User's Manual

ManualsBrandsSHANGHAI UTT TECHNOLOGIES ManualsElectronicsRouter

UTT Routers/Firewalls

Advanced Configuration Guide

Version: ReOS V10

UTT Technologies Co., Ltd.

http://www.uttglobal.com

Summary of content (445 pages)

PAGE 1
UTT Routers/Firewalls Advanced Configuration Guide Version: ReOS V10 UTT Technologies Co., Ltd. http://www.uttglobal.
PAGE 2
Copyright Notice Copyright © 2000-2011 UTT Technologies Co., Ltd. All rights reserved. Information in this document, including URL and other Internet Web site references, is subject to change without further notice. Unless otherwise noted, the companies, organizations, people and events described in the examples of this document are fictitious, which have no relationship with any real company, organization, people and event. Complying with all applicable copyright laws is the responsibility of the user.
PAGE 3
FCC Warning This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. NOTE: Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment.
PAGE 4
UTT Technologies Table of Contents Table of Contents About This Manual................................................................................................................... 1 0.1 Scope ......................................................................................................................... 1 0.2 Web UI Style .............................................................................................................. 1 0.3 Documents Conventions ...........................
PAGE 5
UTT Technologies Table of Contents 4.1 Running the Quick Wizard ..................................................................................... 37 4.2 LAN Settings ........................................................................................................... 38 4.3 Choosing an Internet Connection Type ............................................................... 38 4.4 Internet Connection Settings ................................................................................
PAGE 6
UTT Technologies Table of Contents 5.7.1 System Log Settings ............................................................................................. 74 5.7.2 Viewing System Logs ........................................................................................... 75 5.8 Web Log................................................................................................................... 78 5.8.1 Enable Web Log ..............................................................................
PAGE 7
UTT Technologies Table of Contents 6.3.5 Detection and Weight Settings ............................................................................ 110 6.3.6 Load Balancing List ............................................................................................. 112 6.3.7 How to Configure Load Balancing ....................................................................... 112 6.3.7.1 The Process of Configuring Load Balancing ............................................................ 112 6.
PAGE 8
UTT Technologies Table of Contents 7.4.1 Introduction to Plug and Play.............................................................................. 139 7.4.2 Enable Plug and Play ......................................................................................... 139 7.5 SNMP ..................................................................................................................... 140 7.6 SYSLOG ...........................................................................................
PAGE 9
UTT Technologies Table of Contents 7.8.5.1 DHCP Relay Agent Settings .................................................................................... 174 7.8.5.2 DHCP Relay Agent List ............................................................................................ 175 7.8.5.3 How to Configure DHCP Relay Agent ...................................................................... 176 7.8.6 Raw Option .....................................................................................
PAGE 10
UTT Technologies Table of Contents 8.2.2.1 Global DMZ Host Settings ....................................................................................... 208 8.2.2.2 Interface DMZ Host Settings .................................................................................... 208 8.2.3 The Priorities of Port Forwarding and DMZ Host ............................................... 209 8.3 NAT Rule ......................................................................................................
PAGE 11
UTT Technologies Table of Contents 9.2.2 Internet Access Control ...................................................................................... 231 9.3 PPPoE Account .................................................................................................... 233 9.3.1 PPPoE Account Settings .................................................................................... 233 9.3.2 PPPoE Account List ......................................................................................
PAGE 12
UTT Technologies 11.1 Table of Contents User Admin............................................................................................................ 277 11.1.1 User Status List .................................................................................................. 277 11.1.2 Personal Rate Limit ............................................................................................ 279 11.1.3 Personal Internet Behavior Management .................................................
PAGE 13
UTT Technologies Table of Contents 12.2.3 IP/MAC Binding Global Setup ............................................................................ 318 12.2.4 IP/MAC Binding List ............................................................................................ 319 12.2.5 How to Add the IP/MAC Bindings ....................................................................... 319 12.2.6 Internet Whitelist and Blacklist ............................................................................
PAGE 14
UTT Technologies Table of Contents 12.7.3 Service Group List .............................................................................................. 357 12.7.4 How to Add the Service Groups ......................................................................... 357 12.7.5 How to Edit an Service Group ............................................................................ 358 12.8 Schedule .......................................................................................................
PAGE 15
UTT Technologies Table of Contents 7. How to find out who uses the most bandwidth? ............................................... 411 8. How to troubleshoot faults caused by worm viruses or hacker attacks on the Device? ............................................................................................................................. 412 9. How to enable WAN ping respond?.................................................................... 416 Appendix C Common IP Protocols ...............
PAGE 16
UTT Technologies About This Manual About This Manual Note For best use of our product, it is strongly recommended that you update Windows Internet Explorer browser to version 6.0 or higher. 0.1 Scope This guide describes the characteristics and features of the UTT Series Security Firewalls, which are based on ReOS V10 firmware platform. It mainly describes how to configure and manage the Device via Web UI. Please make sure that your Device¶s firmware version accords with ReOS V10.
PAGE 17
UTT Technologies About This Manual List Box: It allows you to select one or more items from a list contained within a static, multiple line text box. Drop-down List: It allows you to choose one item from a list. When a drop-down list is inactive, it displays a single item. When activated, it drops down a list of items, from which you may select one. 0.3 Documents Conventions 0.3.1 Detailed Description of List The Web UI contains two kinds of lists: editable list and read-only list.
PAGE 18
UTT Technologies About This Manual configured IP/MAC bindings and the maximum number of bindings supported by the Device is 500. : This drop-down list allows you to select the number of entries displayed per page. In this example, the available options are 10, 30 and 50, and the default value is 10. : Click it to jump to the first page. : Click it to jump to the previous page. : Click it to jump to the next page. : Click it to jump to the last page. : Click it to add a new entry to the list.
PAGE 19
UTT Technologies About This Manual Figure 0-2 NAT Statistics First, Prev, Next, Last, Search and Lines/Page have the same meaning as the editable list. : Both display the number of entries in the listˈhere it means that there are four entries in the list. : Click to view the latest information in the list. : Click to clear all the statistics in the list. 0.3.1.
PAGE 20
UTT Technologies About This Manual third time to sort them in descending order, and so forth. After sorted, the list will be displayed from the first page. 0.3.2 Keyboard Operation <>: It is used to represent the name of a key on the keyboard. For example, key represents the Enter key on the keyboard. 0.3.3 Other Conventions 0.3.3.1 Convention for a Page Path First Level Menu Name > Second Level Menu Name˄bold font˅means the menu path to open a page. E.g.
PAGE 21
UTT Technologies 0.4 About This Manual Partial Factory Default Settings 1. The default administrator user name is Default (case sensitive) with a blank password. 2. The following table provides the factory default settings of the interfaces. Interface IP Address Subnet Mask LAN 192.168.16.1 255.255.255.0 WAN1 192.168.17.1 255.255.255.0 WAN2/DMZ 192.168.18.1 255.255.255.0 Table 0-1 Factory Default Settings of Interfaces 0.
PAGE 22
UTT Technologies About This Manual the web page of the Device. Ɣ Shortcut Icons: Introduction to the shortcut Icons in the web page of the Device. How to configure the basic parameters to quickly connect the Device to the Internet, including: Ɣ LAN Settings: How to configure the IP address and subnet mask of the LAN interface. 4 Quick Setup Ɣ WAN Settings: How to configure the Internet connection on each WAN interface one by one.
PAGE 23
UTT Technologies About This Manual address/domain name, and so on. Ɣ System Log: It displays the system logs; it also allows you to select the types of logs that you want the Device to store and display. Ɣ Application Traffic Statistics: It displays the traffic statistics of some special applications per Internet connection; it also displays each application traffic statistics per LAN user. Ɣ WAN Traffic Statistics: It displays traffic and rate related information of each Internet connection.
PAGE 24
UTT Technologies About This Manual Ɣ PBR: How to configure PBR (Policy-Based Routing) based on source and destination addresses, protocols, ports, schedules, and other criteria. Ɣ DNS Redirection: How to configure DNS redirection feature which is used to redirect domain names directly to the specified IP addresses. Ɣ SNMP: How to configure SNMP (Simple Network Management Protocol). Ɣ DDNS: How to apply for DDNS account service and configure DDNS (Dynamic Domain Name System).
PAGE 25
UTT Technologies About This Manual How to configure PPPoE server feature, including: Ɣ Global Settings: How to configure PPPoE server global parameters, e.g., enable PPPoE server; and IP addresses, gateway IP address and DNS servers IP addresses that will be assigned to the PPPoE dial-in users. Ɣ 9 PPPoE Account: How to configure PPPoE accounts.
PAGE 26
UTT Technologies About This Manual Ɣ Internet Behavior Management: How to control and manage the Internet behaviors of the LAN users to improve bandwidth utilization and network security. Ɣ Policy Database: How to view the policy databases related information; and how to upload or update policy databases. Ɣ QQ Whitelist: How to configure QQ whitelist feature.
PAGE 27
UTT Technologies About This Manual divide some discontinuous IP addresses into an address group, and then reference the address group in an access control rule or rate limit rule. Ɣ Service Group: How to configure service groups. It provides five types of services including general service, URL, Keyword, DNS and MAC address. It allows you to add multiple services into a service group, and then reference the service group in an access control rule or rate limit rule.
PAGE 28
UTT Technologies About This Manual configure TCP/IP properties for Windows 95 and Windows 98. Ɣ Appendix B FAQ: Frequent questions and answers. Ɣ Appendix C Common IP Protocols: Provides the list of common IP protocol numbers and names. Ɣ Appendix D Common Service Ports: Provides the list of common service port numbers and names. Ɣ Appendix E Figure Index: Provides a figure index directory. Ɣ Appendix F Table Index: Provides a table index directory.
PAGE 29
UTT Technologies Chapter 1 Product Overview Chapter 1 Product Overview Thanks for choosing UTT products from UTT Technologies Co., Ltd. This chapter describes the functions and features of the UTT products in brief. 1.
PAGE 30
UTT Technologies 1.2 Chapter 1 Product Overview Main Features 1. LAN Interface Ɣ Multiple-port Switch: Provides an integrated multiple-port 10/100Mbps, each port supports auto MDI/MDI-X. Ɣ DHCP Server˖It can act as a DHCP server to dynamically assign IP addresses and other TCP/IP configuration parameters (such as gateway IP address, DNS and WINs server IP addresses) to the LAN hosts. Ɣ Multiple Subnets: It can be assigned multiple IP addresses to connect multiple subnets.
PAGE 31
UTT Technologies Chapter 1 Product Overview Ɣ Supports management and control of multiple Internet services Ɣ Supports Internet harmful websites filtering Ɣ Supports IP packet filtering based on IP address, protocol and TCP/UDP port Ɣ Supports Web content filtering based on URL and keyword Ɣ Supports DNS request filtering Ɣ Supports MAC address filtering 4. IP QoS Ɣ Supports intelligent bandwidth management based on token bucket algorithm.
PAGE 32
UTT Technologies Chapter 1 Product Overview Ɣ Special Application Supported: Supports the use of some special Internet applications, such as the Tencent QQ, online games, Video software, Audio software, and so on. Ɣ DDNS: Supports Dynamic Domain Name System (DDNS) service. Ɣ PPPoE Server: Supports rich PPPoE server features, which includes PPPoE account and MAC address binding, PPPoE account and IP address binding, and PPPoE IP and MAC address pair binding feature.
PAGE 33
UTT Technologies 4. Supports L2TP server and client 5. Supports PPTP server and client 6.
PAGE 34
UTT Technologies 1.5 Chapter 1 Product Overview Detailed Specifications Table The UTT products include multiple models. The features and specifications of each model are different. The following table lists detailed specifications for each model.
PAGE 35
UTT Technologies Chapter 1 Product Overview Plug and Play 9 9 Express Forwarding 9 9 VLAN 9 9 Port Mirroring 9 9 Administrator Setup 9 9 System Time Setup 9 9 Firmware Upgrade 9 9 Backup & Restore Configuration 9 9 SNMP 9 9 SYSLOG 9 9 Remote Admin 9 9 PPPoE Server 9 9 PPPoE IP/MAC Binding 9 9 Account Billing of PPPoE Server 9 9 PPPoE Account Expiration Notice 9 9 PPPoE Session Status 9 9 User Statistics 9 9 NAT Statistics 9 9 DHCP Statistics 9 9 UTT
PAGE 36
UTT Technologies Chapter 1 Product Overview Interface Statistics 9 9 Route Table 9 9 System Information 9 9 System Log 9 9 Intelligent Bandwidth Management 9 9 Web Log 9 9 P2P Traffic Rate Limiting 9 9 Application QoS 9 9 Application Traffic Statistics 9 9 WAN Traffic Statistics 9 9 Notice Feature 9 9 Domain Name Filtering 9 9 Domain Name Blocking Notice 9 9 Access Control List 9 9 Address Group 9 9 Service Group 9 9 Schedule 9 9 Internal and External Att
PAGE 37
UTT Technologies Chapter 1 Product Overview Policy Database 9 9 ARP Spoofing Defense 9 9 NAT Session Limit 9 9 Web Authentication 9 9 9 9 VPN (PPTP/L2TP/IPSec) Table 1-1 Detailed Specifications UTT Technologies http://www.uttglobal.
PAGE 38
UTT Technologies Chapter 2 Hardware Installation Chapter 2 Hardware Installation This chapter describes how to install the UTT products, which include UTT 2512, U2000. 2.1 Installation Requirements 1. A standard 10/100M or 10/100/1000M Ethernet network. 2. Each LAN PC needs an Ethernet card that works well. 3. TCP/IP should be installed on each PC properly. 4. You should have a DSL modem, cable modem or fiber optic modem. 5.
PAGE 39
UTT Technologies 2.3 Chapter 2 Hardware Installation Installation Procedure of UTT 2512 1. Selecting the Proper Location Before installing the UTT 2512, you should make sure that it is powered off, and then select a proper location to install the UTT 2512. The UTT 2512 is designed as a desktop device, you can install it on a level surface such as a desktop or shelf.
PAGE 40
UTT Technologies Chapter 2 Hardware Installation cable provided by the manufacturer, please use a standard network cable. 4. Powering On the UTT 2512 Connect the supplied power cord to the power connector on the back panel of the UTT 2512, and then plug the other end of the power cord to a grounded power outlet, lastly turn on the power switch on the back of the UTT 2512.
PAGE 41
UTT Technologies Chapter 2 Hardware Installation The LED flashes when the Device is sending or TRF receiving data. The LED lights during startup. The LED will extinguish if there is no network traffic on the Device. The LED extinguishes when the Device is operating properly. FLT The LED will flash if a fault occurred in the Device. The LED lights during startup. And the Device will restart automatically after a certain number of flashes.
PAGE 42
UTT Technologies 2.4 Chapter 2 Hardware Installation Installation Procedure of U2000 1. Selecting the Proper Location Before installing the U2000, you should make sure that it is powered off, and then select a proper location to install the U2000. As the U2000 is designed according to the 11-inch standard rack, you can install it in a standard rack. Also you can install it on a level surface such as a desktop or shelf.
PAGE 43
UTT Technologies Chapter 2 Hardware Installation 10Mbps or 100Mbps. Figure 2-4 Connecting the U2000 to the LAN and Internet 3. Connecting the U2000 to the Internet Connect the network cable provided by the manufacturer from the DSL, cable or fiber optic modem to a WAN port of the U2000, see Figure 2-4. If you don¶t have a network cable provided by the manufacturer, please use a standard network cable. 4.
PAGE 44
UTT Technologies Chapter 2 Hardware Installation power status, operational status and failures of the U2000, see Table 2-3 for detailed description. Ɣ The second group includes the twelve port LEDs on the right six columns, which indicate the status of each port, see Table 2-4 for detailed description. Each port has two LEDs, LEDs 1 through 4 are corresponding to LAN1 through LAN4 respectively, and LEDs 5 through 6 are corresponding to WAN1 through WAN2 respectively.
PAGE 45
UTT Technologies LEDs Chapter 2 Hardware Installation Status During Startup Status During Operating The LED lights steady when a link between the Link/Act All the Link/Act LEDs flash firstly, corresponding port and another device is detected. and then they extinguish. The LED flashes when the corresponding port is sending or receiving data.
PAGE 46
UTT Technologies UTT Technologies http://www.uttglobal.
PAGE 47
UTT Technologies Chapter 3 Logging in to the Device Chapter 3 Logging in to the Device This chapter describes how to properly configure TCP/IP properties on the PC that you use to administer the Device, how to login to the Device, and how to use shortcut icons to fast link to the corresponding pages of UTT¶s website for the products information and services. 3.
PAGE 48
UTT Technologies x Chapter 3 Logging in to the Device If the displayed page is similar to the screenshot below, it means that your PC has not connected to the Device. If failed to connect, please do the check according to the following steps: 1. Is the physical link between your PC and the Device connected properly? The Link/Act LED corresponding to the Device¶s LAN port and the LED on your PC¶s adapter should light. 2.
PAGE 49
UTT Technologies 3.2 Chapter 3 Logging in to the Device Logging in to the Device No matter what operating system is installed on the PC, such as, MS Windows, Macintosh, UNIX, or Linux, and so on, you can configure the Device through the Web browser (for example, Internet Explorer). Once your PC is properly configured, please do the following to login to the Device: Open a Web browser, enter the Device¶s LAN IP address in the address bar (by default, the address is 192.168.16.
PAGE 50
UTT Technologies Chapter 3 Logging in to the Device Figure 3-3 Homepage - System Info Page In the 'HYLFH¶V Web page, the system model and version are displayed at the top right corner, some shortcut icons are displayed at the top, and a toolbar is displayed below the shortcut icons. It allows you to click Add to Toolbar to add a shortcut menu for the current page to the toolbar.
PAGE 51
UTT Technologies Chapter 3 Logging in to the Device Icons Product Firmware Datasheet Register Contact Forum Feedback UTT Description Click it to link to the products page of the UTT¶s website to find more products. Click it to link to the download page of the UTT¶s website to download the latest firmware. Click it to link to the download page of the UTT¶s website to download the product data, such as product manual, datasheet, etc. Click it to link to the 877 )RUXPV UHJLVWU\ SDJH RI WKH 877¶V ZHEVL
PAGE 52
UTT Technologies Chapter 4 Quick Wizard Chapter 4 Quick Wizard This chapter describes the Basic > Quick Wizard page. The Quick Wizard allows you to configure the basic parameters to quickly connect the Device to the Internet. Before using Quick Wizard, you need properly install and configure TCP/IP properties on the LAN PCs. Refer to section 3.1 Configure Your PC for detailed operation. 4.
PAGE 53
UTT Technologies 4.2 Chapter 4 Quick Wizard LAN Settings Figure 4-2 LAN Settings IP Address: It specifies the IP address of the LAN interface. The default value is 192.168.16.1. Subnet Mask: It specifies the subnet mask that defines the range of the LAN. The default value is 255.255.255.0 ¾ Back: Click it to go back to the previous page of the Quick Wizard. ¾ Next: Click it to go to the next page of the Quick Wizard to choose the Internet connection type. 4.
PAGE 54
UTT Technologies Chapter 4 Quick Wizard Figure 4-3 Choosing an Internet Connection Type PPPoE: Some DSL-based ISPs use PPPoE to establish Internet connections for end-users. If you use a DSL line, check with your ISP to see if they use PPPoE, and then select the PPPoE radio button. Static IP: If you are required to use a static IP address, select the Static IP radio button. DHCP: If your ISP will dynamically assigns an IP address to the Device, select the DHCP radio button.
PAGE 55
UTT Technologies 4.4 Chapter 4 Quick Wizard Internet Connection Settings 4.4.1 Notes on Internet Connection Settings 1. If you have changed the LAN IP address and saved the change, you should use the new IP address to re-login to the Device. And each LAN host¶s default gateway should be changed to this new IP address to access the Device and Internet normally. 2.
PAGE 56
UTT Technologies Chapter 4 Quick Wizard Figure 4-4 Choose PPPoE as the Connection Type In the page of choosing an Internet connection type (see Figure 4-4), select the PPPoE radio button, and then click the Next button to go to the PPPoE Internet connection settings page, see Figure 4-5. Figure 4-5 PPPoE Internet Connection Settings User Name and Password: They specify the PPPoE login user name and password provided by your ISP. ¾ Back: Click it to go back to the previous page of the Quick Wizard.
PAGE 57
UTT Technologies Chapter 4 Quick Wizard 4.4.3 Static IP Internet Connection Settings Figure 4-6 Choosing Static IP as the Connection Type In the page of choosing an Internet connection type (see Figure 4-6), select the Static IP radio button, and then click the Next button to go to the static IP Internet connection settings page, see Figure 4-7. Figure 4-7 Static IP Internet Connection Settings UTT Technologies http://www.uttglobal.
PAGE 58
UTT Technologies Chapter 4 Quick Wizard IP Address: It specifies the IP address of the WAN interface, which is provided by your ISP. Subnet Mask: It specifies the subnet mask of the WAN interface, which is provided by your ISP. Default Gateway: It specifies the IP address of the default gateway, which is provided by your ISP. Primary DNS Server: It specifies WKH ,3 DGGUHVV RI \RXU ,63¶V SULPDU\ '16 server.
PAGE 59
UTT Technologies Chapter 4 Quick Wizard 4.4.
PAGE 60
UTT Technologies Chapter 4 Quick Wizard Figure 4-9 Viewing and Saving the Settings Made in the Quick Wizard 4.6 Summary Once clicked the Finish button in the confirmation page, you have completed the configuration of the most basic features through the Quick Wizard. If you cannot access the Internet through the Device yet, please check whether all the settings that you have made in the Quick Wizard are correct.
PAGE 61
UTT Technologies Chapter 5 System Status Chapter 5 System Status This chapter describes the system status related pages, which provide a lot of operating status information and statistics of the Device. By viewing them, the network administrator can easily analyze the system status and monitor the activities on the Device.
PAGE 62
UTT Technologies Chapter 5 System Status System Up Time: It displays the elapsed time (in days, hours, minutes and seconds) since the Device was last started. 5.1.2 System Resource Figure 5-2 System Resource Usage Information CPU: The real-time CPU usage information, which is displayed as a status bar and percentage. Memory: The real-time memory usage information, which is displayed as a status bar and percentage.
PAGE 63
UTT Technologies Chapter 5 System Status tasks. 5.1.3 System Version Figure 5-3 System Version SN: It displays the internal serial number of the Device, which may be different from the SN found on the label at the bottom of the Device. Model: It displays the product model of the Device. Version: It displays the version of ReOS firmware running on the Device. 5.1.4 Port Information 5.1.4.
PAGE 64
UTT Technologies Chapter 5 System Status 5.1.4.2 Interface Rate Chart The interface rate chart dynamically displays the real-time RX/TX rate, average RX/TX rate, maximum RX/TX rate and total RX/TX traffic of each physical interface. If you want to view the rate chart of an interface, click the corresponding interface name hyperlink. In the interface rate chart, the abscissa (x-axis) shows the time axis, and the ordinate (y-axis) shows the real-time RX/TX rate axis.
PAGE 65
UTT Technologies Chapter 5 System Status opened the current page. Total: It indicates the total RX or TX traffic of the physical interface since last opened the current page. ¾ LAN/WANx: It allows you to click the interface name hyperlink to view the rate chart of the selected interface. Therein, x (value: 1, 2, 3, 4) indicates the corresponding WAN interface, and the number of WAN interfaces depends on the specific product model.
PAGE 66
UTT Technologies 5.2 Chapter 5 System Status NAT Statistics Through the NAT Statistics list in the Status > NAT Stats page, you can view the NAT session details for each LAN user (host). Figure 5-6 NAT Statistics List ID: It is used to identify each entry in the list. Description: If the LAN user is an IP/MAC binding user, it displays the description of the user; else it is blank. IP Address: It displays the IP address of the LAN host.
PAGE 67
UTT Technologies Chapter 5 System Status Tx Packets: It displays the number of packets uploaded by the LAN host through NAT function. Tx Broadcast Packets: It displays the number of broadcast and multicast packets transmitted from the LAN host to the Device. Total Sessions: It displays the total number of NAT sessions of the LAN host, which include those sessions that aren¶t being used now.
PAGE 68
UTT Technologies 5.3 Chapter 5 System Status DHCP Statistics This section describes the Status > DHCP Stats page, including the DHCP Pool Statistics list, DHCP Server Statistics list, DHCP Conflict Statistics list, DHCP Client Statistics list and DHCP Relay Statistics list. 5.3.
PAGE 69
UTT Technologies Chapter 5 System Status shown as DD: HH: MM: SS. Pool Name: It displays name of the DHCP address pool. Status: It displays the status of the IP address. The possible values are Detecting, Assigned, and Conflicted. x Detecting: It indicates that the DHCP server is detecting whether the IP address is already in use or not. x Assigned: It indicates that the DHCP server has assigned the IP address to the client.
PAGE 70
UTT Technologies Chapter 5 System Status 5.3.2 DHCP Server Statistics List The DHCP Server Statistics list displays the DHCP server statistics, which includes the number of each type of DHCP message and the number of assigned IP addresses. The statistics is counted and displayed per physical interface. Figure 5-8 DHCP Server Statistics List Interface: The physical interface on which the DHCP server is applied.
PAGE 71
UTT Technologies Chapter 5 System Status Inform: During the statistics interval, the number of DHCPINFORM messages that were received by the DHCP server. Unknown: During the statistics interval, the number of unknown packets. Client: During the statistics interval, the number of IP addresses that were assigned by the DHCP server. ¾ Clear: Click it to clear the DHCP server statistics in the list. ¾ Refresh: Click it to view the latest information in the list.
PAGE 72
UTT Technologies Chapter 5 System Status ARP or ICMP. Detection Time: It displays the date (YYYY-MM-DD) and time (HH:MM:SS) when the IP address conflict was detected. ¾ Refresh: Click it to view the latest information in the list. 5.3.4 DHCP Client Statistics List The DHCP Client Statistics list displays the DHCP client statistics, which mainly includes the number of each type of DHCP message. The statistics is counted and displayed per physical interface.
PAGE 73
UTT Technologies Chapter 5 System Status Decline: During the statistics interval, the number of DHCPDECLINE messages that were sent by the DHCP client. Nak: During the statistics interval, the number of DHCPNAK messages that were received by the DHCP client. Conflict: During the statistics interval, the number of address conflicts that were found by the DHCP server when trying to assign an address to the DHCP client.
PAGE 74
UTT Technologies Chapter 5 System Status Discover: During the statistics interval, the number of DHCPDISCOVER messages that were relayed by the DHCP relay agent. Offer: During the statistics interval, the number of DHCPOFFER messages that were relayed by the DHCP relay agent. Request: During the statistics interval, the number of DHCPREQUEST messages that were relayed by the DHCP relay agent.
PAGE 75
UTT Technologies 5.4 Chapter 5 System Status Interface Statistics The Interface Statistics list displays the traffic statistics of each physical interface, including the number of bytes, unicast packets, and non-unicast (i.e., multicast and broadcast) packets. Figure 5-12 Interface Statistics List ID: It is used to identify each interface of the Device. Interface/Direction: It displays the physical interface and the traffic direction. x In: The packets are received by the interface.
PAGE 76
UTT Technologies Chapter 5 System Status 1. The statistics interval is the elapsed time since the last clear action. 2. The following characteristics indicate that the Device is in normal operation: x The number of packets received by the WAN interface(s) is close to those transmitted by the LAN interface. x The number of bytes received by the WAN interface(s) is close to those transmitted by the LAN interface.
PAGE 77
UTT Technologies 5.5 Chapter 5 System Status Routing Table This section describes how to view and use the Routing Table in the Status > Route Stats page. A router (or gateway) is a device that forwards data packets along networks. One of the basic functions of the router is the ability to select an optimal transmission path for each received packet, and forward the packet to the destination site effectively.
PAGE 78
UTT Technologies Chapter 5 System Status forward the packets. Interface: It displays the outbound interface through which the packets are forwarded to the next hop gateway or router.
PAGE 79
UTT Technologies Chapter 5 System Status destination, the Device will choose the route with the lowest metric to forward the packets. Use: It indicates count of lookups for the route. Age: It indicates the elapsed time (in seconds) since the route was created in the routing table. ¾ Refresh: Click it to view the latest information in the list. ¾ Display Route Settings: Click it to go to the Advanced > Static Route > Static Route List page to view the configured static routes settings.
PAGE 80
UTT Technologies 5.6 Chapter 5 System Status Session Monitor This section describes the Status > Session Monitor page, and it tells you how to monitor the Internet activities of the LAN users by the NAT Session List. This page displays the active NAT sessions on the Device, and it lets you filter and display sessions by certain criteria, such as source IP address, destination IP address/domain name, destination port, NAT translated IP address/domain name, and so on.
PAGE 81
UTT Technologies Chapter 5 System Status model. z Source IP: Select it to display the active NAT sessions related to a LAN user, which is specified by entering his or her IP address in the Filter Value text box. You can use this option to search the Internet activities of the specified LAN user. z Destination IP/Domain: Select it to display the active NAT sessions related to an Internet site, which is specified by entering its IP address or domain name in the Filter Value text box.
PAGE 82
UTT Technologies Chapter 5 System Status 5.6.2 NAT Session List Figure 5-15 NAT Session List ID: It is used to identify each entry in the list. Source IP: It displays the source IP address for the NAT session. Source Port: It displays the source port number for the NAT session. Protocol: It displays the protocol type (T:TCP, U:UDP, I:ICMP) or protocol number for the NAT session. Dest IP: It displays the destination IP address for the NAT session.
PAGE 83
UTT Technologies Chapter 5 System Status to keep track of which hosts initiate data transfer. By keeping this record, the Device is able to correctly route responses. ¾ Clear: Click it to delete all of the dynamic NAT sessions in the list. Note The clear operation may disconnect the dynamic sessions that are being used now, so do it with caution. 5.6.3 Examples 5.6.3.1 Searching Internet Activities of the LAN User with IP Address 192.168.16.
PAGE 84
UTT Technologies Chapter 5 System Status Figure 5-17 NAT Session List - Example1 5.6.3.2 Searching the LAN Users Accessing 200.200.200.251 Step 1 Go to the Status > Session Monitor page, see Figure 5-18. Step 2 Select Destination IP/Domain from the Filter Parameter drop-down list. Step 3 Enter 200.200.200.251 in the Filter Value text box. Step 4 Click the Search button to search and display all the matching NAT sessions in the NAT Session List, see Figure 5-19. http://www.uttglobal.
PAGE 85
UTT Technologies Chapter 5 System Status Figure 5-18 Session Monitor Settings - Example2 Figure 5-19 NAT Session List - Example2 5.6.3.3 Searching the LAN Users Using MSN Step 1 Go to the Status > Session Monitor page, see Figure 5-20. Step 2 Select Destination Port from the Filter Option drop-down list. Step 3 Enter 1863 in the Filter Value text box, or select 1863 (MSN) option from the Predefined Port drop-down list directly.
PAGE 86
UTT Technologies Chapter 5 System Status Figure 5-20 Session Monitor Settings - Example3 Figure 5-21 NAT Session List - Example3 5.6.3.4 Searching Internet Activities of the LAN users Using WAN1 IP address Note http://www.uttglobal.
PAGE 87
UTT Technologies Chapter 5 System Status When using multiple Internet connections, you can go to the Basic > WAN page to view the WAN List to find the WAN1 IP address. Step 1 Go to the Status > Session Monitor page, see Figure 5-22. Step 2 Select the NAT Translated IP/Domain from the Filter Option drop-down list. Step 3 Enter 200.200.202.134 in the Filter Value text box. The WAN1 IP address is 200.200.202.134 in this example.
PAGE 88
UTT Technologies Chapter 5 System Status Figure 5-23 NAT Session List - Example4 http://www.uttglobal.
PAGE 89
UTT Technologies 5.7 Chapter 5 System Status System Log In the Status > System Log page, you can view the system logs; also you can select the types of logs that you want the Device to store and display. 5.7.1 System Log Settings Figure 5-24 System Log Settings Select All: It selects or unselects all the check boxes below. If you want to enable all the provided system log features at a time, please select this check box.
PAGE 90
UTT Technologies Chapter 5 System Status this check box. Enable ARP Log: It allows you to enable or disable ARP log. If you want the Device to store and display the ARP related logs in the System Log, please select this check box. Enable Other Log: It allows you to enable or disable other log. If you want the Device to store and display other logs in the System Log, please select this check box. ¾ Save: Click it to save the system log settings. 5.7.
PAGE 91
UTT Technologies Chapter 5 System Status System Log Meaning Keyword Sample The specified physical interface is enabled. Ethernet Up ieX ie0: LAN; ie1~ie4: WAN1~WAN4. MAC New 00:22:aa:00:22:bb The new MAC address of the specified user. MAC Old 00:22:aa:00:22:aa The old MAC address of the specified user. ARP SPOOF 192.168.1.1 Session Up PPPOE The MAC address of the user with IP address 192.168.1.1 has changed. The Device has successfully established a session whose name is PPPOE.
PAGE 92
UTT Technologies Session up test Chapter 5 System Status The Device has successfully established a session whose name is test. The Device has successfully negotiated with the remote Assigned to port @answerIncomingCall:8012 dial-in device, and has assigned a port to the remote device. Call Connected Incoming Call @_netiNetworkStateChanged: The physical layer and data link layer connections have 6244, on line 1, on channel 0 been established, but IP still couldn¶t be used.
PAGE 93
UTT Technologies Chapter 5 System Status A DHCP IP address conflict has occurred, that is, when DHCP:IP conflicted acting as a DHCP server, the Device detected that the specified IP address is already used in the LAN before [arp: IP Address] assigning it to a user, and then the Device assigned another IP address to this user. notice Give notice to user: The device has given a notice to the user with IP address 192.168.16.35 192.168.16.35. Table 5-1 System Logs List 5.
PAGE 94
UTT Technologies Chapter 5 System Status 5.8.2 View Web Logs Figure 5-27 View Web Logs A web log consists of date and time, an IP address of a LAN user, and a domain name. Ɣ Date and time: It displays the date and time at which a LAN user accessed a web page. Ɣ IP address: It displays the IP address of the LAN user who has accessed a web page. Ɣ Domain name: It displays the domain name of a web page which is accessed by the LAN user. ¾ Clear: Click it to clear all the web logs in the list box.
PAGE 95
UTT Technologies Chapter 5 System Status the system clock in the System > Time page. 5.9 Application Traffic Statistics In the Status > APP Traffic page, you can view the traffic statistics of some predefined applications. For each application, you can view the traffic statistics of each WAN interface, and the traffic statistics of each LAN user. 5.9.
PAGE 96
UTT Technologies Chapter 5 System Status Interface: It allows you select a WAN interface to display the application traffic statistics of this interface. Application: It indicates the type of application traffic. The Device provides six types of application traffic, including TCP, UDP, Web, FTP, P2P and Game applications. Therein, there are multiple specific types of P2P and Game applications, please refer to section 11.2 Internet Behavior Management for more information.
PAGE 97
UTT Technologies http://www.uttglobal.
PAGE 98
UTT Technologies Chapter 5 System Status 5.10 WAN Traffic Statistics Through the WAN Traffic Statistics list in the Status > WAN Traffic page, you can view traffic and rate related information of each Internet connection. Figure 5-31 WAN Traffic Statistics List Interface: It specifies a WAN interface on which the Internet connection is established. Tx Bandwidth: It is the Uplink Bandwidth of the Internet connection configured in the Basic > WAN page.
PAGE 99
UTT Technologies Chapter 6 Basic Setup Chapter 6 Basic Setup This chapter describes how to configure and use the basic features of the Device, which include LAN interface settings, WAN interface settings, load balancing (only multi-WAN products support it), DHCP and DNS features. 6.1 LAN Settings This section describes the Basic > LAN page. After you have configured the Internet Connection through the Quick Wizard, you can modify the IP address and subnet mask of the LAN interface in this page.
PAGE 100
UTT Technologies Chapter 6 Basic Setup MAC Address: It specifies the MAC address of the LAN interface. In most cases, please leave the default value. Proxy ARP: It allows you to enable or disable proxy ARP on the LAN interface. The available options are Disabled, Enabled and Nat. Ɣ Disabled: Select it to disable the proxy ARP on the LAN interface. Ɣ Enabled: Select it to enable the proxy ARP on the LAN interface. Ɣ Nat: Select it to enable the NAT proxy ARP on the LAN interface.
PAGE 101
UTT Technologies 6.2 Chapter 6 Basic Setup WAN Settings 6.2.1 WAN List After you have configured the Internet connection through the Quick Wizard, you can view its configuration and status in the Basic > WAN > WAN List page; also you can modify or delete it if needed. Figure 6-2 WAN Internet Connection List Note If you want to use multiple connections to access the Internet, please configure them in this page, and then go to the Basic > Load Balancing page to configure load balancing and failover. 6.
PAGE 102
UTT Technologies Chapter 6 Basic Setup Status Description Closed The physical interface isn¶t connected, or doesn¶t dial up yet. Dialing Start dialing up, but not receive response yet. Authenticating Server responded and is authenticating. Connected Authentication succeeded, and the connection is established and ready for data transmission. Disconnecting The PPPoE session is disconnecting. Hang up Either peer has hanged up.
PAGE 103
UTT Technologies Chapter 6 Basic Setup Connected The connection is established between the Device and peer device. Internal Error Undefined status. Table 6-2 Description of Static IP Connection Status 3. DHCP Connection Status There are four kinds of status for DHCP connection (see Table 6-3). When it is connected, it will also display the time left (days: hours: minutes: seconds) before the lease expires for the current IP address, which is assigned by your ISP¶s DHCP server.
PAGE 104
UTT Technologies ¾ Chapter 6 Basic Setup Delete an Internet Connection: If you want to delete a configured Internet connection, click Delete of the connection to delete it. 6.2.1.3 How to Dial and Hang up a PPPoE connection For the PPPoE connection, the Dial, Hang Up and Delete are shown in the Operation column (see Figure 6-3). If the PPPoE connection¶s Dial Type is set to Manual (see section 6.2.2.1), you need click Dial to dial-up the Internet connection, and click Hang Up to hang it up.
PAGE 105
UTT Technologies Chapter 6 Basic Setup Figure 6-4 WAN List DHCP Internet Connection http://www.uttglobal.
PAGE 106
UTT Technologies Chapter 6 Basic Setup 6.2.2 WAN Internet Connection Settings This section describes how to configure PPPoE, Static IP and DHCP Internet connection respectively, and how to delete the connection. Note Only after you have configured the Internet connection on the WAN1, you can configure other connections. The system will automatically set these connections¶ Primary DNS Server to the IP address of the WAN1 Internet connection¶s Primary DNS Server, and you cannot modify them. 6.2.2.
PAGE 107
UTT Technologies Chapter 6 Basic Setup Figure 6-5 PPPoE Internet Connection Settings Connection Type: It specifies the type of the Internet connection. Here please select PPPoE. Uplink Bandwidth: It specifies the uplink bandwidth of the Internet connection, which is provided by your ISP. You may ask the ISP about the uplink bandwidth. Downlink Bandwidth: It specifies the downlink bandwidth of the Internet connection, which is provided by your ISP.
PAGE 108
UTT Technologies Chapter 6 Basic Setup using correct user name and password, you may try to use another mode. DNS Server: It specifies the method by which you configure the DNS server(s). If you know the local DNS server IP address, you may select Manual, then enter the DNS server IP address in the Primary DNS server text box, and the secondary DNS server IP address in the Secondary DNS Server if available. Else, please select Auto, then the Device will automatically obtain the DNS server IP address.
PAGE 109
UTT Technologies Chapter 6 Basic Setup Dial Schedule: It specifies a schedule during which the Device can dial up. If you select a schedule here, it will allow the Device to dial up only in the selected schedule range; else, the Device can always dial up. The schedule is configured in the Security > Schedule page. Online Schedule: It specifies a schedule during which the Device can access the Internet.
PAGE 110
UTT Technologies Ɣ Chapter 6 Basic Setup Nat: Select it to enable the NAT proxy ARP on the WAN interface. Mode: It specifies the speed and duplex mode of the WAN interface. The Device supports five or six modes (Note that only the gigabit WAN interface supports 1000M-HD), which include Auto (Auto-negotiation), 100M-FD (100M Full-Duplex), 100M-HD (100M Half-Duplex), 10M-FD (10M Full-Duplex), and 10M-HD (10M Half-Duplex) , 1000M-FD (1000M Full-Duplex). In most cases, please leave the default value.
PAGE 111
UTT Technologies Chapter 6 Basic Setup 6.2.2.2 Static IP Internet Connection Settings If you are required to use a static IP address, please select Static IP from the Connection Type drop-down list. Then the following page will be showed. Figure 6-6 Static IP Internet Connection Settings Connection Type: It specifies the type of the Internet connection. Here please select Static IP. Uplink Bandwidth: It specifies the uplink bandwidth of the Internet connection, which is provided by your ISP.
PAGE 112
UTT Technologies Chapter 6 Basic Setup Primary DNS Server: It specifies WKH ,3 DGGUHVV RI \RXU ,63¶V SULPDU\ '16 server. Secondary DNS Server: It specifies the IP address of your ISP¶s secondary DNS server. If it is available, you may set it. Else, please leave it blank. ¾ Advanced Options: Click it to view and configure advanced parameters. In most cases, you need not configure them. MAC Address: It specifies the MAC address of the WAN interface.
PAGE 113
UTT Technologies Chapter 6 Basic Setup 6.2.2.3 DHCP Internet Connection Settings If your ISP automatically assigns an IP address, please select DHCP from the Connection Type drop-down list. Then the following page will be showed. Figure 6-7 DHCP Internet Connection Settings Connection Type: It specifies the type of the Internet connection. Here please select DHCP. Uplink Bandwidth: It specifies the uplink bandwidth of the Internet connection, which is provided by your ISP.
PAGE 114
UTT Technologies Chapter 6 Basic Setup Ɣ Disabled: Select it to disable the proxy ARP on the WAN interface. Ɣ Enabled: Select it to enable the proxy ARP on the WAN interface. Ɣ Nat: Select it to enable the NAT proxy ARP on the WAN interface. Mode: It specifies the speed and duplex mode of the WAN interface.
PAGE 115
UTT Technologies Chapter 6 Basic Setup Figure 6-9 Prompt Dialog Box - Delete an Internet Connection Note You can only delete one Internet connection at a time. And you can only delete the WAN1 Internet connection at last, that is, there is no any other connection in the WAN List. 6.2.2.
PAGE 116
UTT Technologies 6.3 Chapter 6 Basic Setup Load Balancing This section describes the Basic > Load Balancing page. Note that only after you have configured more than one Internet connections, the second level menu Load Balancing will be displayed. When using multiple Internet connections, you can configure load balancing related parameters, such as, load balancing policy, load balancing mode, detection method, detection interval, retry times, and ID binding, and so on. 6.3.
PAGE 117
UTT Technologies Chapter 6 Basic Setup mechanisms are different, the following describes them respectively. For a normal Internet connection, the detection mechanism is as follows: The Device periodically sends a detection packet at the specified time interval to the target IP address. Once no response packet received during a detection period, the Device will consider that the connection is faulty and shield it immediately.
PAGE 118
UTT Technologies Chapter 6 Basic Setup through the faulty connection will be distributed to other normal connections automatically. 3. Once the faulty connection is back to normal, the Device will enable it immediately, and the traffic will be redistributed automatically. If you choose to use Partial Load Balancing, some Internet connections are used as primary connections, and others are used as backup connections. The operation principle is as follows: 1.
PAGE 119
UTT Technologies Chapter 6 Basic Setup Ɣ ARP: The Device will monitor an Internet connection by sending ARP request packets to the connection¶s default gateway IP address. Ɣ DNS: The Device will monitor an Internet connection by sending DNS query packets to the public DNS server IP address you specify. The following table describes detection target IP supported by each detection method, and the restriction of using each detection method.
PAGE 120
UTT Technologies Chapter 6 Basic Setup disabled. Note that when performing ARP request test, the detection target IP should be the gateway IP address; and you cannot perform ARP request test on a PPPoE Internet connection. 3. The DNS method applies to a network environment in which the Internet connection is connected always, but the access time is restricted by the ISP.
PAGE 121
UTT Technologies Chapter 6 Basic Setup respectively. Ɣ In the case of Partial Load Balancing, let¶s assume that connection A and B are used as primary connections, and connection C and D are used as backup connections, then we may set connection A¶s and B¶s Weight to 5 and 3 respectively, and set both connection C¶s and D¶s Weight to 1. 6.3.2.2 Two Load Balancing Policies The Load Balancing Policy is used to control and balance the traffic among multiple Internet connections.
PAGE 122
UTT Technologies Chapter 6 Basic Setup 3. How to Choose the Load Balancing Policy In most cases, it is suggested that you choose IP address as the load balancing policy.
PAGE 123
UTT Technologies Chapter 6 Basic Setup 6.3.4 Load Balancing Global Settings The following sections describe the global settings related to Full Load Balancing and Partial Load Balancing respectively. For more information about them, please refer to section 6.3.1.2 Load Balancing Mode. 6.3.4.1 Global Settings - Full Load Balancing Figure 6-11 Global Settings - Full Load Balancing Detection Method: It specifies the detection method which is used to monitor Internet connections.
PAGE 124
UTT Technologies Chapter 6 Basic Setup and NAT Session, and the default value is IP Address. Refer to section 6.3.2.2 Two Load Balancing Policies for more information. Load Balancing Mode: It specifies the mode of load balancing. Here please select Full Load Balancing. Refer to section 6.3.1.2 Load Balancing Mode for more information. ¾ Save: Click it to save the load balancing global settings. 6.3.4.
PAGE 125
UTT Technologies Chapter 6 Basic Setup Backup list box is a backup connection. Refer to section 6.3.1.2 Load Balancing Mode for more information. ==>: Select one or more Internet connections in the Primary list box, and then click ==> to move the selected connection(s) to the Backup list box. <==: Select one or more Internet connections in the Backup list box, and then click ==> to move the selected connection(s) to the Primary list box.
PAGE 126
UTT Technologies Chapter 6 Basic Setup Figure 6-13 Detection and Weight Settings Detection Target IP: It indicates the IP address of a detection target device. The Device will monitor an Internet connection by sending the detection packets to the detection target IP address.
PAGE 127
UTT Technologies Chapter 6 Basic Setup 6.3.6 Load Balancing List Figure 6-14 Load Balancing List ¾ Edit an Internet Connection: If you want to configure or modify the detection related parameters and Weight of an Internet connection, click its Edit hyperlink, the related information will be displayed in the Detection & Weight page. Then configure or modify it, and click the Save button.
PAGE 128
UTT Technologies Chapter 6 Basic Setup configure detection related parameters and Weight for the selected connection. Then continue to configure these parameters for other connection(s) one by one. 3. Go to the Basic > Load Balancing > Global Settings page to configure global parameters as required. 4. Go to the Basic > Load Balancing > ID Binding page to enable ID binding feature if needed. 6.3.7.
PAGE 129
UTT Technologies Chapter 6 Basic Setup 6.3.7.4 The Configuration Steps of ID Binding Step 1 Go to the Basic > Load Balancing > ID Binding page. Step 2 Select the Enable ID Binding check box if needed. Step 3 Click the Save button to save the ID binding settings. 6.3.8 Related Detection Route When connection detection is enabled on an Internet connection (i.e.
PAGE 130
UTT Technologies 6.4 Chapter 6 Basic Setup DHCP & DNS This section describes the Basic > DHCP & DNS page. The Dynamic Host Configuration Protocol (DHCP) provides a framework for passing configuration information to hosts on a TCP/IP network. DHCP allows a host to be configured automatically, eliminating the need for intervention by a network administrator.
PAGE 131
UTT Technologies Chapter 6 Basic Setup Default Gateway: It specifies the IP address of the default gateway for a DHCP client. In most cases, this address should be the same with the Device¶s LAN IP address, that is, the Device is used as the default gateway for the LAN hosts. Lease Time: It specifies a length of time (in seconds) during which a client host can use an assigned IP address. If the lease expires, the client is automatically assigned a new dynamic IP address.
PAGE 132
UTT Technologies Chapter 6 Basic Setup Figure 6-16 DHCP Auto Binding Enable DHCP Auto Binding: It allows you to enable or disable DHCP auto binding. If you select this check box to enable DHCP auto binding, once a LAN host obtains an IP address from the Device that acts as a DHCP server, the Device will immediately bind this host¶s IP and MAC address pair. Else, the Device will not perform auto binding operation. Enable DHCP Auto Deleting: It allows you to enable or disable DHCP auto deleting.
PAGE 133
UTT Technologies Chapter 6 Basic Setup Enable DNS Proxy: It allows you to enable or disable DNS proxy. If you want to enable DNS proxy on the Device, please select this check box. ¾ Save: Click it to save the DHCP proxy settings. Note 1. If the DNS proxy is enabled on the Device, in order to use DNS proxy service normally, you need set the LAN hosts¶ primary DNS server to the Device¶s LAN IP address.
PAGE 134
UTT Technologies Chapter 7 Advanced Setup Chapter 7 Advanced Setup This chapter describes how to configure and use the Device advanced features, which include static route, policy-based routing, DNS redirection, Plug and Play, SNMP, SYSLOG, DDNS, and switch, and so on. 7.1 Static Route This section describes the Advanced > Static Route page. In this page, you can configure not only static routes, but also static route PDBs (PDB: Policy Database).
PAGE 135
UTT Technologies Chapter 7 Advanced Setup route. The following describes them respectively. 1. Default Routes A default route is used to forward packets that don¶t match any other route in the routing table. The packets will be forwarded to the default gateway specified by the default route. The default route¶s destination IP address and subnet mask both are 0.0.0.0.
PAGE 136
UTT Technologies Chapter 7 Advanced Setup Static IP DETEFIX_04 DHCP DETEDYN _04 PPPoE DETEPPP_02 Static IP DETEFIX_05 DHCP DETEDYN_05 PPPoE DETEPPP_03 WAN3 WAN4 Table 7-1 Reserved Detection Route Name 7.1.1.3 Static Route Settings Figure 7-1 Static Route Settings Predefined: When creating a static route, please leave the default value of None. Else, select one predefined route PDB (policy database).
PAGE 137
UTT Technologies Chapter 7 Advanced Setup Gateway IP Address: It specifies the IP address of the next hop gateway or router to which to forward the packets. Bind to: It specifies an outbound interface through which the packets are forwarded to the next hop gateway or router. The available options are the name of each physical interface, and Local. Local means internal soft-route interface, and the packets will be forwarded to the Device itself.
PAGE 138
UTT Technologies Chapter 7 Advanced Setup 7.1.1.4 Static Route List Figure 7-2 Static Route List ¾ Add a Static Route: If you want to add a new static route, click the New button or select the Route Settings tab to go to the setup page, and then configure it, lastly click the Save button. ¾ View Static Routes: When you have configured some static routes, you can view them in the Static Route List.
PAGE 139
UTT Technologies Step 4 Chapter 7 Advanced Setup Specify the next hop IP address by the Gateway IP Address or Bind to. If the outbound interface is a physical interface, you should specify the Gateway IP Address, but may leave the Bind to blank. In this case, the Device will select an optimal transmission path. For example, a static route¶s destination network is 192.168.1.0/24, gateway IP address is 192.168.1.254, and the outbound interface is a physical interface. Here you should enter 192.168.1.
PAGE 140
UTT Technologies Chapter 7 Advanced Setup Figure 7-4 Static Route Settings - Example Two Step 5 Specify the Detection Interval if you want to detect connection status. Step 6 Specify the Priority and Metric for the static route as required. Step 7 Click the Save button to save the settings. You can view the static route in the Static Route List. Step 8 If you want to add another new static route, please repeat the above steps.
PAGE 141
UTT Technologies Chapter 7 Advanced Setup for them from different ISPs, for example, one is TEL Internet connection, and another is CNC Internet connection. In some cases, if packets accessing one ISP¶s servers are forwarded through another ISP¶s connection, the access rate may be very slow, or the access even be forbidden.
PAGE 142
UTT Technologies Chapter 7 Advanced Setup 7.1.2.2 Static Route PDB Settings Figure 7-5 Static Route PDB Settings Because each static route PDB encapsulates many IP addresses and subnet masks, you needn¶t configure the Destination IP and Subnet Mask when creating a static route PDB entry as shown in Figure 7-5. As a route PDB entry¶s Gateway IP Address, Bind to, Detection Interval, Priority and Metric are the same with a static route¶s, please refer to section 7.1.1.
PAGE 143
UTT Technologies z Chapter 7 Advanced Setup ID values are 1, 2, 3 ... incrementally. Note If there is a static route PDB entry bound to an Internet connection, once the connection is activated, all the static routes created by the route PDB entry will take effect immediately. You can go to the Status > Route Stats page to view the settings and status of these static routes in the Routing Table. 7.1.2.
PAGE 144
UTT Technologies Chapter 7 Advanced Setup If the outbound interface is a dial interface, you should select the corresponding physical interface from the Bind to drop-down list, but need leave the Gateway IP Address the default value 0.0.0.0. In this case, the next hop IP address is assigned by a dial server (e.g., PPPoE server). For example, you want to create a CNC route PDB entry.
PAGE 145
UTT Technologies Chapter 7 Advanced Setup the Restriction > Policy Database page, and click the Update hyperlink of the route PDB in the Policy Database List. Then the Device will download the latest PDB from designated web site and apply it automatically. Note that if the route PDB has been referenced, you should reference it again in this page to let the related settings take effect.
PAGE 146
UTT Technologies 7.2 Chapter 7 Advanced Setup Policy-Based Routing This section describes the Advanced > PBR page. PBR (policy-based routing) provides a tool for forwarding and routing data packets based on the user-defined policies. Different from the traditional destination-based routing mechanism, PBR enables you to use policies based on source and destination address, protocol, port, schedule, and other criteria to route packets flexibly. 7.2.
PAGE 147
UTT Technologies Chapter 7 Advanced Setup Description: It specifies the description of the PBR entry. It is usually used to describe the purpose of the entry. Source: It specifies the source IP addresses of the packets to which the PBR entry applies. There are two options: Ɣ Addresses: Select it to enter the start and end addresses in the associated text boxes. Ɣ Address Group: Select it to choose an address group from the associated drop-down list.
PAGE 148
UTT Technologies Chapter 7 Advanced Setup Note PBR (Policy-based routing) takes precedence over the Device¶s normal destination-based routing. That is, if a packet matches all the criteria (source address, destination address, protocol type, port, etc.) specified in a PBR entry, it will be forwarded through the outbound interface specified in the PDB entry.
PAGE 149
UTT Technologies Chapter 7 Advanced Setup Figure 7-10 PBR List ¾ Add a PBR Entry: If you want to add a new PBR entry, click the New button or select the PBR Settings tab to go to the setup page, and then configure it, lastly click the Save button. ¾ Enable a PBR Entry: The Enable check box is used to enable or disable the corresponding PBR entry. The default value is selected, which means the PBR entry is in effect.
PAGE 150
UTT Technologies 7.3 Chapter 7 Advanced Setup DNS Redirection This section describes the Advanced > DNS Redirection page. 7.3.1 Introduction to DNS Redirection DNS redirection is used to redirect domain names directly to the specified IP addresses, that is, the domain names aren¶t resolved by DNS server, but are queried in a user-defined list of names-to-addresses mappings.
PAGE 151
UTT Technologies Chapter 7 Advanced Setup 7.3.3 DNS Redirection List Figure 7-12 DNS Redirection List ¾ Add a DNS Redirection Entry: If you want to add a new DNS redirection entry, click the New button or select the DNS Redirection Settings tab to go to the setup page, and then configure it, lastly click the Save button. ¾ Enable a DNS Redirection Entry: The Enable check box is used to enable or disable the corresponding DNS redirection entry.
PAGE 152
UTT Technologies Chapter 7 Advanced Setup accessing www.sina.com, the Device will redirect www.sina.com to the IP address specified by the first entry because of higher accuracy. 2. For the entries whose domain names have the same accuracy, in reverse chronological order of creation, the last created entry will be matched first. 7.3.4 DNS Redirection Settings Figure 7-13 DNS Redirection Settings IP Address: It specifies the IP address to which the specified domain name(s) are redirected.
PAGE 153
UTT Technologies 3. Chapter 7 Advanced Setup The domain names that belong to the same Domain List should be different. 7.3.5 How to Configure DNS Redirection Do the following to configure DNS Redirection. Step 1 Go to the Advanced > DNS Redirection page. Step 2 Click the New button or select the DNS Redirection Settings tab to go to the setup page. Step 3 Specify the IP Address, Description and Domain List for a DNS Redirection entry. Step 4 Click the Save button to save the settings.
PAGE 154
UTT Technologies 7.4 Chapter 7 Advanced Setup Plug and Play This section describes the Advanced > Plug and Play page. 7.4.1 Introduction to Plug and Play Plug and Play is a new feature of UTT series security firewalls. If you enable plug and play feature on the Device, the LAN users can access the Internet through the Device without changing any network parameters, no matter what IP address, subnet mask, default gateway and DNS server they might have.
PAGE 155
UTT Technologies Chapter 7 Advanced Setup 2. Once plug and play is enabled, the Device will automatically enable proxy ARP, enable DNS proxy, and disable IP spoofing defense. 3. Once plug and play is enabled, the Device will allow those non-IP/MAC binding users to access the Device and Internet. 4. The users with the same IP address cannot access the Internet at the same time. For example, if a LAN user with IP address 1.1.1.
PAGE 156
UTT Technologies Chapter 7 Advanced Setup Figure 7-15 SNMP Settings Enable SNMP: It allows you to enable or disable the SNMP agent. If you want to enable the SNMP agent on the Device, please select this check box. Community Name: It specifies a community name to restrict access to the Device. The SNMP community name is used as a shared secret for SNMP managers to access the SNMP agent. The default value is uTt22aA.
PAGE 157
UTT Technologies Chapter 7 Advanced Setup If you want to use SNMP Manager to manage the Device via Internet, please select the SNMP check box in the System > Remote Admin page first. http://www.uttglobal.
PAGE 158
UTT Technologies 7.6 Chapter 7 Advanced Setup SYSLOG This section describes the Advanced > SYSLOG page. Syslog is a standard protocol used to capture a lot of running information about network activity. The Device supports this protocol and can send its activity logs to an external syslog server. It helps the network administrator monitor, analyze and troubleshoot the Device and network. Figure 7-16 SYSLOG Settings Enable Syslog: It allows you to enable or disable syslog feature.
PAGE 159
UTT Technologies Chapter 7 Advanced Setup So far, only the Xport HiPER Manager software of UTT Technologies Co., Ltd. can identify the heartbeat message. http://www.uttglobal.
PAGE 160
UTT Technologies 7.7 Chapter 7 Advanced Setup DDNS This section describes the Advanced > DDNS page. Note To ensure that DDNS operates properly, you should synchronize the system clock in the System > Time page. 7.7.1 Introduction to DDNS Dynamic Domain Name Service (DDNS) is a service used to map a domain name which never changes to a dynamic IP address which can change quite often.
PAGE 161
UTT Technologies Chapter 7 Advanced Setup domain name (FQDN) with suffix of iplink.com.cn and a key. Figure 7-17 Apply for a DDNS Account from IPLink.com.cn Host Name: It specifies a unique host name of the Device. The suffix of iplink.com.cn will be appended to the host name to create a fully qualified domain name (FQDN) for the Device. For example, if the Device¶s host name is test, then its FQDN is test.iplink.com.cn; and it allows you to use test.iplink.com.cn to access the Device.
PAGE 162
UTT Technologies Chapter 7 Advanced Setup 7.7.2.1 DDNS Settings Related to ipink.com.cn Figure 7-18 DDNS Settings Related to iplink.com.cn Interface: It specifies the WAN interface on which DDNS service is applied. All the WAN interfaces support DDNS feature, and you can use DDNS service on each WAN interface at the same time. Registry Website: It allows you to click http://www.utt.com.cn/ddns to go to this website to register a DDNS account for the Device.
PAGE 163
UTT Technologies Chapter 7 Advanced Setup 7.7.3 DDNS Service Offered by 3322.org 7.7.3.1 Apply for a DDNS Account from 3322.org To use DDNS offered by 3322.org on the Device, you should login to http://www.3322.org to apply for a fully qualified domain name (FQDN) with suffix of 3322.org. Figure 7-19 Apply for a DDNS Account from 3322.org Host Name: It specifies a unique host name of the Device. The suffix of iplink.com.
PAGE 164
UTT Technologies Chapter 7 Advanced Setup 7.7.3.2 DDNS Settings Related to 3322.org Figure 7-20 DDNS Settings Related to 3322.org Interface: It specifies the WAN interface on which DDNS service is applied. All the WAN interfaces support DDNS feature, and you can use DDNS service on each WAN interface at the same time. Registry Website: It allows you to click http://www.3322.org to go to this website to register a DDNS account for the Device.
PAGE 165
UTT Technologies Chapter 7 Advanced Setup Device. Refer to section 7.6.3.1 Apply for a DDNS Account from 3322.org for detailed operation. 7.7.4 DDNS Verification To verify whether DDNS is updated successfully, you can use the ping command at the MS-DOS command prompt on the PC, for example: ping abc.iplink.com.cn If the displayed page is similar to the screenshot below: the domain name is resolved to an IP address successfully (200.200.202.152 in this example), DDNS is updated successfully. Note 1.
PAGE 166
UTT Technologies http://www.uttglobal.
PAGE 167
UTT Technologies 7.8 Chapter 7 Advanced Setup Advanced DHCP This section describes the Advanced > DHCP pages. 7.8.1 Introduction to DHCP 7.8.1.1 Overview The Dynamic Host Configuration Protocol (DHCP) provides a framework for passing configuration information to hosts on a TCP/IP network. DHCP allows a host to be configured automatically, eliminating the need for intervention by a network administrator.
PAGE 168
UTT Technologies Chapter 7 Advanced Setup DHCPDISCOVER DHCPOFFER DHCP Client DHCP Server DHCPREQUEST DHCPACK Figure 7-21 Requesting for an IP Address from a DHCP Server As shown in Figure 7-20, the process of a DHCP client requesting for an IP address from a DHCP server falls into four basic phases: z DHCP Discover: It is the phase that the DHCP client locates a DHCP server to ask for an IP address. The client broadcasts a DHCPDISCOVER message on its local physical subnet.
PAGE 169
UTT Technologies Chapter 7 Advanced Setup DHCP server will reclaim the IP address if the lease expires, so the client has to renew the lease in order to use the IP address longer. When one half of the lease time has expired, the client will send a DHCPREQUEST message to the DHCP server, asking to extend the lease for the given configuration. The DHCP server will respond with a DHCPACK message if it agrees to renew the lease.
PAGE 170
UTT Technologies DHCPDECLINE DHCPACK Chapter 7 Advanced Setup Message from a client to server indicating that the offered address is already in use. Acknowledgement message from a server to a client with configuration parameters, including IP address. Negative acknowledgement message from a server to a client, refusing the DHCPNAK request for parameters. If the client receives a DHCPNAK message, it will restart the configuration process.
PAGE 171
UTT Technologies Chapter 7 Advanced Setup 7.8.2.1 Introduction to DHCP Server When acting as a DHCP server, the Device can allocate network addresses and deliver other TCP/IP configuration parameters (such as gateway IP address, DNS server IP address, WINS server IP address, etc.) to the LAN hosts. 7.8.2.1.
PAGE 172
UTT Technologies Chapter 7 Advanced Setup 7.8.2.1.3 DHCP Manual Binding Through DHCP manual binding, you can assign a static IP address to a specific host (client). You may create a manual binding by mapping the IP address to the host¶s MAC address, Remote ID or Client ID. The DHCP server will always assign the specified IP address to the host that matches the manual binding. 7.8.2.1.
PAGE 173
UTT Technologies Chapter 7 Advanced Setup Address is free, the DHCP server will assign it to the client. If a match is found, but this Requested IP address is in use, the DHCP server will try to assign another address dynamically from the address pool. Else, do the next step. 7˅ If no matching parameter found, the DHCP server will find an assignable IP address from each DHCP address pool in the chronological order of creation.
PAGE 174
UTT Technologies Chapter 7 Advanced Setup other TCP/IP configuration parameters from a DHCP server. All of the physical interfaces support DHCP client feature, and you can enable DHCP client on each interface at the same time. In order to meet different needs, DHCP client can use client ID to identify itself, send DHCPREQUEST messages in broadcast or unicast mode, and require DHCP server to respond in broadcast or unicast mode.
PAGE 175
UTT Technologies Chapter 7 Advanced Setup message, it will process message according to the settings of these two parameters, see the following table for detailed description: Option Policy The message is from another relay The message is from a client directly, agent, and already contains option 82. and doesn¶t contain option 82. drop Drop the message. keep The relay agent will retain the existing option 82 in the message and forward it.
PAGE 176
UTT Technologies Chapter 7 Advanced Setup data items that are stored in the options field of the DHCP message. The data items themselves are also called options. For detailed information about DHCP options, see RFC 2132, with updates in RFC 3942. Most DHCP options are predefined in RFC, although new options will come out with DHCP development. The Device provides Raw Option feature to support for the predefined options, and also new options.
PAGE 177
UTT Technologies Chapter 7 Advanced Setup Enable DHCP Client: It allows you to enable or disable DHCP client. If you want to enable DHCP client on the specified interface, please select this check box. Enable PnP: It allows you to enable or disable PnP. If you select this check box to enable PnP, the DHCP client can obtain IP address and subnet mask, and other TCP/IP configuration parameters such as default gateway address, DNS server addresses and so on.
PAGE 178
UTT Technologies Chapter 7 Advanced Setup 7.8.3.2 DHCP Client List Figure 7-24 DHCP Client List ¾ Configure DHCP Client: If you want to apply DHCP client function on a physical interface, select the DHCP Client Settings tab to go to the setup page, and then select the interface and configure other parameters, lastly click the Save button.
PAGE 179
UTT Technologies Chapter 7 Advanced Setup Step 4 In most cases, select the Enable PnP check box to enable PnP for the client. Step 5 Specify the Request Mode and Required Response Mode if required. Step 6 Specify the Client ID if required. Step 7 In most cases, select the Allow AutoIP check box to allow the DHCP client to use AutoIP. Step 8 Click the Save button to save the settings.
PAGE 180
UTT Technologies Chapter 7 Advanced Setup Figure 7-26 DHCP Server Global Settings Enable DHCP Server: It allows you to enable or disable DHCP server. If you want to enable DHCP server on the Device, please select this check box. DHCP Ping Packets: It specifies the maximum number of ping packets which is used by ICMP address conflict detection method. It should be between 0 and 10, and the default value is 2. If you want to turn off ICMP detection feature, please set its value to 0.
PAGE 181
UTT Technologies Chapter 7 Advanced Setup bindings, you can view them in the Manual Binding List. ¾ Edit DHCP Manual Binding: If you want to modify a configured DHCP manual binding, click its Edit hyperlink, the related information will be displayed in the setup page. Then modify it, and click the Save button. ¾ Delete DHCP Manual Binding(s): If you want to delete one or more DHCP manual bindings, select the leftmost check boxes of them, and then click the Delete button.
PAGE 182
UTT Technologies Chapter 7 Advanced Setup belongs. User Name: It specifies a unique name for the DHCP manual binding. It is used to identify the host that want to be assigned a static IP address. It should be between 1 and 31 characters long. IP Address: It specifies the IP address for the DHCP manual binding. It must be a valid IP address of the related address pool. The requesting host that matches the manual binding will be assigned this specified address.
PAGE 183
UTT Technologies Chapter 7 Advanced Setup 7.8.4.4 How to Add the DHCP Manual Bindings If you want to add one or more DHCP manual bindings, do the following: Step 1 Go to the Advanced > DHCP page, and select the DHCP Server radio button to go to the DHCP Server page. Step 2 Select the Manual Binding Settings tab to go to the setup page. Step 3 From the Bind to drop-down list, select a DHCP address pool to which this DHCP manual binding belongs.
PAGE 184
UTT Technologies Chapter 7 Advanced Setup ¾ Add a DHCP Address Pool: If you want to add a new DHCP address pool, select the Address Pool Settings tab, and then configure it, lastly click the Save button. ¾ View DHCP Address Pool(s): When you have configured some DHCP address pools, you can view them in the Address Pool List. ¾ Edit DHCP Address Pool: If you want to modify a configured DHCP address pool, click its Edit hyperlink, the related information will be displayed in the setup page.
PAGE 185
UTT Technologies Chapter 7 Advanced Setup Figure 7-30 DHCP Address Pool Settings Interface: It specifies a physical interface to which the DHCP address pool is bound. Pool Name: It specifies a unique name for the DHCP address pool. It should be between 1 and 11 characters long. Start IP Address: It specifies the starting IP address assigned from the DHCP address pool. Number of Addresses: It specifies the maximum number of IP addresses that can be assigned from the DHCP address pool.
PAGE 186
UTT Technologies Chapter 7 Advanced Setup needs to renew its address lease assignment with the server. The duration for a lease determines when it will expire and how often the client needs to renew it with the server. The default value is 3600 seconds. Primary DNS Server: It specifies the IP address of the primary DNS server that is available to a DHCP client. Secondary DNS Server: It specifies the IP address of the secondary DNS server that is available to a DHCP client.
PAGE 187
UTT Technologies ¾ Chapter 7 Advanced Setup Ɣ B-Node: It indicates a broadcast node that uses broadcasts for name resolution. Ɣ P-Node: It indicates a peer-to-peer node that uses a WINS server to resolve NetBIOS names. P-Node does not use broadcasts but queries the WINS server directly. Ɣ M-Node: It indicates a mixed node that is a combination of a B-Node and P-Node. By default, an M-Node functions as a B-Node firstly. If the broadcast name query is unsuccessful, it uses a WINS server.
PAGE 188
UTT Technologies Chapter 7 Advanced Setup Step 3 From the Interface drop-down list, select a physical interface to which the DHCP address pool is bound. Step 4 Specify the Pool Name, Start IP Address, Number of Addresses and Primary DNS Server. Step 5 Specify the Subnet Mask, Default Gateway and Lease Time as required. Step 6 Specify the Secondary DNS Server, Primary WINS Server and Secondary WINS Server if needed. Step 7 Specify the Domain Name, DHCP Relay IP and Relay Agent ID if needed.
PAGE 189
UTT Technologies Chapter 7 Advanced Setup 7.8.5.1 DHCP Relay Agent Settings Figure 7-32 DHCP Relay Agent Settings Interface: It specifies physical interface on which the DHCP relay agent is applied. Enable DHCP Relay Agent: It allows you to enable or disable DHCP relay agent. If you want to enable DHCP relay agent on the specified interface, please select this check box. DHCP Server 1 ~ 3: It specifies one or more DHCP servers for the relay agent.
PAGE 190
UTT Technologies Chapter 7 Advanced Setup characters long. ¾ Ɣ ascii: It is used to specify an ASCII character string. It should be between 1 and 27 characters long. Ɣ ip: It is used to specify an IP address. Response Mode: It specifies the mode in which DHCP relay agent sends the DHCP response messages to the client. The available options are Client Determine, Unicast and Broadcast.
PAGE 191
UTT Technologies Chapter 7 Advanced Setup Figure 7-33 DHCP Relay Agent List ¾ Configure DHCP Relay Agent: If you want to apply DHCP relay agent function on a physical interface, select the Relay Agent Settings tab to go to the setup page, and then select the interface and configure other parameters, lastly click the Save button.
PAGE 192
UTT Technologies Chapter 7 Advanced Setup 7.8.6 Raw Option Go to the Advanced > DHCP page firstly, and then select the Raw Option radio button (see the following figure) to go to the Raw Option page, which includes the Raw Option List and Raw Option Settings subpages. Figure 7-34 Select Raw Option 7.8.6.1 Raw Option Settings In this page, you can easily create DHCP raw options.
PAGE 193
UTT Technologies Chapter 7 Advanced Setup Ɣ ascii: It is used to specify an ASCII character string. It should be between 1 and 27 characters long. Ɣ ip: It is used to specify an IP address. Interface: It specifies the physical interface on which the DHCP raw option is applied. ¾ Save: Click it to save the DHCP raw option settings. Note For detailed information about DHCP options, see RFC 2132, with updates in RFC 3942. 7.8.6.
PAGE 194
UTT Technologies Chapter 7 Advanced Setup the leftmost check boxes of them, and then click the Delete button. 7.8.6.3 How to Add the DHCP Raw Options If you want to add one or more DHCP raw options, do the following: Step 1 Go to the Advanced > DHCP page, and select the Raw Option radio button to go to the Raw Option page. Step 2 Select the Raw Option Settings tab or click the New button to go to the setup page. Step 3 Specify the Option Name, Option Code and Option Value.
PAGE 195
UTT Technologies Chapter 7 Advanced Setup 1. Network Requirements In this example, the Device acts as a DHCP server to dynamically assign the IP addresses to the clients that reside on the same subnet. The Device¶s LAN interface IP address is 192.168.16.1/24. We need to create two address pools (pool1 and pool2). The pool1¶s address range is from 192.168.16.2/24 to 192.168.16.101/24, primary and secondary DNS servers IP addresses are 202.96.209.5 and 202.96.199.133, domain name is utt.com.
PAGE 196
UTT Technologies Chapter 7 Advanced Setup Figure 7-38 DHCP Server Global Settings - Example Step 4 Click the Save button to save the settings. Till now you have finished configuring DHCP server global settings. 2˅ Configuring the DHCP Address Pool - pool1 As mentioned earlier, the pool1 is the default address pool provided by the Device. And it is editable, but can¶t be deleted. So you could modify the pool1 according to your requirements.
PAGE 197
UTT Technologies Chapter 7 Advanced Setup Figure 7-39 DHCP Address Pool Settings - Example (pool1) Step 3 Enter 192.168.16.2 in the Start IP Address text box, enter 100 in the Number of Addresses text box, enter 192.168.16.1 in the Default Gateway text box, enter 202.96.209.5 in the Primary DNS Server text box, enter 202.96.199.133 in Secondary DNS Server text box, and enter utt.com.cn in the Domain Name text box. Leave the default values for the other parameters.
PAGE 198
UTT Technologies Chapter 7 Advanced Setup Figure 7-40 DHCP Address Pool Settings - Example (pool2) Step 3 Enter 192.168.16.102 in the Start IP Address text box, enter 153 in the Number of Addresses text box, enter 192.168.16.1 in the Default Gateway text box, enter 7200 in the Lease Time text box, enter 202.96.209.5 in the Primary DNS Server text box, enter 202.96.199.133 in the Secondary DNS Server text box, and enter utt.com.cn in the Domain Name text box.
PAGE 199
UTT Technologies Chapter 7 Advanced Setup Figure 7-41 DHCP Manual Binding Settings - Example Step 3 Select pool1 from the Bind to drop-down list, enter binding1 in the User Name text box, enter 192.168.16.10 in the IP Address text box and enter 000795a81c3d in the MAC Address text box. Step 4 Select hex from the Client ID drop-down list and enter 01000795a81c3d in the associated text box, enter test in the Host Name text box. Leave the default values for the other parameters.
PAGE 200
UTT Technologies Chapter 7 Advanced Setup DHCP Server 200.200.200.0/24 LAN WAN Interface DHCP Client Figure 7-42 Network Topology Where DHCP Client is Applied on WAN Interface 3. Configuration Procedure Step 1 Go to the Advanced > DHCP page, select the DHCP Client radio button and then select the DHCP Client Settings tab to go to the setup page, see the following figure. Figure 7-43 DHCP Client Settings - Example Step 2 Select WAN from the Interface drop-down list.
PAGE 201
UTT Technologies Step 5 Chapter 7 Advanced Setup Click the Save button to save the settings. Till now you have finished configuring the DHCP client, and then you can view its configuration and status in the DHCP Client List. 7.8.7.3 Configuration Example for the DHCP Relay Agent 1. Network Requirements In this example, the DHCP clients reside on the subnet 192.168.16.0/254, and the DHCP server¶s IP address is 200.200.200.254/24.
PAGE 202
UTT Technologies Chapter 7 Advanced Setup Figure 7-45 DHCP Relay Agent Settings - Example Step 3 Select LAN from the Interface drop-down list. Step 4 Select the Enable DHCP Relay Agent check box. Step 5 Enter 200.200.200.254 in the DHCP Server 1 text box. Leave the default values for the other parameters. Step 6 Click the Save button to save the settings. Till now you have finished configuring the DHCP relay agent, and then you can view its configuration and status in the DHCP Relay Agent List.
PAGE 203
UTT Technologies Chapter 7 Advanced Setup Figure 7-46 Raw Option Settings - Example Step 3 Enter ven_inf in the Option Name text box, enter 43 in the Option Code text box, select ascii from the Option Value drop-down list and enter Test in the associated text box. Step 4 Select LAN from the Interface drop-down list. Step 5 Click the Save button to save the settings. Till now you have finished configuring the DHCP raw option, and then you can view its configuration in the Raw Option List. 7.8.7.
PAGE 204
UTT Technologies Chapter 7 Advanced Setup building2 ... building10, and call the Devices residing on each building DHCP Relay1, DHCP Realy2 ... DHCP Realy10. Each relay agent Device has its own ID. The Device residing on the center network acts as a DHCP server, and the DHCP address pools are bound to the LAN interface with IP address 200.200.200.254/24. The Devices residing on each building act as the DHCP relay agents. The DHCP relay agent is enabled on each Device¶s LAN interface.
PAGE 205
UTT Technologies Chapter 7 Advanced Setup Ɣ Every DHCP address pool¶s number of addresses is 253, which is the maximum number of valid addresses in each subnet where the client hosts reside. Ɣ Every DHCP address pool¶s lease time is 3600 seconds, primary and secondary DNS VHUYHUV¶ IP addresses are 202.96.209.6 and 202.96.199.133. Ɣ Their relay agent IDs are Test_Relay1, Test_Relay2 ... Test_Relay10 respectively, which are in ASCII format.
PAGE 206
UTT Technologies Chapter 7 Advanced Setup Internet Network Center DHCP Server LAN: 200.200.200.254/24 Switch WAN: 200.200.200.1/24 WAN: 200.200.200.10/24 WAN: 200.200.200.2/24 ĂĂ DHCP Relay1 DHCP Relay2 DHCP Relay10 192.168.2.0/24 192.168.1.0/24 DHCP Client 192.168.10.0/24 DHCP Client DHCP Client Figure 7-47 Network Topology for DHCP Comprehensive Example 3.
PAGE 207
UTT Technologies Chapter 7 Advanced Setup Figure 7-48 DHCP Server Global Settings - Comprehensive Example Step 4 b) Click the Save button to save the settings. Till now you have finished configuring DHCP server global settings. Configuring the DHCP Address Pool - pool1 As mentioned earlier, the pool1 is the system default address pool. And it is editable, but can¶t be deleted. So you could modify the pool1 according to your requirements.
PAGE 208
UTT Technologies Chapter 7 Advanced Setup Figure 7-49 DHCP Address Pool Settings - Comprehensive Example (pool1) Step 3 Enter 192.168.1.2 in the Start IP Address text box, enter 253 in the Number of Addresses text box, enter 192.168.1.1 in the Default Gateway text box, enter 202.96.209.5 in the Primary DNS Server text box and enter 202.96.199.133 in the Secondary DNS Server text box. Step 4 Select ascii from the Relay Agent ID drop-down list and enter Test_Relay1 in the associated text box.
PAGE 209
UTT Technologies Chapter 7 Advanced Setup 2) Configuring DHCP Relay1 Step 1 Go to the Advanced > DHCP page, select the DHCP Relay Agent radio button and then select the Relay Agent Settings tab to go to the setup page, see the following figure. Figure 7-50 DHCP Relay Agent Settings - Comprehensive Example (DHCP Relay1) Step 2 Select LAN from the Interface drop-down list. Step 3 Select the Enable DHCP Relay Agent check box. Step 4 Enter 200.200.200.254 in the DHCP Server 1 text box.
PAGE 210
UTT Technologies http://www.uttglobal.
PAGE 211
UTT Technologies 7.9 Chapter 7 Advanced Setup Switch This section describes Advanced > Switch page. 7.9.1 Port Mirroring 7.9.1.1 Introduction to Port Mirroring The port mirroring allows an administrator to mirror and monitor network traffic. It copies the traffic from the specified ports to another port where the traffic can be monitored with an external network analyzer. Then the administrator can perform traffic monitoring, performance analysis and fault diagnosis. 7.9.1.
PAGE 212
UTT Technologies Chapter 7 Advanced Setup 7.9.2 Port-Based VLAN 7.9.2.1 Introduction to VLAN A VLAN (Virtual Local Area Network) is a group of devices that form a logical LAN segment, that is, a broadcast domain. The members on the same VLAN can communicate with each other. The traffic will not disturb among different VLANs, that is, any traffic (unicast, broadcast or multicast) within a VLAN doesn¶t flow to another VLAN. The VLAN feature offers the benefits of both security and performance.
PAGE 213
UTT Technologies Chapter 7 Advanced Setup Note 1. The ports that have the same VLAN ID will be grouped into a VLAN. The ports on the same VLAN can communicate with each other, but the ports that belong to the different VLANV FDQ¶t communicate. 2. By default, all the LAN switch ports are members of the same VLAN. The most complex case is that each port is grouped into a VLAN respectively.
PAGE 214
UTT Technologies Chapter 7 Advanced Setup Enable Traffic Destined for Same IP Address via Different WANs: It allows you to enable or disable traffic destined for same IP address via different WANs. When using multiple Internet connections to access the Internet, if you select this check box, the packets destined for the same IP address will be transmitted through different Internet connections to implement load balancing. ¾ Save: Click it to save your settings. 7.10.
PAGE 215
UTT Technologies Ɣ Chapter 7 Advanced Setup User-defined: If you want to add a new user-defined task, please select this option, and then enter the related CLI command in the Task Content. Note that you can only enter one command for one task. Task Content: It specifies the content of the task. ¾ Save: Click it to save the scheduled task settings. http://www.uttglobal.
PAGE 216
UTT Technologies Chapter 8 NAT Chapter 8 NAT This chapter describes how to configure and use NAT features, including port forwarding, DMZ hosts, NAT rule and UPnP. 8.1 Port Forwarding This section describes the NAT > Port Forwarding page, which allows you to configure port forwarding rules. 8.1.1 Introduction to Port Forwarding By default, NAT is enabled on the Device, so the Device will block all the requests initiated from outside users.
PAGE 217
UTT Technologies Chapter 8 NAT 8.1.2 Port Forwarding Settings Figure 8-1 Port Forwarding Settings Protocol: It specifies the transport protocol used by the service. The available options are TCP, UDP and GRE. Start External Port: It specifies the lowest port number provided by the Device. The external ports are opened for outside users to access. Internal IP Address: It specifies the IP address of the local host that provides the service.
PAGE 218
UTT Technologies Chapter 8 NAT Description: It specifies the description of the port forwarding rule. ¾ Save: Click it to save the port forwarding rule settings. Note 1. If you choose the Protocol as GRE, you should set the Start External Port and Start Internal Port to 0, and set the Port Count to 1. 2.
PAGE 219
UTT Technologies Chapter 8 NAT 8.1.4 How to Add the Port Forwarding Rules If you want to add one or more port forwarding rules, do the following: Step 1 Go to the NAT > Port Forwarding page, and then click the New button or select the Port Forwarding Settings tab to go to the setup page. Step 2 Specify the Protocol, Internal IP Address and Start Internal Port as required. Step 3 Specify the Start External Port as required. The Start External Port and Start Internal Port can be different.
PAGE 220
UTT Technologies Chapter 8 NAT Figure 8-3 Port Forwarding Settings - Example One 8.1.5.2 Example Two An organization wants a LAN server (IP Address: 192.168.16.100) to open ftp service (Protocol: TCP; Port: 20, 21) to the outside users. And the Device will use 2020 and 2021 as the external ports and the WAN2 IP address (200.200.201.18 in this example) as the external IP address. As the ftp service uses two ports, so we need set the Port Count to 2. Then all the requests for ftp from outside users to 200.
PAGE 221
UTT Technologies Chapter 8 NAT from the ISP. Therein, 218.1.21.1/29 is used as the Internet connection¶s gateway IP address, 218.1.21.2/29 is used as the Device¶s WAN1 interfacH¶s IP address. The organization wants a LAN server (IP Address: 192.168.16.88) to open SMTP service (Protocol: TCP; Port: 25) to the outside users. And the Device will use 2025 as the external port and 218.1.21.3 as the external IP address. Firstly, we need to create a NAT rule, and set its External IP Address to 218.1.21.
PAGE 222
UTT Technologies 8.2 Chapter 8 NAT DMZ Host This section describes the NAT > DMZ page. 8.2.1 Introduction to DMZ host The DMZ (Demilitarized Zone) host allows one local host to be exposed to the Internet for the use of a special service such as online game or video conferencing. When receiving the requests initiated from outside users, the Device will directly forward these requests to the specified DMZ host.
PAGE 223
UTT Technologies Chapter 8 NAT 8.2.2 DMZ Host Settings 8.2.2.1 Global DMZ Host Settings Figure 8-6 Global DMZ Host Settings DMZ IP: It specifies the private IP address of the global DMZ host. ¾ Save: Click it to save the global DMZ host settings. 8.2.2.2 Interface DMZ Host Settings Figure 8-7 Interface DMZ Host Settings WANx DMZ IP: It specifies the private IP address of the interface DMZ host which is bound to the WAN interface.
PAGE 224
UTT Technologies Chapter 8 NAT 8.2.3 The Priorities of Port Forwarding and DMZ Host The port forwarding has higher priority than the DMZ host. When receiving a request packet initiated from an outside user, the Device will firstly search the Port Forwarding List to find out if there is a port forwarding rule matching the destination IP address and port of the packet. If a match is found, the Device will forward the packet to the mapped local host.
PAGE 225
UTT Technologies 8.3 Chapter 8 NAT NAT Rule 8.3.1 Introduction to NAT The NAT (Network Address Translation) is an Internet standard that is used to map one IP address space (i.e., Intranet) to another IP address space (i.e., Internet).
PAGE 226
UTT Technologies Chapter 8 NAT local network, the LAN server still use the private IP address, which is provided to the LAN hosts to access; and on the Internet, the Device will assign an external IP address to the local server, then the outside users can using this external IP address to access the server through the Device. Ɣ EasyIP: It indicates network address and port translation (NAPT). Since it is the most common type of NAT, it is often simply referred to as NAT.
PAGE 227
UTT Technologies Chapter 8 NAT as its external IP address. It allows you bind multiple port forwarding rules to the same EasyIP NAT rule. Ɣ Only after you have configured an Internet connection, you can create a NAT rule which is bound to this Internet connection; and only after you have configured an EasyIP NAT rule, you can create a port forwarding rule which is bound to this EasyIP NAT rule. 8.3.1.
PAGE 228
UTT Technologies Chapter 8 NAT LAN hosts (that is, the hosts that have not been assigned a preferential channel) to process. On the Device, you can assign different preferential channel for different LAN hosts. 8.3.2.3 Allocating Traffic according to Connection Bandwidth On the Device, you can designate the ratio of traffic that will be allocated to each Internet connection in advance.
PAGE 229
UTT Technologies Chapter 8 NAT Weight. In this case, the NAT sessions initiated from the same IP address will use the same NAT rule, that is, a LAN host will use only one NAT rule to access the Internet. For example, there are three EasyIP NAT rules whose Weights are 3, 2 and 1 respectively.
PAGE 230
UTT Technologies Chapter 8 NAT the IP addresses or NAT sessions to each EasyIP NAT rule in turn. Then the Device will effectively control and balance the traffic among multiple Internet connections. 8.3.3 NAT Rule Settings The following sections describe three types of NAT rules respectively, which include: EasyIP NAT (see Figure 8-8), One2One NAT (see Figure 8-9), and Passthrough NAT (see Figure 8-10).
PAGE 231
UTT Technologies Chapter 8 NAT external IP address; and it is non-editable. A user-defined NAT rule¶s external IP address can be neither 0.0.0.0 nor the WAN interface¶s IP address, that is, you can only use the other public IP addresses provided by your ISP as its external IP addresses. Start Internal IP Address and End Internal IP Address: They specify the internal address range of the NAT rule. The LAN hosts that belong to this address range will preferential use the NAT rule.
PAGE 232
UTT Technologies Chapter 8 NAT Bind to: It specifies an Internet connection to which the NAT rule is bound. The LAN hosts that match the NAT rule will access the Internet through this Internet connection. Description: It specifies the description of the NAT rule. ¾ Save: Click it to save the NAT rule settings. Note 1.
PAGE 233
UTT Technologies Chapter 8 NAT NAT Type: It specifies the type of the NAT rule. The available options are EasyIP, One2One, and Passthrough. Here please select Passthrough. Start Internal IP Address and End Internal IP Address: They specify the internal address range of the NAT rule. They are usually public IP addresses provided by the ISP.
PAGE 234
UTT Technologies Chapter 8 NAT the related information will be displayed in the setup page. Then modify it, and click the Save button. ¾ Delete NAT Rule(s): If you want to delete one or more NAT rules, select the leftmost check boxes of them, and then click the Delete button. 8.3.5 How to Add the NAT Rules If you want to add one or more NAT rules, do the following: Step 1 Please decide the type of the NAT rule.
PAGE 235
UTT Technologies Chapter 8 NAT 2. A system reserved NAT rule¶s external IP address is 0.0.0.0, which means that the rule will use the related WAN interface¶s IP address as its external IP address; and it is non-editable. A user-defined NAT rule¶s external IP address can be neither 0.0.0.0 nor the related WAN interface¶s IP address, that is, you can only use the other public IP addresses provided by your ISP as its external IP addresses. 3.
PAGE 236
UTT Technologies Chapter 8 NAT Figure 8-12 EasyIP NAT Rule Settings - Example Step 3 Enter 218.1.21.3 in the External IP Address text box, enter 192.168.16.10 in the Start Internal IP address text box, and enter 192.168.16.100 in the End Internal IP address text box. Step 4 Enter 2 in the Weight text box. Step 5 Select WAN1 from the Bind to drop-down list. Step 6 Click the Save button to save the settings.
PAGE 237
UTT Technologies Chapter 8 NAT Figure 8-13 Network Topology for One2One NAT Rule Configuration Example The business employees will share a single public IP address of 202.1.1.130/29 to access the Internet. The LAN¶s subnet number is 192.168.16.0, and subnet mask is 255.255.255.0. And the business want to use the remaining four public IP addresses (from 202.1.1.131/29 to 202.1.1.
PAGE 238
UTT Technologies Chapter 8 NAT Figure 8-14 One2One NAT Rule Settings - Example Step 3 Enter 202.1.1.131 in the Start External IP Address text box, enter 192.168.16.200 in the Start Internal IP address text box, and enter 192.168.16.203 in the End Internal IP address text box. Step 4 Select WAN1 from the Bind to drop-down list. Step 5 Click the Save button to save the settings. Till now you have finished configuring the NAT rule, and then you can view its related configuration in the NAT Rule List.
PAGE 239
UTT Technologies Chapter 8 NAT Figure 8-15 Network Topology for Passthrough NAT Rule Configuration Example 2. Analysis Firstly we need configure a static IP Internet connection on the WAN1 interface in the Basic > WAN page or through the Quick Wizard. After you have configured the Internet connection, the Device will automatically create the related system reserved NAT rule, and also enable NAT.
PAGE 240
UTT Technologies Chapter 8 NAT Figure 8-16 Passthrough NAT Rule Settings - Example Step 3 Enter 202.96.100.2 in the Start Internal IP address text box, and enter 202.96.100.30 in the End Internal IP address text box. Step 4 Select WAN2 from the Bind to drop-down list. Step 5 Click the Save button to save the settings. Till now you have finished configuring the NAT rule, and then you can view its configuration in the NAT Rule List. http://www.uttglobal.
PAGE 241
UTT Technologies 8.4 Chapter 8 NAT UPnP This section describes the NAT > UPnP page. The Universal Plug and Play (UPnP) is architecture that implements zero configuration networking, that is, it provides automatic IP configuration and dynamic discovery of the UPnP compatible devices from various vendors.
PAGE 242
UTT Technologies Chapter 8 NAT The UPnP is enabled on the LAN interface by default. 8.4.2 UPnP Port Forwarding List Figure 8-18 UPnP Port Forwarding List ID: It is used to identify each UPnP port forwarding rule in the list. Internal IP: It displays the IP address of the LAN host. Internal Port: It displays the service port provided by the LAN host. Protocol: It displays the transport protocol used by the service. Remote IP: It displays the IP address of the remote host.
PAGE 243
UTT Technologies Chapter 9 PPPoE Server Chapter 9 PPPoE Server 9.1 Introduction to PPPoE The PPPoE stands for Point-to-Point Protocol over Ethernet, which uses client/server model. The PPPoE provides the ability to connect the Ethernet hosts to a remote Access Concentrator (AC) over a simple bridging access device. And it provides extensive access control management and accounting benefits to ISPs and network administrators.
PAGE 244
UTT Technologies Chapter 9 PPPoE Server 1. PADI (PPPoE Active Discovery Initiation): At the beginning, a PPPoE client broadcasts a PADI packet to find all the servers that can be connected possibly. Until it receives PADO packets from one or more servers. The PADI packet must contain a service name which indicates the service requested by the client. 2. PADO (PPPoE Active Discovery Offer): When a PPPoE server receives a PADI packet in its service range, it will send a PADO response packet.
PAGE 245
UTT Technologies Chapter 9 PPPoE Server 9.1.4 PPPoE Session Termination After a session is established, either the server or client may send a PADT (PPPoE Active Discovery Terminate) packet at anytime to indicate the session has been terminated. The PADT packet¶s SESSION-ID must be set to indicate which session is to be terminated. Once received a PADT, no further PPP packets (even normal PPP termination packets) are allowed to be sent using the specified session.
PAGE 246
UTT Technologies Chapter 9 PPPoE Server Enable PPPoE Server: It allows you to enable or disable PPPoE server. If you want to enable PPPoE server on the Device, please select this check box. Only after you have enabled PPPoE server, you can configure the other parameters in this page. Start IP Address: It specifies the starting IP address that is assigned by the PPPoE server. Number of Addresses: It specifies the maximum number of IP addresses that can be assigned to the PPPoE clients.
PAGE 247
UTT Technologies Chapter 9 PPPoE Server through the Device, please select this option. The one exception is that you select an address group from Exception drop-down list. Exception: It specifies an address group that is exempt from the restriction of Only Allow PPPoE Users.
PAGE 248
UTT Technologies 9.3 Chapter 9 PPPoE Server PPPoE Account This section describes the PPPoE > PPPoE Account page, which includes the PPPoE Account Settings, PPPoE Account List, Import Accounts and PPPoE Account Billing. 9.3.1 PPPoE Account Settings In the PPPoE > PPPoE Account > PPPoE Account Settings page, you can configure PPPoE account related parameters, which include basic parameters, rate limit parameters and security parameters. Figure 9-4 PPPoE Account Settings http://www.uttglobal.
PAGE 249
UTT Technologies Chapter 9 PPPoE Server User Name: It specifies a unique user name of the PPPoE account. It should be between 1 and 31 characters long. The PPPoE server will use User Name and Password to identify the PPPoE client. Password: It specifies the password of the PPPoE account. Description: It specifies the description of the PPPoE account. ¾ Advanced Options: Click it to view and configure advanced parameters. In most cases, you need not configure them.
PAGE 250
UTT Technologies Chapter 9 PPPoE Server reaches the specified megabytes. Refer to section 9.3.4 PPPoE Account Billing for more information. Max. Sessions: It specifies the maximum number of PPPoE sessions that can be created by using the current PPPoE account. Account/MAC Binding: It specifies the type of PPPoE account and MAC address binding. The available options are None, Auto and Manual.
PAGE 251
UTT Technologies Chapter 9 PPPoE Server 2. The PPPoE IP/MAC binding has higher priority than the PPPoE account/IP binding, that is, if an IP/MAC binding and account/IP binding have the same IP address, the Device will assign this IP address to the user that matches the IP/MAC binding. The IP/MAC binding is configured in the PPPoE > PPPoE IP/MAC > IP/MAC Binding Settings page. 3.
PAGE 252
UTT Technologies Chapter 9 PPPoE Server select the leftmost check boxes of them, and then click the Delete button. 9.3.3 Import Accounts The PPPoE > PPPoE Account > Import Accounts page provides PPPoE accounts import function to simplify operation. When you want to create a great deal of PPPoE accounts, you can import them at a time in the page. You can edit them in Notepad, and then copy them to the Import Accounts list box; also you can directly enter them in the Import Accounts list box.
PAGE 253
UTT Technologies Chapter 9 PPPoE Server 9.3.4 PPPoE Account Billing 9.3.4.1 Introduction to PPPoE Account Billing Mechanism PPPoE Account Billing is a specific function of UTT Series Security Firewalls. It provides a billing mechanism. According to different Accounting Mode, the UTT Device will start to run the billing mechanism by Date, Hour or Traffic.
PAGE 254
UTT Technologies Chapter 9 PPPoE Server 9.3.4.2 PPPoE Account Billing By Date If you want to create a PPPoE Billing Account by date, you can go to PPPoE > PPPoE Account > PPPoE Account Settings page and set the Accounting Mode as By Date, see Figure. Figure 9-8 PPPoE Account Billing By Date Accounting Mode: It specify the accounting mode of the PPPoE billing account. Here select By Date. Account Opening Date: It specify the opening date of the PPPoE account.
PAGE 255
UTT Technologies Chapter 9 PPPoE Server Figure 9-9 PPPoE Account Billing By Hour Accounting Mode: It specify the accounting mode of the PPPoE billing account. Here select By Hour. Hours: It specify the max online time(by hour) of the PPPoE account. The device will accumulate the online time of the PPPoE account, once the online time reaches the max online time, the account cannot be used because it¶s been disabled by the UTT device. 0 means no limit, the account will be always enabled. Note 1.
PAGE 256
UTT Technologies Chapter 9 PPPoE Server Tx. Traffic: It specify the max Tx. Traffic of the PPPoE account. The device will accumulate the upload traffic of the PPPoE account, once the accumulative upload traffic reaches the Tx. Traffic, the account cannot be used because it¶s been disabled by the UTT device. 0 means no limit for upload traffic. Rx. Traffic: It specify the max Rx. Traffic of the PPPoE account.
PAGE 257
UTT Technologies Chapter 9 PPPoE Server server will always assign this address to the PPPoE dial-in host specified by the MAC Address. It must be a valid IP address in the range of address pool configured in the PPPoE > Global Settings page. MAC Address: It specifies the MAC address of a PPPoE dial-in host. Description: It specifies the description of the PPPoE IP/MAC binding. ¾ Save: Click it to save the PPPoE IP/MAC binding settings. Note 1.
PAGE 258
UTT Technologies Chapter 9 PPPoE Server ¾ Add a PPPoE IP/MAC Binding: If you want to add a new PPPoE IP/MAC binding, click the New button or select the IP/MAC Binding Settings tab to go to the setup page, and then configure it, lastly click the Save button. ¾ Edit a PPPoE IP/MAC Binding: If you want to modify a configured PPPoE IP/MAC binding, click its Edit hyperlink, the related information will be displayed in the setup page. Then modify it, and click the Save button.
PAGE 259
UTT Technologies 9.5 Chapter 9 PPPoE Server PPPoE Status In the PPPoE > PPPoE Status page, you can view the status and usage information of each online PPPoE dial-in user. If a PPPoE dial-in user has established the PPPoE session to the Device successfully, you can view the assigned IP address, MAC address, Rx Rate and Tx Rate of the user, online time and session ID of the PPPoE session. Figure 9-13 PPPoE Status List User Name: It displays the PPPoE user name.
PAGE 260
UTT Technologies http://www.uttglobal.
PAGE 261
UTT Technologies 9.6 Chapter 9 PPPoE Server Configuration Example for PPPoE Server 1. Requirements In this example, an organization¶s administrator wants the LAN users to act as the PPPoE clients to dial up to the Device. And it only allows the PPPoE dial-in users to access the Internet through the Device. The exception is the CEO with IP address 192.168.16.2. When acting as a PPPoE server, the Device dynamically will assign the IP addresses to the LAN users.
PAGE 262
UTT Technologies Step 3 Chapter 9 PPPoE Server Go to the PPPoE > Global Settings > Internet Access Control page, select the Only Allow PPPoE Users check box, and select CEO from the Exception drop-down list. The CEO address group only includes one IP address: 192.168.16.2, which is configured in the Security > Address Group page. Figure 9-15 Internet Control Settings - Example 2˅ Configuring PPPoE Accounts Step 1 Go to the PPPoE > PPPoE Account > PPPoE Account Settings page.
PAGE 263
UTT Technologies Chapter 9 PPPoE Server Figure 9-16 Configuring the Universal PPPoE Account - Example Step 3 Creating the advanced PPPoE Account whose user name is Advanced. See the following figure, enter Advanced in the User Name, enter test2 in the Password, enter advanced account in the Description, and enter 10 in the Max. Sessions text box. Leave the default values for the other parameters. Then click the Save button to save the settings. http://www.uttglobal.
PAGE 264
UTT Technologies Chapter 9 PPPoE Server Figure 9-17 Configuring the Advanced PPPoE Account - Example 3˅ Configuring a PPPoE IP/MAC Binding Step 1 Go to the PPPoE > PPPoE IP/MAC > IP/MAC Binding Settings page. Step 2 See the following figure, enter 10.0.0.50 in the IP Address, and enter 0021859b4544 in the MAC Address, then click the Save button to save the settings. Figure 9-18 Configuring a PPPoE IP/MAC Binding ± Example http://www.uttglobal.
PAGE 265
UTT Technologies 9.7 Chapter 9 PPPoE Server PPPoE Account Expiration Notice The UTT series security firewalls provide PPPoE account expiration notice feature to remind a PPPoE dial-in user periodically that his/her account is going to expire. Then the user can avoid the loss due to the account expiration. When you have enabled PPPoE account expiration notice and the account is going to expire, the Device will pop up a notice message to remind the user.
PAGE 266
UTT Technologies Chapter 9 PPPoE Server 9.7.1 PPPoE Account Expiration Notice by Date Figure 9-19 PPPoE Account Expiration Notice by Date PPPoE Account Expiration Notice Mode: It specifies the PPPoE account expiration notice mode. Here select By Date. Enable Notice by Date: It allows you to enable or disable the PPPoE account expiration notice by date. If you want to enable this feature, please select this check box. Remaining Days: It specifies the remaining days before account expires.
PAGE 267
UTT Technologies ¾ Chapter 9 PPPoE Server Preview: Click it to preview the notice message you just configured. The following figure shows an example of a notice message. Figure 9-20 PPPoE Account Expiration Notice Preview ± Example 1 ¾ Back to Setup Page: Click it to go back to the PPPoE > PPPoE Notice > Expiration Notice page. http://www.uttglobal.
PAGE 268
UTT Technologies Chapter 9 PPPoE Server 9.7.2 PPPoE Account Expiration Notice by Hours Figure 9-21 PPPoE Account Expiration Notice by Hours PPPoE Account Expiration Notice Mode: It specifies the PPPoE account expiration notice mode. Here select By Hours. Enable Notice by Hours: It allows you to enable or disable the PPPoE account expiration notice by hours. If you want to enable this feature, please select this check box.
PAGE 269
UTT Technologies ¾ Chapter 9 PPPoE Server Preview: Click it to preview the notice message you just configured. The following figure shows an example of a notice message. Figure 9-22 PPPoE Account Expiration Notice Preview ± Example 2 ¾ Back to Setup Page: Click it to go back to the PPPoE > PPPoE Notice > Expiration Notice page. http://www.uttglobal.
PAGE 270
UTT Technologies Chapter 9 PPPoE Server 9.7.3 PPPoE Account Expiration Notice by Traffic Figure 9-23 PPPoE Account Expiration Notice by Traffic PPPoE Account Expiration Notice Mode: It specifies the PPPoE account expiration notice mode. Here select By Traffic. Enable Notice by Traffic: It allows you to enable or disable the PPPoE account expiration notice by traffic. If you want to enable this feature, please select this check box.
PAGE 271
UTT Technologies Chapter 9 PPPoE Server Notice Title: It specifies the title of the notice message. Signature: It specifies the signature of the notice message. Notice Content: It specifies the content of the notice message. ¾ Save: Click it to save your settings. ¾ Preview: Click it to preview the notice message you just configured. The following figure shows an example of a notice message. Figure 9-24 PPPoE Account Expiration Notice Preview ± Example 3 Note 1.
PAGE 272
UTT Technologies Chapter 10 QoS Chapter 10 QoS This chapter describes how to control and manage Internet bandwidth of the LAN users, including global settings, rate limit rule settings and P2P rate limit settings. 10.1 Introduction to Bandwidth Management 10.1.
PAGE 273
UTT Technologies Chapter 10 QoS 10.1.2 Token Bucket Algorithm As bandwidth management feature provided by the UTT products is based on token bucket algorithm, this section describe token bucket in brief. Token bucket algorithm is one of the most common algorithms which are used for network traffic shaping and rate limiting. Typically, token bucket algorithm is used to control the amount of data injected into a network, and it allows bursts of data to be sent.
PAGE 274
UTT Technologies Chapter 10 QoS 10.1.3 Implementation of Bandwidth Management Using intelligent bandwidth management based on token bucket algorithm, the Device can flexibly control the upload and download bandwidth of the LAN hosts. There are four process mechanisms depending on the bandwidth utilization: 1. When the bandwidth utilization level is idle, each LAN host is likely to obtain its maximum bandwidth. 2.
PAGE 275
UTT Technologies Chapter 10 QoS 10.2 Rate Limit Global Settings Figure 10-1 Rate Limit Global Settings Enable Rate Limit: It allows you to enable or disable rate limit. If you select the check box to enable rate limit, the configured rate limit rules will take effect. Else the rate limit rules will be of no effect. Capacity: It specifies the maximum number of network devices (PC or other network device) that can be connected to the Device at the same time.
PAGE 276
UTT Technologies Chapter 10 QoS 10.3 Rate Limit Rule You can create rate limit rules based on source IP address, destination IP address, protocol type (TCP, UDP or ICMP), port, schedule, and so on. Note that if you want the rate limit rules to take effect, please make sure that the Enable Rate Limit check box is selected in the QoS > Global Settings page. 10.3.
PAGE 277
UTT Technologies Chapter 10 QoS Figure 10-2 Rate Limit Rule Settings Source: It specifies the IP addresses of the LAN hosts to which the rate limit rule applies. There are two available options: Ɣ Addresses: Select it to enter the start and end addresses in the associated text boxes. Ɣ Address Group: Select it to choose an address group from the associated drop-down list. By default, the Address Group radio button is selected, and its value is Any Address.
PAGE 278
UTT Technologies Chapter 10 QoS bandwidth, please select NoLimit. Min. Rx Bandwidth: It specifies the guaranteed download bandwidth allocated to the LAN hosts or applications that match the rate limit rule. Max. Tx Bandwidth: It specifies the maximum upload bandwidth allocated to the LAN hosts or applications that match the rate limit rule. Max. Rx Bandwidth: It specifies the maximum download bandwidth allocated to the LAN hosts or applications that match the rate limit rule.
PAGE 279
UTT Technologies Chapter 10 QoS view, modify or delete address groups. ¾ Edit Service Group: Click it to go to the Security > Service Group page to add, view, modify or delete service groups. ¾ Save: Click it to save the rate limit rule settings. Note If the sum of specified Min. Tx/Rx Bandwidth LV ODUJHU WKDQ WKH ,QWHUQHW FRQQHFWLRQ¶V Uplink/Downlink Bandwidth (configured in the Basic > WAN page), the Device cannot guarantee the specified hosts or applications with minimum upload/download bandwidth.
PAGE 280
UTT Technologies Chapter 10 QoS view them in the Rate Limit Rule List. ¾ Edit a Rate Limit Rule: If you want to modify a configured rate limit rule, click its Edit hyperlink, the related information will be displayed in the setup page. Then modify it, and click the Save button.
PAGE 281
UTT Technologies Chapter 10 QoS 10.4 P2P Rate Limit This section describes the QoS > P2P Rate Limit page. P2P rate limit feature is specially designed for P2P application. The P2P rate limit has the highest priority, that is, even if you have created rate limit rules for some LAN users in the QoS > Rate Limit Rule page, the P2P traffic of these users is still restricted by P2P rate limit settings.
PAGE 282
UTT Technologies Chapter 10 QoS Exception: It specifies an address group that is exempt from the restriction of P2P rate limit settings. If you select an address group here, the P2P traffic of the LAN users in the group will be exempt from the restriction of P2P rate limit settings. The address group is configured in the Security > Address Group page. ¾ Save: Click it to save the P2P rate limit settings. Note 1.
PAGE 283
UTT Technologies Chapter 10 QoS 10.5 Application QoS This section describes the QoS > APP QoS page. The Device provides preferential forwarding for some predefined special applications traffic, that is, these applications traffic will be exempt from the restrictions of the rate limit rules configured in the QoS > Rate Limit Rule page. The predefined applications include hot online games, VoIP, Web browsing, VPN and Email.
PAGE 284
UTT Technologies Chapter 10 QoS preferential forwarding for VoIP traffic. If you select the check box to enable this feature, the LAN userV¶ VoIP traffic will be exempt from the restriction of the rate limit rules. The VoIP applications mainly include: Network Phone, Video Conference, etc. Enable Preferential Forwarding for Web Traffic: It allows you to enable or disable preferential forwarding for Web traffic.
PAGE 285
UTT Technologies Chapter 10 QoS We need to do the following settings: Ɣ Set the Internet connection¶s Uplink Bandwidth and Downlink Bandwidth to 10240 Kbit/s and 20480 Kbit/s respectively. Ɣ Enable rate limit and set the Capacity to 100 in the QoS > Global Settings page. Ɣ Create one rate limit rule to set guaranteed bandwidth for each LAN host: Min. Tx Bandwidth is 100 Kbit/s, and Min. Rx Bandwidth is 200 Kbit/s.
PAGE 286
UTT Technologies Chapter 10 QoS Figure 10-7 Rate Limit Rule Settings - Example One Step 4 Go to the QoS > P2P Rate Limit page (see Figure 10-8), select the Enable P2P Rate Limit check box, and select 64K from the Max. Tx Rate drop-down list, and select 128K from the Max. Rx Rate drop-down list. Leave the default values for the other parameters. Lastly click the Save button. Figure 10-8 P2P Rate Limit Settings - Example One http://www.uttglobal.
PAGE 287
UTT Technologies Chapter 10 QoS 10.6.2 Example Two 1. Requirements In this example, an Internet café has a single Internet connection with uplink bandwidth 50 Mbit/s and downlink bandwidth 100 Mbit/s. And the number of network devices is approximately 100. The Internet café consists of three areas: Video Area, Online Game Area, and Common Area. There are 30 hosts in Video Area, 30 hosts in Online Game Area, and 40 hosts in Common Area. The IP address ranges of the areas are as follows: Ɣ Video Area: 192.
PAGE 288
UTT Technologies Chapter 10 QoS 3. Configuration Procedure Step 1 Go to Security > Address Group page to create two address groups: One is for the Video Area, and it contains the IP addresses from 192.168.16.2 to 192.168.16.40; the other is for the Online Game Area, and it contains the IP addresses from 192.168.16.41 to 192.168.16.80; and here we assume their names are video and game respectively.
PAGE 289
UTT Technologies Chapter 10 QoS the Min. Rx Bandwidth drop-down list, and select Mid from the Bandwidth Priority drop-down list. Leave the default values for the other parameters. lastly click the Save button. Figure 10-10 Rate Limit Rule 2 Settings - Example Two Step 6 Creating rate limit rule 3: Go to the QoS > Rate Limit Rule > Rate Limit Rule Settings page (see Figure 10-11), select video from the Source Address Group, select 2M from the Min. Tx Bandwidth drop-down list, select 4M from the Min.
PAGE 290
UTT Technologies Chapter 10 QoS Figure 10-11 Rate Limit Rule 3 Settings - Example Two Step 7 Go to the QoS > APP QoS page (see Figure 10-12), select the Enable Preferential Forwarding for Web Traffic check box, and then click the Save button. Figure 10-12 Enable Preferential Forwarding for Web Traffic- Example Two http://www.uttglobal.
PAGE 291
UTT Technologies http://www.uttglobal.
PAGE 292
UTT Technologies Chapter 11 Restriction Chapter 11 Restriction This chapter describes how to configure personal settings for each LAN user, Internet behavior management, policy database, QQ whitelist, notice and Web Authentication feature; and how to view the related status information. 11.
PAGE 293
UTT Technologies Chapter 11 Restriction moreover, you can go to the Restriction > User Admin > Internet Behavior page to configure the personal Internet behavior management parameters for the user. If you move your mouse over the IP Address hyperlink, it will display the current effective settings of the user. MAC Address: It displays the MAC address of the LAN user. Binding Status: It indicates whether the LAN user is binding or not.
PAGE 294
UTT Technologies Chapter 11 Restriction Note You can configure IP/MAC binding users in the Security > IP/MAC Binding > IP/MAC Binding Settings page, configure PPPoE IP/MAC binding users in the PPPoE > PPPoE IP/MAC > IP/MAC Binding Settings page, and configure DHCP manual binding users in the DHCP > DHCP Server > Manual Binding Settings page. 11.1.
PAGE 295
UTT Technologies Chapter 11 Restriction selected user, see Figure 11-3. For detailed description of the related parameters, refer to section 11.2.1 Internet Behavior Management Settings. Figure 11-3 Personal Internet Behavior Management Settings http://www.uttglobal.
PAGE 296
UTT Technologies Chapter 11 Restriction 11.2 Internet Behavior Management This section describes the Restriction > Behavior Mgmt page. In this page, you can easily control and manage the Internet behaviors of the LAN users, which include: allow or block the LAN users from using popular IM (e.g., QQ, MSN) and P2P applications (e.g., Bit Comet, Bit Spirit, Thunder Search), downloading the files with the extension .exe, .dll, .vbs, .com, .bat or .
PAGE 297
UTT Technologies Chapter 11 Restriction 11.2.1 Internet Behavior Management Policy Settings Figure 11-4 Internet Behavior Management Policy Settings Address Group: It specifies an address group to which the Internet behavior management policy applies. The Device will control and manage the Internet behaviors of the LAN users that belong to this address group according to the policy. The address group is configured in the Security > Address Group page.
PAGE 298
UTT Technologies Chapter 11 Restriction Description: It specifies the description of the Internet behavior management policy. It is usually used to describe the purpose of the policy. IM: You can allow or block some popular IM (Instant Message) applications, which include QQ, MSN, Ali Wangwang, WebQQ and Fetion. z Block QQ: Allow or block QQ application. If you want to block the specified LAN users (set by Address Group) from using QQ to chat with others, please select this check box.
PAGE 299
UTT Technologies Chapter 11 Restriction z Block Sogou Search: Allow or block Sogou search application. If you want to block the specified LAN users from using Sogou to search resources, please select this check box. z Block PPLive: Allow or block PPLive application. If you want to block the specified LAN users from using PPLive to play videos, please select this check box. z Block QVOD: Allow or block QVOD (Quasi Video on Demand) application.
PAGE 300
UTT Technologies Chapter 11 Restriction LAN users from playing Aion game, please select this check box. z Block Kartrider Rush: Allow or block Kartrider Rush application. If you want to block the specified LAN users from playing Kartrider Rush game, please select this check box. Web: You can allow or block downloading some predefined types of files over HTTP, and submitting input in the webpage. z Block Files: Allow or block downloading some predefined types of files over HTTP.
PAGE 301
UTT Technologies Chapter 11 Restriction box. ¾ Save: Click it to save the Internet behavior management policy settings. Note 1. If a function option of an internet behavior management policy is not in effect as desired, please go to the Restriction > Policy Database > Policy Database List to check whether its corresponding policy database is the latest or not. Refer to section 11.3.2 Policy Database List for more information about how to update a policy database. 2.
PAGE 302
UTT Technologies Chapter 11 Restriction Settings tab to go to the setup page, and then configure it, lastly click the Save button. ¾ View Internet Behavior Management Policy(s): When you have configured some Internet behavior management policies, you can view them in the Behavior Mgmt. List. ¾ Enable an Internet Behavior Management Policy: The Enable check box is used to enable or disable the corresponding Internet behavior management policy.
PAGE 303
UTT Technologies Chapter 11 Restriction 11.3 Policy Database This section describes the Restriction > Policy Database page. Note In this document the policy database is called PDB for short. 11.3.1 Introduction to Policy Database This page allows you to not only view the PDBs in the Policy Database List, but also upload and update PDBs. By introducing PDB, we can add a group of policies into a PDB; and we also provide PDB online update function to greatly facilitate the users.
PAGE 304
UTT Technologies Chapter 11 Restriction 11.3.2 Policy Database List Figure 11-6 Policy Database List Name: It displays the name of the PDB. Type: It displays the type of the PDB. Now the Device provides four types of policy databases: Route, Firewall, Dns and Website. Description: It displays the description of the PDB. It is usually used to describe the purpose of the PDB. Referenced: It indicates whether the PDB is referenced or not.
PAGE 305
UTT Technologies Chapter 11 Restriction 1. You cannot delete the system default PDBs. 2. By default, the Policy Database List only displays the system default PDBs, which include CNC, TEL, QQ, MSN, BT, Thunder, GAMEURL, STOCKURL, FileType, and upload. It allows you to customize firewall PDBs and modify the system default firewall PDBs via CLI. 3. Only the system default PDBs can be updated.
PAGE 306
UTT Technologies Chapter 11 Restriction Check Time: It specifies a time at which PDB version check will be triggered. If you select Automatically from the Policy Database Version Check drop-down list, you should set the Check Time as required. ¾ Save: Click it to save the PDB version check settings.
PAGE 307
UTT Technologies Chapter 11 Restriction 11.4 QQ Whitelist The Device provides QQ whitelist feature, which allows you to add some QQ numbers into the QQ Whitelist, then those QQ numbers will be exempt from the restriction of the Internet behavior management policies configured in the Restriction > Behavior Mgmt. > Behavior Mgmt. Settings page, that is, the LAN users still can use those QQ numbers to login to QQ even if you have blocked these users from using QQ by policies. 11.4.
PAGE 308
UTT Technologies Chapter 11 Restriction QQ Number: It specifies a unique QQ number. It should be a number less than 11 digits. The QQ number will be exempt from the restriction of the Internet behavior management policies, that is, a LAN user still can use this QQ number to login to QQ even if you have blocked the user from using QQ by a policy. Description: It specifies the description of the QQ number. ¾ Save: Click it to save the QQ whitelist settings. 11.4.
PAGE 309
UTT Technologies 11.5 Configuration Chapter 11 Restriction Example for Internet Behavior Management 1. Requirements In 2011, a business CEO wants to control online behavior of the employees. He wants to block all the predefined IM and P2P applications, online games, game and stock websites during working time, but allow all the Internet services during rest periods. But there are some exceptions which are as follows: Ɣ The CEO and vice CEO can access the Internet without any restrictions.
PAGE 310
UTT Technologies Chapter 11 Restriction Ɣ Go to the Security > Address Group page to create two address groups, one is for the two CEOs, and it contains two IP addresses: 192.168.16.4 and 192.168.16.5; the other is for Customer Service and Sales Departments¶ employees, and it contains two IP address ranges: from 192.168.16.50 to 192.168.16.70, and from 192.168.16.100 to 192.168.16.120. Here we assume the first group¶s name is Directors, and the second group¶s name is CSD_SD. Refer to section 12.6.
PAGE 311
UTT Technologies Chapter 11 Restriction Figure 11-12 Internet Management Behavior Example - Policy 1 Step 3 Creating Policy 2: Select CSD_SD from the Address Group drop-down list, select work from the Schedule drop-down list, select all the check boxes in P2P, Games and DNS configuration fields, and then click the Save button, see Figure 11-13. http://www.uttglobal.
PAGE 312
UTT Technologies Chapter 11 Restriction Figure 11-13 Figure 11-9 Internet Management Behavior Example - Policy 2 Step 4 Creating Policy 3: Select Directors from the Address Group drop-down list, select Always from the Schedule drop-down list, and unselect all the check boxes in the page, and then click the Save button, see Figure 11-14. http://www.uttglobal.
PAGE 313
UTT Technologies Chapter 11 Restriction Figure 11-14 Internet Management Behavior Example - Policy 3 Step 5 Go to Restriction > QQ Whitelist page, select the Enable QQ Whitelist check box, and click the Save button, see Figure 11-15. Click the New button to go to the QQ Whitelist Settings page to add the first QQ number (i.e., 21586375) into the QQ Whitelist, and then add the other four QQ numbers one by one, see Figure 11-16.
PAGE 314
UTT Technologies Chapter 11 Restriction Figure 11-16 Internet Management Behavior Example -QQ Whitelist http://www.uttglobal.
PAGE 315
UTT Technologies Chapter 11 Restriction 11.6 Notice This section describes the Restriction > Notice page. 11.6.1 Introduction to Notice The Device provides notice feature which is used to push notice messages to the specified LAN users. After you enable notice feature, if a specified LAN user accesses the Internet via a web browser (e.g., IE, Firefox), the Device will automatically push a notice message to the user. The Device provides one-time notice and daily notice.
PAGE 316
UTT Technologies Chapter 11 Restriction Figure 11-17 One-Time Notice Settings - Customized Mode Enable One-Time Notice: It allows you to enable or disable one-time notice. If you want to enable one-time notice, please select this check box. Address Group: It specifies an address group to which the notice message will be pushed. When you enable one-time notice, the Device will directly push the notice message to the LAN users that belong to this address group.
PAGE 317
UTT Technologies Chapter 11 Restriction advance; thus, if a specified LAN user accesses the Internet via a web browser, the requested web page will automatically jump to the specified URL to display the notice. Notice Title: It specifies the title of the notice message. If you select Customized from the Notice Mode check box, you need set it. Signature: It specifies the signature of the notice message. If you select Customized from the Notice Mode check box, you need set it.
PAGE 318
UTT Technologies Chapter 11 Restriction Figure 11-19 One-Time Notice Settings - URL Mode Note 1. If the Device pushes a notice message to a LAN user who hasn¶t launched a web browser, it will fail to push; and once the user launched the web browser and accessed an Internet domain name or IP address, he/she will receive the notice message immediately.
PAGE 319
UTT Technologies Chapter 11 Restriction Figure 11-20 Daily Notice Settings Enable Daily Notice: It allows you to enable or disable daily notice. If you want to enable daily notice, please select this check box. Please refer to section 11.5.2.1 One-Time Notice Settings for detailed description of the other parameters. 11.7 Web Authentication UTT series security firewalls provide Web authentication feature. This new feature will enhance network security.
PAGE 320
UTT Technologies Chapter 11 Restriction 11.7.2 Web Authentication User Account Settings Figure 11-22 Web Authentication User Account Settings User Name: It specifies a unique user name of the web authentication account. It should be between 1 and 31 characters long. The Device will use the User Name and Password to authenticate a user. Password: It specifies the password of the web authentication account. Description: It specifies the description of the web authentication account.
PAGE 321
UTT Technologies Chapter 11 Restriction ¾ Add a Web Authentication User Account: If you want to add a web authentication user account, click the New button or select the User Account Settings tab to go to setup page, and then configure it, lastly click the Save button. ¾ Edit a Web Authentication User Account: If you want to modify a configured web authentication user account, click its Edit hyperlink, the related information will be displayed in the setup page. Then modify it, and click Save button.
PAGE 322
UTT Technologies Chapter 11 Restriction Save button, the system will pop up a prompt page (see figure 11-14). Figure 11-25 Web Authentication Prompt Page Note Do not close the prompt page; else, the user cannot access the Internet. http://www.uttglobal.
PAGE 323
UTT Technologies Chapter 12 Security Chapter 12 Security This chapter describes how to configure security features, including attack defense, IP/MAC binding, firewall, DNS filtering, NAT session limit, address group, service group and schedule. 12.1 Attack Defense This section describes the Security > Attack Defense page, which includes internal attack defense and external attack defense. 12.1.
PAGE 324
UTT Technologies Chapter 12 Security Figure 12-1 Internal Attack Defense Settings 1. Virus Attacks Defense Enable Blaster Virus Defense: It allows you to enable or disable anti-blaster virus defense. If you select the check box to enable this feature, it will effectively protect the Device against blaster and sasser virus attacks.
PAGE 325
UTT Technologies Chapter 12 Security exceeds the threshold, the Device will consider that the LAN host with IP address 192.168.16.66 is performing UDP flood attack, and then randomly discard the further UDP packets from that source to that destination. In most cases, leave Threshold the default value. Enable ICMP Flood Defense: It allows you to enable or disable ICMP flood defense. If you select this check box to enable this feature, it will effectively protect the Device against ICMP flood attack.
PAGE 326
UTT Technologies Chapter 12 Security 3) Only allow the LAN hosts that belong to the range specified by Allowed IP Addresses to access the web or telnet service provided by the Device, but block the other hosts. 4) Block LAN hosts from accessing any other services provided by the Device. Allowed IP Addresses: It specifies an address range of the allowed LAN hosts.
PAGE 327
UTT Technologies Chapter 12 Security Enable WAN Ping Respond: It allows you to enable or disable WAN ping respond. If you select the check box to enable WAN ping respond, all the Device¶s WAN interfaces will respond to ping requests from the outside hosts. ¾ Save: Click it to save the external attack defense settings. http://www.uttglobal.
PAGE 328
UTT Technologies Chapter 12 Security 12.2 IP/MAC Binding This section describes the Security > IP/MAC Binding page. 12.2.1 Introduction to IP/MAC Binding 12.2.1.1 IP/MAC Overview To achieve network security management, you should firstly implement user identification, and then you should implement user authorization. Section 12.3 Security > Firewall describes how to configure and use access control rules to control the Internet behaviors of the LAN users.
PAGE 329
UTT Technologies Chapter 12 Security Undefined User: An undefined user¶s IP address and MAC address both are different from any IP/MAC binding. The undefined users are all the users except legal and illegal users. It allows the legal users to access the Device and access the Internet through the Device, and denies the illegal users.
PAGE 330
UTT Technologies Chapter 12 Security Figure 12-3 IP/MAC Binding List - Example One Then, when receiving a packet initiated from LAN, the Device will process it according to the following cases: 1. A packet with IP address 192.168.16.65 and MAC address 00:15:c5:67:41:0f is allowed to pass, and then it will be further processed by the firewall access control function module. 2. A packet with IP address 192.168.16.65 but with a different MAC address is dropped immediately to prevent IP spoofing. 3.
PAGE 331
UTT Technologies Chapter 12 Security Figure 12-4 IP/MAC Binding List - Example Two Note 1. If you have added the IP and MAC address pair of a trusted LAN host in the IP/MAC Binding List, and later changed this host¶s IP address or MAC address, you must also change the corresponding binding in the IP/MAC Binding List; otherwise the host cannot access the Device and Internet.
PAGE 332
UTT Technologies Chapter 12 Security 12.2.2 IP/MAC Binding Settings Figure 12-5 IP/MAC Binding Settings ¾ Scan: If you click the Scan button, the Device will immediately scan the LAN to detect active hosts connected to the Device, learn and display dynamic ARP information (that is, IP and MAC address pairs). Note that if you have added a LAN host¶s IP and MAC address pair in the IP/MAC Binding List, this IP/MAC address pair will not be displayed here.
PAGE 333
UTT Technologies Chapter 12 Security 12.2.3 IP/MAC Binding Global Setup Figure 12-6 IP/MAC Binding Global Setup Allow Undefined LAN PCs: It allows or blocks the undefined LAN hosts from accessing the Device and access the Internet through the Device. If you want to allow the undefined LAN hosts to access the Device and Internet, select this check box; else unselect it. For more information about undefined LAN hosts, please refer to section 12.2.1.2 Operation Principle of IP/MAC Binding.
PAGE 334
UTT Technologies Chapter 12 Security 12.2.4 IP/MAC Binding List Figure 12-7 IP/MAC Binding List ¾ Add an IP/MAC Binding: If you want to add a new IP/MAC binding, click the New button or select the IP/MAC Binding Settings tab to go to the setup page, and then configure it, lastly click the Save button. ¾ Edit an IP/MAC Binding: If you want to modify a configured IP/MAC binding, click its Edit hyperlink, the related information will be displayed in the setup page.
PAGE 335
UTT Technologies Step 2 Chapter 12 Security There are two methods to add IP/MAC bindings: 1) Method One: Click the Scan button to learn current dynamic ARP information (that is, IP and MAC address pairs) of the LAN hosts, and then click the Bind button to bind all the valid IP and MAC address pairs in the list box. 2) Method Two: You can manually add one or more IP/MAC address pairs in the list box, and then click the Bind button to bind these IP/MAC address pairs. Refer to section 12.2.
PAGE 336
UTT Technologies Chapter 12 Security can configure an Internet blacklist for these users. Then only the users that belong to the blacklist cannot access the Internet, and all the other users can access. On the Device, a user who belongs to the whitelist is a legal user, that is, the user¶s IP and MAC address pair matches an IP/MAC binding whose Allow Internet Access check box is selected.
PAGE 337
UTT Technologies Chapter 12 Security Figure 12-8 IP/MAC Binding List - Example Three 12.2.6.3 How to Configure Internet Blacklist If you want to configure an Internet blacklist, do the following: Step 1 Go to the Security > IP/MAC Binding page, and then click the New button or select the IP/MAC Binding Settings tab to go to the setup page. Step 2 Specify the illegal users by creating the IP/MAC bindings.
PAGE 338
UTT Technologies Chapter 12 Security Figure 12-9 IP/MAC Binding List - Example Four http://www.uttglobal.
PAGE 339
UTT Technologies Chapter 12 Security 12.3 Firewall This section describes the Security > Firewall page, which includes the Access Control List and ACL Settings subpages. The access control rules that you have created will be listed in the Access Control List. Note that by default the rules are listed in reverse chronological order of creation, and it allows you to manually move a rule to a different position in the list. 12.3.1 Introduction to Access Control 12.3.1.
PAGE 340
UTT Technologies Chapter 12 Security valid packets received by the LAN interface. After you have enabled access control, the Device will examine each packet received by the LAN interface to determine whether to forward or drop the packet, based on the criteria you specified in the access control rules.
PAGE 341
UTT Technologies Chapter 12 Security you only allow a LAN user to access Web service, and block any other service, then the rule that allows the user to access Web service should be listed above the rule that denies the user to access any other service. 12.3.1.
PAGE 342
UTT Technologies lan dns dhcp pass generic Chapter 12 Security It is used to allow the LAN users to access the Device¶s LAN interface. And it is the first rule, but it is implicit and not displayed in the list. It is used to allow the DNS packets to pass by default. It is used to allow the DHCP packets to pass by default. It is a global rule for IP packets. By default, it is used to allow all the IP packets to pass. And it is always listed and displayed at the bottom of the list.
PAGE 343
UTT Technologies Chapter 12 Security Also, you can directly specify the source or destination IP addresses, or services of access control rules in this page. The following describes the definitions of a rule¶s parameters. Figure 12-10 Access Control Rule Settings Action: It determines the action of the access control rule. There are two available options: Ɣ Allow: It indicates that the Device will allow the packets that match the rule to pass, that is, the Device will forward these packets.
PAGE 344
UTT Technologies Chapter 12 Security Source: It specifies the source IP addresses of the packets to which the access control rule applies. There are two options: Ɣ Addresses: Select it to enter the start and end addresses in the associated text boxes. Ɣ Address Group: Select it to choose an address group from the associated drop-down list. By default, the Address Group radio button is selected, and its value is Any Address.
PAGE 345
UTT Technologies Chapter 12 Security You can create the IP address groups in the Security > Address Group page or service groups in the Security > Service Group page firstly, and then reference them by name in the source or destination address group, or service group fields of access control rules. And if the addresses or service ports are consecutive, you also can directly specify the source or destination IP addresses, or services of rules in this page. 12.3.
PAGE 346
UTT Technologies Chapter 12 Security ¾ Add an Access Control Rule: If you want to add a new access control rule, click the New button or select the ACL Settings tab to go to the setup page, and then configure it, lastly click the Save button. ¾ View Access Control Rule(s): When you have configured some access control rules, you can view them in the Access Control List.
PAGE 347
UTT Technologies Ɣ Customer Service Department: 192.168.16.31~192.168.16.60 Ɣ Financial Department: 192.168.16.61~192.168.16.70 Ɣ Sales Department: 192.168.16.71~192.168.16.100 Chapter 12 Security The CEO wants to control Internet behaviors of the Technology and Financial Departments¶ employees: 1. Allow them to access WEB and FTP services during working time. 2. Deny them to access all other services during working time. 3. Allow them to access any service during rest periods.
PAGE 348
UTT Technologies Chapter 12 Security Figure 12-13 The Schedule of work Settings - Example 1 Step 2 Go to the Security > Address Group > Address Group Settings page to create an address group for the Technology and Financial Departments¶ employees. It includes two address ranges: one is from 192.168.16.2 to 192.168.16.30, the other is from 192.168.16.61 to 192.168.16.70, and here we assume its name is TD_FD, see Figure 12-14.
PAGE 349
UTT Technologies Chapter 12 Security Figure 12-15 The Service Group of WEB_FTP Settings - Example 1 Step 4 Go to the Security > Firewall > ACL Settings page to configure rule 1, see Figure 12-16: select Allow from the Action, select work from the Schedule, select TD_FD from the Source Address Group drop-down list, select Any Address from the Destination Address Group drop-down list, and select WEB_FTP from the Service Group drop-down list, lastly click the Save button to save the settings. http://www.
PAGE 350
UTT Technologies Chapter 12 Security Figure 12-16 The Access Control Rule 1 Settings - Example 1 2˅ Configuring Access Control Rule 2 Go to the Security > Firewall > ACL Settings page to create rule 2, see Figure 12-17: select Deny from the Action, select work from the Schedule, select TD_FD from the Source Address Group drop-down list, select Any Address from the Destination Address Group drop-down list, and select Any Service from the Service Group drop-down list, lastly click the Save button to save t
PAGE 351
UTT Technologies Chapter 12 Security Figure 12-17 The Access Control Rule 2 Settings - Example 1 3˅ Enabling Access Control You should enable access control feature to let access control rules take effect, see Figure 12-18. Figure 12-18 Enable Access Control - Example 1 12.3.5.2 Example Two 1. Requirements A company uses the Device as a network access device. The requirements are as follows: 1) Block an outside user with IP address 202.106.11.22 from attacking a LAN user with http://www.uttglobal.
PAGE 352
UTT Technologies Chapter 12 Security IP address 200.200.200.251 maliciously; 2) Block all the LAN users from accessing the websites which contain illegal content. Here we take pornography for example. 2. Analysis We need to create two access control rules to meet requirements: Ɣ Rule 1: It is used to protect the LAN user with IP address 200.20.200.251 against attack from outside IP address 202.106.11.22.
PAGE 353
UTT Technologies Chapter 12 Security Figure 12-20 The Address Group of Outside Settings - Example 2 Step 2 Go to the Security > Firewall > ACL Settings page to configure rule 1, see Figure 12-21: select Deny from the Action, select Always from the Schedule, select Inside from the Source Address Group drop-down list, select Outside from the Destination Address Group drop-down list, and select Any Service from the Service Group drop-down list, lastly click the Save button to save the settings.
PAGE 354
UTT Technologies Chapter 12 Security Figure 12-21 The Access Control Rule 1 Settings - Example 2 2˅ Configuring Access Control Rule 2 Step 1 Go to the Security > Service Group page, enter Pornography in the Name text box, select Keyword from the Service Type drop-down list, select the New radio button, enter pornography in the Keyword text box, and then click ==> to move the specified keyword to the Service Members list box, lastly click the Save button. http://www.uttglobal.
PAGE 355
UTT Technologies Chapter 12 Security Figure 12-22 The Access Control Rule 2 Settings - Example 2 Step 2 Go to the Security > Firewall > ACL Settings page to create rule 2, see Figure 12-23: select Deny from the Action, select Always from the Schedule, select Any Address from the Source Address Group drop-down list, select Any Address from the Destination Address Group drop-down list, and select Pornography from the Service Group drop-down list, lastly click the Save button to save the settings.
PAGE 356
UTT Technologies Chapter 12 Security Figure 12-23 The Access Control Rule 2 Settings - Example 2 3˅ Enabling Access Control You should enable access control feature to make the configured access control rules take effect, see Figure 12-24. Figure 12-24 Enable Access Control - Example 2 http://www.uttglobal.
PAGE 357
UTT Technologies Chapter 12 Security 12.4 Domain Filtering This section describes the Security > Domain Filtering page. 12.4.1 Domain Filtering Settings Figure 12-25 Domain Filtering Settings Enable Domain Filtering: It allows you to enable or disable domain filtering. If you select the check box to enable domain filtering, the configured domain filtering entries will take effect. Else, the domain filtering entries will be of no effect. Filtering Mode: It specifies the mode of domain filtering.
PAGE 358
UTT Technologies ¾ Chapter 12 Security Save: Click it to save the domain filtering settings. Note 1. The matching rule of domain filtering is whole words matching, that is, only a domain name matches the whole words of the domain name in the Domain Name List, the Device will block or allow it according to the Filtering Mode. 2. You can use the wildcard "*" in a domain name to match multiple domain names. For example, if you have created www.163.
PAGE 359
UTT Technologies Chapter 12 Security Figure 12-26 Domain Blocking Notice Enable Domain Blocking Notice: It allows you to enable or disable domain blocking notice. If you want to enable domain blocking notice, please select this check box. In this case, if a LAN user accesses a domain name which is blocked by the Device, the Device will pop up a notice message to remind the user.
PAGE 360
UTT Technologies Chapter 12 Security ¾ Save: Click it to save domain blocking notice settings. ¾ Preview: Click it to preview the notice message you just configured. The following figure shows an example of a notice message. Figure 12-27 Domain Name Blocking Notice Preview Note Only after you have enabled domain filtering and chosen the Only Block Domain Names in Domain Name List as the filtering mode, the Device will pop up the domain blocking notice messages to the LAN users. 12.
PAGE 361
UTT Technologies Chapter 12 Security 12.5.1 NAT Session Limit Rule Settings Figure 12-28 NAT Session Limit Rule Settings IP Addresses and To: They specify the start IP address and end IP address of the LAN hosts to which the NAT session limit rule applies. Please enter the start IP address in the first text box, and the end IP address in the second text box. The Device provides a default NAT session limit rule. Its start IP address and end IP address both are 0.0.0.
PAGE 362
UTT Technologies Chapter 12 Security 1. When using NAT session limit function, the Device will search the Session Limit List to find out if there is a rule that matches a LAN host. It will check the host¶s IP address against each rule in the order in which the rules are listed. After a match is found, no further rules will be checked. Note that the rules are listed in reverse chronological order of creation, the later the rule is created, and the upper the rule is listed. 2.
PAGE 363
UTT Technologies Chapter 12 Security ¾ Enable a NAT Session Limit Rule: The Enable check box is used to enable or disable the corresponding NAT session limit rule. The default value is selected, which means the NAT session limit rule is in effect. If you want to disable the NAT session limit rule temporarily instead of deleting it, please click it to remove the check mark.
PAGE 364
UTT Technologies Chapter 12 Security 12.6 Address Group This section describes the Security > Address Group page. 12.6.1 Introduction to Address Group An address group can contain up to ten address members. A member may be an address range or address group. And an address group may contain address ranges only, or address groups only, or both.
PAGE 365
UTT Technologies Chapter 12 Security 12.6.2 Address Group Settings Figure 12-30 Address Group Settings Name: It specifies a unique name of the address group. It should be between 1 and 11 characters long. Zone: It specifies a network zone to which the address group belongs. New: Select it to add a new address range to the group. Existing: Select it to display the configured address groups. Address Members: It displays the members of the address group.
PAGE 366
UTT Technologies Chapter 12 Security 1. The Name of an address group is case insensitive. For example, the address group test or TEST is the same group. You must pay attention to it when creating an address group. 2. If an address group (e.g., group A) has already included another address group (e.g., group B), then the address group A cannot be added to any other address group. 12.6.
PAGE 367
UTT Technologies Chapter 12 Security the Security > Firewall page or rate limit rule in the QoS > Rate Limit Rule page. If you actually want to delete it, please remove all the references firstly. 12.6.4 How to Add the Address Groups If you want to add one or more address groups, do the following: Step 1 Go to the Security > Address Group page, and then click the New button or select the Address Group Settings tab to go to the setup page. Step 2 Specify the Name of the address group.
PAGE 368
UTT Technologies Chapter 12 Security list box to the left editable list, and then modify the Start Address and/or End Address, lastly click ==> to move the modified address range to the Address Members list box again. 2) Step 4 If you want to delete an address member, select the member in the Address Members list box, and then click the Delete button. Click the Save button to save the changes to make them take effect. http://www.uttglobal.
PAGE 369
UTT Technologies Chapter 12 Security 12.7 Service Group This section describes Security > Service Group page. 12.7.1 Introduction to Service Group The Device provides five service types including general service, URL, Keyword, DNS and MAC address for the service group. Then the service groups can be used to match the protocol type (TCP, UDP or ICMP), port number, content, source MAC address of packets that are received by the Device.
PAGE 370
UTT Technologies Chapter 12 Security 12.7.2 Service Group Settings Figure 12-32 Service Group Settings Name: It specifies a unique name of the service group. It should be between 1 and 11 characters long. Service Type: It specifies the service type of the service group. The Device provides five service types, which include General Service, URL, Keyword, DNS and MAC. z General Service: It is used to match the source port, destination port and protocol type of the packets.
PAGE 371
UTT Technologies Chapter 12 Security New: Select it to add a new service to the group. For different Service Types, you need configure different parameters. Existing: Select it to display the service groups that you have configured. If you select General Service from the Service Type drop-down list, it will also display the system predefined services here. The Device provides 38 predefined services. Service Members: It displays the members of the service group.
PAGE 372
UTT Technologies Chapter 12 Security 12.7.3 Service Group List Figure 12-33 Service Group List ¾ Add a Service Group: If you want to add a new service group, click the New button or select the Service Group Settings tab to go to the setup page, and then configure it, lastly click the Save button. ¾ View Service Group(s): When you have configured some service groups, you can view them in the Service Group List.
PAGE 373
UTT Technologies Chapter 12 Security Step 1 Go to the Security > Service Group page, and then click the New button or select the Service Group Settings tab to go to the setup page. Step 2 Specify the Name of the service group. Step 3 Select the type from the Service Type drop-down list. Step 4 Add services to the group. There are two methods to add them.
PAGE 374
UTT Technologies Chapter 12 Security 12.8 Schedule This section describes the Security > Schedule page. 12.8.1 Introduction to Schedule The schedule feature lets you define schedules that can be applied to various time-related features, e.g., dial schedule, rate limit rule, access control rule, etc. The schedule is identified by a name and then referenced by a function, so that those time restrictions are imposed on the function itself.
PAGE 375
UTT Technologies Chapter 12 Security 12.8.2 Schedule Settings Figure 12-34 Schedule Settings Schedule Name: It specifies a unique name of the schedule. It should be between 1 and 11 characters long. Start Date and End Date: They specify when the schedule begins and ends. If exceed the specified range, the schedule will be of no effect. The date is in the range of 1989-1-1 through 2050-12-31. If you want the schedule to be in effect for ever, set both of Start Date and End Date to 1990-1-1.
PAGE 376
UTT Technologies Chapter 12 Security (Mon-Fri) and Weekends (Sat-Sun). Daily Start Time and Daily End Time: They specify a daily start time and end time during which the schedule is active. The default values of them are 00:00:00 and 23:59:59 respectively. Note that the time should be entered in the format HH:MM:SS and it is expressed in 24-hour clock. For example, 06:30:00 is 06:30:00 am and 18:30:00 is 06:30:00 pm. ¾ Save: Click it to save the schedule settings.
PAGE 377
UTT Technologies Chapter 12 Security the Save button. ¾ Delete Schedule(s): If you want to delete one or more schedules, select the leftmost check boxes of them, and then click the Delete button. ¾ View a Schedule¶s Details: If you want to view the details of a configured schedule, click its Details hyperlink, then the schedule details page will be displayed (see Figure 12-36). Furthermore, if the schedule is referenced, the related information will be displayed too. Figure 12-36 Schedule Details 12.
PAGE 378
UTT Technologies Chapter 12 Security in the Schedule List, and then click the Delete button. 12.8.5 Configuration Example for Schedule 1. Requirements In 2011, a business CEO wants to control online behavior of the sales department¶s employees. He only allows them to access WEB service during working time, but allows them to access all the Internet services during rest periods. The working time is: Monday to Friday, 9:00 to 12:00 am, and 1:00 to 6:00 pm. 2.
PAGE 379
UTT Technologies Chapter 12 Security Figure 12-37 Schedule Settings Example Step 2 Enter work in the Schedule Name text box. Step 3 Enter 2011-1-1 in the Start Date, and enter 2011-12-31 in the End Date. Step 4 Configuring the two periods of the schedule respectively. Step 5 1) Configuring Period 1: Select Weekdays (Mon-Fri) from the Days of the Week drop-down list, enter 09:00:00 in the Daily Start Time, and enter 11:59:59 in the Daily End Time.
PAGE 380
UTT Technologies Chapter 13 System Chapter 13 System This chapter describes how to manage the Device, including how to configure administrator accounts, system time, remote admin, Web server, and how to upgrade firmware, backup and restore configuration, and restart the Device. 13.1 Administrator In the System > Administrator page, you can add, view, modify and delete the administrator accounts. 13.1.
PAGE 381
UTT Technologies Chapter 13 System password can be modified. ¾ x Execute: It gives the administrator the ability to view and configure the Device via the Web UI, except the Status > Session Monitor page. Note: This page will only display the current login administrator¶s information, and only the password can be modified. x Admin: It gives the administrator the full administrative privileges to view and configure the Device via the Web UI. Save: Click it to save the administrator account settings.
PAGE 382
UTT Technologies Chapter 13 System ¾ Add an Administrator Account: If you want to add a new administrator account, click the New button or select the Administrator Settings tab to go to the setup page, and then configure it, lastly click the Save button. ¾ View Administrator Account(s): When you have configured some administrator accounts, you can view them in the Administrator List.
PAGE 383
UTT Technologies Chapter 13 System 13.2 System Time In the System > Time page, you can view and configure the system time. To ensure that the time-related functions (e.g., DDNS, Schedule) work well, you should set the right time on the Device. You can manually configure the system time or enable SNTP (Synchronize with SNTP Server) to automatically synchronize time from a designated SNTP server on the Internet.
PAGE 384
UTT Technologies Chapter 13 System default value is 192.43.244.18), and the Server 2 is the first backup server (the default value is 129.6.15.28), and the Server 3 is the second backup server (the default value is 0.0.0.0). Figure 13-4 System Time - Set Time Manually ¾ Save: Click it to save the system time settings. Note To find an NTP server with which you can synchronize your Device, please refer to the Website: http://www.ntp.org/. http://www.uttglobal.
PAGE 385
UTT Technologies Chapter 13 System 13.3 Firmware Upgrade In the System > Upgrade page, you can view the current firmware version information and upgrade the firmware. 13.3.1 Save Firmware Figure 13-5 Save Firmware to Local PC The following figure describes the firmware version details: Figure 13-6 Firmware Version Details ¾ Backup Firmware to Local PC: Click the Save button to save the current running firmware to your local PC.
PAGE 386
UTT Technologies Chapter 13 System 13.3.2 Firmware Upgrade Figure 13-7 Upgrade Firmware To upgrade the Device¶s firmware, do the following: Step 1 Download the Latest Firmware Click the Download Firmware hyperlink to download the latest firmware from the website of UTT Technologies Co., Ltd. Note 1. Please select the proper firmware that must accord with your product hardware platform. 2.
PAGE 387
UTT Technologies Chapter 13 System Note 1. It is strongly recommended that you upgrade firmware when the Device is under light load. 2. If you upgrade firmware timely, the Device will have more functionality and better performance. The right upgrade will not change the Device¶s current settings. 3. The Device will take several minutes to upgrade its firmware. During this process, do not power off the Device and perform any other operation to avoid damaging it. 13.
PAGE 388
UTT Technologies Chapter 13 System Figure 13-9 Restore Configuration Reset to Factory Defaults before Restore: If you select this check box, it will reset the Device to factory default settings before importing the configuration file; else import the file directly. Configuration File: Click the Browse button to choose an appropriate configuration file or enter the file path and name in the text box. ¾ Restore: Click it to import the selected configuration file.
PAGE 389
UTT Technologies Chapter 13 System 13.5 Remote Admin This section describes System > Remote Admin page. As the Device has built-in firewall function, it will block all requests initiated from the Internet by default. To remotely configure and manage the Device via Internet, you should enable the HTTP remote management. Figure 13-11 Remote Admin Settings HTTP: It allows you to enable or disable HTTP remote management. Select this check box to enable HTTP remote management via Internet.
PAGE 390
UTT Technologies Chapter 13 System Device via Internet. 4. Once you enable the HTTP remote management, the system will automatically create two port forwarding rules: their IDs are http and telnet respectively. You can go to the NAT > Port Forwarding page to view them in the Port Forwarding List. 5. Please enable the HTTP remote management before asking a UTT customer engineer for the technical support. http://www.uttglobal.
PAGE 391
UTT Technologies Chapter 13 System 13.6 WEB Server In the System > WEB Server page, you can specify the port number that the Device Web service uses to listen for HTTP requests from the LAN hosts. Figure 13-12 WEB Server Port: The port number that the Web server uses to listen for HTTP requests from the LAN hosts. The default port number is 80. If it has been changed, you should enter http://Device¶s LAN IP address: port number (e.g., http://192.168.16.1:88) to access the Device.
PAGE 392
UTT Technologies http://www.uttglobal.
PAGE 393
UTT Technologies Chapter 13 System 13.7 Restart The System > Restart page lets you restart the Device. Figure 13-13 Restart the Device ¾ Restart: Click it to restart the Device. If you click the Restart button, the system will pop up a prompt dialog box (see Figure 13-19). Then you can click OK to restart the Device, and the system will jump to a countdown page (see Figure 13-20). Or click Cancel to cancel the operation.
PAGE 394
UTT Technologies Chapter 13 System caution. The Device will return to the Status > System Info page after restarted. http://www.uttglobal.
PAGE 395
UTT Technologies Appendix A How to Configure Your PC Appendix A How to configure your PC This appendix describes how to install and configure TCP/IP properties for Windows 95 and Windows 98. Step 1: Installing TCP/IP components To install TCP/IP component, do the following: 1. On the Windows taskbar, click Start > Settings > Control Panel. 2. Double-click the Network icon, and select the Configuration tab.
PAGE 396
UTT Technologies Appendix A How to Configure Your PC 3. In the TCP/IP properties dialog box, select the IP address tab, and then select the Specify an IP address radio button. Enter 192.168.16.x (x is between 2 and 254, including 2 and 254) in the IP Address box, and enter 255.255.255.0 in the Subnet Mask box. 4. Select the Gateway WDE HQWHU WKH ,3 DGGUHVV RI WKH 'HYLFH¶V /$1 LQWHUIDFH GHIDXOW value is 192.168.16.1) in the New gateway box, and then click Add button. 5.
PAGE 397
UTT Technologies Appendix A How to Configure Your PC to connect through a Local Area Network (LAN), and click the Next button. 3. Select I want to connect through a Local Area Network radio button, and click the Next button. 4. Uncheck all boxes in the LAN Internet Configuration screen, and click the Next button. 5. In the Set Up Your Internet Mail Account screen, select No and click the Next button. 6. In the Internet Connection Wizard screen, Click Finish button to complete the wizard.
PAGE 398
UTT Technologies Appendix B FAQ Appendix B FAQ 1. How to connect the Device to the Internet using PPPoE Step 1 Set your ADSL Modem to bridge mode (RFC 1483 bridged mode). Step 2 Please make sure that your PPPoE Internet connection use standard dial-type. You may use Windows XP built-in PPPoE dial-in client to test. Step 3 Connect a network cable from the ADSL modem to a WAN port of the Device, and connect your telephone line to the ADSL modem¶s line port.
PAGE 399
UTT Technologies Appendix B FAQ to the PPPoE connection, see Table B-0-1. Call Syslog Call Result Session Up [x] PPPoE Up 00:0c:f8:f9:66:c6 PPPoE session has been established successfully. Call Connected, on Line1, on Channel 0 Outgoing Call @51:1-1 Call Terminated @clearSession: 1 Failed to establish the physical connection, please check whether the Internet connection is normal. You may use Windows XP built-in PPPoE dial-in client to test.
PAGE 400
UTT Technologies Appendix B FAQ Figure B-0-2 PPPoE Connection Settings (Part) Step 8 You may go to the Status > Route Stats page to view the related route information in the Routing Table, such as the Gateway IP Address provided by your ISP, Flag (N should appear, which means NAT is enabled on the route), and so on, see Figure B-0-3. Figure B-0-3 Routing Table - Example 1 Step 9 Configure the LAN hosts according to the steps described in Appendix A How to configure your PC. http://www.uttglobal.
PAGE 401
UTT Technologies 2. Appendix B FAQ How to connect the Device to the Internet using Static IP Step 1 Please make sure the Internet connection is normal. You may use your PC to test. Step 2 Connect a network cable from the network device provided by your ISP to a WAN port of the Device. Step 3 Configure the static IP Internet connection related parameters in the Basic > WAN page or through the Quick Wizard. Refer to section 6.2.2.2 Static IP Internet Connection Settings for more information.
PAGE 402
UTT Technologies 3. Appendix B FAQ How to connect the Device to the Internet using DHCP Step 1 Please make sure the Internet connection is normal. You may use your PC to test. Step 2 Connect a network cable from the Cable modem to a WAN port of the Device. Step 3 Configure the DHCP Internet connection related parameters in the Basic > WAN page or through the Quick Wizard. Refer to section 6.2.2.3 DHCP Internet Connection Settings for more information.
PAGE 403
UTT Technologies Appendix B FAQ Figure B-0-6 Routing Table - Example 3 Step 6 Configure the LAN hosts according to the steps described in Appendix A How to configure your PC. http://www.uttglobal.
PAGE 404
UTT Technologies 4. Appendix B FAQ How to reset the Device to factory default settings The following describes how to reset the Device to factory default settings. There are two cases depending on whether you remember the administrator password or not. Note 1) The reset operation will clear all the custom settings on the Device, so do it with caution. 2) Here we take Windows XP for example.
PAGE 405
UTT Technologies Appendix B FAQ HyperTerminal check box, and then click OK. Figure B-0-7 New Connection - Term9600 Step 3 The Connect To dialog box appears, see Figure B-0-8. From the Connect using drop-down list, select the COM port that links your PC to the Device (COM3 in this example), and then click OK button. http://www.uttglobal.
PAGE 406
UTT Technologies Appendix B FAQ Figure B-0-8 Choose a COM Port - Term9600 Step 4 The COM port properties dialog box appears (see Figure B-0-9). Select 9600 from Bits per second, 8 from Data bits, None from Parity, 1 from Stop bits, None from Flow control, and then click OK button. Figure B-0-9 COM Port Properties - Term9600 Step 5 Now the HyperTerminal is started and ready for use, see Figure B-0-10. http://www.uttglobal.
PAGE 407
UTT Technologies Appendix B FAQ Figure B-0-10 HyperTerminal Window - Term9600 Step 6 Directly press key, the Device will acknowledge active connection with the ³Login´ prompt, see Figure B-0-11. Enter the administrator user name (Default in this example) at the prompt and press key. Then the ³Password´ prompt appears; enter the password (test in this example) at the prompt and press key.
PAGE 408
UTT Technologies Appendix B FAQ Figure B-0-11 Login to the Device - Term9600 Step 7 Enter nvramc at the prompt and press key (see Figure 8-12); the Device will immediately restore to factory default settings and restart itself. Once restarted, you can use the system default administrator account to login to the Device via Web UI. Note that by default, the LAN interface IP address is 192.168.16.1, and the administrator user name is Default (case sensitive) with a blank password. http://www.
PAGE 409
UTT Technologies Appendix B FAQ Figure B-0-12 Reset to Factory Default Settings - Term9600 4-2 Case Two: Forget the administrator password If you forget the administrator password, you can use the following two ways to reset the Device to factory default settings. Note that only when the Device has a reset button, you can use the first way; and only when the Device has a terminal port, you can use the second way. ¾ The first way: Reset the Device to factory default settings via Reset Button.
PAGE 410
UTT Technologies Step 2 Appendix B FAQ Click Start > Programs > Accessories > Communications > HyperTerminal, the first screen that appears is the New Connection dialog box, see Figure B-0-13; enter a name (Term115200 in this example) in the Name text box, and then click OK button.
PAGE 411
UTT Technologies Appendix B FAQ Figure B-0-14 Choose a COM Port - Term115200 Step 4 The COM port properties dialog box appears (see Figure B-0-15). Select 115200 from Bits per second, 8 from Data bits, None from Parity, 1 from Stop bits, None from Flow control, and then click OK button. http://www.uttglobal.
PAGE 412
UTT Technologies Appendix B FAQ Figure B-0-15 COM Port Properties - Term115200 Step 5 Now the HyperTerminal is started and ready for use, see Figure B-0-16. Figure B-0-16 The HyperTerminal Window - Term115200 Step 6 Restart the Device and immediately enter ast (lower case) in three seconds, then the ³Ast>´ prompt appears, see Figure B-0-17. Note that if failed to appear, please try several times until the ³Ast>´ prompt appears. http://www.uttglobal.
PAGE 413
UTT Technologies Appendix B FAQ Figure B-0-17 Login to the Device - Term115200 Step 7 Enter nv at the prompt and press key (see Figure B-0-18), the Device will immediately restore to the factory default settings. The appearance of ³(UDVLQJ 195$0«««'RQH´ means that the Device has restored to the factory default settings successfully. Once you have restarted the Device, you can use the system default administrator to login to the Device via Web UI.
PAGE 414
UTT Technologies Appendix B FAQ Figure B-0-18 Reset to Factory Default Settings - Term115200 http://www.uttglobal.
PAGE 415
UTT Technologies 5. Appendix B FAQ How to use CLI Rescue Mode In most cases, the Device can normally boot or reboot in Normal Startup Mode. However, sometimes you are unable to start the Device in Normal Startup Mode due to configuration errors, forgetting the administrator password or other reasons. To solve this problem, we provide Rescue Mode in the Device with ReOS 5.0 or a latter version.
PAGE 416
UTT Technologies Appendix B FAQ Figure B-0-19 New Connection - Rescue Step 3 The Connect To dialog box appears, see Figure B-0-20. From the Connect using drop-down list, select the COM port that links your PC to the Device (COM3 in this example), and then click OK button. Figure B-0-20 Choose a COM port - Rescue http://www.uttglobal.
PAGE 417
UTT Technologies Step 4 Appendix B FAQ The COM port properties dialog box appears (see Figure B-0-21). Select 9600 from Bits per second, 8 from Data bits, None from Parity, 1 from Stop bits, None from Flow control, and then click OK button. Figure B-0-21 COM Port Properties - Rescue Step 5 Now the HyperTerminal is started and ready for use, see Figure B-0-22. http://www.uttglobal.
PAGE 418
UTT Technologies Appendix B FAQ Figure B-0-22 The HyperTerminal Window - Rescue Step 6 Restart the Device; and during restarting, once the ³***booting with factory default configurationˈplease press Ctrl~C 3 times nowʽ***´ prompt appears, please immediately press keys three consecutive times within three seconds. Then the appearance of ³BREAK detected, skip restore user nvram profile by _restoreUserNvramTask.´ prompt means that the system has booted into Rescue Mode successfully.
PAGE 419
UTT Technologies Appendix B FAQ Figure B-0-23 Boot into Rescue Mode - Rescue Step 7 After the Device has booted into Rescue Mode, you can use the system default administrator account to login to the Device. Enter Default at the ³Login´ prompt and press key, see Figure 8-24Then the ³Password´ prompt appears; directly press key.
PAGE 420
UTT Technologies Appendix B FAQ Figure B-0-24 Login to Rescue Mode Configuration Interface - Rescue Step 8 In Rescue Mode configuration interface, see Figure B-0-25, if you enter show running-config at the prompt and press key, it will only output firmware version information, but not output any custom settings, which means that the system is running with the factory default settings; if you enter show nvram at the prompt and press key, it will output not only firmware version informati
PAGE 421
UTT Technologies Appendix B FAQ Figure B-0-25 View Settings - Rescue Note In Rescue Mode, it will only save the settings you have made in Rescue Mode configuration interface by write command, and all of your original custom settings will be lost.
PAGE 422
UTT Technologies 6. Appendix B FAQ IP/MAC Binding and Access Control This section mainly describes the characteristics of the IP/MAC binding and access control functions, and the relationship between them. Its purpose is to help you better understand them, and use them to flexibly control and manage the Internet behaviors of the LAN users to enhance network security.
PAGE 423
UTT Technologies Appendix B FAQ control and manage the Internet behaviors of the LAN users. The latter is implemented by access control function module. 2) In most cases, you can create an access control rule for a group of users. If some users have the privileges of accessing the Internet, you can create an address group for these hosts even their IP addresses are discontinuous.
PAGE 424
UTT Technologies Ɣ 2) Appendix B FAQ Undefined User: An undefined user¶s IP address and MAC address both are different from any IP/MAC binding. The undefined users are all the users except legal and illegal users. User authorization (i.e.
PAGE 425
UTT Technologies Appendix B FAQ 9˅ Go to the Security > Firewall page to create access control rules for each address group respectively. http://www.uttglobal.
PAGE 426
UTT Technologies 7. Appendix B FAQ How to find out who uses the most bandwidth? By viewing the NAT Statistics list in the Status > NAT Stats page, you can find out the LAN user who uses the most bandwidth. A. How to find out who has downloaded the most packets? Query the Rx Packets in the NAT Statistics list: the larger value means the more downloaded packets. The most Rx Packets means the corresponding LAN user has downloaded the most packets from the Internet. B.
PAGE 427
UTT Technologies 8. Appendix B FAQ How to troubleshoot faults caused by worm viruses or hacker attacks on the Device? Note Each of the following points can only be used as a reference for network troubleshooting, but cannot be used as a basis for finding a network virus or attack. A.
PAGE 428
UTT Technologies Appendix B FAQ applications on that suspicious host, and then run an effective antivirus software, lastly restart or reinstall the operating system. B. How to find out who is attacking an Internet host with DoS/DDoS A DoS attack (denial-of-service attack) or DDoS attack (distributed denial-of-service attack) is an attempt to make a host resource unavailable to its intended users.
PAGE 429
UTT Technologies Appendix B FAQ You can view the NAT Statistics list in the Status > NAT Stats page to find out if there is a LAN host whose Tx Packets is very large but Rx Packets is very small or zero. If a host meets the above conditions and KDVQ¶W XVHG DQ\ /$1 VHUYHU the host is likely to be infected with Code Red worm virus. D.
PAGE 430
UTT Technologies Appendix B FAQ crashes or restarts itself; there is a process named avserve.exe, avserve2.exe or skynetave.exe in Task Manager; there is a virus file named avserve.exe, avserve2.exe or skynetave.exe in the system directory; system is running extremely slow, and CPU usage is 100%. http://www.uttglobal.
PAGE 431
UTT Technologies 9. Appendix B FAQ How to enable WAN ping respond? To facilitate debugging and testing your Internet connections, the Device provides Enable WAN Ping Respond feature; that is, it allows you to ping each WAN interface¶s IP address to detect whether each Internet connection is normal. The operation is as follows: Go to the Security > Attack Defense > External Defense page, select the Enable WAN Ping Respond check box, and then click the Save button.
PAGE 432
UTT Technologies Appendix C Common IP Protocols Appendix C Common IP Protocols Protocol Name Protocol Number Full Name IP 0 Internet Protocol ICMP 1 Internet Protocol Message Protocol IGMP 2 Internet Group Management GGP 3 Gateway-Gateway Protocol IPINIP 4 IP in IP Tunnel Driver TCP 6 Transmission Control Protocol EGP 8 Exterior Gateway Protocol IGP 9 Interior Gateway Protocol PUP 12 PARC Universal Packet Protocol UDP 17 User Datagram Protocol HMP 20 Host Monitoring Prot
PAGE 433
UTT Technologies Appendix D Common Service Ports Appendix D Common Service Ports Service Name Port Protocol echo 7 tcp echo 7 udp discard 9 tcp discard 9 udp systat 11 tcp Active users systat 11 udp Active users daytime 13 tcp daytime 13 udp qotd 17 tcp Quote of the day qotd 17 udp Quote of the day chargen 19 tcp Character generator chargen 19 udp Character generator ftp-data 20 tcp FTP, data ftp 21 tcp FTP.
PAGE 434
UTT Technologies Appendix D Common Service Ports tftp 69 udp gopher 70 tcp finger 79 tcp http 80 tcp World Wide Web kerberos 88 tcp Kerberos kerberos 88 udp Kerberos hostname 101 tcp NIC Host Name Server iso-tsap 102 tcp ISO-TSAP Class 0 rtelnet 107 tcp Remote Telnet Service pop2 109 tcp Post Office Protocol - Version 2 pop3 110 tcp Post Office Protocol - Version 3 sunrpc 111 tcp SUN Remote Procedure Call sunrpc 111 udp SUN Remote Procedure Call auth 113
PAGE 435
UTT Technologies Appendix D Common Service Ports irc 194 tcp Internet Relay Chat Protocol ipx 213 udp IPX over IP ldap 389 tcp Lightweight Directory Access Protocol https 443 tcp MCom https 443 udp MCom microsoft-ds 445 tcp microsoft-ds 445 udp kpasswd 464 tcp Kerberos (v5) kpasswd 464 udp Kerberos (v5) isakmp 500 udp Internet Key Exchange exec 512 tcp Remote Process Execution biff 512 udp login 513 tcp who 513 udp cmd 514 tcp syslog 514 udp printer
PAGE 436
UTT Technologies Appendix D Common Service Ports kshell 544 tcp new-rwho 550 udp remotefs 556 tcp rmonitor 560 udp monitor 561 udp ldaps 636 tcp LDAP over TLS/SSL doom 666 tcp Doom Id Software doom 666 udp Doom Id Software kerberos-adm 749 tcp Kerberos administration kerberos-adm 749 udp Kerberos administration kerberos-iv 750 udp Kerberos version IV kpop 1109 tcp Kerberos POP phone 1167 udp Conference calling ms-sql-s 1433 tcp Microsoft-SQL-Server ms-sql
PAGE 437
UTT Technologies Appendix F Table Index Appendix E Figure Index Figure 0-1 IP/MAC Binding List ................................................................................................. 2 Figure 0-2 NAT Statistics ........................................................................................................... 4 Figure 0-3 Enable DNS Proxy ...................................................................................................
PAGE 438
UTT Technologies Appendix F Table Index Figure 5-13 Routing Table ....................................................................................................... 62 Figure 5-14 Session Monitor Settings ..................................................................................... 65 Figure 5-15 NAT Session List .................................................................................................. 67 Figure 5-16 Session Monitor Settings - Example1 ................................
PAGE 439
UTT Technologies Appendix F Table Index Figure 7-1 Static Route Settings ............................................................................................ 121 Figure 7-2 Static Route List ................................................................................................... 123 Figure 7-3 Static Route Settings - Example One .................................................................. 124 Figure 7-4 Static Route Settings - Example Two ..........................................
PAGE 440
UTT Technologies Appendix F Table Index Figure 7-37 Network Topology where DHCP Server and Clients on Same Subnet .............. 180 Figure 7-38 DHCP Server Global Settings - Example ........................................................... 181 Figure 7-39 DHCP Address Pool Settings - Example (pool1) ............................................... 182 Figure 7-40 DHCP Address Pool Settings - Example (pool2) ...............................................
PAGE 441
UTT Technologies Appendix F Table Index Figure 9-1 PPPoE Discovery Stage Flows ............................................................................ 228 Figure 9-2 PPPoE Server Global Settings............................................................................. 230 Figure 9-3 Internet Access Control Settings .......................................................................... 231 Figure 9-4 PPPoE Account Settings ........................................................................
PAGE 442
UTT Technologies Appendix F Table Index Figure 11-1 User Status List .................................................................................................. 277 Figure 11-2 Personal Rate Limit Settings .............................................................................. 279 Figure 11-3 Personal Internet Behavior Management Settings............................................. 280 Figure 11-4 Internet Behavior Management Policy Settings .................................................
PAGE 443
UTT Technologies Appendix F Table Index Figure 12-12 Access Control List ........................................................................................... 330 Figure 12-13 The Schedule of work Settings - Example 1 .................................................... 333 Figure 12-14 The Address Group of TD_FD Settings - Example 1 ....................................... 333 Figure 12-15 The Service Group of WEB_FTP Settings - Example 1...................................
PAGE 444
UTT Technologies Appendix F Table Index Figure 13-11 Remote Admin Settings .................................................................................... 374 Figure 13-12 WEB Server ..................................................................................................... 376 Figure 13-13 Restart the Device ............................................................................................ 378 Figure 13-14 Prompt Dialog Box - Restart the Device ...................................
PAGE 445
UTT Technologies Appendix F Table Index Appendix F Table Index Table 0-1 Factory Default Settings of Interfaces ............................................................................... 6 Table 0-2 Document Organization ........................................................................................... 13 Table 1-1 Detailed Specifications ............................................................................................ 22 Table 2-1 Description of the System LEDs on the UTT 2512 ..