Black Box Firetunnel 30 LRE1030E User Manual
  1. Manuals
  2. Brands
  3. Black Box Manuals
  4. Network Router
  5. Firetunnel 30 LRE1030E
  6. User manual

Black Box Firetunnel 30 LRE1030E User Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
LRE1030E
User's Manual
Version Release 7.02 (FW:1.xx)
Updated July 28, 2008

Advertisement

Table of Contents
loading

Related Manuals for Black Box Firetunnel 30 LRE1030E

Summary of Contents for Black Box Firetunnel 30 LRE1030E

  • Page 1 LRE1030E User’s Manual Version Release 7.02 (FW:1.xx) Updated July 28, 2008...

  • Page 2: Copyright Information

    Published by Black Box Corporation. All rights reserved. Disclaimer Black Box does not assume any liability arising out of the application of use of any products or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. Black Box reserves the right to make changes in any products described herein without notice.

  • Page 3: Safety Warnings

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Safety Warnings Your Firetunnel 30 is built for reliability and long service life. For your safety, be sure to read and follow the following safety warnings.

  • Page 4: Table Of Contents

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Table of Contents Chapter 1: Introduction 1.1 Overview………………………………………………………………………….. 1.2 Product Highlights…………………………………………………………. 1.2.1 Increased Bandwidth, Scalability and Resilience…………….. 1.2.2 Virtual Private Network Support……………………………………….
  • Page 5 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 2.5.2 DNS Inbound Load Balancing…………………………………………….. 2.6 Virtual Private Networking………………………………………….. 2.6.1 General VPN Setup……………………………………………………………. 2.6.2 VPN Planning - Fail Over……………………………………………………. 2.6.3 Concentrator………………………………………………………………………...
  • Page 6 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 4.3.4 PPTP…………………………………………………………………………………… 4.3.5 Big Pond……………………………………………………………………………. 4.4 Configuration…………………………………………………………………… 4.4.1 LAN……………………………………………………………………………………. 4.4.1.1 Ethernet………………………………………………………………. 4.4.1.2 DHCP Server……………………………………………………….. 4.4.1.3 LAN Address Mapping ……………………………………….. 4.4.2 WAN…………………………………………………………………………………..
  • Page 7 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 4.4.6.1.1 IPSec Wizard…………………………………… 4.4.6.1.2 IPSec Policy…………………………………….. 4.4.6.2 PPTP…………………………………………………………………….. 4.4.7 QoS…………………………………………………………………………………… 4.4.8 Virtual Server……………………………………………………………………. 4.4.8.1 DMZ…………………………………………………………………….. 4.4.8.2 Port Forwarding Table…………………………………………. 4.4.9 Advanced…………………………………………………………………………..
  • Page 8 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 5.4 ISP Connection………………………………………………………………… 5.5 Problems with Date and Time………………………………………. 5.6 Restoring Factory Defaults……………………………………………...
  • Page 9 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Appendix A: Product Specifications Appendix B: FCC Interference Statement Appendix C: IPSec Logs and Events C.1 IPSec Log Event Categories…………………………………………. C.2 IPSec Log Event Table……………………………………………………...

  • Page 10: Chapter 1: Introduction

    Chapter 1: Introduction 1.1 Overview Congratulations on purchasing Firetunnel 30 Router from Black Box. Combining a router with an Ethernet network switch, Firetunnel 30 is a state-of-the-art device that provides everything you need to get your network connected to the Internet over your Cable or DSL connection quickly and easily.

  • Page 11: Advanced Firewall Security

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu with performance of up to 30Mbps. PPTP VPN is up to 4 simultaneous PPTP VPN connections are possible on Firetunnel 30, with performance of up to 10Mbps.

  • Page 12: Front Panel

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 1.3.1 Front Panel Function Power A solid light indicates a steady connection to a power source. Status A blinking light indicates the device is writing to flash memory.

  • Page 13: Rear Panel

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 1.3.2 Rear Panel Port Function To reset the device and restore factory default settings, after RESET the device is fully booted, press and hold RESET until the Status LED begins to blink.

  • Page 14: Rack Mounting

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 1.3.3 Rack Mounting To rack mount Firetunnel 30, carefully secure the device to your rack on both sides using the included brackets and screws. See the diagram below for a more detailed explanation.

  • Page 15: Chapter 2: Router Applications

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Chapter 2: Router Applications 2.1 Overview Your Firetunnel 30 router is a versatile device that can be configured to not only...

  • Page 16: Qos Policies For Different Applications

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 2.2.2 QoS Policies for Different Applications By setting different QoS policies according to the applications you are running, you can use Firetunnel 30 to optimize the bandwidth that is being used on your network.

  • Page 17: Guaranteed / Maximum Bandwidth

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu As illustrated in the diagram above, applications such as Voiceover IP (VoIP) require low network latencies to function properly. If bandwidth is being used by other applications such as an FTP server, users using VoIP will experience network lag and/or service interruptions during use.

  • Page 18: Policy Based Traffic Shaping

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 2.2.4 Policy Based Traffic Shaping Policy Based Traffic Shaping allows you to apply specific traffic policies across a range of IP addresses or ports. This is particularly useful for assigning different policies for different PCs on the network.

  • Page 19: Priority Bandwidth Utilization

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 2.2.5 Priority Bandwidth Utilization Assigning priority to a certain service allows Firetunnel 30 to give either a higher or lower priority to traffic from this particular service. Assigning a higher priority to an application ensures that it is processed ahead of applications with a lower priority and vice versa.

  • Page 20: Diffserv (Dscp Marking)

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 2.2.7 DiffServ (DSCP Marking) DiffServ (a.k.a. DSCP Marking) allows you to classify traffic based on IP DSCP values. Other interfaces can match traffic based on the DSCP markings. DSCP markings are used to decide how packets should be treated, and is a useful tool to give precedence to varying types of data.

  • Page 21: Dscp (Matching)

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 2.2.8 DSCP (Matching) Just like the DSCP Marking, DSCP is used on traffics (Both inbound rules and outbound rules have DSCP matching). DSCP matching is used to identify traffic for the rule.

  • Page 22: Outbound Load Balancing

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu connected to the Internet via WAN1 (IP_230.100.100.1) on Firetunnel 30. Should WAN1 fail, Outbound Fail Over tells Firetunnel 30 to reroute outgoing traffic to WAN2 (IP_213.10.10.2).

  • Page 23: Inbound Traffic

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Please refer to appendix H for example settings. 2.4 Inbound Traffic Learn how Firetunnel 30 can handle inbound traffic in the following section.

  • Page 24: Inbound Load Balancing

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 2.4.2 Inbound Load Balancing Inbound Load Balancing allows Firetunnel 30 to intelligently manage inbound traffic based on the amount of load of each WAN connection.

  • Page 25: Dns Inbound

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 2.5 DNS Inbound Using DNS Inbound is a great way to intelligently direct network traffic. DNS Inbound is a three step process. First, a DNS request is made to the router via a remote PC.

  • Page 26: Dns Inbound Fail Over

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 2.5.1 DNS Inbound Fail Over Firetunnel 30 can be configured to reply the WAN2 IP address for the DNS domain name request should WAN1 fail.

  • Page 27: Dns Inbound Load Balancing

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 2.5.2 DNS Inbound Load Balancing DNS Inbound Load Balancing allows Firetunnel 30 to intelligently manage inbound traffic based on the amount of load of each WAN connection by assigning the IP address with the lowest traffic load to incoming requests.
  • Page 28 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu A typical scenario of how traffic is directed with DNS Inbound Load Balancing is illustrated below: HTTP Reply DNS Reply DNS Request...

  • Page 29: Virtual Private Networking

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 2.6 Virtual Private Networking A Virtual Private Network (VPN) enables you to send data between two computers across a shared or public network in a manner that emulates the properties of a point-to-point private link.

  • Page 30: Vpn Planning - Fail Over

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu can be applied is when a remote sales person accesses the corporate network over a secure VPN tunnel. 100.100.100. myID.dyndns.org 192.168.2.x...

  • Page 31: Concentrator

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu gateway using WAN1 through a secure VPN tunnel. Should WAN1 fail, outbound traffic from Firetunnel 30 will automatically be redirected to WAN2. This process is completely transparent to the remote gateway, as Firetunnel 30 will automatically update the domain name (Firetunnel.com) with the WAN2 IP address.
  • Page 32 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Local subnet: 192.168.3.0 Local subnet: 0.0.0.0 Local mask: 255.255.255.0 Local mask: 0.0.0.0 Remote subnet: 0.0.0.0 Remote subnet: 192.168.3.0 200.200.200.1 Remote mask: 0.0.0.0 192.168.3.x...

  • Page 33: Chapter 3: Getting Started

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Chapter 3: Getting Started 3.1 Overview Firetunnel 30 is designed to be a powerful and flexible network device that is also easy to use.

  • Page 34: Connecting Your Router

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu by default. If you reset the device, remote administration must be enabled again. If you decide to manage your network remotely, be sure to change the default password for security reason.

  • Page 35: Configuring Your Pc

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 3.4 Configuring your PC Now that your Firetunnel 30 is connected properly to your network, it’s time to configure your networked PCs to access Firetunnel 30.
  • Page 36 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu The easiest way to connect to Firetunnel 30 is by using DHCP Protocol. Check the manual of your operating system on how to configure your system for DHCP.

  • Page 37: Factory Default Settings

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 3.5 Factory Default Settings Before configuring your Firetunnel 30, you need to know the following default settings: Web Interface: Username: admin...

  • Page 38: Lan And Wan Port Addresses

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 3.5.2 LAN and WAN Port Addresses The default values for LAN and WAN ports are shown below: LAN Port WAN Port IP address 192.168.1.254...

  • Page 39: Configuration Information

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu If your ISP provides a PPTP connection, you can use the PPTP protocol to PPTP establish a connection to your ISP.

  • Page 40: Web Configuration Interface

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 3.7 Web Configuration Interface Firetunnel 30 includes a Web Configuration Interface for easy administration via virtually any browser on your network. To access this interface, open your web browser, enter the IP address of your router, which by default is 192.168.1.254, and...

  • Page 41: Chapter 4: Router Configuration

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Chapter 4: Router Configuration 4.1 Overview The Web Configuration Interface makes it easy for you to manage your network via any PC connected to it. On the Web Configuration homepage, you will see the navigation pane located on the left hand side.

  • Page 42: Status

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu The following sections will show you how to configure your router using the Web Configuration Interface. 4.2 Status The Status menu displays the various options that have been selected and a number of statistics about your Firetunnel 30.

  • Page 43: Routing Table

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu No.: Number of the list. IP Address: A list of IP addresses of devices on your LAN. MAC Address: The Media Access Control (MAC) addresses for each device on your LAN.

  • Page 44: Session Table

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 4.2.3 Session Table The NAT Session Table displays a list of current sessions for both incoming and outgoing traffic with protocol type, source IP, source port, destination IP and destination port, each page shows 10 sessions.

  • Page 45: Dhcp Table

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 4.2.4 DHCP Table The DHCP Table displays a list of IP addresses that have been assigned to PCs on your network via Dynamic Host Configuration Protocol (DHCP).

  • Page 46: Pptp Status

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 4.2.6 PPTP Status The PPTP Status window displays the status of the PPTP Tunnels that are currently configured on your Firetunnel 30.

  • Page 47: Lan Traffic Statistics

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Refresh: Refresh the System Log. Clear Log: Clear the System Log. Send Log: Send the System Log to your email account. You can set the email address in Configuration >...

  • Page 48: Quick Start

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 4.3 Quick Start The Quick Start menu allows you to quickly configure your network for Internet access using the most basic settings.

  • Page 49: Pppoe

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 4.3.3 PPPoE Username: Enter your user name. Password: Enter your password. Retype Password: Retype your password. Connection: Select whether the connection should Always Connect or Trigger on Demand.

  • Page 50: Big Pond

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu PPTP Client IP: Enter the PPTP Client IP provided by your ISP. PPTP Client IP Netmask: Enter the PPTP Client IP Netmask provided by your ISP.

  • Page 51: Configuration

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 4.4 Configuration The Configuration menu allows you to set many of the operating parameters of Firetunnel 30. In this menu, you will find the following sections:...

  • Page 52: Ethernet

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 4.4.1.1 Ethernet IP Address: Enter the internal LAN IP address for Firetunnel 30 (192.168.1.254 by default). Subnet Mask: Enter the subnet mask (255.255.255.0 by default).

  • Page 53: Lan Address Mapping

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu IP address to each PC on your network, and set the default gateway for each PC to the IP address of the router (192.168.1.254 by default).

  • Page 54: Wan

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Please click Create to create a LAN Address Mapping rule. Name: Please input the name of the rule. IP Address: Please input the LAN Gateway IP Address you would like to use.

  • Page 55: Settings

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu The WAN menu contains three items: Settings, Bandwidth Settings and WAN IP Alias. 4.4.2.1 Settings This WAN Service Table displays the different WAN connections that are configured on Firetunnel 30.

  • Page 56: Dhcp

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu PPPoE Settings, PPTP Settings, and Big Pond Settings. For each WAN port, the factory default is DHCP. If your ISP does not use DHCP, select the correct connection method and configure the connection accordingly.

  • Page 57: Static Ip

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 4.4.2.1.2 Static IP IP assigned by your ISP: Enter the static IP assigned by your ISP. IP Subnet Mask: Enter the IP subnet mask provided by your ISP.

  • Page 58: Pppoe

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 4.4.2.1.3 PPPoE Username: Enter your user name. Password: Enter your password. Retype Password: Retype your password. Connection: Select whether the connection should Always Connect or Trigger on Demand.

  • Page 59: Pptp

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu disable RIP, select Disable from the drop down menu. MTU: Enter the Maximum Transmission Unit (MTU) for your network. Network Address Translation: Enables or Disables the NAT function. To apply this interface as router mode please select Disable.
  • Page 60 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu select Always Connect. If you want to establish a PPTP session only when there is a packet requesting access to the Internet (i.e. when a program on your computer attempts to access the Internet), select Trigger on Demand.

  • Page 61: Big Pond

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 4.4.2.1.5 Big Pond Username: Enter your user name. Password: Enter your password. Retype Password: Retype your password. Login Server: Enter the IP of the Login server provided by your ISP.

  • Page 62: Bandwidth Setting

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 4.4.2.2 Bandwidth Settings Under Bandwidth Settings, you can easily configure both inbound and outbound bandwidth for each WAN port. WAN1: Enter your ISP inbound and outbound bandwidth for WAN1.

  • Page 63: Dual Wan

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Please click Create to create a LAN Address Mapping rule. Name: Please input the name of the rule. IP Address: Please input the additional WAN IP address you would like to use.

  • Page 64: General Settings

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 4.4.3.1 General Settings Mode: You can select Load Balance or Fail Over. Service Detection: Enables or disables the service detection feature. For fail over, the service detection function is enabled.

  • Page 65: Outbound Load Balance

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 4.4.3.2 Outbound Load Balance Outbound Load Balancing on Firetunnel 30 can be based on one of two methods: 1. By session mechanism 2.

  • Page 66: Inbound Load Balance

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu will go through specific WAN port (WAN1 or WAN2) according to policy settings in this mechanism. This will assure that some applications will work when it would like to authenticate the source IP address.
  • Page 67 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu SOA: Domain Name: The domain name of DNS Server 1. It is the name that you register on DNS organization. You have to fill-out the Fully Qualified Domain Name (FQDN) with an ending character (a dot) for this text field.
  • Page 68 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu To edit the Host Mapping URL list, click Edit. This will open the Host Mapping URL table, which lists the current Host Mapping URLs.

  • Page 69: Protocol Binding

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Name1: The Alias Host URL Name2: The Alias Host URL Click Apply to save your changes. 4.4.3.4 Protocol Binding Protocol Binding lets you direct specific traffic to go out from a specific WAN port.
  • Page 70 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Interface: Choose which WAN port to use: WAN1, WAN2 Source IP Range: All Source IP: Click it to specify all source IPs.

  • Page 71: System

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 4.4.4 System The System menu allows you to adjust a variety of basic router settings, upgrade firmware, set up remote access, and more. In this menu are the following sections: Time Zone, Remote Access, Firmware Upgrade, Backup/Restore, Restart, Password, System Log and E-mail Alert.

  • Page 72: Remote Access

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu NTP Server Address: Please input the NTP server address you would like to use. Daylight Saving: To have Firetunnel 30 automatically adjust for Daylight Savings Time, please check the Automatic checkbox.

  • Page 73: Firmware Upgrade

    Upgrading your Firetunnel 30’s firmware is a quick and easy way to enjoy increased functionality, better reliability, and ensure trouble-free operation. To upgrade your firmware, simply visit Black Box’s website (http://www.blackbox.com) and download the latest firmware image file for Firetunnel 30. Next, click Browse and...

  • Page 74: Backup / Restore

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu select the newly downloaded firmware file. Click Upgrade to complete the update. NOTE: DO NOT power down the router or interrupt the firmware upgrade while it is still in process.

  • Page 75: Restart

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 4.4.4.5 Restart The Restart feature allows you to easily restart Firetunnel 30. To restart with your last saved configuration, select the Current Settings radio button and click Restart.

  • Page 76: Password

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 4.4.4.6 Password In order to prevent unauthorized access to your router’s configuration interface, it requires the administrator to login with a password. You can change your password by entering your new password in both fields.

  • Page 77: Firewall

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Type in the IP address connected to WAN 1 or 2, and set the Max TTL value, the default is 16. Set the wait time then click TraceTesting button.
  • Page 78 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu The Packet Filter function is used to limit user access to certain sites on the Internet or LAN. The Filter Table displays all current filter rules. If there is an entry in the Filter Table, you can click Edit to modify the setting of this entry, click Delete to remove this entry, or click Move to change this entry’s priority.

  • Page 79: Url Filter

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu (for IP Range only) Netmask: Enter the subnet mask of the above IP address. Protocol: Select the Transport protocol type (Any, TCP, UDP).
  • Page 80 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Restrict URL Features: Click "Block Java Applet" to filter web access with Java Applet components. Click "Block ActiveX" to filter web access with ActiveX components.
  • Page 81 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Enter a domain and select whether this domain is trusted or forbidden with the pull-down menu. Next, click Apply. Your new domain will be added to either the Trusted Domain or Forbidden Domain listing, depending on which you selected previously.

  • Page 82: Lan Mac Filter

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 4.4.5.3 LAN MAC Filter LAN Mac Filter can decide that Firetunnel will serve those devices at LAN side or not by MAC Address.
  • Page 83 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Click Create to configure the list. Rule: Enable or disable this entry. Action When Matched: Select to Drop or Forward the packet specified in this filter entry.

  • Page 84: Block Wan Request

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 4.4.5.4 Block WAN Request Blocking WAN requests is one way to prevent DDOS attacks by preventing ping requests from the Internet. Use this menu to enable or disable function.

  • Page 85: Vpn

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu log. ARP protection is used to protect users on the LAN against ARP ARP Protection: virus. When enabled, ARP Protection will only protect computers that were set in Fixed Host (refer to page 78) so that the ARP table of the hosts can be updated.

  • Page 86: Ipsec

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 4.4.6.1 IPSec IPSec is a set of protocols that enable Virtual Private Networks (VPN). You can find two items under the IPSec section: IPSec Wizard and IPSec Policy.
  • Page 87 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Connection Type: There are 5 connection types: (1)LAN to LAN: Firetunnel would like to establish an IPSec VPN tunnel with remote router using Fixed Internet IP or domain name by using main mode.
  • Page 88 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Remote Identifier: The Identifier of the remote gateway. According to the input value, the ID type will be auto-defined as IP Address, FQDN(DNS) or FQUN(E-mail).
  • Page 89 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu (4)LAN to Mobile Host: Firetunnel would like to establish an IPSec VPN tunnel with remote client software using Dynamic Internet IP by using aggressive mode.

  • Page 90: Ipsec Policy

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu After your configuration is done, you will see a Configuration Summary. Back: Back to the Previous page. Done: Click Done to apply the rule.
  • Page 91 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Connection Name: A user-defined name for the connection. Tunnel: Select Enable to activate this tunnel. Select Disable to deactivate this tunnel.
  • Page 92 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu WAN IP Address: Automatically use the current WAN Address as ID. IP Address: Use an IP address format. FQDN DNS(Fully Qualified Domain Name): Consists of a hostname and domain name.
  • Page 93 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Subnet: The subnet of the remote network. Selecting this option allows you to enter an IP address and netmask. IP Range: The IP Range of the remote network.
  • Page 94 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu negotiation time. Diffie-Hellman is a public-key cryptography protocol that allows two parties to establish a shared secret over the Internet. Pre-shared Key: This is for the Internet Key Exchange (IKE) protocol. IKE is used to establish a shared security policy and authenticated keys for services (such as IPSec) that require a key.

  • Page 95: Pptp

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Remote Network: Displays IP address and subnet of the remote network. Remote Gateway: This is the IP address or Domain Name of the remote VPN device that is connected and has an established IPSec tunnel.

  • Page 96: Qos

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Connection Name: A user-defined name for the connection. Tunnel: Select Enable to activate this tunnel. Select Disable to deactivate this tunnel.
  • Page 97 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu The first menu screen gives you an overview of which WAN ports currently have QoS active, and the bandwidth settings for each.
  • Page 98 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Creating a New QoS Rule To get started using QoS, you will need to establish QoS rules. These rules tell Firetunnel 30 how to handle both incoming and outgoing traffic. The following example shows you how to configure WAN1 Outbound QoS.
  • Page 99 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu highest. DSCP Marking: Used to classify traffic. Select from Best Effort, Premium, Gold Service (High Medium, Low), Silver (H,M,L), and Bronze (H,M,L).

  • Page 100: Virtual Server

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu For MAC Address: Source MAC Address: The source MAC Address of the device this rule applies to. Candidates: You can also select the Candidates which are referred from the ARP table for automatic input.

  • Page 101: Dmz

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu your PCs. Please see the WAN Configuration section of this manual for more information on NAT. Firetunnel 30 can also be configured as a virtual server so that remote users accessing services such as Web or FTP services via the public (WAN) IP address can be automatically redirected to local servers in the LAN network.

  • Page 102: Port Forwarding Table

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 4.4.8.2 Port Forwarding Table Because NAT can act as a "natural" Internet firewall, your router protects your network from being accessed by outside users, as all incoming connection attempts will point to your router unless you specifically create Virtual Server entries to forward those ports to a PC on your network.

  • Page 103: Advanced

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Application: User defined application name for the current rule. Helper: You could also select the application type you would like to apply for automatic input.

  • Page 104: Static Route

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu There are five items within the Advanced section: Static Route, Dynamic DNS, Device Management, IGMP and VLAN Bridge. 4.4.9.1 Static Route The static route settings enable the router to route IP packets to another network (subnet).

  • Page 105: Dynamic Dns

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Netmask: This is the subnet mask of the destination IP addresses based on above destination subnet IP. Gateway: This is the gateway IP address to which packets are to be forwarded.

  • Page 106: Device Management

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu www.orgdns.org , www.dhs.org, www.dyns.cx, www.3domain.hk, www.dyndns.org , www.3322.org ) Dynamic DNS: Disable: Check to disable the Dynamic DNS function. Enable: Check to enable the Dynamic DNS function. The following fields will be...
  • Page 107 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Web Server Settings HTTP Port: This is the port number the router’s embedded web server (for web-based configuration) will use. The default value is the standard HTTP port, 80.

  • Page 108: Igmp

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 4.4.9.4 IGMP IGMP snooping and IGMP proxy are functions to be used for home users who will access IPTV applications. IGMP Snooping: Please select enable or disable IGMP Snooping function.

  • Page 109: Vlan Bridge

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 4.4.9.5 VLAN Bridge This section allows you to create VLAN group and specify the member. VLAN Mode: Select Disable to disable VLAN mode, select Bridge Mode to use VLAN Bridge function and select Tagging Mode to use the VLAN Tagging mode option.

  • Page 110: Schedule

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu this VLAN ID group. Untagged Member port(s): Please check the interface that you would like to use in this VLAN ID group.

  • Page 111: Log & E-Mail Alert

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Day: Check the box of Firetunnel 30 working day. Start Time: Set the connection start time. End Time: Set the connection end time.

  • Page 112: E-Mail Alert

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 4.5.3 E-Mail Alert Set the e-mail account you want the system log statistics to send to. E-Mail Alert: Enable/ Disable this function.

  • Page 113: Logout

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 4.7 Logout To exit the router’s web interface, click Logout. Please ensure that you have saved your configuration settings before you logout.

  • Page 114: Chapter 5: Troubleshooting

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Chapter 5: Troubleshooting 5.1 Basic Functionality This section deals with issues regarding your Firetunnel 30’s basic functions. 5.1.1 Router Won’t Turn On...

  • Page 115: Forgot My Password

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu - Make sure each Ethernet cable connection is secure at the firewall and at the hub or workstation. - Make sure that power is turned on to the connected hub or workstation.

  • Page 116: Can't Ping Any Pc On The Lan

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 5.2.2 Can’t Ping Any PC on the LAN If PCs connected to the LAN cannot be pinged: - Check the 10/100 LAN LEDs on Firetunnel 30’s front panel. One of these LEDs should be on.

  • Page 117: Pop-Up Windows

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 5.2.3.1 Pop-up Windows To use the Web Configuration Interface, you need to disable pop-up blocking. You can either disable pop-up blocking, which is enabled by default in Windows XP Service Pack 2, or create an exception for your Firetunnel 30’s IP address.

  • Page 118: Java Permissions

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 3. Under Scripting, check to see if Active scripting is set to Enable. 4. Ensure that Scripting of Java applets is set to Enabled.

  • Page 119: Wan Interface

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu NOTE: If Java from Sun Microsystems is installed, scroll down to Java (Sun) and ensure that the checkbox is filled. 5.3 WAN Interface If you are having problems with the WAN Interface, refer to the tips below.
  • Page 120 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu 4. Check to see that the WAN port is properly connected to the ISP. If a Connected by (x) where (x) is your connection method is not shown, your router has not successfully obtained an IP address from your ISP.

  • Page 121: Problems With Date And Time

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu If an IP address can be obtained, but your PC cannot load any web pages from the Internet: - Your PC may not recognize DNS server addresses. Configure your PC manually with DNS addresses.

  • Page 122: Virtual Private Network

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Appendix A: Product Specifications Availability and Resilience - Dual-WAN ports - Load balancing for increased bandwidth of inbound and outbound traffic - Automatic failover to redirect the packet when one broadband connection is broken.

  • Page 123: Content Filtering

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Firewall - Stateful Packet Inspection (SPI) and Denial of Service (DoS) prevention - Packet filter un-permitted inbound (WAN)/Inbound (LAN) Internet access by IP address, port number and packet type...

  • Page 124: Physical Interface

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Physical Interface Ethernet WAN 2 ports (10/100 Base-T), support Auto- Crossover (MDI/MDIX) Ethernet LAN 8 ports (10/100 Base-T) switch support Auto- Crossover (MDI/MDIX) Physical Specifications Dimensions: 18.98"...

  • Page 125: Appendix B: Fcc Interference Statement

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Appendix B: FCC Interference Statement This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: - This device may not cause harmful interference.

  • Page 126: Appendix C: Ipsec Logs And Events

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Appendix C: IPSec Logs and Events C.1 IPSec Log Event Categories There are three major categories of IPSec Log Events for your Firetunnel 30. These include: 1.
  • Page 127 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Received Main mode second Received the second message of main mode. Done to exchange key message of ISAKMP values. Send Main mode second response Sending the main mode second response message.
  • Page 128 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu message proposal and key values (IPSec). Send Quick mode first response Sending the first response message of quick mode (Phase II). Done to message exchange proposal and key values (IPSec).
  • Page 129 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu INVALID ID INFORMATION: Initial Aggressive Mode packet claiming to be from [ID] on [IP] but no connection has been authorized IKE Negotiated Status Messages...

  • Page 130: Appendix D: Router Setup Examples

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Appendix D: Router Setup Examples D.1 Outbound Fail Over Step 1: Go to Configuration > WAN > ISP Settings. Select WAN1 and WAN2 and click Edit.
  • Page 131 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Step 3: Go to Configuration > Dual WAN > General Settings. Select the Fail Over radio button. Under Connectivity Decision, input the number of times Firetunnel 30 should probe the WAN before deciding that the ISP is in service or not (3 by default).

  • Page 132: Outbound Load Balancing

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Step 4: Click Save Config to save all changes to flash memory. D.2 Outbound Load Balancing 192.168.2.2 230.100.100.1 213.100.100.2 192.168.2.3 With Outbound Load Balancing, you can improve upload performance by optimizing your connection via Dual WAN.
  • Page 133 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Step 2: Configure your WAN2 ISP settings and click Apply. Step 3: Go to Configuration > Dual WAN > General Settings. Select the Load...

  • Page 134: Inbound Fail Over

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Step 4: Go to Configuration > Dual WAN > Outbound Load Balance. Choose the Load Balance mechanism you want and click Apply.
  • Page 135 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Step 1: From the Web Configuration Interface, go to Configuration > Dual WAN > General Settings. Select the Fail Over radio button.
  • Page 136 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Step 3: Go to Configuration > Advanced > Dynamic DNS. Set the WAN1 DDNS settings. Step 4: From the same menu, set the WAN2 DDNS settings.

  • Page 137: Dns Inbound Fail Over

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Step 5: Click Save Config to save all changes to flash memory. D.4 DNS Inbound Fail Over Authoritative Domain Name Server 200.200.200.1...
  • Page 138 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu configured according to the settings provided by your ISP. If not, please refer to Chapter 4.2.2.1 ISP Settings for details on how to configure your WAN ports.
  • Page 139 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Step 3: Input DNS Server 1 settings and click Apply. Step 4: Configure your Host URL Mapping for DNS Server 1 by clicking Edit to enter the Host URL Mappings List.

  • Page 140: Dns Inbound Load Balancing

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Step 5: Click Save Config to save all changes to flash memory. D.5 DNS Inbound Load Balancing DNS Request Authoritative Domain Name Server 200.200.200.1...
  • Page 141 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Step 2: Go to Configuration > Dual WAN > Inbound Load Balance > Server Settings and configure DNS Server 1. Step 3: Go to Configuration > Dual WAN > Inbound Load Balance > Host URL...
  • Page 142 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Step 4: Next configure your HTTP mapping. Step 5: Click Save Config to save all changes to flash memory.

  • Page 143: Dynamic Dns Inbound Load Balancing

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu D.6 Dynamic DNS Inbound Load Balancing 192.168.2.2 www.billion3.dyndns.org www.bbox2.dyndns.org 192.168.2.3 www.bbox3.dyndns.org HTTP www.billion2.dyndns.org Remote Access from Internet Step 1: Go to Configuration > WAN > Bandwidth Settings. Configure your WAN...
  • Page 144 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Step 2: Go to Configuration > Dual WAN > General Settings and enable Load Balance mode. You may then decide whether to enable Service Detection or not.
  • Page 145 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Step 4: Go to Configuration > Advanced > Dynamic DNS and input the dynamic DNS settings for WAN1 and WAN2.
  • Page 146 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu WAN1: WAN 2:...
  • Page 147 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Step 5: Go to Configuration > Virtual Server and set up a virtual server for both FTP and HTTP.

  • Page 148: Vpn Configuration

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Step 6: Click Save Config to save all changes to flash memory. D.7 VPN Configuration This section outlines some concrete examples on how you can configure Firetunnel 30 for your VPN.
  • Page 149 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Branch Office Head Office Local IP Address IP Address Data 69.121.1.30 69.121.1.3 Network Any Local Address Any Local Address IP Address 192.168.0.0...

  • Page 150: Host To Lan

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu D.7.2 Host to LAN Single client Head Office Local IP Address IP Address Data 69.121.1.30 69.121.1.3 Network Any Local Address Any Local Address IP Address 0.0.0.0...
  • Page 151 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu IP Address IP Address Data 69.121.1.3 69.121.1.30 Network Subnet Single Address IP Address 192.168.1.0 69.121.1.30 Netmask 255.255.255.0 255.255.255.255 Proposal IKE Pre-shared Key...

  • Page 152: Ipsec Fail Over (Gateway To Gateway)

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu D.8 IP Sec Fail Over (Gateway to Gateway) Firetunnel.blackbox.com 192.168.2.x 200.200.200.1 192.168.3.x Firetunnel Firetunnel Before Fail Over 192.168.2.x 200.200.200.1 192.168.3.x Firetunnel.bbox.com...
  • Page 153 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Step 2: Go to Configuration > Advanced > Dynamic DNS and configure your dynamic DNS settings (Both WAN1 and WAN2). Step 3: Go to Configuration > VPN > IPSec > IPSec Policy. Click Create to...

  • Page 154: Vpn Concentrator

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Step 4: Click Save Config to save all changes to flash memory. To configure Firetunnel 10 gateway, refer to the screenshot below.
  • Page 155 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Step 1: Go to Configuration > VPN > IPSec > IPSec Policy and configure the link from Firetunnel 30 to Firetunnel 10 Branch A.
  • Page 156 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Step 3: Go to Configuration > VPN > IPSec > IPSec Policy and configure the connection from Firetunnel 10 Branch A to Firetunnel 30.
  • Page 157 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Step 4: Go to Configuration > VPN > IPSec > IPSec Policy and configure the connection from Firetunnel 10 Branch B to Firetunnel 30.

  • Page 158: Protocol Binding

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu D.10 Protocol Binding Step 1: Go to Configuration > Dual WAN > General Settings. Select the Load Balancing radio button. Step 2: Go to Configuration > Dual WAN > Protocol Binding and configure...

  • Page 159: Intrusion Detection

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Step 3: Go to Configuration > Dual WAN > Protocol Binding and configure settings for WAN2. Step 4: Click Save Config to save all changes to flash memory.

  • Page 160: Pptp Remote Access By Windows Xp

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Step 1: Go to Configuration > Firewall > Intrusion Detection and Enable the settings. Step 2: Click Apply and then Save Config to save all changes to flash memory.
  • Page 161 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Step1: Go to Configuration > VPN > PPTP and Enable the PPTP function, Click Apply. Step2: Click Create to create a PPTP Account.
  • Page 162 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Step3: Click Apply, you can see the account is successfully created. Step4: Click Save Config to save all changes to flash memory.
  • Page 163 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Step5: In Windows XP, go Start > Settings > Network Connections. Step6: In Network Tasks, Click Create a new connection, and press Next.
  • Page 164 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Step7: Select Connect to the network at my workplace and press Next. Step8: Select Virtual Private Network connection and press Next.
  • Page 165 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Step9: Input the user-defined name for this connection and press Next. Step10: Input PPTP Server Address and press Next.
  • Page 166 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Step11: Please press Finish. Step12: Double click the connection, and input Username and Password that defined in Firetunnel PPTP Account Settings.
  • Page 167 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu PS. You can also refer the Properties > Security page as below, by default.

  • Page 168: Pptp Remote Access By Firetunnel

    Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu D.13 PPTP Remote Access by Firetunnel Internet Internet Branch Office Headquarter 100.100.100.1 200.200.200.1 Internet Internet Firetunnel 30&PPTP Server PPTP Tunnel Local subnet: 192.168.30.0 Local mask: 255.255.255.0...
  • Page 169 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Step3: Click Apply, you can see the account is successfully created. Step4: Click Save Config to save all changes to flash memory.
  • Page 170 Black Box Corporation 1000 Park Drive, Lawrence, PA 15055-1018 USA, Canada: www.blackbox.com, EU, Africa, Asia, South America, Australia: www.blackbox.eu Step5: In another Firetunnel as Client, Go to Configuration > WAN > ISP Settings. Step6: Click Apply, and Save CONFIG.

Table of Contents