter the address of the backup Mail Exchanger. HotBrick Network Solutions Page 36...
HotBrick Network Solutions Multi DMZ This feature allows each WAN port IP address to be associated with one (1) computer on your LAN. All outgoing traffic from that PC will be associated with that WAN port IP address. Any traffic sent to that IP address will be forwarded to the specified PC, allowing unrestricted 2-way communication between the "DMZ PC"...
Page 42
IP address.) Access Group You can decide the users to have the authority of using DMZ, by define the groups. Direction For DMZ, you can allow inbound, outbound only, or both inbound and outbound both. HotBrick Network Solutions Page 38...
You can find out there is an icon show up on network neighborhood on the window XP OS. Every time you add a new network device with port mapping, The new network device will appear on the mapping list. Figure 4-8: UPnP Page 39 HotBrick Network Solutions...
HotBrick Network Solutions NAT Setting NAT (Network Address Translation) is the technology which allows one (1) WAN (Internet) IP address to be used by many LAN users. Figure 4-9: NAT Page 40...
“Disable Port Translation” NAT Alias • For each alias entry, the Wan IP acts as an alias IP of the host with Local Lan IP to internet via the specified WAN port for the specified Protocol packets HotBrick Network Solutions Page 41...
This screen allows you to change some advanced settings: • Remote Access Configuration – This feature allows you to manage the VPN 800/2 Firewall Router via the Internet. You can restrict access to a specified IP address or address range.
Page 47
113. This means that port 113 is often probed by attackers as a rich source of your personal information. By default it is “Disable”. External These settings determine whether or not the VPN 800/2 Firewall Router should Filters respond to ICMP (ping) requests received from the WAN port. Configuration •...
Page 48
Using Remote Web-based Setup To connect to the Load Balancer from a remote PC via the Internet: 1. Ensure that both your PC and the VPN 800/2 Firewall Router are connected to the Internet. 2. Start your Web Browser. 3. In the "Address" bar, enter "HTTP://" followed by the Internet IP Address of the VPN 800/2 Firewall Router If the port number is not 80, the port number is also required.
IP address is checked against IP address entries on this screen. • Note that a single IP address may host many Web sites. Entering the IP address on this screen will block all Web sites hosted on that IP address. HotBrick Network Solutions Page 45...
Page 50
• Block Internet Enable/Disable – Use this to Enable or Disable each setting, as required. Access • Block URL/IP/Keyword – Enter the URL, IP address or keyword you wish to block. Figure 5-1: Block URL Page 46 HotBrick Network Solutions...
Hosts on the Host IP screen. If you wish to apply different restrictions on different Groups, select the desired Group, and click the "Select" button. The screen will update with data for the selected Group. Page 47 HotBrick Network Solutions...
Page 52
Port No. Range – Enter the range of port numbers used by the service you wish to block. If only a single port is required, enter it in both fields. Page 48 HotBrick Network Solutions...
Maximum in the sampling time, any new session of the host will be dropped for the pause time. Pause Time Within the pause time, no new session of the suspended host could be served by system.( Default is 5 minutes) Figure 5-3: Session Limit Page 49 HotBrick Network Solutions...
Select foreign port number range directly process by system protocol stack. If enable check box. Device Port Range Select device port number range directly process by system protocol stack. If enable check box. Figure 5-4: System Filter Exception Page 50 HotBrick Network Solutions...
VPN products are not interoperable. Although the VPN 800/2 Firewall Router can interoperate with many other VPN products. It is not possible for VPN 800/2 Firewall Router to provide specific technical support for every other product.
HotBrick Network Solutions IPSec Global Setting Figure 6-1 IPSec Global Setting Page 52...
Page 57
Force Deletion after Expiry – Once SA get expired, tunnel will be removed and related resources will be released to the system. Log Level It is a VPN Log Level. Select a VPN log level that you like to display on VPN log. HotBrick Network Solutions Page 53...
Page 59
Packets authentication proves that data comes from source you think it comes from. There are three authentications available. MD5, SHA1 and SHA2. Data encryption makes the data unreadable if intercepted. There are three encryption method available; DES/3DES and AES. The default is null. Page 55 HotBrick Network Solutions...
Page 60
HotBrick Network Solutions Key Management Key – Key Type: there are two key types (manual key and auto key) available for the key exchange management. Manual Key: If manual key is selected, no key negotiation is needed. Encryption Key- This field specifies a key to encrypt and decrypt IP traffic.
Page 61
DF flag is set, the outer header MUST copy it. Set DF Flag- If this DF (Do not Fragment) flag is set, it means the fragmentation of this packet at the IP level is not permitted. HotBrick Network Solutions Page 57...
7: QoS Configuration Overview The VPN 800/2 Firewall Router provides QoS, which supports the high quality of network service. Because it will classify outgoing packets based on some policies defined by users, make some real-time applications to get better response or performance.
Overwrite policy priority – Choose “yes” to set the priority of TOS field in IP packet overwrite the priority defined in policy configuration Policy Configuration When you use QoS, you must define some policies to make some packets to have higher priority to pass through. Figure 7-2: Policy Configuration Page 59 HotBrick Network Solutions...
Page 64
Source Port – Define the source port of packets here. • Destination Port – Define the destination port of packets here. • Priority Queue – It defines a packet if it meets all conditions defined above, it will be serviced with some priority level. HotBrick Network Solutions Page 60...
SNMP This section is only useful if you have SNMP (Simple Network Management Protocol) software on your PC. If you have SNMP software, you can use a standard MIB II file with the VPN 800/2 Firewall Router. Figure 8-1: SNMP...
• Device name – The name of VPN 800/2 Firewall Router. • Physical Location – The location of the VPN 800/2 Firewall Router. Trap Targets Enter the IP address of any targets (PCs running SNMP software) to which you want traps to be sent. All traps are level 1.
Page 67
This feature is useful to prevent ICMP attack from WAN or LAN. It will drop Notification the packets if the ping times are excessive the threshold value. It will send email to the administrator, if email is enabled. HotBrick Network Solutions Page 63...
HotBrick Network Solutions Syslog This feature can send real time system information on the web page or to the specified PC. Syslog Configuration – Syslog Configuration allow you where to send system information to other machine or not. There are up to three machines you can choose to send your system log.
Log Priority Level: The syslog messages are divided into 8 levels, from Emergency to Debug level. The lower level, the less messages will be generated. Emergency is the lowest priority level, and Debug is the highest one. HotBrick Network Solutions Page 65...
HotBrick Network Solutions Admin Password The password screen allows you to assign a password to the Firewall Router. Figure 8-4: Admin Password Screen Enter the desired password, re-enter it in the Verify Password field, then save it. When you connect to the Load Balancer with your Browser, you will be prompted for the password when you connect, as shown below.
• Enter the password for the VPN 800/2 Firewall Router, as set on the Admin Password screen above. Upgrade Firmware This Upgrade Firmware Screen allows you to upgrade firmware or backup system configuration by using HTTP upgrade. You can backup your system configuration by press “save” button of Save System Configuration.
The DHCP Server function in the Load Balancer must be disabled. This setting is on the LAN & DHCP screen. • Your DHCP Server must be configured to provide the VPN 800/2 Firewall Router's LAN IP address as the "Default Gateway". •...
All traffic for devices not on the local LAN must be forwarded to the Load Balancer, so that they can be forwarded to the Internet. This is done by configuring other Routers to use the VPN 800/2 Firewall Router as the Default Route or Default Gateway, as illustrated by the example below.
Page 74
For the VPN 800/2 Firewall Router Gateway's Routing Table For the LAN shown above, with 2 routers and 3 LAN segments, the VPN 800/2 Firewall Router requires 2 entries as follows. Entry 1 (Segment 1) Destination IP Address Network Mask...
10: Operation and Status Operation Once both the VPN 800/2 Firewall Router and the PCs are configured, operation is automatic. However, there are some situations where additional Internet configuration may be required: Refer to Chapter 4 - Advanced Features for further details.
Page 76
ISP's DHCP server. This will extend the period for which the current WAN IP address is allocated to you. • IP Address – The IP address of the VPN 800/2 Firewall Router, as seen from the Internet. This IP Address is allocated by the ISP (Internet Service Provider) •...
• Buttons Refresh – Update the data on screen. • Restart – Restart (reboot) the VPN 800/2 Firewall Router. • Restore Factory Defaults – This will delete all existing settings, and restore the factory default settings. See below for details.
These changes may mean that the current connection is invalid, and you will have to re-connect to the VPN 800/2 Firewall Router using its default IP address (192.168.1.1). WAN Status Use the WAN Status link on the main menu to view this screen.
This screen is displayed when you click the "Check NAT Detail" button on the WAN Status screen. Data – NAT Status • LAN IP Info IP Address – The LAN IP Address of the VPN 800/2 Firewall Router. • Mask Address – The Network Mask (Subnet Mask) for the IP Address above.
Page 80
This displays the current number of active connections. For further details, click the "View Connection" list button. Errors Statistics are displayed for Checksum errors, number of retries, and number of bad packets. Misc. This displays the total IP packets and reserved address. HotBrick Network Solutions Page 76...
Appendix A Specifications Model Hotbrick VPN 800/2 Firewall Router Dimensions 120mm (W) x 427mm (D) x 43.4mm (H) Operating 0° C to 40° C Temperature Storage -10° C to 70° C Temperature Network TCP/IP Protocol: Network 10 Ethernet: Interface: 8 * 10/100BaseT (RJ45) auto-Switching Hub ports for LAN devices...
If using the default Load Balancer settings, and the default Windows 95/98/ME/2000 TCP/IP settings, no changes need to be made. • By default, the VPN 800/2 Firewall Router will act as a DHCP Server, automatically providing a suitable IP Address (and related information) to each PC when the PC boots. •...
Page 83
DNS address or addresses provided by your ISP, then click OK. • On the Gateway tab, enter the VPN 800/2 Firewall Router's IP address in the New Gateway field and click Add, as shown below. (Your LAN administrator can advise you of the IP Address they assigned to the VPN 800/2 Firewall Router.)
2. Right click the Local Area Connection icon and select Properties. You should see a screen like the following: Figure B-5: Network Configuration (Win 2000) 3. Select the TCP/IP protocol for your network card. 4. Click on the Properties button. You should then see a screen like the following. Figure B-4: DNS Tab (Win 95/98)
Page 85
If your PC is already configured, check with your network administrator before making the following changes: • Enter the VPN 800/2 Firewall Router's IP address in the Default gateway field and click OK. (Your LAN administrator can advise you of the IP Address they assigned to the VPN 800/2 Firewall Router.) •...
2. Right click the Local Area Connection and choose Properties. You should see a screen like the following: Figure B-7: Network Configuration (Windows XP) 3. Select the TCP/IP protocol for your network card. 4. Click on the Properties button. You should then see a screen like the following. Page 82...
Page 87
If your PC is already configured, check with your network administrator before making the following changes. • Enter the VPN 800/2 Firewall Router's IP address in the Default gateway field and click OK. (Your LAN administrator can advise you of the IP Address they assigned to the VPN 800/2 Firewall Router.) •...
Troubleshooting Overview This chapter covers some common problems that may be encountered while using the VPN 800/2 Firewall Router and some possible solutions to them. If you follow the suggested steps and the VPN 800/2 Firewall Router still does not function properly, contact your dealer for further advice.
Page 89
Solution 2: The VPN 800/2 Firewall Router processes the data passing through it, so it is not transparent. Use the Special Applications feature to allow the use of Internet applications which do not function correctly. If this does solve the problem you can use the DMZ function. This should work with most applications, but: •...
Need help?
Do you have a question about the VPN 800 and is the answer not in the manual?
Questions and answers