HotBrick VPN 800/8 F User's Manual
Contents
1. New gateway 192 168 0 Installed qaleweys Figure B 3 Gateway Tab Win 95 98 70 Tf Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 On the DNS Configuration tab ensure Enable DNS is selected If the DNS Server Search Order list is empty enter the DNS address provided by your ISP in the fields beside the Add button then click Add TCP IP Proparties Getewey ANS Configuration Bindings Advenced NetBios ONS Configuration C Diebe ONS Enable ONS Host ONS Server Search Order Figure B 4 DNS Tab Win 95 98 Checking TCP IP Settings Windows 2000 6 Select Control Panel Network and Dial up Connection Right click the Local Area Connection icon and select Properties You should see a screen like the following Local Area Connection Properties 71 aeneral Connect using Bid SMC EZ Card 10 100 5 12111 Components checked are used by this connection m Client for Microsoft Networks a File and Printer Sharing for Microsoft Networks Internet Protocol TCP IP Install Uninstall Properties Description Transmission Control Protacol Intermet Protocol The default wide area network protocol that provides communication across diverse interconnected networks Show icon in taskbar when connected OF Cancel Figure 5 Network Configuration Win 2000 Select the TCP IP2. to verify their availability to their communication peers Enable If the check box is checked the System Filter Exception is enabled Interface You can select LAN any WAN port or ALL interfaces through which a packet passes Protocol The packet type that will be processed via the above interface by this device Foreign Port Range Enter the beginning and end of the foreign port range used for the traffic you are configuring If a single port is used instead of a range enter the port number in both fields Device Port Range Enter the beginning and end of the device port range used by the traffic you wish to configure If only a single port 18 used enter the port number in both fields oystem Filter Exception Rules List The list will display the details of all System Filter Exception Rule data that you have setup You can modify it by mouse clicking each row 44 Tf Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 Virtual Private Network VPN uses encryption and authentication to create the connection between two end points computers or networks It allows private data to be sent securely over a public network or Internet without the risk of unauthorized access from outside intruders VPNs establish a private network that can send data securely between two networks We call this creating a tunnel A VPN tunnel connects the two PCs or networks No
3. 2 3 LAN amp DHCP Setup 9 If your LAN already has a DHCP Server and you wish to continue to use it the following configuration is required The DHCP Server function in the VPN800 8 F Firewall must be disabled This setting is on the LAN amp DHCP screen Your DHCP Server must be configured to provide the VPN800 8 F Firewall LAN IP address as the Default Gateway Your DHCP Server must provide correct DNS addresses to the PCs 10 Ensure these settings are suitable for your LAN 11 The default settings are suitable for many situations 12 See the following table for details of each setting 13 TI Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 WAN 1 FLEX 1 FLEX 3 FLEX 5 LAN 1 LAN 3 5 LAN 7 EH ee f HotBrick sab z eum T PACKETS Ye low 10M nct VPN 800 6F 2 4 6 2 A 6 8 2 2 FLEX 4 6 LAN 2 LAN 4 LAN LAN 8 ADSL modem s Figure 2 4 Installation Diagram 13 Ensure the VPN800 8 F Firewall and the DSL Cable modem are powered OFF Leave the modem or modems connected to their data line 14 Connect the Broadband modem or modems to the VPN800 8 F Firewall If using only one 1 Broadband modem connect it to WAN port 1 Use the cable supplied with your DSL Cable modem If no cable was supplied use a standard cable 15 Use standard LAN cables to connect PCs to the LAN ports on the
4. Ethernet Ports and Reset Bottom Ethernet Ports WAN ports 2 up to 8 are available for WAN connections LAN ports 8 up to 14 ports are for LAN device or hub usage Note Use an Ethernet cable to connect to a normal port or another hub Reset Button When pressed and released the VPN800 8 F Firewall will reboot restart within 1 second It will reset to factory default settings after you press and hold the reset button over 3 seconds TI Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 oome Status and Error conditions are indicated by combinations of LED s as shown below LED Action Status System Solid Off amp Packets Solid On SDRAM error Status System Solid Off amp Packets Flash once Timer Interrupt error Status System Solid Off amp Packets Flash twice LAN W AN error TI Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 Rear Panel Figure 1 3 Rear Panel AC 100V 240V Connect to AC100 240V 50 60Hz with AC power cord Default Settings When the VPN800 8 F Firewall has finished booting all configuration settings will initially be set to the factory defaults including IP Address set to its default value of 192 168 1 1 with a Network Mask of 255 255 255 0 E DHCP Server is enabled User Name admin S Password cleared no password TFTP Download This setting should be used only if your VPN800 8 F Firewall interface can t be
5. MAC address also called Physical address or Network Adapter address If so you can enter the MAC address required by your ISP in this field Otherwise this should be left at the default value 19 Tf Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 This screen is only operational if using Internet connections on both WAN ports Jo o iJ8e6l e 8 3w L sla ay x HotBrick VPN 800 8 HotBrick Login Time 11 42 A M Load Balancing Figure 3 2 Load Balance Enable Use this to enable your Load Balance settings Unless this is checked the other settings on this screen have no effect Balance Type Select the desired option Bytes rx tx Traffic is measured by Bytes Packets rx tx Traffic 18 measured by Packets Sessions established Traffic 18 measured by Sessions IP Address Traffic 18 measured by IP Address Loading Share on WAN 1 Enter the percentage 96 of traffic to be sent over WAN 1 If one WAN port connection has greater bandwidth than the other the one with the greater bandwidth should be given a higher percentage of traffic than the other NAT statistics This section displays the current data about WAN 1 and WAN 2 You can use this information to help you fine tune the settings above Interface statistics This section displays cumulative statistics Use the Restart Counters button to restart these counters when req
6. Management PN Configuration QoS Configuration Management Assistant Device Status Device Information If the Restore Default Value button on this screen 18 clicked All your current settings will be erased The default IP address password and ALL other settings will be restored to the default values The DCHP server function will be enabled These changes mean that your prior configuration 18 invalid and you will have to re connect to the VPN800 8 F Firewall using its default IP address 192 168 1 1 67 TI Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 Model HotBrick VPN 800 8 F Firewall Dimensions 120mm W x 427mm D x 43 4mm H Operating 0 C to 40 C lemperature storage 10 C to 70 C lemperature Network protocol TCP IP Protocol Network Interfaces 16 Ethernet 14 10 100BaseT RJ45 auto Switching Hub ports for LAN devices 2 10 100BaseT RJ45 for WAN LEDs 14 LAN 2 WAN 2 Status Power Power Input 110V 230V 0 5A FCC Statement This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference 2 This device must accept any interference received including interference that may cause improper operation CE Marking Warning This 1s a Class B product In a domestic environment this product may cause radio interference in which case the user may be r
7. PPTP ration Security Management e VPN Configuration QoS Configuration Management Assistant Device Status Device Information Cancel Select WAN port amp Session WAN Port Selected WAN port using the PPPoE connection PPPoE Session Usually the ISP provides multiple floating real IPs for PPPoE Each WAN port can have up to 8 PPPoE sessions with different IP addresses if your WAN port is using a PPPoE connection PPPoE Session MTU The Maximum Transfer Unit for PPPoE packet data Leave it at the default unless the ISP specifies a different PPPoE packet data size The default value of MTU is 1492 bytes WAN IP Account User Name Enter the PPPoE user name assigned by your ISP Password Enter the PPPoE password assigned by your ISP Verify Password Re enter the PPPoE password assigned by your ISP 23 Tf Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 HotBrick HotBrick VPN 800 8 Login Time 11 42 A M va ze ig LA Port Options PPPoE Advanced Quick Installation Load Balancing Advanced WAN Advanced Configuration Security Management PN Configuration QoS Configuration Management Assistant Device Status Device Information Connect Advanced WAN WAN Port Select the desired WAN port click desired WAN on Connection Status The data of the selected port will then be displayed in the WAN IP Account section PPTP
8. Time 11 42 Configuration Tunnel to HotBrick unit Advanced settings Mesh Group VPN Los Load Balancing Advanced WAN Advanced Configuration Security Management PN Configuration QoS Configuration Management Assistant Device Status Device Information submit ISAkmp Port Internet Security Association and Key Protocol Management ISAkmp is designed to negotiate establish modify and delete security associations and their attributes In particular it was assigned UDP port 500 by the IANA WAN Port Choose the WAN port that you want these settings to be applied to Retry Counter It indicates how many times the process of Phase 1 will be restarted if it s unsuccessful There is an error message in VPN log once it is expired Retry Interval It is the time period between two consecutive retries Maxtime to complete Phase 1 It indicates the maximum time allowed to be negotiated in Phase 1 If it expires often it s recommended to increase the Maxtime period or reduce DH group level Default value is 30 sec Maxtime to complete Phase 2 It indicates the maximum time allowed to be negotiated in Phase 2 If it expires often it s recommended to increase the Maxtime period or reduce DH group level Default value is 30 sec Count Per Send It indicates the maximum amount of duplicate packets to be res
9. Time 11 42 A M Quick Installation Load Balancing Advanced WAN Security Management PN Configuration QoS Configuration Management Assistant Device Status Device Information Advanced Configuration gt a a Advanced Configuration HestiP Routing Dynamicons muti owz warsettins virtual Server UPnP Special Application 1 s PDN Update Cancel 0 0 0 0 Virtual Server Configuration Buttons Enable The enable checkbox enables or disables each Virtual server as required Server Name Enter a name for this server By default there are 12 well known virtual servers on the Custom Virtual Server List that you may use Protocol Select the network protocol TCP UDP used by this sever IP Address LAN Enter the IP address of the server on your LAN which is running the required Server software Each Host server should have a fixed IP address or a reserved IP address See the Host IP section earlier in this Chapter for details on reserving an IP address Each Host server must be running the appropriate Server software WAN This selection allows this server to bind to any selected WAN port or to bind all WAN ports together LAN Port Range Enter the range of port numbers used for outgoing traffic from this Server If only a single
10. a screen like the example below HotBrick HotBrick VPN 800 8 Login Time 11 42 Quick Installation Quick Installation Load Balancing Advanced WAN Advanced Configuration lt Security Management PN Configuration 192 168 1 2 192 168 1 100 192 168 1 1 192 168 1 1 QoS Configuration Management Assistant Submit Cancel DHCP List Device Status Device Information Figure 3 1 LAN amp DHCP Ensure these settings are suitable for your LAN The default settings are suitable for most networks See the following table for setting details 16 TI Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 LAN IP Configuration IP address for the VPN800 8 F Firewall as seen from the local LAN Use the default value unless the address 1s already In use or your LAN 18 using a different IP address range In the latter case enter an unused IP Address from within the range used by your LAN Subnet Mask The default value 255 255 255 0 is standard for small class C networks For other networks use the Subnet Mask for the LAN segment to which the VPN800 8 F Firewall is attached the same value as the PCs on that LAN DHCP server configuration DHCP Server Setup If enabled the VPN800 8 F Firewall will allocate IP Addresses to PCs DHCP clients on your LAN when they start up The default and recom
11. accessed and you wish to restore it by uploading new firmware In that case use the following procedure 1 Power on the 800 8 F Firewall 2 Use the supplied Windows utility or a TFTP client program to apply the new firmware If you are using the supplied Windows TFTP program the screen will look like the following example TFTP 1 01 Local File Eos server IP Upgrade Firmwares save Configuration oet to Default Help Status Figure 1 4 Windows TFTP utility Enter the name of the firmware upgrade file on your PC or click the Browse button to locate the file Enter the LAN IP address of the VPN800 8 F Firewall in the Server IP field Click Upgrade Firmware to send the file to the Multi WAN VPN Link Balancer 3 When uploading 18 finished the unit should function normally using the default settings TI Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 Note The supplied Windows TFTP utility also allows you to perform three 3 additional operations Save the current configuration settings to your PC use the Save Configuration button Restore a previously saved configuration file to the VPN800 8 F Firewall use the Upgrade Firmware button Set the VPN800 8 F Firewall to its default values use the Set to Default button 10 TI Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 Overview Initial Basi
12. available MD5 and SHA1 Secure Hash Algorithm Phase 1 SA Life Time By default the Security Association lifetime is 3600 Sec Force Deletion after Expiring Once SA expires tunnel will be removed and related resources will be released to the system Encryption Method specifies the encryption mechanism to use Data encryption makes the data unreadable if intercepted There are three encryption method available DES 3DES and AES The default 1s null Authentication specifies the packet authentication mechanism to use Packets authentication proves the data comes from the source you think it comes from There are three authentications available MDS SHA1 and SHA2 48 TR Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 Key Key Type there are two key types manual key and auto key available for key exchange management Manual Key If manual key is selected no key negotiation 1s needed AutoKey IKE There are two types of operation modes that can be used Main mode accomplishes a phase one IKE exchange by establishing a secure channel Aggressive Mode is another way of accomplishing a phase one exchange It is faster and simpler than main mode but does not provide identity protection for the negotiating nodes Perfect Forward Secrecy PFS If PFS is enabled IKE phase 2 negotiat
13. do not have to use the Host IP feature to apply the same settings to all PCs You wish to reserve a particular LAN IP address for a particular PC on your LAN This allows the PC to use DHCP Windows calls this Obtain an IP address automatically while gaining the benefits of a fixed IP address The PC s IP address will never change so it can be accessed by other people and applications Host IP Host Network Identity Host network identity This section identifies each Host PC Host name Enter a suitable name Generally you should use the Hostname computer name defined on the Host itself MAC Address Also called Physical Address or Network Adapter Address Enter the MAC address of this host Select Group Select the group you want this host to Join 25 TI Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 Reserve in DHCP Select Enable to reserve a particular LAN IP address for a particular PC on your LAN This allows the PC to use DHCP Windows calls this obtain an IP address automatically while having an IP address that never changes Reserved IP Address Enter the IP address you wish to reserve if the setting above is Enable Otherwise ignore this field Host Network Binding Binding WAN Port Session Select Enable if you wish to associate this PC with a particular PPPoE session All traffic for that PC will th
14. is always admin You can and should set a password using the following Admin Password screen 11 Tf Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 7 After the login you will see the Admin Password screen as shown below Assign a password by entering it in the Password and Verify Password Fields HotbBrick HotBrick VPN 800 8 Login Time 11 42 A M Management Assistant der REC C PIE Y ET E EIDEM Admin Setup Email Alert SNMP e 8 5 B 2 Quick Installation Load Balancing 0 0 0 0 0 0 0 0 Advanced WAN Advanced Configuration Submit Cancel Security Management VPN Configuration QoS Configuration IMETIETTAMISISAssistant Device Status Device Information Figure 2 2 Home Screen Admin Setup 12 Tf Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 8 Select LAN amp DHCP from the menu You will see a screen like the example below Hote rick HotBrick VPN 800 8 Login Time 11 42 A M Quick Installation M Primary 5 up MEE SE alates emas Quick Installation Load Balancing Advanced WAN Advanced Configuration Security Management VPN Configuration 192 168 1 1 192 168 1 1 192 168 1 2 192 168 1 100 QoS Configuration Management Assistant Submit Cancel DHCP List Device Status Device Information a Figure
15. new Sessions for Host The maximum number of new sessions from the host that is acceptable in the sampling time Any new incoming sessions will be dropped from this host after the number of new sessions exceeds it Default 100 session sec Maximum dropped sessions for host If the number of dropped new sessions from the host exceeds the Maximum in the sampling time any new session from the host will be dropped in the pause time period Default 25 session sec Pause time for host while exceeding limit on dropped new sessions Within the pause time period no new session from the suspended host can be served by the system when the number of dropped new sessions exceeds the defined Maximum Default is 5 minutes 43 TP Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 Hote rick HotBrick VPN 800 8 Login Time 11 42 A M Security Management Seep URL Filter Access Filter Session Limit SysFilter Exception Quick Installation dokn he Advanced WAN Delete Update Cancel Advanced Configuration Security Management PN Configuration QoS Configuration Management Assistant Device Status Device Information Sysfilter exception System Filter Exception will reject every packet with unrecognized port to avoid port scan programs run by hackers but this also incurs problems when servers e g SMTP server port 113 or clients from the WAN need to respond to packets
16. of service field Overwrite policy priority Choose yes to set the priority ofthe TOS field inthelP packet to overwrite thepriority defined in the policy configuration 55 TIT Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 Hote rick HotBrick VPN 800 8 Login Time 11 42 A M QoS Configuration QoS Setup Policy Configuration Quick Installation Priority Queuing Load Balancing Advanced WAN Advanced Configuration Security Management PN Configuration Submit Cancel T Configuration Management Assistant Device Status Device Information QoS Feature Enable QoS This will allow users to enable the QoS function Queuing Method The method used to manage your queue Priority queuing 1s one of the first queuing solutions to be widely implemented IP TOS Process TOS Field An 8 bits field in the IP packet header designed to contain values indicating how each packet should be processed in the network Enable this function to process the IP Type of Service field Overwrite policy priority Choose yes to set the priority of the TOS field in IP the packet to overwrite the priority defined in the policy configuration Hote rick HotBrick VPN 800 8 Login Time 11 42 Qos Configuration Qos Setup Quick Installation Load Balancing IP Address ka Address bul Advanced War Adv
17. properly installed LAN conrectionsare OK andit is powered ON Ensure that your PC and the V PN800 8 F Firewall are on the same network segment If you dont have a router this must bethe case If your PC is set to Obtain an IP Address automatically DHCP client restart it If your PC uses a Fixed Static IP address ensure tha it is using an IP Address within the range 192 168 12 to 192 1681 254 and thuscompaible with the VPN800 8 F Firewall default IP Address of 192 1681 1 Also the Network Mask shoud beset to 255 255255 0to match the V PN 800 8 F Mask Internet Access Solution A nunbe of things could becausng this Try the following troubleshooting steps Check if other PCs work If they do ensure that your PCs Iffisgs are correct If using a Fixed Static IP Address check the Network Mask Default gateway and DNS as well as the IP Address If the PCs are configured correctly but still not working check the VPN 8 0Firewall Router Ensure that it is camected and ON Connect to it and check its settings If you can t connect to it check the LAN power connections If the VPN800 8 F Firewall is configured correctly check your Intern amp connection DSL Cable modem etc to see that it is wor amp ginorrectly Solution TheV PN800 8 Firewall processes the daa passing through it so it is not transparent Use theSpecial Applications feature to albw t
18. protocol for your network card Click on the Properties button You should then see a screen like the following 71 TI Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 Internet Protocol TCP IP Properties General You can get IP settings assigned automatically if your network supports this capability Otherwise you need to ask your network administrator for the appropriate IP settings Obtain an IP address automatically Use the following address IP address Subnet mask Default gateway Obtain DNS server address automatically Use the following DNS server addresses Preferred DNS server Alternate DNS server f Figure B 6 TCP IP Properties Win 2000 Ensure your TCP IP settings are correct Using DHCP To use DHCP select the radio button Obtain an IP Address automatically This is the default Windows setting Restart your PC to ensure it obtains an IP Address from the 900 8 F Firewall Using a fixed IP Address Use the following IP Address If your PC is already configured check with your network administrator before making the following changes Enter VPN800 8 F Firewall IP address in the Default gateway field and click OK Your LAN administrator can advise you of the IP Address they assigned to the Multi WAN VPN Link Balancer If the DNS Server fields are empty select Use the follo
19. real IP addresses on the same network segment NetBIOS Broadcast This function allows you to access files through Microsoft Network Neighborhood if it 1s enabled Traffic Management Strict Binding traffic from bridged hosts eg transparent to WAN 1 can only go through that specified WAN eg WAN 1 interface Loose Binding Traffic from bridge hosts eg transparent to WAN 1 can go thru the alternative WAN eg WAN 2 interface when bind interface eg WAN 1 15 down it acts like a fail over mechanism for transparent bridge mode Load Balancing Traffic from bridge hosts eg transparent to WAN 1 can go thru either WAN eg WAN 1 or WAN 2 interface based on loading mechanism specified in the load balance section it s acting like as a load balancing mechanism for transparent bridge mode ARP Table the ARP table is used by the device to determine the bridge hosts location eg inside outside WAN and which WAN Its size can be adjusted if needed View ARP Tables displays ON OFF for bridge mode on each WAN port Clear ARP Tables disables bridge mode on all WAN ports 22 Tf Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 The screen is required in order to use multiple PPPoE sessions on the same WAN port It can also be used to manually connect or disconnect a PPPoE session HotBrick HotBrick VPN 800 8 Login Time 11 42 A M Advanced WAN Port Options
20. specific allowed site while all other sites are blocked 4 Tf Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 O O 3 2 E gt HotBrick HotBrick VPN 800 8 Login Time 11 42 Security Management URL Filter Session Quick Installation Load Balancing Advanced WAN Advanced Configuration Security Management PN Configuration QoS Configuration Submit Cancel Management Assistant Device Status Device Information Archie 0000 gt 1525 Delete Update m The network administrator can use the Access Filter to control the Internet access and applications available to LAN users Five 5 user groups are available and each group can have different access rights All PCs users are in the Default group unless assigned to another group on the Host IP screen Access Group This allows you to create different access rights for different Groups of PCs If you want the same restrictions to apply to everyone select Default for the Group In this case there is no need to enter any Hosts on the Host IP screen If you wish to apply different restrictions to different Groups select the desired Group The update will apply to the selected Group only ICMP Filters If you enable ICMP Filter the ICMP request packet types specified will be blocked from the local host to
21. 0 0 0 0 g Device Status Delete Device Information Managemen t Assistant This section is only relevant if your LAN has other Routers or Gateways If you don t have other Routers or Gateways on your LAN you can ignore the Static Routing page completely If your LAN has other Gateways and Routers you must configure the Static Routing screen as described below You also need to configure the other Routers Note If there 1s an entry or entries in the Routing table with an Index of zero 0 these are System entries You cannot modify or delete these entries Dynamic routing RIP v2 This acts as a master switch If enabled the selected WAN or LAN will run RIPv1 v2 Otherwise theRIP function is not available Interface LAN WANI n is enabled WAN or LAN can execute the RIP function Static routing Network Address The network address of the remote LAN segment For standard class C LANs the network address is the first 3 fields of the Destination IP Address The 4th last field can be left at 0 Netmask The Network Mask for the remote LAN segment For class C networks the default mask 1s 255 255 255 0 27 TI Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 Gateway The IP Address of the Gateway or Router that the VPN800 8 F Firewall must use to communicate with the destination above NOT the ro
22. 8 Fax 305 398 5966 I CPNP Properties Bindings Advenced DNS Cor qgurenon Geeway WINS Contquration IP Address An IP amp idress canbe sutomaticelly assigned ta this computer wour network does not automatica assign addresses ek your network amp mdrinistreipr an address and than type t in the spaca below Spec en IP address Ensure your TCP IP settings are correct as follows Using DHCP To use DHCP select the radio button Obtain an IP Address automatically This 1s the default Windows settings Restart your PC to ensure it obtains an IP Address from the VPN 800 8 F Firewall Router Using Specify an IP Address If your PC is already configured check with your network administrator before making the following changes If the DNS Server fields are empty select Use the following DNS server addresses and enter the DNS address or addresses provided by your ISP then click OK On the Gateway tab enter VPN800 8 F Firewall IP address in the New Gateway field and click Add as shown below Your LAN administrator can advise you of the IP Address they assigned to the VPN800 8 F Firewall Statistics Torr Properties Bindings Advanced ONS Coriiguration Geraway WINS Contgursion IPAddress The rst gaitaa in fre Installed bet wall be the delault The address order in the bsiwall be the order m which these machines are used
23. 800 8 F Firewall 63 Tf Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 DHCP Server The status of the DHCP Server function either Enabled or Disabled Hote rick HotBrick VPN 800 8 Login Time 11 42 A M Management Assistant B Email Alert sysiog upgrade Firmware Quick Installation Load Balancing NAT Status NAT Statistics This section displays data for each WAN port Connection status This will display either Connected or Not Connected Default Loading Share The default traffic loading between the WAN ports Current Loading Share The current traffic loading between the WAN ports Current Loading The number of sessions Bytes and Packets currently being processed on each port Current Bandwidth The current Download and Upload speeds on each WAN port Check NAT Detail will display the NAT Status screen described below 3E en e Fi O LES ri bel HotBrick VPN 800 8 Login Time 9 51 A M NAT Status Quick Installation Load Balancing f View f Delete 0 0 0 0 m 64 TI Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 Data NAT Status LAN IP info IP Address The LAN IP Address of the VPN800 8 F Firewall Mask Address The Network Mask Subnet Mask fo
24. Firmware Quick Installation Cancel Enter the desired password re enter it in the Verify Password field then save it When you connect to the Load Balancer with your Browser you will be prompted for the password as shown below i EMI sena u Galen me d er Som 182 3 TE Pippo ees oam ai 19 Mare R FU Sere Mew pore wi your pap In roe Onroad Figure 8 5 Password Dialog Enter Admin for the User Name Enter the password for the VPN800 8 F Firewall as set on the Admin Password screen above The default is blanks 58 Tf Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 Hote rick HotBrick VPN 800 8 Login Time 11 42 4 M Management Assistant Admin setup sss sysiog upgrade Firmware Quick Installation validate Settings Send Test E mail Submit Cancel El This feature will send a warning Email to inform the system administrator that one of the WAN ports is disconnected Enable Disable Email Alert Enable This enables Email Alert to send a warning email when a WAN port disconnects Disable This disables Email Alert so no warning email is sent when a WAN port disconnects Email Alert Configuration Email Sender Address This is the email address that sends a warning email to a recipient The email informs the recipient to check if
25. LB 2 VPN LB 2 1400 2 800 8 F 800 2 G and HSS 6000 Hote rick HotBrick VPN 800 8 Login Time 11 42 VPN Configuration Tunnel to HotBrick client Tunnel to 3rd Party VPN preset SA list Tunnel to HotBrick unit Advanced settings Mesh Group PN Log Quick Installation z Add New Policy v Load Balancin g f Submit Reset Tf Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 VPN Tunnel List here you can add a new tunnel or change an existing one from the list The router allows a maximum of 50 tunnels Tunnel Name In order to distinguish the tunnels you have to give the Tunnel a unique name Tunnel The tunnel can be connected only after the tunnel check box is enabled WAN port You can choose WAN2 or Any to make the VPN connection Local Security Network These entries identify the private network on this VPN router The Network hosts can use the LAN to LAN connection You can choose a single IP address the subnet or a selected IP range to make a VPN LAN to LAN connection Remote Security Network These entries identify the private network on the remote peer VPN router whose hosts can use the LAN to LAN connection You can choose a single IP address the subnet or a selected IP range to make a VPN connection Remote Security Gateway You can select the remote side IP address WAN IP add
26. MTU Maximum transfer unit for PPTP The default value is 1460 WAN IP Account User Name The PPTP user name login name assigned by your ISP Password The PPTP password associated with the User Name above This is assigned by your ISP and used to login to the PPTP Server Verify Password Re enter the PPTP password assigned by your ISP Server IP Address Enter the IP address of the PPTP Server as provided by your ISP Static IP Adress If you have a fixed IP address enter it here Otherwise this field should be left at 0 0 0 0 Connection Status This displays the current PPTP connection status Tf Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 Hote rick HotBrick VPN 800 8 Login Time 11 42 4 M Advanced Configuration virtual Server special Application Advanced Feature ARS Routing DynamicDNs MultiDMZ NAT Setting 00 00 00 00 00 00 EIE Default gt 0 0 0 0 f DHCP List f Cancel This feature 18 used in the following situations You have Multi Session PPPoE and wish to bind each session to a particular PC on your LAN You wish to use the Access Filter feature This requires that each PC is identified by using the Host IP screen You wish to have different settings for different PCs This requires that each PC is identified by using the Host IP screen You
27. Setup Email Alert SNMP Syslog Upgrade Firmware Quick Installation Supervisor Load Balancing HotBrick VPN 4000 Read Write Read Only PN Configuration QoS Configuration Management Assistant Device Status Device Information f Submit System Information Contact Person The contact information for the person responsble for this device Device name The name of the VPN800 8 F Firewall Physical Location The location of the VPN800 8 F Firewall Community relationshp beween an SNMP agent and a set of SNMP managers tha defines authentication accesscontrol and proxy characteristics Trap Targets Enter the IP addressof any targes PCs running SNMP software tha you want to receive traps All trapsarelevel 1 60 Tf Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 HotBrick HotBrick VPN 800 8 Login Time 11 42 A M Management Assistant 0 Admin Setup Email Alert f SNMP Syslog j Upgrade Firmware Quick Installation Load Balancing Advanced WAN gt Advanced Configuration Emerg Security Management PN Configuration QoS Configuration GMT 01 00 France Germany Italy Management Assistant Device Status Device Information Submit View Syslog This feature can send real time system Information on the web page or to the specified PC Syslog Del
28. Special Application on your PC When the Special Applications screen 1s configured correctly you can use the application on your PC normally Remember that only one 1 PC can use each Special application at any time Also when 1 PC is finished using a particular Special Application a Time period may be required before another PC can use the same Special Application If an application still cannot function correctly try using the DMZ feature instead Dynamic DNS is very useful when combined with the Virtual Server feature It allows Internet users to connect to your Virtual Servers using a URL rather than an IP Address This also solves the problem of having a dynamic IP address on your WAN port With a dynamic IP your IP address may change whenever you connect to your ISP which makes it difficult for visitors to connect to your web site You must register for the Dynamic DNS service The VPN800 8 F Firewall supports 3 types of service providers Standard client available at http www dyndns org Other sites may offer the same service but can not be guaranteed to work TZO at http www tzo com 3322 1s available In China at http www 3322 org To use the Dynamic DNS feature Register for the service from your preferred service provider Follow the service provider s procedure to have a Domain Name Host name allocate
29. T alias list NAT Alias List shows the list of all currently defined NAT alias configuration data You can modify its configuration data by mouse clicking the list of rows Check NAT detail This displays all detailed information on NAT configuration data NAT Connection List This displays the current details of all NAT entries including interface protocol state destination IP WAN IP local IP idle time and in out packets 38 TI Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 BG Haan ele LJA sia Hote rick HotBrick VPN 800 8 Login Time 11 42 A M Advanced Feature Quick Installation Load Balancing Adwanced War Adwanced Configuration Security Management Pr Configuration QoS Configuration 0 0 0 0 0 0 0 0 Management Assistant Device Status Device Information Submit Cancel External Filters Configuration IDENT Port Port 113 is associated with the Internet s Identification Authentication service When a client program in your computer contacts a remote server for services such as POP IMAP SMTP that remote server sends back a query to the Ident server running in many systems listening for these queries on port 113 This means that hackers can probe port 113 as a rich source of your personal information The default value of this check box 1s Disable Block Selected ICMP Types These settings determine whether or not thi
30. Tf Brick FLEX 1 FLEX 3 FLEX 5 LAN1 LAN 3 LAN 5 LAN 7 FLEX STATUS T POWER PACKETS VPN 800 8F LAN 6 LAN 8 p Brick SYSTEM Green 100M Link Act 1 Yellow 10M Link Act Reset 4 WAN 2 FLEX 2 FLEX 4 FLEX 6 LAN 2 LAN 4 TI Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 T Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 TI Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 Congratulations on the purchase of your new VPN 800 8 F Firewall The VPN 800 8 F Firewall provides 2 up to 8 WAN ports selections it also provides Shared Broadband Internet Access for all LAN users ADSL CABLE modems INTERNET 1 3 FLEX 5 LAN 1 LAN 3 LAN 5 LAN 7 HotBrick x M POWER PACKETS Yellow 10M Link Act Reset VPN 800 8F WAN2 FLEX2 FLEXA FLEX6 LAN2 LANA LANG LANS Internet Features WAN ports There are 2 up to 8 WAN ports available for use on the VPN800 8 F Firewall They can function for load balancing and failover Shared Broadband Internet Access All LAN users can access the Internet through the VPN800 8 F Firewall by sharing two up to eight Broadband connections High Performance multi ADSL Modem Support The VPN800 8 F Firewall has two up to eight WAN ports this can provide a greater increase in bandwidth than is allowed by a single connection by making use of the additional 6 fl
31. VPN800 8 F Firewall Both 10BaseT and 100BaseT connections can be used simultaneously If you need to connect the VPN800 8 F Firewall to another Hub use a standard LAN cable to connect any LAN port on the VPN800 8 F Firewall to a standard port on another hub Any LAN port on the VPN800 8 F Firewall will automatically act as an Uplink port when required If a device is set to 2 WAN ports from port 1 to 2 the others are LAN ports from port 3 to 16 16 Power Up Power on the Cable or DSL modem or modems Connect the supplied power cord to the VPN800 8 F Firewall and power up 17 Check the LEDs The Power LED should be ON The Link ACT LED should be ON if the corresponding WAN port is connected to a broadband modem For each PC connected to the LAN ports the corresponding LAN LED either 10 Yellow or 100 Green should be ON 14 Tf Brick HotBrick Tel 305 398 0888 Fax 305 398 HotBrick HotBrick VPN 800 8 Login Time 11 42 A M Quick Installation Quick Installation Port 1 Port 3 Load Balancing advanced WAN Submit Cancel Advanced Configuration Security Management VPN Configuration QoS Configuration Management Assistant Device Status Device Information Tf Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 Select LAN amp DHCP from the menu You will see
32. ails of all Custom Virtual Server configuration data 37 TR Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 J 5 O 8 m s J Hote rick HotBrick VPN 8007 8 Quick Installation Submit Cancel MAT Status Yiet Connections NAT Configuration NAT Routing You can enable or disable NAT by using the checkbox If you disable the NAT checkbox it will act as a bridge or Static Router Most features will be unavailable TCP Timeout Enter the desired value to use for the WAN port The default is 300 UDP Timeout Enter the desired value to use for the WAN port The default is 120 TCP Window Limit Enter the desired value to use for each WAN port The default is 0 no limit TCP MSS Limit Enter the required MSS Maximum Segment Size to use for each WAN port The default is 0 no limit Non Translation Port Range If some packets have port numbers that cannot be translated for special applications you must set the status to Enable and input the value in port range Otherwise its port cannot be translated in the specified time period so you must set Enable and specify seconds in Timeout NAT alias For each alias entry the WAN IP acts as an alias IP for the host with the Local LAN IP for the Internet via the specified WAN port for the specified protocol packets 1 6 1 1 NAT NA
33. anced Configuration Security Management YPN Configuration QoS Configuration Management Assistant Device Status Cancel Device Information 56 TI Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 Policy NameList When adding a new Policy ignorethis list To edit an existing entry select it from thelist and then click the Select button Thedatafieldswill beupdated with data for the selected entry Policy Name Enter a suitable name Generally you should use the Policy Name for the network traffictypefor ease of identification Source Address Definethe source address of packets here It has two types IP address or MAC address If you select IP address you can definethelP address range otherwise you can define uptofourMAC addresses Destinaion Address Definethe destindion address of packets here The explanation is as the same as above Protocol Type Thefield defines traffic packet type i e IP and UDP Source Port Define the source port of the packets here Destination Port Define thedestindion port of the packets here Priority Queue Determines if a packet meets all condtions defined above andwill serviced with a defined priority level 57 TIT Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 Hotes rick HotBrick VPN 800 8 Login Time 11 42 A M Management Assistant Admin Setup Email Alert Upgrade
34. ble Syslog Real time system information can be generated on the web page or a particular machine This is very useful when monitoring the device 71 QoS Configuration This function gives specified packets a higher priority for pass through This is especially useful if you have real time applications like Internet phone video conference etc UPnP If UPnP Universal Plug amp Play is set to Enable the VPN800 8 Firewall becomes one of the network devices This is useful for discovering and controlling network devices such as the Internet gateway TI Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 Package Contents The following items should be included The VPN800 8 F Firewall Unit Power Cord Quick Installation Guide CD ROM containing the on line manual Note If any of the above items are damaged or missing please contact your dealer immediately Physical Details Front Panel WANT 2 11171 LAN LANG LAN5 LAN7 HotBrick HU pur VPN 000 ff Yellow 10M Link Act Reset WAN2 FLEX2 LEXA LAN2 LANG LANG Figure 1 2 Front Panel Operation of the Front Panel LED s is as follows ON OFF Error Status System Blinking Normal Operation Packets Blinking Packets Active Green ON 100M Linked Yellow ON 10M Linked Blinking Data Transmit Receive OFF Not Linked
35. c Setup of your VPN800 8 F Firewall involves the following steps 1 Attach a PC to the VPN800 8 F Firewall in port 3 14 and configure your LAN 2 Install your VPN 800 8 F Firewall in your LAN and connect the Broadband Modem or Modems Configure your VPN800 8 F Firewall for Internet Access 4 Configure PCs on your LAN to use the Drewall Requirements 1 or up to 8 WAN connections each with an active Internet Access account with an ISP Network cables Use standard 10 100BaseT network UTP cables with RJ45 connectors TCP IP network protocol must be installed on all PCs Procedure l Useastandard LAN cable to connect your PC to any LAN port Default LAN ports 3 14 on the VPN800 8 F Firewall Default 2 WAN ports from port 1 2 2 Connect the power cord into a power outlet on the rear panel of VPN800 8 F Firewall 3 Start your PC If your PC 18 already running restart it It will then obtain an IP address from the 800 8 F Firewall 4 Start your WEB browser 5 Inthe Address or Location box enter HTTP 192 168 1 1 6 You will be prompted for the User Name and password as shown below Enter Network Password 2 x qo Please type your user name and password Site 192 158 1 1 Realm NeedPassword UserName admin Password Save this password in your password list Cewe Figure 2 1 Password Dialog Enter admin for the User Name and leave the Password blank The User Name
36. d to you Configure the Dynamic DNS screen as described below The VPN800 8 F Firewall will then automatically update your IP Address recorded by the Dynamic DNS service provider From the Internet users will now be able to connect to your Virtual Servers or DMZ PC using your Domain name 34 Tf Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 Hote rick HotBrick VPN 800 8 Login Time 11 42 A M Advanced Configuration Virtual Server UPnP l Special Application Advanced Feature Host IP Routing Dynamic DNS Multi DMZ NAT Setting Dynamic DNS Service This pull down menu can Enable Disable the Dynamic DNS feature and select the required service provider Disable Dynamic DNS is not used TZO Select this to use the TZO service www tzo com You must configure the TZO section of this screen DynDNS Select this to use the standard service from www dyndns org or another provider You must configure the Standard Client section of this screen 3322 in China This service is available in China It is similar to DynDNS User Defined DDNS Server This is the user defined DDNS server If the DDNS is not TZO dyndns org and 3322 Additional settings These options are available if using the standard client Enable Wildcard If selected traffic sent to sub domains of your Domain name will als
37. e Version Version of the Firmware currently installed NAT Status of the NAT feature either Enable or Disable Load Balance Status of the Load Balance feature either Enable or Disable Virtual Server Status of the Virtual Server feature either Enable or Disable Special Applications Status of the Special Applications feature either Enable or Disable DMZ Status of the DMZ feature either Enable or Disable Block URL Status of the Block URL feature either Enable or Disable Hardware ID The manufacturer s ID for this specific device Device Statistics System UpTime The time since the system of a device was last initialized CPU Usage The current CPU usage percentage Memory Usage The current usage percentage of Memory Heap amp Queue Buttons Refresh Update the data on screen Restart Restart reboot the VPN800 8 F Firewall Restore Factory Defaults This will delete all existing settings and restore the factory default settings See below for details 66 Tf Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 O HAD AK e a LJ amp ge HotBrick HotBrick VPN 800 8 Login Time 10 07 A M Quick Installation Load Balancing Restore Advanced WAN Advanced Configuration Security
38. en use the selected PPPoE port and session Binding Method Suppose your PC is bound to WANI port now you are selecting Strict Binding If WANI port is disconnected your packets cannot go out through the other WAN port if it 1s still alive If you select Loose Binding then when the WANI port is disconnected your packets will automatically go to the other WAN port if it is active select WAN Port Select PPPoE session If the setting above is Enable select the desired Port and Session Otherwise ignore these settings Note Multiple PPPoE sessions are defined on the Advanced PPPoE screen Buttons Add Use this to add a new entry to the database using the data shown on screen Delete Click this to delete the selected entry Update Use this to update the selected entry after making the desired changes Reset Reset changes you have made since loading the data from the Multi W AN VPN Load Balancer Host amp Group list This table shows the current binding 26 Tf Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 Hote rick HotBrick VPN 800 8 Login Time 11 42 Advanced Configuration Virtual Server UPnP Special Application Advanced Feature Host Routing Dynamic DNS Multi DMZ NAT Setting Quick Installation Load Balancing Submit PN Configuration QoS Configuration
39. ent if the remote side does not respond to the first packet Logging Level This function allows you to select which information you want to see on the VPN log It has six different levels of messages None Critical Error Warning Information Debug 52 Tf Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 Hote rick HotBrick VPN S00 8 Login Time 11 42 A M VPN Configuration Tunnel to HotBrick unit Advanced settings Mesh Group PN Log Tunnel to HotBrick client Tunnel to 3rd Party VPN preset SA list Quick Installation Load Balancing Advanced wAN Prev Page f Next Page Refresh Advanced Configuration Security Management PN Configuration QoS Configuration Management Assistant Device Status Device Information VPN configuration SA The list will display the details of all Policy Setup configuration data that you have setup You can modify it by mouse clicking each row 53 Tf Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 Hote rick HotBrick VPN 8007 8 Login Time 11 42 4 M YPN Configuration Tunnel to HotBrick client Tunnel to 3rd Party YPN preset SA list Tunnel to HotBrick unit Advanced settings Mesh Group Quick Installation Prey Page ext Page Clear All PN Configuration i QoS Configuration agement Assistan ic Device Status Device Information You can monitor the VPN status through the VPN lo
40. equired to take adequate measures 68 T Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 Overview TCP IP Settings If using the default Load Balancer settings and the default Windows 95 98 ME 2000 settings no changes need to be made By default the VPN800 8 F Firewall will act as a DHCP Server automatically providing a suitable IP Address and related information to each PC when the PC boots For all non Server versions of Windows the default TCP IP setting 18 to act as a DHCP client If you wish to check your TCP IP settings the procedure 1s described in the following sections If your LAN has a Router the LAN Administrator must re configure the Router itself Checking TCP IP Settings Windows 9x ME 1 Select Control Panel Network You should see screen like the following Canfiguratibn Ider ficetion amp ccess Control Tha tollowing network components are installed 4 Menmnell PCIFast Ethamet Adapter 4 gt Die Lip Adepte d 111 gt Di amp e LipAdsoter 82 VPN Sugar E PAP gt Adenter TCP IP gt Dial Up Adenter 2 VPM Support File and pointer shenng far Neh mene Networks k Add Fie cre Properbes Figure B 1 Network Configuration 2 Select the TCP IP protocol for your network card 3 Click on the Properties button You should then see a screen like the following 69 Tf Brick HotBrick Tel 305 398 088
41. ex ports that can either become LAN or WAN ports Additionally you can determine how the Internet traffic is shared between 2 and up to 8 connections using several different load balacing methods TI Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 There are many load balancing methods like Outbound load balance by least load byte packet session IP Auto learning Priority Round robin Weight Round Robin and Auto Backup Connection These methods allow administrators to manage the LAN or WAN to maximize bandwidth usage There are also smart health check methods to protect against connection failure by using failover PPPoE Session Management Multiple PPPoE sessions are supported and you can choose to sessions to individual PCs if desired Multiple IP Address Support If your ISP allocates you multiple public IP addresses you can map them to internal PCs if desired Special Application This feature allows you to use some non standard applications where the port number used to reply is not the same port number used by the sender Virtual Server This feature allows Internet users to access your internal Internet servers on your LAN For standard servers such as Web FTP or E Mail servers only the IP address of the server PC is required You can also define you own Server types if needed Multiple DMZ A DMZ PC will receive incoming c
42. g web page The log level priority can be chosen from VPN IKE Global Setting web page Message Status Priority It This indicates the severity level of a message for analysis Time This indicates when this message is created using the system time Undefined messages Module The module that 1s responsible for the message being sent in IPSec architecture Messages The message displays information describing the event that occurred 54 Tf Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 TheVPNS800 8 F Firewall provides QoS which suppots high qudity network service By prioritizing outgoing packets based on user defined policies the Qudity of Service feature result inrealtime annlicationsachievina better response or nerforman HotBrick VPN 800 8 Mocs rick Login Time 11 42 4 M QoS Configuration Sa NBI Policy Configuration Quick Installation Load Balancing QoS Features Enable QoS This enable theQoS function Queuing Method Thesesmethodsdeterminehowto manage your queue Priority Queuing is one of the first queuing variations to be widely implemented IP TOS Type of Service Feature Process TOS Field An 8 bit field in the IP Packet header designed to contain values indicating how each packet should be handled in the network If you chosrsable it will enable this function to process this IP Type
43. h the VPN800 8 F Firewall and the PCs are configured operation 18 automatic However some additional Internet configuration may be required for your specific network Refer to Chapter 6 Advanced Features for further details Hote rick HotBrick VPN 800 8 Login Time 11 42 A M Device Status Sc lp System Status Quick Installation Load Balancing PN Configuration QoS Configuration Connection Status Current status either Connected or Disconnected Connection Type The type of connection used DHCP Fixed IP PPPoE or PPTP Force Renew button Only available when using a dynamic IP address DHCP Clicking this button will perform a DHCP Renew transaction with the ISP s DHCP server This will extend the allocation period for your current WAN IP IP Address The public WAN address of the VPN800 8 F Firewall as seen from the Internet This IP Address is allocated by the ISP Internet Service Provider Subnet Mask The Network Mask Subnet Mask for the above IP Address Gateway The default gateway for this subnet DNS IP Adress The DNS server address is supplied by your ISP if needed MAC address The MAC address of the WAN 1 interface IP Address The LAN IP Address of the VPN 800 8 F Firewall Router Subnet Mask The Network Mask Subnet Mask for the IP Address above MAC Address The MAC physical address of the VPN
44. he use of Internet applications which do not function correctly If this doesnot solve the problem use thia vz function This should work with most applications but It is a security risk since the firewall is disabled for th Z PC Only one 1 PC can use this feature T Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 The HotBrick units in the following example use registered IP addresses You have to replace these addresses with IP addresses that are available to you These settings are only possible if you have a static IP address available on one or both of your WAN ports Th Brick m Firewall VPN 800 8 F address 68 83 213 133 Netmask 255 255 255 240 pr Lan address 10 0 11 Metmask 255 255 2550 INTERNET LB2 VPN address 82 188 118 228 Netmask 255 255 255 0 5 Cn Lan IP address 182 188 1 0 HetMask 255 255 255 0 This example takes a tunnel between a VPN 800 8 F and a LB 2 VPN This example applies to the HotBrick 401 VPN X2 LB 2 VPN and 800 8 F series you can use either unit at both sides You can use the IP addresses from the network diagram above This type of tunnel is named a LAN to LAN IPSec tunnels 76 Tf Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 First we will make settings in the VPN 800 8 F HotBrick HotBrick VPN 800 8 Login Time 11 42 VPN Configuration Tunnel to HotBrick cl
45. hows the IP addresses that have been allocated by the DHCP Server For each allocated address the following information 1s displayed Name The hostname of the PC In some cases this may not be known MAC Address The physical address network adapter address of the PC IP Address The IP address allocated to this PC Type Indicates IP address to be dynamic or static Status If leased the IP address was allocated by this DHCP Server Time Left The time left before the lease expires HotBrick HotBrick VPN 800 8 Login Time 11 42 Load Balancing Il Advanced WAN d b Quick Installation Dynamic IP Advanced Configuration x O YPN Configuration Security Management QoS Configuration Management Assistant Device Status 10000 0 0 0 0 DBG UD63A O0 09 43 00 06 34 Device Information Update Submit and Reboot Cancel 8 T Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 Connection mode Enable Select this if you have connected a broadband modem to this port Disable Select this if there is no broadband modem connected to this port Backup Use this if you have a broadband modem on each port and wish to normally use only one Select Enable for the primary port and Backup for the secondary port The Backup port will only be used if the prima
46. ient Tunnel to Party vpn preset sa tist Tunnel to HotBrick unit 2 setti Mesh Group VPN Log Quick Installation Load Balancing Advanced WAN Advanced Configuration Security Management PN Configuration QoS Configuration Management Assistant J U Device Status Device Information Set Options Submit Reset Next we will make settings for the LB 2 VPN LB 2 VPN Login Time 10 32 A M Basic Configuration IPSec Policy Setup Advanced Port Policy Entry Traffic Binding Local Identity Option ee Interface Type Security Management Seccion FU VPN Configuration IKE Global Setup Traffic Selector IPSec Policy Setup Protocol Type Any VPN Logs ocal Type Address Subnet Mask Port Range CONDE Local Security Network QoS Configuration Remote Type IP Address Subnet Mask Port Range Management Assistant Remote Security 3 Netuork Info Remote Security dentity Type Gateway IP Address W Security Level Encapsulation Format Encryption Method Authentication Method Key Management Note you need different subnets at both ends of the tunnel This is because the IPSec tunnel will connect the two subnets so they need to be different in order to avoid IP address conflicts These are all the settings you need to setup the tunnel You can push the connect buttons at one of the locations this unit will be ini
47. ion will generate new key values for IP traffic encryption amp authentication Preshared Key This field authenticates the remote IKE peer Key Lifetime This is specified the lifetime of the IKE generated Key If the time expires or data is passed over this volume a new key will be renegotiated No limit 0 is the default 49 TR Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 Q O 3 2 O 62 55 44 18 aia HotErick HotBrick VPN 800 8 Login Time 11 42 YPN Configuration Tunnel to 3rd Party Quick Installation Load Balancing Advanced WAN Advanced Configuration Vian Address Security Management TPH Configuration QoS Configuration Management Assistant Device Status Device Information IP Address 0 0 0 0 Main Mode 4 m e Tf Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 HotBrick HotBrick VPN 800 8 Login Time 1 14 P M IPSec Policy options Quick Installation Load Balancing Tunnel Attribute The defined attributes for the tunnel Dead Peer Detection This setting allows you to use a WAN port for backup or for WAN failover in the event of a connection failure Check Method You can choose ICMP Heartbeat or DPD protocol This detects if the remo
48. istrator For the appropriate IP settings O Use the following IP address Obtain DNS server address automatically O Use the following DNS server addresses po Figure B 8 TCP IP Properties Windows XP Ensure your TCP IP settings are correct Using DHCP To use DHCP select the radio button obtain an IP Address automatically This is the default Windows setting Restart your PC to ensure it obtains an IP Address from the Multi WAN VPN Link Balancer Using a fixed IP Address Use the following IP Address If your PC 18 already configured check with your network administrator before making the following changes Enter the VPN800 8 F Firewall IP address in the Default gateway field and click OK Your LAN administrator can advise you of the IP Address they assigned to the VPN800 8 F Firewall If the DNS Server fields are empty select Use the following DNS server addresses and enter the DNS address or addresses provided by your ISP then click OK 74 TI Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 Overview This chapter covers some common problems that may be encountered while usMBINROO S F Firewall and some possible solutionsfor them If you follow the suggested steps and the V PN800 8 Firewall still does not function properly contact your dealer for further advice General Problems Solution Check thefollowing TheLoad Balancer is
49. ivery Sending out Check this if you want to send syslog messages to another machine Keep Sent messages Check this if you want to keep sent messages otherwise the sent message will be deleted Syslog Server IP address Up to 3 syslog servers can be used Enable You can enable or disable each server temporarily Port If your syslog does not use the default port change it here Log Priority for modules The messages are grouped into 8 priority levels from Emergency to Debug The lower the level the fewer messages will be generated Emergency 18 the lowest priority level and Debug 16 the highest Setting the priority to Debug will send all generated messages SNTP Configuration Time Zone You can setup system time using SNTP Simple Network Time Protocol and you can define 3 SNTP servers on the SNTP configuration 61 Tf Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 HotBrick HotBrick VPN 800 8 Login Time 11 42 Management Assistant Admin Setup 1 Email Alert SNMP Syslog Upgrade Firmware Save Factory Settings Quick Installation Load Balancing Advanced WAN Advanced Configuration Security Management PN Configuration QoS Configuration Management Assistant Device Status Device Information 62 TI Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 Once bot
50. k HotBrick Tel 305 398 0888 Fax 305 398 5966 Other Features DHCP Server Support Dynamic Host Configuration Protocol provides dynamic IP addresses to PCs and other devices upon request The VPN800 8 F Firewall can act as a DHCP Server for devices on your local LAN Multi Segment LAN Support LANs containing one or more segments are supported via the Multi WAN VPN Load Balancer s built in static routing table or LAN ANY IP settings Easy Setup Use your favorite WEB browser for configuration Remote Management The VPN800 8 F Firewall be managed from any PC on your LAN If the Internet connection is active the unit can also optionally be configured via the Internet Password protected Configuration Optional password protection is provided to prevent unauthorized users from modifying the configuration data and settings HTTP Firmware Upgrade and backup The web management feature allows you to use HTTP to upgrade new firmware and backup the system configuration from the local or even from the remote site as long as you enable Remote Upgrade and Remote web based setup from the Advanced Feature web page Email Alert A warning email can be sent to the system administrator if one of the WAN ports drops provided two WAN ports are enabled Also there 18 excessive ping notification availa
51. mended value is Enable Windows Systems by default act as DHCP clients This setting 1s called Obtain an IP address automatically DHCP Server Setup If you are already using a DHCP Server the DHCP Server setting must be disabled and the existing DHCP server must be set to provide the IP address of the VPN800 8 F Firewall as the Default Gateway Client Lease Time This is the period of time that a DHCP server leases an IP address to a DHCP client DHCP IP address range Offered Range fields set the values used by the DHCP server when allocating IP Addresses to DHCP clients This range also determines the number of DHCP clients supported Free Entries indicates how many DHCP entries are not currently allocated and available ARP Proxy Enable this ONLY if the LAN port has an IP address in the same address range as the WAN port s This means that all PCs using this Gateway must have valid fixed external Internet IP addresses If enabled enter the IP address range used on your LAN LAN Any IP Setup The default 18 disabled If you enable LAN ANY IP that means no matter what static IP address your client has the client does not need to change their IP address to access the Internet This 1s normally used when the client 16 on a different IP segment than the LAN segment 17 Tf Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 DHCP Client List This table s
52. nality Private IP Address LAN Enter the IP address of the PC you wish to associate with this WAN port IP address This IP address should be fixed or reserved See the Host IP section for details on reserving an IP address Access Grou p You can define the users who have authority to use the DMZ by defining the group s Host IP web page Direction For the DMZ you can allow inbound only outbound only or both inbound and outbound traffic Multi DMZ List Multi DMZ List shows the details of all DMZ configuration data that is currently defined You can modify configuration data by mouse clicking on the row 36 TIT Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 With the UPnP Universal Plug amp Play function it is easy to setup and configure an entire network to enable discovery and control of networked devices and services Petes ric ik HotBrick VPN SOO S 1 na Login Time 11 42 A Advanced Configuration 22 Host IP Routing Dynamicons nart setting UPnP Option If UPnP is enabled then this device will become one of the local network devices You can then find an icon for it In Network Neighborhood on a Windows XP computer on your LAN Every time you add a new service with port mapping the new service will appear on the mapping list UPnP Port Mapping List With UPnP enabled the table shows the det
53. namic DNS l Multi DMZ NAT Setting Advanced configuration Special Application Enable Use this to Enable or Disable this Special Application as required Name Enter a descriptive name to identify this Special Application Outgoing Protocol Select the protocol used by this application when sending data to the remote server or PC Outgoing Port Range Enter the beginning and end of the range of port numbers used by the application server for data you send If the application uses a single port number enter it in both fields Incoming Protocol Select the protocol used by this application when receiving data from the remote server or PC Incoming Port Range Enter the beginning and end of the range of port numbers used by the application server for data you receive If the application uses a single port number enter it in both fields Buttons Add Create a new Special Application entry Delete Delete the selected entry Update Save any changes you have made to the current entry Cancel Cancel any changes you have made since the last save operation 33 TI Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 Special Application List This list shows the details for all currently defined Special Applications You can modify its configuration data by mouse clicking the appropriate row Using a
54. o be forwarded to you Enable backup MX If enabled you must enter the Mail Exchanger address below Mail Exchanger If the setting above is enabled enter the address of the backup Mail Exchanger WAN Port Binding select the WAN port used by the Dynamic DNS service The Force Update button will update your record on the Dynamic DNS Server immediately 35 TH Brick SEN Tel Configurat Fax 305 398 5966 This feature allows each WAN port IP address to be associated with one 1 computer on your LAN AII outgoing traffic from that PC will be associated with that WAN port IP address Any traffic sent to that IP address will be forwarded to the specified PC allowing unrestricted 2 way communications between the DMZ PC and other Internet users or Servers Note The DMZ PC effectively outside the Firewall making it more vulnerable to attacks For this reason you should only enable the DMZ feature when required HotBrick VPN 800 8 HotB rick Login Time 11 42 A M Advanced Configuration Virtual Server UPnP Special Application Advance d Feature Outgoing Multi DMZ Enable Use this to enable or disable the DMZ setting as required WAN there 16 1 WAN port Its connection type may change based on your WAN connection type Static DHCP PPPoE Name Enter a name for this setting This name has no effect on the functio
55. onnection requests that would normally be blocked For each IP address allocated by your ISP a separate DMZ PC can be specified So if your ISP has provided multiple IP addresses you can have multiple DMZ PCs Each DMZ PC has unrestricted 2 way Internet access This allows you to run programs that are otherwise incompatible with NAT routers like the Multi WAN VPN Link Balancer Access Filter The network administrator can use the Access Filter to gain fine control over Internet access and applications available to LAN users Five 5 user groups are available and each group can be assigned unique access rights URL Filter Use this feature to block access to undesirable Web sites by LAN users You can even have different settings for different groups of PCs Session Limit With the Session Limit feature when the number of new sessions for the system exceeds the maximum in the sampling time any new session in the system will be dropped System Filter Exception The firewall rejects every packet with an unrecognized port to avoid port scans by hackers This requires exception handling in situations where some servers e g SMTP server port 113 or clients need to respond to non standard packets to indicate aliveness to their communication peers VPN Virtual Private Network Up to 50 VPN tunnels are supported with a fail over mechanism TI Bric
56. or a selected IP range to make VPN LAN to LAN connection Distinguished name remote client this is an email format address For example pete HotBrick com Preshared key Choose a shared secret for this entry They must be the same on both units Action Connect this button will initiate the tunnel Submit Query this button will add the policy When you use the tunnel to HotBrick unit or tunnel to HotBrick client configurations the Advanced Settings aren t required They are only required for configuring an IPSec tunnel to a third party unit 47 TI Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 JO O 5 O Ze 2 LJ amp sla ay gt Hote rick HotBrick VPN 800 8 Login Time 11 42 A M Tunnel Name In order to distinguish the tunnel you have to give the Tunnel a unique name PPPoE Session If you are using PPPoE to make the connection and your ISP offers multiple PPPoE sessions you can select these PPPoE sessions to construct VPN tunnels Enable setting The tunnel can only be connected if enabled Phase 1 DH Group Use DH Group 1 768 bits DH Group 2 1024 bits or Group 5 1536 bits to generate IPSec SA keys Phase 1 Encryption Method Three data encryption methods are available DES 3DES AES Phase 1 Authentication Method There are two authentication methods
57. port is required enter it in both fields WAN Port Range Enter the range of port number used for incoming traffic to this Server If only a single port is required enter it in both fields Allowed Remote IP This allows only a range of remote side IP address to access the virtual servers The default is 0 0 0 0 0 0 0 0 means all remote side IP address can access it Add Create a new Virtual Server entry Delete Delete the selected entry 31 TI Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 Update Save any changes you have made to the current entry Cancel Cancel any changes you have made since the last save operation Virtual Server List This table shows the detail for all Custom Virtual Server configuration data You can modify this configuration data by clicking the specific row you want to change 22 T Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 If you use Internet applications that use non standard connections or port numbers you may find that they do not function correctly because they are blocked by the VPN800 8 F Firewall In this case you must define the application as a Special Application in order for the application to work Note that the terms Incoming and Outgoing on this screen refer to traffic from the client PC viewpoint Hote rick HotBrick VPN 800 8 Login Time 11 42 A M Advanced Configuration Seep Host IP Routing Dy
58. quired Source IP IP address of the source sending the packets Destination IP IP address of the destination receiving the packets Subnet Mask With a subnet mask other than 255 255 255 255 you can make an IP subnetwork your destination Protocol Select protocol type used by the traffic you wish to configure Port Range Enter the beginning and end of the port range used by the traffic you wish to configure If only a single port is used enter the port number in both fields WAN Select the WAN port you wish this traffic to use Protocol and Port Binding List This list shows the details of all protocol and port configuration data that are currently defined You can modify them by mouse clicking the correct row HotBrick HotBrick VPN 800 8 Login Time 10 20 A M Kt K E Security Management VPN Configuration QoS Configuration Submit Cancel Device Status AUTO lt Device Information 2 7 e 50 Management Assistant Single IP IP Range add Delete Update 40 TI Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 Hote rick HotBrick VPN 800 8 Login Time 11 42 Security Management Su URL Filter Access Filter Session Limit SysFilter Exception Quick Installation Block Internet Access PN Configuration QoS Configuration 2 f Cancel This feature allows you
59. r the IP Address above Active WAN IP Info There is one 1 row for each active connection The following data 1s displayed for each connection IP Address The WAN Internet IP Address of the VPN 800 8 F Firewall Router Mask Address The Network Mask Subnet Mask for the IP Address NAT Timeouts This displays the current timeout values for TCP and UDP connections TCP Prosperity This displays the MSS Maximum Segment Size and Maximum Windows size for TCP packets NAT Traffic This section displays statistics for both outgoing LAN to Internet and incoming Internet to local traffic NAT Connections This displays the current number of active connections For further details click the View Connection list button Errors Statistics are displayed for Checksum errors number of retries and number of bad packets Misc This displays the total IP packets and reserved address Interface Statistics This section displays cumulative statistics Use the Restart Counter button to restart these counters when required 65 T Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 Hote rick HotBrick VPN 800 8 Login Time 11 42 A M Device Information Device Information Quick Installation Load Balancing r Refresh Factory Settings Restart Management Assistan ic s Device Statu Device Device Information Firmwar
60. ress as your remote security gateway Preshared Key Choose a shared secret for this entry this must be the same on both units Action Connect this button will initiate the tunnel Submit Query this button will add the policy 21 14 15 lt lt HotBrick VPN 800 8 Login Time 11 42 YPN Configuration Tunnel to HotBrick unit Advanced settings mesh Group vPs os Tunnel to HotBrick client Tunnel to 3rd Party VPN preset SA list Add New Policy v I Quick Installation Load Balancing 0 0 0 0 0 0 0 0 m Submit Reset 46 T Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 Tunnel to HotBrick Client This describes an IPSec tunnel from a the VPN 800 8 F to the HotBrick Client Software VPN Tunnel List allows you to add a new tunnel or change an existing one on the list The router can support a maximum of 50 tunnels Tunnel Name In order to distinguish the tunnels you have to give the Tunnel a unique name Tunnel Only after you enable the tunnel check box the tunnel can be connected WAN port You can choose WAN2 or Any to make the VPN connection Local Security Network These entries identify the private network on this VPN router The Network hosts can use the LAN to LAN connection You can choose a single IP address the subnet
61. ry port fails Connection type Check the data supplied by your ISP and select the appropriate option Static IP Select this if your ISP has provided a Fixed or Static IP address Then enter the data into the Address Info fields Dynamic IP Select this if your ISP provides an IP address automatically when you connect You can ignore the Address Info fields PPPoE Select this if your ISP uses this method Usually your ISP will provide some PPPoE software This software 18 no longer required and should not be used When this method 18 selected you must complete the PPPoE dialup fields Note If using the PPTP connection method select Static IP or Dynamic IP as appropriate according to the IP address method used by your ISP Address Info This 1s for Static IP users only Enter the address information provided by your ISP If your ISP provided multiple IP addresses you can use the Multi DMZ DNS This 1s for Static IP users only Enter the address information provided by your ISP If your ISP provided multiple IP addresses you can use the Multi DMZ Optional Host name This is required by some ISPs If your ISP provided a Host Name enter it here Otherwise you can use the default value Domain name This is required by some ISPs If your ISP provided a Domain Name enter it here Otherwise you can use the default value MAC address Some ISP s record your
62. s device should respond to ICMP requests received from the WAN port If Checked the selected packet types are blocked Otherwise they are accepted DNS Loopback When you have some servers on the LAN and their domain names have already been registered on a public DNS you can avoid a DNS loop back problem by entering the following fields Domain Name Enter the domain name specified by you for local server Private IP Enter the private IP address of your local server Interface Binding SMTP Simple Mail Transport Protocol Binding Unless you are using E mail accounts from different ISPs on each port you can ignore these settings Some ISPs configure their E mail Servers so they will not accept E mail from IP addresses not allocated by them If you are using accounts from different ISPs sending E mail over the wrong WAN port may result in non acceptance of the mail In this case you can use these 39 Tf Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 settings to correct the problem Enable If enabled the WAN port you specify will be used for all outgoing SMTP traffic If disabled either WAN port will be used WAN Select the desired WAN port to be bound Protocol and Port Bindings Use these settings 1f you wish to ensure that particular traffic is sent by a particular WAN port and thereby a particular ISP account Enable Enable or disable each item as re
63. te The VPN800 8 F Firewall uses industry standard IPSec encryption However due to the variations in how manufacturers interpret this standard many VPN products are not interoperable Although the VPN800 8 F Firewall can interoperate with many other VPN products it is not possible to provide specific technical support for every other product on the market Planning the VPN When planning your VPN you must make following choices first 1 If the remote end is a network the two endpoint networks must have different LAN IP address ranges If the remote endpoint is a single PC running a VPN client its destination address must be a single IP address with a subnet mask of 255 255 255 255 2 You can use the Internet Key Exchange IKE setup or Manual Keying that requires you to specify each phase of the connection IKE has become the standard for automatic keying 3 Decide what encryption level you are going to use DES 3DES or AES The settings you have to make to connect to another HotBrick product are basic Some Standard settings that we use for tunnels between our products are SHAT authentication AES 128 bits encryption and DH group 2 as hash algorithm This is a basic setting that ensures good speed and very secure encryption and authentication so your data will be safely transported via the IPSec tunnel There are two basic settings Tunnel to HotBrick Unit This describes how to setup an IPSec tunnel to a HotBrick VPN 401 VPNX2
64. te end of the VPN tunnel is alive or not Options NetBIOS Broadcast This is used to forward NetBIOS broadcasts across the Internet Auto Trigger This helps keep the IPSec tunnel connection us so it can be re established immediately if a connection is dropped and detected Anti Replay This keeps IP packet level security in order Passive mode This means that your PC establishes the data connection if you enable passive mode Check ESP Pad If enabled ESP Encapsulating Security Payload it will check ESP padding Allow Full Enable will allow full Explicit Congestion Notification ECN ECN is a standard proposed by the IETF that will cut down on network congestion and routers dropping packets Copy DF Flag When an IP packet is encapsulated as payload inside another IP packet some of the outer header fields can be rewritten and others are determined by the inner header Among these fields 1s the IP DF don t fragment flag When the inner packet DF flag is clear the outer packet may copy it or set it however when the inner DF flag is set the outer header MUST copy it 51 Tf Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 oet DF Flag If this DF Do not Fragment flag is set it means the fragmentation of this packet at the IP level is not permitted HotBrick HotBrick VPN 800 8 Login
65. the remote side 42 TI Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 Port Blocking There are two possible settings No Filtering all ports are open Block All Access All ports are closed When you make a new rule the port will be opened for that entry maximum number of rules you enter are 50 Filter Name Enter a meaningful name for this filter Protocol Type Select a protocol type you wish to block Port No Range Enter the range of port numbers you wish to block If only a single port is required enter it in both fields Hote rici HotBrick VPN 800 8 Login Time 11 42 Security Management URL Filter Access Filter SysFilter Exception Quick Installation Load Balancing PN Configuration QoS Configuration This new feature allows you to drop new sessions from both the WAN and LAN side This occurs when the number of new sessions exceeds the maximum value set by you In a sampling time Sampling time The time interval specified by you to count the new sessions Only new sessions are counted In the sampling time to check The default is 400 mil sec Maximum total of new sessions The maximum number of new sessions in the system that is acceptable the sampling time Any new incoming sessions will be dropped after the number of new sessions exceeds it Default 65535 session sec Maximum
66. there is a problem with a WAN port or not Email SMTP Server Address This is the email server a warning email will be sent to If the setting 1s enabled For example mail domain com Email SMTP Server User Name This is the user name of the email sender for authentication optional Email SMTP Server Password This is the user password Email Recipient Address This is the email recipient address ex admin yourdomain com If one of the WAN port disconnects the email message will be sent to this recipient Excessive Ping Notification This function prevents ICMP packet attacks from either the WAN or LAN on the unit These packets will be dropped if the ping times exceed the threshold value Ping Before Notification and will send an e mail to notify the administrator 1f Email Alert 1s enabled Ping Attack Notification By default this feature is Disabled 59 Tf Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 Ping Before Notification A threshold valuefor the maximum Pings allowed to each interface on thisdevicein a minute The valid values range from 0 to 9999 This sectionis only useful if you have SNMP Simple Network Management Protocol software on a PC or server If you have SNMP software you can use a standad MIB 2 file with the VPN 800 8 F Hote rick HotBrick VPN 800 8 Login Time 11 42 A M Management Assistant Admin
67. tiator of the tunnel the other unit will be the responder You can check the tunnel status in the SA list Information about key lifetimes and these kind of things you can find by pushing the tunnel status button in VPN Configuration Advanced settings 71
68. to block access to undesirable Web sites You can block by URL IP address or Keyword You can also have different blocking settings for different groups of PCs Every URL 18 searched to see if it matches or contains any of the URLs or keywords entered here Then after a DNS lookup it determines the IP address of the requested site the site s IP address 1s checked against IP address entries on this screen Note that a single IP address may host many Web sites Entering the address on this screen will block all Web sites hosted at that IP address Access Group This allows you to have different blocking rules for different Groups of PCs All PCs users are in the Default Group unless moved to another group on the Host IP screen If you want the same restrictions to apply to everyone select Default for the Group In this case there is no need to enter any Hosts on the Host IP screen If you wish to apply different restrictions to different Groups select the desired Group and click the Select button The screen will update data for the selected Group Block internet access When this setting is enabled all internet access is allowed there are no restrictions in place When a rule is added it will prohibit access to the website Allow Internet Access When this setting is active all internet access Is prohibited by default An entry here will enable access to the
69. uired 20 Tf Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 FS O TES rick Login Time 11 42 A M HotBrick VPN 800 8 Advanced WAN Port Options j PPPoE Quick Installation Load Balancing e Clear ARP Tables View ARP Tables Cancel Connection validation Health Check If disabled the Alive Indicator Check is not performed The default is enabled Health checking 15 performed by ICMP echo request and HTTP packets to the specified destination that could be either the Name or IP Address the user specified in the Alive Indicator input box or the gateway of the WAN interface used if Alive Indicator input box is blank Alive Indicator This is the IP address used to check if the WAN connection is operating The VPN800 8 F Firewall will contact this system to check if the WAN connection is working Change this address 1f you wish Default 1s the gateway IP Note This is not used for PPPoE connections MTU The Maximum Transmission Unit determines the packet size to be used on the WAN interface Normally this does not need to be changed but if your ISP advises you to use a specific MTU enter it here 2 TI Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 Transparant bridge option Bridge Mode If set to Enable this WAN port does not use NAT or the Load Balance function when both the LAN and WAN have
70. uter attached to the remote segment Interface Select the correct interface usually LAN The WAN interface is only available If NAT Network Address Translation 1s disabled Metric The number of hops routers pass through to reach the remote LAN segment The shortest path will be used Routing list This shows the current routing table set by users Configuring Other Routers on your LAN All traffic for devices not on the local LAN must be forwarded to the VPN800 8 F Firewall so that they can be forwarded to the Internet This 1s done by configuring other Routers to use the VPN800 8 F Firewall as the Default Route or Default Gateway as illustrated by the example below Static Routing example 19 17 15 192 168 1 100 Segment 0 Router 192 168 1 xx 192 168 1 1 segment 2 192 168 3 xx For the LAN shown above with 2 routers and 3 LAN segments the VPN800 8 F Firewall requires 2 entries as follows Entry 1 Segment 1 Entyf Segment i l Destination IP 192 168 2 0 _ 2 Metric Entry 2 Segment 2 Address LAN Metric 28 T Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 For Router A s Default Route Address Network Mask m Network Mask Gateway 192 168 2 80 Interface Metric This feature allows you to make Servers on
71. wing DNS server addresses and enter the DNS address or addresses provided by your ISP then click OK 72 Tf Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 Checking TCP IP Settings Windows XP 7T Select Control Panel Network Connection Right click the Local Area Connection and choose Properties You should see a screen like the following 1 Local Area Connection Properties General Authentication Advanced Connect using BS D Link DFE 530T PCI Fast Ethernet Adapter rev B This connection uses the following items iei Client For Microsoft Networks File and Printer Sharing For Microsoft Networks os Packet Scheduler Internet Protocol T CP IP Install Jrinste Properties Description Transmission Control Protocal Intermet Protocol The default wide area network protocol that provides communication across diverse interconnected networks Show icon in notification area when connected Figure B 7 Network Configuration Windows XP Select the TCP IP protocol for your network card Click on the Properties button You should then see a screen like the following 73 T Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 Internet Protocol TCP IP Properties General Alternate Configuration You can get IP settings assigned automatically if your network supports this capability Otherwise you need to ask your network admin
72. your LAN accessible to Internet users Normally Internet users are not able to access a server on your LAN because Your Server s IP address 1s only valid on your LAN not on the Internet Attempts to connect to devices on your LAN are blocked by the firewall in the VPN800 8 F Firewall The Virtual Server feature solves these problems and allows Internet users to connect to your servers as illustrated below 29 T Brick feu Note that in this illustration both Internet users are connecting to the same IP Address but using different protocols Connecting to the Virtual Server Once configured anyone on the Internet can connect to your Virtual Servers They must use the VPN800 8 F Firewall Internet IP Address the IP Address allocated by your ISP e g http 205 20 45 34 205 20 45 34 Internet users all virtual Servers your LAN have the same Address This IP Address 18 allocated by your ISP This address should be static rather than dynamic to make it easier for Internet users to connect to your Servers However you can use the Dynamic DNS feature explained later in this chapter to allow users to connect to your Virtual Servers using a URL instead of an IP Address e g T Brick HotBrick Tel 305 398 0888 Fax 305 398 5966 Hote rick HotBrick VPN 800 8 Login
Download Pdf Manuals
Related Search