1. Manuals
  2. Brands
  3. QNO Manuals
  4. Network Router
  5. 4WAN
  6. User manual

QNO 4 WAN User Manual

4 wan enterprise multi-wan vpn qos router
Hide thumbs Also See for 4 WAN:
Table of Contents

Advertisement

Quick Links

Download this manual
4 WAN
Enterprise Multi-WAN
VPN QoS Router
Load Balancing, Bandwidth Management,
VPN & Network Security Management
English User's Manual

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the 4 WAN and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for QNO 4 WAN

Summary of Contents for QNO 4 WAN

  • Page 1 4 WAN Enterprise Multi-WAN VPN QoS Router Load Balancing, Bandwidth Management, VPN & Network Security Management English User’s Manual...
  • Page 2 Manual, and the relevant rights and obligations between the users and Qno Technology Inc (hereafter "Qno"), and is the exclusion to remit or limit the liability of Qno. The users who obtain the file of this manual directly or indirectly, and users who use the relevant services, must obey this Agreement.
  • Page 3 【4-2】 In order to protect the autonomy of the business development and adjustment of Qno, Qno reserves the right to adjust or terminate the software / Manual any time without informing the users.
  • Page 4 If it is not solved by consultation, user agrees that the dissension or dispute is brought to trial in the jurisdiction of the court in the location of Qno. In Mainland China, the "China International Economic and Trade Arbitration Commission" is the arbitration organization.

  • Page 5: Table Of Contents

    Enterprise Multi-WAN VPN QoS Router Content I. Introduction..............................1 II. Multi- WAN VPN Router Installation .....................3 2.1 Systematic Setting Process ........................3 2.2 Setting Flow Chart ............................. 3 III. Hardware Installation ..........................6 3.1 LED Signal..............................6 3.2 VPN Router Network Connection......................8 IV.
  • Page 6 Enterprise Multi-WAN VPN QoS Router 7.6 IP Grouping..............................65 VIII. QoS (Quality of Service) ........................66 8.1 Bandwidth Management ........................67 8.1.1 The Maximum Bandwidth provided by ISP................67 8.1.2 QoS ..............................68 8.2 Session control............................74 8.3 Smart QoS ..............................77 IX.
  • Page 7 Appendix II: : : : Troubleshooting........................196 (1) Block BT Download..........................196 (2)Shock Wave and Worm Virus Prevention ................... 197 (3)Block QQLive Video Broadcast Setting ..................199 (4)ARP Virus Attack Prevention......................201 Appendix III: : : : Qno Technical Support Information ................210...

  • Page 8: Introduction

    VPN functionality. Qno is a supporter of the IPSec Protocol. IPSec VPN provides DES, 3DES, AES-128 encryption, MD5, SH1 certification, IKE Pre-Share Key, or manual password interchange. VPN Router also supports aggressive mode.
  • Page 9 Enterprise Multi-WAN VPN QoS Router The advanced built-in firewall function enables VPN Router to resist most attacks from the Internet. It utilizes active detection technology SPI (Stateful Packet Inspection). The SPI firewall functions mainly within the network by dynamically inspecting each link. The SPI firewall also has a warning function for the application process;...

  • Page 10: Multi- Wan Vpn Router Installation

    Enterprise Multi-WAN VPN QoS Router II. Multi- WAN VPN Router Installation In this chapter we are going to introduce hardware installation. Through the understanding of multi-WAN setting process, users can easily setup and manage the network,making VPN Router functioning and having best performance. 2.1 Systematic Setting Process Users can set up and enable the network by utilizing bandwidth efficiently.
  • Page 11 Enterprise Multi-WAN VPN QoS Router Setting Content Purpose Configure the Install the device hardware based on user Hardware network to meet physical requirements. installation user’s demand. Login Login the device Login the device web- based UI. with Web Browser. Verify device Verify Firmware Verify the device specification, Firmware specification...
  • Page 12 Enterprise Multi-WAN VPN QoS Router Block attack, Set Administrators can block BT to avoid Set Firewall: prevent Access rule and bandwidth occupation, and enable access attack and improper restrict Web rules to restrict employee accessing access to network access. internet improperly or using MSN, QQ and resources Skype during working time.

  • Page 13: Hardware Installation

    Enterprise Multi-WAN VPN QoS Router III. Hardware Installation In this chapter we are going to introduce hardware interface as well as physical installation. 3.1 LED Signal LED Signal Description Color Description Green Green LED on: Power ON Power Amber Amber LED on: System self-test is running. DIAG Amber LED off: System self-test is completed successfully.
  • Page 14 Enterprise Multi-WAN VPN QoS Router Installing the device on a Standard 19” Rack We suggest to either place the device on a desk or install it in a rack with attached brackets. Do not place other heavy objects together with the device on a rack. Overloading may cause the rack to fail, thus causing damage or danger.

  • Page 15: Vpn Router Network Connection

    Enterprise Multi-WAN VPN QoS Router 3.2 VPN Router Network Connection WAN connection :A WAN port can be connected with xDSL Modem, Fiber Modem, Switching Hub, or through an external router to connect to the Internet. LAN Connection: The LAN port can be connected to a Switching Hub or directly to a PC. Users can use servers for monitoring or filtering through the port after “Physical Port Mangement”...

  • Page 16: Login

    Enterprise Multi-WAN VPN QoS Router IV. Login This chapter is mainly introducing Web- based UI after conneting the device. First, check up the device’s IP address by connecting to DOS through the LAN PC under the device. Go to Start Run, enter cmd to commend DOS, and enter ipconfig for getting Default →...
  • Page 17 Enterprise Multi-WAN VPN QoS Router Then, open webpage browser, IE for example, and key in 192.168.1.1 in the website column. The login window will appear as below: The device’s default username and password are both “admin”. Users can change the login password in the setting later.

  • Page 18: Device Spec Verification, Status Display And Login Password And Time Setting

    Enterprise Multi-WAN VPN QoS Router V. Device Spec Verification, Status Display and Login Password and Time Setting This chapter introduces the device specification and status after login as well as change password and system time settings for security. 5.1 Home Page In the Home page, all the device’s parameters and status are listed for users’...

  • Page 19: Physical Port Status

    Enterprise Multi-WAN VPN QoS Router Quality of Indicates how many QoS rules are set. Service: Manual Connect: When “Obtain an IP automatically” is selected, two buttons (Release and Renew) will appear. If a WAN connection, such as PPPoE or PPTP, is selected, “Disconnect”...

  • Page 20: System Information

    Enterprise Multi-WAN VPN QoS Router The current port setting status information will be shown in the Port Information Table. Examples: type (10Base-T/100Base-TX/1000Base-T), iniferface (WAN/ LAN/ DMZ), link status (Up/ Down), physical port status (Port Enabled/ Port Disabled), priority (high or normal), speed status (10Mbps or 100Mbps), duplex status (Half/ Full), auto negotiation (Enabled or Disabled).

  • Page 21: Firewall Status

    Enterprise Multi-WAN VPN QoS Router Device IP Address/ Subnet Mask:Identifies the current device IP address and subnet mask. The default is 192.168.1.1 and 255.255.255.0 Working Mode:Indicates the current working mode. Can be Gateway or Router mode. The default is “Gateway” mode. System active time: Indicates how long the device has been running.

  • Page 22: Vpn Status

    Enterprise Multi-WAN VPN QoS Router 5.1.5 VPN Status VPN Setting Status: Indicates VPN setting information in the device. Tunnel(s) Used:Indicates number of tunnels that have been configured in VPN (Virtual Private Network). Tunnel(s) Available:Indicates number of tunnels that are available for VPN (Virtual Private Network).

  • Page 23: Change And Set Login Password And Time

    You can press Reset button for more than 10 sec, the device will return back to default. User Name: The default is “admin”. Old Password: Input the original password.(The default is “admin”.) New User Name: Input the new user name. i.e.Qno New Password: Input the new password.

  • Page 24: Time

    Enterprise Multi-WAN VPN QoS Router Confirm New Input the new password again for verification. Password: Apply: Click “Apply” to save the configuration. Cancel: Click “Cancel" to leave without making any change. This action will be effective before ”Apply” to save the configuration. 5.2.2 Time The device can adjust time setting.
  • Page 25 Enterprise Multi-WAN VPN QoS Router Time Zone: Select your location from the pull-down time zone list to show correct local time. Daylight Saving: If there is Daylight Saving Time in your area, input the date range. The device will adjust the time for the Daylight Saving period automatically.

  • Page 26: Network

    Enterprise Multi-WAN VPN QoS Router VI. Network This Network page contains the basic settings. For most users, completing this general setting is enough for connecting with the Internet. However, some users need advanced information from their ISP. Please refer to the following descriptions for specific configurations. 6.1 Network Connection...

  • Page 27: Host Name And Domain Name

    Enterprise Multi-WAN VPN QoS Router 6.1.1 Host Name and Domain Name Device name and domain name can be input in the two boxes. Though this configuration is not necessary in most environments, some ISPs in some countries may require it. 6.1.2 LAN Setting This is configuration information for the device current LAN IP address.

  • Page 28: Wan & Dmz Settings

    Enterprise Multi-WAN VPN QoS Router This function enables users to input IP segments that differ from the router network segment to the multi-net segment configuration; the Internet will then be directly accessible. In other words, if there are already different IP segment groups in the Intranet, the Internet is still accessible without making any changes to internal PCs.
  • Page 29 Enterprise Multi-WAN VPN QoS Router Interface: An indication of which port is connected. Connection Type: Obtain an IP automatically, Static IP connection, PPPoE (Point-to-Point Protocol over Ethernet), PPTP (Point-to-Point Tunneling Protocol) or Transparent Bridge. Config.: A modification in an advanced configuration: Click Edit to enter the advanced configuration page.
  • Page 30 Enterprise Multi-WAN VPN QoS Router The WAN disconnection schedule will be activated by checking Enable Line-Dropped this option. In some areas, there is a time limitation for WAN Scheduling: connection service. For example: the optical fiber service will be disconnected from 0:00 am to 6:00 am. Although there is a standby system in the device, at the moment of WAN disconnection, all the external connections that go through this WAN will be disconnected too.
  • Page 31 Enterprise Multi-WAN VPN QoS Router Input the available static IP address issued by ISP. WAN IP address: Input the subnet mask of the static IP address issued by ISP, such as: Subnet Mask: Issued eight static IP addresses: 255.255.255.248 Issued 16 static IP addresses: 255.255.255.240 Input the default gateway issued by ISP.
  • Page 32 Enterprise Multi-WAN VPN QoS Router The WAN disconnection schedule will be activated by checking this Enable option. In some areas, there is a time limitation for WAN connection Line-Dropped service. For example: the optical fiber service will be disconnected Scheduling: from 0:00 am to 6:00 am.
  • Page 33 Enterprise Multi-WAN VPN QoS Router Input the user name issued by ISP. User Name: Input the password issued by ISP. Password This function enables the auto-dialing function to be used in a Connect on PPPoE dial connection. When the client port attempts to connect Demand: with the Internet, the device will automatically make a dial connection.
  • Page 34 Enterprise Multi-WAN VPN QoS Router The WAN disconnection schedule will be activated by checking Enable this option. In some areas, there is a time limitation for WAN Line-Dropped connection service. For example: the optical fiber service will be Scheduling disconnected from 0:00 am to 6:00 am. Although there is a standby system in the device, at the moment of WAN disconnection, all the external connections that go through this WAN will be disconnected too.
  • Page 35 Enterprise Multi-WAN VPN QoS Router password issued by ISP, and use the built-in PPTP software to connect with the Internet. This option is to configure a static IP address. The IP address to WAN IP be configured could be one issued by ISP. (The IP address is Address: usually provided by the ISP when the PC is installed.
  • Page 36 Enterprise Multi-WAN VPN QoS Router This function enables the auto-dialing function to be used for a Connect on PPTP dial connection. When the client port attempts to connect Demand: with the Internet, the device will automatically connect with the default ISP auto dial connection; when the network has been idle for a period of time, the system will break the connection automatically.
  • Page 37 Enterprise Multi-WAN VPN QoS Router If your WAN connects to a Switch, select “Enabled” to filter Shared- Circuit broadcast packets. The default is “Disabled”. environment MTU: : : : MTU is abbreviation of Maximum Transmission Unit. “Auto” and “Manual” can be chosen. The default value is 1500. Different value could be set in different network environment.
  • Page 38 Enterprise Multi-WAN VPN QoS Router WAN IP Address: Input one of the static IP addresses issued by ISP. Subnet Mask: Input the subnet mask of the static IP address issued by ISP, such as: Issued eight static IP addresses: 255.255.255.248 Issued 16 static IP addresses: 255.255.255.240 Default Gateway Address:...
  • Page 39 Enterprise Multi-WAN VPN QoS Router Enable Line-Dropped The WAN disconnection schedule will be activated by Scheduling: checking this option. In some areas, there is a time limitation for WAN connection service. For example: the optical fiber service will be disconnected from 0:00 am to 6:00 am.
  • Page 40 Enterprise Multi-WAN VPN QoS Router externally connected servers such as WEB and Mail servers. Therefore, the device supports a set of independent DMZ ports for users to set up connections for servers with real IP addresses. The DMZ ports act as bridges between the Internet and LANs. IP address: Indicates the current default static IP address.
  • Page 41 Enterprise Multi-WAN VPN QoS Router IP Range: Input the IP range located at the DMZ port. After the changes are completed, click “Apply” to save the configuration, or click “Cancel" to leave without making any changes.

  • Page 42: Multi- Wan Setting

    Enterprise Multi-WAN VPN QoS Router 6.2 Multi- WAN Setting 6.2.1 Load Balance Mode Auto Load Balance Mode When Auto Load Balance mode is selected, the device will use sessions or IP and the WAN bandwidth automatically allocate connections to achieve load balancing for external connections. The network bandwidth is set by what users input for it.
  • Page 43 Enterprise Multi-WAN VPN QoS Router For example, if users want to assign IP 192.168.1.100 to go through WAN 1 when connecting with the Internet, or assign all Intranet IP to go through WAN 2 when connecting with servers with port 80, or assign all Intranet IP to go through WAN 1 when connecting with IP 211.1.1.1, users can do that by configuring “Protocol Binding”.
  • Page 44 Enterprise Multi-WAN VPN QoS Router Attention: When assigning mode is selected, as in the above example, the IP(s) or service provider(s) configured in the connection rule will follow the rule for external connections, but those which are not configured in the rule will still follow the device Load Balance system to go through other WAN ports to connect with the Internet.
  • Page 45 Enterprise Multi-WAN VPN QoS Router Name: To define a name for the WAN grouping in the box, such as “Education” etc. The name is for recognizing different WAN groups. Interface: Check the boxes for the WANs to be added into this combination.

  • Page 46: Network Detection Service

    Enterprise Multi-WAN VPN QoS Router To build a policy document users can use a text-based editor, such as Notepad, which is included with Windows system. Follow the text format in the figure below to key in the destination IP addresses users want to assign. For example, if the destination IP address range users want to designate is 140.115.1.1 ~ 140.115.1.255, key in 140.115.1.1 ~ 140.115.1.255 in Notepad.
  • Page 47 Enterprise Multi-WAN VPN QoS Router Select the WAN Port that enables Network Service Detection. Interface: This selects the retry times for network service detection. The Retry: default is five times. If there is no feedback from the Internet in the configured “Retry Times", it will be judged as “External Connection Disconnected”.
  • Page 48 Enterprise Multi-WAN VPN QoS Router for 10.0.0.1~10.254.254.254 cannot be transmitted through WAN 2, and there is no need to remove the connection when WAN 1 is disconnected. (2) Keep System Log and Remove the Connection: If an ISP connection failure is detected, no error message will be recorded in the System Log.

  • Page 49: Protocol Binding

    Enterprise Multi-WAN VPN QoS Router In addition, do not input the same web address in this box for two different WANs. Note! In the load balance mode for Assigned Routing, the first WAN port (WAN1) will be saved for the traffic of the IP addresses or the application service ports that are not assigned to other WANs (WAN2, WAN3, and WAN4).
  • Page 50 Enterprise Multi-WAN VPN QoS Router Protocol Binding Users can define specific IP addresses or specific application service ports to go through a user-assigned WAN for external connections. For any other unassigned IP addresses and services, WAN load balancing will still be carried out. Note!...
  • Page 51 Enterprise Multi-WAN VPN QoS Router This is to select the Binding Service Port to be activated. The Service: default (such as ALL-TCP&UDP 0~65535, WWW 80~80, FTP 21 to 21, etc.) can be selected from the pull-down option list. The default Service is All 0~65535.
  • Page 52 Enterprise Multi-WAN VPN QoS Router Note! The rules configured in Protocol Binding will be executed by the device according to their priorities too. The higher up on the list, the higher the priority of execution. Show Table: Click the “Show Table” button. A dialogue box as shown in the following figure will be displayed.
  • Page 53 Enterprise Multi-WAN VPN QoS Router In this box, input the name of the Service Port which Service Name: users want to activate, such as BT, etc. This option list is for selecting a packet format, such as Protocol: TCP or UDP for the Service Ports users want to activate. In the boxes, input the range of Service Ports users Port range: want to add.
  • Page 54 Enterprise Multi-WAN VPN QoS Router As in the figure below, select “All Traffic” from the pull-down option list “Service”, and then in the boxes of “Source IP” input the source IP address “192.168.1.100” to “100”. Retain the original numbers “0.0.0.0” in the boxes of “Destination IP” (which means to include all Internet IP addresses).
  • Page 55 Enterprise Multi-WAN VPN QoS Router Example 3:How do I set up Auto Load Balance Mode to keep all Intranet IP addresses from going through WAN2 when the destination port is Port 80 and keep all other services from going through WAN1? As in the figure below, there are two rules to be configured.
  • Page 56 Enterprise Multi-WAN VPN QoS Router Internet IP addresses). Select WAN1 from the pull-down option list “Interface”, and then click “Enable”. Finally, click “Add New” and the rule will be added to the mode. The device will transmit packets that are not going to Port 80 to the Internet through WAN1. Configuring “Assigned Routing Mode”...
  • Page 57 Enterprise Multi-WAN VPN QoS Router through WAN1? As in the figure below, select “HTTP[TCP/80~80]” from the pull-down option list “Service”, and then in the boxes of “Source IP” input “192.168.1.0 ~ 0” (which means to include all Intranet IP addresses). Retain the original numbers “0.0.0.0” in the boxes of “Destination IP”...
  • Page 58 Enterprise Multi-WAN VPN QoS Router Port [TCP&UDP/1~65535]” from the pull-down option list “Service”, and then in the boxes of “Source IP” input “192.168.1.0 ~ 0” (which means to include all Intranet IP addresses). In the boxes for “Destination IP” input “211.1.1.1 ~ 211.254.254.254”. Select WAN2 from the pull-down option list “Interface”, and then click “Enable”.

  • Page 59: Port Management

    Enterprise Multi-WAN VPN QoS Router VII. Port Management This chapter introduces how to configure ports and understand how to configure intranet IP addresses. 7.1 Setup Through the device, users can easily manage the setup for WAN ports, LAN ports and the DMZ port by choosing the number of ports, speed, priority, duplex and enable/disable the auto-negotiation feature for connection setting of each port.
  • Page 60 Enterprise Multi-WAN VPN QoS Router Mirror Port:Users can configure LAN 1 as mirror port by choosing “Enable Port 1 as Mirror Port”. All the traffic from LAN to WAN will be copied to mirror port. Administrator can control or filter the traffic through mirror port. Once this function is enabled, LAN 1 will be shown as Mirror Port in Physical Port Status, Home page.
  • Page 61 Enterprise Multi-WAN VPN QoS Router Disabled: This feature allows users turn on/off the Ethernet port. If selected, the Ethernet port will be shut down immediately and no connection can be made. The default value is "on". Priority: This feature allows users to set the high/low priority of the packet delivery for the Ethernet port.

  • Page 62: Port Status

    Enterprise Multi-WAN VPN QoS Router 7.2 Port Status Summary: There are Network Connection Type, Interface, Link Status (Up/Down), Port Activity (Port Enabled), Priority Setting (High or Normal), Speed Status (10Mbps or 100Mbps), Duplex Status (half duplex or full duplex), Auto Neg. (Enabled/Disabled), and VLAN.
  • Page 63 Enterprise Multi-WAN VPN QoS Router Statistics: The packet data of this specific port will be displayed. Data include receive/ transmit packet count, receive/ transmit packet Byte count and error packet count. Users may press the refresh button to update all real-time messages.

  • Page 64: Ip/ Dhcp

    Enterprise Multi-WAN VPN QoS Router 7.3 IP/ DHCP With an embedded DHCP server, it supports automatic IP assignation for LAN computers. (This function is similar to the DHCP service in NT servers.) It benefits users by freeing them from the inconvenience of recording and configuring IP addresses for each PC respectively.
  • Page 65 Enterprise Multi-WAN VPN QoS Router Dynamic IP: Client lease Time: Check the option to activate the DHCP server automatic IP lease function. If the function is activated, all PCs will be able to acquire IP automatically. Otherwise, users should configure static virtual IP for each PC individually.

  • Page 66: Dhcp Status

    Enterprise Multi-WAN VPN QoS Router 7.4 DHCP Status This is an indication list of the current status and setup record of the DHCP server. The indications are for the administrator’s reference when a network modification is needed. DHCP Server: This is the current DHCP IP. Dynamic IP Used:...
  • Page 67 Enterprise Multi-WAN VPN QoS Router IP Address: The IP address acquired by the current computer. MAC Address: The actual MAC network location of the current computer. Client Lease Time: The lease time of the IP released by DHCP. Delete: Remove a record of an IP lease.

  • Page 68: Ip & Mac Binding

    Enterprise Multi-WAN VPN QoS Router 7.5 IP & MAC Binding Administrators can apply IP & MAC Binding function to make sure that users can not add extra PCs for Internet access or change private IP addresses. There are two methods for setting up this function:...
  • Page 69 Enterprise Multi-WAN VPN QoS Router Block MAC address not on the list This method only allows MAC addresses on the list to receive IP addresses from DHCP and have Internet access. When this method is applied, please fill out Static IP with 0.0.0.0, as the figure below:...
  • Page 70 Enterprise Multi-WAN VPN QoS Router Static IP: There are two ways to input static IP: 1. If users want to set up a MAC address to acquire IP from DHCP, but the IP need not be a specific assigned IP, input 0.0.0.0 in the boxes. The boxes cannot be left empty.
  • Page 71 Enterprise Multi-WAN VPN QoS Router Name: For distinguishing clients, input the name or address of the client that is to be bound. The maximum acceptable characters are 12. Enabled: Activate this configuration. Add to list: Add the configuration or modification to the list. Delete selected item:...

  • Page 72: Ip Grouping

    Enterprise Multi-WAN VPN QoS Router 7.6 IP Grouping The function enables users to make the same configuration for a range of continuous IP addresses in the network. For example, if an IP range (192.168.1.100~192.168.1.110) has been assigned to a department of a company, we can bind all the IP addresses together and make an accessing rule configuration for them all at the same time, instead of configuring each IP respectively, which takes more time and is more prone to error.

  • Page 73: Qos (Quality Of Service)

    Enterprise Multi-WAN VPN QoS Router VIII. QoS (Quality of Service) QoS is an abbreviation for Quality of Service. The main function is to restrict bandwidth usage for some services and IP addresses to save bandwidth or provide priority to specific applications or services, and also to enable other users to share bandwidth, as well as to ensure stable and reliable network transmission.

  • Page 74: Bandwidth Management

    Enterprise Multi-WAN VPN QoS Router 8.1 Bandwidth Management 8.1.1 The Maximum Bandwidth provided by ISP In the boxes for WAN1 and WAN2 bandwidth, input the upstream and downstream bandwidth which users applied for from bandwidth supplier. The bandwidth QoS will make calculations according to the data users input.

  • Page 75: Qos

    Enterprise Multi-WAN VPN QoS Router rate of upstream and downstream for each IP and Service Port based on the total actual bandwidth of WAN1 and WAN2. For example, if the upstream bandwidths of both WAN1 and WAN2 are 512Kbit/Sec, the total upstream bandwidth will be: WAN1 + WAN2 = 1024Kbit/Sec.
  • Page 76 Enterprise Multi-WAN VPN QoS Router Interface: Select on which WAN the QoS rule should be executed. It can be a single selection or multiple selections. Service Port: Select what bandwidth control is to be configured in the QoS rule. If the bandwidth for all services of each IP is to be controlled, select “All (TCP&UDP) 1~65535”.
  • Page 77 Enterprise Multi-WAN VPN QoS Router IP Address: This is to select which user is to be controlled. If only a single IP is to be restricted, input this IP address, such as “192.168.1.100 to 100”. The rule will control only the IP 192.168.1.100. If an IP range is to be controlled, input the range, such as “192.168.1.100 ~ 150”.
  • Page 78 Enterprise Multi-WAN VPN QoS Router Bandwidth Sharing total bandwidth with all IP addresses: If this option is Assign Type: selected, all IP addresses or Service Ports will share the bandwidth range (from minimum to maximum bandwidth). Assign bandwidth for each IP address: If this option is selected, every IP or Service Port in this range can have this bandwidth (minimum to maximum).
  • Page 79 Enterprise Multi-WAN VPN QoS Router Priority Control: The Router will distribute the bandwidth as 60% (the highest) and 10% (the lowest). If you set the service port 80 as “High” priority, the router will give 60% bandwidth to the port 80.
  • Page 80 Enterprise Multi-WAN VPN QoS Router Direction: Upstream: Means the upload bandwidth for Intranet IP. Downstream: Means the download bandwidth for Intranet IP. Server in LAN, Upstream: If a Server for external connection has been built in the device, this option is to control the bandwidth for the traffic coming from outside to this Server.

  • Page 81: Session Control

    Enterprise Multi-WAN VPN QoS Router 8.2 Session control Session management controls the acceptable maximum simultaneous sessions of Intranet PCs. This function is very useful for managing connection quantity when P2P software such as BT, Thunder, or emule is used in the Intranet causing large numbers of sessions.
  • Page 82 Enterprise Multi-WAN VPN QoS Router When single IP exceed __: If this function is selected, when the user’s port session reach the limit, this user will not be able to make a new session for five minutes. Even if the previous session has been closed, new sessions cannot be made until the setting time ends.
  • Page 83 Enterprise Multi-WAN VPN QoS Router Service Port: Choose the service port. IP Address: Input the IP address range or IP group. Enabled: Activate the rule. Add to list: Add this rule to the list. Delete seleted Remove the rules selected from the Service List. item:...

  • Page 84: Smart Qos

    Enterprise Multi-WAN VPN QoS Router 8.3 Smart QoS The smart QoS function enables the administrators to constrain the bandwidth occupied automatically without any configuring. Enabled Smart Qos To activate the Smart QoS function. When the usage of any WAN's When the usage of any WAN's bandwith is over bandwith is over than __ %, Enable than __ %, Smart QoS will be enabled.
  • Page 85 Enterprise Multi-WAN VPN QoS Router Enabled Penalty Mechanism To activate the penalty mechanism. To show the IPs with upstream constraint、 Show Penalty List downstream constraint and in the penalty mechanism. Applied Time If “Always” is selected, the rule will be executed around the clock.

  • Page 86: Firewall

    Enterprise Multi-WAN VPN QoS Router IX. Firewall This chapter introduces firewall general policy, access rule, and content filter settings to ensure network security. 9.1 General Policy The firewall is enabled by default. If the firewall is set as disabled, features such as SPI, DoS, and outbound packet responses will be turned off automatically.
  • Page 87 Enterprise Multi-WAN VPN QoS Router SPI (Stateful Packet This enables the packet automatic authentication detection Inspection): technology. The Firewall operates mainly at the network layer. By executing the dynamic authentication for each connection, it will also perform an alarming function for application procedure. Meanwhile, the packet authentication firewall may decline the connections which use non-standard communication protocol.
  • Page 88 Enterprise Multi-WAN VPN QoS Router Advanced Setting Packet Type: This device provides three types of data packet transmission: TCP-SYN-Flood, UDP-Flood and ICMP-Flood. WAN Threshold: When all packet values from external attack or from single external IP attack reach the maximum amount (the default is 15000 packets/Sec and 2000 packets/Sec respectively), if these conditions above occurs, the IP will be blocked for 5 minutes ( the default is 5 minutes OBJ 176 ).
  • Page 89 Enterprise Multi-WAN VPN QoS Router Show Blocked IP: Show the blocked IP list and the remained blocked time. Restricted WEB It supports the block that is connected through: Java, Cookies, Features: Active X, and HTTP Proxy access. Don’t Block Java / If this option is activated, users can add trusted network or IP ActiveX / Cookies address into the trust domain, and it will not block items such as...

  • Page 90: Restrict Application

    Enterprise Multi-WAN VPN QoS Router 9.2 Restrict Application Users can check MSN/ Skype/ QQ/ BT and the device will block the service users checked. However, to provide this service for certain IP address in the intranet, users may check the following item and then enter the specific IP address or IP address session to use the services which are checked above.
  • Page 91 Enterprise Multi-WAN VPN QoS Router Input the information of the QQ number, etc. User Name: Input the number. Exempted QQ Number: Add the number to the list. Add to list: Delete the selected rule in the list. Delete selected item:...

  • Page 92: Access Rule

    Enterprise Multi-WAN VPN QoS Router 9.3 Access Rule Users may turn on/off the setting to permit or forbid any packet to access internet. Users may select to set different network access rules: from internal to external or from external to internal.
  • Page 93 Enterprise Multi-WAN VPN QoS Router In addition to the default rules, all the network access rules will be displayed as illustrated above. Users may follow or self- define the priority of each network access rule. The device will follow the rule priorities one by one, so please make sure the priority for all the rules can suit the setting rules.
  • Page 94 Enterprise Multi-WAN VPN QoS Router 9.3.2 Add New Access Rule Action: Allow: Permits the pass of packets compliant with this control rule Deny: Prevents the pass of packets not compliant with this control rule Service Port: From the drop-down menu, select the service that users grant or do not give permission.
  • Page 95 Enterprise Multi-WAN VPN QoS Router menu. Source IP: Select the source IP range (for example: Any, Single, Range, or preset IP group name). If Single or Range is selected, please enter a single IP address or an IP address within a session. Dest.

  • Page 96: Content Filter

    Enterprise Multi-WAN VPN QoS Router 9.4 Content Filter The device supports two webpage restriction modes: one is to block certain forbidden domains, and the other is to give access to certain web pages. Only one of these two modes can be selected.
  • Page 97 Enterprise Multi-WAN VPN QoS Router Domain Name: Enter the websites to be controlled such as www.playboy.com Add to list: Click ”Add to list” to create a new website to be controlled. Delete selected item: Click to select one or more controlled websites and click this option to delete.
  • Page 98 Enterprise Multi-WAN VPN QoS Router Accept Allowed Domains In some companies or schools, employees and students are only allowed to access some specific websites. This is the purpose of the function. Activate the function. The default setting is “Disabled.” Enabled: Input the allowed domain name, etc.
  • Page 99 Enterprise Multi-WAN VPN QoS Router Always: Select “Always” to apply the rule on a round-the-clock basis. Select “from”, and the operation will run according to the defined time. …to…: Select "Always" to apply the rule on a round-the-clock basis. If “From” is selected, the activation time is introduced as below Day Control:...

  • Page 100: Vpn (Virtual Private Network)

    Enterprise Multi-WAN VPN QoS Router X. VPN (Virtual Private Network) 10.1. VPN 10.1.1. Display All VPN Summary This VPN Summary displays the real-time data with regard to VPN status. These data include: all tunnel numbers (PPTP, IPSec + QnoKey and IPSec VPN), setting parameters and Group VPN and so forth.
  • Page 101 Enterprise Multi-WAN VPN QoS Router Advanced Setting: Through Advanced setting, users may adjust the tunnel number of IPSec and QnoKey. This shows how many VPN tunnels are in use or available. Detail: Push this button to display the following information with regard to all current VPN configurations to facilitate VPN connection management.
  • Page 102 Enterprise Multi-WAN VPN QoS Router VPN Tunnel Status: The following describes VPN Tunnel Status, the current status of VPN tunnel in detail: Click Previous page or Next page to view the desired VPN Previous Page/Next tunnel page. Or users can select the page number directly to Page, Jump to __/__ view all VPN tunnel statuses, such as 3, 5, 10, 20 or All.
  • Page 103 Enterprise Multi-WAN VPN QoS Router Displays the current VPN tunnel connection name, such as XXX Account ID: Office. Users are well-advised to give them different names to avoid confusion should users have more than one tunnel settings. Note: If this tunnel is to be connected to other VPN device (not this device), some device requires that the tunnel name is identical to the name of the host end to facilitate verification.
  • Page 104 Enterprise Multi-WAN VPN QoS Router Displays the tunnel name of the Group VPN that is connected. Group Name: Displays the VPN Groups tunnel numbers. Connected Tunnels: Displays settings such as encryption (DES/3DES), authentication Phase2 (MD5/SHA1) and Group (1/2/5). Encrypt/Auth/DH: If users select Manual setting for IPSec, Phase 2 DH group will not be displayed.

  • Page 105: Add A New Vpn Tunnel

    Enterprise Multi-WAN VPN QoS Router 10.1.2. Add a New VPN Tunnel The device supports Gateway to Gateway tunnel or Client to Gateway tunnel. The VPN tunnel connections are done by 2 VPN devices via the Internet. When a new tunnel is added, the setting page for Gateway to Gateway or Client to Gateway will be displayed.
  • Page 106 Enterprise Multi-WAN VPN QoS Router 10.1.2.1. Gateway to Gateway Setting The following instructions will guide users to set a VPN tunnel between two devices. Tunnel No.: Set the embedded VPN feature, please select the Tunnel number. Displays the current VPN tunnel connection name, such as XXX Office. Tunnel Name:...
  • Page 107 Enterprise Multi-WAN VPN QoS Router This local gateway authentication type comes with five Local Security operation modes, which are: GatewayType: IP only IP + Domain Name (FQDN) Authentication IP + E-mail Addr. (USER FQDN) Authentication Dynamic IP + Domain Name (FQDN) Authentication Dynamic IP + E-mail Addr.
  • Page 108 Enterprise Multi-WAN VPN QoS Router need to do further settings. Dynamic Domain Name(FQDN) Authentication: If users use dynamic IP address to connect to the device, users may select this option to link to VPN. If the remote VPN gateway requires connection device connection, this device will start authentication and respond...
  • Page 109 Enterprise Multi-WAN VPN QoS Router build the VPN tunnel. Reference: When this VPN tunnel is connected, computers with the IP address of 192.168.1.0 can establish connection. 2. Subnet This option allows local computers in this subnet can be connected to the VPN tunnel. Reference: When this VPN tunnel is connected, only computers with the session of 192.168.1.0 and with subnet mask as 255.255.255.0 can connect with remote VPN.
  • Page 110 Enterprise Multi-WAN VPN QoS Router This remote gateway authentication type (Remote Security Gateway Type) must be identical to the remotely-connected local security gateway authentication type (Local Security Gateway Type). This remote gateway authentication type comes with five Remote Security operation modes, which are: Gateway Type:...
  • Page 111 Enterprise Multi-WAN VPN QoS Router (2) IP + Domain Name(FQDN) Authentication: If users select IP + domain name, please enter IP address and the domain name to be verified. FQDN refers to the combination of host name and domain name. Users may enter any name that corresponds to the domain name of FQDN.
  • Page 112 Enterprise Multi-WAN VPN QoS Router If users select IP address and E-mail type, entering the IP address and the E-mail allows users to gain access to this tunnel. If the remote IP address is unknown, choose IP by DNS Resolved, allowing DNS to translated the IP address. This domain name must be available on the Internet.
  • Page 113 Enterprise Multi-WAN VPN QoS Router Dynamic E-mail Addr. (USER FQDN) Authentication. If users use dynamic IP address to connect with the device, users may select this type to link to VPN. When the remote gateway requires connection facilitate connection, the device will start authentication and respond to the VPN tunnel connection;...
  • Page 114 Enterprise Multi-WAN VPN QoS Router This option allows users to set the remote VPN connection Remote Security Group access type. The following offers a few items for remote Type: settings. Please select and set appropriate parameters: (1) IP address This option allows the only IP address which is entered to build the VPN tunnel.
  • Page 115 Enterprise Multi-WAN VPN QoS Router tunnels must be identical in order to create connection. And the transmission data must be encrypted with IPSec key, which is known as the encryption "key". The device provides the following two encrypted Key Managements. They are Manual and IKE automatic encryption mode- IKE with Preshared Key (automatic).
  • Page 116 Enterprise Multi-WAN VPN QoS Router Use IKE Protocol: Click the shared key generated by IKE to encrypt and authenticate the remote user. If PFS (Perfect Forward Secrecy) is enabled, the Phase 2 shared key generated during the IKE coordination will conduct further encryption and authentication. When PFS is enabled, hackers using brute force to capture the key will not be able to get the Phase 2 key in such a short period of time.
  • Page 117 Enterprise Multi-WAN VPN QoS Router identical to that of the remote authentication mode: “MD5” or “SHA1”. Phase 1 SA Life Time: The life time for this exchange code is set to 28800 seconds (or 8hours) by default. This allows the automatic generation of other exchange password within the valid time of the VPN connection so as to guarantee security.
  • Page 118 Enterprise Multi-WAN VPN QoS Router users must set it the same with the Outgoing SPI string of the remote VPN device. And the Outgoing SPI string must be the same with the incoming SPI string of the remote VPN device. Advanced Setting- for IKE Protocol Only The advanced settings include Main Mode and Aggressive mode.
  • Page 119 Enterprise Multi-WAN VPN QoS Router Dead Peer Detection (DPD): If this option is selected, the connected VPN tunnel will regularly transmit HELLO/ACK message packet to detect whether there is connection between the two ends of the VPN tunnel. If one end is disconnected, the device will disconnect the tunnel automatically and then create new connection.
  • Page 120 Enterprise Multi-WAN VPN QoS Router 10.1.2.2. Client to Gateway Setting The following describes how an administrator builds a VPN tunnel between devices. Users can set this VPN tunnel to be used by one client or by a group of clients (Group VPN) at the client end.
  • Page 121 Enterprise Multi-WAN VPN QoS Router Local Group Setup This local gateway authentication type (Local Security Gateway Type) must be identical with that of the remote type (Remote Security Gateway Type). This local gateway authentication type comes with five Local Security Gateway operation modes, which are: Type:...
  • Page 122 Enterprise Multi-WAN VPN QoS Router (3) IP + E-mail Addr. (USER FQDN) Authentication. If users select IP address and E-mail, enter the IP address and E-mail address to gain access to this tunnel and the WAN IP address will be automatically filled into this space. Users don't need to do further settings.
  • Page 123 Enterprise Multi-WAN VPN QoS Router This option allows users to set the local VPN connection Local Security Group access type. The following offers a few items for local Type: settings. Please select and set appropriate parameters: 4. IP address This option allows the only IP address which is entered to build the VPN tunnel.
  • Page 124 Enterprise Multi-WAN VPN QoS Router Remote Group Setup: This remote gateway authentication type (Remote Security Gateway Type) must be identical to the remotely-connected local security gateway authentication type (Local Security Gateway Type). This local gateway authentication type comes with five Remote Security operation modes, which are: Gateway Type:...
  • Page 125 Enterprise Multi-WAN VPN QoS Router If users select IP + domain name type, please enter the domain name and IP address. The WAN IP address will be automatically filled into this space. Users don't need to do further settings. FQDN refers to the combination of host name and domain name and can be retrieved from the Internet, i.e.
  • Page 126 Enterprise Multi-WAN VPN QoS Router users may select this option to connect to VPN without entering IP address. When VPN Gateway requires for VPN connection, the device will start authentication and respond to VPN tunnel connection; if users select this option to link to VPN, enter E-Mail address to the empty field for E-Mail authentication.
  • Page 127 Enterprise Multi-WAN VPN QoS Router When users set this VPN tunnel to use any encryption and authentication mode, users must set the parameter of this exchange password with that of the remote. Setting methods include Auto (IKE) or Manual. To do the settings, select any one from the two options. IKE Protocol:...
  • Page 128 Enterprise Multi-WAN VPN QoS Router Phase 1/Phase 2 Authentication: This authentication option allows users to set this VPN tunnel to use any authentication mode. Note that this parameter must be identical to that of the remote authentication mode: “MD5” or “SHA1”. Phase 1 SA Life Time: The life time for this exchange code is set to 28800 seconds (or 8hours) by default.
  • Page 129 Enterprise Multi-WAN VPN QoS Router Moreover, the exchange strings for “Incoming SPI” and “Outgoing SPI” must be ● identical to those of the connected VPN device. For the Incoming SPI parameters, users must set it the same with the Outgoing SPI string of the remote VPN device. And the Outgoing SPI string must be the same with the incoming SPI string of the remote VPN device.
  • Page 130 Enterprise Multi-WAN VPN QoS Router passage of NetBIOS broadcast packet. This facilitates the easy connection with other Microsoft network; however, the traffic using this VPN tunnel will increase. Dead Peer Detection (DPD): If this option is selected, the connected VPN tunnel will ●...
  • Page 131 Enterprise Multi-WAN VPN QoS Router Local Group Setup: This option allows users to set the local VPN connection Local Security access type. The following offers a few items for local Group Type: settings. Please select and set appropriate parameters: (1) IP address This option allows the only IP address which is entered to build the VPN tunnel.
  • Page 132 Enterprise Multi-WAN VPN QoS Router Remote Group Setup This setting offers three operation modes, which are: Remote Security client Type: Domain Name (FQDN) E-mail Address (USER FQDN) Microsoft XP/2000 VPN Client (1) Domain Name(FQDN) If users select Domain Name type, please enter the domain name to be authenticated.
  • Page 133 Enterprise Multi-WAN VPN QoS Router IPSec Setup If there is any encryption mechanism, the encryption mechanism of these two VPN channel settings must be identical in order to establish connection. And the transmission data must be encrypted with IPSec key, which is also known as the encryption "key". The device provides the following two types of encryption management modes: Manual and IKE automatic encryption mode- IKE with Preshared Key (automatic).
  • Page 134 Enterprise Multi-WAN VPN QoS Router groups: Group 1/ Group 2/ Group 5. Phase1/Phase2 Encryption: This option allows users to set this VPN channel to use any encryption mode. Note that this parameter must be identical to that of the remote encryption parameter: DES (64 - bit encryption mode), 3DES (128-bit encryption mode), AES (the standard of using security code to encrypt information).

  • Page 135: Pptp Setting

    Enterprise Multi-WAN VPN QoS Router The advanced settings include Main Mode and Aggressive mode. In Main mode, the default setting is VPN operation mode. The connection is the same as most of the VPN device. Aggressive Mode: This mode is mostly adopted by remote devices. The IP connection ●...
  • Page 136 Enterprise Multi-WAN VPN QoS Router Enabled PPTP Server: When this option is selected, the point-to-point tunnel protocol PPTP server can be enabled.
  • Page 137 Enterprise Multi-WAN VPN QoS Router PPTP Client IP Range: Please enter PPTP IP address range so as to provide the remote users with an entrance IP into the local network. Enter Range Start: Enter the value into the last field. Enter Range End: Enter the value into the last field.

  • Page 138: Vpn Pass Through

    Enterprise Multi-WAN VPN QoS Router 10.1.4. VPN Pass Through If this option is enabled, the PC is allowed to use VPN- IPSec Pass Through: IPSec packet to pass in order to connect to external VPN device. Fixed Source Port This option is only required when having VPN connection with Cisco VPN Server and Client.

  • Page 139: Qnokey

    Enterprise Multi-WAN VPN QoS Router 10.2. QnoKey Introduces how Qno VPN devices conducts preliminary configuration of the data from the user end and how to set the QnoKey user to successfully create QnoKey by using QnoKey management software. 10.2.1. QnoKey Summary Login to the web-based UI and click on the QnoKey menu to display the page that summarizes the current status information of QnoKey, as illustrated below:...

  • Page 140: Qnokey Group Setup

    Enterprise Multi-WAN VPN QoS Router If the number of days of using QnoKey is set, the remaining Available Time: time is displayed here. The upper limited number of QnoKey users. Account Number Limitation: The number of QnoKey in use. Used Number: Displays the number of connected devices that are using Online Number:...
  • Page 141 Enterprise Multi-WAN VPN QoS Router This page is designed for QnoKey group setup. Group parameters for QnoKey include WAN ports, valid time, and number of users, and protection actions for potential QnoKey losses. These setting options facilitate classified management for QnoKey users and enhance security.
  • Page 142 Enterprise Multi-WAN VPN QoS Router for normal and frequent use, the option "Forever" may be selected so the user end valid time is infinite. If the user is more complicated or if it is meant for mobile users who travel on business, the VPN security can be guaranteed by setting the valid time of QnoKey as "1~99"...

  • Page 143: Qnokey Account List

    Enterprise Multi-WAN VPN QoS Router On the QnoKey Summary page, the defined group will be displayed, which is illustrated as below. When a new rule is created, "Show List" and "Edit" button will be displayed behind the rule. Click on "Show List" to show the list of users applying this group rule. Click "Edit" to change settings.
  • Page 144 Enterprise Multi-WAN VPN QoS Router the user is connected and online; “Disconnect" means no connection and offline. Stolen Key Login Select this option to create settings if the QnoKey is lost. Action: If there is hardware binding, QnoKey can only execute on Bind MAC:...

  • Page 145: Qvm Vpn Function Setup

    Enterprise Multi-WAN VPN QoS Router 10.3. QVM VPN Function Setup The QVM-series device provides three major convenient functions: 1. Smart Link IPSec VPN: Easy VPN setup replaces the conventional complicated VPN setup process by entering Server IP, User Name, and Password. 2.

  • Page 146: Qvm Server Settings

    Enterprise Multi-WAN VPN QoS Router 10.3.1. QVM Server Settings Select QVM Feature as Server mode:...

  • Page 147: Qvm Status

    Enterprise Multi-WAN VPN QoS Router Account ID: Must be identical to that of the remote client end. Please enter the remote client user name in either English or Chinese. Password: Must be identical to that of the remote client end. Confirm Password:...
  • Page 148 Enterprise Multi-WAN VPN QoS Router Account: Displays the remote client user. Green means connection, blue waiting for connection and red for QVM disconnection. Status: Displays the QVM VPN connection status. Red means disconnection and green means connection. Interface: Shows which WAN port is applied to connect to this remote QVM. Start Time:...

  • Page 149: Qvm Client Settings

    Enterprise Multi-WAN VPN QoS Router 10.3.3. QVM Client Settings Select QVM feature as Client mode: Account ID: Must be identical to that of the server account ID. Password: Must be identical to that of the server password. Confirm Password: Please enter the password and confirm again. QVM VPN (...
  • Page 150 Enterprise Multi-WAN VPN QoS Router Mins: QVM Backup Tunnel: You can input at most 3 backup IP addresses or domain names for backup. Once the connection is dropped, the function will be automatically enabled to backup the VPN connection and ensure data transition security. Advanced Function:...

  • Page 151: Virtue Route

    Enterprise Multi-WAN VPN QoS Router XI. Virtue Route Virtual Router enable the branch only has single ISP service can enjoy two different broadband network. The branch can access another ISP network with connecting to headquarter server with dual-bradband connection. As the result, the linking problem between different ISP network will be sloved.
  • Page 152 Enterprise Multi-WAN VPN QoS Router Café A can enable virtual route function and link to Café B’s device. They can access another ISP service through Café B’s network. It seems that Café A employ dual ISP service, too. If users in Café A want to access to another ISP network, the link speed won’t be restricted.

  • Page 153: Virtue Route Server (Pptp Server)

    Enterprise Multi-WAN VPN QoS Router 11.1 Virtue Route Server (PPTP Server) The Chapter intrduces how to configure a Virtue Route server. Virtue Route builds PPTP on the basis of PPP (Point-to-point Protocol), it strengthens the security of PPP. Virtue Route enables encryption transmission between PPTP server and client, and enables PPTP server to verify the remote clients.
  • Page 154 Enterprise Multi-WAN VPN QoS Router Enabled PPTP Server: When this option is selected, the point-to-point tunnel protocol PPTP server can be enabled. PPTP Client IP Range: Please enter PPTP IP address range so as to provide the remote users with an entrance IP into the local network. Enter Range Start: Enter the value into the last field.
  • Page 155 Enterprise Multi-WAN VPN QoS Router Add a new account and password. Add to list: Delete Selected Item. Delete selected item: All PPTP Status:Displays all successfully connected users, including username, remote IP address, and PPTP address.

  • Page 156: Virtue Route Client

    Enterprise Multi-WAN VPN QoS Router 11.2 Virtue Route Client Enabled To activate the function. Binding Interface To select which WAN port is binded: WAN1~WAN4 Binding Network To select the binding network: Netcome or Self-Defined. Import IP Range Click “Browse” to import binding IP range. Binding Service Port To select the port that will execute virtual route: All port, Game, or Self-defined.
  • Page 157 Enterprise Multi-WAN VPN QoS Router Input the IP of virtual route server. Remote Host IP Address Input the user name. User Name Input the password. Password Show the link status: Connect or Disconnect. Status Self-Defined IP To build a self-defined IP users can use a text-based editor, such as Notepad, which is included with Windows system.
  • Page 158 Enterprise Multi-WAN VPN QoS Router...

  • Page 159: Advanced Function

    Enterprise Multi-WAN VPN QoS Router XII. Advanced Function 12.1 DMZ Host/ Port Range Forwarding 12.1.1 DMZ Host When the NAT mode is activated, sometimes users may need to use applications that do not support virtual IP addresses such as network games. We recommend that users map the device actual WAN IP addresses directly to the Intranet virtual IP addresses, as follows: If the “DMZ Host”...

  • Page 160: Port Range Forwarding

    Enterprise Multi-WAN VPN QoS Router 12.1.2 Port Range Forwarding Setting up a Port Forwarding Virtual Host: If the server function (which means the server for an external service such as WWW, FTP, Mail, etc) is contained in the network, we recommend that users use the firewall function to set up the host as a virtual host, and then convert the actual IP addresses (the Internet IP addresses) with Port 80 (the service port of WWW is Port 80) to access the internal server directly.
  • Page 161 Enterprise Multi-WAN VPN QoS Router IP Address: Input the virtual host IP address. Enabled: Activate this function. Service Port Add or remove service ports from the list of service ports. Management: Add to list: Add to the active service content. Service Port Management The services in the list mentioned above are frequently used services.

  • Page 162: Port Triggering

    Enterprise Multi-WAN VPN QoS Router Protocol: To select whether a service port is TCP or UDP. Port Range: To activate this function, input the range of the service port locations users want to activate such as 500~500 or 2300~2310, etc. Add to list:...
  • Page 163 Enterprise Multi-WAN VPN QoS Router Application Name: Users can define names for special application software. This is to make management simple. Trigger Port Range: Input the port numbers for data going from the device to the Internet. (Such as 9000~6600). Incoming Port Range:...

  • Page 164: Upnp

    Enterprise Multi-WAN VPN QoS Router 12.2 UPnP UPnP (Universal Plug and Play) is a protocol set by Microsoft. If the virtual host supports UPnP system (such as Windows XP), users could also activate the PC UPnP function to work with the device.
  • Page 165 Enterprise Multi-WAN VPN QoS Router Delete Selected Item: Remove selected services. Show Table: This is a list which displays the current active UPnP functions. Apply: Click “Apply” to save the network configuration modification. Cancel: Click “Cancel" to leave without making any change.

  • Page 166: Routing

    Enterprise Multi-WAN VPN QoS Router 12.3 Routing In this chapter we introduce the Dynamic Routing Information Protocol and Static Routing Information Protocol. 12.3.1 Dynamic Routing The abbreviation of Routing Information Protocol is RIP. There are two kinds of RIP in the IP environment –...

  • Page 167: Static Routing

    Enterprise Multi-WAN VPN QoS Router refresh the paths. RIP is a very simple routing protocol, in which Distance Vector is used. Distance Vector determines transmission distance in accordance with the number of routers, rather than based on actual session speed. Therefore, sometimes it will select a path through the least number of routers, rather than through the fastest routers.
  • Page 168 Enterprise Multi-WAN VPN QoS Router Dest. IP: Input the remote network IP locations and subnet that is to Subnet Mask: be routed. For example, the IP/subnet is 192.168.2.0/255.255.255.0. Gateway: The default gateway location of the network node which is to be routed.

  • Page 169: One To One Nat

    Enterprise Multi-WAN VPN QoS Router 12.4 One to One NAT As both the device and ATU-R need only one actual IP, if ISP issued more than one actual IP (such as eight ADSL static IP addresses or more), users can map the remaining real IP addresses to the intranet PC virtual IP addresses.
  • Page 170 Enterprise Multi-WAN VPN QoS Router Enabled One to One To activate or close the One-to-One NAT function. (Check to NAT: activate the function). Private IP Range Begin: Input the Private IP address for the Intranet One-to-One NAT function. Public IP Range Begin: Input the Public IP address for the Internet One-to-One NAT function.

  • Page 171: Ddns- Dynamic Domain Name Service

    To overcome this problem for users who want to build services such as a website, it offers the function of dynamic web address transfer. This service can be applied from www.qno.cn/ddns, www.3322.org, www.dyndns.org, or www.dtdns.com, and these are free.
  • Page 172 Enterprise Multi-WAN VPN QoS Router Interface This is an indication of the WAN port the user has selected. DDNS Check either of the boxes before DynDNS.org, 3322.org, DtDNS.com and QnoDDNS.org.cn to select one of the four DDNS website address transfer functions. Username The name which is set up for DDNS.
  • Page 173 Enterprise Multi-WAN VPN QoS Router Register for QnoDDNS 1. Please go to Qno website and register the product at http://www.qno.com.tw. 2. Input the e-mail address which users used to register this product and the serial number of the product to log in to the QnoDDNS Service System. Be sure to input an available e-mail address so that the password sent from the system to activate QnoDDNS service can be received after the domain name registration.
  • Page 174 Enterprise Multi-WAN VPN QoS Router 3. Rules for Applying a Domain Name: ●The Domain should have at least 4 letters and no more than 63 letters. ●The Domain name should only consist of a-z (lowercase letter) and 0-9 (numerals) and the first character should be an English letter.
  • Page 175 Enterprise Multi-WAN VPN QoS Router...

  • Page 176: Mac Clone

    Enterprise Multi-WAN VPN QoS Router 12.6 MAC Clone Some ISP will request for a fixed MAC address (network card physical address) for distributing IP address, which is mostly suitable for cable mode users. Users can input the network card physical address (MAC address: 00-xx-xx-xx-xx-xx) here. The device will adopt this MAC address when requesting IP address from ISP.

  • Page 177: System Tool

    Enterprise Multi-WAN VPN QoS Router XIII. System Tool This chapter introduces the management tool for controlling the device and testing network connection. For security consideration, we strongly suggest to change the password. Password and Time setting is in Chapter 5.2. 13.1 Diagnostic The device provides a simple online network diagnostic tool to help users troubleshoot network-related problems.
  • Page 178 Enterprise Multi-WAN VPN QoS Router Ping This item informs users of the status quo of the outbound session and allows the user to know the existence of computers online. On this test screen, please enter the host IP that users want to test such as 192.168.5.20.

  • Page 179: Firmware Upgrade

    Enterprise Multi-WAN VPN QoS Router 13.2 Firmware Upgrade Users may directly upgrade the device firmware on the Firmware Upgrade page. Please confirm all information about the software version in advance. Select and browse the software file, click "Firmware Upgrade Right Now" to complete the upgrade of the designated file.

  • Page 180: Setting Backup

    Enterprise Multi-WAN VPN QoS Router 13.3 Setting Backup Import Configuration File: This feature allows users to integrate all backup content of parameter settings into the device. Before upgrade, confirm all information about the software version. Select and browse the backup parameter file: "config.exp." Select the file and click "Import" to import the file. Export Configuration File:...

  • Page 181: Snmp

    Enterprise Multi-WAN VPN QoS Router 13.4 SNMP Simple Network Management Protocol (SNMP) refers to network management communications protocol and it is also an important network management item. Through this SNMP communications protocol, programs with network management (i.e. SNMP Tools-HP Open View) can help communications of real-time management. The device supports standard SNMP v1/v2c and is consistent with SNMP network management software so as to get hold on to the operation of the online devices and the real-time network information.
  • Page 182 Enterprise Multi-WAN VPN QoS Router Enabled: Activate SNMP feature. The default is activated. Set the name of the device such as 4WANRouter. System Name: Set the name of the person who manages the device (i.e. John). System Contact: Define the location of the device (i.e. Taipei). System Location:...

  • Page 183: System Recover

    Enterprise Multi-WAN VPN QoS Router 13.5 System Recover Users can restart the device with System Recover button. Restart As the figure below, if clicking “Restart Router” button, the dialog block will pop out, confirming if users would like to restart the device.
  • Page 184 Enterprise Multi-WAN VPN QoS Router Return to Factory Default Setting If clicking “Return to Factory Default Setting, the dialog block will pop out, if the device will return to factory default.

  • Page 185: Log

    Enterprise Multi-WAN VPN QoS Router XIV. Log From the log management and look up, we can see the relevant operation status, which is convenient for us to facilitate the setup and operation. 14.1 System Log Its system log offers three options: system log, E-mail alert, and log setting.
  • Page 186 Enterprise Multi-WAN VPN QoS Router System Log Enabled: If this option is selected, the System Log feature will be enabled.
  • Page 187 Enterprise Multi-WAN VPN QoS Router Host Name: The device provides external system log servers with log collection feature. System log is an industrial standard communications protocol. It is designed to dynamically capture related system message from the network. The system log provides the source and the destination IP addresses during the connection, service number, and type.
  • Page 188 Enterprise Multi-WAN VPN QoS Router Log Time Threshold: Set the interval of sending the log, and the default is set to 10 minutes. Reaching this defined number, it will automatically send out the Mail log. The device will detect which parameter (either entries or intervals) reaches the threshold first and send the log message of that parameter to the user.
  • Page 189 Enterprise Multi-WAN VPN QoS Router Ping of Death: The system fails because the sent data exceeds the maximum packet that can be handled by the IP protocol. Unauthorized If intruders into the device are identified, the message will be sent Login:...
  • Page 190 Enterprise Multi-WAN VPN QoS Router Outgoing Packet Log: View system packet log which is sent out from the internal PC to the Internet. This log includes LAN IP, destination IP, and service port that is applied. It is illustrated as below. Incoming Packet Log:...
  • Page 191 Enterprise Multi-WAN VPN QoS Router Clear Log Now: This feature clears all the current information on the log.

  • Page 192: System Statistic

    Enterprise Multi-WAN VPN QoS Router 14.2 System Statistic The device has the real-time surveillance management feature that provides system current operation information such as port location, device name, current WAN link status, IP address, MAC address, subnet mask, default gateway, DNS, number of received/ sent/ total packets , number of received/ sent/ total Bytes, Received and Sent Bytes/Sec., total number of error packets received, total number of the packets dropped, number of session, number of the new Session/Sec., and upstream as well as downstream broadband usage...
  • Page 193 Enterprise Multi-WAN VPN QoS Router...

  • Page 194: Traffic Statistic

    Enterprise Multi-WAN VPN QoS Router 14.3 Traffic Statistic Six messages will be displayed on the Traffic Statistic page to provide better traffic management and control. By Inbound IP Address: The figure displays the source IP address, bytes per second, and percentage.
  • Page 195 Enterprise Multi-WAN VPN QoS Router By outbound IP Address: The figure displays the source IP address, bytes per second, and percentage. By Outbound Port: The figure displays the network protocol type, destination IP address, bytes per second, and percentage. By Inbound Port: The figure displays the network protocol type, destination IP address, bytes per second, and percentage.

  • Page 196: Ip/ Port Statistic

    Enterprise Multi-WAN VPN QoS Router By Outbound Session: The figure displays the source IP address, network protocol type, source port, destination IP address, destination port, bytes per second and percentage. By Inbound Session: The figure displays the source IP address, network protocol type, source port, destination IP address, destination port, bytes per second and percentage.
  • Page 197 Enterprise Multi-WAN VPN QoS Router Specific IP Status: Enter the IP address that users want to inquire, and then the entire destination IP connected to remote devices as well as the number of ports will be displayed.
  • Page 198 Enterprise Multi-WAN VPN QoS Router Specific Port Status: Enter the service port number in the field and IP that are currently used by this port will be displayed.

  • Page 199: Log Out

    Enterprise Multi-WAN VPN QoS Router XV. Log out On the top right corner of the web- based UI, there is a Logout button. Click on it to log out of the web- based UI. To enter next time, open the Web browser and enter the IP address, user name and password to log in.

  • Page 200: Appendix I: User Interface And User Manual Chapter Cross Reference

    Enterprise Multi-WAN VPN QoS Router Appendix I: User Interface and User Manual Chapter Cross Reference This appendix is to show the corresponding index for each chapter and user interface. Users can find how to setup quickly and understand the VPN Router capability at the same time. VPN Router overall interface is as below.
  • Page 201 Enterprise Multi-WAN VPN QoS Router Bandwidth 8.1 (QoS) Management 8.3 Bandwidth Management Session Control 8.2 Session Limit IP/DHCP VII. Port Management Setup 7.3 DHCP/ IP Status 7.4 DHCP Status IP & MAC Binding 7.5 IP & MAC Binding IP Grouping 7.6 IP Grouping Firewall IX.
  • Page 202 Enterprise Multi-WAN VPN QoS Router Setup 7.1 Setup Status 7.2 Status X. VPN Summary 10.1.1 Summary Gateway to 10.1.2.1 Gateway to Gateway Gateway Client to Gateway 10.1.2.2 Client to Gateway PPTP Setup 10.1.3 PPTP Setup PPTP Status 10.1.3 PPTP Status VPN Pass Through 10.1.4 VPN Pass Through QnoKey...

  • Page 203: Appendix Ii:troubleshooting

    Enterprise Multi-WAN VPN QoS Router Appendix II:Troubleshooting (1) Block BT Download To block BT and prevent downloading by users, go to the “Firewall -> Content Filter" and select "Enable Website Block by Keywords," followed by the input of "torrent." This will prevent the users from downloading.

  • Page 204: 2)Shock Wave And Worm Virus Prevention

    Enterprise Multi-WAN VPN QoS Router (2)Shock Wave and Worm Virus Prevention Since many users have been attacked by Shock Wave and Worm viruses recently, the internet transmission speed was brought down and the Session bulky increase result in the massive processing load of the device. The following guides users to block this virus' corresponding port for prevention.
  • Page 205 Enterprise Multi-WAN VPN QoS Router Use the same method to add UDP [UDP135~139] and TCP [445~445] Ports. c. Enhance the priority level of these three to the highest.

  • Page 206: 3)Block Qqlive Video Broadcast Setting

    If the login onto the QQLive Server is blocked, the issue can be resolved. The following relates to Qno products and provides users with solutions by introducing users how to set up the device.
  • Page 207 Enterprise Multi-WAN VPN QoS Router QQLive server. Repeated addition may be needed). Lastly, select "Always" under the Scheduling setting so that the QQLive Login Time can be set. (If necessary, specific time setting may be undertaken). Click "Apply" to move to the next step. c).

  • Page 208: 4)Arp Virus Attack Prevention

    Enterprise Multi-WAN VPN QoS Router (4)ARP Virus Attack Prevention ARP Issue and Information Recently, many cyber cafes in China experienced disconnection (partially or totally) for a short period of time, but connection is resumed quickly. This is caused by the clash with MAC address.
  • Page 209 The device selection is advised to take into consideration the one with anti-ARP virus attack. Qno products come squarely with such a feature, which is very user-friendly compared to other products.
  • Page 210 Now we understand ARP, ARP cheat and attack, as well as how to identify this type of attack. What comes next is to find out effective prevention measures to stop the network from being attacked. The general solution provided by Qno can be divided into the following three options: a) Enable “Prevent ARP Virus Attack”:...
  • Page 211 Enterprise Multi-WAN VPN QoS Router Enter ”Firewall-> General” and find the option "Prevent ARP Virus Attack" to the right of the page. Click on the option to activate it and click "Apply" at the bottom of the page (see illustrated). b) Bind the Gateway IP and MAC address for each PC This prevents the ARP from cheating IP and its MAC address.
  • Page 212 Enterprise Multi-WAN VPN QoS Router arp -d arp -s Router LAN IP Router LAN MAC For those internal network attacked by Arp, the source must be identified. Method: If the PC fails to go online or there is packet loss of ping, in the DOS screen, input arp –a command to check if the MAC address of the gateway is the same with the device MAC address.
  • Page 213 Enterprise Multi-WAN VPN QoS Router After an item is added to the list, the corresponding message will be displayed in the white block on the bottom. However, such method is not recommended because the inquiry of IP/MAC addresses of all hosts creates heavy workload. Another method to bind IP and MAC is more recommended because of easy operation, reducing workload and time efficiency.
  • Page 214 Enterprise Multi-WAN VPN QoS Router Click to display IP and MAC binding list dialog box. In this box, the unbinding IP and MAC address corresponding to the PC are displayed. Enter the "Name" of the computer and click on "Enabled" with the display of the “√” icon and push the option on the top right corner of the screen to confirm.
  • Page 215 Enterprise Multi-WAN VPN QoS Router Though these basic operations can help solve the problem but Qno's technical engineers suggest that further measures should be taken to prevent the ARP attack. 1. Deal with virus source as well as the source device affected by virus through virus killing and the system re-installation.
  • Page 216 Enterprise Multi-WAN VPN QoS Router 5. Frequently update anti-virus software (virus data base), and set the daily upgrade that allows regular and automatic update. Install and use the network firewall software. Network firewall is important for the process of anti-virus. It can effectively avert the attack from the network and invasion of the virus.

  • Page 217: Appendix Iii:qno Technical Support Information

    Enterprise Multi-WAN VPN QoS Router Appendix III:Qno Technical Support Information For more information about the Qno's product and technology, please log onto the Qno's bandwidth forum, refer to the examples of the FTP server, or contact the technical department of Qno's dealers as well as the Qno's Mainland technical center.

Table of Contents