OfficeServ 7400 GWIMT/GWIM User Manual
Contents
1. Remote Access IP Filtering URL Filtering ICMP Filtering El Status El List ISMP Groups Ow MRF FIM 5M Access List Prefix List Route Map 45 path List Community List Key Chain El Status RIP OSPF BGP YoIP Service SIP ALG System El IDS Config El oIP Service Configuration DB Config t Management t Management Management Admin Config Log Analysis El oIP Status El Log Configuration VoIP DB VoIP MAFT List Configuration Report Download Rule Config Mail Config Block Config El DHCP Server Configuration Management Lease Info El DHCP Relay Agent Configuration Management El Time Configuration NTP Config Manual Contig Timezone Upgrade Appl Server Rehant El Connection t Sessions El Statistics Devices Protocols El Monitoring Current History Process Service Management El SNMP t Configuration Status Management El RMON Configuration status Management Network Menu The Network Menu is used to configure the WAN LAN and Serial Interfaces define the DNS server IP Address information define and modify the ARP list configure the Network Load balancing function perform ping tests and view the Network Status Simply select the Network menu of the OfficeServ 7400 Data Server The submenus will be displayed in the upper left sid2. Days M Everyday Time Set Sun M Mon M Tue M Wed M Thu M Fri M Sat Time 24 Hours fo a a fo o Index No E The administrator can view the current status of the IP Filtering rules by using the Firewall gt Firewall gt IP Filtering submenu The Configuration List is shown on the bottom of the window Configuration List miNo src Dest Port Proto Time m We jos 2 ils TE Eh el all udp 24 Hours Everyday 2 192 168 2 15 0 0 0 0 0 all tcp 24 Hours Everyday If an IP Filtering rule must be deleted then check the box to the left of the rule and then click the delete button In order to delete all IP Filtering rules click on the box on the top left of the Configuration List then click on the Delete button URL Filtering Administrator can deny web access to PCs connected to the system using the Firewall gt Firewall gt URL Filtering submenu Once the data is entered click the OK button to save URL Filtering Source IP Key Word Days M Everyday Time Set M Sun M mon M Tue M Wed M Thu W fri M Sat Time 24 Hours fo a o z 0 a o aj 45 gt A 5 As we A ZA x In the example listed below LAN users with an IP Address 192 168 2 15 thru 20 are not allowed to view any website 7 days a week 24 hours a day with the word myspace in the website name URL Filtering Category OO OOOO OOO POOO O Source IF 192 168 IE fis E
3. The symbol is used to specify a WAN IP Address or Addresses as a valid IP to perform the port forwarding Example 10 0 1 0 24 This allows the forwarding source to be all WAN Interfaces within the 10 0 1 0 network The is used to specify a range of WAN P Address port forward sources Example 10 0 1 1 2 Used to set the location of the Port Forward rule 36 Advanced Mode This window is used by the administrator to select and set up Port Forwarding for a port or protocol that is not included in the Basic Mode configuration In the Advanced Mode example listed below the internal or inside IP Address destination is 192 168 1 150 the external or Outside device must come from an IP Address on the 12 2 2 0 network the WAN IP is set to 10 0 1 1 ports 6000 through 6100 are defined and protocol tcp is used Config Mode Basic Mode Advanced Mode Private Network Port Forward Inside IP Port 92 i fies aol iso Outside j2 2e i e i o l j4 wne moe ELE Pa C Define all Fl 2 User Port Range eooo j e100 Multi O WO Protocol tcp zl Index No 1 This means when an external IP device from the 12 2 2 0 network tries to connect to the WAN IP Address 10 0 1 1 on network ports 6000 through 6100 and protocol tcp it will be redirected to 192 168 1 150 on network ports 6000 through 6100 and protocol tcp Advanced Port Forward Parameter Description Port Used to define the specific
4. 128 Destination Port Field Description Num Numbers of detected by IDS according to port when attacked Destination IP is a network e g LAN Port Attacked host IP of logs detected by IDS Priority Risk level depending on the rules level of IDS High Rule level is one day the highest risk level Med Rule level is 2 or 3 days mid level Low Rule level is 4 days low level Description Type of logs detected by IDS Port Scan The administrator can summarize the IDS alerts by the Port Scan If the alert log is defined by Port Scan the following window will appear Port scan summary Thu Jan 1 00 00 00 1970 Tue Feb 7 10 59 50 2006 There is no alert Port Scan Field Description Ports Number of TCP and UDP ports that are scanned in logs detected by IDS Hosts Number of host that a port scanned in logs detected by IDS Remote host IP that attempts port scan 129 Search The IDS search can be narrowed down and pin pointed by the administrator by defining the Search Log Parameters IDS Logs can be filtered by Priority Source IP Destination IP and Destination port Search Log Priority Source IP Destination IP Ma ee Destination Port Once the Search Log Category is selected the administrator can select the desired condition Set the condition and then click the OK button to display the desired information in the window as follows Result of Search Src IP Priority Mum Description
5. 20 key Word myspace Days M Everyday Time Set M Sun M Mon M Tue M Wed M Thu M Fri M Sat Time 24 Hours C fo a o z 0 a o URL Filtering Parameter Description Source IP To set the originating IP The symbol is used to Address specify an entire network or subnet Example 192 168 1 0 24 This denies access to any website with a defined word from any users on the 192 168 1 0 network The is used to specify a range of IP Addresses to be restricted from accessing a web site Example 192 168 1 50 60 The symbol is used to deny all LAN IP Addresses from accessing a web site Example 0 0 0 0 Keyword To enter the keyword of the site to deny Time Set To set the time to apply the filtering rule 46 ICMP Filtering Administrators can deny the Internet Control Message Protocol ICMP Reply packets Select the Firewall gt Firewall gt ICMP Filtering submenu Then select the Enable or Disable radio button for the interface and click on the OK button to apply the change If the Interface is set to Enable then it will not respond to ping requests or trace route ICMP Filtering Ethernetd Enable f Disable Etherneti Enable Disable Ethernet2 Enable f Disable 47 Router The Router Menu is used to manage static and dynamic routing for the GWIMT GWIM Select the Router Menu to begin configuring the routing statements and routing protocols The Router su
6. HTB uses the concept of tokens and buckets along with the class based system and filters to allow for complex and granular control over traffic With a complex borrowing model HTB can perform a variety of sophisticated traffic control techniques One of the easiest ways to use HTB immediately is that of shaping Begin configuring the Hierchical Token Bucket by clicking the Add button in the lt HTB Class Group gt window HTB Class Group ID elass THz root inner default leaf Rate B s aj When configuring HTB it is best to begin by creating the root Assign a Root ID click the root radio button and define the bandwidth allocation In the example listed below the root is defined with an allocated bandwidth of 1000 KBs HTB Class Group ID Root Class Type root inner default leaf Rate 1o00 KB s The second step in the HTB configuration is creating the Inner rule From the lt HTB Class Group List gt window click the Add button Assign an Inner ID click the inner radio button define the Parent root define the Rate parameter minimal desised speed and the Ceil parameter maximum desired speed 93 X In the example listed below the there will only be one Inner class so 800 KBs will be used The remaining 200 KBs will be used for the Default class HTB Class Group ID Inner Class Type C root inner default leaf Parent ID Root Rate s00 KB s Zeil fen
7. IP Address O ean Community Name Trap Manager Parameter Description IP Address Used to set up a new Trap IP Address Community Name Used to set up a community to be used for transmitting to the Trap IP Address added 158 Status The Management gt SNMP gt Status submenu is used to view the SNMP System Configuration information and to delete the SNMP Community SNMPv3 User and SNMP Trap information In order to delete the Community User and Trap settings select the box to the left of the item that needs to be deleted and then click the Delete button Click the Reset button to initialize the settings SNMP Config Information System Infomation Location Seoul Korea Contact supporti Mame O5 400 651M Engine ID GSIM Community Name Community Net private local Read Write public anynet Read Only Select User Name Access root Read Write d O Ja tela dl dS 162 Status Field Description System This field displays the information set up for the System Information Options Select Used to select the information to delete Community Name This field display the community name Community Net This field displays the configured name of the Community Network Community This field displays the access authority of the configured Access community Administrator This field displays the configured administrator s name Name Access This field displays the access au
8. IP Address IP Address to be used by PVC Gateway Gateway IP Address Peer Address of PVC Default Gateway Mark the check box to set this gateway to default gateway This item is displayed only if the WAN radio button is selected MTU Maximum Transmission Unit Leave this field at default unless told to change by Samsung Technical Support To delete a specific PVC mark the check box of the corresponding PVC and then click the Delete button PVC Interfaces C pycO 16 192 168 100 2 24 ere dors AOI AL ho ho 1500 a pyco 1 192 168 101 2 e4 192 10g 10T 1 no no 1500 21 Serial Interface Summary The Serial Interface Summary table briefly displays the current connection information of the serial port The following is an example when the Serial connection is defined using the Cisco HDLC protocol with an IP address of 172 16 0 2 16 SerialO Interface Summary SerialO Interface Summary Interface SerialO Scope both Mode type is EXTERNAL Protocol type is Cisco HOLC Transparent is Proxyarp is pppoe mtuis 1492 popoe_Username is Pseudo name is PPPOE client is disabled Hardware is Unknown Index 5 metric 1 mtu 1500 lt UP POINTOPOINT RUNNING WOARP gt DHCP client is disabled WEF Binding Not bound inet 172 16 0 2 16 poaintopoaint 172 186 0 1 physical line type is v 35 encapsulation protocal is Cisco HOLE keepalive interval 10 timeout 25 line protocol is up Input packets 8 bytes 706 dropped O multicast
9. Protocol Select TCP UDP or all both tcp and upd protocol The administrator can view the current status of the NAT rules by using the Firewall gt NAT gt Configuration submenu The Configuration List is shown on the bottom of the window Configuration List mio WANIP Inside Outside Port Proto 192 169 1 50 my a ea ee ee 0 0 0 0 0 S0 udp LIS LE lai W 2 0 ete aa 0 0 0 0 0 S0 tcp O 10 0 1 1 ethi 00 0 0 070 00 0 0 070 all If a NAT rule must be deleted then check the box to the left of the NAT rule and then click the delete button In order to delete all NAT rules click on the box on the top left of the Configuration List then click on the delete button 34 Port Forward Port Forwarding is the act of forwarding a network port from one network to another This technique can allow an external user to reach a port on a private IP address inside a LAN from the outside via a NAT enabled router Port forwarding allows remote computers e g public machines on The Internet to connect to a specific computer within a private LAN The administrator can begin to configure the port forwarding feature on the GWIMT GWIM by using the Firewall gt NAT gt Port Forward submenu Basic Mode This window is used to configure port forwarding by using the minimum number of options In the Basic Mode example listed below the Inside IP Address is 192 168 1 149 the Outside IP is set to any a
10. o lo o i le Define al C User Port C Pange e Multi a Protocol all Days M Everyday Time Set M Sun M Mon M Tue M Wed M Thu M Fri M Sat Time 24 Hours fo o a fo o Taret Deny Index Mo E The administrator can view the current status of the Remote Access rules by using the Firewall gt Firewall gt Remote Access submenu The Configuration List is shown on the bottom of the window Configuration List ee mi i 12 0 0 0 8 udp Deny 24 Hours Everyday Mm 2 12 0 0 0 8 all tcp Deny 24 Hours Everyday If a Remote Access rule must be deleted then check the box to the left of the rule and then click the delete button In order to delete all Remote Access rules click on the box on the top left of the Configuration List then click on the delete button IP Filtering The GWIMT GWIM IP Filtering feature is very similar to the Advanced Firewall Rules The biggest difference is the rule default is set to deny These IP Filter rules are used to deny access only Select the Firewall gt Firewall gt IP Filtering submenu to begin configuring the rule In the example listed below IP Address 192 168 2 15 is not allowed to exit any interface 7 days a week 24 hours a day 44 IP Filtering Configuration Source IP fis2 fies e i jis B Destination IP b jf p b FHI Define al C User Port CRange f o cmai Eo __ Protocal all
11. that attacks the logs Source IP Host IP that performed the attack Priority Risk level depending on the rules level of IDS high Rule level is one day the highest risk level med Rule level is 2 or 3 days mid level low Rule level is 4 days low level Description Type of log detected in IDS 127 Destination IP Log The administrator can summarize the IDS alerts by the Destination IP If the alert log is defined by Destination IP the following window will appear Summary by destination IP Mon Sep 26 04 16 59 2005 Mon Sep 26 21 21 08 2005 Wiehe ear te eM OT ICMP PING 6 192 168 17 100 med ICMP PING NIX 6 192 1658 1 100 med ICMP PING BSOtype 4 192 168 1 100 med ICMP Echo Reply 4 192 168 17 100 med WEB MISC SSLyv3 invalid Client_Helloa attempt Destination IP Field Description Num Number of logs detected by IDS according to attacked Destination IP Local host Attacked host IP of logs detected by IDS Priority Risk level depending on the rules level of IDS High Rule level is one day the highest risk level Med Rule level is 2 or 3 days mid level Low Rule level is 4 days low level Description Type of logs detected by IDS Destination Port The administrator can summarize the IDS alerts by the Destination Port If the alert log is defined by Destination Port the following window will appear Summary by destination port Mon Sep 26 04 16 59 2005 Mon Sep 26 21 27 08 2005
12. Enterprise IP Solutions OfficeSery 7400 GWIMT GWIM User Manual Every effort has been made to eliminate errors and ambiguities in the information contained in this guide Any questions concerning information presented here should be directed to SAMSUNG TELECOMMUNICATIONS AMERICA 1301 E Lookout Dr Richardson TX 75082 telephone 972 761 7300 SAMSUNG TELECOMMUNICATIONS AMERICA disclaims all liabilities for damages arising from the erroneous interpretation or use of information presented in this guide Samsung Telecommunications Publication Information SAMSUNG TELECOMMUNICATIONS AMERICA reserves the right without prior notice to revise information in this publication for any reason SAMSUNG TELECOMMUNICATIONS AMERICA also reserves the right without prior notice to make changes in design or components of equipment as engineering and manufacturing may warrant Copyright 2006 Samsung Telecommunications America All rights reserved No part of this manual may be reproduced in any form or by any means graphic electronic or mechanical including recording taping photocopying or information retrieval systems without express written permission of the publisher of this material Trademarks Entorprise IP Sodutioes OfficeSery is a trademark of SAMSUNG Telecommunications America L P WINDOWS 95 98 XP 2000 are trademarks of Microsoft Corporation PRINTED IN USA INTRODUCTION Purpose This document introduces the Of
13. If force is selected the administrator can manually define the speed and duplex type Network Link Status Fields Ethernet Logical name of each Ethernet Interface Type Type of Ethernet Connection Link Status is either up or down Negotiation Shows setup as auto or force mode Speed Transmission bandwidth of the corresponding Ethernet interface Duplex Transfer mode of the corresponding Ethernet interface MAC MAC addresses of the Ethernet interface ARP The Network gt ARP submenu is used to manage the ARP information for each Ethernet Interface Within this submenu the administrator can view the current ARP List delete and add ARP entries and set the ARP Age Time ARP List Select the radio button of the Ethernet Interface whose ARP table needs to be managed The ARP table will be displayed in the ARP List window Use the Refresh button and the Delete button to update and delete the current ARP table ARP List Ethernet EthernetO Etherneti Ethernet 2 e r reachable 197 168 0 126 OO 09 74 11 11 11 E reachable 192 168 0 1 00 09 74 00 10 03 24 ARP List Fields Type ARP status IP IP address of device in ARP table MAC Mac address of device in ARP table Static ARP Add Use the Static ARP Add window to manually add ARP entries into the ARP table Static ARP Add Static ARP Parameters Ethernet Used to select the Ethernet Interface IP Used to enter the IP address of device for ARP table MAC
14. Location Contact Mame Engine ID SNMP System Option Parameter Description Location Used to enter the information for System Location Contact Used to enter the information for System Contact Name Used to enter the information for System Name Engine ID Used to enter the information for System Engine ID Community The following window is used to add new community information used in SNMP v1 2c Community New Community name Community Network E O L d Access Read Only O Read Write Community Parameter Description New Community name Used to fill in the new community name being added Community Network Used to set up new community network Access Used to set up the access authority 157 SNMPv3 Administrator Add The following window is used to enter the SNMPv3 Administrator v3 information SNhMPyv3 User Add User Name E User Password Authentication MOS Encryption None ACCESS Read Only O Read Write SNMP v3 Parameter Description Administrator Name Used to enter the new administrator s name Administrator Used to enter the new administrator s password 8 Password alphanumeric characters Authentication Used to set up the authentication method Encryption Used to set up the ciphering method Access Set up access authority Trap Manager The following window is used to set up the IP address used to transmit a trap Up to five IP addresses can be entered
15. area If these files are not deleted the webscreen of GWIMT GWIM may not be displayed correctly VI TABLE OF CONTENTS INTRODUCTION l PUMO SS a E E E RE tec E E E meee ececee Document Content and OrganiZation ccccccccecceseeeeeceeeeeeeeeeeeeeeeeeeeeeeseeceeeesssaaeeeeeeeess COMV EMMONS AE A vlabsnededcuucedeotevebsacdaneeadegeteevecincamestaetiebtensdadeesucatabeendesees II Console Screen Output s scasi osisteks oeio EEEE SAE AEO EEEE ESEE EN EENE II EA E EEE EE E A E EA A S EAE A E EE II Revision HISTOTY sc csesicectconzswneseesicwedccesesndecodaciedcdedsnccientsicwhsdeseeanncelanenendsdnscueseneeeendecoaatensondent III SAFETY CONCERNS IV SYDOST mane hen hues IV LUTION eee cere cases sce sees non sot acai ea seen E E EEA E E auees V TABLE OF CONTENTS Vil CHAPTER 1 Overview of OfficeServ 7400 GWIMT GWIM 1 Introduction to the OfficeServ 7400 0 ccccceccecceeceeceeceeceeceesceeceeceeceeseeseeseeseesasenseuseeeeeeees 1 Introduction to the OfficeServ 7400 GWIMT GWIM Data Server c ccsscsscsecceeceeeesceees 2 CHAPTER 2 Installing OfficeServ 7400 GWIMT GWIM 5 Software INStallation ccccceececceccecceceececcecceccecneceeceececeececeecneceecasceceecnsceecasceeeeeeecescaeeeeees 5 GWIMT GWIM Installation 0 cccccecceccecceecesceeceecceccecceecnecesceeeeeecasanseeseneeeseeusaasensenseneeneenes 6 CGenM E g 10 peeee ne er eee ae ne eee ene eee nner ee eee ee errr ene rs ee e
16. Monthly or Not use Define the configuration of the send category and then click the OK button to save the changes Set SMTP Server IP The administrator enters the IP Address of the SMTP server enters the subject and Source Mail Address and can enter up to 10 email addresses to receive email notifications here Click the OK button to save the changes Set SMTP Server IP Subject Source Mail Address 134 SMTP Server IP Configuration If there is not a recorded alert in the IDS alert log then an email was not sent CAUTION Block Config Using the IDS gt IDS Config gt Block Config submenu the system administrator can view the IP Block List applied to the block module or enter a trusted IP Manage Blocked IP List Blocked IP List Manage Trusted IP List EEE ss less less Manage Blocked IP List If an IP Address is flagged as an intruder and it is blocked from accessing the system then the IP Address will be shown in the Manage Blocked IP List Manage Trusted IP List The administrator can register a trusted IP Address here Simply enter the IP and netmask and click the OK button to register Check the IP list that is already registered and click the Delete button to delete the list 135 VoIP Service Menu The GWIMT GWIM uses this specialized feature to automatically configure NAPT Firewall rules strong and efficient VoIP packet inspection and QoS Select the VoIP Service me
17. Protocols Used to display the GWIMT GWIM network statistics of each protocol Monitoring Current Provides the GWIMT GWIM network statistics in a table format in real time History Used to display the GWIMT GWIM network statistics on an hourly weekly monthly yearly basis Process Used to display the information Such as CPU utilization and memory usage on processes being run in GWIMT GWIM Used to display the service status in a table format The services are categorized into Security Router Services Application and Management tables 101 Connection Sessions The Status gt Connection gt Sessions submenu is used to display the IP Address and IP Port information for devices connected to GWIMT GWIM Session list Protocol srei report status osti Dst port UDP 163 213 110 41 1303 UNREPLIED 163 213 97 05 Has UDP 127 0 0 1 1106 ASSURED 127 0 0 1 snmp UDP 165 213 110 41 1503 UNREPLIED 192 163 0 15 S025 UDP 165 213 110 41 i503 ASSURED 203 241 132 934 goman UDP 163 213 87 161 J424 UNREPLIED 255 293 205 200 snmp TCP 127 0 0 1 1040 ASSURED 127 0 0 1 Smux TEP 127 0 0 1 1041 ASSURED 127 0 0 1 Smi TCP 127 0 0 1 1042 ASSURED 127 0 0 1 SMR TEP 163 213 7922 3104 ASSURED 163 213 110 41 hte TCP 165 213 79 232 3105 ASSURED 165 213 110 41 http TCP 165 213 79 232 3106 ASSURED 165 213 110 41 http TCP 1635 213 79 232 3107 ASSURED 165 213 110 41 http Session List Field Description Protocol This fie
18. System gt Time Configuration submenu the system administrator can either synchronize the date and time of the GWIMT GWIM with a NTP server or manually set the date and time NTP Config Use the System gt Time Configuration gt NTP Config submenu to set up a NTP Time Server s to synchronize the date and time with the GWIMT GWIM The Current Time window indicates the current date and time of the GWIMT GWIM The NTP Server Status window indicates the status of NTP Server synchronization process The Time Server fields are used to enter the NTP Time Server IP Addresses Click the OK button to start or restart the NTP daemon to register the Time Server NTP Configuration 2005 Sep 26 Mon 19 13 57 WTP Server Status Status stop Time Server Server 1 Server 2 E JK 152 Manual Config By using the System gt Time Configuration gt Manual Config submenu the administrator can manually set and modify the date and time of the GWIMT GWIM In the Date Time Configuration window enter the desired date and time and then click the OK button to save the changes The new date and time will be displayed in the Current Time window In order to synchronize the date and time of the system with the MP40 then check the Set by C S box and then click the OK button to save the change Manual Configuration 2005 Sep 26 Mon 21 36 43 2005 Sep i 26 21 m 36 m Timezone By using the System gt
19. Used to enter the Password again to confirm the change Used to enter a Description of the Router 163 ABBREVIATION ALG Application Level Gateway AH Authentication Header ARP Address Resolution Protocol AS Autonomous System BGP Border Gateway Protocol BPDU Bridge Protocol Data Unit BSR Bootstrap Router CHAP Challenge Handshake Authentication Protocol CTI Computer Telephony Integration DHCP Dynamic Host Configuration Protocol DNS Domain Name Server DRR Deficit Round Robin DSMI Data Server Module Interface DVMRP Distance Vector Multicast Routing Protocol ESP Encapsulating Security Payload GWIMT GWIM Gigabit WAN Interface Module GVRP GARP VLAN Registration Protocol HDLC High level Data Link Control HTTP Hypertext Transfer Protocol HTB Hierarchical Token Bucket 164 IDS IGMP IKE IPMC IPSec ISAKMP LAN L2TP NAT NTP RMON RP RSTP PAP PIM SM PD PoE PPTP PT PVC PVID STP SMTP SNAT SNMP SPQ TFTP Intrusion Detection System Internet Group Management Protocol Internet Key Exchange IP Multicast IP Security Protocol Internet Security Association Key Management Protocol Local Area Network Layer 2 Tunneling Protocol Network Address Translation Network Time Protocol Realtime Monitoring Rendezvous Pointv Rapid Spanning Tree Protocol Password Authentication Protocol Protocol Independent Multicast Sparse Mode Power Device Power Of Etnernet Point to Point Tunneling Protocol
20. access to and from the GWIMT GWIM Basic Mode This window is used to configure firewall rules by using the minimum number of options This Basic Mode example shows how to block traffic from the 192 168 1 0 network to the destination IP Address 10 0 2 1 In the Basic Mode all ports and protocols follow the allow or deny setting by default If the rule needs to be either port or protocol specific use the Advanced Mode 39 Firewall Configuration zoues IF 192 24 Destination IP Tarzet Deny Source IP Used to set the source The symbol is used to specify an IP Address entire network or subnet Example 192 168 1 0 24 This defines every device within the 192 168 1 0 network to be allowed or not allowed to reach the destination IP The is used to specify a range of IP Addresses to be allowed or not allowed to reach the destination IP Example 192 168 1 50 60 The symbol is used to allow all Source IP Addresses to be allowed or not allowed to reach the destination IP Example 0 0 0 0 Destination IP Used to set the The symbol is used to specify an destination IP Address entire network or subnet Example 192 168 1 0 24 This defines every device within the 192 168 1 0 network to be an allowed or denied destination The is used to specify a range of IP Addresses to be an allowed or denied destination Example 192 168 1 50 60 The symbol is used to allow or deny all possible IP Addr
21. evetcuenundereteockna N NME CONIA ON nee a Upgrade araa a a A EA PRODI SONV OR esana a a a a a anal aik ota te a VIII CHAPTER 1 Overview of OfficeServ 7400 GVWAMT GVWiM This chapter introduces the OfficeServ 7400 system and OfficeServ 7400 GWIMT GWIM Data Server Introduction to the OfficeServ 7400 The OfficeServ 7400 platform delivers the convergence of voice data wired and wireless communications for small and medium sized businesses This office in a box solution offers TDM voice processing voice over IP integration wireless communications voice mail computer telephony integration data router and switching functions all in one powerful platform With the GWIMT GWIM GPLIMT GPLIM and GSIMT GSIM Data Modules the OfficeServ 7400 provides network functions such as a gigabit switching Power Over Ethernet high speed data routing and network security in a single converged solution This document describes the data and routing capabilities of the OfficeServ 7400 GWIMT GWIM Data Server Structure of OfficeServ 7400 N For information on the structure features or specifications of the OfficeServ 7400 refer NOTE to the OfficeServ 7400 General Description Introduction to the OfficeServ 7400 GWIMT GWIM Data Server RUN V35 HSSI gt 1 GWIMT Module GWIM Module The OfficeServ 7400 GWIMT GWIM Data Server provides the following functionality Router Functions e Path manageme
22. 0 0 0 8 is directly connected loopback ae 192 168 1 0 24 Is directly connected eth2 a 192 168 2 0 24 via 216 62 86 129 ipsec C7 ah faye Sa ee eels Is directly connected etho 49 Routes Window Field Description Type C Network directly connected to GWIMT GWIM network interface S Static network set by a administrator R Path information received from another router via RIP O Path information received from another router via OSPF protocol B Path information received from another router via BGP K Path information set by system kernel gt Whether to have activated routing table Network Network Netmask information of route Entry Route information Management In order to turn the GWIMT GWIM routing protocols on or off select the Router gt General gt Management submenu Go to the Action pull down menu and select On or Off for each of the routing protocols Click the OK button to submit the change Management Current Status action RIP Action Start on SPF Start On BGP Start On Configuration In order to configure static routes and set up the routing protocols RIP OSP and BGP the system administrator will use the Router gt Configuration submenu Static Route Static routes are entered into the GWIMT GWIM by the system administrator An entire network can be configured using static routes but this type of configuration is not fault tolerant When there is a change
23. 06 P Pruned H Host D Holddown N NeghiFc I Init DVMRP Prune Information Field Description Source Address Host Ip address that sends multicast packets 82 MaskLen Group Address State FCR Cnt Expires ReXmit PIM SM Mask length of DVMRP Prune Multicast group address Flags that display the DVMRP Prune status Refer to the description on the lower side DVMRP Forwarding Cache count Time passed after the DVMRP Prune information is created Left time until retransmission The IPMC gt Status gt PIM SM submenu is used to display the neighbor list of the PIM SM protocol PIM SM Neighbors Neighbor Uptime site ING alee Ral 00 02 17 Em el PIM SM Neighbors Field Description Neighbor Intf Uptime Expires Ver DR Priority DR Neighbor IP address IP address of VIF connected with neighbor Time passed after being connected with neighbor Left time until the Neighbor connection information is expired Version of the PIM SM protocol used for the connection Designate Router DR priority of neighbor Displays whether the neighbor is Designate Router DR 83 QoS Quality of Service QoS refers to the capability of a network to provide better service to selected network traffic over various IP technologies Select the QoS menu to begin configuring QoS The QoS submenus will be displayed in the upper left side of the window as follows El Group t Port Group IP Group Fi
24. 2699 then the Destination Match can be set as well as the Source Match condition Any All packets Host A host Network Network range Available when ID is set to word and when match condition is set to Network Sets only the packets matched correctly with the prefix 60 Once the Access List command is successfully executed then the results are directly applied to the Router gt List gt Access List lt Current Status gt window Current Status In order to delete an Access List select the radio button to the left of the Access List and then click the Delete button Current Status Fields ID Access list name information Entry Access list description Prefix List The Prefix List provides the most powerful prefix based filtering mechanism In addition to access list functionality the Prefix List has prefix length range specification and sequential number specification You can add or delete prefix based filters to arbitrary points of Prefix List using sequential number specification Select the Router gt List gt Prefix List submenu to configure the Prefix list If no Prefix List is specified on the GWIMT GWIM then it acts as a permit rule If the Prefix List is defined and no match is found then a default rule of deny is applied Prefix List IL Seq Action Permit Deny Any CE SO me ee ee ee Prefix Match 61 Prefix List Parameters ID Used to set the prefix l
25. 37 2005 Rate 6 384 med ele ICMP PING ae 366 med ICMP PING NIx Zama 368 med ICMP PING BSDtype 15 1 408 med ICMP Echo Reply 12 69 2522 med WEB MISC SSLyv3 invalid Clent_ Hello attempt Intrusion Type Field Description Rate Monitors logs detected by IDS according to type and displays logs as a percentage Num Number of logs detected by IDS according to type SID ID number for an intrusion Priority Risk level depending on the rules level of IDS high Rule level is one day the highest risk level med Rule level is 2 or 3 days mid level low Rule level is 4 days low level Description Type of logs detected by IDS 126 If the Sid number is clicked then more information on the alert will be displayed Sid 384 summary This event is generated when an generic ICMP echo request is made Source IP Log The administrator can summarize the IDS alerts by the Source IP If the alert log is defined by Source IP the following window will appear Summary by source IP Mon Sep 26 04 16 59 2005 Mon Sep 26 21 17 42 2005 brn ewes r oesion 6 192 168 0 2 10 me ICMP PING 6 197 166 0 210 med ICMP PING NIx 6 192 168 0 2 10 med ICMP PING BSDtype a 192 168 0 1 med ICMP Echo Reply 2 192 168 0 117 WEB MISC SS5Lv3 Invalid Client Hello attempt 2 192 168 0 119 WEB MISC SSLyv3 Invalid Client Hello attempt Source IP Field Description Num Number of logs detected by IDS according to the host source IP
26. 80 tcp Deny 24 Hours Sun Sat m e stl e oo 2 all all Deny 24 Hours Everyday If a Firewall rule must be deleted then check the box to the left of the rule and then click the delete button In order to delete all Firewall rules click on the box on the top left of the Configuration List then click on the delete button Remote Access The GWIMT GWIM Remote Access feature is used to permit or deny remote access Select the Firewall gt Firewall gt Remote Access submenu to begin configuring the rule The first parameter is used to either enable or disable the Remote Access feature Select the Enable or Disable radio button and click on the OK button to set Remote Access Default Policy f Allow Deny If Deny is selected then a new parameter will be displayed Enter the Administration IP information Please pay close attention when entering this IP Address because all access will be denied to the GWIMT GWIM unless the computer has this IP Address Remote Access Default Policy Allow Deny Administration IP When the Allow radio button is selected then the administrator can set up the Remote Access policy If Allow is selected and a policy is not defined then everyone will have Remote Access to the GWIMT GWIM In this example Remote Access to the GWIMT GWIM from any IP Address on the 12 0 0 0 8 network is denied 24 hours a day 7 days a week 43 Remote IP Configuration zoeen j2
27. Group MGI_IP EEE ies fi _fzo1 f z 24 Category Configuration Network i92 ie ai fo z 24 IP Group Parameter Description ID Used to enter the name of the IP group Should include both letters and numbers Group ID shall start only with letters not numbers No blanks should be left in between characters IP Used to enter the IP address information of the IP Group Used for entering subnet Used for entering the range of IPs Enter 0 0 0 0 0 to set all ports IP Group List G Se TF 192 168 1 200 24 i MGI_IF 192 168 1 201 24 E Network 192 168 1 0 24 In order to delete a IP Group List highlight the radio button to the left of the IP Group List and then click the delete button 87 Filter Group The GWIMT GWIM uses the Filter Group submenu to define specific filtering rules for the QoS policies Select the QoS gt Group gt Filter Group submenu to retrieve set edit or delete a filter group The Filter group can be filtered by Transport Protocol TOS IP Group and Port Group Filter Group List Click the Add button in the above window to open another window from which the Filter Group List information can be entered Enter a Filter ID select a priority number select a Transport Protocol define the TOS bits define the Source ans Destination IP Group and Port Group and then click the save button In the examples listed below there are three Filter Groups created One
28. HTB Policy In order to set up the Interface for HTB use the Device pull down menu and select the Interface then select the radio button for HTB select the Root Class and then click the Save button to apply the change Policy Category Configuration Device Ethernet z QDISC Type SPO HTE Root Class Root z Default Class Default QODISC Type Root Class Default Class Serialo Seriali Ethernet Default Etherneti Ethernetz Save 99 Management The QoS gt Group gt Management submenu is used to start and stop the QoS service In addition this submenu is used to start or stop the execution of the Scheduling Parameter set in the QoS gt Group gt Class Group submenu QoS Management 100 Status The Status Menu is used to view active IP sessions on the GWIMT GWIM to display statistics on interfaces and protocols and to view CPU utilization Select the Status menu to begin viewing the system information The submenus will be displayed in the upper left side of the window as follows Status El Connection t Sessions El Statistics Devices Protocols El Monitoring Current History Process Service Status Menu Description Menu Description Connection Sessions Used to display the information on the IP address and IP ports connected to GWIMT GWIM Statistics Devices Used to display the GWIMT GWIM network statistics for the Tx and Rx of each interface
29. Map Setting ame OO ie test permit 10 Route Map Setting Field Description Name Route map name Entry Route map information Once a Route Map is created it can be defined Highlight the radio button to the left of the Route Map and click the edit button Match Address Use prefix list Ip C Wext hop Use prefix list Set IP Next hop il Metric weight Community Metric Tyoe Local Preference 63 Route Map Match Parameter Description IP Address Used to set the access list or prefix list for an IP to be matched Next hop Used to set the Next hop IP to be matched Metric Used to set the Metric to be matched Route Map Set Parameter Description IP Used to set the next hop of the BGP table Metric Used to set the metric of the BGP table Weight Used to set the weight of the BGP table Community Used to set the community of the BGP table Metric Type Used to set the metric type of the BGP table Type 1 External Type 1 Type 2 External Type 2 Local Used to set the local preference from BGP attribute Preference If a Route Map entry needs to be deleted then click the radio button to the left of the Route Map and then click the Delete button When the match condition is met and the Action is set to Permit then the job corresponding to Set operation is carried out If the command is successfully entered and saved then the Route Map result is directly applied t
30. Protocol Translation Permanent Virtual Circuit Port VLAN Identification Spanning Tree Protocol Simple Mail Transfer Protocol Source Network Address Translation Simple Network Management Protocol Strict Priority Queuing Trivial File Transfer Protocol 165 VLAN Virtual Local Area Network VoIP Voice Over IP VPN Virtual Private Network 166
31. Time Configuration gt Timezone submenu the administrator can change Time Zones by selecting the desired timezone and then by clicking the OK button to save the change Time Configuration Time Zone 153 Upgrade Upgrading the GWIMT GWIM software is performed using the System gt Upgrade submenu First obtain the appropriate upgrade files Then enter the new software package version number in the Package Version field Select Package Upgraded Then select one of the three types of upgrade methods TFTP HTTP or Local If the Upgrde method is TFTP or HTTP enter the correct IP address of the server Then click the OK button to start the upgrade process Select Upgrade Method TFTP i92 ies 1 zo HTTP Local Browse Appl Server Using the System gt Appl Server submenu the administrator can control remote access to the GWIMT GWIM using SSH FTP and Telnet In order to secure the system from hackers Samsung recommends that these are disabled and only turned on when the administrator needs to use them for debugging and uploading or downloading files Application Server O oot O SSH FINE Telnet Check the box of the access method and then click the OK button to save the change 154 Reboot Using the System gt Reboot submenu the administrator can reboot the GWIMT GWIM System Reboot Network will be disconnected Simply click the OK button and al
32. WAN interface by separately specifying the traffic session to satisfy a specific condition The auto failover feature is also set here In the following window the entries can be added or deleted by clicking the Add or the Delete button If an entry of 0 0 0 0 is entered for the IP address field and all Os in the port field then it will indicate all IP addresses all port numbers Static Configuration IF srotocel A Mask Gateway default gate port Backup default gate Static Configuration Parameters m mm wen eka Maaa Em Source Source IP address netmask and port number of transfer session Destination Destination IP address netmask and port number of transfer session Traffic Protocol Protocol to be applied Distribution Gateway External network interface that the corresponding traffic session passes through if the default gateway is selected the load balancing by Network Load Balance Configuration is applied Backup Backup interface to perform the failover function when any failure occurs in the external network interface line selected in the Gateway field For the application of load balancing select default gateway If 0 0 0 0 is input as the IP address and netmask then any IP address is allowed as the source and the destination IP address In addition a value of Os as the source port number means that any port number is allowed as the source port number 28 Ne
33. an authenticated IP Address Basic Mode This window is used to configure a network by using the minimum number of options In the following Basic Mode example the WAN Interface is being set with an IP Address of 10 0 1 1 the Interface is being set to Ethernet1 and all Inside private IP Addresses are being allowed out over the WAN interface to any destination Once the information is entered click on the OK button to apply Every user on the LAN is now allowed to go out on WAN 10 0 1 1 32 Config Mode Basic Mode Advanced Mode Eth WAN IPCIntf EC Ethene i Hot Used Etherneti Inside Etherneti Ethernet Outside Serial Index Blo Seriali Basic NAT Parameter Description WAN IP Used to set a general IP Address Select the dynamic IP box and then use the pull down menu to select PPPoE or DHCP if the interface is acquiring a dynamic IP from an Internet Service Provider ISP Inside Used to enter the NAT The symbol is used to specify an entire LAN internal network network or subnet exiting a WAN information Interface Example 192 168 1 0 24 This allows every device within the 192 168 1 0 network to go out over the WAN interface The is used to specify a range of IP Addresses exiting a WAN Interface Example 192 168 1 50 60 The symbol is used to allow all possible LAN IP Addresses to go out over the WAN Interface Example 0 0 0 0 Outside Used to enter the NAT The
34. check box on the left of the entry and then click the Delete button PIM SM Interfaces Address aa DR Prio ee Inty fHold 100 1 2 10 24 Sparse TOO haces ALG 30 105 E nda 100 1 3 10 24 Sparse 100 1 3 10 30 105 IGMP Groups The IPMC gt Status gt IGMP Groups submenu is used to display the information on registered IGMP groups IGMP Group Information IGMP Groups Field Description Group Address IGMP group address Intf IGMP interface name Uptime Time passed after IGMP group is created Expires Left time until the IGMP Group information is expired Last Reporter Client IP address that sends the last membership report 81 Status DVMRP The IPMC gt Status gt DVMRP submenu is used to display the information on DVMRP Neighbors DVMRP Neighbors This section of the IPMC gt Status gt DVMRP submenu is used to display the information on the DVMRP neighbor whose information is exchanged with the GWIMT GWIM DVYVMRP Neighbors DVMRP Neighbors Field Description Neighbor IP address of DVMRP Neighbor Address Interface VMRP VIF name Uptime Time passed after being connected Expires Left time until the Neighbor connection information is expired DVMRP Prune Information This section of the IPMC gt Status gt DVMRP submenu is used to display the DVMRP Prune items DVMRP Prune Information Source Address MaskLen Group Address eal ee 100 1 1 0 of ee4 1 1 100 01 59
35. detailed information for each menu refer to Chapter 3 Using OfficeServ 7400 GWIMT GWIM of this document GWM Network Firewall Router PHE QoS Statues VEN IDS Volt Sarte 1P ALG System Management og Admninistreter add Late foe Ma 6 Click the Logout button on the upper section of the screen to close the connection to the GWIMT GWIM system CHAPTER 3 Using OfficeServ 7400 GWIMT GMM This chapter describes how to use the menus of OfficeServ 7400 GWIMT GWIM The menus of the OfficeServ 7400 GWIMT GWIM Data Server are as follows EO Network Ethernet Etherneti Ethernetz Serial V 35 Seriali HSS1 DNS Network Link ARP Network Status El NLB Configuration Management El utility Ping YPN E IPSec t Configuration Certificate Management El L2TP Configuration Management El PPTP Configuration Management El STATUS IPSec L2TP PPTP Firewall Router El NAT El General E General El Group Port Group IP Group t Management t Routes t Mroutes Configuration Port Forward Static MAT Management Management E Configuration El Configuration Filter Group Class Group Static RIP RIP Interface OSPF OSPF Interface BGF IGMP DMR P DVMRP Intt PIM SM PIM SM Intt El Firewall Policy Management Management Configuration
36. gt Destination IP meoc IE 222 JU a Ure arabe mn 192 ls Oa JUG see Ube ae 2 INGO 192 ete Cine JUG oo Uebel ars Jl JOO 12 doe 42 E gt 192 later M121 192 168 0 1 e INE 192 TeS TA mg Seeley e 19o lee Urr a Aea a S ete E oo ee aee E ICMP PING ICMP PING NIx ICMP PING BSOtype INFO TELNET access ICMP Echo Reply INFO TELNET access WEB MISC SSL 3 Invalid WEB MISC SSLv 3 Invalid Selecting Search Condition V Since the conditions are not displayed dependently the administrator cannot obtain a CHECK result that satisfies all conditions 130 Configuration Using the IDS gt IDS Config gt Configuration submenu the system administrator can configure the Interface s which will use IDS set the Detection Level and Type for IDS and choose which IDS rules to use Select Device The Select Device window is used by the administrator to set up a network for IDS monitoring The interfaces which are set up as WAN can be selected here The administrator simply selects the check box of the Interace needing to be monitored and it is activated Select Device EthernetO Etherneti E Ethernet Set Detection Level amp Type The intrusion types are classified as High Medium and Low according to the risk level The administrator can set up the intrusion detection levels so an alert will be generated when an intrusion exceeding the level occurs In addition the administrator can set up the
37. is for the VoIP Traffic the second is for theMP40 and the last is for the rest of the TCP traffic on the 192 168 1 0 24 network Filter Group WE vorr Network Protocol IP Priority E Transport Protocol UDP TOS DEC HEY ox Source IP Port any Z i any ba Destination IP Port MGI_IP MGI_Parts z Click the Add button to create another Filter Group Filter Group ID TCP_mcP Network Protocol IP Priority z Transport Protocol TCP TOS DEC HEY ox Source IP Port any F any ad Destination IP Port McP_IP MCP_Parts 88 Filter Group ID Jall_tcP Network Protocol Priority Transport Protocol TOS HEX ox Source IP Port any ka Destination IF Port Network aI TCP Filter Group Parameter Description ID Used to enter the name of the IP group Should include both letters and numbers Group ID shall start only with letters not numbers No blanks should be left in between characters Priority Queue Priority Transport Protocol TCP or UDP Protocol TOS TOS entry Source IP Port Source IP Address and Port number s Destination IP Port Destination IP Address and Port number s Filter Group List Sie Source IP f PORT Destination IP PORT fe VoIP any f any MGI_IF f MGI Ports TCP_MCP tcp any f any MCP_IP MCP_Ports All TCF tcp any any Network AIL TCR In order to delete a Filter Group List highlight the radio but
38. of a compressed file Log File Management Download log file To dawnload log files Click the Download button DHCP Server The System gt DHCP Server submenus are used to configure and edit the DHCP scope Pool to start and stop the DHCP server and to track the DHCP Lease status for the network devices which acquire IP addresses using DHCP Configuration The System gt DHCP Server gt Configuration submenu allows the administrator to set various configuration items for the DHCP Server The Pool Name Network Address and Range Address are all required fields in DHCP Server configuration and are designated with an asterisk General Options Pool Name Network Address Range Address Lease Time Group Number Client ID Vendor ID Domain Name Default Router Host Fixed Address DNS Server WINS Server Save Cancel General Options Parameter Description Pool Name Used to set up the name of Pool to distinguish it from the other Pools Network Address Used to enter the value of a Network number The value is classified into IP type and Netmask Range Address Used to set up the range of IP addresses that the DHCP Server allocates to DHCP Clients Enter the first last IP addresses to be allocated in order to designate the range Lease Time Used to set up the duration of the DHCP Lease The default lease time is 1 Day Client ID Used to set up a Client Identifier
39. package for TFTP gwim flash1 img vx xx Fusing file for the first flash memory gwim flash1 img vx xx sum gwim flash2 img vx xx Fusing file for the second flash gwim flash2 img vx xx sum memory GWIMT GWIM Installation Insert the GWIMT GWIM into an open slot in the OfficeServ 7400 cabinet excluding slots 0 or 3 which are reserved for the MP40 and LP40 cards 2 Connect a PC to port 1 3 of the GWIMT GWIM module with either a straight or cross over cable Installers will need to configure the TCP IP settings of the PC to be on the same subnet as the default IP address of the GWIMT GWIM interface shown in step 3 3 Using Internet Explorer 6 0 or higher navigate to one of the following IP addresses to access the management interface of the GWIMT GWIM The default IP value of the GWIMT GWIM interfaces are set as follows e Port 1 10 0 0 1 24 https 10 0 0 1 e Port 2 10 0 1 1 24 https 10 0 1 1 e Port 3 10 0 2 1 24 https 10 0 2 1 P1 10 0 0 1 24 P2 10 0 1 1 24 RUN V35 HSSI ii Lj a HSSI OSYH425001W P3 10 0 2 1 24 Caution when using a Web Browser The version of Internet Explorer should be 6 0 or higher when logging in and performing CAUTION maintenance on the GWIMT GWIM Other web browsers are not supported Getting Started Start Internet Explorer and enter the IP address of the Data Server interface into the address bar The Security Aler
40. packets 0O input errors O length O overrun O CRC O frame O fifo O missed O output packets bytes 154 dropped 0 output errors O aborted O carrier O fifo 0 heartbeat O window O collisions O 22 DNS Select the Network gt DNS submenu in order to display the following configuration window Enter the domain name and the IP address information for the DNS server s Then click the OK button to store the domain name and the IP address information The default DNS information should be deleted In order to delete a DNS entry select the check box directly to the left of the DNS Server IP Address and then click on the Delete button Static DNS Domain Name Name Server List E 168 126 63 1 C 168 126 63 2 Network Link Select the Network gt Network Link submenu to view and set up the transmission speeds and transmission modes for the Ethernet interfaces Network Link Configuration Ethernet Ethernet D a Negotiation auto Network Link Status EthernetO 10 100 1000T up auto 100 full 00 00 f0 e8 72 31 Ethernet 1 10 100 1000T down auto 1000 full 00 00 f0 e8 72 32 Ethernet 2 10 100 1000T up auto 100 full 00 00 f0 e8 72 33 23 Network Link Configuration Use the Ethernet pull down menu to select the correct Ethernet connection Use the Negotiotion pull down menu to select auto or force If auto is selected the Ethenet Interface speed and duplex type will be automatically selected
41. should be CAUTION identical For example if the number of IPs for Local IP range is 10 and that for Remote IP range is 20 only 10 calls will be set i Status In order to check the status of an IPSec tunnel go to the VPN gt STATUS gt IPsec submenu All IPSec Tunnels and their status will be displayed Status L l F t ISAKMP IPSEC aa Local IP Remote IP cold aie Authi Protocol Subnet Subne BA 10 0 0 0 100 0 0 100 200 0 0 100 20 0 0 0 psk esp Log Contes OOOO In order to check the status of L2TP or PPTP tunnels go to the VPN gt STATUS gt L2TP PPTP submenu All L2TP and PPTP Tunnels and their status will be displayed PPTP L2TP Status Local IP Remote IP PPO ISIE E all ge ea Isles borat 2 2p Refresh 122 IDS Menu An intrusion detection system IDS generally detects unwanted attacks to computer systems mainly through The Internet The attacks may come from skilled malicious hackers or by others using automated tools The GWIMT GWIM intrusion detection system is used to detect all types of malicious network traffic and computer usage that can not be detected by a conventional firewall This includes network attacks against vulnerable services data driven attacks on applications unauthorized logins and access to sensitive files and malware viruses trojan horses and worms Select the IDS menu to begin configuring the IDS feature The IDS submenus will be display
42. symbol is used to specify a public WAN external network Subnet as a valid destination information Example 12 168 1 0 24 This allows the destination to be any device within the 12 168 1 0 network The is used to specify a range of IP Address destinations Example 12 168 1 50 60 The symbol is used to allow all destination IP Addresses Example 0 0 0 0 Index No Location of the NAT rule 33 Advanced Mode This window is used by the administrator to select and set up the port s or protocol s that are sii not included in the Basic Mode configuration In this Advanced Mode example the WAN Interface field is set with an IP Address of 10 0 1 1 the Interface is being set to Ethernet1 and all Inside private IP Addresses in the defined range 192 168 1 50 thru 192 168 1 75 are being allowed out over the WAN interface to any destination over port 80 on all protocols Once the information is entered click on the OK button to apply Now users within the IP Address range of 192 168 1 50 75 are allowed out on WAN 10 0 1 1 using port 80 only Config Mode Basic Mode Advanced Mode wane o f Lt eteresd Intf Fort Dynamic IP PPPo Etherne side e iss e e Js Outside lo o b p CDefine all J User faol Port C Range C Multi al E Protacal Index Noa Advanced NAT Parameter Description Port Used to define the specific IP port s for the outside destination
43. the Serial Interface or select NONE if the Serial Interface will not be used Serial Basic The Serial Basic tables set the basic information for the Serial Interface Select one of the Serial Protocols in the Encapsulation field of this table to display the configuration window Serial Basic Serial Interface Name Seriald Physical Line Type Wea MIT iso 128 1500 Default 1500 Encapsulation f Cisco HDLC C Ppp Frame Relay Serial Basic Parameters Parameter Description f a Serial Interface Name of the current serial port Name Physical Line Physical line type of the current serial port Type MTU Maximum Transmission Unit Leave this field at default unless told to change by Samsung Technical Support Encapsulation Cisco HDLC PPP Frame Relay 18 Cisco HDLC Configuration Set the Encapsulation radio button to Cisco HDLC in order to display the Cisco HDLC Configuration window Specify the value for each field and then click the OK button to store the information Cisco HDLC Configuration Keep Alive Interval io 1 100 Default 10 keep lve Timeout 25 1 100 Default 25 IP Address si si L Oo Gateway i Default Gateway The Gateway is a Default Gateway Cisco HDLC Parameters Keep Alive Interval Time interval to check Keep Alive Keep Alive Time to estimate the failure of Keep Alive Timeout IP Address IP Address of the serial port Gateway Gateway IP Address Peer A
44. 2 19 bdflush 6 0 0 0 0 0 S 12 19 kupdated E 0 0 0 0 O TA 12 19 swapper J 0 0 0 0 0 S 12 19 mtdblockd 7 0 0 0 0 0 Sv 12 19 kdpram 19 0 0 0 0 0 SWN 12 19 jfs2_gcd_mtd4 21 0 0 0 0 0 SWN 12 19 jffs2_gcd_mtd5S 5g 0 0 0 0 0 Syy 12 19 cavium al 0 0 0 4 2196 S 12 19 nsm of 0 0 0 4 2o44 5 12 19 imi 105 0 0 TLE 1808 5 12 19 ripd 121 0 0 mes 1908 5 12 19 ospftd Jas 0 0 0 4 elie S 12 19 bgpd 105 Services This submenu is used to display the status of the Security Router and Management services provided by the GWIMT GWIM in a table format If a service is set to Auto Start then the service is started automatically when the system reboots If the Activity field shows that a service is Running then the service s function is being performed If the Activity field of the service shows Stop then the service is not functioning Security This window is used to display the current status of the Security services being provided by the GWIMT GWIM Security MAT Network 4ddress Translation Running Filter Running PPTP Point to Point Tunneling Protocol Stopped IDS Intrusion Detection System Stopped L TP Layer 2 Transfer Protocol Stopped IPSEC CIP Security Stopped Router This window is used to display the current status of the Router services being provided by the GWIMT GWIM Router RIP Routing Information Protocol Running OSPF Open Shortest Path First Running BGP Bolder Gateway Protocol R
45. Cisco HDLe 22 0 ee Seriali VoIP NAPT Management Field Description Category This field displays the Interface name Usage This field displays the type of each interface Protocol This field displays the protocol type of each interface IP This field displays the IP Address of each interface NAPT Network Address Port Translation o CN This is a method by which many network addresses and their ports are translated into a NOTE single network address and its TCP UDP ports VoIP DB Using the VoIP Service gt VoIP Status gt VoIP DB submenu the system administrator can display the current VoIP Service information on the OfficeServ 7400 system VoIP Database con server status P mac address MEP Connected 192 Mone a 00 00 f0 e8 5d f1 a Le Status MAC Address Cabinet Connected 192 log tL 24a 00 00 f0 e8 46 59 Connected 03 loe T13 a2 sami 00 00 f0 22 38 69 137 VoIP Database Field Description Call Server This field displays the type of call server Status This field displays the status of each card and phone IP This field dsplays the IP information of each card and phone MAC Address This field displays the MAC address information of each card and phone MGI Slots This field displays the slot of the MGI card ITP Index This field displays the index of ITP Phone WIP Index This field displays the index of WIP Phone Port This field displays the port of ITP WIP Phone TEL NUM This fie
46. Description Activity This field displays the operational status of the current service Action Used to to start or stop RMON 162 My Info Menu Click the My Info icon on the upper right hand side of the GWIMT GWIM Web Page to open the My Info window In this window administrators can enter a telephone number an E mail address and desciption of the router This window is also used to enter the admin password which is used when logging into the GWIMT GWIM router Enter the new admin password into the Password and Password Confirm fields and then click the Save button O My Infomation Login ID admin Login IP 192 168 0 126 Login Time 2006 1 9 6 3 Last Login IP 192 168 0 132 Last Login Time 2006 1 9 5 33 Last Logout Time Tel no E mail address Password Password Confirm Description My Info Parameters Item Login ID Login IP Login Time Last Login IP Last Login Time Last Logout Time Tel no E mail address Password Password Confirm Description Description This field displays the login ID This field displays the IP address of the PC logged into the GWIMT GWIM This field displays time when the login occued This field displays the last login IP address This field displays the last login time This field displays the last logout time Used to enter the Telephone No of the administrator Used to enter the E mail address of the administrator Used to enter the Password to be modified
47. F Forwarder installed Mroute Field Description Mroute Multicast Routing identifier Uptime Time passed after starting the operation of multicast routing entry Expires Rest time until multicast routing entry is expired Flags Multicast routing feature flag Refer to the description on the lower side Incoming Name of VIF to which multicast is sent Outgoing List of VIF where multicast is sent Management The IPMC gt General gt Management submenu is used to start or stop dvmrpd and pimd IPMC protocol daemons The lt Current Status gt field of Management window shows the current status of each daemon To change the daemon status use the Action pull down menu and then click the OK button Management DVR Stop PIM Stop Off 73 IPMC Management Field Description Protocol IPMC protocol Current Status Current IPMC protocol demon status Action New status of IPMC protocol demon status Configuration IGMP The Internet Group Management Protocol is a communications protocol used to manage the membership of Internet Protocol multicast groups IGMP is used by IP hosts and adjacent multicast routers to establish multicast group memberships The IPMC gt Configuration submenu is used to display and change the GWIMT GWIM IGMP configuration IGMP amp Help IGMP commands can be entered into the Command field and saved by clicking the OK button Use the Help field to find an IGMP command IGMP Hel
48. IP port s for the destination Protocol Select TCP UDP or all both tcp and upd protocol The administrator can view the current status of the Port Forwading Rules using the Firewall gt NAT gt Port Forwarding submenu The Configuration List is shown on the bottom of the window 37 Configuration List mio Inside 1P Outside WANTP Port Proto Bl 282 GELS 12 2 2 0 24 IMO G pace alk BO00 6100 tcp 2 192 168 1 149 0 0 0 0 0 INDI pak ale all all If a Port Forward rule must be deleted then check the box to the left of the rule and then click the delete button In order to delete all Port Forward rules click on the box on the top left of the Configuration List then click on the delete button Static NAT This is a type of NAT in which a private IP address is mapped directly to a public IP address where the public address is always the same IP address 1 e it has a static address This allows an internal host such as a Web server to have an unregistered private IP address and still be reachable over The Internet This is also referred to as 1 to 1 NAT The administrator can begin configuring the static NAT feature on the GWIMT GWIM by using the Firewall gt NAT gt Static NAT submenu In this example the inside internal network IP Address is 192 168 1 50 the WAN external network IP Address is 10 0 0 1 network ports 1 thru 65000 are selected for both the inside and WAN IPs and all protocols ar
49. Info submenu is used to view the active Lease information DHCP Leases Usage FT Poatname network otal used Usoge DHCP Leases Information eae Lease Starts 150 DHCP Relay Agent The System gt DHCP Relay Agent submenus are used to configure DHCP Relay feature Configuration By using the System gt DHCP Relay Agent gt Configuration submenu the administrator can begin to configure the DHCP Relay Agent settings First designate an interface which will accept DHCP leases from a DHCP Server Click the add button if more interfaces need to be added to the list If an interface needs to be removed from the list then check the box for that interface and then click the Delete button Then add the DHCP Server s which will be handing out the DHCP leases into the Server List If more than one DHCP server is going to be used then click the Add button and enter the IP Address of the additional server s If a DHCP server needs to be removed from the server list then check the box for that server and then click the Delete button Interface List Configuration Server List O O EEH 151 Management By using the System gt DHCP Relay Agent gt Management submenu the administrator can start or stop the DHCP Relay Agent service DHCP Relay Agent Management Click the Run button to start the DHCP Relay Agent and click the Stop button to halt the DHCP Relay Agent i Time Configuration Using the
50. MGI_Ports Port CI 30000 z 20031 Click the Add button to create another Port Group Port Group Category Configuration AI TCP O 1 fesoo1 85 Port Group Parameter Description Name of the port group Should include both letters and numbers Group ID must start only with letters No blanks should be left in between characters Port range Enter 0 to set all ports Port Group List G MCP_Parts BOO0 6100 a Mis Ports 20000 30031 c All_ TCP 1 653001 In order to delete a Port Group List highlight the radio button to the left of the Port Group List and then click the delete button IP Group The GWIMT GWIM uses the IP Group submenu to define specific IP addresses for the QoS policies Select the QoS gt Group gt IP Group to retrieve set edit or delete an IP group IP Group List O ome OOOO e OOOO Click the Add button in the above window to open another window from which the IP group information can be entered In the examples listed below there are three IP Groups created One is for the MP40 at IP Address 192 168 1 200 the second is for the MGI card at IP Address 192 168 1 201 and the last is for the entire 192 168 1 0 24 network IP Group Category Configuration MCP_IP O f2 face 1E Ieo li Be 86 Enter the IP Group ID and then the IP address information Click the OK button to save the changes Click the Add button to add another IP Group IP
51. Multicast Displays the number of multicast packets 103 Protocols The Status gt Statistics gt Protocols is used to display GWIMT GWIM network statistics of each protocol type Unit Byte Network statisics by piono aa a tcl 164651967 15866041 34326008 ICMP 14820017 14821015 20041632 35550 35255 70805 16002 15151 31153 Monitoring Current The Status gt Monitoring gt Current submenu is used to display the GWIMT GWIM network statistics in real time The data window is updated every 5 seconds Rate Bytes Sec a Received transmitea Trans Reev Ethernet 0 2735 5513 2249 Ethernet 1 g g Ethernet 2 56 Serial O g Serial 1 Oo 104 History The Status gt Monitoring gt History submenu is used to display the CPU utilization available memory capacity and network statistics of the GWIMT GWIM router with an accumulation value on an hourly weekly monthly and yearly basis Accumulated Monitoring Graph CPU Utilization O Free Memory O Ethernet Interface Selection Check Ethernet O Ethernet 1 Ethernet 2 Process The Status gt Monitoring gt Process submenu is used to display the CPU utilization memory usage and start time of the processes running on the GWIMT GWIM Process Frio ecru semen ess srar starr COMMAND 1 0 0 me 226 S 12 19 init 2 0 0 0 0 0 Sy 12 19 keventd al 0 0 0 0 0 SWN 12 19 ksoftirgqd_CPUO 4 0 0 0 0 0 SW 12 19 kswapd z 0 0 0 0 0 S 1
52. PIM SM submenu is used to display the information on the RP router RP Information RP Information PIM Group to RP Mappings Groups 224 0 0 0 4 RP 192 166 0 99 Info source 192 168 099 via bootstrap priority 22 Uptime 00 00 02 expires 00 02 28 Groups 224 0 0 0 4 Static RP 192 166 1 100 Uptime 00 00 38 PIM SM Intf The IPMC gt Configuration gt PIM SM Intf submenu is used to add or modify the PIM SM VIF Virtual Interface RD Interface This section of the IPMC gt Configuration gt PIM SM Intf submenu is used to add PIM SM VIF Select the target L3 interface from the Interface pull down menu and then enter the target values Once done click the Add button to add the PIM SM VIF RD Interface Interface etha aj 192 168 17 100 16 Mode Sparse DR Priority 1 O 429496 7294 Hello Interval 30 eto Siete PIM SM RD Interface Parameter Description Interface Used to select the target L3 interface to be added to PIM SM VIF Mode Used to select the target PIM SM protocol mode Sparse Passive DR Priority Used to enter the priority value used when selecting Designate Router DR High value has high priority 80 Hello Interval Cycle of exchanging hello packets with connected PIM SM neighbors PIM SM Interfaces This section of the IPMC gt Configuration gt PIM SM Intf submenu is used to display the VIFs added to the PIM SM To delete a VIF click the
53. The IDS search can be narrowed down and pin pointed by defining the Search Log Parameters IDS Logs can be filtered by Priority Source IP Destination IP and Destination port Log Analysis Intrusion Type Alert summary by intrusion type Source IP Alert summary by source IP Destination IP Alert summary by destination IP Destination Port Alert summary by destination port Port Scan Port scan summary Log Analysis Parameter Description Used to set the GWIMT GWIM to show IDS log by intrusion type Used to set the GWIMT GWIM to show IDS log by intrusion type Used to set the GWIMT GWIM to show IDS log by Destination IP Used to set the GWIMT GWIM to show IDS log by Destination Port Used to set the GWIMT GWIM to show IDS log if information is the port scan type Search Log L Priority All Source IP Destination IP Destination Port 125 Search Log Parameter Description Destination IP Destination Port Category Used to filter the IDS log by Priority of the Intrusion Choices are all high med or low Used to filter the IDS log by Source IP Address Used to filter the IDS log by Destination IP Address Used to filter the IDS log by Destination IP Port Intrusion Type Log The administrator can summarize the IDS alerts by type If the alert log is defined by Intrusion Type the following window will appear Summary by intrusion type Mon Sep 26 04 16 59 2005 Mon Sep 26 20 00
54. Used to enter the Mac address of device for ARP table ARP Age Time The ARP Age Time window is used to setup the ARP Table cycle at Leaset 600 sec unit sec to delete the unused ARP entries from the ARP table ARP Age Time Time 600 SEC 25 ARP Refresh The ARP Refresh window is used to submit changed ARP information in the ARP table after route or a host information on the network has changed The host or the route with the destination IP the Mac with the current source IP is updated into the Ethernet Mac of the OfficeServ 7400 system ARP Refresh ARP Refresh Paramenters Ethernet Used to select the Ethernet to be changed Source IP Used to select the IP address to be changed Destination IP Used to select the Host or Mac to be changed Network Status Select the Network gt Network Status submenu to display the Network Status window The window displays the network information of each Ethernet interface Network Status Ethernet Es TERMAL STATIC 192 168 17 100 255 255 0 0 192 168 0 1 Etherneti Ethernet INT_ PRI STATIC INGLE SIE a Eales gala 2 alee lO Serialo Sertall Name Server Server 1 168 126 63 1 Server 2 168 126 563 2 26 NLB The GWIMT GWIM supports 5 external WAN interfaces It can distribute network or Internet access traffic through each WAN interface by using the NLB function For effective access and traffic balancing the system uses the Weighted Round Robin m
55. Vendor ID Used to sets up a Vendor Class Identifier Domain Name Used to set up a Domain Name Default Router Used to set up the IP address of the Default Router DNS Server Used to set up the DNS Server s WINS Server Used to set up the WINS Server s The Fixed Address assignments are used for allocating a fixed IP address for a specific client The Assignment of Fixed Address Save Cancel Assignment of Fixed Address Parameter Description Fixed Host Used to set up the Name of Host Address MAC Used to set up the MAC address of a specific client iP Used to set up the IP Address to be allocated 149 The Current Running Configured Information window is used to view edit or delete existing DHCP Pools If a Pool needs to be deleted or modified check the box to the left in the Pool window and then click the Edit or Delete button Current Running Configured Information Pool Name Manual Network 192 168 1 0 24 IP Address Range 197 166 1 50 192 166 1 5 Lease Time 2 Days OHours O Minutes Default Router 192 168 1254 Domain Name manual com DNS Servers Lz Lg cle yal WINS Semvers je Ibe Ne Management The System gt DHCP Server gt Management submenu is used by the system administrator to start or stop the DHCP server DHCP Server Management Click the Run button to start the DHCP Server and click the Stop button to halt the DHCP server Lease Info The System gt DHCP Server gt Lease
56. a KB s The third step in the HTB configuration is creating the Default class A default class is used with every HTB Queue The default Priority is 0 which causes any unclassified traffic to be dequeued at hardware speed completely bypassing any of the classes attached to the root Queue From the lt HTB Class Group List gt window click the Add button Assign a Default ID click the default radio button set the Parent ID root select a priority and define the Rate parameter minimal desised speed and the Ceil parameter maximum desired speed In the example listed below the there will only be one Default class The default Priority will be set to O so all unclassified traffic will bypass any of the classes attached to the root Queue The Parent ID will be set to Root and the rate will be set to 200 KBs and the Ceil will be set to 200 KBs as well HTB Class Group ID Default Glass ine C root inner default leaf Parent ID Root Priority E Rate 200 KB s Zeil z00 KB s aj The forth step in the HTB configuration is to create the Leaf rules From the lt HTB Class Group List gt window click the Add button Assign a Leaf ID click the leaf radio button set the Parent ID inner select a priority define the Rate parameter minimal desised speed and the Ceil parameter maximum desired speed and then select the Filter to apply 94 In the examples listed below the there will be three Leaf configu
57. a security tunnel between a local host and a remote host the GWIMT GWIM board is used as a gateway not as a host Thus this service is not supported Since the PSec setting requires two gateways for a security tunnel the local configuration and remote configurations have the same items IPSec Tunnel Mode The OfficeServ 7400 Data Server only supports the IPSec Tunnel mode The transport mode is not supported In addition if the WAN interface is SERIAL then IPSec is not supported Since a SERIAL line is a dedicated line IPSec is not required for the security VPN Programming The OfficeServ 7400 Data Server requires a VPN Accelerator daughterboard for VPN functionality Config Use the VPN gt IPSec gt Configuration submenu to begin configuring IPSec IPSec Connection 109 IPSec Connection Button Description Add Used to create an IPSec tunnel Used to delete an IPSec tunnel Delete Edit Used to modify the IPSec tunnel data Add Click the Add button from the lt IPSec Connection gt window to display the window shown below Enter the value of each item and then click the OK button to save the IPSec tunnel configuration Connection Add Category Local Settings Remote Settings Connection ID IF Router IF Subnet IF Subnet Mask Password Re password IPSec Connection Parameter Description Connection ID Used to enter the Tunnel ID which is composed of letters and number
58. achability among autonomous systems AS It is a path vector protocol which does not use traditional IGP metrics but makes routing decisions based on path network policies and or rule sets Select the Router gt Configuration gt BGP submenu to begin configuring BGP On the GWIMT GWIM the BGP information basic and advanced commands can be entered by using the Command field or by using the BGP Basic fields basic commands only BGP BGP Basic 45 number CIC IE IE remete neighbor gt l ebgp multihop C next hop self network E U W redistribute O connected O static O rip O ospf In the Command fields and BGP Basic field examples listed below the network administrator is setting the 192 168 1 0 network for BGP with an area of 100 The neighbor has an IP Address of 192 168 2 1 and has a remote AS of 200 Click the OK button to apply the change When using the Command field several entries will need to be entered to set up this configuration Click the OK button after each entry GP Command router bgp 100 Command network 192 168 1 0 24 Command neighbor 192 168 2 1 remote as 200 58 BGP Basic 45 number 100 isz f ies i 2 i 1 remote zoo neighbor l ebgp multibop C next hop self network is ie Al fo i fea redistribute O connected O static O rip O ospf Once the entered command s are successfully executed the BGP configuration 1s directly applied to the Route
59. an internetwork The IPMC gt Configuration gt DVMRP submenu is used to display and change the GWIMT GWIM DVMRP configuration DVMRP amp Help DVMRP commands can be entered into the Command field and saved by clicking the OK button Use the Help field to find a DVMRP command DVMRP Help clear ip dvmrp w route 4 B 0 0 M w DVMRP Routes This submenu is used to display the DVMRP Route items in use DYMRP Routes Direct 100 1 2 0 24 D rdz Y Il 00 05 10 00 00 00 Connected Direct 100 1 3 0 24 JEN rd3 Y 00 05 05 00 00 00 Connected DVMRP Routes Field Description Source Network VIF network address to which multicast packets flow Flags DVMRP route feature flag N New D Direct Connected H Hold down Intf VIF name to which multicast packets flow Neighbor DVMRP neighbor IP address that provides information on DVMRP route 76 Metric DVMRP route Metric distance value Uptime Time passed after using the DVMRP route item Expires Left time until the DVMRFP route item is expired DVMRP Intf The IPMC gt Configuration gt DVMRP Intf submenu is used to add or set the DVMRP VIF Virtual Interface RD Interface This window is used to add L3 interfaces where an IP address is set to DVMRP VIF Select the target interface to be added to the VIF from the Interface and then enter the target value and click the Add button RD Interface Interface etha zj 192 168 17 100 16 Reject N
60. associated operations for each intrusion level For example if the Block box is checked for High then the relevant IP Address is blocked from accessing the system for a configured time If the Mail box is checked then alerts are sent to the system administrator via email Set Detection Level amp Type C Block C Block C Block Mail Mail Mail 131 IDS Rule Configuration This window is used by the administrator to select the IDS rule sets to be used by the system IDS Rule Configuration local rules exploit rules finger rules telnet rules rservices rules ddos rules ttp rules web caldfusion rules web frontpage rules web client rules sql rules icmp rules misc rules oracle rules snmp rules imap rules pops rules other ids rules backdoor rules policy rules Info rules WIrus rules EEE HEHEHE HHH HHH EHH A multimedia rules experimental rules bad traffic rules scan rules Tio rules roc rules dos rules dns rules web cgirules wWeb is rules web misc rules Wweb php rules ii rules nethios rules attack responses rules mysghrules smtp rules pop rules nntp rules web attacks rules shellcode rules porn rules Icmp into rules chat rules p2p rules Click the box of each rule set that needs to be functioning and then click on the OK button to activate the selected rule sets Click the Default button to select the default rules 132 Rule Config Using the IDS gt IDS Co
61. ator wants to see whet the correct command is to remove the static route that was just entered they would selet no ip route and then select the appropriate argument 51 RIP Then at the command line the following command must be typed in Then click the OK button to submit the change Static no ip route 100 0 0 0 24 etho The Routing Information Protocol RIP is one of the most commonly used routing protocols on internal networks and to a lesser extent networks connected to The Internet RIP helps routers dynamically adapt to routing changes on a network by communicating information about which networks each router within a network can reach and how far away those networks are Select the Router Configuration gt RIP submenu to begin configuring RIP On the GWIMT GWIM the RIP information basic and advanced commands can be entered by using the Command field or by using the RIP Basic fields basic commands only Command RIP ee RIP Basic Version C4 2 default redistribute connected C1 static O ospft ERRE network i BE U W W S In the Command field and RIP Basic examples listed below the network administrator is setting the 192 168 1 0 network for RIP version 2 RIP network 192 168 1 0 24 RIP Basic Version al 2 default redistribute connected C1 static O ospt C bgp network is ies E fo fea Enter the RIP command or enter the RIP Basic information I
62. ays the address being connected If Displays the interface information Time Update time 68 OSPF The Router gt Status gt OSPF submenu is used to display the OSPF connection status and information of the GWIMT GWIM OSPF Information OSPF Status Field Description Neighbor ID Neighbor ID of the other routers using OSPF Pri Priority State Displays the state of the router Dead Time Displays the dead time Address Address of the other party Interface Interface connected BGP The Router gt Status gt BGP submenu is used to display the BGP connection status and information of the GWIMT GWIM BGP Information BGP Router ID Wel Le IO IE tet Local 45 Number 100 BGP Table Version BGP AS PATH Entries BGP Community Entries Total Neighbor BGP Information Field Description Part 1 BGP Router ID Current system router ID Sets to the IP address that is the highest in the IPs set in loopback when an address or a loopback that is the highest from the IP addresses is used Local AS Number Local AS No set by a administrator 69 BGP Table Version BGP table change version information BGP AS PATH Entries Number of AS PATH Hash tables used in BGP BGP Community Entries Total Neighbor Number of Hash table of community attribute used in BGP Total sum of BGP neighbor BGP Information Field Description Part 2 Neighbor V AS MsgRcvd MsgSent TbiVer InQ OutQ U
63. because the same data is broadcast to many recipients simultaneously Unlike traditional Internet traffic that requires separate connections for each source destination pair IP Multicasting allows many recipients to share the same source This means that just one set of packets is transmitted for all the destinations Select the IPMC menu to begin configuring IPMC The submenus will be displayed in the upper left side of the window as follows Fl General t Mroutes Management El Configuration IGMP DYMRP DVMRP Intf PIM SM PIM SM Intt E Status IGMP Groups DV PRP PIM SM IPMC Menu Description Menu Submenu Description General Displays the Multicast Routing Entry Used to starts stop IPMC protocol daemons Configuration IGMP Used to display or change the IGMP configuration DVMRP Used to display or change the DVMRP default configuration DVMPP Intf Used to display or change the VIF of theDVMRP PIM SM Used to display or change the PIM SM default configuration PIM SM Intf Used to display or change the VIF PIM SM Status IGMP Groups Used to displays the IGMP Group information DVMRP Used to display the DVMRP neighbor and Prune information 72 Used to display the PIM SM Neighbor information General Mroutes The IPMC gt General gt Mroutes submenu is used to display the multicast routing entries Mroutes 100 1 1 11 224 1 1 100 00 00 08 00 03 22 TF I Immediate Stat T Timed Stat
64. bmenus will be displayed in the upper left side of the window as follows Router El General t Routes Management El Configuration Static RIP RIP Interface OSPF OSPF Interface BaF El List Access List Prefix List Route Map As Path List Community List Key Chain El Status RIP Router Menu Submenu Description General Routes Used to display the routing table of GWIMT GWIM Management Used to start or stop RIP OSPF and BGP Configuration Static Used to set up a static route Used to set up RIP RIP Interface Used to sets the RIP interface OSPF Used to set up OSPF OSPF Interface Used to set up the OSPF interface BGP Used to set up BGP 48 List Used to set up Access lists Used to set up Prefix lists Used to set up Route maps Used to set up BGP AS path lists Used to set up BGP Community lists Used to set up the key used for authentication of RIP v2 Status RIP Used to display RIP network information Used to display OSPF Neighbor information BGP Used to display the Neighbor status connected with the BGP network information General This submenu is used to start and stop the routing protocols RIP OSPF and BGP and to view the routing table of the GWIMT GWIM Routes In order to view all static and dynamic routes select the Router gt General gt Routes submenu Click the refresh button to refresh the routing table Routes See 0 0 0 0 0 1 0 via 216 62 86 129 etho i Se 127
65. boot the system Select the System menu and the submenus will be displayed in the upper left side of the window as follows system DEB Config Admin Config El Log Configuration Report Download El DHCP Server Configuration Management Lease Info El DHCP Relay Agent Configuration Management El Time Configuration NTP Contig Manual Contig Timezone Upgrade Appl Server Reboot System Menu Description DB Config Manages the current configuration DB of GWIMT GWIM Admin Config Sets up the authentication of the manager Log Configuration Used to set up logging policies Used to search the current system logs Used to download the system logs DHCP Server Configuration Used to define and edit the DHCP scope Used to start or stop the DHCP server 143 Used to display DHCP Lease status DHCP Relay Used to define the DHCP Relay settings Used to start or stop the DHCP Relay Time Used to enter the NTP server info Configuration Used to manually configure time Used to set the GWIMT GWIM timezone Upgrade Used to upgrade the GWIMT GWIM software Appl Server Used to allow SSH FTP and Telnet access to the GWIMT GWIM Reboot Used to Reboot the GWIMT GWIM DB Contig Use the System gt DB Config submenu to export the GWIMT GWIM database to import the GWIMT GWIM database or to default the GWIMT GWIM to the factory defaults Configuration System DB Import E Esport Export the current syste
66. button on the lt PPTP administrator list gt window to add a PPTP Tunnel ID and password Enter each parameter and then click the OK button to save the changes User Add ID Password Confirm Password Auto IP Allocation Static IP Allocation PPTP User Add Paramer Description ID Used to enter the ID composed of letters and numbers Password Used to enter the shared password Confirm Password Used to re enter shared password 120 Dynamic IP Used to assign dynamic IP for remote clients Static IP Used to assign static IP for remote clients Enter IP address Edit If a PPTP Tunnel parameter needs to be modified highlight the radio button to the left of the User List needing to be changed and then click the Edit button Modify each parameter value and then click the OK button to save the VPN tunnel data changes User Mod ID Password Confirm Password Auto IP Allocation Static IP Allocation Management Using the VPN gt PPTP gt Management submenu the system administrator can start or stop the PPTP services When the system is rebooted the PPTP service will be automatically initiated if the PPTP service is running PPTP Management Local IP Remote IP 121 The administrator can also set up the IP range for the remote PPTP clients that use the dynamic IP feature Setting up IP Range The number of IPs for the Local IP range and that for the Remote IP range
67. cas will be used then select the Taccas box Enter the information for the Taccas authentication method Up to 5 lists can be entered When deleting the list of all the server IPs the corresponding secret key values are also deleted Taccast Tactast Server Tacctas Secret Key er l Log The Log submenu is used to configure the system log by selecting specific GWIMT GWIM attributes to run system log reports and to download a system log report to a file Configuration The System gt Log gt Configuration submenu is used to determine which system attributes will be included in the system log Log Policy Advanced Service System on OFF NETWORK on OFF FIREWALL On OFF PPTP ON OFF IPsec On OFF L2TP ON OFF Click the ON or OFF radio button to include or ignore the GWIMT GWIM attribute The choices are System NETWORK FIREWALL PPTP IPSec and L2TP Once the radio buttons are selected then click the OK button to apply the changes Click the Reset button to return the Log Policy to the previous status before applying the change 146 Report Using the System gt Log gt Report submenu the administrator can retrieve the logs stored in the system according to attributes date and time Report Policy Advanced Service ALL SYSTEM NETWORK FIREWALL Log Type PPTE L2TP O IPSEC IDs O Detail Search DAY Click the ra
68. ce Examples a a fo 2 2 2 2 TO te ee Indication that there is a programming example which should be remembered Console Screen Output The lined box with Courier New font will be used to distinguish between the main content and console output screen text e Bold Courier New font will indicate the value entered by the operator on the console screen Reference OfficeServ 7400 General Description The OfficeServ 7400 General Description introduces the OfficeServ 7400 platform and presents the information necessary to understand the hardware configuration specification and system functionality OfficeServ 7400 Installation Manual The OfficeServ 7400 Installation Manual describes the installation of the system and how to inspect and operate the system OfficeServ 7400 Programming Manual The OfficeServ 7400 Call Server Programming Manual describes how to program the system using Man Machine Communication MMC entries Revision History EDITION DATE OF ISSUE REMARKS 00 10 2005 Original Draft 01 02 2006 Second Edition Descriptions of GWIMT GWIM are added Programming Examples are added Ping utility is modified Network Link Ping HTB QoS Policy are modified UI of IPsec Management is modified SIP ALG Taccas are modified IDS Rule update is added Setting Web Time out of Admin Config is added Method opt
69. ddress of the serial port Default Gateway Mark the check box to set this gateway to default gateway This item is displayed only if the WAN radio button is selected PPP Configuration Set the Encapsulation radio button to the PPP Protocol in order to display the PPP Configuration table Specify the value for each field and then click the OK button to store the configuration PPP Configuration Keep Alive Interval io 1 100 Default 10 Max Keep Alive Count E 1 100 Default 6 pap CHAP None Authentication Mame Password IPEF Dynamic IF fenable IP Address negotiation at IPCP layer IP Address Gateway Default Gateway The Gateway is a Default Gateway 19 PPP Configuration Parameters Keep Alive Interval Time interval to check Keep Alive Max Keep Alive Count of Keep Alives to estimate as the disconnection Count Authentication Information for PPP authentication IPCP Dynanmic Use of Dynamic IP function to support IPCP IP Address IP Address of the serial port Gateway Gateway IP Address Peer Address of the serial port Default Gateway Mark the check box to set this gateway to default gateway This item is displayed only if the WAN radio button is selected Frame Relay Configuration Set the Encapsulation radio button to the Frame Relay protocol in order to display the Frame Relay Configuration table Specify the value of each field and then click the OK button to store t
70. dio button for the desired log type and then select the date and time Then click the OK button to run the report Click the Reset button to return the log report settings to default Log Report 2005 9 27 11 00 2005 9 27 18 00 2005 9 27 17 50 40 2005 9 27 17 50 40 2005 9 27 accepted smux peer oid SNMPY2 5MI enterprises 3317 1 2 2 11 24 30 descr zebos 7 2 1 zeb05 7 2 1 rcl customer 2005 9 27 Li 24 30 2005 9 27 accepted smux peer old SNMPy2 SMI enterprises 3317 1 2 5 11 24 30 descr zebos 7 2 1 2e6b05 7 2 1 rce1 customer 2005 9 27 1i 24 30 2005 9 27 accepted smux peer oid SNMPY2 5MI enterprises 3317 1 2 3 11 24 30 descr zebos 7 2 1 zeb05 7 2 1 rcl customer 2005 9 27 1i 24 30 ROOT LOGIN on console login session opened for user toor by uid 0 login sampad smux accept accepted fd 12 from 127 0 0 1 32775 snmpd sampad smux accept accepted fd 11 from 127 0 0 1 32774 snmpd sampad smux accept accepted fd 10 from 127 0 0 1 32773 snmpd accepted smux peer oid SNMPy2 SMI enterprises 3317 1 2 10 descr zebos 7 2 1 7 eb05 7 2 1 sampa rel customer 2005 9 27 ES EE 2005 9 27 smus_accept accepted fd 9 from 127 0 0 1 32772 sampa 1ii 4 28 Git Fean rev 174 etd e Ga 147 Download Using the System gt Log gt Download submenu the administrator can download a log report to a PC Simply press the Download button and the system log will be downloaded in the form
71. e All button to remove all community list entries at the same time Key Chain The GWIMT GWIM uses the Key Chain window for setting up MD5 Authentication for RIP Version 2 packets Select the Router gt List gt Key Chain submenu to begin configuring the Key Chain information Enter the values and then click the OK button Key Chain key Chain Name tr Key ID 1 Key String 123 Key Chain Parameter Description Key Chain Name Used to name the Key Chain rule Key ID ID number of the Key Key String Password to be used in authentication process Once the Key Chain command is successfully entered and saved then the results are directly applied to the lt Current Status gt of the Router gt List gt Key Chain submenu Key Chain key Chain Name key ID key String 67 In order to remove a Key Chain entry click the radio button to the left of the Key Chain rule and then click the Delete button Click the Delete All button to remove all Key Chain entries at the same time I Status RIP The Router gt Status gt RIP submenu is used to display the RIP connection status and information of the GWIMT GWIM RIP Information 20 0 1 0 24 30 0 1 1 30 0 1 1 rdZ 02 47 F 30 0 1 0 24 rd2 R 192 168 0 0 16 30 0 1 1 al rdZ RIP Status Field Descrition Network Displays the network information Next Hop Next Hop address of the RIP route that sends neighbor Metric Metric information From Displ
72. e Ethernet2 Interface The Interface type is set to Private LAN the IP Address is entered as 192 168 1 1 and the Subnet Mask is 255 255 255 0 Click the OK button on the bottom of the window to save the information Interface Type C WAN LAN NONE Protocol Type Private Public LAN Private IP IP Netmask MIT O a O O O nemas OOO 16 LAN gt Public IP Select the LAN Public IP category to display the following setup window Interface Type C WAN LAN C NONE Protocol Type Private f Public LAN Public IP Ethernet Interface IP Netmask MTU fasoo Byte Enter the IP address and the netmask information provided by the ISP The IP Alias and the Transparent proxy fields are the same as the corresponding input field displayed when selecting WAN gt Static IP After the completion of the setup click the OK button to save the information NONE NONE is selected when the corresponding interface is not going to be used Interface Type C WAN C LAN f ONE Oo m Description Disable network interface Setup Details fo the SerialO V 35 and Serial1 HSSI Connections Serial Interface Type The Network gt Serial0 V 35 and Network gt Seriall HSSI submenus enable the administrator to specify the Serial Interface parameters Select one of the two Serial Interfaces to display the setup window shown below Interface Type C WAN LAN NONE Select WAN or LAN to begin configuring
73. e IP to communicate with external media This field displays the last external source port number This field displays the Internal IP Address that VoIP Service uses inside the GWIMT GWIM firewall This field displays the IP port number for the internal IP Address that VoIP Service uses This field displays the last IP port number for the Internal IP Address that VoIP Service uses 139 SIP ALG Menu SIP capable firewalls such as the GWIMT GWIM use the SIP ALG Application Level Gateway architecture to solve firewall traversal by taking care of the SIP packets on the fly making sure that they reach the right destination on the LAN Select the SIP AGP menu to begin configuring SIP ALG The submenus will be displayed in the upper left side of the window as follows SIP ALG Config Management SIP ALG Menu Description Config Used to set up the SIP environment Management Used to start or stop the SIP AGP service SIP ALG SIP aware ALG CN The firewall protects the internal network based on NAT so it is is safe from external NOTE attacks and resolves the limits on the services so that SIP devices behind the firewall can communicate with external devices Contig Using the SIP ALG gt Configuration submenu the administrator can set up the SIP environment on the GWIMT GWIM Set the following items and then click the OK button to save the changes SIP Configuration This window displays
74. e of the window as follows El Network Etherneto Etherneti Ethernetz Serial V 35 Seriali HSS1 DAS Network Link ARP Network Status El NLE Configuration Management El utility t Ping Network Menu Description Menu Submenu Description Network Used to setup the Ethernet port P1 Used to setup the Ethernet port P2 Used to setup the Ethernet port P3 Serial0 V 35 Used to setup the V 35 Serial port Used to setup the HSSI Serial port DNS Used to setup the domain name servers Network Link Used to set the speed and transfer method for the Ethernet ports Used to manage the addition deletion of ARP Briefly displays the setup information on all ports NLB Used to configure the Network Load Balance function Starts and stops the NLB function Utility Used to perform ping tests 10 Network The Network menu is used to view and configure the five network interfaces that are built in to the GWIMT GWIM This menu is used to set the IP Address information transfer speed and transfer mode of each interface In addition this menu is used to set the DNS server IP address information and ARP tables It is recommended that the network interfaces are programmed before any of the other features or options in the GWIMT GWIM Data Server Ethernet Setup The Network gt EthernetX X 0 through 2 submenus enable the administrator to specify the Ethernet Interface parameters Select one of the three Ethe
75. e selected Click the OK button to save the change Static NAT Configuration Inside IP Port esoo fa m WAN IP Port fa oo esoo Protocol Index Mea This means that when an external IP device tries to connect to the WAN IP Address 10 0 1 1 on network ports through 65000 and any protocol it will be redirected to 192 168 1 50 on network ports 1 through 65000 and any protocol Static NAT Parameter Description Inside IP Port Used to set an inside IP Address and network ports 38 WAN IP Port Used to set the WAN IP Address and network ports Protocol Used to select the protocol type Index No Used to set the location of the Static NAT rule Firewall The GWIMT GWIM firewall is software based and configured to permit or deny connections from The Internet or other networks depending of the organization s security policies Select the Firewall gt Firewall gt Management submenu to begin configuring the firewall Management This submenu is used to either enable or disable the firewall feature Select the Enable or Disable radio button and click on the OK button to set Filter Enable Disable Enable Disable Firewall Parameter Description Enable Radio button used to enable the Firewall function Disable Radio button used to disable the Firewall function Configuration This submenu is used by the administrator to set firewall rules which are used to allow or deny
76. ec Mod gt window to display the following window Advance Phase 1 Mode Main Encrytion Hash Algorithm Key Life Time 3600 Sec Phase 2 Protocol esp X Encrytion Hash Algorithm 3des shal Key Life Time 28000 sec Dead Peer Detect Time Out Delay Action Advance Negotiation Count Perfect Forward Secrecy DH Group5 Rekey yes Connection Initiator h IpseciL2tp E IPSec Advanced Parameter Description Phase1 mode Used to set the Ike mode Main Configures a secure channel to perform the ISAKMP exchange of phase one Aggressive Different type of phase one which is more simple and faster than the Main mode Encryption Used to set the supporting Algorithm Hash Algorithm 3DES MD5 3DES SHA1 AES128 MD5 AES128 SHA1 AES192 MD5 AES192 SHA1 AES256 MD5 AES256 SHA1 Key life time Used to set the IKE Duration If Key life time expires then the host authentication the phase one IKE is performed again 112 Parameter Description Phase2 Protocol Used to select the packet authentication protocol Authentication Header AH Allows the authentication of data transmitter Encapsulating Security Payload ESP Allows the authentication and data encryption Encryption Used to set the supporting Algorithm Hash Algorithm 3DES MD5 3DES SHA1 AES128 MD5 AES128 SHA1 AES192 MD5 AES192 SHA1 AES256 MD5 AES256 SHA1 Key life time The cycle of newly added key
77. ed in the upper left side of the window as follows El IDS Config t Management Log Analysis Configuration Rule Config Mail Config Block Config IDS Menu Description Menu Description IDS Config Management Used to start or stop the IDS module and block module Log Analysis Used to classify how the IDS logs will be searched Configuration Used to set up the rule and detection level of the IDS Rule Config Used to update the IDS rule files Mail Config Used to register the email server and email address of the system manager Block Config Used to register the Trusted IPAddress of the system Manager 123 IDS Config Management Using the IDS gt IDS Config gt Management submenu the system administrator can start or stop the IDS module IDS Management Stop Run Block Management IDS Management Field Parameter Description Status Running The IDS module is operational Stop The IDS module is not in operation Action Click the Run button to start the IDS module Click the Stop button to stop the IDS module Block time When an intrusion is detected this timer determines how long the IP address is blocked from the system The max block time is 999999999 seconds 124 Log Analysis Using the IDS gt IDS Config gt Log Analysis submenu the system administrator can view alerts detected by the IDS module In this window select the desired IDS category and then click the OK button
78. ee eer 6 CHAPTER 3 Using OfficeServ 7400 GWIMT GWIM 6 Network TS ANN iis ses cetceiesesiecaarsseiseresarsmcissteerapianeiaeanaaee namsemianseswacaciiai aun waisnesnaccanlssamseciasesnasaseaeaemaeasesias 6 PNT OE oea E sacs ese citeinc ale E a E E 6 i E seeps E E E SE A sas ete pe aac xe ast na decent perce Ses dct eats en gent E E AE EE 6 TN eea A T sare E E E T E 6 Firewall MenU anannnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nnmnnn nnna 6 T a EEE EEEN EE AAE SAE NEEE TEA S AE NENE TEONE EA AE NNA 6 PE a a e a ee ene Oe Eee 6 Vil GMO Rac geet eater oe Peters a ioe Faken tavet halen he Melee ek oka ld ds Go a tle 6 r Ud 9 emcee te tment re erie te eee tee te ete PwRE et rer te eee en ee ete Ee ee ee Ee OE AUN Soc cement aces oe sct esr E A eres oe naa eee neuen anion erate Connectoren E E tacynebaat pacts dnsiudanestountacnet acetates Seneneane Sialis ICS aae a E a E Wife ali Col d ae esee a a a a OS IS e AEE E ui TE E E T A A A EE E AE E E TE TE IDS COG a a a eee ee eee ee VoIP Service M nu ccccccccccccccececccecccecccecececececeeeceencncecececececeneneneaenenenenenenenenenenenenenenenenens FD BG ONT Gh areepii a sc uausensastantectsepdecdesactastearvieredsestactectvees PUM OONN os accede enaletce ante Sana e Me ateeke cn a A nate oeueeetceteata eased DHCP OGIVO aemeee ae Oren a a ne Te Ree PEE Pen Te mE eae Nee Eee en eee DCR REY AGS cer enema decade ss edensosencaicabe
79. ent installed When Changing Network Interface Note that all IP sessions connected through a GWIMT GWIM interface are disconnected for a while if the network interface i e IP Gateway and Subnet Mask is changed and saved When Using a Web Browser Use Microsoft Internet Explorer version 6 0 or higher as the web browser for the maintenance of GWIMT GWIM Other web browsers are not supported When Using Dynamic IPs of DHCP PPPoE and VDSL When a dynamic IP is used the public information of Port Forward and Static NAPT is not automatically changed Therefore Fixed IPs should be used for the VoIP related services that the setups of Port Forward and Static NAPT menus are required In addition the Fixed IP are used for the VPN services that the setups of WAN IP addresses are needed When Changing DB If the DB is changed in OfficeServ 7400 GWIMT GWIM the system restarts When Using a Private Key The private key is provided with the package The private key allows accessing SSH from the outside Thus only trusted administrators should use the key When Deleting Internet Temporary Files If the GWIMT GWIM package is upgraded the Internet temporary files should be deleted Select the Internet Explorer gt Tools gt Internet Options menu and click the Delete Cookies and the Delete Files buttons in the Internet Temporary Files
80. esses as the destination Example 0 0 0 0 Target Allow or Deny Allow Sets the rule to allow access Deny Sets the rule to deny access 40 41 Advanced Mode This window is used by the administrator to select and set up port protocol and time rules that e365 are not included in the Basic Mode configuration In this Advanced Mode example all Source IP Addresses are being denied access to IP Address 192 168 1 150 on port 80 Saturday and Sunday only Config Mode Basic Mode Advanced Mode Firewall Configuration Source IP b jf lb lb LEL Desinaticim IA fis fies o i 150 i Define all User so Port C Range oe Multi O MO Protocal all Days D Everyday Time Set M Sun C Mon C Tue C Wed C Thu Fri M Sat Time 24Hours e JE a H ac Tarzet Deny Index Mo 1 z Advanced Firewall Rule Parameter Description Port Used to set the network port s Protocol Used to set the protocol Time Set Used to set the time to apply the firewall rule Index No Used to set the location of the firewall rule The administrator can view the current status of the Firewall rules by using the Firewall gt Firewall gt Configuration submenu The Configuration List is shown on the bottom of the window 42 Configuration List mio sre Dest Port Protofarget Time 1 i 0 0 0 0 0 192 168 1 150 80 udp Deny 24 Hours Sun Sat 1 gt 0 0 0 0 0 192 1658 1 150
81. ethO In rip send version 1 2 In rip receive version 1 2 Help If a system administrator is unsure which RIP commands to use then they may use the Help Command pull down menu to see all possible choices Select the Command field either ip rip or no ip rip and then the Argument field Once the correct RIP command is identified then type it into the Command field and click on the OK button to submit the change RIP Interface Basic The RIP Interface Basic fields are used to set the Interface to send and or receive RIP Versions 1 and 2 After selecting each item click the OK button to submit the change The applied value will be displayed in the lt Current Status gt window 54 RIP Interface Basic receive version W 1i Moa send version Wi W 2 Current Status Router RIP Interface eth ip rip send version 1 2 ip rip receive version 1 2 OSPF The Open Shortest Path First OSPF protocol is a link state hierarchical routing protocol Dijkstra s algorithm which is used to calculate the shortest path tree It uses cost as its routing metric A link state database is constructed of the network topology which is identical with all routers in the OSPF area OSPF is perhaps the most widely used Routing Protocol in large networks Select the Router gt Configuration gt OSPF submenu to begin configuring OSPF On the GWIMT GWIM the OSPF information basic and advanced commands can be entered by using
82. ethod The NLB submenu is used for the setup of the Network Load Balancing function and Failover function Configuration In order to begin configuring the NLB function select the Network gt NLB gt Configuration submenu Network Load Balance Configuration etho p MLB Weight eth1 2 NAT Status Enable Network Load Balance Configuration The Network Load Balance Configuration can be used when at leaset two of the GWIMT GWIM interfaces are configured as WAN For example if a T1 private line and ADSL line are selectively connected to the Ethernet 0 Interface ethO and the Ethernet 1 Interface eth1 the higher weighted value should be given to the ADSL line because its bandwidth is relatively bigger In this way the load balancing feature is optimized according to the performance of the external network medium The GWIMT GWIM also utilizes a Failover function This means if there are multiple WAN interfaces set up and using NLB if one of the interfaces go down the other WAN interface will automatically be used as the back up path e NLB Weight A relatively higher load will be distributed on the line of the external interface that has a higher numerical value The weighted value for each external interface should be the greatest common divisor minimum irreducible unit 27 Static Configuration Along with the Network Load Balance Configuration the Static Configuration window is used to pass data through a specific
83. f the entered command or RIP Basic information is correct then click on the OK button to submit the change The new RIP configuration is directly applied to lt Current Status gt of Router gt Configuration gt RIP submenu Current Status Router RIP router rip network 192 168 1 0 4 Help If a system administrator is unsure which RIP commands to use in the Command field then they may use the Help Command pull down menu to see all possible choices Once a command is selected the Argument pull down menu will be populated with the appropriate choices Once the correct RIP command is identified then type it into the Command field and click on the OK button to submit the change 53 RIP Interface The Router gt Configuration gt RIP Interface submenu is used to select the Interfaces which will use RIP to apply advanced RIP functionality and to select the send and receive RIP settings per Interface If a WAN Interface is set up to work through a VPN Tunnel then it will not be possible to WN AS send routing updates through it This includes RIP OSPF and BGP NOTE Select the target interface and enter the protocol configuration command directly RIP Interface ethd If the RIP command is successfully executed then the execution result is directly applied to the lt Current Status gt of Router gt Configuration gt RIP Interface submenu Current Status Router RIP Interface
84. ficeServ 7400 GWIMT GWIM Data Server an application module of the OfficeServ 7400 and describes the procedures for installing and using the software Document Content and Organization This document consists of three chapters an abbreviation which are summarized as follows CHAPTER 1 Overview of OfficeServ 7400 GWIMT GWIM This chapter briefly introduces the OfficeServ 7400 GWIMT GWIM CHAPTER 2 Installing OfficeServ 7400 GWIMT GWIM This chapter describes the installation procedure and login procedure CHAPTER 3 Using OfficeServ 7400 GWIMT GWIM This chapter describes how to use the menus of the OfficeServ 7400 GWIMT GWIM ABBREVIATIONS Abbreviations frequently used in this document are described Conventions The following types of paragraphs contain special information that must be carefully read and thoroughly understood Such information may or may not be enclosed in a rectangular box separating it from the main text but is always preceded by an icon and or a bold title WARNING Provides information or instructions that the reader should follow in order to avoid WARNING personal injury or fatality CAUTION Provides information or instructions that the reader should follow in order to avoid a CAUTION service failure or damage to the system CHECKPOINT Provides the operator with checkpoints for stable system operation NOTE Indicates additional information as a referen
85. for internal resources via the conversion between common IP and public IP e Firewall function Access control from the outside by Extended Access List Intrusion Detection System IDS function Detection and report of the access for the access control area by the access list Recognition and notification of illegal packets by applying the basic intrusion rule for packets Detection and block of DoS attack such as SYN Flood e Virtual Private Network VPN function VPN gateway function based on Point to Point Tunneling Protocol PPTP Layer 2 Tunneling Protocol L2TP and Internet Protocol Security Protocol IPSec Confidentiality and integrity functions via VPN tunneling and data encryption Data Network Application Functions e Data network application functions such as NAT PT firewall VPN DHCP and Application Level Gateway ALG e Use of Application Software operating in GWIMT GWIM board e ALG function Support to operate the security function and smoothly pass the VoIP packets by implementing the AIG function for signaling and media traffic e DHCP Server function Auto configuration of network environment for the IP equipment in another functional block of the OfficeServ 7400 system e DHCP Relay function Function to connect the IP equipment in another functional block of the OfficeServ 7400 system to external DHCP server for the auto configuration of network environment QoS Function e Priority que
86. he WAN interface Netmask Used to enter the Subnet Mask information for the WAN interface MTU Maximum Transmission Unit Leave this field at default unless told to change by Samsung Technical Support Gateway Used to enter the public IP address received from the Internet Service Provider ISP or the IP address of a router Default Gateway Mark the check box in the Default Gateway field to create an entry in the routing table which specifies this address as the default gateway Transparent Proxy Proxy ARP is used when hosts or networks are added in the Transparent Proxy field Up to 128 Proxy ARPs can be set in the OfficeServ 7400 system without the change of the existing network To add entries click the Add button and enter the following IP address and netmask To delete entries select the entry to be deleted and click the Delete button e IP Alias Is used to add up to 32 IP addresses To add entries click the Add button and enter the following IP address and netmask To delete entries select the entry to be deleted and then click the Delete button 12 WAN gt Static IP Programming Example In the example listed below the following information is assigned to the Ethernet Interface The Interface type is set to Static WAN the IP Address is entered as 10 1 1 2 the Subnet Mask is 255 0 0 0 the Gateway is 10 0 0 1 and the Default Gateway box is checked Click the OK button on the bottom of the window to save the info
87. he configuration When a Serial Interface is set up as Frame Relay on the GWIMT GWIM it is a DTE device only ADCE device is needed on the other end of the connection in order for it to NOTE function It is not possible to do a GWIMT GWIM Frame Relay point to point with another GWIMT GWIM without a DCE Frame Relay Configuration LMI Type ANSI Cecchi t None Keep 4live Interval io 5 30 seconds Default 10 H391 E 1 255 full status polling counter Default 6 H392 3 1 10 LMI error threshold Default 3 H393 fa 1 10 LMI monitored event count Default 4 Frame Relay Parameters LMI Type LMI type of Frame Relay Keep Alive Interval Time interval to check Keep Alive 20 N391 Cycle to request all status information The information on all status is requested at every cycle specified in the N391 field As usual only Keep Alive is exchanged N392 Count of Keep Alives to estimate as the disconnection N393 Buffer size to record success failure of Keep Alive The value of N393 should be bigger than that of N392 PVC Interface Select the Frame Relay protocol to display the PVC Interface table Enter the value of each field and press the Add button to create new PVC PVC Interface DECI 16 1007 aj IP Address Gateway Default Gateway The Gateway is a Default Gateway MTL Jisoo 128 1500 Default 1500 PVC Interface Parameters DLCI Number of DLCI a type of network address
88. in the network or a failure occurs between two statically defined nodes traffic will not be rerouted Select the Router gt Configuration gt Static submenu to set the static routes Static routes are set by using the Command line Static 50 oe oe be it a A M Lm J gt Ey In the example listed below the network administrator enters a static route of 100 0 0 0 24 going out through eth0 Click the OK button to submit the command Static lip route 100 0 0 0 24 etho When the entered command is successfully executed the configuration is directly applied to the lt Current Status gt section of the Router gt Configuration gt Static submenu Current Status 5 Ha 0 0 0 070 1 0 via 216 52 56 129 etho ciie 100 0 0 0 24 1 0 is directly connected eth The static route that was entered is redundant because the default route was already sending 100 0 0 0 24 traffic out of eth0 Current Status Parameter Description Type S Static network set by a administrator gt Whether to include activated routing table Network Network Netmask information of route Entry Route information Help If the system administrator is unsure which static route command to use then they may use the lt Help gt section to see all possible commands Select the Command choice either ip route or no ip route then use the Argument pull down menu to see the possible choices For example if the administr
89. ion of WAN gt PPPoE is deleted IPSec gt Configuration menu is modified Connection Add menu is modified Router value configuration is modified VoIP Service menu is modified Key Chain description added 02 03 2007 SAFETY CONCERNS For product safety and correct operation the following information must be given to the operator administrator and shall be read before the installation and operation Caution Indication of a general caution Restriction Indication for prohibiting an action for a product Instruction Indication for commanding a specifically required action AN CAUTION For Security Note that all external administrators are allowed to access the firewall when the Remote IP is set to 0 0 0 0 and Port is set to 0 When Setting IP Range The number of IPs for the Local IP range and that for the Remote IP range should be identical when setting PPTP VPN For example if the number of IPs for Local IP range is 10 and that for Remote IP range is 20 only 10 calls will be set When Setting PPTP in Windows XP 2000 In Windows XP 2000 the administrator can use DHCP client If VPN PPTP client is connected while the DHCP client is operating errors will be found To prevent this problem close the DHCP client operation on the Start gt Program gt Administrative Tools gt Services menu of the Windows PPTP cli
90. ion will use the manually entered DNS server IP addresses configured using the Network gt DNS submenu 14 WAN gt DHCP Select the WAN DHCP category to display the following setup window The WAN DHCP information is automatically configured without any special setup fields The OK button must be clicked in order to complete the setup Interface Type ff WAN LAN C NONE Protocol Type gt Static IP C PPPoE DHCP WAN DHCP DHCP Click OE button to start Vendor ID DNS C Auto Manual For cable modem service that requires a more detailed setup enter a vendor ID LAN gt Private IP Select the LAN Private IP category to display the following setup window Interface Type WAR LAN NONE Protocol Type Private Public LAN Private IP Ethernet Interface JF Netmask MTU is00 Byte IP Alias ee Add Enter the IP address and the netmask value to be assigned to the Ethernet interface The IP Alias field is the same as the corresponding input field displayed when selecting WAN gt Static IP Private LAN Parameters IP Used to enter the private IP address assigned to the LAN interface Netmask Used to enter the Subnet Mask information for the LAN interface MTU Maximum Transmission Unit Leave this field at default unless told to change by Samsung Technical Support LAN gt Private IP Programming Example In the example listed below the following information is applied to th
91. ions window is used to set up the RMON event options Event Option Max Event Logs HS orn RMON Event Options Parameter Description Max Event Logs Status Used to set up the maximum number of Event Logs The Management gt RMON gt Status submenu is used to view the RMON System Configuration History Global Status Max History Buckets Granted History Buckets Used History Buckets MIM History Interval Event Global Status Man Event Logs 400 Saved Event Logs D RMON Global Status Field Description MAX History Buckets Granted History Buckets Used History Buckets MIN History Interval Max Event Logs Saved Event Logs This field displays the maximum history storage space that has been set up This field displays the history storage space that is currently allocated This field displays the history storage space that is currently used This field displays the minimum history sample collection cycle This field displays the maximum number of logs that are set up This field displays the number of logs that is currently stored 161 Management The Management gt RMON gt Management submenu is used to start and stop the SNMP service Click the Run button to start the RMON service and click the Stop button to halt the RMON service RMON Management The administrator can start stop the RMON service RMON Management Stog Run RMON Management Field
92. ist name Seq Used to set the sequence No of the prefix list Action Allows Rejects the packets matched Prefix Match Sets the match condition Any All packets Network network range Once the Prefix List information is entered and saved then the results are directly applied to the Router gt List gt Prefix List lt Current Status gt window Current Status Ss a fe test seg 5 permit 100 0 0 0 24 Delete All Once a Prefix List is set in the GWIMT GWIM it can be removed by selecting the radio button of the Prefix List and then click the Delete button Prefix List Current Status Fields ID Prefix list name information Entry Prefix list information Route Map Route maps are similar to access lists as they both have criteria for matching the details of certain packets and an action of permitting or denying those packets Use the Router gt List gt Route Map submenu to begin configuring Route Map Enter the target value and then click the OK button to save the change Route Map Mame test Action Permit Deny Sequence 1 62 Route Map Parameter Description Name Route map name Action Sets whether to apply set operation Sequence Sets the sequence No to additionally delete a route map If the Route Map command is successfully entered and saved then the results will be directly applied to the lt Current Status gt of the Router gt List gt Route Map submenu Route
93. l the services will be terminated and the system will reboot The webscreen will return to the initial login window and the webscreen will not operate until the network and services are all up and running 155 Management Menu The SNMP and RMON settings are configured and managed using the Management menu The submenus will be displayed in the upper left side of the window as follows Management El SNMP t Configuration Status Management El RMON Configuration status Management Management Menu Description Menu Submenu Description SNMP Configuration Used to display the configuration items of SNMP Status Used to displays the SNMP configuration currently configured Management Used to starts or stop the SNMP service RMON Configuration Used to display the configuration items of RMON Status Used to display the RMON configuration currently configured Management Used to start or stop the RMON services 156 SNMP Configuration SNMP is a set of protocols used for managing complex networks The SNMP gt Configuration submenu is used by the administrator to enter SNMP System Options SNMP Community information SNMP v3 User information and Trap Manager information Once all the changes are entered then click the Save button at the bottom of the window Click the Reset button to reset the configuration System Option The following window is used to set up the SNMP System Options System Option
94. ld displays the phone number of ITP WIP Phone VoIP NAPT List Using the VoIP Service gt VoIP Status gt VoIP NAPT List submenu the system administrator can display the NAPT items for VoIP Service The service connects 64 internal ports and external ports to each MGI card through one to one mapping There are also multiple IP ports forwaded to the MCP card The following table shows a basic VoIP NAPT list with 1 MGI 64 and an MP40 card NAPT List for VoIP Index Public IP TE EndPort Internal IP StartPort EndPort EE E Se Ihe 6100 68 1 200 6100 216 62 56 140 udp 6000 E aka pdb IE 6000 2 Je eres Ee 12 AO tcp anaa Wee lot rang 6000 216 62 56 140 udp 9000 ae jl yee 010 9000 216 62 56 140 udp IL 18 Wee oll a Le ie 2 Ve ere te o Ie dl tcp 1720 LEE e 0 Leo 216 62 56 140 udp 060 We T 20n ai oil alo o2 tele 140 tcp 060 IEE 1 200 2060 O Oo wa mom A Ww Fh FH E Ee 1 2 A tcp S000 1 200 J000 mm 216 62 56 140 udp adag i E JL EE NAPT Ports KN Please refer to the OS 7400 Special Applications Manual for a listing and description of NOTE all IP Ports that the OS 7400 uses 138 NAPT List for VoIP Field Description Field Public IP Public Start Port Public End Port Internal IP Internal Start Port Internal End Port Description This field displays the external IP Address which communicates with the external environment This field displays the port number for the external sourc
95. ld displays the type of protocol connected with session UDP TCP Src IP This field displays the source IP Address Src Port This field displays the source IP port Status UNREPLIED Packets that are expected to be answered are received but there is no response packet ASSURED There is no response packet UNREPLIED is changed to ASSURED Dst IP This field displays the destination IP Address Dst Port This field displays the destination IP port 102 Statistics Devices The Status gt Statistics gt Devices submenu is used to display GWIMT GWIM network statistics by classifying the received and transmitted part of each device Received Ethernet 0 18314987 Tocana Ethernet 1 8351384 760l 0 0 Ethernet 2 536234 srel 0 Serial 0 0 0 0 Seriall Oo Oo Transmitted Ethernet 0 219325368 00798 Ethernet 1 774129 TES 0 0 Ethernet 2 0 0 0 Serial 0 0 0 0 Sertall Oo Oo Devices Received and Transmittted Field Description Devices Interface type Bytes Displays the total number of bytes received or transmitted Packets Displays the total number of packets received or transmitted Errs Displays the number of packets when an error occurs Drop Displays the number of packets lost Fifo Displays the FIFO queue is full FIFO Overrun Frame Displays the ethernet header count when a frame does not meet the format Frame Alignment Error Compressed Displays the number of compressed packets
96. lter Group Class Group Policy Management QoS Menu Description Menu Submenu Description Group Port Group Used to retrieve set edit or delete a Port Group IP Group Used to retrieve set edit or delete an IP Group Filter Group Used to retrieve set edit or delete a Filter Group Class Group Used to retrieve set edit or delete a Class Group Policy ie Used to set a class for a port Management Used to start or stop the QoS service and to set the GWIMT GWIM to start QoS automatically when the system reboots 84 i Group Port Group The GWIMT GWIM uses the Port Group submenu to define specific IP ports or ranges of IP ports for the QoS policies Select the QoS gt Group gt Port Group submenu to retrieve set edit or delete a port group Port Group List Name we In order to add a Port Group List click the Add button and a new Port Group window will be displayed Enter the Port Group information and then click the OK button to save the changes Be A In the examples listed below there are three Port Groups created One is for ports 6000 through 6100 which will be used for the MP40 card the second is for ports 30000 through 30031 for the MGI card and the last is for ports 1 through 65001 for TCP on the entire network Port Group Category Contiguration ID MCP_Paorts Port C eooo fe1o0 Click the Add button to create another Port Group Port Group Category Configuration ID
97. m db C Default Change the current system db to default system db DB Config Parameter Description Import Used to restore a previously saved database Export Used to save the existing DB Default Used to restore the DB to factory defaults After the GWIM is defaulted the adminstrator must use one of the default IP addresses such as 10 0 2 1 through the LAN port when using Web Management 144 Admin Config The System gt Admin Config submenu is used to set up the authentication server for logging into the GWIMT GWIM and for changing the Web Time out configuration The choices for authentication server are Local Radius or Taccas Check the box of the authentication method desired and then click the OK button to save the change Once the setting is applied then the selected authentication method configuration window will be displayed Login Policy Set Policy Local C Radius P racat Local The local password is the Admin password that is used to access the GWIMT GWIM router using Telnet SSH FTP and Web Management Enter the new password and then click the OK button to save the change Local Category Contiguration New Password Confirm New Password Radius If a Radius server will be used then select the Radius box Then enter the information for the Radius authentication server Up to 5 lists can be entered Radius Fa Radius Server IP Radius Server eh Time out E EE 145 Taccas If Tac
98. n Certificate Management Management Menu IPSec Configuration L2TP Configuration PPTP Configuration Management STATUS IPSec L2TP PPTP Description Used to set up IPSec Used to generate or delete an IPSec certificate Used to Start or Stop the IPSec feature to generate an RSA Key and to assign the WAN Interface for the IPSec Tunnel Used to set up L2TP Used to Start or Stop the L2TP feature and to set the IP Address range for clients when they connect to the GWIMT GWIM with L2TP Used to set up PPTP Used to Start or Stop the PPTP feature and to set the IP Address range for client s when they connect to the GWIMT GWIM with PPTP Used to display the status of the IPSec tunnel Used to display the status of the L2TP and PPTP connections 108 Setting up VPN Client in Windows XP 2000 Setting up a VPN client in Microsoft Windows is required when IPSec and PPTP are set NOTE in the VPN menu in the OfficeServ 7400 Data Server For detailed information on the configuration settings and method refer to Appendix A IPSec The IP Security Protocol IPSec provides security services in the IP layer through implementing an Internet Key Exchange IKE The IPSec security service is categorized into two services depending the remote equipment The security tunnel can be between a local subnet and a remote subnet or between a local subnet and a remote host Even if IPSec can be set up to provide
99. n Firewall Management Used to enable or disable the Firewall function Configuration Used to set up the Filtering policies Remote Access Used to permit or block the remote access to the system IP Filtering Used to block specific IP Address access URL Filtering Used to block web access to specified web sites ICMP Filtering Used to block ICMP Reply Ping Tracert etc of the GWIMT GWIM Interfaces 31 NAT NAT Network Address Translation is an Internet standard that enables a local area network LAN to use one set of IP addresses for internal traffic and a second set of addresses for external traffic Select the NAT gt Management submenu to begin configuring NAT S When a GWIMT GWIM is initially installed data traffic from a LAN device will not be S allowed over a WAN Interface The Private Network Configuration or Static NAT must be NOTE set up to allow this functionality Management This submenu is used to either enable or disable the NAT feature Select the Enable or Disable radio button and then click on the OK button to set NAT Enable Disable f Enable Disable NAT Parameter Description Enable Used to enable the NAT function Disable Used to disable the NAT function Configuration This submenu is used by the administrator to allow a network configured with private IPs to send data through a WAN interface A private IP Address must be transferred to The Internet through
100. name Organization division name Common name Name Email address Email Password Certificate password Confirm Password Confirming the password of certificate CA Certificate deletion KN When a CA Certificate must be deleted the administrator must sucessully enter the CA NOTE Certificate password So keep track of any CA Certificates that are created 115 External Certificate External CA Certificate Host Certificate Distinguish Name Common Email Password Confirm Password x External CA Certificate Parameter Description CA Certificate External certificate upload Host Certificate Host Certificate Parameter Description Common name Name Email address Email address Password Certificate password Confirm Password Confirming certificate password 116 Management The VPN gt IPSec gt Management submenu is used by the administrator to start and stop the IPSec service When the GWIMT GWIM is rebooted the IPSec service will be returned to the state it was in before the reboot was performed RSA keys may be generated or downloaded from this window and the External Interface is also selected here IPSec Management Create the new RSA key Download the current RSA key M etho In the RSA window click the OK button for the Create the new RSA Key item to add a new RSA public key password method key Use this submenu to add a new RSA key if the host authentication meth
101. nd the WAN IP is set to 10 0 1 1 Config Mode Basic Mode C Advanced Mode Private Network Port Forward Inside IP 192 16a fa 149 Outside fo fo fo fo WAN IP fio Lo E lhe Index No E This means when any external IP device tries to connect to the WAN IP 10 0 1 1 it will be redirected to 192 168 1 149 When using the Basic Mode all network or IP ports and protocols are forwarded If a specific network port or protocol needs to be defined then the Advanced Mode must be used Ts If only one WAN IP is being defined use the symbol without anything in the field to the XN right of the entry NOTE 35 Basic Port Forward Parameter Description Parameter Inside IP Outside WAN IP Index No Description Used to set the Internal IP Address which will be connected to from the outside The field to the right of this entry is used to specify a different destination network or IP port Used to define the external IP addresses that will be allowed to connect to the Inside IP Used to define the WAN IP Address The symbol is used to specify a public IP Address Public network or subnet as a valid source Example 12 168 1 0 24 This allows the source to be any device within the 12 168 1 0 network The is used to specify a range of IP Address sources Example 12 168 1 50 60 The symbol is used to allow all possible external IP Addresses as the source IP Example 0 0 0 0
102. nfig gt Rule Config submenu the system administrator can set the IDS rules to be update automatically or they can manually update the IDS rules The version of the current rule set file and the released date is displayed as well Set Time for Update Rules Mow t Update Now Nat use Not use reservation Current Rules Information Rules Information Current version v 1 144 2 8 1 Release Date 2006 10 19 16 28 12 Update the Rule set Rule Config Parameter Field Description Category Now Updates the IDS Rule Now Pull Down Menu Can select Not use One Time Daily Weekly or Monthly Configuration Will change depending on the Category Set OK button used to implement the Category operation Current version Shows current IDS File Set version Release Date Shows current Release Date of IDS File Set Update File Used to Manually browse to an IDS rule set file to update the system 133 Mail Config Using the IDS gt IDS Config gt Mail Config submenu the system administrator can set up the SMTP attributes Set Time for Sending Mail The administrator uses this window to set up when the GWIMT GWIM will send an email to the defined SMTP server Set Time for Sending Mail Send Mail Now Day Hour Either click the OK buton to the right of the Now category to send an email immediately or use the pull down menu to select when the email should be sent The choices are One Time Daily Weekly
103. nt and queuing function of data packets for external WAN and internal LAN e Static and dynamic routing functions Support of Routing Information Protocol version1 RIPv1 RIPv2 Open Shortest Path First version2 OSPFv2 Border Gateway Protocol 4 BGP4 routing protocol e Dynamic Host Configuration Protocol DHCP e Point to Point Protocol over Ethernet PPPoE client function in Ethernet WAN interface e Encapsulation function of High level Data Link Control HDLC PPP and Frame Relay in Serial WAN interface e Support of IP Multicast Support of IGMPv1 Internet Group Management Protocol version1 IGMPv2 protocols Support of Distance Vector Multicast Routing Protocol DVMRP Protocol Independent Multicast Sparse Mode PIM SM multicast routing protocol e Access interface function for WAN GWIMT 3 10 100 1000 Ethernet ports For WAN or LAN interfaces GWIM 3 Gigabit Ethernet ports For WAN or LAN interfaces 2 Serial WAN ports For hooking up data private lines via a DSU or CSU which supports V 35 1 port or HSSI 1 e Network Load Balance NLB function Function that equally distributes the load by setting several gigabit Ethernets or serial interfaces into WAN and increases the availability by automatically sharing the load with other lines when a line is not operated Data Network Security Functions e Outbound and Inbound NAT Network Address Translation PT Protocol Translation function Access control
104. nu to display the submenus in the upper left side of the window as follows YoIP Service El YoIP Service t Management El oIP Status VoIP OB WoIP MAFT List VoIP Service Menu Description VoIP Service Management Used to set up the VoIP Service VoIP Status VoIP Status Used to display the configuration status of the VoIP Service VoIP NAPT Status Used to displays the configuration status of the VoIP NAPT VoIP Service Management Using the VoIP Service gt VoIP Service gt Management submenu the system administrator can start or stop the VoIP Service By default the VoIP Service is running after the GWIMT GWIM finishes its booting cycle Click the Stop or Run button to change the status of VoIP Service VoIP Service Management VoIP Sevice Management Field Description Activity Current VoIP service status It is either Running active or Stop inactive Action Command that will change the status of the VoIP Service Either Stop to deactivate or Run to start 136 In the VoIP NAPT window a WAN interface needs to be selected for VoIP Service to function Select the WAN interface which will utilize VoIP Service and then click the OK button to save the changes Whatever the last setting is will be restored when the system reboots VoIP NAPT Management etho Ex TERNAL STATIC oz lec TS Kom ethi INT_PRIY STATIC 10 0 01 eth2 Ea TERMAL STATIC EO A Claes SerialO Ex TERNAL
105. o lt Current Status gt of the Router gt List gt Route Map submenu Current Status a e r match ip address test C 10 set ip next hop 1 1 1 1 Current Status Field Description Sequence Matches Sets operation Sequence No of route map Entry Matches Sets operation information of route map Click the Prev button to return to the route map window or click the Delete button to delete the selected Match Set operation 64 As Path List Select the Router gt List gt As Path List submenu to begin configuring the AS Path access list entries for the GWIMT GWIM BGP Enter the target values and then click the Save button As Path Ite st Permit Deny ioo AS Path List Parameter Description ID Usd to set the AS Path access list name Action Used to set the system to allow reject if a BGP route information exists that meets the match condition Match Used to set the match condition Once the AS Path command is successfully entered and saved then the results will be directly applied to the lt Current Status gt of the Router gt List gt As Path List submenu Current Status P S fe test permit LOO eh Le al Delete All Current Status Field Description ID As path access list name Entry As path access list information In order to delete an AS Path entry click the radio button to the left of the AS Path rule and then click the Delete button Click the Dele
106. od of RSA key used After setting an External Device in the External Device window click the OK button to save the configuration L2TP Configuration The system administrator can begin setting up the L2TP security between a local subnet and a remote host by using the VPN gt L2TP gt Configuration submenu The administrator can create modify delete or retrieve the VPN tunnel data from here User List C ee Cae L2TP User List Field Description Create a PPTP administrator 117 Delete Delete a PPTP administrator Edit Modify a PPTP administrator information Add Click the Add button on the lt L2TP administrator list gt window to add a L2TP Tunnel ID and password Enter each parameter and then click the OK button to save the changes User Add ID Password Confirm Password Auto IP Allocation C Static IP Allocation L2TP User Add Parameter Description ID Used to enter the L2TP Tunnel ID composed of letters and numbers Password Shared tunnel password Confirm Password Re enter shared tunnel password Auto IP Allocation Used to assign dynamic IP to remote client Static IP Allocation Used to assign static IP to remote client Enter IP address 118 Edit If a L2TP Tunnel parameter needs to be modified highlight the radio button to the left of the User List needing to be changed and then click the Edit button Modify each parameter value and then click the OK button to save
107. on commannds and the OSPF Interface Basic fields may be used to enter Basic OSPF configuration commands OSPF Interface etha OSPF Interface Basic cost lt 1 65535 gt Cost dead interval 1 65535 gt Seconds hello interyal lt 1 65535 gt Seconds transmit delay lt 1 65535 gt Seconds retransmit 1 65535 gt Seconds interval Select the target interface and then enter the OSPF configuration command using the Command field or OSPF Interface Basic fields If a WAN Interface is set up to work through a VPN Tunnel then it will not be possible to N send routing updates through it This includes RIP OSPF and BGP NOTE Help If a system administrator is unsure which OSPF commands to use then they may use the Help Command pull down menu to see all possible choices Select the Command field either ip ospf or no ip ospf and then the Argument field Once the correct OSPF command is identified then type it into the Command field and click on the OK button to submit the change Once an OSPF configuration command is successfully applied the results will be displayed in the Router gt Configuration gt OSPF Interface lt Current Status gt window Current Status Router OSPF Interface ethO Ip ospf cost 5 In ospt dead interval 55 57 BGP BGP is the core routing protocol of The Internet It works by maintaining a table of IP networks or prefixes which designate network re
108. on oruners l ido not allow old version DVMRP neighbors Metric 1 there RD Interface Parameter Description Interface Used to select the target L3 interface Reject Non Select the Non pruners box to indicate that the neighbors only pruners support DVMRP with an older version Metric Metric distance value to be used for multicasting routing by VIF DVMRP Interfaces This section of the submenu is used to display the configuration of the DVMRP VIF To delete a specific VIF check the check box on the left of the entry and then click the Delete button DVMRP Interfaces C 1 N A rd2 100 1 2 10 24 BLAST i E pa 100 1 3 10 24 BLAST 0 MA T7 DVMRP Interfaces Field Description Intf DVMRP VIF name Address IP address of DVMRP VIF Type DVMRP VIF type Tunnel Point to Point Broadcast Neighbor Count Number of neighbors connected to DVMRP VIF Remote Address of the other party in case of Tunnel or Point to Point Address type Peer Address PIM SM PIM SM or Protocol Independent Multicast Sparse Mode PIM SM is a protocol for efficiently routing to multicast groups that may span wide area and inter domain internets Use the IPMC gt Configuration gt PIM SM submenu to begin configuring the PIM SM on the GWIMT GWIM PIM SM amp Help PIM SM commands can be entered into the Command field and saved by clicking the OK button Use the Help field to find a PIM SM command PIM SM Help clear ip pim M
109. p clear ip igmp w group ka IGMP Basic Enter the new IGMP information and then click the OK button to change the default configuration of IGMP IGMP Basic Interface f All Cc etha E 192 168 17 100 16 IGMF Query Interval i25 1 65535 Default 125 Max Response Time io 1 25 Default 10 74 IGMP Basic Parameter Description Interface Select the target IGMP interface and select All Then all interface configuration values are applied IGMP Query Cycle of sending IGMP Membership Query Interval Max Response Maximum time of waiting a response after sending Membership Time Query IGMP Interface Information This section of the IPMC gt Configuration gt IGMP window is used to display the IGMP interfaces IGMP Interface Information Uer Max Res Address Querier Address ne 7 Interval Time 100 1 2 10 24 100 1 2 10 24 100 1 35 10 24 nas 100 1 35 10 24 ea 10 IGMP Interface Field Description Address IGMP group address Intf IGMP interface name Querier IP address of IGMP interface that sends membership query IP Address address of Designate Router DR Query Interval Cycle of sending Membership Query Max Resp Time Maximum time of waiting a response to Membership Query 75 Configuration DVMRP The Distance Vector Multicast Routing Protocol DVMRP is an Internet routing protocol that provides an efficient mechanism for connectionless message multicast to a group of hosts across
110. p Down State PfxRcd IP address of the neighbor router Version No used by neighbor AS No of neighbor Message number received from neighbor Message number sent from neighbor Latest BGP database version sent from neighbor Number of messages that should be received from neighbor and processed Number of messages sent to neighbor Displays the path time when BGP session is finished Displays the status when BGP session is not finished Number of BGP routes via neighbor or peer group or BGP Current status Network BGP Information Field Description Part 3 Displays network information Status code information s Indicates the suppressed network Indicates proper network information 70 Field Nexthop Metric LocalPrf Weight Path Description h BGP dampening is activated gt best route i Indicates the network entered by IBGP Nexthop address of the BGP route sent from neighbor MED value of BGP neighbor Local Preference Default is 100 Weight allocated in prefix Local route default is 32768 The default of the sent route is 0 Displays the list of AS path that should be passed to go to the network corresponding to the prefix Origin code information Information received by the network command e Information received via EGP Information received by redistribution 71 IPMC For large amounts of data IP Multicast is more efficient than normal Internet transmissions
111. r gt Configuration gt BGP lt Current Status gt window Current Status Router BGP router bgp 100 network 192 168 1 0 4 neighbor 192 168 2 1 remote as 200 Help If a system administrator is unsure which BGP commands to use then they may use the Help Command pull down menu to see all possible choices Select the Command field and select the BGP entry and then the Argument field entry Once the correct BGP command is identified then type it into the Command field and click on the OK button to submit the change 59 List Access List Access Lists are used on the GWIMT GWIM to control access to the network Access lists can prevent certain traffic from entering or exiting the router Select the Router gt List gt Access List submenu to begin configuring the Access list After setting the target items click the OK button Access List ID Action Source Match Exact match word E O Permit Deny any Network iog fo fo o fea On Off Access List Parameters Action Source Match Destination Match Exact match Used to set the 1 99 Standard Access List Access list name 100 199 Extended Access List 1300 1999 Standard Access List 2000 2699 Extended Access List Word Named Access List Used to allow or reject the packet matched Sets the match condition Any All packets Host A host Network Network range If the ID ranges from 100 to 199 or from 2000 to
112. rations One for VoIP traffic A one for TCP MP40 traffic and one for all other TCP traffic The Voip Group will have a priority of 1 and will have a minimum speed of 300 KBs and a maximum speed of 800KBs the TCP for the MP40 group will have a priority of 2 and will have a minimum speed of 300 KBs and a maximum speed of 600KBs and the All TCP droup will have a priority of 3 and will have a minimum speed of 200 KBs and a maximum speed of 500KBs HTB Class Group ID Woip_Leaf Class Type C root inner default leaf Parent ID Inner Priority E Rate 300 KB s aj Zeil Ene KB s Filter Apply AlL_TCP 400 ALL gt gt REMOVE REMOVE ALL Enter the information for the VoIP _Leaf class and then click the OK button to save the changes HTB Class Group category vate O ID MCP_TCP Class Type root inner default leaf Parent ID ner Priority lz H Rate zog KB s Ceil fena kB s a Filter Apply 400 gt gt all TCR 400 ALL gt REMOVE lt lt lt REMOVE ALL 95 Enter the information for the MCP_MP40_ Leaf class and then click the OK button to save the changes HTB Class Group ID al _TEF Class Type C root inner default leaf Parent ID Inner Priority 3 Rate zoo KB s a Zeil 5o00 KB s Filter Apply 400 ALL gt REMOWE lt lt lt REMOVE ALL Enter the information for the All_ TCP Leaf class and then click the OK b
113. rmation Interface Type fe WAN LAN NONE Protocol Type f Static IP PPPoE DHCP WAN Static IP IP fio p i p 2 Netmask MTU Gateway Default Gateway By checking the Default Gateway box a default route is entered into the routing table specifying this Gateway as the default route It is displayed in the GWIMT GWIM Routing Table as 0 0 0 0 0 1 0 via 10 0 0 1 eth1 Routes 5 gt 0 0 0 0 0 1 0 via 10 0 0 1 ethi ee 10 0 0 078 Is directly connected ethi ee 127 0 0 0 8 Is directly connected loopback ie 192 168 1 0 24 Is directly connected eth2 13 WAN gt PPPoE Select the WAN PPPoE category to display the following setup window Enter the ID and Password for the account that is assigned from the ISP Check the Option check box in the lower section of the window to display the Method MTU and DNS setup window Interface Type ff WAN LAN C NONE Protocol Type gt Static IP PPPoE C DHCP WAN PPPoE Authentication ID sarnsung 12 cam Password eves ul Option Method any MTU i492 byte DNS Auto C Manual PPPoE WAN Parameters ID Used to enter the User ID which is supplied by the ISP Password Used to enter the Password supplied by the ISP MTU Maximum Transmission Unit Leave this field at default unless told to change by Samsung Technical Support DNS Auto The GWIMT GWIM will automatically receive DNS information from ISP Manual This connect
114. rnet Interface submenus to display the setup window shown below Interface Type WAR C LAN WONE Protocol Type Static IP PPPoE DHCP The fields that are displayed will vary depending on the type of interface being defined The details of each interface type are as follows e WAN The following types can be selected for a WAN interface Static IP Select Static IP if your Internet service account uses a Fixed IP Static IP address assignment PPPoE Select PPPoE if your Internet service account uses a PPP over Ethernet login protocol such as in ADSL account DHCP Select DHCP if your Internet service account uses a Dynamic IP address assignment such as a Cable Modem account e LAN The following types can be selected for a LAN interface Private Select to assign the internal network numbers based on private IP address Public Select to assign the internal network numbers based on public IP address e NONE Select when the corresponding interface is not used Detailed setup information for each interface type are as follows WAN gt Static IP Select the WAN Static IP category to display the following configuration window Interface Type WAN LAN C WONE Protocol Type f Static IP PPPoE DHCP WAN Static IP Ethernet Interface IF Netmask MTL Jiso0 Byte Gateway Default Gateway O Static WAN Parameters IP Used to enter the public IP address assigned to t
115. rs if needed then click the Run button Only one destination IP can be tested at a time and the radio button of the IP Address to be tested must be checked The radio button of the destination IP Address on the top of the list is set by default Ping Category Configuration Destination IP Address Source Address Packet Size Retry Count Time to Live MTU Discovery Hint PING 192 168 1 1 192 166 1 1 from 192 168 1 1 56084 bytes of data 64 bytes from 192 168 1 1 icmp _seg 1 ttl 64 time 0 129 ms 64 bytes from 192 168 1 1 icmp_segq 2 ttl 64 time 0 020 ms 64 bytes from 192 168 1 1 icmp_seg 3 ttl 64 time 0 0158 ms 192 168 1 1 ping statistics 3 packets transmitted 3 received 0 loss time 1999ms rt minfavg max mdeyv 0 018 0 055 0 129 0 052 ms 30 Firewall Menu The Firewall menu is used to configure port forwarding static NAT rules and all firewall functions Select the Firewall menu and the submenus will be displayed in the upper left side of the window as follows El WAT Management t Configuration Port Forward Static NAT E Firewall Management Configuration Remote Access IP Filtering URL Filtering ICMP Filtering Firewall Menus Description Menu Description NAT Management Used to enable or disable the NAT function Configuration Used to set up the private IP sharing function Port Forward Used to set up the port forwarding function Static NAT Used to set up the static forwarding functio
116. s Required First character must be a letter IP External IP address Required Router Router IP address typically the gateway for WAN Interface Subnet IP Internal IP address range Subnet Mask Internal subnet mask 110 Parameter Description RSA Key Selects the host authentication method Preshared Key RSA Key The Public RSA key is already defined Click the Certificate Browse button to find the Remote Key and then click on the Upload button to store the RSA key into the GWIMT GWIM Preshared Key Used to enter an authentication password Certificate Used to define the local authentication certificate and the CA certificate For Local settings select a certificate from the certificate list If selecting a certificate from the Local ID of Advanced is entered automatically For Remote settings enter the Remote ID It is available to check the integrity of the host certificate registered to Local Router Value Configuration 3 S If IP Address of Local settings and the network address of IP Address of Remote NOTE settings the result of Netmask for IP Address are identical enter the value of IP Address of Remote settings as the value for the Router of Local settings and enter the value of IP Address of Local settings as the value for IP Address of Remote settings 111 Advance Click the IPSec Advanced button from the lt IPsec Add gt or lt IPs
117. sparse mode bsr rp set we 78 PIM SM Basic These fields are used to set the BSR and RP of the PIM SM protocol Mark the check box to the left of each item and then enter the configuration values Click the OK button to apply the values To delete the values mark the check box to the left of the item and then click the Delete button PIM SM Basic M RP Address i92 ies 17 ioo Wo RP Candidate etha 22 Priority 0 255 M BSR Candidate etho 30 MaskLenfO 32 100 PriorityfO 255 PIM SM Basic Parameter Description RP Address When setting static RP enter the IP address of RP RP Candidate When setting RP Candidate select VIF and enter the target priority Low value has high priority BSR Candidate When setting BSR Candidate select VIF and enter the target Mask Length and Priority High value has high priority BootStrap Information This section of the IPMC gt Configuration gt PIM SM submenu is used to display the information on the BootStrap router BootStrap Information BootStrap Information PIMy2 Bootstrap information This system is the Bootstrap Router BSR BSR address 192 168 0 99 Uptime 00 00 04 BSR Priority 100 Hash mask length 30 Expires 00 02 06 Role Candidate BSR State Pending BSR Candidate RP 192 168 0 99fetho Advertisement interval 60 seconds Next Cand RP advertisement in 00 00 58 79 RP Information This section of the IPMC gt Configuration gt
118. ss for an assigned bandwidth Maximum value of assigned bandwidth Used to set the filtering rules for the class Used to set the bandwidth of the class based on day of the week and hour 97 Policy The QoS gt Group gt Policy submenu is used for setting the QDISC type and root class class for an interface Policy Category Configuration Device Etherneta ODISC Type f SPO HTB koot Class none Dei QDISC Type Root Class Default Class Seriald Seriali Ethernet Etherneti Ethernet2 Save Policy Parameter Description Device Used to select an interface ethO eth1 eth2 V 35 or HSSI QDISC Type Used to select the QDISC to be applied to the interface Root Class Used to assign a Class connected to the interface Select the class group from the class group list Default Class This class defines the bandwidth for incoming traffic that is not HTB only applicable to any filtering rules Select the class group from the class group list 98 SPQ Policy In order to set up the Interface for SPQ use the Device pull down menu and select the Interface then select the radio button for SPQ select the Root Class and then click the Save button to apply the change Policy Category Configuration Device Etherneta QDISC Type f SPO HTB koot Class Traffic z Dei O QODISC Type Root Class Default Class Serial Seriali Ethernet Traffic Etherneti Ethernetz
119. t is 192 168 2 0 and the remote Subnet Mask is 255 255 0 This tunnel uses a Preshared key 113 Connection Add Category Local Settings Remote Settings Connection Add Category Local Settings Remote Settings Connection ID TaRermote1 IP 10 0 11 Router IP io fo fi es4 Subnet IP 192 168 1 0 Subnet Mask 255 Jess Jess fo 255 Jess Jess fo d Authentication Method Password BETT Re password ETT Certificate The VPN gt IPSec gt Certificate submenu is used by the administrator to verify Issue Delete Download a CA Certificate and Host certificate In addition the addition delete of an external certificate and the current certificate list is performed here CA Certificate List External CA Certificate List cen OO OOOO o OOOO Certificate Parameter Description CA Download CA Certificate download CA Delete CA Certificate delete Ex upload External CA Certificate upload Ex Delete External CA Certificate delete Host Add Host Certificate add Host Delete Host Certificate delete 114 CA Certificate List CA Certificate Distinguish Name Country 2 letter ko jp State Locality Organization Organization Unit common Email Password Contirm Password CA Certificate List Parameter Description Country name Country name Two characters ex kr cn State name State name Locality name Local name Organization name Company name Organization unit
120. t window shown below will appear Click on the Yes button to proceed Security Alert Information you exchange with this site cannot be viewed or changed by others However there is a problem with the site s security certificate The security certificate was issued by a company you have not chosen to trust View the certificate to determine whether you want to trust the certifying authority The security certificate has expired or is not yet valid The name on the security certificate is invalid or does not match the name ofthe site Do you want to proceed Yes View Certificate This page contains both secure and nonsecure items Do you want to display the nonsecure items Yes No More Info OfficeServ 7400 is enterprise IP solutions made by samsung Electronics It provides integrated solutions for you Pass word gt Save Your ID L The login ID is admin and the default password is root 4 Lo g into the GWIMT GWIM using the administrator ID and password and then click on the OK button The following Security Information window will appear again Click on the Yes button to proceed Security Information This page contains both secure and nonsecure items Do you want to display the nonsecure items Yes No More Info 5 The GWIMT GWIM menus are displayed in the upper part of the screen Select each menu to display its submenus on the left section of the screen For more
121. te All button to remove all AS Path entries from the GWIMT GWIM at the same time 65 Community List Select the Router gt List gt Community List submenu to begin configuring the Community List of the GWIMT GWIM BGP Set the target values and then click the Save button Community List Ite st Expanded Standard Permit Deny No Advertise Community List Parameter Description ID Used to set the Community list name Expanded When a normal community list is set Standard When community list with a selected format is set Action Used to set whether to allow reject the community that is matched Match No Advertise Do not distribute path to the neighbor router No Export Do not distribute path to an external neighbor router Local AS Do not distribute path to the neighbor router of the lower AS located at BGP combination network In other cases set normally to community list Once the Community List command is successfully entered and saved then the results are directly applied to the lt Current Status gt of the Router gt List gt Community List submenu Current Status ty fe expanded test permit no advertise Delete All 66 Current Status Field Description ID Community list name Entry Community list information In order to remove a Community List entry click the radio button to the left of the Community List rule and then click the Delete button Click the Delet
122. the Command field or by using the OSPF Basic fields basic commands only OSPF OSPF Basic redistribute connected O static C rip C bgp network a E i sd area ID 55 e In the Command field and OSPF Basic examples listed below the network administrator is Z setting the 192 168 1 0 network for OSPF with an area of 100 Click the OK button to apply the change ARA A e olf a a a a Ps OSPF network 192 168 1 0 24 area 100 OSPF Basic redistribute L connected O static C rip l bgp network is ies fi fo i ea iog area ID Both the Command field and OSPF Basic field entries listed above produce the same configuration and will be displayed under the current status Current Status Router OSPF router aspt network 192 168 1 0 24 area 100 Help If a system administrator is unsure which OSPF command to use in the Command field then they may use the Help Command pull down menu to see all possible choices Once a command is selected the Argument pull down menu will be populated with the appropriate choices Once the correct OSPF command is identified then type it into the Command field and click on the OK button to submit the change 56 OSPF Interface The Router Configuration gt OSPF Interface submenu is used to select the Interfaces which will use OSPF and to apply advanced OSPF functionality The Command field may be used to enter both basic and advance OSPF configurati
123. the VPN tunnel data changes User Mod ID Password Confirm Password Auto IP Allocation Static IP Allocation Management Using the VPN gt L2TP gt Management submenu the system administrator can start or stop the L2TP services When the system is rebooted the L2TP service will be automatically initiated if the L2TP service is running L2TP Management Stop Run Local IP FEE ie esa os Remote IP fisz fies f2sa for fos Method pap The administrator can also set up the IP range for the remote L2TP clients that use the dynamic IP feature The encryption method supports pap and chap Setting up IP Range The number of IPs for the Local IP range and that for the Remote IP range should be CAUTION identical For example if the number of IPs for Local IP range is 10 and that for Remote IP range is 20 only 10 calls will be set 119 PPTP Configuration The system administrator can begin setting up the PPTP security between a local subnet and a remote host by using the VPN gt PPTP gt Configuration submenu The administrator can create modify delete or retrieve the VPN tunnel data from here User List a OOO o OOOO OO ap anocation O PPTP User List Parameter Description Add Used to create a PPTP administrator Delete Used to delete a PPTP administrator Edit Used to modify PPTP administrator information Add Click the Add
124. the firewall installation data RS SIP IP Configuration External IP 192 168 17 100 we internal IP TET 1 140 The external IP and internal IP Address choices are displayed using the pull down menus so that the administrator can view and select the usable information from the firewall configuration Select an External IP and an Internal IP and then click the OK button SIP IP Configuration External IP 192 168 17 100 Internal IP a Map LIST Enter the SIP data for the SIP network devices inside of the firewall Map List Number ID defaut nd 1 If an IP address or phone number is not entered into the Number ID field then the default ID will be used The IP Address of the Call Server OS 7400 MP40 should be entered in the default IP field iD default EN iia If a Map entry must be removed then check the check box to the left of the ID and then click the Delete button 141 Management The SIG ALG gt Management submenu is used to start and stop the SIP ALG service SIP ALG Management SIP ALG Management Field Description Activity Current status of SIP ALG Action Command that is available to execute in current status 142 System Menu The System Menu is used to import or export the GWIM GWIMT database to view system logs to configure the DHCP server and relay functions to set time attributes to upgrade the software and to re
125. thority of the configured administrator Trap IP This field displays the configured Trap IP Trap Port This field displays the configured Trap Port 159 Management The Management gt SNMP gt Management submenu is used to start and stop the SNMP service Click the Run button to start the SNMP service and click the Stop button to halt the SNMP service SNMP Management SNMP Management Field Description Activity This field displays the operational condition of the SNMPservice Action Used to select whether to start or stop SNMP RMON Configuration Remote Monitoring RMON is a standard monitoring specification that enables various network monitors and console systems to exchange network monitoring data RMON provides network administrators with more freedom in selecting network monitoring probes and consoles with features that meet their particular networking needs Use the Management gt RMON gt Configuration submenu to begin configuring RMON Enter the History and Event Options and then click the Save button to apply the changes Click the Reset button To initialize the RMON History Option The History Option window is used to set up the RMON history options RMON Configuration Parameter Description MAX History Buckets Used to set up the maximum history storage space MIN History Interval Used to set up the minimum history sample collection cycle 160 Event Options The Event Opt
126. ton to the left of the Filter Group List and then click the delete button 89 Class Group The QoS gt Group gt Class Group submenu is used by the administrator to retrieve set edit or delete SPQ Class Group and HTB Class Group configurations SPQ Class Group Begin configuring the Strict Policy Queuing by clicking the Add button SPQ Class Group List After the Add button is clicked the SPQ Class Group configuration window will open By default the Class Type is set to leaf Set the ID and filter of the leaf classes and then click the OK button to save the changes SPQ Class Group ID Class Type root leaf Filter Apply 400 gt TCR MCP all TCP 400 ALL gt gt REMOVE lt lt lt REMOVWE ALL T ee D i ft i oe oe oe ee 6 ee eas Ces WAWL a W a In the examples listed below there are three leaf and one root SPQ Class Groups created One leaf is for the VoIP Traffic the second is for the MP40 and the last leaf is for the rest of the TCP traffic on the 192 168 1 0 24 network The root group prioritizes the leafs into High Middle and Low Priority Groups ari r a a 1 ees 90 Example 1 shows a SPQ leaf Class Group which was designed for VoIP traffic SPQ Class Group ID WoIP Classe ae C root leaf Filter Apply TCP MCP A TEE ADD ALL gt gt gt REMOVE lt lt lt REMOVE ALL Example 2 shows a SPQ leaf Class Group which was designed for MCP TCP
127. traffic SPQ Class Group ID TCP_MCP Class wee root leaf Filter Apply i ADDO TCP MCP 400 ALL gt REMOVE lt lt REMOVE ALL 91 Example 3 shows a SPQ leaf Class Group which was designed for all other TCP traffic SPQ Class Group ID Jall_TcP Class Type root leaf Filter Apply 400 gt All TCP 400 ALL gt REMOVE lt lt lt REMOVE ALL T Once the SPQ Class leaf Groups are created then it is time to define the SPQ root Select the root radio button in the Class Type row to open the following window Assign the Class Group ID and then use the pull down menus to assign the High Middle and Low priorities for the leaf classes previously defined SPQ Class Group a ID Root Class Type f root leaf High VoIP Middle Mermer Low all_Tcr SPQ Class Group Parameter Description Class Type Configuration window depends on the type of the class to be set root Sets the root class leaf Sets the leaf class High Used to set the leaf class whose priority will be set to high Middle Used to set the leaf class whose priority will be set to middle low Used to set the leaf class whose priority will be set to low Filter List Used to set the filtering rule for the target traffic in the target class 92 SPQ eS SPQ is the simplest queuing method The priority of the leaf class can be set to high SS middle or low N NOTE HTB Class Group
128. twork Load Balance Management The Network Load Balance Management window is used for starting and stopping the NLB service Network LoadBalance Management Stop Run Utility The GWIMT GWIM is able to do both basic ping and extended ping tests Select the Network gt Utility gt Ping submenu to access the Ping function Ping The Ping window is a table which is used to specify and execute the Ping test When an administrator selects this submenu the following configuration window is displayed Ping Destination IP Address Source Address Packet Size Retry Count Time to Live MTU Discovery Hint PUT Ping Parameters Destination IP Used to enter the destination IP address for the Ping Address test Source Address Used to set the IP address of the interface for the Ping test Packet Size Used to set the packet size to be transmitted 29 Retry Count Used to set the retry count If it set to 0 there is no retry Max is 3 Time to Live Used to set the TTL value MTU Discovery Hint None Selects the Path MTU Discovery method Do Uses PMTU but does not treat In short packet fragmentation does not occur Don t Does not use PMTU at all Since it does not set the DF field the fragmentation may occur in remote site Want Uses PMTU and treats appropriately In short if the packet size is longer than MTU the packet fragmentation occurs Enter the destination IP and any exdeted ping paramete
129. uing process for layer 3 packets and priority queuing for a specified IP Priority queuing process for layer 4 packets and priority for RTP packets UDP TCP port Management Function e Advanced debugging functions via Telnet connection e Configuration and verification functions for the operations of GWIMT GWIM functional block via a browser e Configuration and verification functions for the operations of GWIMT GWIM functional block via the Simple Network Management Protocol SNMP 4 Real time Monitoring 4RMON function e Program Upgrade Program upgrade via Trivial File Transfer Protocol TFTP Program upgrade via Hypertext Transfer Protocol HTTP Program upgrade via local manager s PC CHAPTER 2 Installing OfficeServ 7400 GWIMT GMM This chapter describes the installation and the login procedure for OfficeServ 7400 GWIMT GWIM Software installation OfficeServ 7400 GWIMT GWIM software is pre installed The software package is composed of the following items described below Package Description Bootrom gwim bootldr img vx xx Boot ROM program Package gwim bootldr img vx xx sum Main Package gwim pkg vx xx tar gz Upgrade package for HTTP Qwim os imMg vx xx os partition upgrade package for TFTP gwim firmware img vx xx Firmware partition upgrade package for TFTP gwim configdb img vx xx configdb partition upgrade package for TFTP gwim logdb img vx xx logdb partition upgrade
130. unning DYMERP Cistancd Vector Multicast Routing Protocol Stopped PIM SM Stopped 106 Application This window is used to display the current status of the Application services being provided by the GWIMT GWIM Application QoS Quality of Service Stop SIP ALG Session Initiation Protocol Stop NTP Network Time Protocol Stop DHCP Dynamic Host Configuration Protocol Stop SSH Secure Shell Running Telnet Running FTP File Transfer Protocol Stop Management This window is used to display the current status of the Management services being provided by the GWIMT GWIM Management Network LoadBalance Stopped Accumulated Network System Monitoring Running SNMP Simple Network Management Protocol Stopped 107 VPN Menu A VPN is an encryted tunnel which is used to allows remote users and other private networks to connect to other networks using secure methods VPNs are widely utilized by enterprises to create wide area networks WANs that span large geographic areas to offer site to site connections to branch offices and to allow mobile users to dial into their company LANs Select the VPN menu to begin configuring the VPNs feature The VPN submenus will be displayed in the upper left side of the window as follows YP ra E IPSec Configuration t Certificate Management El LTP Configuration Management El PPTP Configuration Management El STATUS IPSec LZTP PPTP VPN Menu Descriptio
131. used for packet encryption by the repeated phase two IKE negotiation Advance PFS Used to select the session key transfer security Re Key Used to set whether to add a new key whether to add a new key and negotiate again in the phase 1 2 IKE Negotiation Reattempt count of key exchange when key count exchange is failed on the phase 1 IKE Connection IPSec Connection Attempt initiator Attempting a connection response Attempt to receive a connection IPSec l2tp Sets when IPSec over I2tpis is used Supports Window XP SP 2 DPD Time out Used to set the effective time when the counter party receives a DPD packet and receive packet Delay Used to set the alive check time of the counter party Action Used to set the action after the Dead Peer Detect hold Waiting for connection clear No more connection The aggressive mode only supports the authentication methods of Pre shared key and Encryption Algorithm 3DES The items use defaults and it is available to modify the value of PFS or Key lifetime for the interaction with other equipments IPSec Tunnel Programming Example In the example listed below the following information is applied to an IPSec Tunnel The Connection ID is set to ToRemotel the WAN Interface being used for the tunnel is 10 0 1 1 the Router IP is the Gateway for 10 0 1 1 is 10 0 1 254 the Local Subnet is 192 168 1 0 and the local subnet 1s 255 255 255 0 The remote end of the tunnel is 10 0 2 1 the local subne
132. utton to save the changes HTB Class Group List PT nome type Parent rio rate call fai 7 Root root 1000 KB s Inner inner Root S00 KB s 800 KB s Default default 200 KB s 200 KB s Voip Leaf leaf Inner 300 KB s 800 KB s VoIP MCP TCP Inner 200 KB s 600 KB s TCP_MCP All TCR Inner 200 KB s 500 KB s All TCP Each class group can either be modified or deleted by clicking the radio button to the left of the class group and then by clicking the Edit or Delete button 96 HTB Class Group List Parameter Description Item Class Type Parent ID Priority Rate Ceil Filter List Scheduling Parameter Description Configuration window depends on the type of the class to be set root Sets the root class inner Sets the class that connects the root with the leaf classes default Sets the default class leaf Sets the leaf class If the target class is a child class of another class set the parent class in the Parent ID item Do not set the Parent ID if the target class is the root class highest level class physically connected to the device or if the default class class including the bandwidth for traffics that do not belong to a filter If several classes compete to occupy leftover bandwidths or if all classes attempt to occupy excess bandwidth set the priority so that the class with the highest priority occupies the bandwidth first This is the basic minimal bandwidth needed for setting cla
Download Pdf Manuals
Related Search