Manuel d'utilisation / d'entretien du produit VPN 800 du fabricant HotBrick
Aller à la page of 89
Dual WAN Firewall Router VPN 800 / 2 User’s Guide HotBrick Network Solutions.
.
HotBrick Network Solutions i T ABLE OF C ONTENTS 1: INTRODUCTION .............................................................................................................................. 1 Internet Features .......................................
HotBrick Network Solutions ii 9: ADVANCED LAN CONFIGURAT ION ………………………………………………………………...67 Overview .......................................................................................................
HotBrick Network Solutions Page 1 1: Introduction Congratulations on the purchase of your new HotBrick VPN 800/2 Firewall Router. The VPN 800/2 Firewall Router provides Shared Broadband Internet Access and VPN tunnels for LAN users.
HotBrick Network Solutions Page 2 • PPPoE Session Management Multiple PPPoE sessions are supported and you can choose to “map” sessions to individual PCs if desired. • Multiple IP Address Support If your ISP allocates you multiple IP addresses, these are also supported and you can “map” IP addresses to individual PCs if desired.
HotBrick Network Solutions Page 3 Other Features • 8-Port Switching Hub The VPN 800/2 Firewall Router incorporates with 8-port 10 /100BaseT switching hub, making it easy to create or extend your LAN. • DHCP Server Support D ynamic H ost C onfiguration P rotocol provides a dynamic IP address to PCs and other devices upon request.
HotBrick Network Solutions Page 4 Package Contents The following items should be included: • The VPN 800/2 Firewall Router Unit • Power Core. • Quick Installation Guide • CD-ROM containing the on-line manual. If any of the above items are damaged or missing , please contact your dealer immediately.
HotBrick Network Solutions Page 5 Also, some Status and Error condit ions are indicated by combinations of LEDs, as shown below LED Action Condition WAN, LAN Status LEDs flash alternatively. Firmware Download in progress. WAN & LAN LEDs flash concurrently.
HotBrick Network Solutions Page 6 Rear Panel VPN 800/2 Firewall Router Figure:1-2: Rear Panel VPN 800/2 Firewall Router AC power socket Connect the supplied power here.
HotBrick Network Solutions Page 7 Note: The supplied Windows TFTP utility also allows you to perform three (3) other operat ions: • Save the current configuration settings to your PC (use the "Upload" button). • Restore a previously saved configuration file to the VPN 800/2 Firewall Router (use the "Download" button).
HotBrick Network Solutions Page 8 2: Basic Setup Overview Basic Setup of your HotBrick VPN 800/2 Firewall Router involves the following steps: 1. Attach the HotBrick VPN 800/2 Firewall Router to one (1) PC, and configure it for your LAN. 2. Install your HotBrick VPN 800/2 Firewall R outer in your LAN, and connect the Broadband Modem or Modems.
HotBrick Network Solutions Page 9 7. Enter admin for the "User Name" and leave the "Password" blank. • The "User Name" is always admin • You can and should set a password, using the following Admin Password screen.
HotBrick Network Solutions Page 10 9. Select LAN & DHCP from the menu. You will see a screen like the example below. Figure 2-3: LAN & DHCP 10. Ensure these settings are suitable for your LAN: • The default settings are suitable for many situations.
HotBrick Network Solutions Page 11 DHCP Server Configuration • DHCP Server Setup - If enabled , the VPN 800/2 Firewall Router will allocate IP Addresses to PCs (DHCP clients) on your LAN when they start up. The default and recommended value is "Enable".
HotBrick Network Solutions Page 12 2. Installing the HotBrick VPN 800/2 Firewall Router in your LAN 1. Ensure the HotBrick VPN 800/2 Firewall Router and the DSL/Cable modem are powered OFF. Leave the modem or modems connected to their data line. 2. Connect the Broadband modem or modems to the VPN 800/2 Firewall Router.
HotBrick Network Solutions Page 13 Figure 2-4: Primary Setup Screen VPN 800/2 Firewall Router Settings – Primary Setup Connection Mode Select the appropriate setting: • Enable – Select this if you have connected a broadband modem to this port. • Disable – Select this if there is no broadband modem connected to this port.
HotBrick Network Solutions Page 14 Connection Type Check the data supplied by your ISP, and select the appropriate option. • Static IP – Select this if your ISP has provided a Fixed or Static IP address. Then enter the data into the Address Info fields.
HotBrick Network Solutions Page 15 4: Configure PCs on your LAN Overview For each PC, the following may need to be configured: • TCP/IP network settings • Internet Access configuration TCP/IP Settings If using the default VPN 800/2 Firewall Router settings, and the default Windows 95/98/ME/2000/XP TCP/IP settings, no changes need to be made.
HotBrick Network Solutions Page 16 6. Select "Connect to the Internet" and click Next . 7. Select "Set up my connection manually" and click Next . 8. Check "Connect using a broadband connection t hat is always on" and click Next .
HotBrick Network Solutions Page 17 Fixed IP Address By default, most Unix installations use a fixed IP Address. If you wish to continue using a fixed IP Address, make the following changes to your configuration. • Set your Default Gateway to the IP Address of the VPN 800/2 Firewall Router.
HotBrick Network Solutions Page 18 3: Advanced Port Setup Overview • Port Options contains some options, which can be set on either or both WAN ports. For most situations, the default values are satisfactory. • Load Balance screen is only functional if you are using both WAN ports.
HotBrick Network Solutions Page 19 Settings – Port Options Connection Validation • Health Check – Disable will not do Alive Indicator Check. By default health check is enable. Health checking is performing an ICMP echo request and HTTP packets to the specific destination that could be either: 1.
HotBrick Network Solutions Page 20 Load Balance This screen is only operational if using Internet connections on both WAN ports. Figure 3-2: Load Balance These settings are only functional if using both WAN ports. If using both WAN ports, these settings determine the proportion of traffic sent over each port.
HotBrick Network Solutions Page 21 Settings – Load Balance Load Balance Configuration • Enable – Use this to enable your Load Balance settings. Unless this is checked, the other settings on this screen have no effect. • Balance Type – Select the desired option: • Bytes rx+tx – Traffic is measured by Bytes.
HotBrick Network Solutions Page 22 Advanced PPPoE The screen is required in order to use multiple PPPoE sessions on the same WAN port. It can also be used to manually co nnect or disconnect a PPPoE session.
HotBrick Network Solutions Page 23 Action Use the "Connect" and "Disconnect" buttons to establish or t erminate a connection on this session, if required. Connection Status This displays the current connection status for each session.
HotBrick Network Solutions Page 24 Advanced PPTP This screen is only useful if using the PPTP connection method. Figure 3-4: Advanced PPTP Settings – Advanced PPTP WAN Port Select the desired Port, and then click the "Select" button. The data for t he selected Port will then be displayed in the WAN IP Account section.
HotBrick Network Solutions Page 25 4: Advanced Setup Overview The following advanced features are provided. • Host IP Setup • Virtual Servers • Custom Virtual Server • Special Applications •.
HotBrick Network Solutions Page 26 Figure 4: Host IP Setup Settings – Host IP Setup Host Network Identity This section identifies each Host (PC) • Host List – When adding a new Host, ignore this list. To edit an existing entry, select it from the list, and click the "Select" button.
HotBrick Network Solutions Page 27 Host Network Binding • Bind WAN port/Session – Select Enable if you wish to associate this PC with a particular PPPoE Session. All traffic for that PC will then use the selected PPPoE port and session. • Binding Method – Suppose your PC is bound to WAN1 port, now you are selecting “Strict Binding”.
HotBrick Network Solutions Page 28 Virtual Servers This feature allows you to make Servers on your LAN accessible to Internet users. Normally, Internet users would not be able to access a server on your LAN because: • Your Server's IP address is only valid on your LAN, not on the Internet.
HotBrick Network Solutions Page 29 • This address should be static, rather than dynamic, to make it easier for Internet user s to connect to your Servers. However, you can use the Dynamic DNS feature (explained later in this chapter) to allow users to connect to your Virtual Servers using a URL, instead of an IP Address.
HotBrick Network Solutions Page 30 Custom Virtual Servers This screen allows you to define your own Server types, for situations when the desired Server type is not listed on the Virtual Servers screen.
HotBrick Network Solutions Page 31 Each PC must be running the appropriate Server software. • Protocol Type – Select the network protocol used by this sever type. • LAN Port Range – Enter the range of port number used for outgoing traffic from this Server.
HotBrick Network Solutions Page 32 Special Applications If you use Internet applications which have non-st andard connections or port numbers, you may find that they do not function correctly because they are blocked by the firewall in the Load Balancer .
HotBrick Network Solutions Page 33 Special Application Configuration Use this to Enable or Disable this Special Application as required. Enable Name Enter a descriptive name to identify this Special Application. Outgoing Protocol Select the protocol used by this application, when sending data to the remote server or PC.
HotBrick Network Solutions Page 34 Dynamic DNS Dynamic DNS is very useful when combined with the Virtual Server feature. It allows Internet users to connect to your Virtual Servers using a URL, rather than an IP Address. This also solves the problem of having a dynamic IP address.
HotBrick Network Solutions Page 35 Figure 4-6: Dynamic DNS Settings – Dynamic DNS Dynamic DNS Service Use this to Enable/Disable the Dynamic DNS feature, and select the required service provider. • Disable – Dynamic DNS is not used. • DNS4BIZ Hotbrick Premium – It provides reliability for normal business requirement.
HotBrick Network Solutions Page 36 WAN Port Binding • Select the WAN port on which the Dynamic DNS is used. • The "Force Update" button will update your record on the Dynamic DNS Server immediately. Additional Standard Client or 3322 Settings These options are available if using the standard client.
HotBrick Network Solutions Page 37 Multi DMZ This feature allows each WAN port IP address to be associated with one (1) computer on your LAN. All outgoing traffic from that PC will be associated with that WAN port IP address.
HotBrick Network Solutions Page 38 Settings – Multi DMZ Enable Use this to enable or disable the DMZ setting, as required. Name Enter a name to assist you to remember this setting. This name has no effect on the operation. For Static IP Public IP address Enter the WAN port (Internet) IP address you wish to associate to a PC.
HotBrick Network Solutions Page 39 UPnP With UPNP (Universal Plug & Play) function, it can easily setup and configure an entire network, enable discovery and control of networked devices and services. Figure 4-8: UPnP Settings – UPnP UPnP Option If you Enable UPnP, then this two wan router will become one of the entire local network.
HotBrick Network Solutions Page 40 NAT Setting NAT (Network Address Translation) is the technology which allows one (1) WAN (Internet) IP address to be used by many LAN users.
HotBrick Network Solutions Page 41 Settings – NAT NAT Configuration • NAT Routing – You can enable or disable NAT through the check box. If you disable NAT checkbox, it will act as a bridge or Static Router. Most features will be unavailable. • TCP Timeout – Enter the desired value to use on both WAN ports.
HotBrick Network Solutions Page 42 Advanced Features This screen allows you to change some advanced settings: • Remote Access Configuration – This feature allows you to manage the VPN 800/2 Firewall Router via the Internet. You can restrict access to a specified IP address or address range.
HotBrick Network Solutions Page 43 Settings – Advanced Features Remote Access Configuration • Remote Upgrade – If enabled, you can use the supplied Windows program to remotely upgrade the Firmware. If not enabled, upgrades must be performed by a PC on the LAN.
HotBrick Network Solutions Page 44 Interface Binding SMTP (Simple Mail Transport Protocol) Binding Unless you are using E-mail accounts from different ISPs on each port, you can ignore these settings. Some ISPs configure their E-mail Servers so they will not accept E-mail from IP addresses not allocated by themselves.
HotBrick Network Solutions Page 45 5: Security Management Overview • Block URL It can block specific website by configure IP address, URL or Key words • Access filter You can block all Internet access or select blo ck well-known port or block user define ports by groups.
HotBrick Network Solutions Page 46 Figure 5-1: Block URL Settings – Block URL Access Group This allows you have different blocking rules for different Groups of PCs. • All PCs (users) are in the Default Group unless moved to another group on the Host IP screen.
HotBrick Network Solutions Page 47 Access Filter The network Administrator can use the Access Filter to gain fine control ov er the Internet access and applications available to LAN users. • Five (5) user groups are available, and each group can have different access rights.
HotBrick Network Solutions Page 48 Filter Setting Select the desired option for this Group: • No filtering – Nothing is blocked, Internet access is not restricted. • Block All Access – Everything is blocked, Internet access is not available. • Block selected items – Items selected on this screen are blocked.
HotBrick Network Solutions Page 49 Session Limit This new feature allows to drop the new sessions from both WAN and LAN side. If the new sessions number are exceed the maximum sessions in a sampling time. Figure 5-3: Session Limit Session Limit Sampling Time The period to count the new session.
HotBrick Network Solutions Page 50 System Filter Exception System Firewall Exception Rules: The rules with which any received packets is complied, the packets will not processed by Firewall or NAT module, but to be processed directly by system protocol stack.
HotBrick Network Solutions Page 51 6: VPN Configuration Overview Virtual Private Network (VPN), is a connection between two end points. It allows private data to be sent securely over a public network, such as Internet. VPN establishes a private network that can send data securely between two networks.
HotBrick Network Solutions Page 52 IPSec Global Setting Figure 6-1 IPSec Global Setting.
HotBrick Network Solutions Page 53 IP Global Setting IP Global Setting Enable –If you enable check box either WAN1,WAN2 or both, this will start VPN global setting ISAkmp Port – Internet Security Association and Key Protocol Management (ISAkmp) is designed to negotiate, establish, modify and delete security associations and their attributes.
HotBrick Network Solutions Page 54 Policy Setup Policy Setup Figure 6-2 Policy Setup.
HotBrick Network Solutions Page 55 VPN Policy Setup IPSec Traffic Binding VPN Tunnel List – It shows the tunnels that you have entered. The router can setup up to 20 tunnels Tunnel Name – In order to distinguish the tunnel, you have to give “Tunnel” a name.
HotBrick Network Solutions Page 56 Key Management Key – Key Type: there are two key types (manual key and auto key) available for the key exchange management. Manual Key: If manual key is selected, no key negotiation is needed. Encryption Key- This field specifies a key to encrypt and decrypt IP traffic.
HotBrick Network Solutions Page 57 IPSec Policy options Tunnel Attribute The current tunnel attribute that you just setup Dead Peer Detection If you like to utilize one of the wan port as a backup or plan failover function, you can enable Dead Peer Detection function.
HotBrick Network Solutions Page 58 7: QoS Configuration Overview The VPN 800/2 Firewall Router provides QoS, which supports the high quality of network service. Because it will classify outgoing packets ba sed on some policies defined by users, make some real-time applications to get better response or performance.
HotBrick Network Solutions Page 59 Data – QoS Setup. QoS Feature Enable QoS – This will allow users enable QoS function. • Queuing Method – The methods that how you manage your queue.” Priority queuing”. It is one of the first queuing variations to be wildly implemented.
HotBrick Network Solutions Page 60 Data – Policy Confi guration. Network Admission Policy This section identifies each policy • Policy Name List – When adding a new Policy, ignore this list. To edit an existing entry, select it from the list, and click the "Select" button.
HotBrick Network Solutions Page 61 8: Management Assistant Overview The following advanced features are provided. • SNMP • Email Alert • SNMP • Syslog • Upgrade Firmware This chapter contains details of the configuration and use of each of these features.
HotBrick Network Solutions Page 62 Settings – SNMP System Information • Contact Person – The name of the person responsible for this device. • Device name – The name of VPN 800/2 Firewall Router. • Physical Location – The location of the VPN 800/2 Firewall Router.
HotBrick Network Solutions Page 63 Settings – Email Alert Email Alert • Enable – This will enable email alert to send a warning email when WAN port was disconnected. • Disable – This will disable email alert not to send a warning email when WAN port was disconnected.
HotBrick Network Solutions Page 64 Syslog This feature can send real time system information on the web page or to the specifie d PC. Syslog Configuration – Syslog Configuration allow you where to send system information to other machine or not. There are up to three machines you can choose to send your system log.
HotBrick Network Solutions Page 65 Syslog Confi guration Syslog Global • Enable – Set to “enable”, if you want to send system log messages to other machine. Keep Sent Messages • Enable – Checked this, if you want to keep sent messages, otherwise the sent messages will be deleted.
HotBrick Network Solutions Page 66 Admin Password The password screen allows you to assign a password to the Firewall Router. Figure 8-4: Admin Password Screen Enter the desired password, re-enter it in the Verify Password field, then save it.
HotBrick Network Solutions Page 67 • Enter the password for the VPN 800/2 Firewall Router, as set on the Admin Password screen above. Upgrade Firmware This Upgrade Firmware Screen allows you to upgrade firmware or backup system configuration by using HTTP upgrade.
HotBrick Network Solutions Page 68 9: Advanced LAN Configuration Overview These screens and settings are provided to deal with non-standard situations, or to provide additional options for advanced users. Existing DHCP Server If your LAN already has a DHCP Server, and you wish to continue using it, the following configuration is required.
HotBrick Network Solutions Page 69 Note: If there is an entry or entries in the Routing table with an Inde x of zero ( 0 ), these are System entries. You cannot modify or delete these entries. Settings – Routing Dynamic Routing • RIP v2 – This acts as “master” switch.
HotBrick Network Solutions Page 70 For the VPN 800/2 Firewall R out er Gateway 's Routing Table For the LAN shown above, with 2 routers and 3 LAN segments, the VPN 800/2 Firewall Router requires 2 entries as follows. Entry 1 (Segment 1) Destination IP Address 192.
HotBrick Network Solutions Page 71 10: Operation and Status Operation Once both the VPN 800/2 Firewall Router and the PCs are configured, operation is automatic. However, there are some situations where additional Internet configuration may be required: Refer to Chapter 4 - Advanced Features for further details.
HotBrick Network Solutions Page 72 Data – System Stat us WAN Information • Connection Status – Current status – either "Connected" or "Not connected". • Connection Type – The type of connection used – DHCP, Fixed IP, PPPoE, or PPTP.
HotBrick Network Solutions Page 73 Buttons • Refresh – Update the data on screen. • Restart – Restart (reboot) the VPN 800/2 Firewall Router. • Restore Factory Defaults – This will delete all existing settin gs, and restore the factory default settings.
HotBrick Network Solutions Page 74 These changes may mean that the current connection is invalid, and you will have to re-connect to the VPN 800/2 Firewall Router using its default IP address ( 192.168.1.1). WAN Status Use the WAN Status link on the main menu to view this screen.
HotBrick Network Solutions Page 75 NAT Status This screen is displayed when you click the "Check NAT Detail" button o n the WAN Status screen. Figure 10-4: NAT Status Data – NAT Status LAN IP Info • IP Address – The LAN IP Address of the VPN 800/2 Firewall Router.
HotBrick Network Solutions Page 76 NAT Traffic This section displays statistics for both outgoing (LAN to Internet) and Incoming (Internet to Local) traffic. NAT Connections This displays the current number of active connections. For further details, click the "View Connection" list button.
HotBrick Network Solutions Page 77 Appendix A Specifications Model Hotbrick VPN 800/2 Firewall Router Dimensions 120mm (W) x 427mm (D) x 43.4mm (H) Operating Temperature 0 ° C to 40 ° C Storage Temp.
HotBrick Network Solutions Page 78 Appendix B Windows TCP/IP Setup Overview TCP/IP Settings If using the default Load Balancer setti ngs, and the default Windows 95/98/ME/2000 TCP/IP settings, no changes need to be made.
HotBrick Network Solutions Page 79 Figure B-2: IP Address (Win 95) Ensure your TCP/IP settings are correct, as follows: Using DHCP To use DHCP, select the radio button Obtain an IP Address automatically . This is the default Windows settings. Restart your PC to ensure it obtains an IP Address from the VPN 800/2 Firewall Router.
HotBrick Network Solutions Page 80 • On the DNS Configuration tab, ensure Enable DNS is selected. If the DNS Server Search Order list is empty, enter the DNS address provided by your ISP in the fields beside the Add button, then click Add . Figure B-4: DNS Tab (Win 95/98) Checking TCP/IP Settings - Windows 2000: 1.
HotBrick Network Solutions Page 81 Figure B-6: TCP/IP Properties (Win 2000) 5. Ensure your TCP/IP settings are correct: Using DHCP To use DHCP, select the radio button obtain an IP Address automatically . This is the default Windows settings. Restart your PC to ensure it obtains an IP Address from the VPN 800/2 Firewall Router.
HotBrick Network Solutions Page 82 Checking TCP/IP Settings - Windows XP: 1. Select Control Panel - Network Connection. 2. Right click the Local Area Connection and choose Properties . You should see a screen like the following: Figure B-7: Network Configura tion (Windows XP) 3.
HotBrick Network Solutions Page 83 Figure B-8: TCP/IP Properties (Windows XP) 5. Ensure your TCP/IP settings are correct. Using DHCP To use DHCP, select the radio button obtain an IP Address automatically . This is t he default Windows settings. Restart your PC to ensure it obtains an IP Address from the VPN 800/2 Firewall Router.
HotBrick Network Solutions Page 84 Appendix C Troubleshooting Overview This chapter covers some common problems that may be encountered while using the VPN 800/2 Firewall Router and some possible solutions to them.
HotBrick Network Solutions Page 85 Solution 2: The VPN 800/2 Firewall Router processes the data passing through it, so it is not transparent. Use the Special Applications feature to allow the use of Internet applicatio ns which do not function correctly.
Un point important après l'achat de l'appareil (ou même avant l'achat) est de lire le manuel d'utilisation. Nous devons le faire pour quelques raisons simples:
Si vous n'avez pas encore acheté HotBrick VPN 800 c'est un bon moment pour vous familiariser avec les données de base sur le produit. Consulter d'abord les pages initiales du manuel d'utilisation, que vous trouverez ci-dessus. Vous devriez y trouver les données techniques les plus importants du HotBrick VPN 800 - de cette manière, vous pouvez vérifier si l'équipement répond à vos besoins. Explorant les pages suivantes du manuel d'utilisation HotBrick VPN 800, vous apprendrez toutes les caractéristiques du produit et des informations sur son fonctionnement. Les informations sur le HotBrick VPN 800 va certainement vous aider à prendre une décision concernant l'achat.
Dans une situation où vous avez déjà le HotBrick VPN 800, mais vous avez pas encore lu le manuel d'utilisation, vous devez le faire pour les raisons décrites ci-dessus,. Vous saurez alors si vous avez correctement utilisé les fonctions disponibles, et si vous avez commis des erreurs qui peuvent réduire la durée de vie du HotBrick VPN 800.
Cependant, l'un des rôles les plus importants pour l'utilisateur joués par les manuels d'utilisateur est d'aider à résoudre les problèmes concernant le HotBrick VPN 800. Presque toujours, vous y trouverez Troubleshooting, soit les pannes et les défaillances les plus fréquentes de l'apparei HotBrick VPN 800 ainsi que les instructions sur la façon de les résoudre. Même si vous ne parvenez pas à résoudre le problème, le manuel d‘utilisation va vous montrer le chemin d'une nouvelle procédure – le contact avec le centre de service à la clientèle ou le service le plus proche.