UTT HiPER 518W Advanced Configuration Manual
  1. Manuals
  2. Brands
  3. UTT Manuals
  4. Wireless Router
  5. HiPER 518W
  6. Advanced configuration manual

UTT HiPER 518W Advanced Configuration Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
HiPER 518W Wireless Router
Advanced Configuration Guide
V1.3
UTT Technologies Co., Ltd.
http://www.uttglobal.com

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the HiPER 518W and is the answer not in the manual?

Questions and answers

Related Manuals for UTT HiPER 518W

Summary of Contents for UTT HiPER 518W

  • Page 1 HiPER 518W Wireless Router Advanced Configuration Guide V1.3 UTT Technologies Co., Ltd. http://www.uttglobal.com...

  • Page 2: Copyright Notice

    UTT Technologies Co., Ltd. UTT Technologies Co., Ltd. has the patents, patent applications, trademarks, trademark applications, copyrights and other intellectual property rights that are mentioned in this document.

  • Page 3: Table Of Contents

    UTT Technologies Table of Contents Table of Contents COPYRIGHT NOTICE ........................2 TABLE OF CONTENTS ........................I ABOUT THIS MANUAL ........................1 ............................1 COPE UI S ......................... 1 TYLE ..................... 2 OCUMENTS ONVENTIONS 0.3.1 Symbol Conventions ....................... 2 0.3.2 Other Conventions ......................
  • Page 4 UTT Technologies Table of Contents ........................35 ETUP IZARD ........................35 YSTEM TATUS 4.2.1 Wired Status ........................35 4.2.2 Wireless Status ......................36 ....................... 38 NTERFACE RAFFIC ..........................40 ESTART NETWORK ......................41 CHAPTER 5 WAN S ........................41 ETTINGS 5.1.1...
  • Page 5 UTT Technologies Table of Contents 6.2.1 Disabling Wireless Security................... 91 Wireless Security Settings – WEP ................. 91 6.2.2 6.2.3 Wireless Security Settings - WPA/WPA2 ..............93 6.2.4 Wireless Security Settings - WPA-PSK/WPA2-PSK ............. 94 MAC A ..................96 IRELESS DDRESS ILTERING 6.3.1...
  • Page 6 UTT Technologies Table of Contents 8.2.4 IP/MAC Binding Settings .................... 133 8.2.5 How to Add IP/MAC Bindings ................... 134 8.2.6 Internet Whitelist and Blacklist ................... 135 ........................137 ERVER 8.3.1 PPPoE Overview ......................138 8.3.2 PPPoE Server Global Settings ..................140 8.3.3...
  • Page 7 UTT Technologies Table of Contents 10.2 ................173 LEXIBLE ANDWIDTH ANAGEMENT 10.3 P2P R ........................173 IMIT 10.4 ........................ 175 ESSION IMITING FIREWALL ....................... 177 CHAPTER 11 11.1 ......................177 TTACK REVENTION 11.1.1 Internal Attack Prevention ................... 177 11.1.2 External Attack Prevention ..................180 11.2...
  • Page 8 UTT Technologies Table of Contents 13.3.3 Reset to Factory Defaults .................... 253 13.4 ......................254 IRMWARE PGRADE 13.5 ....................... 255 EMOTE ANAGEMENT 13.6 ......................... 256 CHEDULED 13.6.1 Scheduled Task Settings ....................257 13.6.2 Scheduled Task List ..................... 257 STATUS ......................259 CHAPTER 14 14.1...

  • Page 9: About This Manual

    UTT Technologies About This Manual About This Manual Scope This guide mainly describes how to install and configure the HiPER 518W Wireless Router offered by UTT Technologies Co., Ltd. For more information, please visit our website at www.uttglobal.com. Web UI Style The Web UI style complies with the browser standard, which is as follows: Radio Button: It allows you to choose only one of a predefined set of options.

  • Page 10: Documents Conventions

    UTT Technologies About This Manual Documents Conventions 0.3.1 Symbol Conventions : It represents a configuration parameter. Parameters may be optional or required. Required parameters are indicated by a red asterisk (*). : It represents a button. : It represents one or more notes.

  • Page 11: Detailed Description Of List

    UTT Technologies About This Manual Click to revert to the last saved settings. Click to delete the selected entry(s). Click to display the latest information on the page. Click to clear all the statistics on the page. Click to go back to the previous page.
  • Page 12 UTT Technologies About This Manual Element Description Current page number/ total pages, the example means that the current page is the first page, and total one page. Click to jump to the first page. Click to jump to the previous page.

  • Page 13: Factory Default Settings

    Table 0-3 Factory Default Settings Document Organization This guide mainly describes the settings and applications of the HiPER 518W Wireless Router, which include product overview, hardware installation, quick setup, start menu, network, wireless, advanced, user management, firewall, VPN, System, status and support.

  • Page 14: Chapter 1

    UTT Technologies About This Manual Chapter 1 Product Overview This chapter describes functions and features of the Wireless Router. Chapter 2 Hardware Installation This chapter describes how to install the Wireless Router. Chapter 3 Quick Setup This chapter describes the following contents: ...
  • Page 15 UTT Technologies About This Manual This chapter describes how to configure the wireless features of the Wireless Router, including:  Basic Wireless Settings: How to configure basic wireless settings.  Wireless Security Settings: How to configure wireless security settings. ...

  • Page 16: Chapter 1

    UTT Technologies About This Manual  QQ Whitelist: How to configure and view QQ whitelist.  MSN Whitelist: How to configure and view MSN whitelist.  Notification: How to configure notification.  Application Audit: How to view application audic. ...

  • Page 17: Contact Information

    Chapter 15 Support This chapter describes how to link to the UTTCare, Forum, Knowledge and Reservation page of the UTT website, which can help you quickly learn the UTT Technologies service system and enjoy the most intimate and professional services.

  • Page 18: Chapter 1 Product Overview

    3G and 802.11 wireless networks. In addition, it adheres to the characteristics of UTT Technologies products: open, easy-to-use, safe, smooth, and so on. The HiPER 518W has three models: HiPER 518W Plus, HiPER 518W VPN, HiPER 518W Lite. This manual is base on HiPER 518W Plus.

  • Page 19: Key Features

    UTT Technologies Chapter 1 Product Overview Key Features  Supports multiple Internet connection types: 3G, PPPoE, Static IP, DHCP and Wi-Fi  Provides two wired WAN interfaces (WAN1 and WAN2), two wireless WAN interfaces (3G and APClient), and three 10M/100M LAN ports ...

  • Page 20: Physical Specification

    Height: 0m to 4000m Detailed Specifications Table The HiPER 518W has three models: HiPER 518W Plus, HiPER 518W VPN, HiPER 518W Lite. The features and specifications of each model are different. The following table lists detailed specifications for each model.
  • Page 21 UTT Technologies Chapter 1 Product Overview 2.4GHz 5GHz PPTP VPN IPSecVPN Load Balance DDNS(No-IP; Dyndns) Domain Block/ Notification Authenticatoin/Billin PPPoE Server/Billing DHCP Server Wireless Standard IEEE 802.11 b/g/n IEEE 802.11 b/g/n IEEE 802.11 b/g/n Wireless Security WEP/WPA-PSK/TKI WEP/WPA-PSK/T WEP/WPA-PSK/TKI KIP/...

  • Page 22: Chapter 2 Hardware Installation

    UTT Technologies Chapter 2 Hardware Installation Chapter 2 Hardware Installation Physical Characteristics 2.1.1 Front Panel As shown in Figure 2-1, the LEDs are located on the front panel of the Wireless Router. The LEDs indicate the status of the system and each port. Table 2-1 describes these LEDs.

  • Page 23: Rear Panel

    UTT Technologies Chapter 2 Hardware Installation The wireless function is disabled. A valid link is established on the corresponding port. WAN1/ WAN1/WAN2 Blinking The corresponding port is sending or receiving data. WAN2 Port Status LED No link is established on the corresponding port.

  • Page 24: Installation Procedure

    UTT Technologies Chapter 2 Hardware Installation restart with factory default settings. Note This operation will clear all the custom settings on the Wireless Router. If you remember the administrator account, it is strongly recommended that you go to Administration > Configuration page to backup the current configuration firstly, and then reset the Wireless Router to factory default settings.
  • Page 25 UTT Technologies Chapter 2 Hardware Installation Note Please ensure that the desktop or shelf is stable and the power outlet is grounded properly, and do not place heavy objects on the Wireless Router. 2. Attach the Antennas When shipped, the two antennas are not connected to the Wireless Router. To attach the antennas to the Wireless Router, follow these steps: Remove one antenna from the box.
  • Page 26 UTT Technologies Chapter 2 Hardware Installation To prevent the Wireless Router from working abnormally or being damaged, please make sure that the power supply and connectivity are normal, and the power outlet is grounded properly before powering on the Wireless Router.

  • Page 27: Chapter 3 Quick Setup

    UTT Technologies Chapter 3 Quick Setup Chapter 3 Quick Setup This chapter describes how to properly configure TCP/IP settings on your computer, how to login to the Wireless Router, and how to configure the basic parameters to quickly connect the Wireless Router to the Internet via the Start > Setup Wizard. In addition, it also briefly describes the layout and style of the Wireless Router’s Web UI.
  • Page 28 UTT Technologies Chapter 3 Quick Setup  If the displayed page is similar to the screenshot below, the connection between your computer and the Wireless Router hasn't been established yet. If the connection hasn't been established, please take the following steps to resolve the...

  • Page 29: Logging In To The Wireless Router

    UTT Technologies Chapter 3 Quick Setup Logging in to the Wireless Router This section describes how to login to the Wireless Router. No matter what operating system is installed on your computer, such as, MS Windows, Macintosh, UNIX, or Linux, and so on, you can login to and configure the Wireless Router through the Web browser (for example, Internet Explorer).

  • Page 30: Chapter 3

    Short Icons: They are used for fast link to the corresponding pages on the website of UTT Technologies Co., Ltd. ● Product: Click to link to the products page of the UTT website to find more products. ● Forum: Click to link to the forum homepage of the UTT website to participate in product discussions.

  • Page 31: Setup Wizard

    UTT Technologies Chapter 3 Quick Setup Setup Wizard This section describes the Start > Setup Wizard page. 3.3.1 Running the Setup Wizard As mentioned earlier, the first page of the Setup Wizard appears immediately after your first login, see the following figure.

  • Page 32: Setup Wizard - Internet Access Mode

    UTT Technologies Chapter 3 Quick Setup Figure 3-5 Welcome Page 3.3.2 Setup Wizard - Internet Access Mode In this page, you can choose one or more Internet connections that you want to configure via the Setup Wizard, see Figure 3-6.

  • Page 33: Setup Wizard - Internet Connection Settings

    UTT Technologies Chapter 3 Quick Setup via the Setup Wizard, select this check box. 3G Client: If you want to configure a 3G Internet connection via the Setup Wizard, select this check box. Here the Wireless Router acts as a 3G client.
  • Page 34 The WAN IP address and default gateway IP address must be on the same subnet. If not, please modify the Subnet Mask to make them be on the same subnet. If you don’t have the subnet related knowledge, please ask a professional or UTT customer engineer for help.
  • Page 35 UTT Technologies Chapter 3 Quick Setup Figure 3-8 Setup Wizard - WAN1/WAN2 Settings (DHCP) Connection Type: It specifies the type of the Internet connection. Here please select DHCP. The Wireless Router will automatically obtain the WAN IP address, subnet mask and gateway and DNS server addresses from your ISP’s DHCP server.
  • Page 36 UTT Technologies Chapter 3 Quick Setup Cancel: Click to revert to the last saved settings. Exit: Click to exit the Setup Wizard and go to the Welcome page (see Figure 3-5). The changes made in the Setup Wizard will be discarded.
  • Page 37 UTT Technologies Chapter 3 Quick Setup User Name: It specifies the user name used for PPP authentication. Password: It specifies the password used for PPP authentication. Back: Click to go back to the previous page of the Setup Wizard. Cancel: Click to revert to the last saved settings.
  • Page 38 UTT Technologies Chapter 3 Quick Setup Here please select None. Back: Click to go back to the previous page of the Setup Wizard. Cancel: Click to revert to the last saved settings. Exit: Click to exit the Setup Wizard and go to the Welcome page (see Figure 3-5).
  • Page 39 UTT Technologies Chapter 3 Quick Setup authenticate and attempt to associate with the remote AP. However, even if the Wireless Router can complete authentication and associate with the remote AP, the Wireless Router cannot send or receive data from the remote AP unless it has the correct WEP key.
  • Page 40 UTT Technologies Chapter 3 Quick Setup 3.3.3.3.3 APClient Connection Settings - WPA-PSK/WAP2-PSK Figure 3-13 Setup Wizard - APClient Connection Settings (WPA-PSK/WAP2-PSK) AP SSID: It specifies the SSID of the remote AP. It must be between 1 and 32 characters long, and it is case sensitive.

  • Page 41: Setup Wizard - Wireless Settings

    UTT Technologies Chapter 3 Quick Setup Skip: Click to go directly to the next page of the Setup Wizard. The changes made on the current page will be discarded. Next: Click to go to the next page of the Setup Wizard.
  • Page 42 UTT Technologies Chapter 3 Quick Setup Channel Width: It specifies the range of frequecies used by your wireless network. The options are 20/40M and 20M. Note that this parameter can only act on 802.11n wireless clients. 802.11b and 802.11g wireless clients can only use 20MHz channel.

  • Page 43: Chapter 4 Start Menu

    UTT Technologies Chapter 4 Start Menu Chapter 4 Start Menu The Start menu item is the first one under the top-level menu. It provides links to several commonly used pages including Setup Wizard, System Status, Interface Traffic and Restart, where you can quickly configure the basic parameters for the Wireless Router to operate properly, view system status, view interface traffic statistics, and restart the Wireless Router.

  • Page 44: Wireless Status

    UTT Technologies Chapter 4 Start Menu Figure 4-1 System Status - Wired Status WAN1: It displays the current status and basic configuration of the WAN1 Internet connection, which include connection type, status, IP address, subnet mask, MAC address, default gateway and DNS server addresses, and up time.
  • Page 45 UTT Technologies Chapter 4 Start Menu 3G, APClient and Wireless LAN. Figure 4-2 System Status - Wireless Status 3G: It displays the current status and basic configuration of the 3G Internet connection, which include connection type, status, IP address, subnet mask, MAC address, default gateway and DNS server addresses, and up time.

  • Page 46: Interface Traffic

    UTT Technologies Chapter 4 Start Menu The Wired Status page and Wireless Status page only display the status information of the interfaces that have been configured. Interface Traffic This section describes the Start > Interface Traffic page. This page provides the real-time traffic chart for each interface that has been configured, which displays the real-time Rx/Tx rate, average Rx/Tx rate, maximum Rx/Tx rate and total Rx/Tx traffic of each interface.
  • Page 47 UTT Technologies Chapter 4 Start Menu Display: It allows you to change the type of chart displayed. The options are Line and Solid. ● Line: Select this option to display a line chart. The chart includes two lines with different colors, which represent the real-time Rx rate and Tx rate resectively.

  • Page 48: Restart

    UTT Technologies Chapter 4 Start Menu Clear: Click to clear all traffic statistics. Refresh: Click to view the latest traffic statistics. Back: Click to go back to the Start > Interface Traffic page. Note This page only displays the traffic statistics for the interfaces that have been configured.

  • Page 49: Chapter 5 Network

    UTT Technologies Chapter 5 Network Chapter 5 Network This chapter describes how to configure the basic network parameters of the Wireless Router, which include WAN settings, load balancing, LAN settings, DHCP server, DDNS, and UPnP. WAN Settings This section describes the Network > WAN page.

  • Page 50: Parameter Definitions

    UTT Technologies Chapter 5 Network Figure 5-2 Internet Connection List (Continue) 5.1.1.1 Parameter Definitions Interface: It displays the name of the WAN interface. The Wireless Router has four WAN interfaces: WAN1, WAN2, 3G, and APClient. Therein, WAN1 and WAN2 are wired interfaces, and 3G and APClient are wireless interfaces.
  • Page 51 UTT Technologies Chapter 5 Network The connection is disconnected due to that the interface is disabled or Disconnected not connected, etc. The connection is established between the Wireless Router and peer Connected device. Table 5-2 Description of Static IP Connection Status DHCP Connection Status For the DHCP connection, there are two kinds of status, see Table 5-3.
  • Page 52 UTT Technologies Chapter 5 Network Rx Rate: It displays the average download speed (in kilobytes per second) of the Internet connection during the time interval between two refresh operations. Tx Rate: It displays the average upload speed (in kilobytes per second) of the Internet connection during the time interval between two refresh operations.

  • Page 53: Internet Connection Settings

    UTT Technologies Chapter 5 Network Figure 5-3 Internet Connection List - PPPoE/3G Connection 5.1.1.4 How to Renew and Release a DHCP Connection If you click the Interface hyperlink or icon of a DHCP connection, the Renew button and Release button will appear below the list, see Figure 5-4.
  • Page 54 UTT Technologies Chapter 5 Network Figure 5-5 Network - WAN Settings Note It allows you to choose the ISP Policy (i.e., route policy database) for each Internet connection. The system will automatically create the associated static routes according to your selection. Thus all traffic destined for one ISP’s servers will be forwarded through this ISP’s connection.
  • Page 55 UTT Technologies Chapter 5 Network 5.1.2.1.1 Static IP Internet Connection Settings Figure 5-6 Static IP Internet Connection Interface: It specifies the name of the WAN interface. Here please select WAN1, WAN2 or APClient. Connection Type: It specifies the type of the Internet connection. Here please select Static IP.
  • Page 56 UTT Technologies Chapter 5 Network Advanced Options: Click it to view and configure advanced parameters. In most cases, you need not configure them. Mode: It specifies the mode of the device, including Pure Route Mode and NAT Mode. It is NAT Mode by default.
  • Page 57 UTT Technologies Chapter 5 Network ISP Policy and Update Policy: Refer to Section 5.1.2.1.1 Static IP Internet Connection Settings for detailed information. Advanced Options: Click it to view and configure advanced parameters. In most cases, you need not configure them.
  • Page 58 UTT Technologies Chapter 5 Network Figure 5-8 PPPoE Internet Connection Settings Interface: It specifies the name of the WAN interface. Here please select WAN1, WAN2 or APClient. Connection Type: It specifies the type of the Internet connection. Here please select PPPoE.
  • Page 59 UTT Technologies Chapter 5 Network Mode. It is NAT Mode by default. ● Pure Route Mode: The device just has the routing function. It doesn’t translate the interal IP address to the external IP address. ● NAT Mode: The device enables NAT function.
  • Page 60 UTT Technologies Chapter 5 Network Interface: It specifies the name of the WAN interface. Here please select 3G. ISP Policy and Update Policy: Refer to Section 5.1.2.1.1 Static IP Internet Connection for detailed information. 3G USB Modem, ISP, Authentication Method, PIN Code, APN, Dial Number, User Name, and Password: Refer to Section 3.3.3.2 3G Internet Connection...

  • Page 61: Load Balancing

    UTT Technologies Chapter 5 Network Load Balancing This section describes the Network > Load Balancing page. In this page, you can configure load balancing global parameters, the connection detection parameters (including detection target IP, detection interval, retry times, etc.) for each Internet connection, and view the status and configuration of them.
  • Page 62 UTT Technologies Chapter 5 Network detection packets but not received any response packet during a detection period, it will consider that the connection is faulty. For a faulty Internet connection, the detection mechanism is as follows: Similarly, the Wireless Router also periodically sends a detection packet at the specified time interval to the target IP address.

  • Page 63: Load Balancing Global Settings

    UTT Technologies Chapter 5 Network primary connections, and others are used as backup connections. The working principle is as follows: As long as one or more primary connections are normal, the LAN users will use the primary connection(s) to access the Internet.

  • Page 64: Load Balancing List

    UTT Technologies Chapter 5 Network 5.2.2.2 Global Settings - Partial Load Balancing Figure 5-11 Global Settings - Partial Load Balancing Mode: It specifies the mode of load balancing. Here please select Partial Load Balancing. Primary: It specifies the primary connection group. An Internet connection in the Primary list box is a primary connection.

  • Page 65: Connection Detection Settings

    UTT Technologies Chapter 5 Network Figure 5-12 Load Balancing List Figure 5-13 Load Balancing List (Continue) Edit an Internet Connection: To configure or modify the detection related parameters of an Internet connection, click its Interface hyperlink or icon, the related information will be displayed in the Connection Detection Settings page.

  • Page 66: Identity Binding

    UTT Technologies Chapter 5 Network Interface: It indicates the name of the WAN interface. It is non-editable. Detection Interval: It specifies the time interval at which the Wireless Router periodically sends detection packets, one packet at a time. It must be between 1 and 60 seconds, or 0.

  • Page 67: How To Configure Connection Detection Settings

    UTT Technologies Chapter 5 Network Figure 5-15 Enable Identity binding Enable Identity Binding: It allows you to enable or disable Identity binding. If you want to enable Identity binding feature for some applications such as online banking, QQ, etc., please select this check box.

  • Page 68: Lan Settings

    UTT Technologies Chapter 5 Network LAN Settings This section describes the Network > LAN page, where you can configure the IP address, subnet mask and MAC address of the Wireless Router’s LAN interface. Figure 5-16 LAN Interface Settings IP Address: It specifies the IP address of the LAN interface.
  • Page 69 UTT Technologies Chapter 5 Network IP Address 3: It specifies the third IP address of the LAN interface. Subnet Mask 3: It specifies the third subnet mask that defines the range of the secondary subnet. IP Address 4: It specifies the fourth IP address of the LAN interface.

  • Page 70: Dhcp Server

    UTT Technologies Chapter 5 Network DHCP Server This section describes the Network > DHCP Server page, which includes DHCP server settings, static DHCP and DHCP client list. 5.4.1 DHCP Server Settings Figure 5-17 DHCP Server Settings Enable DHCP Server: It allows you to enable or disable DHCP server. If you want to enable DHCP server on the Wireless Router, please select this check box.
  • Page 71 UTT Technologies Chapter 5 Network most cases, this address must be on the same subnet as the Wireless Router’s LAN IP address. Subnet Mask: It specifies the subnet mask of the IP addresses assigned by the DHCP server. In most cases, this subnet mask must be identical to the Wireless Router’s LAN subnet mask.

  • Page 72: Static Dhcp

    UTT Technologies Chapter 5 Network DNS proxy server on which a DNS proxy software is installed (e.g., Wingate), and the local computers use this server as the primary DNS server. Now, the Wireless Router will be used as a new gateway for the local computers. In this case, in order to use DNS proxy service normally, the administrator only need to change the Wireless Router’s LAN IP address to the old proxy DNS server’s IP address, and enable DNS...
  • Page 73 UTT Technologies Chapter 5 Network Note The reserved IP address must be a valid IP address within the range of IP addresses assigned by the DHCP server. After you have added the static DHCP entry successfully, the Wireless Router will always assign the reserved IP address to the specified computer.

  • Page 74: Dhcp Auto Binding

    UTT Technologies Chapter 5 Network 5.4.2.3 How to Add Static DHCP Entries To add one or more static DHCP entries, follow these steps: Step 1 Go to the Network > DHCP Server > Static DHCP page. Step 2 Click the Add button to go to the Static DHCP Settings page, and then specify the User Name, IP Address and MAC Address, lastly click the Save button.

  • Page 75: Dhcp Client List

    UTT Technologies Chapter 5 Network binding operation. Enable DHCP Auto Deleting: It allows you to enable or disable DHCP auto deleting. If you select this check box to enable DHCP auto deleting, the Device will automatically delete a DHCP auto binding entry if the corresponding host releases the IP address initiatively or its lease expires.

  • Page 76: Configuration Example For Dhcp

    UTT Technologies Chapter 5 Network 5.4.5 Configuration Example for DHCP 1. Requirements In this example, the Wireless Router acts as a DHCP server to dynamically assign the IP addresses to the clients that reside on the same subnet. The Wireless Router’s LAN IP address is 192.168.1.1/24.
  • Page 77 UTT Technologies Chapter 5 Network Figure 5-22 DHCP Server Settings - Example Step 3 Go to the Network > DHCP Server > Static DHCP page. Step 4 Add the static DHCP entry 1: Click the Add button to go to the Static DHCP Settings page (see Figure 5-23), enter Server1 in the User Name text box, 192.168.1.15 in the IP Address text box, and 0021859B4546 in the MAC...
  • Page 78 UTT Technologies Chapter 5 Network 192.168.1.16 in the IP Address text box, and 001f3c0f07f4 in the MAC Address text box, and then click the Save button. Figure 5-24 Adding the Static DHCP Entry 2 - Example Now you have configured the two static DHCP entries. You can view them in the Static...

  • Page 79: Ddns

    UTT Technologies Co., Ltd. currently provide free DDNS services, but they may charge for the DDNS services in the future. In this case, UTT Technologies Co., Ltd. will notify you as soon as possible; if you refuse to pay for the services, you will no longer be able to use them.

  • Page 80: Ddns Settings

    UTT Technologies Chapter 5 Network Figure 5-26 Apply for a DDNS Account from no-ip.com User Name: It specifies the user name of No-IP DDNS account. Email Address: It is used to confirm the No-IP DDNS account. Password: It specifies the password of No-IP DDNS account.
  • Page 81 UTT Technologies Chapter 5 Network Figure 5-27 Disabling DDNS Service Service Provider: It specifies the DDNS service provider who offers services to the Router. Here please select None to disable DDNS service. Save: Click to save your changes. Cancel: Click to revert to the last saved settings.
  • Page 82 UTT Technologies Chapter 5 Network Save: Click to save your changes. Cancel: Click to revert to the last saved settings. 5.5.3.3 DDNS Service Offered by dyndns.com Figure 5-29 DDNS Settings Related to dyndns.com Service Provider: It specifies the DDNS service provider who offers services to the Router.

  • Page 83: Ddns Status

    UTT Technologies Chapter 5 Network 5.5.4 DDNS Status Figure 5-30 DDNS Status Update Status: Click to update DDNS status. 5.5.5 DDNS Verification To verify whether DDNS is updated successfully, you can use the ping command at the command prompt on the PC, for example: ping uttglobal.no-ip.biz If the displayed page is similar to the screenshot below: the domain name is resolved to an IP address successfully (116.236.120.162 in this example), DDNS is updated...

  • Page 84: Upnp

    UTT Technologies Chapter 5 Network UPnP This section describes the Network > UPnP page. The Universal Plug and Play (UPnP) is architecture that implements zero configuration networking, that is, it provides automatic IP configuration and dynamic discovery of the UPnP compatible devices from various vendors. A UPnP compatible device can dynamically join a network and work properly.

  • Page 85: Number Of Wan

    Refresh: Click to view the latest information in the list. 5.7 Number of WAN HiPER 518W has two WAN ports by default. We can configure the number of WAN ports by clicking on the drop-down list as Figure 5-33 Number of WAN.

  • Page 86: Chapter 6 Wireless

    UTT Technologies Chapter 6 Wireless Chapter 6 Wireless This chapter describes how to configure and use the wireless features of the Wireless Router, which include: basic wireless settings, wireless security settings, wireless MAC address filtering, and advanced wireless settings; and how to view the status of the wireless clients.
  • Page 87 UTT Technologies Chapter 6 Wireless Figure 6-1 Basic Wireless Settings - AP Mode Enable Wireless: It allows you to enable or disable wireless function. If you select the check box to enable wireless function, wireless clients can connect to the Wireless Router to access the Internet, commnuicate with each other via the Wireless Router, and access the wired network connected to the Wireless Router.

  • Page 88: Apclient Mode

    UTT Technologies Chapter 6 Wireless Wireless Router automatically select the best channel. If there are multiple wireless routers in your area, please make sure that their channels don’t interfere with each other. Channel Width: It specifies the range of frequecies used by your wireless network.
  • Page 89 UTT Technologies Chapter 6 Wireless Figure 6-2 Basic Wireless Settings - APClient Mode Operation Mode: Here please select APClient Mode. Enable Wireless, SSID, Wireless Mode, Channel, Channel Width, and Enable SSID Broadcast: Refer to Section 6.1.1 AP Mode for detailed information.

  • Page 90: Wds

    UTT Technologies Chapter 6 Wireless 6.1.3 WDS A Wireless Distribution System (WDS) is a method of interconnecting access points (AP) in a wireless local area network (WLAN) without requiring that they connect through a wired backbone. This feature is usually used to extend the range of the wireless network to reach remote clients.
  • Page 91 UTT Technologies Chapter 6 Wireless Figure 6-3 Basic Wireless Settings - Repeater Mode Operation Mode: Here please select Repeater Mode. Enable Wireless, SSID, Wireless Mode, Channel, Channel Width, and Enable SSID Broadcast: Refer to Section 6.1.1 AP Mode for detailed information.
  • Page 92 UTT Technologies Chapter 6 Wireless Save: Click to save your changes. Cancel: Click to revert to the last saved settings. Figure 6-4 Security Settings - WEP Mode Security Mode: It specifies the security mode to be used by the Wireless Router.
  • Page 93 UTT Technologies Chapter 6 Wireless match in a similar fashion. However, the two devices can have different Default Tx Keys as long as the keys are in the same order. For example, the Wireless Router can use WEP Key 1 as its Default Tx Key, while the remote wireless device can use WEP Key 3 as its Default Tx Key.

  • Page 94: Bridge Mode

    UTT Technologies Chapter 6 Wireless Pre-shared Key: This key serves as seed for generating encryption keys. It must be identical to the remote wireless network device’s. It must be between 8 and 63 characters long. 6.1.3.2 Bridge Mode If you want the Wireless Router to operate in bridge mode, please select Bridge Mode from the Opeartion Mode drop-down list, see Figure 6-8.

  • Page 95: Configuration Example For Wds

    UTT Technologies Chapter 6 Wireless 6.1.3.3 Lazy Mode If you want the Wireless Router to operate in lazy mode, please select Lazy Mode from the Opeartion Mode drop-down list, see Figure 6-9. In this mode, the Wireless Router can connect to other wireless network devices in bridge mode or repearter mode; and at the same time it can provide connectivity for wilreless clients.
  • Page 96 UTT Technologies Chapter 6 Wireless each other wirelessly. Figure 6-10 Configuration Example for WDS - Network Topology 2. Configuration and Verification To connect the Wireless Router A to the Wireless Router B properly, the Wireless Router B’s operation mode may be Lazy Mode or Repeater Mode (here we take Lazy Mode for example), its SSID, security mode and pre-shared key must be the same as those of the Wireless Router A.
  • Page 97 UTT Technologies Chapter 6 Wireless Figure 6-11 Configuration Example for WDS - Configuring the Wireless Router A 2) Configuring the Wireless Router B The following figure shows the detailed settings on the Wireless Router B. http://www.uttglobal.com Page 89...
  • Page 98 UTT Technologies Chapter 6 Wireless Figure 6-12 Configuration Example for WDS - Configuring the Wireless Router B 3) Verifying Connectivity between the Two Routers To verify connectivity between the two Routers, you can use the ping command at the command prompt on the Wireless Router B: Ping 192.168.1.1 If the displayed page is similar to the screenshot below, the connection between the two Routers has been established.

  • Page 99: Wireless Security Settings

    UTT Technologies Chapter 6 Wireless Wireless Security Settings This section describes the Wireless > Security page. The Wireless Router provides four security mode options including None, WEP, WPA/WPA2, and WPA-PSK/WPA2-PSK. If you want an open network without wireless security, keep the default value of None.
  • Page 100 UTT Technologies Chapter 6 Wireless Figure 6-15 Wireless Security Settings - WEP Security Mode: It specifies the security mode that you want to use on your wireless network. Here please select WEP. WEP is the basic encryption mode which is not as secure as WPA.

  • Page 101: Wireless Security Settings - Wpa/Wpa2

    UTT Technologies Chapter 6 Wireless 6.2.3 Wireless Security Settings - WPA/WPA2 Figure 6-16 Wireless Security Settings - WPA/WPA2 Security Mode: It specifies the security mode that you want to use on your wireless network. Here please select WPA/WPA2 to use WPA mode, WPA2 mode or both. In WPA or WPA2 mode, the Wireless Router uses an external RADIUS server to authenticate wireless clients.

  • Page 102: Wireless Security Settings - Wpa-Psk/Wpa2-Psk

    UTT Technologies Chapter 6 Wireless Key Renewal Interval: It specifies how often the WPA group key changes. The valid range is 60-86400 or 0, and the default value is 3600 seconds. Enter 0 to disable automatic renewal. Save: Click to save your changes.
  • Page 103 UTT Technologies Chapter 6 Wireless wireless clients also need to be configurd with the same pre-shared key. It must be between 8 and 63 characters long. Key Renewal Interval: It specifies how often the WPA group key changes. The valid range is 60-86400 or 0, and the default value is 3600 seconds.

  • Page 104: Wireless Mac Address Filtering

    UTT Technologies Chapter 6 Wireless Wireless MAC Address Filtering This section describes the Wireless > MAC Filtering page. The MAC address filtering is used to filter the wireless clients based on their MAC addresses. With this feature, you can either allow or block specific wireless clients to connect to the Wireless Router.

  • Page 105: Mac Address Filtering List

    UTT Technologies Chapter 6 Wireless 6.3.2 MAC Address Filtering List Figure 6-19 MAC Address Filtering List Add a MAC Address Filtering Entry: To add a new MAC address filtering entry, first click the Add button to go to the MAC Address Filtering Settings page, next configure it, lastly click the Save button.

  • Page 106: How To Configure Mac Address Filtering

    UTT Technologies Chapter 6 Wireless MAC Address: It specifies the MAC address of the wireless client that you want to allow or block. Save: Click to save your changes. Back: Click to go back to the Wireless > MAC Filtering page.
  • Page 107 UTT Technologies Chapter 6 Wireless 2. Configuration Steps Step 1 Go to the Wireless > MAC Filtering page. Step 2 Click the Add button to go to MAC Address Filtering Settings page (see Figure 6-21), enter 00b08c0517ed in the MAC Address text box, and then click the Save button.

  • Page 108: Advanced Wireless Settings

    UTT Technologies Chapter 6 Wireless Advanced Wireless Settings This section describes the Wireless > Advanced Wireless Settings page. In this page, you can configure advanced wireless settings for your wireless connection. We suggest that you don’t adjust these settings unless you are an expert user. Incorrect settings will reduce the performance of your wireless network.
  • Page 109 UTT Technologies Chapter 6 Wireless Indication Message The DTIM notifies wireless clients in power-save mode (DTIM). that a packet is waiting for them. The DTIM interval is a multiple of the Beacon Interval. For example, if it is set to 4, a DTIM message will be sent with every fourth beacon.

  • Page 110: Wireless Client List

    UTT Technologies Chapter 6 Wireless Wireless Client List This section describes the Wireless > Client List page. In the Wireless Client List, you can view the status of all wireless clients which are connected to the Wireless Router. In addition, you can also easily configure MAC address filtering entries via the list.

  • Page 111: Chapter 7 Advanced

    UTT Technologies Chapter 7 Advanced Chapter 7 Advanced This chapter describes how to configure and use the advanced features of the Router, which include NAT and DMZ, static route, policy routing, anti-netsniper, plug and play, syslog and SNMP. NAT and DMZ This section describes the Advanced >...
  • Page 112 UTT Technologies Chapter 7 Advanced internal IP addresses to the outside world. 7.1.1.3 NAT Types The Router provides two types of NAT: One2One and EasyIP. ● One2One (One to One): It indicates static network address translation. It is always referred to as Basic NAT, which provides a one to one mapping between an internal and an external IP address.

  • Page 113: Port Forwarding

    UTT Technologies Chapter 7 Advanced For example, if you want to allow the local SMTP server (IP address: 192.168.1.88) to be available to the outside users, you can create a port forwarding entry: external IP address is WAN1 IP address (200.200.201.88 in this example), external port is 2100, internal IP address is 192.168.1.88, and internal port is 25.
  • Page 114 UTT Technologies Chapter 7 Advanced Add a Port Forwarding Entry: To add a new port forwarding entry, first click the Add button to go to the Port Forwarding Settings page, next configure it, lastly click the Save button. View Port Forwarding Entry(s): When you have configured one or more port forwarding entries, you can view them in the Port Forwarding List.
  • Page 115 UTT Technologies Chapter 7 Advanced Name: It specifies a unique name of the port forwarding entry. Enable: It allows you to enable or disable the port forwarding entry. The default value is checked, which means the port forwarding entry is in effect. If you want to disable the entry temporarily instead of deleting it, please clear the check box.
  • Page 116 UTT Technologies Chapter 7 Advanced Step 6 Select an interface from the Bind to drop-down list as required. The port forwarding entry will use the selected interface’s IP address as its external IP address. Step 7 Click the Save button to save the settings. You can view the port forwarding entry in the Port Forwarding List.

  • Page 117: Nat Rule

    UTT Technologies Chapter 7 Advanced 7.1.3 NAT Rule 7.1.3.1 NAT Rule List Figure 7-4 NAT Rule List Add a NAT Rule: To add a new NAT rule, first click the Add button to go to the NAT Rule Settings page, next configure it, lastly click the Save button.
  • Page 118 UTT Technologies Chapter 7 Advanced 7.1.3.2.1 NAT Rule Settings - EasyIP Figure 7-5 NAT Rule Settings - EasyIP Name: It specifies a unique name of the NAT rule. NAT Type: It specifies the type of the NAT rule. The available options are EasyIP and One2One.
  • Page 119 UTT Technologies Chapter 7 Advanced 7.1.3.2.2 NAT Rule Settings - One2One Figure 7-6 NAT Rule Settings - One2One Name: It specifies a unique name of the NAT rule. NAT Type: It specifies the type of the NAT rule. The available options are EasyIP and One2One.
  • Page 120 UTT Technologies Chapter 7 Advanced 7.1.3.3 How to Add NAT Rules To add one or more NAT rules, follow these steps: Step 1 Please identify the type of the NAT rule that you want to add. Step 2 Go to the Advanced > NAT > NAT Rule page, and click the Add button to go to the NAT Rule Settings page.
  • Page 121 UTT Technologies Chapter 7 Advanced achieve this purpose, he should create an EasyIP NAT rule for them. The rule’s External IP is 218.1.21.3, Start Internal IP is 192.168.1.10, End Internal IP is 192.168.1.100, and Bind to be WAN1. 2. Configuration Steps...
  • Page 122 UTT Technologies Chapter 7 Advanced 7.1.3.4.2 An Example for Configuring a One2One NAT Rule 1. Requirements In this example, a business has a single static IP Internet connection, and obtains eight public IP addresses (202.1.1.128/29 - 202.1.1.1.135/29) from the ISP. Therein, 202.1.1.129/29 is used as the Internet connection’s gateway IP address, 202.1.1.130/2 is...

  • Page 123: Dmz

    UTT Technologies Chapter 7 Advanced Figure 7-8 One2One NAT Rule Settings - Example Step 3 Select One2One from the NAT Type drop-down list. Step 4 Enter 202.1.1.131 in the Start External IP text box; enter 192.168.1.200 and 192.168.1.203 in the Start Internal IP and End Internal IP text boxes respectively.

  • Page 124: Static Route

    UTT Technologies Chapter 7 Advanced Note When a local computer is designated as the DMZ host, it loses firewall protection provided by the Router. The DMZ host can be accessed through all the WAN interfaces. Static Route This section describes the Advanced > Static Route page, where you can configure and view static routes.

  • Page 125: Static Route Settings

    UTT Technologies Chapter 7 Advanced Add a Static Route: To add a new static route, first click the Add button to go to the setup page, next configure it, lastly click the Save button. View Static Route(s): When you have configured one or more static routes, you can view them in the Static Route List.

  • Page 126: How To Add Static Routes

    UTT Technologies Chapter 7 Advanced Gateway IP Address: It specifies the IP address of the next hop gateway or router to which to forward the packets. Priority: It specifies the priority of the static route. If there are multiple routes to the same destination with different priorities, the Router will choose the route with the highest priority to forward the packets.

  • Page 127: Policy Routing

    UTT Technologies Chapter 7 Advanced Figure 7-12 Static Route Settings - Example Step 6 Click the Save button to save the settings. You can view the static route in the Static Route List. Step 7 To add another new static route, please repeat the above steps.

  • Page 128: Policy Routing Settings

    UTT Technologies Chapter 7 Advanced 7.3.1 Policy Routing Settings Figure 7-13 Policy Routing Settings Interface: It specifies an outbound interface through which the packets matching the Policy Routing entry are forwarded. Source IP: It specifies the source IP addresses of the packets to which the Policy Routing entry applies.
  • Page 129 UTT Technologies Chapter 7 Advanced ● IP Range: Select it to enter the start and end IP addresses in the associated text boxes. ● User Group: Select it to choose an User Group from the associated drop-down list. By default, the User Group radio button is selected, and its value is All Users.

  • Page 130: Enable Policy Routing

    UTT Technologies Chapter 7 Advanced 7.3.2 Enable Policy Routing Figure 7-14 Enable Policy Routing Enable Policy Routing: It allows you to enable or disable Policy Routing. If you select the check box to enable Policy Routing, the configured Policy Routing entries will take effect.

  • Page 131: Anti-Netsniper

    Plug and Play This section describes the Advanced > Plug and Play page. 7.5.1 Introduction to Plug and Play Plug and Play is a new feature of UTT series security firewalls. If you enable plug and play http://www.uttglobal.com Page 123...

  • Page 132: Enable Plug And Play

    UTT Technologies Chapter 7 Advanced feature on the Device, the LAN users can access the Internet through the Device without changing any network parameters, no matter what IP address, subnet mask, default gateway and DNS server they might have. Obviously, this feature can greatly facilitate the users.

  • Page 133: Syslog

    UTT Technologies Chapter 7 Advanced Syslog This section describes the Advanced > Syslog page. Syslog is a standard protocol used to capture a lot of running information about network activity. The Device supports this protocol and can send its activity logs to an external syslog server.
  • Page 134 UTT Technologies Chapter 7 Advanced SNMP manager automatically. The Device supports SNMP v1/v2c and Management Information Base II (MIBII) groups. The SNMP manager can read and change the information about the Device . Figure 7-19 SNMP Settings Enable SNMP: It allows you to enable or disable the SNMP agent. If you want to enable the SNMP agent on the Device, please select this check box.

  • Page 135: Chapter 8 User Management

    UTT Technologies Chapter 8 User Management Chapter 8 User Management This chapter describes how to configure and use the user management of the Router, which include User status, IP/MAC binding, PPPoE server, Web authentication and user group. User Status This section describes User Management > User Status page, where you can monitor...

  • Page 136: User Status List

    UTT Technologies Chapter 8 User Management statistics for the current day. To reset the current statistics, click Clear Statistics. Disable Recognition: Click this button to disable Application recognition. If disabled, the Applications Control feature (set in Application Control > Application Control page) will not take effect.

  • Page 137: Ip/Mac Binding

    UTT Technologies Chapter 8 User Management For a user, if the percentage of network traffic made up by accessing shopping sites, social networking sites, using stock software, and playing online/web games is equal to or above 70%, his/her online activities seriously affect work. If the percentage is between 50% and 70% (below 70%), his/her online activities slightly affect work.

  • Page 138: Introduction To Ip/Mac Binding

    UTT Technologies Chapter 8 User Management 8.2.1 Introduction to IP/MAC Binding 8.2.1.1 IP/MAC Binding Overview To achieve network security management, you should perform user identification before performing user authorization. In this section, we describe how to implement user identification. In Section 9.1 Firewall > Access Control , we will describe how to control the Applications of the LAN users in detail.

  • Page 139: Ip/Mac Binding Global Settings

    UTT Technologies Chapter 8 User Management If the sender is a legal user, the packet will be allowed to pass, and then be further processed by other function modules. If the sender is an illegal user, the packet will be dropped immediately to prevent IP spoofing.

  • Page 140: Ip/Mac Binding List

    UTT Technologies Chapter 8 User Management 8.2.3 IP/MAC Binding List Figure 8-5 IP/MAC Binding List Add One or More IP/MAC Bindings: To add one or more IP/MAC bindings, first click the Add button to go to the IP/MAC Binding Settings page shown in Figure 8-5 IP/MAC Binding List, next configure them, lastly click the Save button.

  • Page 141: Ip/Mac Binding Settings

    UTT Technologies Chapter 8 User Management Note When you add the IP/MAC address pair of the computer that you use to administer the Router into the IP/MAC Binding List, please leave the Allow check box checked. Otherwise you cannot access the Router from that computer. If you attempt to clear the check box, you will be prompted that the operation is not permitted, see the following figure.

  • Page 142: How To Add Ip/Mac Bindings

    UTT Technologies Chapter 8 User Management that if a computer’s IP/MAC address pair has been added in the IP/MAC Binding List, this IP/MAC address pair will not be displayed here. Bind: Click to bind all the valid IP and MAC address pairs in the text box.

  • Page 143: Internet Whitelist And Blacklist

    UTT Technologies Chapter 8 User Management Step 3 After you have added some IP/MAC bindings, you can view them in the IP/MAC Binding List. Step 4 If you want to block the undefined local computers from accessing the Router and Internet, please clear the Allow Undefined LAN PCs check box; else, the undefined local computers are allowed to access the Router and Internet.
  • Page 144 UTT Technologies Chapter 8 User Management Step 1 Go to the User Management > IP/MAC Binding page, and click the Add button to go to the IP/MAC Binding Settings page. Step 2 Specify the legal users by creating the IP/MAC bindings: Add these users’ IP and MAC address pairs into the IP/MAC Binding List.

  • Page 145: Pppoe Server

    UTT Technologies Chapter 8 User Management Method Two: Add these users’ IP and MAC address pairs into the IP/MAC Binding List, and clear each IP/MAC binding’s Allow check box respectively. Thus the matched users cannot access the Router and Internet.

  • Page 146: Pppoe Overview

    UTT Technologies Chapter 8 User Management 8.3.1 PPPoE Overview The PPPoE stands for Point-to-Point Protocol over Ethernet, which uses client/server model. The PPPoE provides the ability to connect the Ethernet hosts to a Remote Management Concentrator (AC) over a simple bridging access device. And it provides extensive access control management and accounting benefits to ISPs and network administrators.
  • Page 147 UTT Technologies Chapter 8 User Management and any number of other service names which indicate other services that the PPPoE server can offer. If a PPPoE server receives a PADI packet beyond its service range, it cannot respond with a PADO packet.

  • Page 148: Pppoe Server Global Settings

    UTT Technologies Chapter 8 User Management 8.3.2 PPPoE Server Global Settings Figure 8-13 PPPoE Server Global Settings Enable PPPoE Server: It allows you to enable or disable PPPoE server. If you want to enable PPPoE server on the Router, please select this check box.

  • Page 149: Pppoe Account List

    UTT Technologies Chapter 8 User Management password. PPP Authentication: It specifies the PPP authentication mode by which the PPPoE server authenticates a PPPoE client. The available options are PAP, CHAP and AUTO. In most cases, please leave the default value of AUTO, which means that the Router will automatically choose PAP or CHAP to authenticate the PPPoE client.

  • Page 150: Pppoe Account Settings

    UTT Technologies Chapter 8 User Management To delete a PPPoE account, directly click its icon. To delete more than one PPPoE account at a time, select the leftmost check boxes of the PPPoE accounts that you want to delete, and then click the Delete button.
  • Page 151 UTT Technologies Chapter 8 User Management the current PPPoE account to dial up. ● Auto: If you want to create account/MAC binding for the current PPPoE account automatically, select this option. That is, the Device will automatically bind the PPPoE account to the MAC address of the user who uses this account to establish a PPPoE session firstly.

  • Page 152: Pppoe User Status

    UTT Technologies Chapter 8 User Management 8.3.5 PPPoE User Status You can go to the User Management > PPPoE Server > PPPoE User Status page view the status information of online PPPoE dial-in users in the PPPoE User Status List, which include the user name, assigned IP address, MAC address, Rx rate and Tx rate, and online time.

  • Page 153: Export Pppoe Accounts

    UTT Technologies Chapter 8 User Management Refresh: Click to view the latest information in the list. 8.3.6 Export PPPoE Accounts The PPPoE > PPPoE Account > Export PPPoE Accounts page provides PPPoE accounts export function to simplify operation. Figure 8-17 PPPoE Accounts Export Export Accounts: Click Export Accounts to export all PPPoE accounts.

  • Page 154: Web Authentication

    PPPoE Account List. Web Authentication HiPER 518W provides Web authentication feature. This new feature will enhance network security. If you enable the Web authentication on the Device, those non-PPPoE dial-in users cannot access the Internet through the Device unless they are authenticated successfully through Web browser.

  • Page 155: Web Authentication User Account Settings

    UTT Technologies Chapter 8 User Management Allow Users to Change Password: Select the check box to allow users to change password. Execption IP Group: It specifies an address group that is exempt from the restriction of Web Authentication. If you select an address group here, the LAN users that...

  • Page 156: Web Authentication User Account List

    UTT Technologies Chapter 8 User Management Billing Mode: Select the check box to enable the billing mode. Start Date: It specifies the start date when the web authenticaton account takes effect. End Date: It Specified the end date when the web authentication account expires.

  • Page 157: How To Use Web Authentication

    UTT Technologies Chapter 8 User Management 8.4.4 How to Use Web Authentication If you want to use web authentication for a non-PPPoE dial-in user, do the following: Step 1 Go to the User Management > Web Authentication page, and then select the Web User Account Settings tab to go to setup page.
  • Page 158 UTT Technologies Chapter 8 User Management Figure 8-23 Web Authentication Prompt Page Note Do not close the prompt page; else, the user cannot access the Internet. http://www.uttglobal.com Page 150...

  • Page 159: User Group

    UTT Technologies Chapter 8 User Management User Group This section describes the User Management > User Group page. 8.5.1 Introduction to User Group An User Group can contain up to ten address members. A member may be an address range or User Group. And an User Group may contain address ranges only, or User Groups only, or both.

  • Page 160: User Group Settings

    UTT Technologies Chapter 8 User Management 8.5.2 User Group Settings Figure 8-24 User Group Settings Group Name: It specifies a unique name of the User Group. It should be between 1 and 11 characters long. Group Type: It specifies the type of the group. It has Address Group and Account Group.

  • Page 161: User Group List

    UTT Technologies Chapter 8 User Management group B), then the User Group A cannot be added to any other User Group. 8.5.3 User Group List Figure 8-25 User Group List Add an User Group: If you want to add a new User Group, click the Add button to go to the setup page, and then configure it, lastly click the Save button.

  • Page 162: How To Add The User Groups

    UTT Technologies Chapter 8 User Management 8.5.4 How to Add the User Groups If you want to add one or more User Groups, do the following: Step 1 Go to the User Management > User Group page, and then click the Add button to go to the setup page.
  • Page 163 UTT Technologies Chapter 8 User Management Step 4 Click the Save button to save the changes to make them take effect. http://www.uttglobal.com Page 155...

  • Page 164: Chapter 9 Application Control

    UTT Technologies Chapter 9 Application Control Chapter 9 Application Control This section describes the Application Control page.This chapter describes how to configure Schedule, Application Control, QQ Whitelist, MSN Whitelist, Notification, Application Audit, and Policy Database. Schedule This section describes Application Control > Schedule page, you can configure and view schedules.

  • Page 165: Application Control

    UTT Technologies Chapter 9 Application Control Figure 9-2 Schedule Settings Schedule Name: Specify a unique name for the schedule. Effective Date Range: Specify the effective date range for the schedule. Time Period 1 ~ Time Period 3: Specify further constraints of active time within the specified date range.

  • Page 166: Internet Application Management List

    UTT Technologies Chapter 9 Application Control 9.2.1 Internet Application Management List In Application Control> Application Control page, you can enable or disable Internet Application management, and you can add, view, modify, and delete Internet Application management policies in Application Management List.
  • Page 167 UTT Technologies Chapter 9 Application Control Figure 9-4 Internet Application Management Settings Group Name: Enter a unique name for the group to which the Internet Application management policy applies. Network Object: Select the members of the group. You can select the IP Range button to specify a range of IP addresses, or select the User Group button to select a user group.

  • Page 168: Internet Application Management Configuration Example

    UTT Technologies Chapter 9 Application Control Note If a function option in Internet Application Management Settings page doesn’t have the desired effect, please go to Application Control > Policy Database page to check whether the corresponding policy is the latest. See Section 9.7 Policy Database for more information about how to update...
  • Page 169 UTT Technologies Chapter 9 Application Control to use IM applications, and block all other applications during working hours.  Policy 2: It is used to block the Technology and Financial Departments’ employees from accessing all the Internet applications during working hours.
  • Page 170 UTT Technologies Chapter 9 Application Control Lastly, you need to enable Internet Application management to make the policies take effect, as shown in Figure 9-5. The configuration is now complete. You can veiw the two policies in Application Management List, as shown in Figure 9-5.

  • Page 171: Qq Whitelist

    UTT Technologies Chapter 9 Application Control QQ Whitelist This section describes Application Control > QQ Whitelist page. This feature allows you to add a list of QQ numbers that are exempt from the Internet Application management policies (set in Application Control > Application Control page).

  • Page 172: Msn Whitelist

    UTT Technologies Chapter 9 Application Control one space between QQ Number and Description. Figure 9-8 Import QQ Numbers Note The maximum QQ number that can be entered is 4294967295. MSN Whitelist This section describes Application Control > MSN Whitelist page. This feature allows you to add a list of MSN accounts that are exempt from the Internet Application management policies (set in Application Control >...

  • Page 173: Notification

    UTT Technologies Chapter 9 Application Control Figure 9-9 MSN Whitelist Enable MSN Whitelist: Select the check box to enbale MSN whitelist. If enabled, the MSN accounts in MSN Whitelist are exempt from the Internet Application management policies. Add: To add a new MSN account, click Add to go to MSN Whitelist Settings page, and then configure it, lastly click Save.
  • Page 174 UTT Technologies Chapter 9 Application Control specified user attempts to access a web page, the user will receive a notification message in the Web browser, and if configured, be redirected to the specified web page (set by Redirect to URL) after the specified time interval (set by Redirection Time).

  • Page 175: Account Expiration Notification

    UTT Technologies Chapter 9 Application Control Preview: Click to preview the notification. Save: Click to save daily routine notification settings. 9.5.2 Account Expiration Notification With the account expiration notification feature, a PPPoE user or Web authentication user will receive the expiration notification in the Web browser before the account expires.

  • Page 176: Application Audit

    UTT Technologies Chapter 9 Application Control Note After a PPPoE or web authentication user account expires, the user the user can still dial in and connect to the Device, but cannot access the Internet through the Device; and when the user attempts to access a Web site, the expiration notification appears in the Web browser.

  • Page 177: Log Management

    UTT Technologies Chapter 9 Application Control Note The Device can record the last 400 audit log messages. 9.6.2 Log Management You can go to Application Control > Application Audit > Log Management to specify the types of events to audit, as show in Figure 9-13.

  • Page 178: Policy Database

    UTT Technologies Chapter 9 Application Control Policy Database This section describes Application Control > Policy Database page. In this page, you can not only view the policies in Policy Database List, but also update them online. The Device currently provides eleven types of policies, including: Email, IM, P2P, Stock, Network Video, Online Game, Shopping Site, SNS, Web Game, Forum and Others.

  • Page 179: Chapter 10 Qos

    UTT Technologies Chapter 10 QoS Chapter 10 QoS This chapter describes how to configure QoS features, including Fixed Rate Limiting, Flexible Bandwidth Management, P2P Rate Limiting and Session Limiting. 10.1 Fixed Rate Limiting This section describes QoS > Fixed Rate Limiting page. This feature allows you to limit the maximum upload and download speed for the LAN users.

  • Page 180: Fixed Rate Limiting Rule Settings

    UTT Technologies Chapter 10 QoS 10.1.2 Fixed Rate Limiting Rule Settings To add a new fixed rate limiting rule, go to QoS > Fixed Rate Limiting page (see Figure 10-1), next click Add go to QoS > Fixed Rate Limiting Settings page (see Figure 10-2), and then configure it, lastly click Save.

  • Page 181: Flexible Bandwidth Management

    UTT Technologies Chapter 10 QoS 10.2 Flexible Bandwidth Management This section describes QoS > Flexible Bandwidth page. Note We recommend that you do not use both Fixed Rate Limiting and Flexible Bandwidth Management at the same time. Figure 10-3 Flexible Bandwidth Management Settings Enable Flexible Bandwidth: Select the check box to enable flexible bandwidth management feature.
  • Page 182 UTT Technologies Chapter 10 QoS bandwidth. Figure 10-4 P2P Rate Limit Settings Enable P2P Rate Limiting: It allows you to enable or disable P2P rate limit. If you want to enable P2P rate limit, please select this check box. P2P applications include Bit Spirit, Bit Comet, Thunder, Tuotu, and so on.

  • Page 183: Session Limiting

    UTT Technologies Chapter 10 QoS Note The P2P rate limit has higher priority than the rate limit rules configured in the QoS > FixedRate Limiting Rule page. 2. Only after you have enabled rate limit in the QoS > Global Settings page, the P2P rate limit settings can take effect.
  • Page 184 UTT Technologies Chapter 10 QoS Note The value 0 means unlimited Sessions. If some applications (such as online games) performance is degraded due to maximum Sessions limit, you can appropriately increase Max. Sessions and Max. TCP Sessions (or Max. UDP Sessions). Note that if they are too large, the Device may be unable to prevent DDoS attacks effectively.

  • Page 185: Chapter 11 Firewall

    UTT Technologies Chapter 11 Firewall Chapter 11 Firewall This chapter describes how to configure firewall features, including attack prevention, access control, domain filtering, and MAC address filtering. 11.1 Attack Prevention This section describes the Firewall > Attack Prevention page. 11.1.1 Internal Attack Prevention In this page, you can do basic internal Attack Prevention settings to enhance network security.
  • Page 186 UTT Technologies Chapter 11 Firewall Figure 11-1 Internal Attack Prevention Settings Figure 11-2 External Attack Prevention Settings 1. Virus Prevention Enable DDoS Prevention: It is used to enable or disable DDoS prevention. If you select the check box to enable this feature, it will effectively protect the Router against popular DoS/DDoS attacks.
  • Page 187 UTT Technologies Chapter 11 Firewall address 192.168.16.36 is performing SYN flood attack, and then randomly discard the further SYN packets from that source to that destination. In most cases, leave Threshold the default value. Enable ARP Spoofing Prevention: It allows you to enable or disable ARP spoofing defense.

  • Page 188: External Attack Prevention

    UTT Technologies Chapter 11 Firewall Save: Click it to save the internal attack prevention settings. 11.1.2 External Attack Prevention In this page you can enable or disable WAN ping respond. As ping is often used by malicious Internet users to locate active networks or hosts, in most cases, it is recommended that you disable WAN ping respond for added security.

  • Page 189: Access Control

    UTT Technologies Chapter 11 Firewall 11.2 Access Control This section describes the Firewall > Access Control page, which includes the Access Rule List and Access Rule Settings. 11.2.1 Introduction to Access Control 11.2.1.1 The Purpose of Access Control Feature By flexibly utilizing access control, you can not only assign different Internet access privileges to different LAN users, but also assign different Internet access privileges to the same users based on schedules.
  • Page 190 UTT Technologies Chapter 11 Firewall 11.2.1.3 Filtering Type of Access Rule The Router supports three filtering types of access rule, which include IP filtering, URL filtering and keyword filtering. All of them support access control based on schedule. 1. IP Filtering The IP filtering rules are used to filter IP packets based on the packet header information, such as source IP address, destination IP address, protocol type (TCP, UDP, ICMP, etc.),...

  • Page 191: Access Rule List

    UTT Technologies Chapter 11 Firewall 11.2.2 Access Rule List Figure 11-3 Access Rule List Figure 11-4 Access Rule List (Continue) Figure 11-5 Access Rule List (Continue) Add an Access Rule: To add a new access rule, first click the Add button to go to the Access Rule Settings page, next configure it, lastly click the Save button.

  • Page 192: Access Rule Settings

    UTT Technologies Chapter 11 Firewall Modify an Access Rule: To modify a configured access rule, click its Name hyperlink or icon, the related information will be displayed in the setup page. Then modify it, and click the Save button. Delete Access Rule(s): There are three ways to delete access rule(s).
  • Page 193 UTT Technologies Chapter 11 Firewall 11.2.3.1 Access Rule Settings - IP Filtering Figure 11-6 Access Rule Settings - IP Filtering Name: It specifies a unique name of the access rule. Enable: It allows you to enable or disable the access rule. The default value is checked, which means the access rule is in effect.
  • Page 194 UTT Technologies Chapter 11 Firewall be repeated. Action: It specifies the action to be taken if a packet matches the access rule. The available options are Allow and Deny. ● Allow: It indicates that the Router will allow the packets matching the rule, that is, the Router will forward these packets.
  • Page 195 UTT Technologies Chapter 11 Firewall 11.2.3.2 Access Rule Settings - URL Filtering Figure 11-7 Access Rule Settings - URL Filtering The parameters Name, Source IP Range, Priority and Action, and Schedule related parameters are the same as those of the IP Filtering access rule, please refer to Section 9.1.3.1 Access Rule Settings - IP Filtering for detailed information.
  • Page 196 The URL filtering rules cannot be used to control users’ access to other services through a web browser. For example, to control users’ access to ftp://ftp.utt.com.cn, you need to configure an IP filtering rule to allow or deny ftp service.

  • Page 197: Configuration Examples For Access Rule

    UTT Technologies Chapter 11 Firewall 9.1.3.1 Access Rule Settings - IP Filtering for detailed information. Filtering Type: It specifies the filtering type of the access rule. The options are IP Filtering, URL Filtering, and Keyword Filtering. Here please select Keyword Filtering.
  • Page 198 UTT Technologies Chapter 11 Firewall Figure 11-9 Access Rule List - Example 1 Figure 11-10 Access Rule List - Example 1 (Continue) Figure 11-11 Access Rule List - Example 1 (Continue) 11.2.4.2 Example 2 - Only Block a Group of Users from Accessing Certain Services In this example, we want to block a group of users (IP address range: 192.168.1.80...
  • Page 199 UTT Technologies Chapter 11 Firewall access any other services. We need to create three access rules to meet the requirements: ● Access rule 1: It blocks those users from accessing www.bbc.com. ● Access rule 2: It blocks those users from accessing www.cnn.com.
  • Page 200 UTT Technologies Chapter 11 Firewall Figure 11-14 Access Rule List - Example 2 (Continue) 11.2.4.3 Example 3 - Control Internet Applications of a Group of Users based on Schedule In this example, we want to only allow a group of users (IP address range: 192.168.1.150 -192.168.1.200) to access web service during business hours (Monday to Friday, 9:00 to...
  • Page 201 UTT Technologies Chapter 11 Firewall Figure 11-16 Access Rule List - Example 3 (Continue) Figure 11-17 Access Rule List - Example 3 (Continue) 11.2.4.4 Example 4 - Control Internet Applications of a Single User You can assign a range of contiguous IP addresses to the users that have the same Internet access privileges, and then create access rules for the user group.
  • Page 202 UTT Technologies Chapter 11 Firewall Figure 11-18 Access Rule List - Example 4 Figure 11-19 Access Rule List - Example 4 (Continue) Figure 11-20 Access Rule List - Example 4 (Continue) http://www.uttglobal.com Page 194...

  • Page 203: Domain Filtering

    UTT Technologies Chapter 11 Firewall 11.3 Domain Filtering This section describes the Firewall > Domain Filtering page. The domain filtering feature allows you to block access to unwanted websites in your organization. 11.3.1 Domain Filtering Global Settings Figure 11-21 Domain Filtering Global Settings Enable Domain Filtering: It allows you to enable or disable domain filtering.

  • Page 204: Mac Address Filtering

    UTT Technologies Chapter 11 Firewall will block the LAN users from accessing these domain names. Add a Domain Name: To add a domain name to the Domain Name List, enter the domain name of the website that you want to block in the Domain Name text box, and then click the Add button.

  • Page 205: Mac Address Filtering List

    UTT Technologies Chapter 11 Firewall 11.4.1 MAC Address Filtering List Enable MAC Address Filtering: Enable MAC Address Filtering by checking this box. Filtering Mode: Users can select “Only allow MAC address in the list to access the internal “ or “ Only block MAC address in the list to access the internal “.
  • Page 206 UTT Technologies Chapter 11 Firewall Text Box: Text Box is where MAC address needs to be input. When you add the MAC addresses, the format is" MAC [space] user name". For example: 0022aaafcdb3 David. After finishing all MAC addresses and user name, click on Add.

  • Page 207: Chapter 12 Vpn

    UTT Technologies Chapter 12 VPN Chapter 12 VPN 12.1 PPTP VPN The Router supports PPTP feature. PPTP is a VPN tunneling protocol which encapsulates PPP frames in IP packets for transmission over a public IP network such as the Internet.
  • Page 208 NAT devices. Most NAT devices can translate TCP-based packets for PPTP tunnel maintenance. However, many NAT devices or firewalls cannot handle GRE packets, thus the PPTP data packets with the GRE header cannot pass them. The UTT products support NAT traversal for PPTP tunnels.
  • Page 209 UTT Technologies Chapter 12 VPN 12.1.1.2 Packet Flow - PPTP Figure 12-2 PPTP Packet Flow As shown in Figure 12-2, during the PPTP tunnel establishment and data transmission processes, the packet flow through the PPTP can be summarized as follows: After the PPTP tunnel parameters are configured properly, the PPTP automatically creates a virtual interface for the new tunnel to listen for user data ((1) in Figure 12-2).

  • Page 210: User Authentication

    UTT Technologies Chapter 12 VPN The PPTP receives the PPTP packets from the PPTP server, and performs decapsulation ((15) in Figure 12-2). The PPTP forwards the user data (i.e., original packets) to their intend destinations ((16) in Figure 12-2). 10. The PPTP tunnel is terminated manually by the user or automatically due to no activity for some time ((17) in Figure 12-2).
  • Page 211 UTT Technologies Chapter 12 VPN PPTP tunnel establishment. In addition, on the Router, you can adjust the global PPTP tunnel MTU (i.e., tunnelmtu) to minimize the fragmentation: if an IP packet exceeds the specified MTU, it will be fragmented by the original computer before transmission. The following two examples describe how to calculate PPTP tunnel MTU.

  • Page 212: Pptp Client Settings

    The available options are PAP, CHAP,MS-CHAPV2 and ANY.  PAP: Password Authentication Protocol.  CHAP: Challenge Handshake Authentication Protocol.  MS-CHAPV2: The Microsoft version of the Challenge-Handshake Authentication Protocol,  ANY: It means that the UTT VPN gateway will automatically negotiate it with the http://www.uttglobal.com Page 204...

  • Page 213: Pptp Server Settings

    The Global Setting under PPTP Server specifies the range of IP addresses reserved for remote PPTPs. When the UTT VPN gateway acts as a PPTP server, it will assign an IP address from this range to a PPTP, and then it will use the assigned IP address to communicate with the client.
  • Page 214 MS-CHAPV2: The Microsoft version of the Challenge-Handshake Authentication Protocol,  ANY: It means that the UTT VPN gateway will automatically negotiate it with the remote VPN appliance. IP Poor Start Address: It specifies the starting IP address assigned from the VPN address pool.
  • Page 215 Internet. All traffic from one LAN destined for the other one is tunneled, without individual hosts having to use VPN clients. In this case, either a UTT VPN gateway or compatible VPN appliance can act as a PPTP.

  • Page 216: Notes On Configuring Pptp Client And Server

    PPTP uses the registered TCP port 1723 to transmit control messages. When NAT is enabled on the UTT VPN gateway, in order for the IPSec tunnel to be established and function properly, the UTT VPN gateway will automatically create two port forwarding rules after you have configured a PPTP server or client entry.
  • Page 217 UTT Technologies Chapter 12 VPN Figure 12-8 PPTP List Figure 12-9 PPTP List (Continue) After the Router has successfully established a PPTP tunnel with the remote PPTP server, you will see that the tunnel’s Status changes from Disconnected to Connected, the Up Time timer starts, and the Out Bytes and In Bytes will go on increasing as long as there is some network traffic being passed through the PPTP tunnel.

  • Page 218: How To Add, View, Edit And Delete Pptp Clients Or Server Entries

    UTT Technologies Chapter 12 VPN 12.1.6 How to Add, View, Edit and Delete PPTP Clients or Server Entries Add a PPTP Client or Server Entry: If you want to add a PPTP client or server entry, click on Add Client or Add Server button to go to setup page, and then configure it, lastly click the Save button.

  • Page 219: Configuration Example For Pptp

    As shown in Figure 12-10, we will use PPTP to establish a VPN tunnel, deploy a HiPER 518W Router acting as a PPTP at the branch office, and another VPN appliance (a UTT VPN gateway is recommended) acting as a PPTP server at the head office. The IP...

  • Page 220: Ipsec Vpn

    12.2.1 Introduction to IPSec Implementation As shown inTable 12-1 Four Types of IPSec VPN Configuration, the UTT VPN gateway supports four types of IPSec VPN configuration. Key Mode...
  • Page 221 (another UTT VPN gateway or compatible VPN appliance) has a static IP address; and in the last type, the local UTT VPN gateway has a static IP address, while the remote endpoint (another UTT VPN gateway or compatible VPN appliance) has a dynamic IP address.
  • Page 222 IPSec supports two methods to create security associations (SAs):  The SAs can be created manually by the system administrator, which is called Manual Key on the UTT VPN gateway;  The SAs can be negotiated and created dynamically by IKE, which is called AutoKey (IKE) on the UTT VPN gateway.
  • Page 223 When both endpoints of an IPSec tunnel are hosts, you can use transport mode or tunnel mode. When either end of the tunnel is a security gateway (such as a router or firewall), or both ends are security gateways, you must use tunnel mode. On the UTT VPN gateway, IPSec always operates in tunnel mode.

  • Page 224: Key Management

    The term key management refers to the creation, distribution, storage and deletion of keys. Key management is a critical part of IPSec. IPSec uses cryptographic keys for authentication and encryption. On the UTT VPN gateway, IPSec supports both manual and automatic key management.
  • Page 225 IPSec tunnel. In this case, if the UTT VPN gateway receives a packet matching an IPSec security policy, it will encrypt and authenticate the packet, and then send it to the remote endpoint through the IPSec tunnel.
  • Page 226 When both IPSec endpoints agree to accept at least one set of the proposed phase 1 security parameters and then process them, a successful phase 1 negotiation concludes. When acting as an initiator, the UTT VPN gateway supports up to 12 phase 1 proposals, which allow you to specify a series of security parameters; when acting as a responder, it can accept any phase 1 proposal.
  • Page 227 UTT Technologies Chapter 12 VPN ● Second exchange (message 3 and 4): A Diffie-Hellman exchange is performed. Each endpoint exchanges a nonce (i.e., random number). ● Third exchange (message 5 and 6): Identities of both endpoints are exchanged and verified.
  • Page 228 UTT Technologies Chapter 12 VPN There are five basic DH groups (UTT VPN gateway supports DH groups 1, 2, and 5). Each DH group has a different size modulus. A larger modulus provides higher security, but requires more processing time to generate the key. The modulus of DH groups 1, 2, and 5 are as follows: ●...
  • Page 229 DPD check box to enable DPD feature, and configure the parameter Heartbeat Interval to specify a time interval at which the UTT VPN gateway periodically sends DPD heartbeat messages to the peer to verify its availability (section 6.1.2.2).
  • Page 230 IPSec header; if not, the packet will be forwarded directly. Else, the UTT VPN gateway will authenticate and/or decrypt the packet, and then forward the resulting packet (i.e., initial packet) to its intend destination.
  • Page 231 IPSec tunnel is not established, it will initiate IKE negotiation to establish a pair of IPSec SAs (that is, an IPSec tunnel). After the IPSec tunnel is established, the UTT VPN gateway will do the required IPSec processing (e.g., encryption and/or authentication) before sending the packet to the remote endpoint through the tunnel;...
  • Page 232 UTT Technologies Chapter 12 VPN 12.2.1.7 Packet Flow – IPSec Initiator Figure 12-16 IPSec Packet Flow As shown in Figure 12-16 IPSec Packet Flow, during the IPSec tunnel establishment and data transmission processes, the packet flow through the IPSec initiator can be...
  • Page 233 IPSec tunnel. 12.2.1.9 MTU and Fragmentation The UTT VPN gateway will fragment an IP packet if it exceeds the MTU of the outbound physical interface. For example, a standard Ethernet-type interface has a MTU of 1500 bytes, thus the UTT VPN gateway will fragment a packet exceeding 1500 bytes in order to transmit it over the Ethernet interface.
  • Page 234 IPSec switching path. To solve this problem, the UTT VPN gateway allows you to set the IPSec tunnel MTU to minimize the fragmentation. If an IP packet exceeds the specified MTU, it will be fragmented by the original host before transmission.
  • Page 235 UTT Technologies Chapter 12 VPN On the UTT VPN gateway, the IPSec tunnel MTU is 1400 bytes by default. In most cases, please leave the default value because it can meet most application needs. 12.2.1.10 IPSec NAT Traversal Network Address Translation (NAT) is a technology that allows multiple hosts on a private network to share a single or a small group of public IP addresses.

  • Page 236: Ipsec Settings-Autokey (Ike)

    UTT Technologies Chapter 12 VPN 12.2.1.11 IPSec Sessions Limit The maximum number of concurrent IPSec sessions (i.e., tunnels) is depends on the specific product model. If the number of active VPN sessions has reached the maximum value, the system will reject any request for creating a new IPSec session and pop up a prompt dialog box shown in Figure 12-19 Prompt Dialog Box –...
  • Page 237 If both IPSec endpoints have static IP addresses, you can choose Bidirectional as the connection type (see Figure 12-22 IPSec Settings (AutoKey (IKE) – Bidirectional)). In this case, the local UTT VPN gateway can act as an initiator or responder; and neither local ID nor remote ID is required.
  • Page 238 Save: Click it to save the IPSec settings. 2) Originate-Only (Dynamic-to-Static IPSec VPN) If the local UTT VPN gateway has a dynamically assigned IP address, and the remote endpoint (another UTT VPN gateway or compatible VPN appliance) has a static IP address, you can choose Originate-Only as the connection type (see Figure 12-23 IPSec Settings (AutoKey (IKE) –...
  • Page 239 The difference is that this connection type requires identity authentication. Specifically, the identity authentication for the local UTT gateway is required, that is, the local UTT gateway should provide its identity information to the remote IPSec endpoint for authentication;...
  • Page 240 IPSec device to authenticate the local UTT VPN gateway. ID Value (Local): It specifies the identity of the local UTT VPN gateway. In this connection type, it is a required parameter. Please enter an ID value according to the selected ID Type (Local).
  • Page 241 ID Value (Local). ID Value (Local): It specifies the identity of the local UTT VPN gateway. In this connection type, it is a required parameter. Please enter an ID value according to the selected ID Type (Local).
  • Page 242 UTT Technologies Chapter 12 VPN Figure 12-25 IPSec Settings (AutoKey (IKE) – Advanced Options (Main Mode) http://www.uttglobal.com Page 234...
  • Page 243 UTT Technologies Chapter 12 VPN Figure 12-26 IPSec Settings (AutoKey (IKE) – Advanced Options (Aggressive Mode) Advanced Options: Click this hyperlink to view and configure advanced parameters. In most cases, you need not configure them. Exchange Mode: It specifies the exchange mode used for IKE phase 1 negotiation.
  • Page 244 DPD: It is u sed to enable or disable DPD, which allows the UTT VPN gateway to detect an unresponsive peer. If you select this check box to enable DPD, the UTT...
  • Page 245 3DES, the authentication algorithm is md5, and the DH group is DH group 2. In the Web UI, the UTT VPN gateway provides four phase 1 proposals by default; therefore, you need not configure phase 1 proposals in some cases. In addition, it allows you to configure phase 1 proposals as required.

  • Page 246: Ipsec List

    AES256 algorithm, ESP authentication with SHA algorithm and AH authentication with MD5 algorithm. By default, the UTT VPN gateway provides one phase 2 proposal by the parameter P2 Encrypt/Auth Algorithms 1 (default value is esp-3des) in the Web UI. In addition, it allows you to choose up to four phase 2 proposals in the Web UI, and twelve phase 2 proposals in the CLI.

  • Page 247: How To Add, View, Edit And Delete Ipsec Entries

    UTT Technologies Chapter 12 VPN Unestablished The IKE SA and IPSec SAs are not established. IKE Negotiating IKE Phase 1 negotiation is in progress; the IKE SA is not established yet. IPSec Negotiating The IKE SA is established; IKE Phase 2 negotiation is in progress.

  • Page 248: Configuration Examples For Ipsec - Autokey (Ike)

    ● Bidirectional (Gateway-to-Gateway IPSec VPN): Both IPSec endpoints have static IP addresses. In this case, the local UTT VPN gateway can act as an initiator or responder. ● Answer-Only (Static-to-Dynamic IPSec VPN): The local UTT VPN gateway has a static IP address, while the remote endpoint (another UTT VPN gateway or compatible VPN appliance) has a dynamic IP address.
  • Page 249 In this scenario (seeFigure 12-28 Network Topology – UTT VPN Gateway and UTT VPN Gateway (Bidirectional)), we deploy two UTT VPN gateways at a company: one is located at the head office, and the other is located at the branch office. Now we want to use AutoKey (IKE) mode to establish an IPSec tunnel between them, and use the following proposals (i.e., encryption and authentication algorithms): the phase 1 proposals...
  • Page 250 On the UTT VPN gateway, you can go to the VPN > IPSec > IPSec List page to view the configuration of the IPSec tunnel, including the Remote Gateway, Remote Subnet IP, Bind to and Local Subnet IP, see Figure 12-29 IPSec List –...
  • Page 251 (another UTT VPN gateway or compatible VPN appliance) has a dynamically assigned IP address (PPPoE or DHCP), you can choose Answer-Only as the connection type. In this case, the local UTT VPN gateway can only act as a responder, and both IPSec endpoints should use aggressive mode for phase 1 IKE negotiation.
  • Page 252 1 proposals are left at their default values, and the preferred phase 2 proposal is esp-aes192-sha; in addition, the preshared key is testing, the originator’s ID type is Email address and value is hiper@utt.com.cn, and the IP addresses are as follows: The UTT VPN gateway at the head office: WAN Interface IP Address: 200.200.202.123/24...
  • Page 253 On the UTT VPN gateway, you can go to the VPN > IPSec > IPSec List page to view the configuration of the IPSec tunnel, including the Remote Gateway, Remote Subnet IP, Bind to and Local Subnet IP, see Figure 12-31 Responder’s IPSec List –...
  • Page 254 Figure 12-31 Responder’s IPSec List – UTT VPN Gateway to UTT VPN Gateway (Answer-Only) Viewing the UTT VPN gateway at the branch office The following figure shows the configuration and status of the IPSec tunnel on the UTT VPN gateway with a dynamic IP address at the branch office.
  • Page 255 IP address, you can choose Originate-Only as the connection type. In this case, the local UTT VPN gateway can only act as an initiator, and both IPSec endpoints should use aggressive mode for phase 1 IKE negotiation.

  • Page 256: Chapter 13 System

    UTT Technologies Chapter 13 System Chapter 13 System This chapter describes how to perform maintenance activities on the Router, including administrator settings, system time settings, configuration backup and restore, firmware upgrade, remote management, and scheduled task settings. 13.1 Administrator This section describes the Administration > Administrator page, where you can add, view, modify and delete the administrator accounts.

  • Page 257: Administrator Settings

    UTT Technologies Chapter 13 System To delete an administrator account, directly click its icon. To delete more than one administrator account at a time, select the leftmost check boxes of the administrator accounts that you want to delete, and then click the Delete button.

  • Page 258: System Time

    UTT Technologies Chapter 13 System 13.2 System Time This section describes the Administration > Time page, see Figure 13-3. To ensure that the time-related features (e.g., DDNS, Schedule, Access Control, etc.) work well, you should synchronize the system clock. You can manually configure the system time or enable SNTP (Synchronize with SNTP Server) to automatically synchronize the system time from a designated SNTP server on the Internet.
  • Page 259 UTT Technologies Chapter 13 System SNTP Server 1 IP Address ~ SNTP Server 3 IP Address: It allows you to configure up to three SNTP servers on the Router. The Server 1 is the primary server (the default is 192.43.244.18), and the Server 2 is the first backup server (the default is 129.6.15.28), and the Server 3 is the second backup server (the default is 0.0.0.0).

  • Page 260: Configuration

    UTT Technologies Chapter 13 System 13.3 Configuration This section describes the Administration > Configuration page, where you can backup the current configuration file to the local PC, restore your previous configuration using the backup configuration file, and reset the Router to factory default settings.

  • Page 261: Reset To Factory Defaults

    UTT Technologies Chapter 13 System 13.3.3 Reset to Factory Defaults Figure 13-6 Reset to Factory Defaults Reset: To reset the Router to factory default settings, click the Reset button, and then restart the Router. Note After performing the reset operation, you must manually restart the Router in order for the default settings to take effect.

  • Page 262: Firmware Upgrade

    This section describes the Administration > Firmware Upgrade page, where you can view the current firmware version information, download the latest firmware from the website of UTT Technologies Co., Ltd., and upgrade the firmware. Figure 13-7 Firmware Upgrade Current Firmware Version: It displays the version of the current firmware installed on the Router.

  • Page 263: Remote Management

    UTT Technologies Chapter 13 System Step 3 Renewing the firmware Click the Upgrade button to renew the Router’s firmware. If you click the Upgrade button, you will be prompted to confirm the upgrade (see Figure 13-8). Then you can click OK to upgrade the firmware and restart the Router, or click Cancel to cancel the operation.

  • Page 264: Scheduled Task

    UTT Technologies Chapter 13 System Figure 13-9 Remote Management Settings Enable HTTP: It allows you to enable or disable HTTP remote management. Select this check box to enable HTTP remote management. To access the Router’s Web UI over the Internet, you should enter http:// and the Router's WAN IP address, followed by a colon and the port number.

  • Page 265: Scheduled Task Settings

    UTT Technologies Chapter 13 System 13.6.1 Scheduled Task Settings Figure 13-10 Scheduled Task Settings Task Name: It specifies a unique name of the task. Repeat: It specifies how often the Router will perform the task. The available options are Weekly, Daily, Hourly, Minutely.
  • Page 266 UTT Technologies Chapter 13 System Figure 13-11 Scheduled Task List Figure 13-12 Scheduled Task List (Continue) Add a Scheduled Task: To add a new scheduled task, first click the Add button to go to the Scheduled Task Settings page, next configure it, lastly click the Save button.

  • Page 267: Chapter 14 Status

    UTT Technologies Chapter 14 Status Chapter 14 Status This chapter describes how to view the wired status and wireless status, the traffic statistics for each interface, and system information including the current system time, system up time, system resources usage information, firmware version, and system log.

  • Page 268: System Log

    UTT Technologies Chapter 14 Status Current System Time: It displays the Router’s current date (YYYY-MM-DD) and time (HH:MM:SS). System Up Time: It displays the elapsed time (in days, hours, minutes and seconds) since the Router was last started. CPU: It displays the current CPU usage.

  • Page 269: Log Management Settings

    UTT Technologies Chapter 14 Status 14.3.1 Log Management Settings Figure 14-2 System Log Settings Select All: It selects or unselects all the check boxes below. If you want to enable all the provided system log features at a time, please select this check box. If you want to disable all the provided system log features at a time, please clear the check box.
  • Page 270 UTT Technologies Chapter 14 Status Figure 14-3 System Logs Clear: Click it to clear all the system logs. Refresh: Click it to view the latest system logs. The following table describes some common types of system logs. System Log Meaning...
  • Page 271 UTT Technologies Chapter 14 Status Outgoing Call @61:1-1 The Device started dialing out. The session whose name is PPPOE was hanged up. Session down Manually (PPPOE) Manually means it was hanged up by manual. The Device has successfully established a session...

  • Page 272: Chapter 15 Support

    Chapter 15 Support The Support page provides links to the UTTCare, Forum, Knowledge and Reservation page of the UTT website, which can help you quickly learn the UTT Technologies service system and enjoy the most intimate and professional services. Figure 15-1 Support As shown in Figure 15-1, it allows you to click each Learn More hyperlink to directly open the corresponding page of the UTT website.

  • Page 273: Appendix A How To Configure Your Pc

    UTT Technologies Appendix A How to configure your PC Appendix A How to Configure Your PC This appendix describes how to configure TCP/IP settings on a Windows XP-based computer. There are two ways to configure TCP/IP settings: manually configuring TCP/IP settings, and automatically configuring TCP/IP settings with DHCP.
  • Page 274 UTT Technologies Appendix A How to configure your PC Figure A-0-1 Local Area Connection Properties In the Internet Protocol (TCP/IP) Properties dialog box (see Figure A-0-2), select the Use the following IP address option, enter 192.168.1.x (x is between 2 and 254, including 2 and 253) in the IP address text box, 255.255.255.0 in the Subnet mask...
  • Page 275 UTT Technologies Appendix A How to configure your PC On the Windows taskbar, click Start > Settings > Control Panel. Double-click the Network Connections icon, right-click the Local Area Connection icon and select Properties. On the General tab (see Figure A-0-1), in the This connection uses the following items box, click the Internet Protocol (TCP/IP) item, and then click the Properties button.
  • Page 276 UTT Technologies Appendix A How to configure your PC Click Install. Click Protocol, and then click Add. Click Have Disk. In the Copy manufacturer's files from box, type System_Drive_Letter:\windows\inf, and then click OK. In the list of available protocols, click Internet Protocol (TCP/IP), and then click Restart your computer.

  • Page 277: Appendix B Faq

    UTT Technologies Appendix B FAQ Appendix B FAQ How to connect the Wireless Router to the Internet using PPPoE? Step 1 Set your ADSL Modem to bridge mode (RFC 1483 bridged mode). Step 2 Please make sure that your PPPoE Internet connection use standard dial-type.

  • Page 278: How To Connect The Wireless Router To The Internet Using Static Ip

    UTT Technologies Appendix B FAQ Figure B-0-2 Viewing PPPoE Connection Status in the Internet Connection List (Continue) Step 8 Configure the local computers according to the steps described in Appendix A How to Configure Your PC. How to connect the Wireless Router to the Internet...
  • Page 279 UTT Technologies Appendix B FAQ Step 3 Configure the DHCP Internet connection related parameters in the Start > Setup Wizard or the Network > WAN page. Note Some ISPs register the MAC address of your network device (usually a computer) when your account is first opened, and they will only accept traffic from that MAC address.

  • Page 280: How To Connect A Windows Xp Pc To The Device Wirelessly

    UTT Technologies Appendix B FAQ How to connect a Windows XP PC to the Device wirelessly? Step 1: Configuring TCP/IP Settings 1. Right-click Network Neighborhood and select Properties. 2. Right-click Wireless Network Connection and select Properties. 3. Double-click Internet Protocol (TCP/IP) to open the Internet Protocol (TCP/IP) Properties window.
  • Page 281 UTT Technologies Appendix B FAQ How to connect a Windows 7 PC to the Device wirelessly? Step 1: Configuring TCP/IP Settings 1. Click Start > Control Panel > Network and Internet > Network and Sharing Center > Change Adapter Settings.

  • Page 282: How To Reset The Wireless Router To Factory Default Settings

    UTT Technologies Appendix B FAQ network name. How to reset the Wireless Router to factory default settings? Note The reset operation will clear all the custom settings on the Wireless Router, so do it with caution. The following describes how to reset the Wireless Router to factory default settings. There are two cases depending on whether you remember the administrator password or not.

  • Page 283: Appendix C Common Ip Protocols

    UTT Technologies Appendix C Common IP Protocols Appendix C Common IP Protocols Protocol Name Protocol Number Full Name Internet Protocol ICMP Internet Protocol Message Protocol IGMP Internet Group Management Gateway-Gateway Protocol IPINIP IP in IP Tunnel Driver Transmission Control Protocol...

  • Page 284: Appendix D Common Service Ports

    UTT Technologies Appendix D Common Service Ports Appendix D Common Service Ports Service Name Port Protocol Description echo echo discard discard systat Active users systat Active users daytime daytime qotd Quote of the day qotd Quote of the day chargen...
  • Page 285 UTT Technologies Appendix D Common Service Ports domain Domain Name Server bootps Bootstrap Protocol Server bootpc Bootstrap Protocol Client tftp Trivial File Transfer gopher finger http World Wide Web kerberos Kerberos kerberos Kerberos hostname NIC Host Name Server iso-tsap ISO-TSAP Class 0...
  • Page 286 UTT Technologies Appendix D Common Service Ports snmp snmptrap SNMP trap print-srv Network PostScript Border Gateway Protocol Internet Relay Chat Protocol IPX over IP ldap Lightweight Directory Access Protocol https MCom https MCom microsoft-ds microsoft-ds kpasswd Kerberos (v5) kpasswd Kerberos (v5)
  • Page 287 UTT Technologies Appendix D Common Service Ports conference netnews netwall For emergency broadcasts uucp klogin Kerberos login kshell Kerberos remote shell new-rwho remotefs rmonitor monitor ldaps LDAP over TLS/SSL doom Doom Id Software doom Doom Id Software kerberos-adm Kerberos administration...
  • Page 288 UTT Technologies Appendix D Common Service Ports radacct 1813 RADIUS accounting protocol nfsd 2049 NFS server knetd 2053 Kerberos de-multiplexor 9535 Remote Man Server http://www.uttglobal.com Page 280...

  • Page 289: Appendix E Figure Index

    UTT Technologies Appendix E Figure Index Appendix E Figure Index Figure 0-1 MAC Address Filtering List ..................3 Figure 2-1 Front Panel of the Wireless Router ................ 14 Figure 2-2 Back Panel of the Wireless Router ................ 15 Figure 3-1 Entering IP address in the Address Bar ..............21 Figure 3-2 Login Screen ......................
  • Page 290 UTT Technologies Appendix E Figure Index Figure 5-16 LAN Interface Settings ..................60 Figure 5-17 DHCP Server Settings ..................62 Figure 5-18 Static DHCP Settings ..................64 Figure 5-19 Static DHCP List ....................65 Figure 5-20 DHCP Auto Binding .................... 66 Figure 5-21 DHCP Client List ....................
  • Page 291 UTT Technologies Appendix E Figure Index Figure 7-2 Port Forwarding Settings ..................106 Figure 7-3 Port Forwarding Settings - Example ..............108 Figure 7-4 NAT Rule List ..................... 109 Figure 7-5 NAT Rule Settings - EasyIP ................110 Figure 7-6 NAT Rule Settings - One2One ................111 Figure 7-7 EasyIP NAT Rule Settings - Example ..............
  • Page 292 UTT Technologies Appendix E Figure Index Figure 9-2 Schedule Settings ....................157 Figure 9-3 Internet Application Management List ............. 158 Figure 9-4 Internet Application Management Settings ............159 Figure 9-5 Internet Application Management List – Example ........... 162 Figure 9-6 Internet Application Management List – Example (continued)......162 Figure 9-7 QQ Whitelist .....................
  • Page 293 Figure 12-28 Network Topology – UTT VPN Gateway and UTT VPN Gateway (Bidirectional) ....................... 241 Figure 12-29 IPSec List – UTT VPN Gateway and UTT VPN Gateway (Bidirectional) ..243 Figure 12-30 Network Topology – UTT VPN Gateway to UTT VPN Gateway (Answer-Only) ............................
  • Page 294 UTT Technologies Appendix E Figure Index Figure 14-1 System Information ................... 259 Figure 14-2 System Log Settings ..................261 Figure 14-3 System Logs ...................... 262 Figure 15-1 Support ......................264 Figure A-0-1 Local Area Connection Properties ..............266 Figure A-0-2 Internet Protocol (TCP/IP) Properties ............. 266 Figure A-0-3 Internet Protocol (TCP/IP) Properties .............

  • Page 295: Appendix F Table Index

    UTT Technologies Appendix F Table Index Appendix F Table Index Table 0-1 Common Button Descriptions ................... 3 Table 0-2 Basic Elements and Features of the List ..............4 Table 0-3 Factory Default Settings .................... 5 Table 2-1 Description of LEDs on the Front Panel ..............15 Table 2-2 Description of Ports on the Rear Panel ..............

Table of Contents