BiPAC 7402GX Series 3G/ADSL2+ (802.11g) (VPN) Firewall Router User’s Manual Version Release 5.53.s1.
Table of Contents CHAPTER 1: INTRODUCTION ............................................................................................................. 3 INTRODUCTION TO YOUR ROUTER................................................................................................. 3 FEATURES .............................................................................................................................................. 3 CHAPTER 2: INSTALLING THE ROUTER ............................................
DHCP Server .................................................................................................................................. 39 WAN - Wide Area Network.................................................................................................................. 40 WAN Interface................................................................................................................................ 40 WAN Profile ....................................................................
(802.11g) ADSL2+ (VPN) Firewall Router Chapter 1: Introduction Introduction to your Router Welcome to the (802.11g) ADSL2+ (VPN) Firewall Router. The router is an “all-in-one” ADSL router, combining an ADSL modem, ADSL router and Ethernet network switch functionalities, providing everything you need to get the machines on your network connected to the Internet over your ADSL broadband connection.
(802.11g) ADSL2+ (VPN) Firewall Router leverages TCP/IP and the Web to enable seamless proximity networking in addition to control and data transfer among networked devices. With this feature enabled, users can now connect to Net meeting or MSN Messenger seamlessly. Network Address Translation (NAT) Allows multi-users to access outside resources such as the Internet simultaneously with one IP address/one Internet access account.
(802.11g) ADSL2+ (VPN) Firewall Router Simple Network Management Protocol (SNMP) It is an easy way to remotely manage the router via SNMP. Web based GUI It supports web based GUI for configuration and management. It is user-friendly and comes with on-line help. It also supports remote management capability for remote users to configure and manage this product. Firmware Upgradeable Device can be upgraded to the latest firmware through the WEB based GUI.
(802.11g) ADSL2+ (VPN) Firewall Router Chapter 2: Installing the Router Important note for using this router Warning 9 Do not use this router under high humidity or high temperatures. 9 Do not use the same power source for this router as other equipment. 9 Do not open or repair the case by yourself. If this router is too hot, turn off the power immediately and have it repaired at a qualified service center. 9 Avoid using this product and all accessories outdoors.
(802.11g) ADSL2+ (VPN) Firewall Router The Front LEDs 1 2 3 4 5 6 7 LED Meaning 1 Power Lit when power turns ON. Lit in red means the system is failed. To restart the device or connect Billion for searching support. 2 LAN Port 1X — 4X (RJ-45 connector) Lit when one of LAN ports connected to an Ethernet device. The speed of transmission hits 100Mbps appears Green; The speed of transmission hits 10Mbps appears Orange. Blinking when data is Transmitted / Received.
(802.11g) ADSL2+ (VPN) Firewall Router The Rear Ports 1 2 3 4 5 6 7 8 The Ethernet Port # 4 can be used as a console port. You need a special console tool which already includes in the package to connect with LAN port 4 and PC’s RS-232 port (9-pin serial port). Port Meaning Antenna 1 (Wireless Router only) Connect the detachable antenna to this port. 2 DSL Connect the supplied RJ-11 (“telephone”) cable on this port when connecting to the ADSL/telephone network.
(802.11g) ADSL2+ (VPN) Firewall Router Cabling One of the most common causes of problems is the bad cabling or ADSL line(s). Make sure that all connected devices are turned on. On the front of the product is a bank of LEDs. Verify that the LAN Link and ADSL line LEDs are lit. If they are not, verify that you are using the proper cables. Ensure that all other devices connected to the same telephone line as your router (e.g.
(802.11g) ADSL2+ (VPN) Firewall Router Chapter 3: Basic Installation The router can be configured with your web browser. A web browser is included as a standard application in the following operating systems: Linux, Mac OS, Windows 98/NT/2000/XP/Me, etc. The product provides an easy and user-friendly interface for configuration. Please check your PC’s network components. The TCP/IP protocol stack and Ethernet network adapter must be installed.
(802.11g) ADSL2+ (VPN) Firewall Router Connecting Your Router 1. Connect this router to a LAN (Local Area Network) and the ADSL/telephone (ADSL) network. 2. Power on the device. 3. Make sure the Power is lit steadily and that the LAN LED is lit. 4. Connect RJ-11 cable to LINE Port when connecting to the telephone wall jack. 5. Connect USB 2.0 cable.
(802.11g) ADSL2+ (VPN) Firewall Router Configuring PCs in Windows in Window XP 1. 2. Go to Start / Control Panel (in Classic View). In the Control Panel, double-click Network Connections. Double-click Local Area Connection. (See Figure 3.1) Figure 3.1: LAN Area Connection 3. In the LAN Area Connection Status window, click Properties. (See Figure 3.2) Figure 3.2: LAN Connection Status 4. Select Internet Protocol (TCP/IP) and click Properties. (See Figure 3.3) Figure 3.3: TCP / IP 5. 6.
(802.11g) ADSL2+ (VPN) Firewall Router Configuring PCs in Windows 2000 1. Go to Start / Settings / Control Panel. In the Control Panel, double-click Network and Dial-up Connections. 2. Double-click Local Area (“LAN”) Connection. (See Figure 3.5) Figure 3.5: LAN Area Connection 3. In the LAN Area Connection Status window, click Properties. (See Figure 3.6) Figure 3.6: LAN Connection Status 4. Select Internet Protocol (TCP/IP) and click Properties. (See Figure 3.7) Figure 3.7: TCP / IP 5.
(802.11g) ADSL2+ (VPN) Firewall Router Configuring PC in Windows 95/98/ME 1. 2. 3. Go to Start / Settings / Control Panel. In the Control Panel, double-click Network and choose the Configuration tab. Select TCP / IP -> NE2000 Compatible, or the name of any Network Interface Card (NIC) in your PC. (See Figure 3.9) Click Properties. Figure 3.9: TCP / IP 4. Select the IP Address tab. In this page, click the Obtain an IP address automatically radio button. (See Figure 3.10) Figure 3.10: IP Address 5. 6.
(802.11g) ADSL2+ (VPN) Firewall Router Configuring PC in Windows NT4.0 1. Go to Start / Settings / Control Panel. In the 2. Control Panel, double-click Network and choose the Protocols tab. Select TCP/IP Protocol and click Properties. (See Figure 3.12) Figure 3.12: TCP / IP 3. Select the Obtain an IP address from a DHCP server radio button and click OK. (See Figure 3.13) Figure 3.
(802.11g) ADSL2+ (VPN) Firewall Router Factory Default Settings Before configuring your, you need to know the following default settings. Web Interface (Username and Password) Username: admin Password: admin The default username and password are “admin” and “admin” respectively. If you ever forget the username/password to login to the router, you may press the RESET button up to 6 seconds to restore the factory default settings.
(802.11g) ADSL2+ (VPN) Firewall Router Information from your ISP Before configuring this device, you have to check with your ISP (Internet Service Provider) to find out what kind of service is provided such as DHCP (Obtain an IP Address Automatically, Static IP (Fixed IP Address) and PPPoE. Gather the information as illustrated in the following table and keep it for reference.
(802.11g) ADSL2+ (VPN) Firewall Router Configuring with your Web Browser Open your web browser, enter the IP address of your router, which by default is 192.168.1.254, and click “Go”, a user name and password window prompt will appear. The default username and password are “admin” and “admin” respectively. (See Figure 3.14) Figure 3.
(802.
(802.11g) ADSL2+ (VPN) Firewall Router Status ADSL Status This section displays the ADSL overall status, which shows a number of helpful information such as DSP firmware version. 3G Status This section displays the 3G Card’s overall status, which shows you a number of helpful information such as the current signal strength and statistics on current and total bytes transferred and received (Note: 3G card/modem does not come with the router). Status: The current status of the 3G card.
(802.11g) ADSL2+ (VPN) Firewall Router Signal Strength: The signal strength bar indicates current 3G signal strength. Network Name: The network name that the device is connected to. Card Name: The name of the 3G card. Card Firmware: The current firmware for the 3G card. Current TX Bytes / Packets: The statistics of transmission, count for this call. Current RX Bytes / Packets: The statistics of receive, count for this call.
(802.11g) ADSL2+ (VPN) Firewall Router Leased Table IP Address: The IP address that assigned to client. MAC Address: The MAC address of client. Client Host Name: The Host Name (Computer Name) of client. Expiry: The current lease time of client. Routing Table Routing Table Valid: It indicates a successful routing status. Destination: The IP address of the destination network. Netmask: The destination Netmask address.
(802.11g) ADSL2+ (VPN) Firewall Router NAT Sessions This section lists all current NAT sessions between interface of types external (WAN) and internal (LAN). UPnP Portmap The section lists all port-mapping established using UPnP (Universal Plug and Play. See Advanced section of this manual for more details on UPnP and the router’s UPnP configuration options. PPTP Status This shows details of your configured PPTP VPN Connections.
(802.11g) ADSL2+ (VPN) Firewall Router Tunnel Connected: Whether the VPN Tunnel is currently connected. Call Connected: If the Call for this VPN entry is currently connected. Encryption: The encryption type used for this VPN connection. IPSec Status This shows details of your configured IPSec VPN Connections. Name: The name you assigned to the particular VPN entry. Active: Whether the VPN Connection is currently Active. Connection State: Whether the VPN is Connected or Disconnected.
(802.11g) ADSL2+ (VPN) Firewall Router Encryption: The encryption type used for this VPN connection. Email Status Details and status for the Email Account you have configured the router to check. Please see the Advanced section of this manual for details on this function. Event Log This page displays the router’s Event Log entries.
(802.11g) ADSL2+ (VPN) Firewall Router Diagnostic It tests the connection to computer(s) which is connected to LAN ports and also the WAN Internet connection. If PING www.google.com is shown FAIL and the rest is PASS, you ought to check your PC’s DNS settings is set correctly. Quick Start 1. Click Quick Start. Select the connect mode you want. There are two options you can choose, ADSL and 3G. Select ADSL from Connect Mode drop-down menu, and click Continue. 2.
(802.11g) ADSL2+ (VPN) Firewall Router 4. The list below has different mode applied for your choice. click Apply. Choose 0/33/PPPoE(Recommended) and 5. Please enter “Username” and “Password” as supplied by your ISP(Internet Service Provider) and click Apply to continue.
(802.11g) ADSL2+ (VPN) Firewall Router Profile Port: Select the connection mode. There are ADSL and 3G. Encapsulation: Select the encapsulation mode. The default mode is PPPoE. VPI/VCI: Enter the VPI and VCI information provided by your ISP. Username: Enter the username provided by your ISP. Password: Enter the password provided by your ISP. Service Name: This item is for identification purposes. If it is required, your ISP provides you the information. Authentication Protocol: Default is Auto.
(802.11g) ADSL2+ (VPN) Firewall Router 7. Wait for the configuration. 8. When ADSL is synchronic, it will appear “check”. Configuration When you click this item, you get following sub-items to configure the ADSL router. - LAN, WAN, System, Firewall, VPN, QoS, Virtual Server, Time Schedule and Advanced These functions are described below in the following sections.
(802.11g) ADSL2+ (VPN) Firewall Router Bridge Interface You can setup member ports for each VLAN group under Bridge Interface section. From the example, two VLAN groups need to be created. Ethernet: P1 (Port 1) Ethernet1: P2, P3 and P4 (Port 2, 3, 4). Uncheck P2, P3, P4 from Ethernet VLAN port first. Note: You should setup each VLAN group with caution. Each Bridge Interface is arranged in this order.
(802.11g) ADSL2+ (VPN) Firewall Router IP Alias This function creates multiple virtual IP interfaces on this router. It helps to connect two or more local networks to the ISP or remote node. In this case, an internal router is not required. IP Address: Specify an IP address on this virtual interface. SubNetmask: Specify a subnet mask on this virtual interface. Security Interface: Specify the firewall setting on this virtual interface. Internal: The network is behind NAT.
(802.11g) ADSL2+ (VPN) Firewall Router Ethernet Client Filter The Ethernet Client Filter supports up to 16 Ethernet network machines that helps you to manage your network control to accept traffic from specific authorized machines or can restrict unwanted machine(s) to access your LAN. There are no pre-define Ethernet MAC address filter rules; you can add the filter rules to meet your requirements. Ethernet Client Filter: Default setting is set Disable.
(802.11g) ADSL2+ (VPN) Firewall Router the Ethernet Client Filter table. The maximum Ethernet client is 16. Wireless (Wireless Router only) Parameters WLAN Service: Default setting is set to Enable. 802.11b, device in your network, select Disable. If you do not have any wireless, both 802.11g and Mode: The default setting is 802.11b+g (Mixed mode). If you do not know or have both 11g and 11b devices in your network, then keep the default in mixed mode. From the drop-down manual, you can select 802.
(802.11g) ADSL2+ (VPN) Firewall Router adjust this power level from minimum 1 up to maximum 127. Note: The Power Level maybe different in each access network user premises environment and choose the most suitable level for your network. Connected: Representing in true or false. That it is the connection status between the system and the build-in wireless card. AP MAC Address: It is a unique hardware address of the Access Point. AP Firmware Version: The Access Point firmware version.
(802.11g) ADSL2+ (VPN) Firewall Router Wireless Security (Wireless Router only) You can disable or enable with WPA or WEP for protecting wireless network. The default mode of wireless security is disabled. WPA-PSK / WPA2-PSK / WEP Security Mode: You can disable or enable with WPA or WEP for protecting wireless network. The default mode of wireless security is Disable. WPA Algorithms: There are two types of the WPA-PSK, WPA-PSK and WPA2-PSK.
(802.11g) ADSL2+ (VPN) Firewall Router WEP WEP Authentication: To prevent unauthorized wireless stations from accessing data transmitted over the network, the router offers secure data encryption, known as WEP. If you require high security for transmissions, there are two options to select from: Open System, Share key. WEP Encryption: To prevent unauthorized wireless stations from accessing data transmitted over the network, the router offers highly secure data encryption, known as WEP.
(802.11g) ADSL2+ (VPN) Firewall Router Wireless Client / MAC Address Filter (Wireless Router only) The MAC Address supports up to 16 wireless network machines and helps you manage your network control to accept traffic from specific authorized machines or to restrict unwanted machine(s) to access your LAN. There are no pre-define MAC Address filter rules; you can add the filter rules to meet your requirements. Wireless Client Filter: Default setting is set to Disable.
(802.11g) ADSL2+ (VPN) Firewall Router WPS WPS feature is follow Wi-Fi Alliance WPS standard and it easily set up security-enabled Wi-Fi networks in the home and small office environment. It is reduced by half the user steps to configure a network and supports two methods that are familiar to most consumers to configure a network and enable security.
(802.11g) ADSL2+ (VPN) Firewall Router DHCP Server You can disable or enable the DHCP (Dynamic Host Configuration Protocol) server or enable the router’s DHCP relay functions. The DHCP protocol allows your router to dynamically assign IP addresses to PCs on your network if they are configured to obtain IP addresses automatically. To disable the router’s DHCP Server, check Disabled and click Next, then click Apply.
(802.11g) ADSL2+ (VPN) Firewall Router WAN - Wide Area Network WAN refers to your Wide Area Network connection, i.e. your router’s connection to your ISP and the Internet. Here are the items within the WAN section: WAN Interface, WAN Profile and ADSL Mode. WAN Interface The factory default has the Connection Mode as ADSL and the Protocol as PPPoE. WAN Connection-ADSL Mode Main Port: User can select either “ADSL” or “3G” mode.
(802.11g) ADSL2+ (VPN) Firewall Router Cycle”. The host must be an IP address. WAN Connection-3G Mode In the ADSL mode, as the ADSL is not available(failover/failback), it will turn to 3G mode for supporting WAN Connection. However, in the 3G Mode, the ADSL can not support WAN Connection when 3G Mode is unavailable (Note: 3G card/modem does not come with the router).
(802.11g) ADSL2+ (VPN) Firewall Router WAN Profile PPPoE Connection PPPoE (PPP over Ethernet) provides access control in a manner which is similar to dial-up services using PPP. Profile Port: Select the profile port either ADSL or 3G. Protocol: The ATM protocol will be used in the device. Description: A given name for the connection. VPI/VCI: Enter the information provided by your ISP. ATM Class: The Quality of Service for ATM layer. Username: Enter the username provided by your ISP.
(802.11g) ADSL2+ (VPN) Firewall Router Idle Timeout: Auto-disconnect the broadband firewall gateway when there is no activity on the line for a predetermined period of time. ~ Detail: You can define the destination port and packet type (TCP/UDP) without checking by timer. It allows you to set which outgoing traffic will not trigger and reset the idle timer. MTU: Maximum Transmission Unit. The size of the largest datagram (excluding media-specific headers) that IP will attempt to send through the interface.
(802.11g) ADSL2+ (VPN) Firewall Router NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single IP account, sharing the single IP address. If users on your LAN have public IP addresses and can access the Internet directly, the NAT function can be disabled. IP (0.0.0.0:Auto): Your WAN IP address. Leave this at 0.0.0.0 to obtain automatically an IP address from your ISP. Auth. Protocol: Default is Auto.
(802.11g) ADSL2+ (VPN) Firewall Router MPoA Connection Profile Port: Select the profile port either ADSL or 3G. Protocol: The ATM protocol will be used in the device. Description: A given name for the connection. VPI/VCI: Enter the information provided by your ISP. ATM Class: The Quality of Service for ATM layer. NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single IP account, sharing a single IP address.
(802.11g) ADSL2+ (VPN) Firewall Router IPoA Routed Connection Profile Port: Select the profile port either ADSL or 3G. Protocol: The ATM protocol will be used in the device. Description: A given name for the connection. VPI/VCI: Enter the information provided by your ISP. ATM Class: The Quality of Service for ATM layer. NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single IP account, sharing a single IP address.
(802.11g) ADSL2+ (VPN) Firewall Router Pure Bridge Profile Port: Select the profile port either ADSL or 3G. Protocol: The ATM protocol will be used in the device. Description: A given name for this connection. VPI/VCI: Enter the information provided by your ISP. ATM Class: The Quality of Service for ATM layer. Encap. mode: Choose whether you want the packets in WAN interface as bridged packet or routed packet.
(802.11g) ADSL2+ (VPN) Firewall Router ADSL Mode Connect Mode: This mode will automatically detect your ADSL line code, ADSL2+, ADSL2, AnnexM2 and AnnexM2+, ADSL, All. Please keep the factory setting unless ADSL is detected as the symptom of synchronization problem. Modulation: It will automatically detect capability of your ADSL line mode. Please keep the factory setting unless ADSL is detected as the symptom of synchronization problem.
(802.11g) ADSL2+ (VPN) Firewall Router System Here are the items within the System section: Time Zone, Remote Access, Firmware Upgrade, Backup/Restore, Restart and User Management. Time Zone The router does not have a real time clock on board; instead, it uses the Simple Network Time Protocol (SNTP) to get the current time from an SNTP server outside your network. Choose your local time zone, click Enable and click the Apply button.
(802.11g) ADSL2+ (VPN) Firewall Router Remote Access To temporarily permit remote administration of the router (i.e. from outside your LAN), select a time period the router will permit remote access for and click Enable. You may change other configuration options for the web administration interface using Device Management options in the Advanced section of the GUI. If you wish to permanently enable remote access, choose a time period of 0 minute.
(802.11g) ADSL2+ (VPN) Firewall Router Firmware Upgrade Your router’s “firmware” is the software that allows it to operate and provides all its functionality. Think of your router as a dedicated computer, and the firmware as the software it runs. Over time this software may be improved and revised, and your router allows you to upgrade the software it runs to take advantage of these changes. Clicking on Browse will allow you to select the new firmware image file you have downloaded to your PC.
(802.11g) ADSL2+ (VPN) Firewall Router Backup / Restore These functions allow you to save and backup your router’s current settings to a file on your PC, or to restore a previously saved backup. This is useful if you wish to experiment with different settings, knowing that you have a backup handy in the case of any mistakes. It is advisable to backup your router’s settings before making any significant changes to your router’s configuration.
(802.11g) ADSL2+ (VPN) Firewall Router Restart Router Click Restart with option Current Settings to reboot your router (and restore your last saved configuration). If you wish to restart the router using the factory default settings (for example, after a firmware upgrade or if you have saved an incorrect configuration), select Factory Default Settings to reset to factory default settings.
(802.11g) ADSL2+ (VPN) Firewall Router User Management In order to prevent unauthorized access to your router’s configuration interface, it requires all users to login with a password. You can set up multiple user accounts, each with their own password. You are able to Edit existing users and Add new users who are able to access the device’s configuration interface.
(802.11g) ADSL2+ (VPN) Firewall Router 1 2 3 4 For deleting the user account, you choose Delete option. delete the chosen user account. In the end, you click Edit/Delete button to 2 1 Firewall and Access Control Your router includes a full SPI (Stateful Packet Inspection) firewall for controlling Internet access from your LAN, as well as helping to prevent attacks from hackers.
(802.11g) ADSL2+ (VPN) Firewall Router Firewall: Prevents access from outside your network. The router provides three levels of security support: NAT natural firewall: This masks LAN users’ IP addresses which is invisible to outside users on the Internet, making it much more difficult for a hacker to target a machine on your network. This natural firewall is on when NAT function is enabled.
(802.11g) ADSL2+ (VPN) Firewall Router add their own filter rules for further access to the Internet. ~ High/Medium/Low security level: the predefined port filter rules for High, Medium and Low security are displayed in Port Filters of Packet Filter. Select either High, Medium or Low security level to enable the Firewall. The only difference between these three security levels is the preset port filter rules in the Packet Filter.
(802.11g) ADSL2+ (VPN) Firewall Router Packet Filter This function is only available when the Firewall is enabled and one of these four security levels is chosen (All blocked, High, Medium and Low). The preset port filter rules in the Packet Filter must modify accordingly to the level of Firewall, which is selected. See Table1: Predefined Port Filter for more detail information.
(802.11g) ADSL2+ (VPN) Firewall Router Example: Predefined Port Filters Rules The predefined port filter rules for High, Medium and Low security levels are listed. See Table 1. Note: Firewall – All Blocked/User-defined, you must define and create the port filter rules yourself. No predefined rule is being preconfigured.
(802.11g) ADSL2+ (VPN) Firewall Router MSN (7001) UDP(17) 7001 7001 YES MSN VEDIO TCP(6) (9000) 9000 9000 NO YES N/A N/A N/A N/A YES N/A N/A N/A N/A Inbound: Internet to LAN ; Outbound: LAN to Internet. YES: Allowed ; NO: Blocked ; N/A: Not Applicable Packet Filter – Add TCP/UDP Filter Rule Name: Users-define description to identify this entry or click “Select” drop-down menu to select existing predefined rules. The maximum name length is 32 characters.
(802.11g) ADSL2+ (VPN) Firewall Router Rule Name Helper: Users-define description to identify this entry or choosing “Select” drop-down menu to select existing predefined rules. Time Schedule: It is self-defined time period. You may specify a time schedule for your prioritization policy. For setup and detail, refer to Time Schedule section Protocol Number: Insert the port number, i.e. GRE 47. Inbound / Outbound: Select Allow or Block the access to the Internet (“Outbound”) or from the Internet (“Inbound”).
(802.11g) ADSL2+ (VPN) Firewall Router Example: Configuring your firewall to allow a publicly accessible web server on your LAN The predefined port filter rule for HTTP (TCP port 80) is the same no matter whether the firewall is set to a high, medium or low security level. To setup a web server located on the local network when the firewall is enabled, you have to configure the Port Filters setting for HTTP.
(802.11g) ADSL2+ (VPN) Firewall Router Configuring Packet Filter: 1. Click Packet Filters. You will then be presented with the predefined port filter rules screen (in this case for the low security level), shown below: Note: You may click Edit the predefined rule instead of Delete it. This is an example to show to how you add a filter on your own. 2. Choose the radio button you want to delete the existing HTTP rule. delete the existing HTTP rule. Click Edit/Delete button to 2 1 3.
(802.11g) ADSL2+ (VPN) Firewall Router Example: Application: Cindy_HTTP Time Schedule: Always On Source / Destination IP Address(es): 0.0.0.0 (I do not wish to active the address-filter, instead I use the port-filter) Type: TCP (Please refer to Table1: Predefined Port Filter) Source Port: 0-65535 (I allow all ports to connect with the application)) Redirect Port: 80-80 (This is Port defined for HTTP) Inbound / Outbound: Allow 4. The new port filter rule for HTTP is shown below: 5.
(802.11g) ADSL2+ (VPN) Firewall Router Intrusion Detection The router’s Intrusion Detection System (IDS) is used to detect hacker attacks and intrusion attempts from the Internet. If the IDS function of the firewall is enabled, inbound packets are filtered and blocked depending on whether they are detected as possible hacker attacks, intrusion attempts or other connections that the router determines to be suspicious.
(802.11g) ADSL2+ (VPN) Firewall Router Default value is 86400 seconds. ~ DoS Attack Block Duration: This is the duration for blocking hosts that attempt a possible Denial of Service (DoS) attack. Possible DoS attacks this attempts to block include Ascend Kill and WinNuke. Default value is 1800 seconds. Max TCP Open Handshaking Count: This is a threshold value to decide whether a SYN Flood attempt is occurring or not. Default value is 100 TCP SYN per seconds.
(802.
(802.11g) ADSL2+ (VPN) Firewall Router URL Filter URL (Uniform Resource Locator – e.g. an address in the form of http://www.abcde.com or http://www.example.com) filter rules allow you to prevent users on your network from accessing particular websites by their URL. There are no pre-defined URL filter rules; you can add filter rules to meet your requirements. Enable/Disable: To enable or disable URL Filter feature. Block Mode: A list of the modes that you can choose to check the URL filter rules.
(802.11g) ADSL2+ (VPN) Firewall Router Domains Filtering: This function checks the whole URL not the IP address, in URLs accessed against your list of domains to block or allow. If it is matched, the URL request will be sent (Trusted) or dropped (Forbidden). For this function to be activated, both check-boxes must be checked. Here is the checking procedure: 1. Check the domain in the URL to determine if it is in the trusted list. If yes, the connection attempt is sent to the remote web server. 2.
(802.11g) ADSL2+ (VPN) Firewall Router IM / P2P Blocking IM, short for Instant Message, is required to use client program software that allows users to communicate, in exchanging text message, with other IM users in real time over the Internet. A P2P application, known as Peer-to-peer, is group of computer users who share file to specific groups of people across the Internet.
(802.11g) ADSL2+ (VPN) Firewall Router Firewall Log Firewall Log display log information of any unexpected action with your firewall settings. Check the Enable box to activate the logs. Log information can be seen in the Status – Event Log after enabling.
(802.11g) ADSL2+ (VPN) Firewall Router VPN - Virtual Private Networks Virtual Private Networks is ways to establish secured communication tunnels to an organization’s network via the Internet. Your router supports three main types of VPN (Virtual Private Network), PPTP, IPSec and L2TP. PPTP (Point-to-Point Tunneling Protocol) There are two types of PPTP VPN supported; Remote Access and LAN-to-LAN (please refer below for more information.). Click Configuration/VPN/PPTP.
(802.11g) ADSL2+ (VPN) Firewall Router Authentication Protocol) if you know which type the server is using (when acting as a client), or else the authentication type you want clients connecting to you to use (when acting as a server). When using PAP, the password is sent unencrypted, whilst CHAP encrypts the password before sending, and also allows for challenges at different periods to ensure that an intruder has not replaced the client.
(802.11g) ADSL2+ (VPN) Firewall Router Example: Configuring a Remote Access PPTP VPN Dial-out Connection A company’s office establishes a PPTP VPN connection with a file server located at a separate location. The router is installed in the office, connected to a couple of PCs and Servers.
(802.11g) ADSL2+ (VPN) Firewall Router Configuring the PPTP VPN in the Office Click Configuration/VPN/PPTP. Choose Remote Access from Connect Type drop-down menu. You can either input the IP address (69.1.121.33 in this case) or hostname to reach the server. 1 3 2 4 Item 1 2 3 4 5 5 Connection Type Remote Access Type IP Address (or Domain name) Username Password Auth.
(802.11g) ADSL2+ (VPN) Firewall Router PPTP Connection - LAN to LAN Click Configuration/VPN/PPTP. Choose LAN to LAN from Connect Type drop-down menu. Name: A given name of the connection. Connection Type: Remote Access or LAN to LAN. Type: Check Dial Out if you want your router to operate as a client (connecting to a remote VPN server, e.g. your office server), check Dial In operates as a VPN server.
(802.11g) ADSL2+ (VPN) Firewall Router Click Edit/Delete button to save your changes.
(802.11g) ADSL2+ (VPN) Firewall Router Example: Configuring a PPTP LAN-to-LAN VPN Connection The branch office establishes a PPTP VPN tunnel with head office to connect two private networks over the Internet. The routers are installed in the head office and branch offices accordingly. Both office LAN networks MUST in different subnet with LAN to LAN application.
(802.11g) ADSL2+ (VPN) Firewall Router Configuring PPTP VPN in the Head Office The IP address 192.168.1.201 will be assigned to the router located in the branch office. Please make sure this IP is not used in the head office LAN. 1 3 2 4 6 5 Item Function 1 Name HeadOffice 2 Connection Type LAN to LAN Type IP Address Peer Network IP Netmask Username Password Auth.Type Data Encryption Key Length Mode Dial in 192.168.1.200 192.168.0.0 255.255.255.
(802.11g) ADSL2+ (VPN) Firewall Router Configuring PPTP VPN in the Branch Office The IP address 69.1.121.30 is the Public IP address of the router located in head office. If you registered the DDNS (please refer to the DDNS section of this manual), you can also use the domain name instead of the IP address to reach the router. 1 2 3 4 5 Item 6 Function Description 1 Name BranchOffice 2 Connection Type LAN to LAN Type IP Address (or Domain name ) Peer Network IP Netmask Username Password Auth.
(802.11g) ADSL2+ (VPN) Firewall Router IPSec (IP Security Protocol) Active: This function activates or deactivates the IPSec connection. Check Active checkbox if you want the protocol of tunnel to be activated and vice versa. Note: When the Active checkbox is checked, the function of Edit and Delete will not be available. Name: This is a given name of the connection. Local Subnet: Displays IP address and subnet of the local network. Remote Subnet: Displays IP address and subnet of the remote network.
(802.11g) ADSL2+ (VPN) Firewall Router IPSec VPN Connection Name: A given name for the connection (e.g. “connection to office”). Local Network: Set the IP address, subnet or address range of the local network. ~ Single Address: The IP address of the local host. ~ Subnet: The subnet of the local network. For example, IP: 192.168.1.0 with netmask 255.255.255.0 specifies one class C subnet starting from 192.168.1.1 (i.e. 192.168.1.1 through to 192.168.1.254).
(802.11g) ADSL2+ (VPN) Firewall Router encryption method. Diffie-Hellman Group: It is a public-key cryptography protocol that allows two parties to establish a shared secret over an unsecured communication channel (i.e. over the Internet). There are three modes, MODP 768-bit, MODP 1024-bit and MODP 1536-bit. MODP stands for Modular Exponentiation Groups. IPSec Proposal: Select the IPSec security method.
(802.11g) ADSL2+ (VPN) Firewall Router been lost or not. It only follows the policy of Disconnection time after no traffic, which the remote IPSec will be disconnected after the time you set in this function. ~PING: This mode will detect the remote IPSec peer has lost or not by pinging specify IP address. ~DPD: Dead peer detection (DPD) is a keeping alive mechanism that enables the router to be detected lively when the connection between the router and a remote IPSec peer has lost.
(802.11g) ADSL2+ (VPN) Firewall Router Example: Configuring a IPSec LAN-to-LAN VPN Connection Table 3: Network Configuration and Security Plan Branch Office Head Office Local Network ID 192.168.0.0/24 192.168.1.0/24 Local Router IP 69.1.121.30 69.1.121.3 Remote Network ID 192.168.1.0/24 192.168.0.0/24 Remote Router IP 69.1.121.3 69.1.121.
(802.11g) ADSL2+ (VPN) Firewall Router Configuring IPSec VPN in the Head Office 1 2 3 4 5 Item 1 2 3 4 5 Function Description Name IPSec_HeadOffice Local Network Subnet IP Address Netmask Remote Secure Gateway IP (or Hostname) 192.168.1.0 255.255.255.0 Remote Network Subnet IP Address Netmask Authentication Encryption Prefer Forward Security Pre-shared Key 192.168.0.0 255.255.255.0 MD5 3DES None 12345678 69.121.1.
(802.11g) ADSL2+ (VPN) Firewall Router Configuring IPSec VPN in the Branch Office 1 2 3 4 5 Item 1 Function Name Local Network 2 3 IP Address Netmask Remote Secure Gateway IP (or Hostname) Remote Network 4 5 IP Address Netmask Authentication Encryption Prefer Forward Security Pre-shared Key Description IPSec_Branch Given a name of IPSec connection Office Select Subnet from Local Network Subnet drop-down menu. 192.168.0.0 Branch office network 255.255.255.
(802.
(802.11g) ADSL2+ (VPN) Firewall Router Configuring IPSec VPN in the Office 1 2 3 4 5 Item 1 2 3 4 5 Function Description Name IPSec Given a name of IPSec connection Select Subnet from Network drop-down menu Local Network Subnet IP Address Netmask Remote Secure Gateway IP (or Hostname) 192.168.1.0 255.255.255.0 Head office network 69.121.1.30 Remote worker’s IP address Remote Network Single Address IP Address Authentication Encryption Prefer Forward Security Pre-shared Key 69.121.1.
(802.11g) ADSL2+ (VPN) Firewall Router L2TP (Layer Two Tunneling Protocol) Two types of L2TP VPN are supported Remote Access and LAN-to-LAN (please refer below for more information.). Fill in the blank with information you need and click Add to create a new VPN connection account. Active: This function activates or deactivates the L2TP connection. Check Active checkbox if you want the protocol of tunnel to be activated and vice versa.
(802.11g) ADSL2+ (VPN) Firewall Router Active: This function activates or deactivates the L2TP connection. Check Active checkbox if you want the protocol of tunnel to be activated and vice versa. Note: When the Active checkbox is checked, the function of Edit and Delete will not be available. Type: Check Dial Out if you want your router to operate as a client (connecting to a remote VPN server, e.g. your office server), check Dial In operates as a VPN server.
(802.11g) ADSL2+ (VPN) Firewall Router allows two parties to establish a shared secret over an unsecured communication channel (i.e. over the Internet). There are three modes, MODP 768-bit, MODP 1024-bit and MODP 1536-bit. MODP stands for Modular Exponentiation Groups. Pre-shared Key: This is for the Internet Key Exchange (IKE) protocol, a string from 4 to 128 characters. Both sides should use the same key.
(802.11g) ADSL2+ (VPN) Firewall Router Example: Configuring a L2TP VPN - Remote Access Dial-in Connection A remote worker establishes a L2TP VPN connection with the head office using Microsoft's VPN Adapter (included with Windows XP/2000/ME, etc.). The router is installed in the head office, connected to a couple of PCs and Servers.
(802.11g) ADSL2+ (VPN) Firewall Router Configuring L2TP VPN in the Office The input IP address 192.168.1.200 will be assigned to the remote worker. Please make sure this IP is not used in the Office LAN. 1 2 3 5 4 6 Item Function 1 Name VPN_L2TP 2 Connection Type Remote Access Type IP Address Username Password Auth.Type IPSec Authentication Encryption Perfect Forward Secrecy Pre-shared Key Dial in 192.168.1.
(802.11g) ADSL2+ (VPN) Firewall Router Example: Configuring a Remote Access L2TP VPN Dial-out Connection A company’s office establishes a L2TP VPN connection with a file server located at a separate location. The router is installed in the office, connected to a couple of PCs and Servers.
(802.11g) ADSL2+ (VPN) Firewall Router Configuring the L2TP VPN in the Office 1 3 2 4 5 6 Item 1 2 3 4 5 6 Connection Type Remote Access Type IP Address (or Hostname) Username Password Auth.Type IPSec Authentication Encryption Perfect Forward Secrecy Pre-shared Key Dial out Description Given name of L2TP connection Select Remote Access from Connection Type drop-down menu Select Dial out from Type drop-down menu 69.121.1.
(802.11g) ADSL2+ (VPN) Firewall Router Example: Configuring your Router to Dial-in to the Server Currently, Microsoft Windows operation system does not support L2TP incoming service. software may be required to set up your L2TP incoming service. Additional L2TP Connection - LAN to LAN L2TP VPN Connection Name: A given name of the connection. Connection Type: Remote Access or LAN to LAN. Active: This function activates or deactivates the L2TP connection.
(802.11g) ADSL2+ (VPN) Firewall Router Secret: The secure password length should be 16 characters which may include numbers and characters. Active as default route: As the connection type is LAN to LAN, this function will become to disable. Remote Host Name (Optional): Enter hostname of remote VPN device. It is a tunnel identifier from the Remote VPN device matches with the Remote hostname provided. If remote hostname matches, tunnel will be connected; otherwise, it will be dropped.
(802.11g) ADSL2+ (VPN) Firewall Router Example: Configuring L2TP LAN-to-LAN VPN Connection The branch office establishes a L2TP VPN tunnel with head office to connect two private networks over the Internet. The routers are installed in the head office and branch office accordingly. Both office LAN networks MUST in different subnet with LAN to LAN application. Functions of Pre-shared Key, VPN Connection Type and Security Algorithm MUST BE identically set up on both sides.
(802.11g) ADSL2+ (VPN) Firewall Router Configuring L2TP VPN in the Head Office The IP address 192.168.1.200 will be assigned to the router located in the branch office. Please make sure this IP is not used in the head office LAN. 1 2 3 4 5 6 7 Item Function 1 Name HeadOffice 2 Connection Type LAN to LAN Type IP Address Peer Network IP Netmask Username Password Auth.Type IPSec Authentication Encryption Perfect Forward Secrecy Pre-shared Key Dial in 192.168.1.200 192.168.0.0 255.255.255.
(802.11g) ADSL2+ (VPN) Firewall Router Configuring L2TP VPN in the Branch Office The IP address 69.1.121.30 is the Public IP address of the router located in head office. If you registered the DDNS (please refer to the DDNS section of this manual), you can also use the domain name instead of the IP address to reach the router. 1 2 3 4 5 6 7 Item 1 2 3 4 5 6 7 Function Name Connection Type Type IP Address (or Hostname) Peer Network IP Netmask Username Password Auth.
(802.11g) ADSL2+ (VPN) Firewall Router QoS - Quality of Service QoS function helps you to control your network traffic for each application from LAN (Ethernet and/or Wireless) to WAN (Internet). It facilitates you to control the different quality and speed of through put for each application when the system is running with full loading of upstream. Here are the items within the QoS section: Prioritization and Outbound / Inbound IP Throttling (bandwidth management).
(802.11g) ADSL2+ (VPN) Firewall Router Note: To be sure the router(s) in the backbones network have the capability in executing and checking the DSCP through-out the QoS network.
(802.11g) ADSL2+ (VPN) Firewall Router Outbound IP Throttling (LAN to WAN) IP Throttling allows you to limit the speed of IP traffic. The value entered will limit the speed of the application that you set to the specified value’s multiple of 32kbps. Name: User-define description to identify this new policy/name. Time Schedule: Scheduling your prioritization policy. Refer to Time Schedule for more information. Protocol: The name of supported protocol.
(802.11g) ADSL2+ (VPN) Firewall Router Inbound IP Throttling (WAN to LAN) IP Throttling allows you to limit the speed of IP traffic. The value entered will limit the speed of the application that you set to the specified value’s multiple of 32kbps. Name: User-define description to identify this new policy/application. Time Schedule: Scheduling your prioritization policy. Refer to Time Schedule for more information. Protocol: The name of supported protocol.
(802.11g) ADSL2+ (VPN) Firewall Router Example: QoS for your Network Connection Diagram VoIP Normal PCs Restricted PC Information and Settings Upstream: 928 kbps Downstream: 8 Mbps VoIP User : 192.168.1.1 Normal Users : 192.168.1.2~192.168.1.5 Restricted User: 192.168.1.
(802.
(802.11g) ADSL2+ (VPN) Firewall Router Mission-critical application Mostly the VPN connection is mission-critical application for doing data exchange between head and branch office. The mission-critical application must be sent out smoothly without any dropping. Set priority as high level for preventing any other applications to saturate the bandwidth. Voice application Voice is latency-sensitive application.
(802.11g) ADSL2+ (VPN) Firewall Router With above settings that help to limit utilization of upstream of FTP. Time schedule also help you to only limit utilization at daytime. Advanced setting by using IP throttling With IP throttling you can specify more detail for allocating bandwidth; even the applications are located in the same level.
(802.11g) ADSL2+ (VPN) Firewall Router downstream bandwidth. The settings below help you to limit bandwidth for the restricted application.
(802.11g) ADSL2+ (VPN) Firewall Router Virtual Server (known as Port Forwarding) In TCP/IP and UDP networks a port is a 16-bit number used to identify which application program (usually a server) incoming connections should be delivered to. Some ports have numbers that are pre-assigned to them by the IANA (the Internet Assigned Numbers Authority), and these are referred to as “well-known ports”. Servers follow the well-known port assignments so clients can locate them.
(802.11g) ADSL2+ (VPN) Firewall Router Add Virtual Server Because NAT can act as a “natural” Internet firewall, your router protects your network from being accessed by outside users when using NAT, as all incoming connection attempts will point to your router unless you specifically create Virtual Server entries to forward those ports to a PC on your network. When your router needs to allow outside users to access internal servers, e.g.
(802.11g) ADSL2+ (VPN) Firewall Router Example: If you like to remote accessing your Router through the Web/HTTP at all time, you would need to enable port number 80 (Web/HTTP) and map to Router’s IP Address. Then all incoming HTTP requests from you (Remote side) will be forwarded to the Router with IP address of 192.168.1.254. Since port number 80 has already been predefined, next to the Application click Helper. A list of predefined rules window will pop and select HTTP_Sever.
(802.11g) ADSL2+ (VPN) Firewall Router Edit DMZ Host The DMZ Host is a local computer exposed to the Internet. When setting a particular internal IP address as the DMZ Host, all incoming packets will be checked by the Firewall and NAT algorithms then passed to the DMZ host, when a packet received does not use a port number used by any other Virtual Server entries. Cautious: This Local computer exposing to the Internet may face varies of security risks.
(802.11g) ADSL2+ (VPN) Firewall Router Edit One-to-One NAT (Network Address Translation) One-to-One NAT maps a specific private/local IP address to a global/public IP address. If you have multiple public/WAN IP addresses from you ISP, you are eligible for One-to-One NAT to utilize these IP addresses. Go to ConfigurationÆVirtual ServerÆEdit One-to-one NAT NAT Type: Select desired NAT type. As set in default setting, it disables the One-to-One NAT function.
(802.11g) ADSL2+ (VPN) Firewall Router application. Most applications will use TCP or UDP; Time Schedule: User-defined time period to enable your virtual server. You may specify a time schedule or Always on for the usage of this Virtual Server Entry. For setup and detail, refer to Time Schedule section Global IP: Define a public/ WAN IP address for this Application to use. be defined in the Global IP Address.
(802.11g) ADSL2+ (VPN) Firewall Router Example: List of some well-known and registered port numbers. The Internet Assigned Numbers Authority (IANA) is the central coordinator for the assignment of unique parameter values for Internet protocols. Port numbers range from 0 to 65535, but only ports numbers 0 to 1023 are reserved for privileged services and are designated as “well-known ports” (Please refer to Table 5). The registered ports are numbered from 1024 through 49151.
(802.11g) ADSL2+ (VPN) Firewall Router Time Schedule The Time Schedule supports up to 16 time slots which helps you to manage your Internet connection. In each time profile, you may schedule specific day(s) i.e. Monday through Sunday to restrict or allowing the usage of the Internet by users or applications.
(802.11g) ADSL2+ (VPN) Firewall Router Configuration of Time Schedule Edit a Time Slot 1. Choose any Time Slot (ID 1 to ID 16) to edit, click Edit radio button. Note: Watch it carefully, the days you have selected will present in capital letter. Lower case letter shows the day(s) is not selected, and no rule will apply on this day(s). 2. A detailed setting of this Time Slot will be shown. ID: This is the index of the time slot. Name: A user-define description to identify this time portfolio.
(802.11g) ADSL2+ (VPN) Firewall Router Advanced Configuration options within the Advanced section are for users who wish to take advantage of the more advanced features of the router. Users who do not understand the features should not attempt to reconfigure their router, unless advised to do so by support staff. Here are the items within the Advanced section: Static Route, Dynamic DNS, Check Email, Device Management, IGMP and VLAN Bridge. Static Route Go to Configuration/Advanced/Static Route.
(802.11g) ADSL2+ (VPN) Firewall Router Dynamic DNS The Dynamic DNS function allows you to alias a dynamic IP address to a static hostname, allowing users whose ISP does not assign them a static IP address to use a domain name. This is especially useful for hosting servers via your ADSL connection, so that anyone wishing to connect to you may use your domain name, rather than having to use your dynamic IP address, which changes from time to time.
(802.11g) ADSL2+ (VPN) Firewall Router Check Email This function allows you to have the router check your POP3 mailbox for new Email messages. The Mail LED on your router will light when it detects new messages waiting for download. You may also view the status of this function using the Status – Email Checking section of the web interface, which also provides details on the number of new messages waiting. See the Status section of this manual for more information.
(802.11g) ADSL2+ (VPN) Firewall Router Device Management The Device Management advanced configuration settings allow you to control your router’s security options and device monitoring features. Device Host Name Host Name: Give a name for it. (The Host Name cannot be used with one word only. There are two words should be connected with a '.' at least. Example: Host Name: homegateway ==> Incorrect Host Name: home.gateway or my.home.
(802.11g) ADSL2+ (VPN) Firewall Router Universal Plug and Play (UPnP) UPnP offers peer-to-peer network connectivity for PCs and other network devices, along with control and data transfer between devices. UPnP offers many advantages for users running NAT routers through UPnP NAT Traversal, and on supported systems makes tasks such as port forwarding much easier by letting the application control the required settings, removing the need for the user to control advanced configuration of their device.
(802.
(802.11g) ADSL2+ (VPN) Firewall Router IGMP IGMP, known as Internet Group Management Protocol, is used to management hosts from multicast group. IGMP Forwarding: Accepting multicast packet. Default is set to Enable. IGMP Snooping: Allowing switched Ethernet to check and make correct forwarding decisions. Default is set to Disable. VLAN Bridge This section allows you to create VLAN group and specify the member. Edit: Edit your member ports in selected VLAN group.
(802.11g) ADSL2+ (VPN) Firewall Router Logout To exit the router’s web interface, choose Logout. settings before you logout. Please ensure that you have saved the configuration Be aware that the router is restricted to only one PC accessing the configuration web pages at a time. Once a PC has logged into the web interface, other PCs cannot get access until the current PC has logged out of the web interface.
(802.11g) ADSL2+ (VPN) Firewall Router Chapter 5: Troubleshooting If the router is not functioning properly, first check this chapter for simple troubleshooting before contacting your service provider or Billion support. Problems starting up the router Problem Corrective Action None of the LEDs are Check the connection between the adapter and the router. If the error on when you turn on persists, you may have a hardware problem. In this case you should contact technical support. the router.
(802.11g) ADSL2+ (VPN) Firewall Router APPENDIX A: Product Support and Contact Information Most problems can be solved by referring to the Troubleshooting section in the User’s Manual. If you cannot resolve the problem with the Troubleshooting chapter, please contact the dealer where you purchased this product. Contact Billion WORLDWIDE http://www.billion.com/ Mac OS is a registered Trademark of Apple Computer, Inc.
FCC Caution: 1.The device complies with Part 15 of the FCC rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. 2."The antenna(s) used for this device must be installed to provide a separation distance of at least 20 cm from all persons." 3.