Manuel d'utilisation / d'entretien du produit BiGuard 50G du fabricant Billion Electric Company
Aller à la page of 223
BiGuard 50G 802.11g Dual WAN Security Gateway User’s Manual Version Release 1.03 (FW:1.xx).
2 BiGuard 50G User’s Manual (Updated September, 2007) Copyright Information © 2007 Billion Electric Corporation, Ltd. The contents of this pu blication may n o t be reproduced in whole or in part, transcribed, stored, tra nslated, or transmi tted in any form or any means, without the prior written con sent of Billion Electric Corporation.
3 Safety Warnings Y our BiGuard 50G is built for reliab ility and long service life. For your safety , be sure to read and follo w the follo wing safety w arnings. • Read this installation guide thoroughly bef ore attempting to set up your BiGuard 50G.
4 Table of Contents Chapter 1: Introduction 1.1 Overview 1.2 Product Highlights 1.2.1 Increased Bandwidth, Scalability and Resilience 1.2.2 Virtual Private Network Support 1.2.3 Advanced Firewall Security 1.2.4 Intelligent Bandwidth Management 1.3 Package Contents 1.
5 2.6.2 VPN Planning - Fail Over 2.6.3 Concentrato r Chapter 3: Getting Started 3.1 Overview 3.2 Before You Begin 3.3 Connecting Your Router 3.4 Configuring PCs for TCP/IP Networking 3.4.1 Overview 3.4.2 Windows XP 3.4.2.1 Configuring 3.4.2.2 Verifying Settings 3.
6 4.2.3 Routing Table 4.2.4 Session Table 4.2.5 DHCP Table 4.2.6 IPSec Status 4.2.7 PPTP Status 4.2.8 Traffic Statistics 4.2.9 CPU Statistics 4.2.10 System Log 4.3 Quick Start 4.3.1 DHCP 4.3.2 Static IP 4.3.3 PPPoE 4.3.4 PPTP 4.3.5 Big Pond 4.4 Configuration 4.
7 4.4.4.3 Firmware Upgrade 4.4.4.4 Backup / Restore 4.4.4.5 Restart 4.4.4.6 Password 4.4.5 Firewall 4.4.5.1 Packet Filter 4.4.5.2 URL Filter 4.4.5.3 Ethernet MAC Filter 4.4.5.4 Wireless MAC Filter 4.4.5.5 Block WAN Request 4.4.5.6 Intrusion Detection 4.
8 5.1.1 Router Won’t Turn O n 5.1.2 LEDs Never Turn Off 5.1.3 LAN or Internet Port Not On 5.1.4 Forgot My P assword 5.2 LAN Interface 5.2.1 Can’t Access Router from the LAN 5.2.2 Can’t Ping Any PC on the LAN 5.2.3 Can’t Access Web Configuration Interfa ce 5.
9 Appendix D: Network, Routing, and Firewall Basics D.1 Network Basi cs D.1.1 IP Addresses D.1.1.1 Netmask D.1.1.2 Subnet Addressing D.1.1.3 Private I P Addresses D.1.2 Network Address Translation (NAT) D.1.3 Dynamic Host Configuration P rotocol (DHC P) D.
10 Appendix E: Virtual Private Networking E.1 What is a VPN? E.1.1 VPN Applications E.2 What is IPSec? E.2.1 IPSec Security Components E.2.1.1 Authentication Header (AH) E.
11 E.2.2 IPSec Mod E.2.3 Tunnel Mod e AH E.2.4 Tunnel Mod e ESP E.2.5 Internet Key Exchange (IKE) Appendix F: IPSec Logs and Events F.1 IPSec Log Event Categories F.2 IPSec Log Event Table Appendix G: Bandwidth Management with QoS G.1 Overview G.2 What is Quality of Service? G.
12 Chapter 1: Introduction 1.1 Overview Congratulations on purchasing BiGu ard 50G Router from Billion. Combining a router w i t h a n E t h e r n e t n e t w o r k s w itch, BiGuard 50G is a stat e-o.
13 connections are possible on BiGuard 50G, with perfor manc e of up to 10Mbps. 1.2.3 Advanced Firewall Security Aside from intelligent broadband sharing, BiGuard 50G of fers integrated firewall protection with adv anced features to se cure your network from outside attacks.
14 LED Function Power A solid light indicates a st eady connection to a power source. Status A blinking light indicates the device is writing to flash memory. LAN 1 – 4 Lit when connected to an Ethernet device. 10/100M : Lit green when connected at 100Mbps.
15 1.3.2 Rear Panel Port Function 1 Wireless Antenna One detachable 2.4GHz 5dbi SMA antenna 2 WAN2 WAN2 10/100M Ethernet port (with auto crossover support); connect xDSL/Cable modem here. 3 WAN1 WAN1 10/100M Ethernet port (with auto crossover support); connect xDSL/Cable modem here.
16 1.3.4 Cabling Most Ethernet netw orks currently use unshielded twist ed pair (UTP) cabling. The UTP cable contains eigh t conductors, arr anged in four twisted pairs, and terminated with an RJ45 t ype connector . One of the most common causes of networking problems is bad cabling.
17 Chapter 2: Router Applications 2.1 Overview Y our BiGuard 50G router is a versatile device t hat can be configured to not only protect your network from malicio us attackers, but also ensure optimal usage of available bandwidth with Quality of Service (QoS) and both Inbound and Outbo und Load Balancing.
18 2.2.2 QoS Policies for Different Applications By setting differen t QoS policies according to the applicatio ns you are running, you can use BiGuard 50G to optimi ze the bandwidth tha t is being used on your network.
19 applications such as an FTP server , users using VoIP will experience network lag and/or service interruption s during use. T o avoid this scenario, this network has assigned V oIP with a guaranteed bandwidt h and higher p riority to ensure smooth communications.
20 manage your bandwidth, pro viding reliable Internet and network servi ce to your organization. 2.2.5 Priority Bandwidth Utilization Assigning priority to a certain service allows BiGuard 50G to give either a higher or lower priority to traffic from this particular servi ce.
21 2.2.6 Management by IP or MAC address BiGuard 50G can also be configured to appl y traffic policies based on a particular IP or MAC address. This allows you t o quickly assign different traffic policies to a specific computer on the network. DiffServ (DSCP Marking) DiffServ (a.
22 Other interfaces can match tr affic based on the DSCP markings. DSCP marki ngs are u s e d t o d e c i d e h o w p a c k e t s s h o u l d b e t r e a t e d , a n d i s a u s e f u l t o o l t o g i v e precedence to varying t ypes of data.
23 In the above example, PC 1 (IP_192.168. 2.2) and PC 2 (IP_192.168.2.3) ar e connected to the Internet via W AN1 (IP_230.100.100.1) on BiGuard 50G. Should WAN1 fai l, Outbound F ail Over tells BiGuard 50G to reroute outgoing tr affic to WAN2 (IP_213.
24 connected to the Inter net via W AN1 (IP_230.100.100.1) and W AN2 (IP_213.10.10.2) on BiGuard 50G. Y ou can configure BiGuard 50G to balance the load of each WAN port with one of two mechanisms: 1. Session (by session/by traffic/weight of link capability) 2.
25 2.4.1 Inbound Fail Over Configurin g BiGuard 50G for Inbound F ail Over allows you to ensure that incoming traffi c is uninterrupted by having B iGuar d 50G defaul t to W AN2 should WAN1 fail. In the above example, an FTP Server (IP_192.168.2.2) and an HT TP Server (IP_192.
26 2.4.2 Inbound Load Balancing Inbound Load Balancing allows BiGuard 50G to intelligently man age inbound traffic based on the amount of load of each W AN connection. In the above example, an FTP server (IP_192.168.2.2 ) and an HT TP server (IP_192.168.
27 2.5 DNS Inbound Using DNS Inbound is a great way to int elligently direct ne twork traffic. DNS Inbound is a three step process. First, a DNS request is made to the router via a remote PC.
28 2.5.1 DNS Inbound Fail Over BiGuard 50G can be configured to repl y the W AN2 IP address for the DNS domain name request should W AN1 fail. In the above example, an FTP Server (IP_192.168.2.2) and an HT TP Server (IP_192.168.2.3) are connected to the In ternet via W AN1 (IP_200.
29 2.5.2 DNS Inbound Load Balancing DNS Inbound Load Balancin g allows BiGuard 50G to intell igently manage inbound traffic based on the a mount of load of each W AN connection by assigning the IP address with the lowest t raffi c load to incoming requests.
30 In the example above, the client is making a DNS reques t. The request is sent to the DNS server of BiGuard 50G th rough WAN2 (1). W AN2 will route this requ est to the embedded DNS server of BiGuard 50G (2). BiGuard 50G will an alyze the bandwidth of both WAN1 and WAN2 and decide wh ich WAN IP to reply to th e request (3).
31 2.6 Virtual Private Networking A Virtual Priv ate Network (V PN) enables y ou to send da ta between two computers across a shared or public network in a ma nner that emul ates the properties of a point-to-point private link. As such, it is perfect for connecting br anch offices to headquarters across the Intern et in a sec ure fashion.
32 VPN provides a flexible, cost-efficien t, and reliab le way for companies of all sizes to stay connected. One of the most important steps in setting up a VPN is proper planning. The followi ng sections demonstr ate the various wa ys of usi ng BiGuard 50G to setup your VPN.
33 gateway usi ng W AN1 through a s ecure VPN tunnel. Shoul d W AN1 fail, outbound traffic from BiGuard 50G will automatically be redirected to WAN2. This process is completely tr ansparent to the remote gatew ay , as BiGuard 50G will automatically update the domain name (biguard.
34 2.6.3 Concentrato r The VPN Concentrator pro vides an easy wa y for branc h offices to connect to headquarter through a VPN tunnel . All br anch office tr affic will be redirected to the VPN tunnel to headquarter with the ex ception of LAN-side tr affic.
35 Chapter 3: Getting Started 3.1 Overview BiGuard 50G is designed to be a powerful and flexible network device that is also easy to use. With an intuitive web-based con figuration, BiGuard 50G allows.
36 password for security reason. 4. Prepare to physically connect BiGuar d 50G to Cable or DSL m odems and a computer . Be sure to also review the Safety Warn ings located in the preface of this m anual before working with your BiGuard 50G. 3.3 Connecting Your Router Connecting BiGuard 50G is an easy three-step process: 1.
37 3.4 Configuring PCs for TCP/IP Networking Now that y our BiGuard 50G is connected pr operly to y our network, it’ s time to configure your net worked PC s for T CP/IP networki ng. In order for your network ed PCs to communi cate with your router , they must have the following characteristics: 1.
38 - Windows 95/98/Me/NT/2000/XP - Mac OS 7 and later If you are using Windows 3.1, you mu st pu rchase a third-party TCP/IP application package. Any T CP/IP capable wo rkstation can be use d to communicate wit h or through BiGuard 50G. T o configure other types of workstations, please consult the manufacturer’ s documentation.
39 3. Select Internet Protocol (TCP/IP) and click Properties . 4a. T o have your PC obtain an IP address automat ically , select th e Obtain an IP.
40 address automatically and Obtain DN S server address aut omatically rad io buttons. 4b. T o manually assign y our PC a fixed IP address, select the Use the following IP address r adio button a nd enter your desired IP ad dress, subnet mask, and default gateway in the blanks provided.
41 3.4.2.2 Verifying Settings T o verif y your setting s using a command prom pt: 1. Click Start > Programs > Accessories > Command Prompt . 2.
42 - An IP address between 192.168.1.1 and 192 .168.1.253 - A subnet mask of 255.255.255.0 T o verif y your setting s using the Wi ndows XP GUI: 1. Click Start > Settings > Network Connections .
43 2. Right click one of the network conn ections listed and select Status from the pop-up menu. 3. Click the Support tab ..
44 If you are usi ng BiGuard 50G’ s default settings, your PC s hould: - Have an IP address be tween 192.168.1.1 and 192.168.1.253 - Have a subnet mask of 255.255.255.0 3.4.3 Windows 2000 3.4.3.1 Configuring 1. Select Start > Settings > Cont rol Panel .
45 2. In the Cont rol Panel window , double-click Network and Dial-up Connections . 3. In Network and Dial-up Connections, doubl e-click Local Area Connection .
46 4. In the Local Area Connection window , click Properties . 5. Select Internet Protocol (TCP/IP) and cl ick Properties ..
47 6a. T o have your PC obtain an IP address automatically , select the Obta in an IP address automatically and Obtain DNS serve r address autom atically radi o buttons.
48 7. Click OK to finish the configurati on..
49 3.4.3.2 Verifying Settings 1. Click Start > Programs > Accessories > Command Prompt . 2. In the Command Pro mpt window , type ipconfig and then press ENTER . If you are using BiGuard 50G’ s default settings, your PC sh ould have: - An IP address between 192.
50 - A subnet mask of 255.255.255.0 3.4.4 Windows 98 / Me 3.4.4.1 Installing Components T o prepare Windows 98/Me PCs for T CP/IP networking, you may need to manuall y install TCP/IP on each PC. T o do this, follow the steps below. Be sure to ha ve your Windows CD handy , as you may need to insert it during the inst allation process.
51 Y ou must have t he followin g installed:.
52 - An Ethernet adapter - TCP/IP pr otocol - Client for Microsoft Networks If you need to in stall a new Ethern et adapter , follow these steps: a. Click Add . b. Select Adapter , then Add . c. Select the manufactu rer and model of your Ethernet adapt er , then click OK .
53 If you need TCP/IP: a. Click Add ..
54 b. Select Protocol , then click Add . c. Select Microsoft . Æ TCP/IP , then OK . If you need Client for Microsoft Networks: a. Click Add ..
55 b. Select Client , then click Add . c. Select Microsoft . Æ Client for Microsoft Networks , and then click OK . 3. Re start your PC to a pply your changes.
56 2. In the Con trol Panel, double-click Network and choose the Confi guratio n tab..
57 3. Select TCP / IP > ASUSTek or the name of any Network Interface Card (N IC) in your PC and click Properties . 4. Select the IP Address tab and click the Obtain an IP address au tomatic all y radio butto n.
58 5. Select the DNS Conf igura tion tab and select the Disable DN S r adio button. 6. Click OK to apply the configurati on..
59 3.4.4.3 Verifying Settings T o check the TCP/IP configuration, use the winipcfg.exe utility: 1. Select Start > Run . 2. T ype winipcfg, and then click OK.
60 The window is updated to show y our settings. Usi ng the defaul t BiGuard 50G settings, your PC should have: - An IP address between 192.168.1.1 and 192 .
61 ISP setting in W AN site: Obtain an IP Address automatically ( DHCP Clie nt) DHCP server: DHCP server is enabled. Start IP Address: 192.168.1.100 End IP Address: 192.16 8.1.199 3.5.1 User Name and Password The default user name and passw ord are "admin" and "admin" respectively .
62 3.6 Information From Your ISP 3.6.1 Protocols Before configuring th is device, you have to check with your ISP (Internet Service P r o v i d e r ) t o f i n d o u t w h a t k i n d o f s e r v i c e is provided such as D HCP , Stat ic IP , PPPoE, or PPTP .
63 3.6.2 Configuration Information If your ISP does not dynamically assi gn configur ation informati on but instead use s fixed configurations, you will need the follow ing basic information fr om you.
64 2. Double-click t he Network icon. 3. In the Network Connections window , righ t-click Local Area Connecti on and select Properties ..
65 4. Select Internet Protocol (TCP/IP) and click Properties . 5. If an IP address , subnet mask and a Default gateway are shown, write down the informat ion.
66 assigned. Click the Obtain an IP address automatically radio button. 6. If any DNS ser ver addresses are shown, write them down. C lick the Obtain DNS server address automa ti cally r adio button.
67 3.7 Web Config uration Interface BiGuard 50G includes a W eb Configuration Interface for easy administr ation via virtually any browser on your network. T o access this interface, open your web browser , enter the IP address of your ro uter , which by default is 192.
68 If the W eb Configuration Interface appears, congr atulations! Y ou are now ready to configure your BiGuard 50G. If y ou are having trouble accessi ng the interface, please refer to Chapter 5: Troubleshooting for possible resolutions.
69 Chapter 4: Router Configuration 4.1 Overview The W eb Configurati on Interface makes i t ea sy for you to manage yo ur network via any PC connected to it. On the W eb Co nfigur ation homepage, you will see the navigation pane l ocated on the left hand si de.
70 restricted to only one PC accessing the web configur ation interface at a time. Once a PC has logged into the web interf ace, other PCs cannot gain access until the current PC has logged out. If the previ ous PC forgets to logout, the second PC can access the page after a user-defined period (5 minutes by defaul t).
71 Device Informati on Device Name: Displays the device name. System Up Time: System uptime enabl es a user to determine how long has the system being online or th e time that an unexpected restart or fault occurred. The system up-time is restar ted when there is a power failure or upon software or hardware reset.
72 In this menu, y ou will find the foll owing sections: - ARP Table - Wireless Association - Routing Table - Session Table - DHCP Table - IPSec Status - PPTP Status - Traffic Statistics - CPU Status .
73 4.2.1 ARP Table The Address Resolution Protocol (ARP) T a ble shows the mapping of Internet (IP) addresses to Ethernet (MAC) addresses. This is a quick way to determine the MAC address of your PC’ s network interface to use wi th the router’ s Firewall – MAC Address Filter function.
74 4.2.3 Routing Table The Routing T able d isplays th e current path for transmitted packets. Both sta tic and dynamic routes are displayed. No.: Number of the list. Destination: The IP address of the destination network. Netmask: The destination netmask address.
75 Sessions: Filter: when the presented field is fill ed, please click Filter button. From IP: please input the sou rce IP you would like to filter . From Port: please input the source port you would like to f ilter . To IP: please input the destin ation IP you would like to filter .
76 Name: The name you assigned to the particular IPSec entry . Enable: Whether the IPSec connection is currently Enable or Disable. Status: Whether the IPSec is Activ e, Inactive or Disable. Local Subnet : The local IP addres s or subnet used. Remote Su bnet: The subnet of the remote site.
77 WAN1: T ra nsmitted (Tx) and R eceived (Rx) b ytes and packets for W AN1. WAN2: T ra nsmitted (Tx) and R eceived (Rx) b ytes and packets for W AN2. Display: Allows you to change the units of measurement for the tr affic gr aph. 4.2.9 CPU Statistics This page displays the rout er’s system information.
78 MemFree: The router’ s current free memory size. CPU status: The CPU’ s usage shown in percentage each minute. When the CPU percentage in u se is higher than 80% the lin e will turn red. When the CPU percentage in u se is lower than 80% the line w ill turn blue.
79 First directs the page number for the table to the 1 st page, previous directs the page number for the table to the one page before, the dropdown menu allows the user to specifically select the pag.
80 4.3.2 Static IP IP assigned by your ISP: Enter the assigned IP address from your IP . IP Subnet Mask: Enter y our IP subnet mask. ISP Gateway Address: Enter your ISP gate way addres s. Primary DNS: Enter yo ur primary DNS. Secondary DNS: Enter yo ur secondary DNS .
81 is a packet requesting a ccess to the Intern et (i.e. when a program on yo ur computer attempts to access the Internet), sel ect Trigger on Demand . Idle Time: Auto-di sconnect the router whe n ther e is no activity on the line for a predetermined period of time.
82 predetermined period of time. Select the id l e t i m e f r o m t h e d r o p d o w n m e n u . A c t i v e if Trigger on Demand is selected. Click Apply to save y our changes. T o reset to defaults, click Reset . 4.3.5 Big Pond Username: Enter your user name.
83 - QoS - Virtual Server - Advanced These items are described below in the f ollowing sections. 4.4.1 LAN There are three items within this section: Ethernet , Wireless, Wireless Securti y, DHCP Server and LAN Ad dress Mapping.
84 IP Address: Enter the i nternal LAN IP addre ss for BiGuard 50G (192.168.1.254 b y default). Subnet Mask: Enter the subnet mask ( 255.255.255.0 by default). RIP: RIP v2 Broadcast and RIP v2 Multicast. Check to enable RIP . Wireless WLAN Service: Default setting i s set to Disable .
85 Hide ESSID: It is function in which transmits its ESSID to the air so that when wireless client searches for a network, rout er can the n be discovered and recognized. Default setting i s Disable. Enable: Select Enable if you do not want broadcast your ESSID .
86 of the connected A P . WDS takes adv antages of cost s aving and flexibility which no extra wireless client device is required to bridge between two access points and extending an ex isting wired or wireless in frastructure network to cr eate a larger network.
87 Encryption Standard) utilizes a st ronger encryption method and incorporates Message Integrity Code (MIC) to pr ovide protection against hackers. WPA Shared Key: The key for network authentication. T he input format is in character st yle and key size should be in the r ange between 8 and 63 characters.
88 4.4.1.3 WEP WEP Encryption: T o prev ent unauthoriz ed wireless stations from acc essing data transmitted o ver the network, th e router offers highly secure data encryption, known as WEP . If you require hi gh secu rity for transmissions, there are two alternatives to select from: WEP 64 and WEP 128 .
89 T o disable the router’ s DHCP Server , select the Disable radio button, and then click Apply . When the DHCP Server is disabled, yo u will need to manually assign a fi xed IP ad dr es s t o e ac h P C o n yo ur ne tw or k, and set the default gatew ay for each PC to the IP address of the router (192.
90 Name: Enter the name you w ant to giv e for the IP+Mac Address Fix ed Host account. Active: Select whether you wan t to Enable or Disable this part icular Fixed Host account. IP Address: Enter the IP address that you want to reserve for the above MAC address.
91 4.4.1.5 LAN Address Mapping LAN Address Mapping is a function that can support multiple subnet and also multiple NA T , you can specify a subnet and LAN Gatew ay IP Address and select associated WAN I P Address specified in W AN IP Alias in Configuration -> WAN -> WAN IP Alias.
92 4.4.2 WAN W AN refers to your W ide Area Network conne ction. In most cases, this means your router ’ s connection to the Internet thr ough your ISP . BiGuard30 features Dual W AN capability . There are th re e items within this sectio n: The W AN menu contains two items: ISP Settings , Bandwidth Settings and WAN IP Alias .
93 Connection Meth od: Select how your router will connect t o the Internet. Selection s include Obtain an IP Address Automatically , Static IP Settings , PPPoE Settings , PPTP Settings , and Big Pond Settings . F or each WAN port, the factory default is DHCP .
94 MAC Address: If your ISP requires you to input a WAN Ethernet MAC, check the checkbox and enter your MA C address in the blanks below . Candidates: Y ou can also select the MAC addre ss f rom the list in the Ca ndidates. DNS: If your ISP requires you to manua lly setup DNS settings, check the checkbox and enter your primary and secondary DNS .
95 Primary DNS: Enter the primary DNS provided by yo ur ISP . Secondary DNS: Enter the secondary DNS pr ovided by your ISP . RIP: T o activ ate RIP , select Send , Receive , or Both from the drop down menu. T o disable RIP , select Disable from th e drop down menu.
96 select Always Connect . If you want to establish a PPPoE session only wh en there is a packet requesting a ccess to the Intern et (i.e. when a program on yo ur computer attempts to access the Internet), sel ect Trigger on Demand . Idle Time: Auto-disconnect the router when there is no activity on the line for a predetermined period of time.
97 4.4.2.1.4 PPTP Settings Username: Enter your user name. Password: Enter your password. Retype Password: R etype your password. PPTP Client IP: Enter the PPTP Cl ient IP provided by your ISP . PPTP Client IP Netmask: Enter the PPTP Client IP Netmask provided by your ISP .
98 button. This will ta ke you to another page for inputting the IP address information. MAC Address: If your ISP requires you to input a WAN Ethernet MAC, check the checkbox and enter your MA C address in the blanks below . Candidates: Y ou can also select the MAC addre ss f rom the list in the Ca ndidates.
99 MAC Address: If your ISP requires you to input a WAN Ethernet MAC, check the checkbox and enter your MA C address in the blanks below . Candidates: Y ou can also select the MAC addre ss f rom the list in the Ca ndidates. DNS: If your ISP requires you to manua lly setup DNS settings, check the checkbox and enter your primary and secondary DNS .
100 WAN IP Alias WAN IP Alias allows you to input addition al WAN IP addresses. W AN IP Alias can be used for Multip le NA T setting s, includin g LAN Address Mapping settings and Virtual Server settings. Please click Create to create a LAN Address Mapping rule.
101 specific WAN port. In this menu are the followin g sections: General Settings, Outbound Load Balance, Inbo und Load Bala nce, and Protocol Bindi ng. 4.4.3.1 General Settings Mode: Y ou can select Load Balance or F ail Over . Service Detection: Enables or disables the service detection feature.
102 4.4.3.2 Outbound Load Balance Outbound Load Balancing on BiGuard 50G can be based on one of two methods: 1. By session mechanism 2. By IP address hash mechanism Choose one by clicking the corresponding r adio button.
103 to authenticate the sour ce IP address. Balance by weight of link c apacity: U s e s a n I P h a s h t o b a l a n c e t r a f f i c b a s e d on weight of l ink bandwidth capaci ty . Balance by weight: Uses an IP has h to balance tr affic based on a ratio .
104 SOA: Domain Name: The domain name of DNS Serv er 1. It is the name that you register on DNS organization . Y ou have to fill-out the Fu lly Qualified Domain N a m e ( F Q D N ) w i t h a n e n d i n g c h a r a c t e r ( a d o t ) f o r t h i s t e x t field.
105 MX Re cord Mail Exchanger: The name of the mail s erver . IP Address: The mail server IP address. Click Apply to save your c hanges. T o edit the Host Mapping URL list, click Edit . This will open the Host Mapping URL table, which lists the c urrent Host Mapping UR Ls.
106 Name1: The Alias Host URL Name2: The Alias Host URL Click Apply to save your c hanges. 4.4.3.4 Protocol Binding Protocol Binding let s you direct specific tr affic to go out from a speci fic W AN port. Click the Create button to create a new policy entr y .
107 Source IP Range: All Source IP: Click it to specify all source IPs. Specified Source IP: Click to spe cify a specific source IP address and source IP netmask. Source IP Ad dress: If Specified Source IP was chos en, here’ s where the IP can be entered.
108 Time Zone BiGuard does not use an onboard real time clock; instead, it uses the Network Time Protocol (NTP) to acquire the current time from an NTP serv er outside your network. Simply choose your local time zone, enter N TP Server IP Address, and click Apply .
109 NOTE: When enabling remote access, please mak e sure to change the defa ult administration pass word for security reason. Action: Select Enable or Disabl e remote access function. HTTPS Port: Please input the re mote access HT TPS port you would like to use.
11 0 Upgrading y our BiGuard 50G’ s firmware is a quick and easy w ay to enjo y increased functionality , better reliability , and ensu re trouble-free operation. T o upgr ade your firmwa re, simply visit Billi on’ s website ( http://www .billion.
111 backup file. Y ou may also ch ange the name of the file wh en saving if you wish to keep multiple backups. Click OK to save the file . T o restore a previously saved backup file, clic k Browse . Y ou will be prompted to select a file from your PC to restore.
11 2 4.4.4.6 Password In order to prevent unauthorized access t o your router’s configuration interface, it requires the admini strator to l ogin with a password. Y ou can change your pass word by entering your new passw ord in both fields. Click Apply to sa ve your changes.
11 3 4.4.5.1 Packet Filter The Pack et Filter function is used to limit user access to ce rtain sites on the Internet or LAN. The Filt er T ab le displays all cu rrent filter rules.
11 4 ID: This is an identify that allow s you to move the rule by before or after an ID. Rule: Enable or Disable this entry . Action When Matched: Select to Dr op or Forward the packet specified in this filter entry .
11 5 Destination Port Range: Enter the destination port number range. If you only want to specify one service port, then en ter the same port number in both bo xes . Helper: Y ou could also select the applicat ion t ype you would like to apply for automatic input.
11 6 URL Filtering: Y ou can choose to Enable or Disable this feature. Keyword Filtering: Click the check box to enable this fe ature. T o edit the list of filtered keywords, click Details. Domain Filtering: Click the "enable" ch eckbox to enable filtering by Domain N ame.
11 7 Enter a domain and select whether this domain is t rusted or forbidden w ith the pull-down menu. Next, click Apply . Y our ne w domain will be added to either the T rusted Domain or Forbidden Domain listing, depending on which you selected previously .
11 8 4.4.5.3 Ethernet MAC Filter Ethernet M ac Filter can decide if BiGuard w ill filter those dev ices at LAN side by MAC Address and determine if they can connect to the internet or not.
11 9 4.4.5.4 Wireless MAC Filter Prevents unauthorized computers access from using the Internet through the router . Wireless MAC Filter can Default Rule: Forward or Drop all wireless re quest. (Forward by default) Click on Create to create a new rule.
120 4.4.5.5 Block WAN Request Blocking WAN requests is one w ay to pr eve nt DDOS attacks by preventing ping requests from the Internet . Use t his menu to enable or disable function. 4.4.5.6 Intrusion Detection Intrusion Detecti on can prevent most co mmon DoS attacks from the Internet or from LAN users.
121 connections on per-us er basis. This is useful when controlling users who w ill use the applications which create a large n umber of connections (such as P2P soft ware). No Limit: No restrictions o n the amount of sessions allowe d to connect to BiGuard30.
122 4.4.6.1 IPSec IPSec is a set of protocols that enab le Virtual Private Networks (VPN). Y ou can find two items under the IPSec section: IPSec Wizard and IPSec Policy . 4.4.6.1.1 IPSec Wizard Connection Name: A user -defined name for the co nnection.
123 pre-shared key into both sides (router or hosts). Connection Type : There are 5 connection types: (1)LAN to LAN: BiGuard would lik e to establish an IPSec VPN tunnel wi th remote router using Fixe d Internet IP or do main name by using main mode. Secure Gateway Address (or Domain Nam e): The IP address o r hostname of the remote VPN gatewa y .
124 (3)LAN to Host: BiGuard would lik e to establish an IPSec VPN tunnel with remote client softw are using Fixed Interne t IP or domain name by using main mode. Secure Gateway A ddress (or Domain Name): The IP address or hostname of the remote VPN device that is connected and establishes a VPN tunnel .
125 Re mote Identifier: The Identifier of the remote gatewa y . According to the input value, the ID type will be auto-defi ned as IP Address, FQDN(DNS) or FQ UN(E-mail).
126 After your confi gurati on is done, yo u will see a Configuration Summary . Back: Back to the Previous page. Done: Click Done to apply the rule. 4.
127 Connection Name: A user-defin ed name for the connection. T unnel: Select Enable to activate thi s tunnel. Select Disable to d eactiv ate this tunnel.
128 interface if Aut o is selected. Local: This section configures t he local host. ID: Th is is the identity type of the local router or h ost. Choose from the following four options: W AN IP Address: Auto matically use the current W AN Address as ID.
129 Any Local Address: Will enable any local address on the netw ork. Subnet: The subnet of the remote ne twork. Selecting this option allows you to enter an IP address and netmask. IP Range: The IP R ang e of the remote network. Single Address: The IP address of the remote host.
130 negotiation time. Dif fie-Hellman is a public-key cryptography protocol that allows two parties to establish a shar ed secret ov er the Internet. Pre-shared K ey: This is for the In ternet Key Ex change (IKE) protocol. IKE is used to establi sh a shared security pol icy and authenticated k eys for servi ces (such as IPSec) that require a key .
131 Local Subnet: Displays I P address and subnet of the local network. Re mote Subnet: Displays IP address and subnet of the remote netw ork. Re mote Gateway: This i s the IP address or Domain Name of the remote VPN device that is connected and has an es tablished IPSec tunnel .
132 Connection Name: A user-defin ed name for the connection. T unnel: Select Enable to activate thi s tunnel. Select Disable to d eactiv ate this tunnel. Username: Please input the userna me for this account. Password : Please input the password for this account.
133 The first menu screen gives you an overview of which WAN ports currently have QoS active, and the bandwidth settings for each. WAN1 Outbound: QoS Function: QoS status for W AN1 outbound. Sel ect Enabl e to activ ate QoS for W AN1’ s outgoi ng traffi c.
134 Creating a New QoS Rule T o get started using QoS, you will need t o establish QoS rules. These rules tell BiGuard 50G how to handl e both incoming and outgoing tr affic. The following example shows you how to co nfigure W AN1 Outbound QoS. Confi guring the oth er traffic types follows the same process.
135 Interface: The current tr affic type. This can be WAN1 (outbound, i nbound) and W AN2 (outbound, inbound). Application: User defined appli cation name for the current rul e. Guarantee d: The guar anteed amount of bandwidth for this rule as a percentage.
136 For MAC Address: Source MAC Addre ss: The source MAC Address of the de vice this rule applies to. Candidates: Y ou can also select the Candidates which are referred from the ARP table for automatic input. Source Port Range: The r ange of source ports this rule applies to.
137 configure your rou ter to forward th ese incoming connection a ttempts using speci fic ports to the PC on your network run ning the applicati on. Y ou will a lso need to use port forwarding if you want to host an onlin e game server .
138 Candidates: Y ou can also select the Candidates which are referred from the ARP table for automatic input. Select the Apply button to ap ply your chang es.
139 Application: User defined appli cation name for the current rul e. Helper: Y ou could also select the application type you would like to apply for automatic input. Protocol type: please select protocol type External Port: Enter the port number of the service that will be sent to the Internal IP address.
140 4.4.9 Advanced Configurati on options wi thin the Adv anced section are for users who wish to tak e advantage of the more adv anced features of BiGuard 50G. Users who do not understand the featur es should not attemp t to reconfigure their router , unless advised to do so by support sta ff .
141 Rule: Select Enable to activ ate this rule, Disabl e to deactiv ate this rule. Destination: This is the destination subnet IP address. Netmask: This is the subnet mask of the destination IP addresses base d on above destination subn et IP . Gateway: This is the gatewa y IP address to which pack ets are to be forwarded.
142 please fill it in t he blank space below. Dynamic DNS: Disable: Check to disable the D ynamic DNS functi on. Enable: Check to enable the Dynamic DNS function. The followi ng fields will be activated and required: Dynamic DNS Server: Select the DDNS service you have established an accoun t with.
143 Device Name Name: Enter a name for this device. Web Server Settings HTTP Port: This is the port number the router’ s embedded web server (for web-based configuration) will use. The def ault value is the standard HT TP port, 80. Users may specify an a lternative if , for example, they are running a web server on a PC within their LAN.
144 SNMP Function: Select Enable to activ ate this functi on, Di sable to deactiv ate this function. SNMP V1 and V2 Read Community: Input the stri ng for R ead communit y to match your SNMP software. Write Community: Input the s tring for W rite community to match your SNMP software.
145 Click Create to create a new schedule. Name: A user-define descripti on to identify thi s time portfolio. Day: The default is set from Monday through Friday . Y ou may specify the da ys for the schedule to be appl ied. Start Time: The defaul t is set at 8:00 A M.
146 Select System Log to capture to a log. Select Syslog Server to capture a nd send to a specified external server . Select Email Alert to send information log to a pre-specified E-mail accou nt.
147 5.3 E-mail Alert The Email Alert function allows a log of se curity-related events (suc h as System Log and IPSec Log) to be se nt to a specified email address. Email Alert: Y ou may enable or disable this f unction by selecting the appropriate radio butto n.
148 Weekly: The router will send an alert once a week. When log is full: The router will send an alert only wh en the log is full. 6 Language Language provides 3 di fferent type of l a nguage to be displayed on the interface (currently support ing English, Simplified C hinese and T raditional Chinese) .
149 6.2 Simplified Chinese Clicking on t he Simplified Chin ese link will chan ge all the text in to Simplified Chinese. 6.3 Traditional Chinese Clicking on th e T raditional Chinese lin k will chan ge all the text into T raditional Chinese.
150 8 Logout T o exit the router’ s web interface, click Logout . Please ensure that you have sa ved your config urati on settings before y ou logout. Be aware that the router is restricted to only one PC accessing the web configur ation interface at a time.
151 Chapter 5: Troubleshooting 5.1 Basic Functio nality This section deals with issues regardin g your BiGuard 50G’ s basic functions. 5.1.1 Router Won’t Turn O n If the Po wer and other LEDs fai .
152 or workstation. - Make sure that power is tur ned on to the connected hub or workstation. - Be sure you are using the correct cable. When connecting the firew all’ s Internet port to a cable or DSL modem, use the cabl e that w as supplied with the cable or DSL modem.
153 5.2.2 Can’t Ping Any PC on the LAN If PCs connected to the LAN cannot be pinged: - Check the 10/100 LAN LEDs on BiGuard 50 G’ s front panel. One of these LEDs sh oul d be on . I f th ey a re b ot h o ff , c h eck the cables between BiGuard 50G and the hub or PC.
154 3. Make sur e that the Delete All Offline Content checkbox is checked, and click OK . 4. Click OK under Internet Options to close the dialogue. - In Windows, type arp – d at the command prompt to clear you co mputer’ s ARP table.
155 5.2.3.1 Pop-up Windows T o use the W eb Configur ation Inte rface, yo u need to disable po p-up blocking. Y ou can either disable pop-up blocking, which is enabled by default in Windows XP Service Pack 2, or create an ex ceptio n for your BiGuard 50G’ s IP address.
156 3. Under Scripting , check to see if Active scripting is set to Enable . 4. Ensure that Scripting o f J ava applets i s set to En abled . 5. Click OK to close the dialogue. 5.2.3.3 Java Perm issions The following Java P ermissions should also be given for the W eb Configuration Interface to display properl y: 1.
157 4. Click OK to close the dialogue. NOTE: If Jav a from Sun Microsystems is installed, scroll down t o Java (Sun) and ensure that the ch eckbox is filled. 5.3 WAN Interface If you are ha ving problems with the W AN Interface, refer to the tips b elow .
158 4. Check to see that the W AN port is properly connected to the ISP . If a Connected by (x) where (x) is your con nection method is not shown, your r outer has not successfully obtained an IP address from your ISP . If an IP address cannot be obtained: 1.
159 If an IP address can be obtained, but yo ur PC cannot load any web pages from the Internet: - Y our PC may not re cognize DNS server addresses. Co nfigure your PC man ually with DNS addresses. - Y our PC ma y not ha ve the router correctly configured as i ts TCP/I P gatewa y .
160 Appendix A: Product Specifications Availability and Resilience - Dual- W AN ports - Load balancing for increased bandwi dth o f inbound and outbound tr affic - Automatic failo ver to redirect t he pa ck et when one broadband connection i s broken.
161 - Netbios ov er VPN Firewall - Stateful P acket Inspection (SPI) and Deni al of Service (DoS) prev ention - Pack et filter un- permitted inbound (W AN)/Inbound (LAN) Internet access by IP addre ss.
162 Physical Interface Ethernet W AN 2 ports (10/100 Base- T), support Auto- Crossover (MDI/MDIX) Ethernet LAN 8 ports (10/100 Base- T) swit ch support Auto- Crossover (MDI/MDIX) Physical Specifications Dimensions: 18.98" x 6.54" x 1 .77" (482mm x 166 mm x 45mm, with Br acket) 9.
163 Appendix B: Customer Support Most problems can be solved by referring to the T roubleshooting section in the User’s Manual. If you cannot resolve the problem w ith the T roubleshootin g chapter , please contact the dealer wher e yo u purchased this prod uct.
164 Appendix C: FCC Interference Statement This device complies with Part 15 of FCC rules. Operation is subject to the follow ing two condition s: - This device may not c ause harmful interference. - This device must accept any interference received, includin g interference that may cause undesired oper ations.
165 Appendix D: Network, Routing, and Firewall Basics D.1 Network Basi cs D.1.1 IP Addresses With the number of T CP/IP networks interconne cted across the globe, ensuring that transmitted data reaches the correct dest ination requires each computer on the Internet has a unique identifier .
166 back slash (/). F or example, a typical Class C address could be written as 192.168.234.245/24, which means th at the net mask is 24 ones followed by 8 zeros. (11111111 11111111 11111111 00000000). D.1.1.2 Subnet Addressing Subnet addressing enables t he split of one IP network address into mu ltiple physical networks.
167 from these r anges. D.1.2 Network Address Translation (NAT) T raditionally , mult iple PCs that needed simu ltaneous Intern et access also required a range of IP addresses from the Internet Service Prov ider (ISP). Not only was th is method very costly , but the number of available IP addresses for PCs is limited.
168 D.2 Router Basics D.2.1 What is a Router? A router is a device that forwards da ta packets along networks. A router i s connected to at least t wo networks. U sua lly , this is a LAN and a WAN that is connected to an ISP network. R outers ar e located at gate ways, the places where two or more networks connect.
169 D.3 Firewall Basi cs D.3.1 What is a Firewall? Firewalls prevent unaut horiz ed Internet users from accessing private networks connected to the Internet. All messages en tering or leaving the in tranet pass through the f irewall, which examines each message and blocks those that do not meet the specified security criteria.
170 D.3.2 Why Use a Firewall? With a LAN connected to the Internet throug h a router , there is a chance for hackers to access or disrupt your network. A simp le NA T router provides a basic level of protection by sh ielding your network from the out side Internet .
171 Appendix E: Virtual Private Networking E.1 What is a VPN? A Virtual Private Network (VPN) is a shared network where private data is segmented from other traffic so that only the intended recipient has access. It allows organization s to securely transmit data over a public medium like the Internet.
172 data authentication, in tegrity , and confiden tiality as data is transferred across I P networks. IPSec provides data security at the IP packet level, and protects against possible security risks by pr otecting data. IPSec is widely used to esta blish VPNs.
173 E.2.1.2 Encapsulating Security Payload (ES P) Encapsulating Security P ayload (ESP) pro vid es privacy for data through encryption. An encryption algorithm combi nes the data with a k ey to encrypt i t. It then repackages the data using a speci al format, and tr ansmits it to the destination.
174 E.2.1.3 Security Associations (SA ) Security Associations are a on e-way relationships between sender and receiver th at specify IPSec-related parameters. They provide data protection by using the defined IPSec protocols, and allow organizati ons to control according to the security policy in effect, wh ich resour ces may communicate securely .
175 T ransport Mode - This mode is used to provide dat a se curity between two networks. It provides p r o t e c t i o n f o r t h e e n t i r e I P p a c k e t a n d i s s e n t b y a d d i n g a n o u t e r I P h e a d e r corresponding to the two tu nnel end-points.
176 E.2.4 Tunnel Mod e ESP Here is an example of a packet with ESP applied: E.2.5 Internet Key Exchange (IKE) Before either AH or ESP can be used, it is necessary for the two communication devices to exchange a secret key that the security prot ocols themselves will use.
177 addresses. Aggressive mode reduces this process to three messages, but par ameter negotiation is limited, identity protection is lacking except when using public key encryption, and is more vulnerable to Denial of Service attack s. Phase II, known as Quick Mode, est ablishes symmetrical IPSec Security Associations for both AH and ESP .
178 Appendix F: IPSec Logs and Events F.1 IPSec Log Event Categories There are three major categories of IPSe c Log Events for your BiGuard 50G. These include: 1.
179 Received Main mode second message of ISAKMP Received the second message of main mode. Done to exchange key values. Send Main mode second response message of ISAKMP Sending the main mode second response message. Done to exchange key val ues. Received Main mode second response message of ISAKMP Received the main mode second response message.
180 Received Aggressive mode second ISAKP Message Received the second message of aggressive mode. Done to exchange proposal and key values. Send Quick mode in itial message Sending the first message of quick mode (Phase II). Done to exchange proposal and ke y values (IPSec).
181 NO P R OP O SA L C H OS E N: I n it i a l M a i n Mo d e me s s ag e re c e iv e d on [ I P :P o rt # ] bu t n o connection has been authorized INVALID ID: Require peer to have ID [I D], but peer .
182 Appendix G: Bandwidth Management with QoS G.1 Overview In a home or office envi ronment, users cons tantly ha ve to transmi t data to and from the Internet. When too many are accessing the Internet at the same time, service can slow to a crawl, causing service interruption s and general frustration.
183 -Prioritizat ion: Assigns diff erent priority levels for diff erent applications, prioritizing traffic. Hi gh, Normal an d Low priority setting s. -Outbound and Inbou nd IP Throttli ng: Controls network t raffi c and allows y ou to limit the speed of each application.
184 Application Data Ratio (%) Priority On-line games 30% High Skype 5% High Email 10% High FTP 20% Upload (High), D ownload (Normal) Other 35% G.4.2 Office Users QoS is also ideal for small businesses u sin g an office server as a web server .
185 Appendix H: Router Setup Examples H.1 Outbound Fail Over Step 1: Go to Configuration > WAN > ISP Settings . Select WAN1 and WAN2 and click Edit .
186 Step 3: Go to Configur ation > Dual W AN > General Setti ngs. Select the Fail Over radio button. Under Connecti vity De cision, input the num ber of times BiGuard 50G should probe the WAN before deciding that the ISP is in service or not (3 by default).
187 WAN 1 . Step 4: Click Save Config to save all changes to flash memory . H.2 Outbound Load Balancing With Outbound Load Balanci ng, you can impro ve upload p erformance by optimizing your connection via Dual WAN. T o do this, follow these st eps: Step 1: Go to Configur atio n > WAN > ISP Settings .
188 Step 3: Go to Configuration > Dual WAN > Gener al Settings . Select the Load Balance radio button. Step 4: Go to Configur ation > Dual WAN > Outbound Load Balance .
189 Step 5: Complete. T o check traffi c statistics, g o to Status > Traffic Stati stics . Step 6: Click Save Config to save all changes to flash memory .
190 H.3 Inbound Fail Over Configurin g your BiGuard 50G for Inbound F ail Over is a great way to ensure a more reliable connection for i ncoming requ ests. T o do so, follow these steps: NO TE: Before you begin, ensure that both W AN1 and WAN2 have been properly configured.
191 Step 3: Go to Configuration > Adva nced > Dynamic DNS . Set the WAN1 DDNS settings. Step 4: From the same menu, set the WAN2 DDNS settings. Step 5: Click Save Config to save all changes to flash memory .
192 H.4 DNS Inbound Fail Over NO TE: Before proceeding, please ensure th at b o th WA N 1 an d WA N2 a re p r o p er l y configured according to the settings provided by your ISP . If not, please refer to Chapter 4.2.2. 1 ISP Settings for details on h ow to configure your WAN ports.
193 Step 2: Go to Configuration > Du al W AN > Inbound Load Balanc e . Select t he Enable radio button an d configure DNS Server 1 by clicking Edit .
194 Step 4: Configure your Host URL Ma pping for DNS Server 1 by clicking Edit to enter the Host URL Mappings List. Click Create and i nput the settings for Host URL Mappings and click New . Step 5: Click Save Config to save all changes to flash memory .
195 Step 1: Go to Configuration > Dual WAN > General Settings . Select the Load Balance radio button. Step 2: Go to Configur ation > Dual WAN > Inbound Load Balance > Server Settings and configur e DNS Server 1.
196 Step 3: Go to Configuration > Dual WAN > Inbound Load Balance > Host URL Mapping and configur e your FTP mappi ng. Step 4: Next configure your HTTP mapping.
197 Step 5: Click Save Config to save all changes to flash memory . H.6 Dynamic DNS Inbound Load Balancing Step 1: Go to Configuration > WAN > Bandwidth Settings.
198 Step 2: Go to Configuration > Dual WAN > General Settings and enable Load Balance mode. Y ou ma y then decide whether to enable Serv ice Detection or not. Step 3: Go to Configur ation > Dual WAN > Outbound Load Balance . Choose your load balance policy and click Apply to apply yo ur changes.
199 Step 4: Go to Configuration > Ad vanced > Dynamic DN S and input the dynamic DNS settings for W AN1 and WA N2. WAN 1 : WAN 2:.
200 Step 5: Go to Configuration > Virtual Se rver and set up a virtual server for both FTP a n d H T TP . Step 6: Click Save Config to save all changes to flash memory . H.7 VPN Configuration This section outlines some concrete ex amples on how yo u can configure BiGuard 50G for your VPN.
201 [ Branch Office Head Office Local ID IP Address IP Address Data 69.121.1.30 69.121.1.3 Network Any Local Address Any Local Address IP Address 192.168.0.0 192.168.1.0 Netmask 255.255.255.0 255.255.255.0 Remote Secure Gateway Address(or Hostna me) 69.
202 Proposal IKE Pre-shared Key 12345678 12345678 Securi ty Algo rithm Main Mode; ESP: MD5 3DES PFS Main ESP MD5 3DES PFS H.7.2 Host to LAN Single client Head Office Local ID IP Address IP Address Data 69.
203 IP Address 0.0.0.0 192.168.1.0 Netmask 0.0.0.0 255.255.255.0 Remote Secure Gateway Address(or Hostna me) 69.121.1.3 69.121.1.30 ID IP Address IP Address Data 69.121.1.3 69.121.1.30 Network Subnet Single Address IP Address 192.168.1.0 69.121.1.30 Netmask 255.
204 Step 1: Go to Configuration > Dual WAN > General Settings . Enable F ail Over by selecting the Fail Over radio button. Then, configure your F ail Over policy . Step 2: Go to Configur ation > Advanced > Dynami c DNS and configure your dynamic DNS settings (Both W AN1 and W AN2).
205 Step 3: Go to Configur ation > VPN > IPSec > IPSec Policy . Click Crea te to configure VPN settings. Step 4: Click Save Config to save all changes to flash memory .
206 H.9 VPN Concentrator.
207 Step 1: Go to Configur ation > VPN > IPSec > IPSec Policy and configure the link from BiGuard 50G to BiGuard 10 Branch A. 100.100.10 0.1 200.200.200. 1 192.168.2.x 192.168.3.x 201.201.201. 1 192.168.4.x Local ID T ype: Subnet Local subnet: 0.
208 Step 2: Go to Configur ation > VPN > IPSec > IPSec Policy and configure the link from BiGuard 50G to BiGuard 10 Branch B ..
209 Step 3: Go to Configur ation > VPN > IPSec > IPSec Policy and configure the connection from BiGuard 10 Branch A to BiGuard 50G..
210 Step 4: Go to Configur ation > VPN > IPSec > IPSec Policy and configure the connection from BiGuard 10 Branch B to BiGuard 50G..
21 1 Step 5: Click Save Config to save all changes to flash memory . H.10 Protocol Binding Step 1: Go to Configuration > Dual WAN > General Settings.
212 Step 2: Go to Configuration > Dual WAN > Protocol Binding and configure settings for WA N1. Step 3: Go to Configuration > Dual WAN > Protocol Binding and configure settings for WA N2.
213 Step 4: Click Save Config to save all changes to flash memory . H.11 Intrusion Detection Intru sion Det ecti on on Internet Internet Detected! Dropped BiGuard Safe!! Server Safe!! Hacker DoS Attack DoS Att ack Hacker Hacker DoS Attack DoS Attack Step 1: Go to Configura tion > Firewall > Intrusion Detection and Enable the settings.
214 H.12 PPTP Remote Access by Windows XP Internet Internet Windows XP PPTP Clien t Internet Internet 100. 100.10 0.1 Headquart er BiGuard &PPTP Server Busin ess Trip PPTP Tunnel Publ ic IP Local subnet: 192.168.30.0 Local mask: 255.255.255.0 Step1: Go to Configuration > VPN > PPTP and Enable the PPTP func tion, Click Apply .
215 Step3: Click Apply , you can see the account is successfully created. Step4: Click Save Config to save all changes to flash me mory . Step5: In Windows XP , go Start > Settings > Network Connections .
216 Step6: In Netwo rk T asks , Click Create a new connection , and press Next..
217 Step7: Select Connect to the net work at my workplac e and press Next . Step8: Select Virtual Private Netw ork connection and press Next ..
218 Step9: Input the user-defined na m e for this connection and press Next . Step10: Input PPTP Server Address and press Next ..
219 Step11: Please press Finish . Step12: Double click the conn ection, and input Userna me and Password that defined in BiGuard PPTP Account Settings .
220 PS. Y ou can also refer the Properties > Security page as below , by default..
221 H.13 PPTP Remote Access by BiGuard Internet Internet Internet Internet 100.100.100.1 Headquarter BiGuard &PPTP Server PPTP Tunnel Branch Office 200.
222 Step3: Click Apply , you can see the account is successfully created. Step4: Click Save Config to save all changes to flash me mory . Step5: In another BiGuard as Client, Go to Configur ation > WAN > ISP Settings .
223 Step6: Click Apply , and Save CONFIG ..
Un point important après l'achat de l'appareil (ou même avant l'achat) est de lire le manuel d'utilisation. Nous devons le faire pour quelques raisons simples:
Si vous n'avez pas encore acheté Billion Electric Company BiGuard 50G c'est un bon moment pour vous familiariser avec les données de base sur le produit. Consulter d'abord les pages initiales du manuel d'utilisation, que vous trouverez ci-dessus. Vous devriez y trouver les données techniques les plus importants du Billion Electric Company BiGuard 50G - de cette manière, vous pouvez vérifier si l'équipement répond à vos besoins. Explorant les pages suivantes du manuel d'utilisation Billion Electric Company BiGuard 50G, vous apprendrez toutes les caractéristiques du produit et des informations sur son fonctionnement. Les informations sur le Billion Electric Company BiGuard 50G va certainement vous aider à prendre une décision concernant l'achat.
Dans une situation où vous avez déjà le Billion Electric Company BiGuard 50G, mais vous avez pas encore lu le manuel d'utilisation, vous devez le faire pour les raisons décrites ci-dessus,. Vous saurez alors si vous avez correctement utilisé les fonctions disponibles, et si vous avez commis des erreurs qui peuvent réduire la durée de vie du Billion Electric Company BiGuard 50G.
Cependant, l'un des rôles les plus importants pour l'utilisateur joués par les manuels d'utilisateur est d'aider à résoudre les problèmes concernant le Billion Electric Company BiGuard 50G. Presque toujours, vous y trouverez Troubleshooting, soit les pannes et les défaillances les plus fréquentes de l'apparei Billion Electric Company BiGuard 50G ainsi que les instructions sur la façon de les résoudre. Même si vous ne parvenez pas à résoudre le problème, le manuel d‘utilisation va vous montrer le chemin d'une nouvelle procédure – le contact avec le centre de service à la clientèle ou le service le plus proche.