Amit BDE702-001 User Manual
  1. Manuals
  2. Brands
  3. Amit Manuals
  4. Gateway
  5. BDE702-001
  6. User manual

Amit BDE702-001 User Manual

Business security gateway
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual

User Manual

BDE702-001
BDE761-001
BDE771-001
Business Security Gateway
V0.91_20140227

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the BDE702-001 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Amit BDE702-001

Summary of Contents for Amit BDE702-001

  • Page 1: User Manual

    User Manual BDE702-001 BDE761-001 BDE771-001 Business Security Gateway V0.91_20140227...

  • Page 2: Table Of Contents

    Business Security Gateway TABLE OF CONTENTS CHAPTER 1 INTRODUCTION ....................6 ............................. 6 ONTENTS ..........................8 ARDWARE NSTALLATION 1.2.1 ATTENTION ..........................8 1.2.2 SYSTEM REQUIREMENTS ...................... 8 1.2.3 Hardware Configuration ......................9 1.2.4 LED Indicators ......................... 11 CHAPTER 2 GETTING STARTED ................... 13 ..........................
  • Page 3 Business Security Gateway 3.1.4.4 6 to 4 ............................. 59 3.1.4.5 IPv6 in IPv4 Tunnel ........................60 3.1.5 NAT Setup ..........................61 3.1.5.1 Virtual Server ..........................61 3.1.5.2 Virtual Computers ......................... 62 3.1.5.3 Special AP ............................ 62 3.1.5.4 NAT Loopback ..........................63 3.1.5.5 DMZ ..............................
  • Page 4 Business Security Gateway 3.2.3.1.9 IPSec Phase .............................. 94 3.2.3.1.10 IPSec Proposal Definition ........................95 3.2.3.1.11 Manual Proposal ............................95 3.2.3.2 PPTP ............................. 96 3.2.3.2.1 PPTP Server ............................. 96 3.2.3.2.2 PPTP Client .............................. 97 3.2.3.3 L2TP ............................. 99 3.2.3.3.1 L2TP Server ............................. 99 3.2.3.3.2 L2TP Client ............................
  • Page 5 Business Security Gateway Copyright The contents of this publication may not be reproduced in any part or as a whole, stored, transcribed in an information retrieval system, translated into any language, or transmitted in any form or by any means, mechanical, magnetic, electronic, optical, photocopying, manual, or otherwise, without the prior written permission.

  • Page 6: Chapter 1 Introduction

    Business Security Gateway Chapter 1 Introduction Congratulations on your purchase of this outstanding product: BDE702-001 / BDE761-001 / BDE771-001 Business Security Gateway. This device is specifically designed for SMB & SOHO offices, small shops, and chain stores. No matter offices are located at wire unreachable area, it can connect to Intranet of headquarter instantly via fixed line and / or cellular network.
  • Page 7 Business Security Gateway 1pce BDE702 / BDE761 / BDE771 User Manual...

  • Page 8: Hardware Installation

    Business Security Gateway Hardware Installation 1.2.1 ATTENTION  Do not use the product in high humidity or high temperatures.  Only use the power adapter that comes with the package. Using a different voltage rating power adaptor may damage the product. ...

  • Page 9: Hardware Configuration

    Business Security Gateway 1.2.3 Hardware Configuration Rear View: BDE702-001 / BDE761-001 WiFi Ant. Auto MDI/MDIX RJ-45 Ports Reset Power (for BDE761) 1~2 x FE WAN to connect Button ON/OFF Internet, Switch 4~3 x FE LAN to connect local devices Receptor WiFi Ant.
  • Page 10 Business Security Gateway Front View: BDE702-001 / BDE761-001 BDE771-001 Reset Button BDE702 / BDE761 / BDE771 User Manual...

  • Page 11: Led Indicators

    Business Security Gateway 1.2.4 LED Indicators BDE702-001 / BDE761-001 Description OFF: Device is powered down. Orange: Device is booting up. Power Green: Device is powered on. Orange in flash: Device is in recovery mode or abnormal. Green: Ethernet connection is established...
  • Page 12 Business Security Gateway BDE771-001 Description OFF: Device is powered down. Orange: Device is booting up. Power Green: Device is powered on. Orange in flash: Device is in recovery mode or abnormal. Green: Ethernet connection is established Green in flash: data packet transferred through WAN OFF: No Ethernet cable attached or Device not linked OFF: USB 3G/4G connection is not established Green: USB 3G/4G connection is established...

  • Page 13: Chapter 2 Getting Started

    Business Security Gateway Chapter 2 Getting Started Connect Your Device Before you can use this product, you need to connect your PC or NB to this gateway first. You can connect your PC to one of LAN1~LAN4 ports through an Ethernet cable. Otherwise, your device can also connect to it through Wi-Fi.
  • Page 14 Business Security Gateway Select your language. Select “Wizard” for basic settings in a simple way. Or, you can go to Basic Network / Advanced Network / Applications / System to setup the configuration by your own selection. Press “Next” to start the Setup Wizard. Configure with the Setup Wizard Step 1 You can change the password of...
  • Page 15 Business Security Gateway Step 2 Select Time Zone. Step 3 You can select Auto detecting WAN type or setup WAN type manually for the WAN-1 interface. Step 4 The system will detect the WAN type if you choose to let the system detect automatically for the WAN-1 interface.
  • Page 16 Business Security Gateway Step 5-1 Wireless setting. You can change SSID or channel here, or keep them with default settings. SSID is the name that you will see on your PC when doing wireless network scan. Step 5-2 Wi-Fi authentication encryption settings.

  • Page 17: Chapter 3 Making Configurations

    Business Security Gateway Chapter 3 Making Configurations Whenever you want to configure your network or this device, you can access the Configuration Menu by opening the web-browser and typing in the IP Address of the device. The default IP Address is: 192.168.123.254. In the configuration section you may want to check the connection status of the device, to do Basic or Advanced Network setup or to check the system status.
  • Page 18 Business Security Gateway Afterwards, you can go Wizard, Basic Network, Advanced Network, Application or System respectively on left hand side of web page. Note: You can see the Network Status screen below after you logged in. You can also check status of wired clients at LAN Client List page, Wi-Fi at Wireless Status page, and other advanced function status at Firewall Status page, VPN Status page or System Management Status page.

  • Page 19: Basic Network

    Business Security Gateway Basic Network You can enter Basic Network for WAN, LAN&VLAN, Wireless, IPv6, NAT / Bridging, Routing, and Client/Server/Proxy settings as the icon here shown 3.1.1 WAN Setup This device is equipped with two or three WAN Interfaces to support different WAN types of connections.

  • Page 20: Physical Interface

    Business Security Gateway 3.1.1.1 Physical Interface Click on the “Edit” button for each WAN interface and you can get the detail physical interface settings and then configure the settings as well. By default, the WAN-1 interface is forced to “Always-on” mode, and operates as the primary internet connection;...

  • Page 21: Network Setup

    Business Security Gateway the Ethernet WAN1 port to operate as the primary internet connection, Please choose “Ethernet 1”. Operation Mode: There are three configurable items “Always-on”, “Fail over”, and “Disable” for the operation mode setting. It decides whether the corresponding WAN interface functions as a main access or a failover access connection.

  • Page 22: Ethernet Wan

    Business Security Gateway get proper internet connection setup. They include the Ethernet WAN(s) - the DSL ISP (Dynamic IP, Static IP, PPPoE, PPTP and L2TP connection), and the Wireless WAN - the remote wireless ISP such as 3G/4G (LTE, HSPA+, HSPA, WCDMA, EDGE, GPRS).
  • Page 23 Business Security Gateway 2. Host Name: Optional, required by some ISPs, for example, @Home. 3. ISP registered MAC Address: Some ISP would ask you to register a MAC address for Internet connection. In this case, you need to enter the registered MAC address here, or simply press “Clone”...
  • Page 24 Business Security Gateway Select this WAN type to give your static IP information. You will need to enter in the IP address, subnet mask, and gateway address, provided to you by your ISP. Each IP address entered in the fields must be in the appropriate IP form, which is four IP octets separated by a dot (x.x.x.x).
  • Page 25 Business Security Gateway one is for primary connection that provides users/devices in the LAN to access Internet; the other is a virtual connection that let remote user to manage this device. Afterwards, click on “Save” to store your settings or click “Undo” to give up the changes.
  • Page 26 Business Security Gateway connection automatically since it’s powered on. It’s recommended to choose this scheme if for mission critical applications to ensure Internet connection is available all the time. If choosing “Dial-on-Demand”, this gateway won’t start to establish Internet connection until local data is going to be sent to WAN side. After that, this gateway will disconnect WAN connection if idle time reaches value of Maximum Idle Time.
  • Page 27 Business Security Gateway connection. Your ISP will provide you with a username and password. This WAN type is typically used for DSL services. 1. WAN Type: Choose “PPTP” from the drop list 2. IP Mode: Please check the IP mode your ISP assigned, and select “Static IP Address”...
  • Page 28 Business Security Gateway 5. Connection ID: Optional, input the connection ID if your ISP requires it. 6. Connection Control: Select your connection control scheme from the drop list: Auto-Reconnect (always-on), Dial-on-Demand, or Manually. If selecting “Auto-Reconnect (always-on)”, this gateway will start to establish Internet connection automatically since it’s powered on.
  • Page 29 Business Security Gateway ISP will provide you with a username and password. This option is typically used for DSL services. 1. WAN Type: Choose “L2TP” from the drop list 2. IP Mode: Please check the IP mode your ISP assigned, and select “Static IP Address”...
  • Page 30 Business Security Gateway Auto-Reconnect (always-on), Dial-on-Demand, or Manually. If selecting “Auto-Reconnect (always-on)”, this gateway will start to establish Internet connection automatically since it’s powered on. It’s recommended to choose this scheme if for mission critical applications to ensure Internet connection is available all the time.

  • Page 31: Wireless Wan - 3G/4G

    Business Security Gateway 3.1.1.2.2 Wireless WAN – 3G/4G Click on the “Edit” button for the 3G/4G WAN interface and you can get the detail WAN settings and then configure the settings as well. 1. WAN Type: Choose “3G” from the drop list 2.
  • Page 32 Business Security Gateway 3. PIN Code: Enter the PIN Code for your SIM card(Optional) 4. Dialed Number: Enter the dialed number that is provided by your ISP. 5. Account, Password: Enter the account / Password that is provided by your ISP(Optional).

  • Page 33: Load Balance

    Business Security Gateway Idle Time. 9. Allowed Connection Time: This option allows you to limit WAN connection available in a certain time period. You can select “Always” available or “By Schedule” for connection method. If you choose “By Schedule” rule, you need to add a new schedule at System ->...
  • Page 34 Business Security Gateway 1. Load Balance: Enable or disable the load balance function. 2. Load Balance Strategy: Once you enabled the load balance function, you have to further configure which strategy is to be applied for load balancing the outbound traffics.
  • Page 35 Business Security Gateway By Priority: 1. Priority: If you choose the “By Priority” strategy, you have to further specify the outbound traffic percentage for each WAN interface. The load balancing mechanism will follow these settings to allocate proper traffics for each WAN to access the internet.

  • Page 36: Lan & Vlan Setup

    Business Security Gateway mechanism simultaneously. 1. Source IP Address: Enter the expected Source IP Address for the load balance policy. It can be “Any”, “Subnet”, “IP Range”, or “Single IP”. Just choose one type of the source IP address, and specify its value as well. If you don’t want to specify a certain source IP address for this policy, just leave it as “Any”...

  • Page 37: Network Setting

    Business Security Gateway local networks. 3.1.2.1 Network Setting Please follow the following instructions to do IPv4 Network Setup. 1. LAN IP Address: The local IP address of this device. The computer on your network must use the LAN IP address of this device as their Default Gateway. You can change it if necessary.

  • Page 38: Lan & Vlan

    Business Security Gateway Afterwards, click on “Save” to store your settings or click “Undo” to give up the changes. 3.1.2.2 LAN & VLAN This section provides a brief description of VLANs and explains how to create, and modify virtual LANs which are more commonly known as VLANs. A VLAN is a group of ports that form a logical network under a certain switch or router device.
  • Page 39 Business Security Gateway By default, all the 4 LAN ports and 8 virtual APs belong to one VLAN, and this VLAN is a NAT type network, all the local device IP addresses are allocated by DHCP server 1. If you want to divide them into different VLANs, click on the “Edit” button related to each port.

  • Page 40: Tag-Based Vlan

    Business Security Gateway VLAN, no WAN VLAN tag is allowed, and the value is forced to “0”; For Bridge type VLAN, You have to specify the VLAN Tag value that is provided by your ISP. Afterwards, click on “Save” to store your settings or click “Undo” to give up the changes.

  • Page 41: Dhcp Server

    Business Security Gateway from Internet will be tagged with the VLAN ID before it is forward to the destination belongs to this configuring VLAN group. 3. Port 1 ~ Port 4, VAP1 ~ VAP8: Specify whether it is belong to the VLAN group or not.
  • Page 42 Business Security Gateway 4. IP Pool Starting / Ending Address: Whenever there is a request, the DHCP server will automatically allocate an unused IP address from the IP address pool to the requesting computer. You must specify the starting / ending address of the IP address pool.
  • Page 43 Business Security Gateway assign IP address to local computers, but local computers will go to Internet through another gateway. Press “Clients List” and the list of DHCP clients will be shown consequently. Press “Fixed Mapping” and you can specify a certain IP address for designated local device (MAC address), so that the DHCP Server will reserve the special IP for designated devices.

  • Page 44: Wifi Setup

    Business Security Gateway 3.1.3 WiFi Setup For the wireless products, WiFi settings allow you to set the WLAN (Wireless LAN) configuration items. When the wireless configuration is done your WLAN is ready to support your local WiFi devices such as your laptop PC, wireless printer and some portable wireless devices.

  • Page 45: Ap Router Mode

    Business Security Gateway 2. Configuration Status: This configuration status will be “CONFIGURED” or “UNCONFIGURED”. “CONFIGURED” means WPS connection is following WiFi settings on this gateway. If it’s set to “UNCONFIGURED”, the WPS connection will generate a new profile. 3. Configuration Mode: Select your configuration Mode from “Registrar” or “Enrollee”.
  • Page 46 Business Security Gateway In this mode, this gateway is working as a WiFi AP, but also a WiFi hotspot. It means local WiFi clients can associate to it, and go to Internet. With its NAT mechanism, all of wireless clients don’t need to get public IP addresses from ISP. 1.
  • Page 47 Business Security Gateway including SSID so that wireless clients can know how many AP devices by scanning the network. Therefore, if this setting is configured as “Disable”, the wireless clients cannot find the device from beacons. 8. WLAN Partition: You can check the WLAN Partition function to separate the wireless clients.
  • Page 48 Business Security Gateway WLAN environments.  Auto The gateway will select appropriate authentication method according to WiFi client’s request automatically.  WPA-PSK Select Encryption mode and enter the Pre-share Key. You can fill in 64 hexadecimal (0, 1, 2…8, 9, A, B…F) digits, or 8 to 63 ASCII characters as the pre-share key.

  • Page 49: Wds Hybrid Mode

    Business Security Gateway  WPA/WPA2 If some of wireless clients can only support WPA, but most of them can support WPA2. You can choose this option to support both of them. Select Encryption mode and enter RADIUS Server related information. You have to specify the IP address, and port number for the RADIUS Server, and then fill in 64 hexadecimal (0, 1, 2…8, 9, A, B…F) digits, or 8 to 63 ASCII characters as the shared key.
  • Page 50 Business Security Gateway 1. Lazy Mode: This device support the Lazy Mode to automatically learn the MAC address of WDS peers, you don’t have to input other peer AP's MAC address. However, not all the APs can be set to enable the Lazy mode simultaneously; at least there must be one AP with all the WDS peers’...

  • Page 51: Wds Only Mode

    Business Security Gateway WPA, WPA2-PSK, WPA2, WPA-PSK/WPA2-PSK, or WPA/WPA2. 8. Scan Remote AP’s MAC List: If you do not enable the Lazy mode, you have to enter the wireless MAC address for each WDS peer one by one. Or you can press the “Scan”...
  • Page 52 Business Security Gateway 1. Lazy Mode: This device support the Lazy Mode to automatically learn the MAC address of WDS peers, you don’t have to input other peer AP's MAC address. However, not all the APs can be set to enable the Lazy mode simultaneously; at least there must be one AP with all the WDS peers’...

  • Page 53: Wireless Client List

    Business Security Gateway you have to enter the wireless MAC address for each WDS peer one by one. Afterwards, click on “Save” to store your settings or click “Undo” to give up the changes. 3.1.3.2 Wireless Client List You can browse to the Wireless Client List page for checking which wireless client devices connected to WLANs of this device.
  • Page 54 Business Security Gateway 1. Beacon interval: Beacons are packets sent by a wireless router to synchronize wireless devices. 2. DTIM interval: A DTIM is a countdown informing clients of the next window for listening to broadcast and multicast messages. When the wireless router has buffered broadcast or multicast messages for associated clients, it sends the next DTIM with a DTIM Interval value.

  • Page 55: Ipv6 Setup

    Business Security Gateway 3.1.4 IPv6 Setup The growth of the Internet has created a need for more addresses than are possible with IPv4. IPv6 (Internet Protocol version 6) is a version of the Internet Protocol (IP) intended to succeed IPv4, which is the protocol currently used to direct almost all Internet traffic.
  • Page 56 Business Security Gateway 2. Subnet Prefix Length: Enter the Prefix length of the Subnet Mask here; The subnet mask was the forerunner of the modern IP address prefix length. For example a subnet mask of 255.255.255.0 conveys exactly the same information as a prefix length of /24, a subnet mask of 255.255.255.240 is equivalent to a prefix length of /28.

  • Page 57: Dhcp V6

    Business Security Gateway 3.1.4.2 DHCP v6 When “DHCPv6” is selected you need to do the following settings: 1. IPv6 DNS (WAN IPv6 address) settings: You may select to obtain DNS server address automatically or use following DNS address. You may add IPv6 address Primary DNS address and secondary DNS address.

  • Page 58: Pppoe

    Business Security Gateway for immediate advertisements, rather than waiting for the next periodic ones to arrive; if and only if no advertisements are forthcoming, the host may retransmit the solicitation a small number of times, but then must desist from sending any more solicitations.

  • Page 59: To 4

    Business Security Gateway 7. LAN IPv6 address settings: Please enter “LAN IPv6 address” and ignore the “LAN IPv6 Link-Local address”. Address auto configuration settings: 8. Auto-configuration: Disable or enable this auto configuration setting. 9. Auto-configuration type: You may set stateless or stateful (Dynamic IPv6). 10.

  • Page 60: Ipv6 In Ipv4 Tunnel

    Business Security Gateway When “6 to 4” IPv6 is selected you need to do the following settings: 1. 6 to 4 Settings: You may obtain IPv6 DNS automatically or set DNS address manually for Primary DNS address and secondary DNS address. 2.

  • Page 61: Nat Setup

    Business Security Gateway 3.1.5 NAT Setup 3.1.5.1 Virtual Server This device’s NAT firewall filters out unrecognized packets to protect your Intranet, so all hosts behind this device are invisible to the outside world. If you wish, you can make some of them accessible by enabling the Virtual Server Mapping. A virtual server is defined as a Service Port, and all requests to this port will be redirected to the computer specified by the Server IP.

  • Page 62: Virtual Computers

    Business Security Gateway 3.1.5.2 Virtual Computers Virtual Computer enables you to use the original NAT feature, and allows you to setup the one-to-one mapping of multiple global IP address and local IP address. 1. Global IP: Enter the global IP address assigned by your ISP. 2.

  • Page 63: Nat Loopback

    Business Security Gateway This device provides some predefined settings. Select your application and click “Copy to” to add the predefined setting to your list. 1. Trigger: The outbound port number issued by the application. 2. Incoming Ports: When the trigger packet is detected, the inbound packets sent to the specified port numbers are allowed to pass through the firewall.

  • Page 64: Dmz

    Business Security Gateway when you run a server inside your network. For an example, if you set a mail server at LAN side, your local devices can access this mail server through gateway’s WAN IP address. You don’t need to change IP address of mail server no matter you are at local side or go out.

  • Page 65: Routing Setup

    Business Security Gateway 3.1.6 Routing Setup If you have more than one routers and subnets, you will need to enable routing function to allow packets to find proper routing path and allow different subnets to communicate with each other. 3.1.6.1 Static Routing For static routing, you can specify up to 32 routing rules.

  • Page 66: Dynamic Routing

    Business Security Gateway grams. You can enter the destination IP address, subnet mask, gateway, and hop for each routing rule, and then enable or disable the rule by checking or un-checking the Enable checkbox. Destination: Enter the subnet network of routed destination. Subnet Mask: Input your Subnet mask.
  • Page 67 Business Security Gateway 1. Dynamic Routing: Routing Information Protocol (RIP) will exchange information about destinations for computing routes throughout the network. Please select RIPv2 only if you have different subnets in your network. Otherwise, please select RIPv1 if you need this protocol. 2.

  • Page 68: Routing Information

    Business Security Gateway designate network reach-ability among autonomous systems (AS). It is described as a path vector protocol. BGP does not use traditional Interior Gateway Protocol (IGP) metrics, but makes routing decisions based on path, network policies and/or rule-sets. For this reason, it is more appropriately termed a reach-ability protocol rather than routing protocol.

  • Page 69: Client/Server/Proxy

    Business Security Gateway contains information about the topology of the network immediately around it. This page displays the routing table maintained by this device. It is generated according to your network configuration. 3.1.7 Client/Server/Proxy 3.1.7.1 Dynamic DNS How does user access your server if your WAN IP address changes all the time? One way is to register a new domain name, and maintain your own DNS server.
  • Page 70 Business Security Gateway 1. DDNS: Select enable if you would like to trigger this function. 2. Provider: The DDNS provider supports service for you to bind your IP(even private IP) with a certain Domain name. You could choose your favorite provider. 3.

  • Page 71: Advanced Network

    Business Security Gateway Advanced Network This device also supports many advanced network features, such as Firewall, QoS, VPN Security, Redundancy, and Management. You can finish those configurations in this section. 3.2.1 Firewall The firewall functions include Packet Filters, URL Blocking, Web Content Filter, MAC Control, L7 Application Filter, Access Control, and IPS.
  • Page 72 Business Security Gateway 1. Packet Filters: Check if you want to enable Packet Filter function. 2. Well-known Services: To help you setup quickly, it shows port information of many well-known services for your choice. You can select the application and specify a rule ID, then press on the “Copy to”...

  • Page 73: Url Blocking

    Business Security Gateway 4. Log Alert: Enable Log Alert will record events that are blocked by these rules. Rule Definition: You can enter the Source IP, destination IP / Port, Protocol, and Schedule settings for each packet filter rule, and then enable or disable the rule by checking or un-checking the Enable checkbox.
  • Page 74 Business Security Gateway 1. URL Blocking: Check if you want to enable URL Blocking. 2. Black List / White List: Select one of the two filtering policies for the defined rules. Black List - Allow all to pass except those match the specified rules. White List - Deny all to pass except those match the specified rules 3.

  • Page 75: Web Content Filter

    Business Security Gateway 3.2.1.3 Web Content Filter Web Content filter can block files with the specific extension, like ".exe", ".bat" (applications), "mpeg” (video), and Scripts Type, like Java Applet, Java Scripts, cookies, Active X. 1. Web Content Filters: Check if you want to enable Web Content Filter. 2.

  • Page 76: Mac Control

    Business Security Gateway 3.2.1.4 MAC Control MAC Control allows you to assign different access right for different users based on device’s MAC address. 1. MAC Control: Check “Enable” to enable the “MAC Control”. All of the settings in this page will take effect only when “Enable” is checked. 2.

  • Page 77: L7 Filter

    Business Security Gateway disabled individually. Afterwards, click on “Save” to store your settings or click “Undo” to give up the changes. 3.2.1.5 L7 Filter L7 Filter can categorize Internet Protocol packets based on their application layer data. BDE702 / BDE761 / BDE771 User Manual...

  • Page 78: Access Control

    Business Security Gateway This device supports the L7 application filter for various Internet Chat Software, P2P download, Proxy, and streaming Video. You can select the applications to be blocked after the function is enabled, and specify the schedule rule for such application filter. 3.2.1.6 Access Control 1.

  • Page 79: Others

    Business Security Gateway You can enable the DoS Defense function and check the listed intrusion activities if necessary. 3.2.1.8 Others 1. Stealth Mode: Enable this feature, this device will not respond to port scans from the WAN so that makes it less susceptible to discovery and attacks on the Internet.

  • Page 80: Qos (Quality Of Service)

    Business Security Gateway pass through the router like IP address, port address, ACK, SEQ number and so on. And the router will check every incoming packet to detect if this packet is valid. Afterwards, click on “Save” to store your settings or click “Undo” to give up the changes.

  • Page 81: Rule-Based Qos

    Business Security Gateway 1. Bandwidth of Upstream: Input the maximum bandwidth of uplink in Kbps. 2. Bandwidth of Downstream: Input the maximum bandwidth of downlink in Kbps. 3. Flexible Bandwidth Management: It’s strongly recommended you to enable this option to exploit maximum bandwidth effectively. 3.2.2.2 Rule-based QoS This gateway provides lots of flexible rules for you to set QoS policies.

  • Page 82: Creating A Qos Rule Based On Ip Grouping

    Business Security Gateway As to how to create a rule-QoS rule, please refer to the following sub-sections. 3. Rule List: Once you saved a QoS rule, it will be displayed in the Rule Lists area as below. Besides, you can move up or down the priority of all rules by clicking on the ‘↑’or ’↓’...
  • Page 83 Business Security Gateway 1. Rule: Enable the rule setting first. 2. Grouping: Choose IP from the list, and indicate single IP address or a segment IP range in following field. As the example above, this rule applies on IP address from 192.168.123.10 to 192.168.123.20.
  • Page 84 Business Security Gateway Pre-defined Application profiles: This option is similar to Service Port, but lists many well-known services for your reference. You can just select one service type from the list instead of typing by yourself. Connection Sessions: Choose this option if you want to limit connection sessions on those selected hosts.
  • Page 85 Business Security Gateway 6. Sharing Method: This option is only available when “MAXR”, “MINR”, or “SESSION” is chosen in “Control” field. If you want to apply the value of Control setting on each selected host, then you need to select “Single”. Otherwise, if the value of Control setting is applying on all selected hosts, then you need to select “Grouping”.

  • Page 86: Creating A Qos Rule Based On Mac Grouping

    Business Security Gateway Grouping: Select “IP” and entry IP range. Service: Select “Connection Sessions”. Control: Select “SESSION”, and set session number to 200. Direction: Select “Out” for Out-bound traffic only. It is for the client devices under the gateway to establish session with servers on the Internet. Sharing Method: Select “Single”...
  • Page 87 Business Security Gateway as below. PRI: Set priority for data packets of selected hosts. The value is from 1 to 6. “1” is with highest priority, and “6” is with least priority. MAXR: Indicate the maximum bandwidth for selected hosts. The measurement unit can be Kbps or Mbps.

  • Page 88: Vpn Setup

    Business Security Gateway 3.2.3 VPN Setup A virtual private network (VPN) extends a private network across a public network, such as the Internet. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefitting from the functionality, security and management policies of the private network.
  • Page 89 Business Security Gateway head quarter or branch offices. Either local or remote BDE7xxAM gateway which can be recognized by a static IP address or a FQDN can initiate the establishing of an IPSec VPN tunnel. Two peers of the tunnel have their own Intranets and the secure tunnel serves between these two subnets of hosts for data communication.

  • Page 90: Ipsec Configuration

    Business Security Gateway data on Internet, checking personal emails, or accessing company servers, all are done in a secure way through local VPN gateway. 3.2.3.1.2 IPSec Configuration 1. IPSec: You could trigger the function of IPSec VPN if you check “Enable”. 2.

  • Page 91: Tunnel List & Status

    Business Security Gateway with the number of maximum current activated IPSec tunnels that is smaller or equal to 32. You can add new, edit or delete some IPSec tunnels in Tunnel List & Status as follows. 3.2.3.1.3 Tunnel List & Status 1.

  • Page 92: Local & Remote Configuration

    Business Security Gateway 6. Keep-alive: Check “Enable” box to keep alive the tunnel. By default, keep-alive method is “Ping IP” and other options depend on product models. Input the IP address of remote host that exist in the opposite side of the VPN tunnel (Ex. You can input the LAN IP address of remote VPN gateway).

  • Page 93: Ike Phase

    Business Security Gateway 1. Key Management: Select IKE+Pre-shared Key or Manually. Other options depend on product models. By default, IKE+Pre-shared Key method is adopted for key management. It is the first key used in IKE phase for both VPN tunnel initiator and responder to negotiate further security keys to be used in IPSec phase.

  • Page 94: Ike Proposal Definition

    Business Security Gateway during tunnel establishing to VPN server. Finally, for Client role, there are two additional parameters to fill: “User Name” and “Password” for valid user for that tunnel. 3. Dead Peer Detection: This feature will detect if remote VPN peer still exists. Delay indicates the interval between detections, and Timeout indicates the timeout of detected to be dead.

  • Page 95: Ipsec Proposal Definition

    Business Security Gateway 3.2.3.1.10 IPSec Proposal Definition There are 4 IPSec proposals can be defined by you and used in IPSec tunnel establishing. 1. Encryption: There are six algorithms can be selected: DES, 3DES, AES-auto, AES-128, AES-192, and AES-256. 2. Authentication: There are five algorithms can be selected: None, MD5, SHA1, SHA2-256 and SHA2-512.

  • Page 96: Pptp

    Business Security Gateway algorithm. Its length is 16 in hex format if encryption algorithm is DES or 48 if 3DES. However, AES-128 uses 32 length of hex format, AES-192 uses 48 length of hex format, and AES-256 uses 64 length of hex format. The key value should be set in hex formatted here.

  • Page 97: Pptp Client

    Business Security Gateway 1. PPTP Server Configuration: Enable or Disable PPTP server function. 2. Server Virtual IP: The IP address of PPTP server. This IP address should be different from IP address of L2TP server and LAN subnet of VPN gateway. 3.
  • Page 98 Business Security Gateway 1. PPTP Client Configuration: Enable or Disable PPTP client function. 2. PPTP Client List & Status: You can input up to 10 different user accounts for PPTP clients, and define each user account settings by clicking on the corresponding “Edit”...

  • Page 99: L2Tp

    Business Security Gateway 7. Password: The password which is provided by remote PPTP server. 8. Default Gateway: You can check the “Enable” checkbox to set this tunnel as the default gateway for WAN connection. 9. Peer Subnet: The LAN subnet of remote PPTP server. 10.
  • Page 100 Business Security Gateway 1. L2TP Server Configuration: Enable or Disable L2TP server function. 2. L2TP Over IPSec: L2TP over IPSec VPNs allow you to transport data over the Internet, while still maintaining a high level of security to protect data. Enter a Pre-sharekey when you use some devices, like Apple related mobile devices to establish L2TP tunnels 3.

  • Page 101: L2Tp Client

    Business Security Gateway 3.2.3.3.2 L2TP Client 1. L2TP Client Configuration: Enable or Disable L2TP client function. 2. L2TP Client List & Status: You can input up to 10 different user accounts for L2TP clients, and define each user account settings by clicking on the corresponding “Edit”...

  • Page 102: Gre Tunnel

    Business Security Gateway 5. Password: The password which is provided by remote L2TP server. 6. Default Gateway: You can check the “Enable” checkbox to set this tunnel as the default gateway for WAN connection. 7. Peer Subnet: The LAN subnet of remote L2TP server. 8.

  • Page 103: Gre Rule Configuration

    Business Security Gateway 2. Delete: Delete selected tunnels by checking the “Select” box at the end of each tunnel list and then clicking the “Delete” button. 3. Tunnel: Check the “Enable” box to activate the IPSec tunnel. 4. Edit: You can edit one tunnel configuration by clicking the “Edit” button at the end of each tunnel list.

  • Page 104: Redundancy

    Business Security Gateway 3.2.4 Redundancy 3.2.4.1 VRRP The Virtual Router Redundancy Protocol (VRRP) is a computer networking protocol providing device redundancy. It allows a backup router or switch to automatically take over if the primary (master) router or switch fails. This increases the availability and reliability of routing paths via automatic default gateway selections on an IP network.

  • Page 105: System Management

    Business Security Gateway 1. VRRP: Enable or Disable the VRRP function. 2. Virtual Server ID: Means Group ID. Specify the ID number of the virtual server. 3. Priority of Virtual Server: Specify the priority to use in VRRP negotiations. Valid values are 1-254, and a larger value has higher priority.

  • Page 106: Snmp

    Business Security Gateway This device supports the UPnP Internet Gateway Device (IGD) feature. By default, it is enabled. 3.2.5.2 SNMP In brief, SNMP, the Simple Network Management Protocol, is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.
  • Page 107 Business Security Gateway from WAN. 2. WAN Access IP Address: If you want to limit the remote SNMP access to specific computer, please enter the PC`s IP address. The default value is 0.0.0.0, and it means that any internet connected computer can get some information of the device with SNMP protocol.
  • Page 108 Business Security Gateway 3.2.5.3 TR-069 TR-069 is a customized feature for ISP, It is not recommend that you change the configuration for this. If you have any problem in using this feature for device management, please contact with your ISP or the ACS provider for help. BDE702 / BDE761 / BDE771 User Manual...

  • Page 109: System

    Business Security Gateway System In this section you can see system information, system logs, use system tools for system update and do service scheduling and system administration setting. 3.3.1 System Information You can view the System Information in this page. BDE702 / BDE761 / BDE771 User Manual...

  • Page 110: System Status

    Business Security Gateway 3.3.2 System Status 3.3.2.1 Web Log 1. Log Types: You can select the log types to be collected in the web log area. There are “System”, “Attacks”, “Drop”, and “Debug” types for you to select. 2. Web Log: You can browse, refresh, download, and clear the log messages. 3.3.2.2 Syslog This device can also export system logs to specific destination by means of syslog (UDP) and SMTP(TCP).

  • Page 111: Email Alert

    Business Security Gateway 3.3.2.3 Email Alert This device can also export system logs via sending emails to specific recipients. The items you have to setup include: 1. Setting of Email alert: Check if you want to enable Email alert (send syslog via email).

  • Page 112: Fw Upgrade

    Business Security Gateway 3.3.3.2 FW Upgrade If new firmware is available, you can upgrade router firmware through the WEB GUI here Press “browse” button to indicate the file name of new firmware, and then press Upgrade button to start to upgrade new firmware on this device. If you want to upgrade a firmware which is from GPL policy, please check “Accept unofficial firmware”.

  • Page 113: System Time

    Business Security Gateway 3.3.3.3 System Time If new firmware is available, you can upgrade router firmware through the WEB GUI here 1. Time Zone: Select a time zone where this device locates. 2. Auto-Synchronization: Check the “Enable” checkbox to enable this function. Besides, you can select a NTP time server to consult UTC time.
  • Page 114 Business Security Gateway 1. Backup Setting: You can backup your settings by clicking the “Backup” button and save it as a bin file. Once you want to restore these settings, please click Firmware Upgrade button and use the bin file you saved. 2.

  • Page 115: Scheduling

    Business Security Gateway 3.3.4 Scheduling You can set the schedule time to decide which service will be turned on or off. The added rules will be listed. 1. Enable: Enable or disable the scheduling function. 2. Add New Rule: To create a schedule rule, click the “Add New” button or the “Add New Rule…”...

  • Page 116: Mmi

    Business Security Gateway 3.3.5 MMI 3.3.5.1 Web UI You can set UI administration time-out duration in this page. If the value is “0”, means the time-out is unlimited. BDE702 / BDE761 / BDE771 User Manual...

  • Page 117: Chaptor 4 Troubleshooting

    Business Security Gateway CHAPTOR 4 Troubleshooting This Chapter provides solutions to problems for the installation and operation of the WiFi Broadband Router. You can refer to the following if you are having problems. 1 Why can’t I configure the router even the cable is plugged and the LED is lit? Do a Ping test to make sure that the WiFi Note: It is recommended that you...
  • Page 118 Business Security Gateway properly. Network adapter names will vary depending on your specific adapter. The installation steps listed below are applicable for all network adapters. Go to Start > Right click on “My Computer” > Properties. Select the Hardware Tab. Click Device Manager.
  • Page 119 Business Security Gateway and then test the wireless connection. III. Disable all security settings such as WEP, and MAC Address Control. IV. Turn off the WiFi Broadband Router and the client, then restart it and then turn on the client again. Ensure that the LEDs are indicating normally.
  • Page 120 Business Security Gateway Try changing the channel on the WiFi Broadband Router, and your Access Point and Wireless adapter to a different channel to avoid interference. III. Keep your product away from electrical devices that generate RF noise, like microwaves, monitors, electric motors, etc. 4 What to do if I forgot my encryption key? 1.

  • Page 121: Appendix A. Licensing Information

    Business Security Gateway Appendix A. Licensing information This product includes copyrighted third-party software licensed under the terms of the GNU General Public License. Please refer to the GNU General Public License below to check the detailed terms of this license. The following parts of this product are subject to the GNU GPL, and those software packages are copyright by their respective authors.
  • Page 122 Business Security Gateway GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it.
  • Page 123 Business Security Gateway GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program"...
  • Page 124 Business Security Gateway distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange;...
  • Page 125 Business Security Gateway copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.

This manual is also suitable for:

Bde771-001Bde761-001

Table of Contents