Billion Electric Company BiGuard 30 User's Manual
Contents
1. Add QoS Rule Interface WAN Outbound Application iar Guaranteed Maximum Priority my DSCP Marking Disable v Address Type IP Address MAC Address Bandwidth Type Shared Bandwidth Bandwidth per Source IP Address Source IP Address Range From 192 168 100 1 To 1 92 166 100 100 Destination IP Address Range From 0 0 0 0 To 265 255 255 255 Protocal Any M source Port Range Helper From To Destination Port Range Helper From To DSCP Any vi schedule Candidates Always 2 2 4 Policy Based Traffic Shaping Policy Based Traffic Shaping allows you to apply specific traffic policies across a range of IP addresses or ports This is particularly useful for assigning different 18 policies for different PCs on the network Policy based traffic shaping lets you better manage your bandwidth providing reliable Internet and network service to your organization 6 Lowest Disable IP Address COMAC o Shared Bandwidth Bandwidth per Source IP Address lt j From 192 168 100 1 To 192 165 100 100 From 0 0 0 0 To 255 255 255 255 ge Helper om T Fort Range Helper le Candidates Quality of Service ha a oS Rule WAN 1 Inbound 6 Lowest Disabled IP Address MAC Address From 192 168 100 1 To 192 166 100 100 From 0 0 0 0 9 255 755 255 255 i From 1 To 65535 From 22. Description Transmizzion Control Protocollnternet Protocol The default Wide area network protocol that provides communication across diverse interconnected networks Show icon in notification area when connected 5 Ifan IP address subnet mask and a Default gateway are shown write down the information If no address is present your account s IP address is dynamically assigned Click the Obtain an IP address automatically radio button Internet Protocol TCP IP Properties General Alternate Configuration ou can get F settings assigned automatically if your network supporta this capability Othenvise pou need to ask your network administrator for the appropriate IP settings Obtain an IP address automatically Use the following IF address 0 Use the following ONS server addresses w 6 If any DNS server addresses are shown write them down Click the Obtain DNS 63 server address automatically radio button Internet Protocol TCP IP Properties General Alternate Configuration You can get P settings assigned automatically if pour network supports this capability Othenvise pou need to ask your network administrator for the appropriate IP settings Obtain an IF address automatically 0 Use the following IP address 7 Click OK to s
3. o Boies Windows XP Router Encryption Data IPSec lt i IPSec VPN Connection Seana IPSec VPN Host to LAN Single client Head Office Local OS Oooo o pe peo kenes fn a Secure Gateway Address or Hostname 192 IP Address 192 168 1 0 69 121 1 30 Nemas pasasaso 255 255 255 255 Proposal IKE Pre shared Key 12345678 12345678 Security Algorithm H 8 IP Sec Fail Over Gateway to Gateway biguard billion com 192 168 2 x ee 00200200 192 168 3 x es a ei ae BiGuard3 BiGuard1 Before Fail Over 192 168 2 x 200 200 200 1 192 168 3 x BiGuard3 biguard billion com BiGuard1 After Fail Over 193 Step 1 Go to Configuration gt Dual WAN gt General Settings Enable Fail Over by selecting the Fail Over radio button Then configure your Fail Over policy Y puuow Status Quick Start Configuration LAN WAN Dual WAN General Setting Outbound Load Balance Inbound Load Balance Protocol Binding System Firewall YPN QoS Virtual Server Advanced Save Config to Flash BiGuard 50 jsusiness Security Gateway SMB General Setting Apply C Load Balance Fail Over Enable Disable Not in service when probing failed after B consecutive times Every fo seconds C Gateway Host jiss fos Jis2 J C Gateway ate 7 pf Enable Disable SAVE CONFIG RESTART Eoelcielthi Step 2 Go to Configuration gt Advanced gt Dynamic DNS a
4. Log Off Administrator Windows XP Professional Turn Off Computer 202 Step6 In Network Tasks Click Create a new connection and press Next i ae s Network Connections aam Qy fact p S JO search Folders Ei Address Network Connections Network Tasks New Connection Wizard E Create a new connection Set up a home or small office network Change Windows Firewall settings This wizard helps you Welcome to the New Connection J Wizard Connect to the Intemet See Also Connect to a private network such as your workplace network Network Troubleshooter Set up a home or small office network Other Places G Control Panel My Network Places B My Documents p My Computer To continue click Next Details Network Connections System Folder ne 2 Start s Network Connections IB New Connection Wizard Step7 Select Connect to the network at my workplace and press Next Ry Bac P JO search ii Folders Ei Address Network Connections Network Tasks New Connection Wizard J Create a new connection Set up a home or small What do you want to do office network Change Windows Firewall settings Connect to the Internet Connect to the Intemet so you can browse the Web and read email See Also Connect to a business network using dial up or VPN so you can work from home a field office or another location
5. 3 E Create a new 3 connection UTATA E N eT i z JVIDIA nForce Networki fy Set up a home or small a Disable office network Status Disable this network Repair device x Repair this connection mp Rename this connection Create Shortcut view status of this Delete connection Rename Change settings of this connection a0 ra nak r A File Edit View Favorites Tools Advanced Help an fo A DW Baci P S p Search Key Folders Ei he Z Address e Network Connections Go E amp A LAN or High Speed Internet ao Network Tasks i P w bad m Bridge Connections Properties Other Places E Control Panel My Network Places G3 My Documents ig My Computer Details Local Area Connection LAN or High Speed Internet eae oe ad aso 230 518 For Help click Help Topics on the Help Menu E Network Connections 3 Select I nternet Protocol TCP IP and click Properties Local Area Connection Properties General Authentication Advanced Connect using Be NVIDIA nForce Networking Controller This connection uses the following tems El Clent for Microsoft Networks a File and Printer Sharing for Microsoft Networks a oS Packet Scheduler Internet Protocol TCP IP Install Uninstall Description Transmission Control Protocale nternet Protocol The default Wide area network protocol that provides communication across diverse int
6. Set up a home or small office network Other Places Connect to an existing home or small office network or set up a new one Network Troubleshooter G Control Panel Set up an advanced connection u My Network Places Connect directly to another computer using your serial parallel or infrared port or set up this computer so that other computers can connect to it B My Documents 4 My Computer Network Connections System Folder a Start a Network Connections E New Connection Wizard 203 Step8 Select Virtual Private Network connection and press Next al s Network Connections ay ach i wi pP Search n Folders Ez Address Network Connections Network Tasks I Create a new connection Set up a home or small How do you want to connect to the network at your workplace office network Change Windows Firewall settings Create the following connection Dial up connection See Also Connect using a modem and a regular phone line or an Integrated Services Digital Network ISDN phone line J Network Troubleshooter Connect to the network using a virtual private network VPN connection over the Other Places Intemet g Control Panel E My Network Places B My Documents 3 My Computer Details Network Connections System Folder Start s Network Connections EB New Connection Wizard Step9 Input the user defined name for this connection an
7. ran ez err cae S 230 100 100 1 gt ISP 213 100 100 2 192 168 2 3 ee z EAE S With Outbound Load Balancing you can improve upload performance by optimizing your connection via Dual WAN To do this follow these steps Step 1 Go to Configuration gt WAN gt ISP Settings Configure your WAN1 ISP settings and click Apply A Billion BiGuard 50 igusiness Security Gateway SMB WAN1 status Static IP Quick Start 7 Connection Method Static IP Settings Configuration ev IP assigned by your ISP 230 l fioo fioo l fi LAN IP Subnet Mask pss pss ps poo WAN ISP Gateway Address 230 100 100 254 ISP Settings oe al MRC e I Your ISP requires you to input Ethernet MAC angwigt ettings FEE fo fo fo l fo l fo fo Dual WAN Primary DNS fies ps fa f S Yy stem als Secondary DNS 168s T Firewall iiini RIP Disable RPIP 2B RIP 2M VPN MTU 1500 Virtual Server Apply Reset Advanced Save Config to Flash SAVE CONFIG RESTART Eolcielthi 175 Step 2 Configure your WANZ2 ISP settings and click Apply A gt te W re Q BiGuard 30 iBusiness Security Gateway SMB woring commancoboos wh Security Static IP Settings E Configuration 3 100 LAN VAN ISP Settings Bandwidth Settings Dual VWWAN MAC Address 0o Firewall VPN QoS Virtual Server Advanced Save Config to Flash SAVE CONFIG RESTART LOGOUT Step 3
8. 31 100 100 100 1 BiGuard10 192 168 3 x a 4 192 168 2 x o ilon da me BiGuard30 _BiGuard10 492 168 4 x Before Fail Over _ biguard billion com 100 100 100 1 BiGuard10 192 168 3 x BiGuard10 o E m BiGuard30 192 168 4 x Configuring BiGuard 30 for Fail Over provides added reliability to your VPN 2 6 3 Concentrator The VPN Concentrator provides an easy way for branch offices to connect to headquarter through a VPN tunnel All branch office traffic will be redirected to the VPN tunnel to headquarter with the exception of LAN side traffic This way all branch offices can connect to each other through headquarter via the headquarter s firewall management You can also configure BiGuard 30 to function as a VPN Concentrator Please refer to appendix H for example settings Local subnet 192 168 3 0 Local subnet 0 0 0 0 Local mask 255 255 255 0 Local mask 0 0 0 0 Remote subnet 0 0 0 0 Remote subnet 192 168 3 0 200 200 200 1 Remote mask 0 0 0 0 Remote mask 255 255 255 0 a 192 168 3 x _ aaa sma BiGuard 10 192 168 2 x pm Me 100 100 100 1 BiGuard 30 Seance Local subnet 0 0 0 0 a 192 168 4 x 201 201 201 1 1 Local mask 0 0 0 0 Local Paua 195 P8 40 Remote subnet 192 168 4 0 Local mask 255 255 255 0 Remote mask 255 255 255 0 Remote subnet 0 0 0 0 Remote mask 0 0 0 0 32 Chapter 3 Getting Started 3
9. Dual AN Factory Default Settings system Time Zone Remote Access Firmware Upgrade Backup Restore Restart Password system Log Server E Mail Alert Firewall YPN QoS Virtual Server Advanced save Config to Flash The Restart feature allows you to easily restart BiGuard 30 To restart with your last saved configuration select the Current Settings radio button and click Restart If you wish to restart the router using the factory default settings select Factory Default Settings and click Restart to reboot BiGuard 30 with factory default settings You may also reset your router to factory default settings by holding the Reset button on the router until the Status LED begins to blink Once BiGuard 30 completes the boot sequence the Status LED will stop blinking 4 4 4 6 Password 101 Password Status Quick Start Password pee Configuration Confi onfirm pe O O LAN WAN AN wote number of maxiumum chacters of password is 32 characters Dual WAN Apply Reset System Remote Access Firmware Upgrade Backup Restore Restart Password System Log Server E Mail Alert Firewall VPN QoS Virtual Server save Config to Flash In order to prevent unauthorized access to your router s configuration interface it requires the administrator to login with a password You can change your password by entering your new password in both fields Click Apply to save your changes
10. Getting Started CD ROM Quick Start Guide AC DC Power Adapter 12VDC 1A 1 3 1 Front Panel BiltlLiOal SYSTEM LAN WANI WANI Powar nRACT E eS er W mA TL CITE gs Med i a 4 7 12 LED Function A solid light indicates a steady connection to a power source A blinking light indicates the device is writing to flash memory Lit when connected to an Ethernet device 10 100M Litgreen when connected at 100Mbps Not lit when connected at 10Mbps Link ACT Lit when device is connected Blinking when data is transmitting receiving Lit when connected to an Ethernet device 10 100M Lit green when connected at 100Mbps Not lit when connected at 10Mbps Link ACT Lit when device is connected Blinking when data is transmitting receiving Lit when connected to an Ethernet device 10 100M Lit green when connected at 100Mbps Not lit when connected at 10Mbps Link ACT Lit when device is connected Blinking when data is transmitting receiving DCL2V 13 To reset the device and restore factory default settings after RESET the device is fully booted press and hold RESET until the Status LED begins to blink WAN2 10 100M Ethernet port with auto crossover support WAN2 connect xDSL Cable modem here WAN1 10 100M Ethernet port with auto crossover support WAN1 connect xDSL Cable modem here LAN Connecta UTP Ethernet cable Cat 5 or Cat 5e to one of the eight LAN po
11. 196 Step 2 Go to Configuration gt VPN gt IPSec gt IPSec Policy and configure the link from BiGuard 30 to BiGuard 10 Branch B Y puuow Status Quick Start Configuration Save Config to Flash BiGuard 50 igusiness Security Gateway SMB test2 Enabled Disabled WANI WAN2 C Auto IP Address od Subnet IP Address Hostname Remote WWAN IP ity ii mj mm Subnet D 5 D D 5 oa i id yii u 201 201 201 1 201 201 201 1 li ii T TH 255 i a mn ho mn n Main Mode Aggressive Mode Manual Key ESP AH 3DES S MDS Enabled Disabled 12345678 28800 Seconds 3600 Seconds C Enabled Disabled L gt SAVE CONFIG RESTART Eoelcielthi o Step 3 Go to Configuration gt VPN gt IPSec gt IPSec Policy and configure the connection from BiGuard 10 Branch A to BiGuard 30 A BHULION Status Quick Start Configuration LAN WAN Bandwidth Settings System Firewall YPN IPSec IPSec Wizard IPSec Policy PEIE QoS Virtual Server Save Config to Flash BiGuard 0 iBusiness Security Gateway Smail Office Annly test Enabled Disabled IP Address bd Subnet IP Address Hostname Remote WAN IP IN rep By Subnet ite M o co yi d WH ho mn J hm mn mn ho mn mn J Jl 1 1 Main Mode Aggressive Mode C Manual Key ESP AH 3DES g MD
12. BiGuard 50 jgusiness Security Gateway SMB Traffic Statistics Status Sane Statistics ARP Table Rx Bytes 15451653 Rx Packets 48560 Routing Table WAN 1 Tx Bytes 56994739 Tx Packets 53541 Session Table Rx Bytes 0 Rx Packets 0 DHCP Table WAN 2 Tx Bytes 0 Tx Packets 0 IPSec Status E Diagram PPTP Status i Display Rx Bytes gt Traffic Statistics 50 system Log IPSec Log Quick Start Configuration Save Config to Flash RX Bytes S 0 f f t f t f 00 05 10 15 20 29 30 35 40 45 50 55 60 TimeCmin Miwant Traffic Miwan2 Traffic SAVE CONFIG RESTART Eolcielthi Step 6 Click Save Config to save all changes to flash memory 177 H 3 Inbound Fail Over 192 168 2 2 ftp ftp billion dydns org a E tp billion dyndns arg Interne Before Fav Over keroie Access imm niemef fp ftp billion dydre org T ij a Internet ftp Billion dyndns org After Fall Over ternate Access Anant itfenret Configuring your BiGuard 30 for Inbound Fail Over is a great way to ensure a more reliable connection for incoming requests To do so follow these steps NOTE Before you begin ensure that both WAN1 and WANZ2 have been properly configured See Chapter 4 Router Configuration for more details Step 1 From the Web Configuration Interface go to Configuration gt Dual WAN gt General Settings Select the Fail Over radio button y BILLION BiGuard 5 O iBusiness
13. Click Reset to reset to the default administration password admin 4 4 4 7 System Log Server Status System Log Server Quick Start z a Send Log To Remote Server C Enable Disable Configuration ssi tae Log Server IP Address fis2 fies T T LAN WAN Apply BEIRAK System Time Zone Remote Access Firmware Upgrade Backup Restore Restart Password system Log Server E Mail Alert Firewall VPN QoS Virtual Server Advanced Save Config to Flash This function allows BiGuard 30 to send system logs to an external Syslog Server Syslog is an industry standard protocol used to capture information about network 102 activity To enable this function select the Enable radio button and enter your Syslog server IP address in the Log Server IP Address field Click Apply to save your changes To disable this feature simply select the Disable radio button and click Apply 4 4 4 8 E mail Alert E Mail Alert Parameters E Mail Alert C Enable Disable gt Recipient s E Mail Address Sender s E Mail Address OOS aa SMTP Mail Server Ss Dual VWWAN Mail Server Login C Enable Disable Status Quick Start Configuration system Username Time Zone Password Remote Access Firmware Upgrade Backup Restore Restart Password Alert via E Mail when C Immediately C Hourly C Daily 12 00 z CAM CPM Cc Weekly sunday When log is full system Log Server E Mail Alert Apply Firewall VPN
14. General Setting Load Balance Fail Over Enable Disable Not in service when probing failed after g consecutive times Every fo seconds Gateway Host fo p p p Gateway C Host fo p p p Enable Disable Apply 198 Step 2 Go to Configuration gt Dual WAN gt Protocol Binding and configure settings for WAN1 M BILLION BiGuard 50 iBusiness Security Gateway SMB Protocol Binding Status Quick Start 4 _ Configuration a C All Source IP Specified Source IP WAN Dual VWWAN General Setting Ni mm m f co T al ill All Destination IP Specified Destination IP 200 4200 4200 a ag mn Outbound Load Balance ie a nm i a mn ai N QO a 4 Inbound Load Balance Protocol Binding l System aj Ad Protocol Binding has higher priority than Routing ewa VPN Apply a Jos Virtual Server Save Config to Flash SAVE CONFIG RESTART Eoelcielthi S Step 3 Go to Configuration gt Dual WAN gt Protocol Binding and configure settings for WAN2 A BiLLion BiGuard 50 iBusiness security Gateway SMB Protocol Binding Add Protocol Binding Rules eae interface WAN WAN 2 Configuration F Source IP Range o0 C All Source IP Specified Source IP TEN Source IP Address J o E p a Dual WWAN as Destination IP Range All Destination IP EPER Destination IP Destination IP Address ff pP pP P 0 EE Desti
15. IP Range The IP Range of the remote network Single Address The IP address of the remote host Gateway Address The gateway address of the remote host Proposal Secure Association SA SA is a method of establishing a security policy between two points There are three methods of creating SA each varying in degrees of security and speed of negotiation Main Mode Uses the automated Internet Key Exchange IKE setup most secure method with the highest level of security Aggressive Mode Uses the automated Internet Key Exchange IKE setup mid level security Speed is faster than Main mode Manual Key Standard level of security It is the fastest of the three methods Method There are two methods of checking the authentication information AH Authentication Header and ESP Encapsulating Security Payload Use ESP for greater security so that data will be encrypted and authenticated AH data will be authenticated but not encrypted Encryption Protocol Select the encryption method from the pull down menu There are several options DES 3DES and AES 128 192 and 256 3DES and AES are more powerful but increase latency DES Stands for Data Encryption Standard It uses a 56 bit encryption method 3DES Stands for Triple Data Encryption Standard It uses a 168 bit encryption method AES Stands for Advanced Encryption Standard You can use 128 192 or 256 bits as encryption method Authentication Protocol Authentication establish
16. Static Route Dynamic DNS Device Management Save Config to Flash SAVE CONFIG W RESTART OGOUT 179 Powe ring communicotons with Security Step 4 From the same menu set the WAN2 DDNS settings p E at E H J CAE GS ce Powering communications Li LB with Security Status Quick Start Configuration LAN www dyndns org dynamic v ftp billion dyndns org username Dual WAN system l i Firewall VPN QoS Virtual Server Advanced Static Route Dynamic DNS Device Management Save Config to Flash SAVE CONFIG RESTART OGOUT Step 5 Click Save Config to save all changes to flash memory M TV i iv scans we Powering communications IUN with Security Status Quick Start Configuration LAN WAN Dual VAN system Firewall VPN QoS Virtual Server Advanced Static Route Dynamic DNS Device Management save Config to Flash SAVE CONFIG RESTART OGOUT 180 Powe ring communicohens with Security H 4 DNS Inbound Fail Over Authoritative Domain Name Server _ 192 168 2 2 200 200 200 1 www mydomain com FTP 1st connection cD L y DN Built in DNS _ 192 168 2 3 24 connection gt 200 200 1 HTTP Before Fail Over DNS 192 168 2 2 g 4 1st connection FTP aga www mydomain com a 2d connection N DNS 192 168 2 3 Built in DNS 100 100 100 1 Pannen HTTP After Fail Over NOTE Before proceeding please ensure that both W
17. Tools Updatesjet the date time and time zor B P Y D Fonts Game Internet Keyboard Mouse Controllers Options b 3 Scheduled Tasks Faxes Language Cameras yf A 8 Speech System Taskbar and User Accounts Start Menu Network Connections Al LAN or High Speed Internet ocal 4rea Connection nabled wie NVIDIG nForce Networki Network Tasks E Create anew connection Set up a home or small office network Disable this network device xy Repair this connection mj Rename this connection view status of this connection a Change settings of this connection Other Places Control Panel a My Network Places G My Documents i My Computer Details Local Area Connection LAN or High Speed Internet ae eS moa eee Disable Status Repair Bridge Connections Create Shortcut are Delete Rename Properties For Help click Help Topics on the Help Menu 1 Paint Network Connections 230 518 4 Select Internet Protocol TCP IP and click Properties 62 i Local Area Connection Properties P a General Suthentication Advanced Connect uzing E NVIDIA nForce Networking Controller L This connection uses the following items El Chent for Microsoft Networks File and Printer Sharing for Microsoft Networks ml QoS Packet Scheduler Pe nternet Protocol TCP IP
18. 192 168 1 25 1258 192 168 1 254 80 192 168 1 25 1262 192 168 1 254 80 192 168 1 25 1260 192 168 1 254 80 192 168 1 25 1264 192 168 1 254 80 192 168 1 25 137 192 168 1 255 137 Session 1 6 of 6 1 1 a Eiter From IP From Port To IP To Port evel First Previous Next Last Jump to session GO Status ARP Table Routing Table session Table DHCP Table IPSec Status PPTP Status Traffic Statistics system Log Configuration save Config to Flash No Number of the list Protocol Protocol type of the Session From IP Source IP of the session From port source port of the session To IP Destination IP of the session To port Destination port of the session Sessions Filter when the presented field is filled please click Filter button From IP please input the source IP you would like to filter From port please input the source port you would like to filter To IP please input the destination IP you would like to filter To port please input the destination port you would like to filter First To the first page Previous To the previous page Next To the next page Last To the last page Jump to the session please input the session number you would like to see and press GO 4 2 4 DHCP Table The DHCP Table displays a list of IP addresses that have been assigned to PCs on 69 your network via Dynamic Host Configuration Protocol DHCP DHCP Table DHCP IP Assignment Tab
19. 4 Check to see that the WAN port is properly connected to the ISP If a Connected by x where x is your connection method is not shown your router has not successfully obtained an IP address from your ISP If an IP address cannot be obtained 1 Turn off the power to your cable or DSL modem 2 Turn off the power to your BiGuard 30 3 Wait five minutes and power on your cable or DSL modem 4 When the modem has finished synchronizing with the ISP generally shown by LEDs on the modem turn on the power to your router If an IP address still cannot be obtained Your ISP may require a login program Consult your ISP whether they require PPPoE or some other type of login If your ISP requires a login check to see that your User Name and Password are entered correctly Your ISP may check for your PC s host name Assign the PC Host Name of your ISP account as your PC s host name on the router Your ISP may check for your PCs MAC address Either inform your ISP that you have purchased a new network device or ask them to use your router s MAC address or configure your router to spoof your PC s MAC address 146 If an IP address can be obtained but your PC cannot load any web pages from the Internet Your PC may not recognize DNS server addresses Configure your PC manually with DNS addresses Your PC may not have the router correctly configured as its TCP IP gateway 5 5 Problems with Date and Time
20. Click Save Config to save all changes to flash memory 208 Step5 In another BiGuard as Client Go to Configuration gt WAN gt I SP Settings a 5 y Bi LION Danone OE iG TE Powering communications i L7 r l l j with Security lways Connect fio minutes E Save Config to Flash RESTART Step6 Click Apply and Save CONFIG 209 Powe ring communicotons with Security
21. Disable Apply Reset Username Enter your user name Password Enter your password Retype Password Retype your password Connection Select whether the connection should Always Connect or Trigger on Demand If you want the router to establish a PPPoE session when starting up and to automatically re establish the PPPoE session when disconnected by the ISP select Always Connect If you want to establish a PPPoE session only when there is a packet requesting access to the Internet i e when a program on your computer attempts to access the Internet select Trigger on Demand Idle Time Auto disconnect the router when there is no activity on the line for a predetermined period of time Select the idle time from the drop down menu Active if Trigger on Demand is selected IP Assigned by your ISP If your IP is dynamically assigned by your ISP select the Dynamic radio button If your IP assigns a static IP address select the Static radio button and input your IP address in the blank provided 84 MAC Address If your ISP requires you to input a WAN Ethernet MAC check the checkbox and enter your MAC address in the blanks below Candidates You can also select the MAC address from the list in the Candidates DNS If your ISP requires you to manually setup DNS settings check the checkbox and enter your primary and secondary DNS RIP To activate RIP select Send Receive or Both from the drop down menu To disable RIP select
22. If the date and time is not being displayed correctly be sure to set it for your BiGuard 30 via the Web Configuration Interface Both date and time can be found under Configuration gt System gt Time Zone 5 6 Restoring Factory Defaults You can restore your BiGuard 30 to its factory settings by holding the Reset button on the back of your router until the Status LED begins to blink This will reset your router to its default settings cP ss E E H i k i e e e A 147 Appendix A Product Specifications Availability and Resilience Dual WAN ports Load balancing for increased bandwidth of inbound and outbound traffic Automatic failover to redirect the packet when one broadband connection is broken It will keep your Internet connection always online whenever one connection should fail Virtual Private Network IPSec VPN supports up to 30 IPSec tunnels IPSec VPN performance is up to 30 Mbps PPTP VPN support up to 4 PPTP tunnels PPTP VPN performance is up to 10 Mbps Manual key Internet Key Exchange IKE authentication and Key Management Authentication MD5 SHA 1 DES 3DES encryption AES 128 192 256 encryption IP Authentication Header AH IP Encapsulating Security Payload ESP IPSec VPN concentrator Dynamic IPSec VPN FQDN support IPSec NAT Traveersal IPSec NAT T IPSec DPD Dead Peer Detection Supports remote access and office to office IPSec Connections PPTP S
23. Select Adapter then Add Select Network Component Type c Select the manufacturer and model of your Ethernet adapter then click OK 50 ila ommuni with O CUT ity Select Network adapters x Click the Network adapter that matches your hardware and then click OE It pou have an installation disk for this device click Have Disk Manufacturers Network Adapters F Existing Ndis2 Driver aif Existing ODI Driver Have Disk a If you need TCP IP a Click Add Network 7 Configuration Identification Access Control The following network components are installed E Microsoft Family Logon Sf ADSL Company ADSL USB Modem af ASUSTeK Broadcom 440 10 700 Integrated Controller Jy Dial Up Adapter of Properties Add Remove Primary Network Logon Microsoft Family Logon File and Print Sharing Description b Select Protocol then click Add 51 Select Network Component Type Ei ES Click the type of network component you want to install dd Cancel i Y Fr atoagcal Service Protocol is a language a computer uses Computers must use the same protocol to communicate c Select Microsoft gt TCP IP then OK Select Network Protocol x Click the Network Protocol that you want to install then click OF IF pou have ae an installation disk for this device click Have Disk Manufacturers Net
24. Servers follow the well known port assignments so clients can locate them If you wish to run a server on your network that can be accessed from the WAN i e from other machines on the Internet that are outside your local network or any application that can accept incoming connections e g peer to peer applications and are using NAT Network Address Translation then you will usually need to configure your router to forward these incoming connection attempts using specific 128 ports to the PC on your network running the application You will also need to use port forwarding if you want to host an online game server The reason for this is that when using NAT your publicly accessible IP address will be used by and point to your router which then needs to deliver all traffic to the private IP addresses used by your PCs Please see the WAN Configuration section of this manual for more information on NAT BiGuard 30 can also be configured as a virtual server so that remote users accessing services such as Web or FTP services via the public WAN IP address can be automatically redirected to local servers in the LAN network Depending on the requested service TCP UDP port number the device redirects the external service request to the appropriate server within the LAN network 4 4 8 1 DMZ The DMZ Host is a local computer exposed to the Internet When setting a particular internal IP address as the DMZ Host all incoming packets
25. WAN Dual WAN General Setting Outbound Load Balance Inbound Load Balance Protocol Binding oystem VPN QoS Virtual Server Advanced Save Config to Flash BiGuard 50 isusiness Security Gateway SMB DNS Server 1 SOA Domain Name Primary Name Server Admin Mail Box Serial Number Refresh Interval Retry Interval Expiration Time Minimum TTL NS Record Name Server MX Record Mail Exchanger IP Address fans ooo 36000 Sec e00 Sec ka m 180 Sec Private Public Domain will be appended automatically in these fields Apply SAVE CONFIG RESTART Eoelcielthi Step 3 Go to Configuration gt Dual WAN gt I nbound Load Balance gt Host URL 184 Mapping and configure your FTP mapping A Status Quick Start Configuration LAN DEIRU General Setting Outbound Load Balance Inbound Load Balance Protocol Binding System Firewall VPN QoS Virtual Server save Config ta Flash 4 i i i i SAVE CONFIG RESTART Step 4 Next configure your HTTP mapping Status Quick Start Configuration LAN WAN Dual WAN General Setting Outbound Load Balance Inbound Load Balance Protocol Binding system Firewall VPN QoS Virtual Server Advanced Save Config to Flash l i O gel i i wwe mm wwe O L Domain wit bo appended automaticaly intheso tieda SAVE CONFIG RESTART Step 5 Click Save Confi
26. x 1 38 250mm x 166 mm x 35mm non Bracket Power Requirement Input 12VDC 1A Operating Environment Operating temperature 0 40 degrees Celsius Storage temperature 20 70 degrees Celsius Humidity 20 95 non condensing 150 Appendix B Customer Support Most problems can be solved by referring to the Troubleshooting section in the User s Manual If you cannot resolve the problem with the Troubleshooting chapter please contact the dealer where you purchased this product Contact Billion Powering communications g with Security Home About Billion Product Education Support Partner Contact Us What s New Enjoy Mobility while keeping Net May 16 2005 in Quick Response _ SMB Solution FR EA RAII UNa Br eee to mI gni volP and Triple Play All in one economical pack of Wireless G AD SL2 router integrated with Billion iBusiness ADSL 2 routers at Computex powerfu QoS feature enabling of smooth net connection of inbound and S ji outbound data without concern of trafic congestion ecurity Appliance Solutions for head office Key Features and remote office gt gt Vv ADSL2 Downstream rate 24 Mbps Vv Quality of Service x voces mato faci V Firewall ge Aiea x Ideal for Home and SOHO users 802 119 Security Broadband 4 port switch broadband sharing Quality of Service Download Partner Press Area End User Area Casing Picture Firmware Driver Rear Panel Picture Us
27. 1 Overview Before you begin make sure that the TCP IP protocol and a functioning Ethernet network adapter is installed on each of your PCs The following operating systems already include the necessary software components you need to install TCP IP on your PCs Windows 95 98 Me NT 2000 XP 35 Mac OS 7 and later If you are using Windows 3 1 you must purchase a third party TCP IP application package Any TCP IP capable workstation can be used to communicate with or through BiGuard 30 To configure other types of workstations please consult the manufacturer s documentation 3 4 2 Windows XP 3 4 2 1 Configuring 1 Select Start gt Settings gt Network Connections h f s lt My Documents N papa Mocougu re b Ua 0 My Computer p Quick VoIP Setting cm 7 l Py My Network Testhings Places te gt Internet E a Explorer b k r s2 a a aN Set Program Access and Defaults x ee Windows Catalog ty Windows Update fen Programs RE O Control Panel eg Settings e Network Connections gt he Printers and Faxes Di Ee z f isplays existing network connections on this computer and Help and Support Taskbar and Start Menu helps you create new ones D o E Run Log Off Benno Hong Windows XP Professional Turn OFF Computer 2 In the Network Connections window right click Local Area Connection and select Properties 36
28. 168 2 3 HTTP Built in DNS TE ez 4 Built in DNS DNS Reauest www mydomain com DNS Reply 200 200 200 1 WAN eo N a_i WAN 2 100 100 100 1 Heavy load on WAN 2 200 200 200 1 DNS Reauest e www mydomain com 200 200 200 1 WAN 1 gt a N feared F a WAN 2 T d 100 100 100 1 Heavy load on WAN 1 DNS Reblv 100 100 100 1 Step 1 Go to Configuration gt Dual WAN gt General Settings Select the Load 183 Balance radio button Y snow Status Quick Start Configuration LAN WAN Dual WAN General Setting Outbound Load Balance Inbound Load Balance Protocol Binding Firewall VPN Virtual Server Advanced Save Config to Flash BiGuard 50 isusiness Security Gateway SMB General Setting Dual WAN Mode Mode Load Balance Fail Over WAN Port Service Detection Policy Service Detection for load balance Connectivity Decision Probe Cycle Probe V AN1 Probe WVWAN2 Failback to WWAN1 when possible for failover Apply Enable Disable Not in service when probing failed after g consecutive times Every Bo seconds Gateway C Host D p p ho o p p p Gateway C Host C Enable amp Disable SAVE CONFIG RESTART Eelcielthi Step 2 Go to Configuration gt Dual WAN gt Inbound Load Balance gt Server Settings and configure DNS Server 1 Y snow Status Quick Start Configuration LAN
29. 3 My Computer Details Network Connections System Folder start s Network Connections f New Connection Wizard Step11 Please press Finish s Network Connections Qy ac oF P Search n Folders Ei Address Network Connections Network Tasks New Connection Wizard J Create a new connection Skipton aa Completing the New Connection office network Wizard Change Windows Firewall settings You have successfully completed the steps needed to create the following connection BiGuard30 See Also Share with all users of this computer Network Troubleshooter Other Places The connection will be saved in the Network Connections folder CG Control Panel a My Network Places B My Documents ig My Computer To create the connection and close this wizard click Finish Network Connections System Folder Start s Network Connections EB New Connection Wizard 205 Step12 Double click the connection and input Username and Password that defined in BiGuard PPTP Account Settings Search W gt Folders lriil i eps Si F E gt LH Ip DI 718th Address Network Connections Go LAN or High Speed Internet Local Area Connection ae t sealtek RTLB139 F TREE Virtual Private Network e 2 pa AEE S Start this co ae h BiGuard30 a d 3 test mit A gt Disconnected ee name E na WAN Miniport PPTP 2 Delete onnec Password eee a a LE E A EEEE eT i Save
30. 4 05 06 10 2005 Sync Now Now Private LAN MAC Address 00 04 ed aa bb de Public WAN1 MAC Address 00 04 ed aa bb df Public WAN2 MAC Address 00 11 22 33 44 57 Firmware Version 1 06p Home URL Billion Electric Co Ltd LAN IP Address 192 168 1 254 Netmask 255 255 255 0 DHCP Serer Enabled WAN1 Connection Method Connect by IP Address not connected Netmask Gateway DNS Up Time WAN2 Connection Method No Link IP Address Matmacl RESTART 1 Click Apply if you would like to apply the settings on the current screen to the device The settings will be effective immediately however the configuration is not saved yet and the settings will be erased if you power off or restart the device 2 Click SAVE CONFIG to save the current settings permanently to the device 3 Click RESTART to restart the device There are two options to restart the device Select Current Settings if would like to restart using the current configuration Select Factory Default Settings if you would like to restart using the factory default configuration 4 To exit the router s web interface click LOGOUT Please ensure that you have Saved your configuration settings before you logout Be aware that the router is restricted to only one PC accessing the web configuration interface at a time Once a PC has logged into the web interface other PCs cannot gain access until the current PC has logged out If the previous PC forgets to logout the
31. Connection Method Static IP Settings IP assigned by your ISP lo IP Subnet Mask Configuration ISP Gateway Address Primary DNS Secondary DNS Save Config to Flash IP assigned by your ISP Enter the assigned IP address from your IP IP Subnet Mask Enter your IP subnet mask ISP Gateway Address Enter your ISP gateway address Primary DNS Enter your primary DNS Secondary DNS Enter your secondary DNS Click Apply to save your changes To reset to defaults click Reset 4 3 3 PPPoE Quick Start WAN1 PPPoE Quick Start Connection Method PPPoE Settings iv Quick Start WAN1 Username Quick Start WAN2 Status Password Configuration Retype Password Save Config to Flash Connection Always Connect iv Idle Time Username Enter your user name Password Enter your password Retype Password Retype your password Connection Select whether the connection should Always Connect or Trigger on Demand If you want the router to establish a PPPoE session when starting up and to automatically re establish the PPPoE session when disconnected by the ISP select Always Connect If you want to establish a PPPoE session only when there is a packet requesting access to the Internet i e when a program on your computer attempts to access the Internet select Trigger on Demand Idle Time Auto disconnect the router when there is no activity on the line for a predetermined period of time Select the i
32. Control Panel Ta Pa EF Add Hew Add Remove Date Time Desktop Display Fonts Game Hardware Programs Themes Controllers metw ork Internet Keyboard Moderns Mouse Multimedia Network NVIDIA rniiew 7 Options Desktop Ma ODBC Data Passwords Power Printers Regional Sound Effect Sounds Sources 32bit Management Settings Manager 3 System Telephony Users Fae Bun 3 From the drop down box select your Ethernet adapter 5 Po Wwe rng CETIM GE 7 a i T a bi iT AITTI fe CUrIT i Fi y Fj iP Configuration The window is updated to show your settings Using the default BiGuard 30 settings your PC should have An IP address between 192 168 1 1 and 192 168 1 253 A subnet mask of 255 255 255 0 A default gateway of 192 168 1 254 IP Configuration 3 5 Factory Default Settings Before configuring your BiGuard 30 you need to know the following default settings Web Interface Username admin Password admin LAN Device IP Settings IP Address 192 168 1 254 Subnet Mask 255 255 255 0 58 jii ommu Soc ity ISP setting in WAN site Obtain an IP Address automatically DHCP Client DHCP server DHCP server is enabled Start IP Address 192 168 1 100 End IP Address 192 168 1 199 3 5 1 User Name and Password The default user name and password are admin and admin respectively If you ever forget your user name and or password you
33. DHCF Server Apply Reset LAN Address Mapping WAN Dual WAN system Firewall Virtual Server Advanced save Config to Flash IP Address Enter the internal LAN IP address for BiGuard 30 192 168 1 254 by default Subnet Mask Enter the subnet mask 255 255 255 0 by default RIP RIP v2 Broadcast and RIP v2 Multicast Check to enable RIP Le Fr Poa ttc t TI maf ee PLL 4 4 1 2 DHCP Server In this menu you can disable or enable the Dynamic Host Configuration Protocol DHCP server The DHCP protocol allows your BiGuard 30 to dynamically assign IP addresses to PCs on your network if they are configured to automatically obtain IP addresses DHCP Server Parameters DHCP Server Functions Status Quick Start Enable Disable Configuration LAN Ethernet DHCP Server LAN Address Mapping WAN Dual VVAN 192 168 1 100 IP Pool Range to 192 168 1 199 IP Pool Range From Primary DNS Server Secondary DNS Server Primary WINS Server Secondary WINS Server Domain Name system Firewall Apply Reset Fixed Host YPN QoS Virtual Server Advanced Save Config to Flash To disable the router s DHCP Server select the Disable radio button and then click Apply When the DHCP Server is disabled you will need to manually assign a fixed IP address to each PC on your network and set the default gateway for each PC to the IP address of the router 192 168 1 254 by default To con
34. Disable from the drop down menu MTU Enter the Maximum Transmission Unit MTU for your network Network Address Translation Enables or Disables the NAT function To apply this interface as router mode please select Disable Due to default firewall feature if you would like to use router mode you have to input the packet filter rules you would like to forward in Configuration gt Firewall gt Packet filter Click Apply to save your changes To reset to defaults click Reset 4 4 2 1 4 PPTP Settings Status lt Connection Method PPTP Settings z Quick Start Username Configuration Password LAN Retype Password WAN PPTP Client IP ISP Settings PPTP Client IP Netmask Bandwidth Settings PPTP Client IP Gateway WAN IP Alias PPTP Server IP i Dual WAN Connection Always Connect system Idle Time 10 minutes r Firewall l Dynamic IP automatically assigned by your ISP IP assignd by your ISP C Fixed Your ISP requires you to input IP address fo fo i o f Virtual Server MAC Address M Your ISP requires you to input WAN Ethernet MAC Advanced Candidates MAC Address 00 cfo Soo foo foo foo SeU LEN l Your ISP requires you to manually setup DNS settings DNS Primary DNS o Jo Jo po Secondary DNS fo fo b bo RIP Disable 7 RIP 28 RIP 2M MTU 1432 Network Address O s Tan Enable Disable Apply Reset Username Enter your user name Password Enter your password Retype Password Retype
35. Dual WAN gt General Settings Select the Fail Over radio button Under Connectivity Decision input the number of times BiGuard 30 should probe the WAN before deciding that the ISP is in service or not 3 by default Next input the duration of the probe cycle 30 sec by default and choose the way BiGuard 50 jsusiness Security Gateway SMB WAN2 Static IP Settings ii a hh il N tan st Oo oO _ 1100 T Your ISP requires a to n Ethernet MAC Address foo Ho 00 Hoo Hoo E fe 92 Disable 7 RIP 2B RIP 2M 500 7 nt i Apply Reset SAVE CONFIG RESTART j Eelcielthi WAN ports are probed Y pow Status Quick Start Configuration LAN WAN Dual VAN General Setting Outbound Load Balance Inbound Load Balance Protocol Binding system Firewall VPN QoS Virtual Server Advanced Save Config to Flash BiGuard 50 jsusiness Security Gateway SMB General Setting Not in service when probing failed after f3 times Every fo seconds Gateway C Host fo p p p Gatewa C Host i fo p p p C Enable Disable Apply SAVE CONFIG RESTART Eolcielthi 174 Please ensure the WAN ports are functioning by performing a ping operation on each before proceeding Finally choose whether or not BiGuard 30 should fail back to WAN1 Step 4 Click Save Config to save all changes to flash memory H 2 Outbound Load Balancing 192 168 2 2
36. Enable Status ARP Table Name Status Peer Network Action Connect By Type Routing Table i Session Table DHCP Table IPSec Status PPTP Status Traffic Statistics system Log IPSec Log Quick Start Configuration Save Config to Flash Name The name you assigned to the particular PPTP entry Enable Whether the PPTP connection is currently Enable or Disable Status Whether the PPTP is Active Inactive or Disable Type Whether the Connection type is Remote Access or LAN to LAN Peer Network The Remote subnet for LAN to LAN as connection type Connect by The remote address when connected Action Manually drop the tunnel 4 2 7 Traffic Statistics The Traffic Statistics window displays both sent and received sent data in Bytes sec over a one hour duration The line in red represents WAN1 while the line in blue represents WAN2 Traffic Statistics Statistics Status ARP Table spas Rx Packets 223 Routing Table Session Table DHCP Table IPSec Status PPTP Status Traffic Statistics system Log IPSec Log Quick Start Configuration Save Config to Flash WAN 1 WAN 2 Diagram Display 0 00 05 10 Miwant Traffic Miwan2 Traffic Rx Bytes 36216 Tx Bytes 26716 Rx Bytes 0 Tx Bytes 21717 45 20 2 30 35 TimeCmin 71 Tx Packets 82 Rx Packets 0 Tx Packets 57 d 5 5 5 WAN1 Transmitted Tx and Received Rx bytes and packets for WAN1 WAN2 Transmitted Tx and Re
37. Firewall VPN QoS Virtual Server Save Config to Flash Step 3 Input DNS Server 1 settings and click Apply Powering lt onmunicotions with Security Quick Start gt Ss en ee con LAN gt z Dual WAN Retesh tonal Outbound Load Balance an Minimum Te si see Eeen NS Record System Name Sewer 00 TM PEA MX Record TT Mail Exchanger 0 M QoS Advanced Step 4 Configure your Host URL Mapping for DNS Server 1 by clicking Edit to enter the Host URL Mappings List Click Create and input the settings for Host URL Mappings and click New 182 Powering cCOmMmuUNIcohons with O CUFI y Y ano Status Quick Start Configuration LAN WAN Dual WAN General Setting Inbound Load Balance Protocol Binding System Firewall VPN QoS Virtual Server Advanced Save Config to Flash Outbound Load Balance BiGuard 50 jausiness Security Gateway SMB Host URL Mappings A Record Domain Name mydomain cam Host URL ft Private IP Address Candidates fis2 168 bp p Protocol ee k Port Range Helper p W O CNAME Namet Name2 si iSY Domain will be appended automatically in these fileds Analy SAVE CONFIG RESTART melee thy Step 5 Click Save Config to save all changes to flash memory H 5 DNS Inbound Load Balancing Authoritative Domain Name Server 192 168 2 2 FTP 192 168 2 3 HTTP 192 168 2 2 FTP 192
38. Flash SAVE CONFIG RESTART OGOUT Step 5 Go to Configuration gt Virtual Server and set up a virtual server for both FTP and HTTP A Powering communications with Security Status Quick Start Configuration LAN Wi A N Dual WAN WW q al System Firewall VPN QoS Virtual Server Advanced Save Config to Flash SAVE CONFIG ff RESTART OGOUT 189 Powe ring communicohens with Security sriow Guard 50 jsusiness Security Gateway SMB Virtual Server status Quick Start Configuration LAN WAN Dual WAN system Firewall VPN QoS Virtual Server Advance d J Save Config to Flash SAVE CONFIG RESTART LOGOUT TT Step 6 Click Save Config to save all changes to flash memory H 7 VPN Configuration This section outlines some concrete examples on how you can configure BiGuard 30 for your VPN H 7 1 LAN to LAN Branch Office Head Office Public IP Public IP l 192 168 0 254 69 121 1 30 69 121 1 3 192 168 171 254 Router IPSec VPN Connection 192 168 0 0 24 192 168 1 0 24 IPSec VPN LAN to LAN 190 Local es ee Remote Secure Gateway Address or 69 121 1 3 69 121 1 30 Hostname es ee 2 ee Proposal IKE Pre shared Key 12345678 12345678 Security Algorithm 191 H 7 2 Host to LAN Head Office Public IP Public IP 69 12 1 1 30 9 121 135 192 168 1254 ae i ti t r E
39. IPSec and PPTP IPSec PPTP 4 4 6 1 IPSec IPSec is a set of protocols that enable Virtual Private Networks VPN You can find two items under the IPSec section IPSec Wizard and I PSec Policy IPSec IPSec Wizard IPSec Folic y 4 4 6 1 1 IPSec Wizard 112 IPSec Wizard Step 1 of 3 Connection Information Quick Start eee l Connection Name Configuration Interface WANT WAN C Auto LAN _ Preshared Key i f A il LAN to LAN Status Dual WAN C LAN to LAN Mobile LAN Connection Type C LAN to Host C LAN to Host Mobile Client system Firewall WPN IPSec IPSec Policy PIFRTPF C LAN to Host For BiGuard WPN Client Virtual Server save Config to Flash Connection Name A user defined name for the connection Interface Select the interface the IPSec tunnel will apply to WAN1 Select interface WAN1 WAN2 Select interface WAN2 Auto The device will automatically apply the tunnel to WAN1 or WAN2 depending on which WAN interface is active when the IPSec tunnel is being established Note Auto only applies to Fail Over mode For Load Balance mode please do not select Auto In Load Balance mode Auto will be forced to WAN1 interface if Auto is selected Pre shared Key This is for the Internet Key Exchange IKE protocol IKE is used to establish a shared security policy and authenticated keys for services such as IPSec that require a key Before any IPSe
40. ISP MAC Address If your ISP requires you to input a WAN Ethernet MAC check the checkbox and enter your MAC address in the blanks below Candidates You can also select the MAC address from the list in the Candidates DNS If your ISP requires you to manually setup DNS settings check the checkbox and enter your primary and secondary DNS RIP To activate RIP select Send Receive or Both from the drop down menu To disable RIP select Disable from the drop down menu MTU Enter the Maximum Transmission Unit MTU for your network Network Address Translation Enables or Disables the NAT function To apply this interface as router mode please select Disable Due to default firewall feature if you would like to use router mode you have to input the packet filter rules you would like to forward in Configuration gt Firewall gt Packet filter Click Apply to save your changes To reset to defaults click Reset A simpler alternative is to select Quick Start from the main menu Please see the Quick Start section of this chapter for more information 4 4 2 2 Bandwidth Settings Under Bandwidth Settings you can easily configure both inbound and outbound 87 bandwidth for each WAN port Bandwidth Settings Max Bandwidth Provided by ISP Status Quick Start Configuration VAD 1 LAN OWAN WAN 2 Outbound Bandwidth Inbound Bandwidth Outbound Bandwidth Inbound Bandwidth ISP Settings SEES 28S These bandwidth settings wil
41. Protocol Binding Protocol Binding Table Mo Interface Sre lP Sre Netmask Dest IP Dest Netmask Protocol Port Range Status Quick Start Configuration LAN Create WAN Dual WAN General Setting Outbound Load Balance Inbound Load Balance P roto col Binding System Firewall VP Gos Virtual Server save Config to Flash The Protocol Binding Table lists any protocol binding that has been configured To add a new binding click Create 95 Protocol Binding Add Protocol Binding Rules Roamans cee Interface WAN 1 Configuration Source IP Range All Source IP p source IF AE a 2 source IP Address fo fo pf F Status Wt A ia Dual WAN Source IP Netriask Destination IP Range All Destination IP ae Destination IP General Setting Destination IP Address Outbound Load Ealar 4 fo p a E a Destination IP Netmask f bo Any J Inbound Load Balance Piae ol Binding Protocol Port Range Helper System Firewall VPN Apply dbs Protocol Binding has higher pronte than Routing Virtual Server save Config to Flash Interface Choose which WAN port to use WAN1 WAN2 Packet Type The particular protocol of Internet traffic for the specified policy Choose from TCP UDP or Any Source IP Range All Source IP Click it to specify all source IPs Specified Source IP Click to specify a specific source IP address and source IP netmask Source IP Address If Specif
42. QoS Virtual Server Advanced Save Config to Flash The Email Alert function allows a log of security related events such as System Log and IPSec Log to be sent to a specified email address Email Alert You may enable or disable this function by selecting the appropriate radio button Recipient s Email Address Enter the email address where you wish the alert logs to be sent SMTP Mail Server Enter your email account s outgoing mail server It may be an IP address or a domain name Sender s Email Address Enter the email address where you wish the alert logs to be sent by which address Mail Server Login some SMTP servers may request users to login before serving Select Enable to activate SMTP server login function disable to deactivate Username Input the SMTP server s username Password Input the SMTP server s password Alert via Email when Select the frequency of each email update Choose one of 103 the five options Immediately The router will send an alert immediately Hourly The router will send an alert once every hour Daily The router will send an alert once a day The exact time can be specified using the pull down menu Weekly The router will send an alert once a week When log is full The router will send an alert only when the log is full 4 4 5 Firewall BiGuard 30 includes a full Stateful Packet Inspection SPI firewall for controlling Internet access from your LAN and preven
43. Security Gateway SMB General Setting Dual WAN Mode Mode C Load Balance Fail Over WAN Port Service Detection Policy Service Detection Status Quick Start Configuration LAN Enable Disable WAN for load balance Dual VWAN Connectivity Decision Not in service when probing failed after g consecutive a times General Settin s Probe Cycle Every 30 seconds Outbound Load Balance Probe WANI Stee Inbound Load Balance Fiia 5 b bp bp Protocol Binding Probe WAN2 Sk ddl Host 0 ho ho ho Firewall Failback to WAN when C Enable VPN possible for failover Disable ARO E 0o Virtual Server Save Config to Flash Apply SAVE CONFIG RESTART Eolcielthi 178 Step 2 Configure Fail Over options if necessary pen Sees B I J UEAN Oe Tax f j ness S l f Powering communications PRE EULA with Security Status Quick Start Configuration LAN WAN Dual VAN es Every PO seconds B30 Outbound Load Balance Inbound Load Balance Protocol Binding C Gateway O OSS bP b p p o amp Gateway OO Virtual Server Advanced Save Config to Flash SAVE CONFIG RESTART OGOUT Step 3 Go to Configuration gt Advanced gt Dynamic DNS Set the WAN1 DDNS settings gt l ara SU ine ws Powering communications with Security Quick Start DynamicONS male C Disable OOO Configuration LAN WAN E ftp billion dyndns org Dual mr semen seme SS Virtual Server Advanced
44. also multiple NAT you can specify a subnet and LAN Gateway IP Address and select associated WAN IP Address specified in WAN IP Alias in Configuration gt WAN gt WAN IP Alias 79 LAN Address Mapping LAN Address Mapping Table NO Name IP Address Netmask Status Quick Start Configuration LAN Create Ethernet DHCP Server WAN Dual WAN system Firewall YPN QoS Virtual Server Advanced Save Config to Flash Please click Create to create a LAN Address Mapping rule LAN Address Mapping Add Subnet Name IP Address Netmask WAWN IP Address Candidates Status Quick Start Configuration LAN Ethernet DHCP Server LAN Address Mapping Apply Dual WAN System Firewall YPN QoS Virtual Server Advanced Save Config to Flash Name Please input the name of the rule IP Address Please input the LAN Gateway IP Address you would like to use Netmask Please input the Netmask you would like to use WAN IP Address Please click Candidates to select the WAN IP address you would like to use from WAN Alias list Click the Apply button to add the configuration into the LAN Address Mapping 4 4 2 WAN WAN refers to your Wide Area Network connection In most cases this means your router s connection to the Internet through your ISP BiGuard30 features Dual WAN capability There are three items within this section 80 With ISP Settings Bandwidth Settings WAN IP Alias The
45. be blocked to grant added security to your network URL Filtering You can choose to Enable or Disable this feature Keyword Filtering Click the checkbox to enable this feature To edit the list of filtered keywords click Details Domain Filtering Click the enable checkbox to enable filtering by Domain Name Click the Disable all WEB traffic except for trusted domains check box to allow web access only for trusted domains Restrict URL Features Click Block Java Applet to filter web access with Java Applet components Click Block ActiveX to filter web access with ActiveX components Click Block Web proxy to filter web proxy access Click Block Cookie to filter web access with Cookie components Click Block Surfing by IP Address to filter web access with an IP address as the domain name Exception List You can input a list of IP addresses as the exception list for URL filtering Keywords Filtering Create ne eywor Configuration LAN e wl A il Status Dual WAN Block WEB URLs which contain these keywords Sy Sa Mo keyword Firewall Packet Filter URL Filter LAM MAC Filter Block WAN Request Intrusion Detection EN Q 05 Virtual Server save Config to Flash Enter a keyword to be filtered and click Apply Your new keyword will be added to the filtered keyword listing 107 Domains Filtering Click the top checkbox to enable this feature You can also choose to disable all web traffic except for
46. be referenced by Gos and Loadbalance functions manowidth settings WAN IP Alias l Apply BEMER System Firewall VPN Eas Virtual Server Save Config ta Flash WAN1 Enter your ISP inbound and outbound bandwidth for WAN1 WAN2 Enter your ISP inbound and outbound bandwidth for WAN2 NOTE These values entered here are referenced by both QoS and Load Balancing functions 4 4 2 3 WAN IP Alias WAN IP Alias allows you to input additional WAN IP addresses WAN IP Alias can be used for Multiple NAT settings including LAN Address Mapping settings and Virtual Server settings WAN IP Alias WAN IP Alias Table MD Mame IP Address Interface status Quick Start Configuration LAN Create ISP Settings Bandwidth Settings WAN IP Alias Dual WAR System Firewall WEN Clos Virtual Server save Contig ta Flash Please click Create to create a LAN Address Mapping rule 88 WAN IP Alias Add WAN IP Status Quick Start N ame Configuration onfiquration aes oo e b bP LAN T Interface EWANI C WANS ISP Settings Apply Bandwidth Settings WAN IP Alias Dual VAT system Firewall VPN Advanced save Config ta Flash Name Please input the name of the rule IP Address Please input the additional WAN IP address you would like to use Interface Please select the WAN Interface that you would like to add the additional WAN IP to Click the Apply button to add the configuration into the WAN
47. between each probe Probe WAN1 Determines if WAN1 is a gateway or host If host is selected please enter the IP address Probe WAN2 Determines if WAN2 is a gateway or host If host is selected please enter the IP address Fail back to WAN1 when possible Enables or disables fail back to WAN1 This function only applies to fail over Click Apply to save your changes 4 4 3 2 Outbound Load Balance 90 Dual Wan Outbound Load Balance Status a auld C Balance by Session Round Robin a aka Balance by Session weight of link capacity C Based on session mechanism Balance by Session weight a Load Balance Policy C Balance by Traffic weight of link capacity C Balance by Traffic weight Dual VV AN General Setting nen ee E Based on IP add pase hani C Balance by weight of link capacity Outbound Load Balance ased on IP address hash mechanism Balance by weight 5 Inbound Load Balance Protocol Binding system Firewall YPN QoS Virtual Server Advanced Save Config to Flash Outbound Load Balancing on BiGuard 30 can be based on one of two methods 1 By session mechanism 2 By IP address hash mechanism Choose one by clicking the corresponding radio button Based on Session Mechanism The source IP address and destination IP address might go through WAN1 or WAN2 according to policy settings in this mechanism You can choose this mechanism if the applications the users use will not tell the difference
48. can restore your BiGuard 30 to its factory settings by holding the Reset button on the back of your router until the Status LED begins to blink Please note that doing this will also erase any previous router settings that you have made The Status LED will remain solid as the device boots Once the boot sequence is complete the LED will shut off indicating that BiGuard 30 is ready 3 5 2 LAN and WAN Port Addresses The default values for LAN and WAN ports are shown below IP address 192 168 1 254 The DHCP Client is enabled to automatically get the WAN port Subnet ask 233 233 233 0 configuration from the ISP DHCP server Enabled function IP addresses for 100 IP addresses continuing distribution to from 192 168 1 100 through PCs 192 168 1 199 3 6 Information From Your ISP 3 6 1 Protocols 59 Before configuring this device you have to check with your ISP Internet Service Provider to find out what kind of service is provided such as DHCP Static IP PPPoE or PPTP The following table outlines each of these protocols Configure this WAN interface to use DHCP client protocol to get an IP DHCP address from your ISP automatically Your ISP provides an IP address to the router dynamically when logging in Configure this WAN interface with a specific IP address This IP address should be provided by your ISP PPPoE PPP over Ethernet is known as a dial up DSL or cable service It PPPoE is designed to integrate the broadb
49. i PSB 315 PM 53 2 In the Control Panel double click Network and choose the Configuration tab Ed Control Panel aonana a Control Panel AddNew Add Remove Date Time Desktop Display Fonts Game Hardware Programs Themes Controllers Control Panel ore Keyboard Mod M Multimedia OAK NVIDIA rvi Configures network hardware ee ag sil oer Mimea bce Desk ee End software ptions esktop Ma Microsoft Home ai TA Fa Qe m Technical Support ODBC Data Passwords Power Printers Regional Sound Effect Sounds Sources 32bit Management Settings Manager e System Telephony Users St Client for Microsoft Networks Microsoft Family Logori 405L Company ADSL USB Modem ASUSTek Broadcom 440 10 700 Integrated Controller Dial Up Adapter eee ortho el GIT UE Microgott Family Logon 54 Powe r ing communicahons with S ecu ri ry 3 Select TCP 1P gt ASUSTek or the name of any Network Interface Card NIC in your PC and click Properties Network Configuration Identification Access Control The following network components are installed Hy 45 UST ek Broadcom 440 107100 Integrated Controller aA Dial Up Adapter TCPIP gt ADSL Company ADSL USB Modem Y TOPP gt ASUSTekrBroadcom 440s 107100 Integrated 4 TCPIP gt Dial Up Adapter Primary Network Logor Microsoft Family Logon all Eile and Print Sharing Description TCP IP ts the protocol you use to connect t
50. network via the Internet PPTP General Setting Ea PPTP function C Enable Disable Configuration uit D Ch ee uth Type ap or hap LAN Data Encryption Enable M y A Status Quick Start Encryption Key Length Auto od Dual WAN Feer Encryption Mode Only stateless System a IP Addresses Assigned to Peer Start fram 192 168 1200 Firewall 2 Idle Timeout 0 Min dls Enable data encryption wil use MWS CAAP Ye to authenticate the peer Apply Virtual Server Account Setting Advanced Name Enable Peer Network 5 a ve Co nfig to Flash Create PPTP function Select Enable to activate PPTP Server Disable to deactivate PPTP Server function Auth Type The authentication type Pap or Chap PaP Chap Data Encryption Select Enable or Disable the Data Encryption Encryption Key Length Auto 40 bits or 128 bits Peer Encryption Mode Only Stateless or Allow Stateless and Stateful IP Addresses Assigned to Peer Start from 192 168 1 x please input the IP assigned range from 1 254 except BiGuard 30 s LAN IP address with 192 168 1 254 as BiGuard 30 s default LAN IP address and IP pool range of DHCP server settings with 100 199 as BiGuard 30 s default DHCP IP pool range Idle Timeout Min Specify the time for remote peer to be disconnected without any activities from 0 120 Click Create to create a new PPTP VPN connection account 123 PPTP Add PP
51. of the WAN IP addresses some applications in the Internet need to identify the source IP address e g Back Forum Balance by Session Round Robin Balances session traffic based on a round robin method Balance by Session weight of length capacity Balances session traffic based on weight of length capacity Balance by Session weight Balances session traffic based on a weight ratio Enter the desired ratio in the blanks provided Balance by Traffic weight of length capacity Balances traffic based on weight of link capacity Balance by Traffic weight Balances traffic based on a traffic weight ratio Enter the desired ratio into the blanks provided Based on IP hash mechanism The source IP address and destination IP address will go through specific WAN port WAN1 or WANZ2 according to policy settings in this mechanism This will assure that some applications will work when it would like to 91 authenticate the source IP address Balance by weight of link capacity Uses an IP hash to balance traffic based on weight of link bandwidth capacity Balance by weight Uses an IP hash to balance traffic based on a ratio Enter the desired ratio into the blanks provided Click Apply to save your changes 4 4 3 3 Inbound Load Balance Dual Wan Inbound Load Balance status Si sia Function C Enable Disable Configuration LAN DNS Serer 1 Dual WAN DNS Server 2 server settings Host URL Mappings server setting
52. outbound traffic QoS helps users manage bandwidth and effectively prioritize data traffic It gives you full control over the traffic of any type of data Employed on DiffServ Differentiated Services architecture data traffic is given priority by the router ensuring latency sensitive applications like voice and mission critical data such as VPN move through the router at lightning speeds even under heavy load You can throttle the speed of different types of data passing through the router limit the speed of unimportant or bandwidth consuming applications and even distribute the bandwidth for different groups of users at home or in the office QoS keeps your Internet connection smooth and responsive G 3 How Does QoS Work QoS employs three different methods for optimizing bandwidth 170 Prioritization Assigns different priority levels for different applications prioritizing traffic High Normal and Low priority settings Outbound and Inbound IP Throttling Controls network traffic and allows you to limit the speed of each application DiffServ Technology Manages priority queues and DSCP tagging through the Internet backbone Manages traffic among Ethernet wireless and ADSL interfaces G 4 Who Needs QoS QoS is ideal for home and office users who need to use a variety of real time applications like VoIP on line games P2P video streaming and FTP simultaneously With QoS you can optimize your bandwidth to accommoda
53. protocol that provides authentication and integrity protecting data from tampering It provides authentication of either all or part of the contents of a datagram through the addition of a header that is calculated based on the values in the datagram The AH can also protect packets from unauthorized re transmission with anti replay functionality The presence of the AH header allows us to verify the integrity of the message but doesn t encrypt it Thus AH provides authentication but not privacy ESP protects data confidentiality Both AH and ESP can be used together for added protection A typical AH packet looks like this 160 Next Payload Reserved Header Length Sequence Number Authentication Data E 2 1 2 Encapsulating Security Payload ESP Encapsulating Security Payload ESP provides privacy for data through encryption An encryption algorithm combines the data with a key to encrypt it It then repackages the data using a special format and transmits it to the destination The receiver then decrypts the data using the same algorithm ESP is usually used with AH to provide added data security ESP divides its fields into three components ESP Header Placed before encrypted data the ESP Header contains the SPI and Sequence Number Its placement depends on whether ESP is used in transport mode or tunnel mode ESP Trailer Placed after the encrypted data the ESP Trailewwr contains padding that is used to a
54. repair it yourself Opening or removing the covers can expose you to high voltage and other risks In the case of malfunction turn off the power immediately and have it repaired at a qualified service center Contact your vendor for details Connect the power cord to the correct supply voltage Carefully place connecting cables to avoid people from stepping or tripping on them DO NOT allow anything to rest on the power cord and DO NOT place the power cord in an area where it can be stepped on DO NOT use BiGuard 30 in environments with high humidity or high temperatures DO NOT use the same power source for BiGuard 30 as other equipment DO NOT use your BiGuard 30 and any accessories outdoors If you wall mount your BiGuard 30 make sure that no electrical water or gas pipes will be damaged during installation DO NOT install or use your BiGuard 30 during a thunderstorm DO NOT expose your BiGuard 30 to dampness dust or corrosive liquids DO NOT use your BiGuard 30 near water Be sure to connect the cables to the correct ports DO NOT obstruct the ventilation slots on your BiGuard 30 or expose it to direct sunlight or other heat sources Excessive temperatures may damage your device DO NOT store anything on top of your BiGuard 30 Only connect suitable accessories to your BiGuard 30 Keep packaging out of the reach of children If disposing of the device please follow your local regulations for the safe disposal of electronic
55. retrieve the correct local time from the NTP server you have specified Your ISP may provide an NTP server for you to use Time Zone Parameters status Quick Start Time Zone C Enable Disable Configuration 7 n Local Time Zone GMT Time GMT 07 00 Mountain Time US amp Canada LAN a 0 0 0 0 WAN NTP Server Address A m Daylight Saving I Automatic System 2 iiid i Resync Period fiaao minutes Time Zone ze Y Dual WAN Remote Access E Fi rm w are Up g f ade Backup Restore Restart i Syster m Lo g Se Ive ro E Mail Alert Firewall YPN Apply Cancel doS Virtual Server Advanced Save Config to Flash 97 Time Zone Select Enable or Disable this function Local Time Zone GMT Time Please select the time zone that belongs to your area NTP Server Address Please input the NTP server address you would like to use Daylight Saving To have BiGuard 30 automatically adjust for Daylight Savings Time please check the Automatic checkbox Resync Period Please input the resync circle of time zone update Click Apply to apply the rule Click Cancel to discard the changes 4 4 4 2 Remote Access To allow remote users to configure and manage BiGuard 30 through the Internet select the Enable radio button To deactivate remote access select the Disable radio button This function also enables you to grant access from any PC or from a specific IP address Click Apply to save your settings
56. this user name and password for the following users weve this user name ang password Tor the TOHOWIN g users Me only 2 Anyone who uses this computer Connect Cancel Properties Help BiGuard30 Virtual Private Network Disconnected PS You can also refer the Properties gt Security page as below by default BIG iard i Propertie x E General Options Security Networking Advanced Typical recommended settings Validate my identity as follows Require secured password C Automatically use my Windows logon name and password and domain if any Require data encryption disconnect if none Advanced custom settings IPSec Settings OK Cancel 206 H 13 PPTP Remote Access by BiGuard Headquarter Branch Office 200 200 200 1 Internet 100 100 100 1 inet a9 pmi i gt gt gt BiGuard amp PPTP Server Local subnet 192 168 30 0 Local mask 255 255 255 0 gi BiGuard amp PPTP Client Stepi Go to Configuration gt VPN gt PPTP and Enable the PPTP function Disable the Encryption then Click Apply BILLION BiGuard 50 iBusiness Security Gateway SMB PPTP Status Quick Start uick Star Enable Disable Configuration LAN WAN aerate Gt HEN Dual WAN Only Stateless Start from 192 168 30 200 0 Min System Firewall VPN IPsec PPTP o5 Virtual Server Adva
57. to the input value the ID type will be auto defined as IP Address FQDN DNS or FQUN E mail Remote Network The subnet of the remote network Allows you to enter an IP address and netmask Back Back to the Previous page Next Go to the next page 3 LAN to Host BiGuard would like to establish an IPSec VPN tunnel with remote client software using Fixed Internet IP or domain name by using main mode IPSec Wizard Step 2 of 3 Remote Information Status Quick Start Remote Secure Gateway Address for Hostname Back Next Configuration WEIN IPSec IPSec Wizard IP sec Policy Ree dos Virtual Server save Contig ta Flash Secure Gateway Address or Domain Name The IP address or hostname of the 115 remote VPN device that is connected and establishes a VPN tunnel Back Back to the Previous page Next Go to the next page 4 LAN to Mobile Host BiGuard would like to establish an IPSec VPN tunnel with remote client software using Dynamic Internet IP by using aggressive mode IPSec Wizard Step 7 of 3 Remote Information Quick Start ee T Remote Indentifier E on T uratio n LAM Back Next VAR Dual WAN Status System Firewall PN IPSec IPSec Vizard IPSec Policy Save Contig to Flash Remote Identifier The Identifier of the remote gateway According to the input value the ID type will be auto defined as IP Address FQDN DNS or FQUN E mail Back Back to the Previous
58. trusted sites by clicking the bottom checkbox To edit the list of filtered domains click Details Domains Filtering tatus is Create Quick Start pS Domain Marne Configuration n Type Forbidden Domain LAN WAN Apply Dual WAN System Trusted Domain Table Firewall No Domain Packet Filter Forbidden Domain Table URL Filter Mao Domain LAN MAC Filter Block WWAN Request Intrusion Detection WPN mE Virtual Server save Config to Flash Enter a domain and select whether this domain is trusted or forbidden with the pull down menu Next click Apply Your new domain will be added to either the Trusted Domain or Forbidden Domain listing depending on which you selected previously Restrict URL Features Use this to disable certain web features Select the options you want Block Java Applet Block ActiveX Block Web proxy Block Cookie Block Surfing by IP Address and click Apply to save your changes You may also designate which IP addresses are to be excluded from these filters by adding them to the Exception List To do so click Add 108 Exception Mame Configuration He IP Address Candidates o l 0 if l o LAN WEN Apply Dual WAN Status Quick Start system Firevyall Packet Filter URL Filter LAN MAC Filter Blo ck VAN Req vest Intrus in n D etection VPN Qos Virtual Server Advanced save Config ta Flash Enter a name for the IP Address and then e
59. will be checked by the Firewall and NAT algorithms then passed to the DMZ host when a packet received does not use a port number used by any other Virtual Server entries Caution Such Local computer exposure to the Internet may face a variety of security risks Virtual Server Port Forwarding DMZ Status Quick Start Enable DMZ Function C Enable Disable ak ee DMZ IP Address Candidates f fo c fo LAN WAN Apply Dual WAN System Port Forwarding Table Firewall Application Protocol External IP External Port Internal IP Internal Port Create Virtual Server Advanced save Config to Flash Enable DMZ function Enable Activates your router s DMZ function Disable Default setting Disables the DMZ function DMZ IP Address Give a static IP address to the DMZ Host when the Enable radio button is selected Be aware this IP will be exposed to the WAN Internet Candidates You can also select the Candidates which are referred from the ARP 129 table for automatic input Select the Apply button to apply your changes 4 4 8 2 Port Forwarding Table Because NAT can act as a natural Internet firewall your router protects your network from being accessed by outside users as all incoming connection attempts will point to your router unless you specifically create Virtual Server entries to forward those ports to a PC on your network When your router needs to allow outside users to access i
60. your password PPTP Client IP Enter the PPTP Client IP provided by your ISP PPTP Client IP Netmask Enter the PPTP Client IP Netmask provided by your ISP 85 PPTP Client IP Gateway Enter the PPTP Client IP Gateway provided by your ISP PPTP Server IP Enter the PPTP Server IP provided by your ISP Connection Select whether the connection should Always Connect or Trigger on Demand If you want the router to establish a PPTP session when starting up and to automatically re establish the PPTP session when disconnected by the ISP select Always Connect If you want to establish a PPTP session only when there is a packet requesting access to the Internet i e when a program on your computer attempts to access the Internet select Trigger on Demand Idle Time Auto disconnect the router when there is no activity on the line for a predetermined period of time Select the idle time from the drop down menu Active if Trigger on Demand is selected IP Assigned by your ISP If your IP is dynamically assigned by your ISP select the Dynamic radio button If your IP assigns a static IP address select the Static radio button This will take you to another page for inputting the IP address information MAC Address If your ISP requires you to input a WAN Ethernet MAC check the checkbox and enter your MAC address in the blanks below Candidates You can also select the MAC address from the list in the Candidates DNS If your ISP requires you to manual
61. 0 Headquarter Local ID Type Subnet Local subnet 0 0 0 0 Local mask 0 0 0 0 Remote ID Type Subnet Remote subnet 192 168 4 0 Remote mask 255 255 255 0 Local ID Type Subnet Local subnet 192 168 3 0 Local mask 255 255 255 0 Remote ID Type Subnet Remote subnet 0 0 0 0 Remote mask 0 0 0 0 200 200 200 1 192 168 3 x eae i BiGuard 10 e235 BranchA ate BiGuard 10 mee Branch B ennd E lt i 192 168 4 x 201 201 201 1 Local ID Type Subnet Local subnet 192 168 4 0 Local mask 255 255 255 0 Remote ID Type Subnet Remote subnet 0 0 0 0 Remote mask 0 0 0 0 Step 1 Go to Configuration gt VPN gt IPSec gt IPSec Policy and configure the link from BiGuard 30 to BiGuard 10 Branch A A BILLION BiGuard 50 igusiness Security Gateway SMB test gt Status Quick Start Configuration LAN WAN Dual WAN System Firewall VPN IPSec IPSec Wizard IPSec Policy PREIE Qos Virtual Server save Config to Flash IP Address Enabled Disabled WANT WAN2 C Auto D D D D 255 ho mM mn ho mn mn Data fsa a Sf f Pp fp Nema a Main Mode Aggressive Mode Manual Key ESP AH 3DES S MD5 Enabled Disabled pasera 28800 Seconds 3600 Seconds C Enabled Disabled J ed SAVE CONFIG RESTART Eolciolthi A AAAA
62. 0 To 21 2 2 5 Priority Bandwidth Utilization Assigning priority to a certain service allows BiGuard 30 to give either a higher or lower priority to traffic from this particular service Assigning a higher priority to an application ensures that it is processed ahead of applications with a lower priority and vice versa Quality of Service Add QoS Rule Interface WAN Outbound Application Guaranteed of Maximum Priority DSCP Marking Address Type Bandwidth Type source IP Address Range Destination IP Address Range Protocol source Port Range Helper From no To 65535 Ho 65535 _ Destination Port Range Helper From To DSCP schedule Candidates Apply 2 2 6 Management by IP or MAC address BiGuard 30 can also be configured to apply traffic policies based on a particular IP or MAC address This allows you to quickly assign different traffic policies to a specific computer on the network Quality of Service Add QoS Rule Interface WAN Outbound Application Guaranteed of Maximum a Priority DSCP Marking Address Type IP Address MAC Address Bandwidth Type Shared Bandwidth Bandwidth per Source IP Address Source IP Address Range Fram To Destination IP Address Range Fram To Protocol source Port Range Helper Destination Port Range Helper DSCcP Schedule Candidates Apply 2 2 7 DiffServ DSCP Marking DiffServ a k a DSCP Marking allows you to classify traffic based o
63. 1 Overview BiGuard 30 is designed to be a powerful and flexible network device that is also easy to use With an intuitive web based configuration BiGuard 30 allows you to administer your network via virtually any Java enabled web browser and is fully compatible with Linux Mac OS and Windows 98 Me NT 2000 XP operating systems The following chapter takes you through the very first steps to configuring your network for BiGuard 30 Take a look and see how easy it is to get your network up and running 3 2 Before You Begin BiGuard 30 is a flexible and powerful networking device To simplify the configuration process and increase the efficiency of your network consider the following items before setting up your network for the first time 1 Plan your network Decide whether you are going to use one or both WAN ports For one WAN port you may need a fully qualified domain name either for convenience or if you have a dynamic IP address If you are going to use both WAN ports determine whether you are going to use them in fail over mode for increased network reliability or load balancing mode for maximum bandwidth efficiency See Chapter 2 Router Applications for more information 2 Set up your accounts Have access to the Internet and locate the Internet Service Provider ISP configuration information Each BiGuard 30 WAN port must be configured separately whether you are using a separate ISP for each WAN port or are having the
64. 30 is connected properly to your network it s time to configure your networked PCs for TCP IP networking In order for your networked PCs to communicate with your router they must have the following characteristics 1 Have a properly installed and functioning Ethernet Network Interface Card NIC 2 Be connected to BiGuard 30 either directly or through an external repeater hub via an Ethernet cable 3 Have TCP IP installed and configured with an IP address The IP address for each PC may be a fixed IP address or one that is obtained from a DHCP server If using a fixed IP address it is important to remember that it must be in the same subnet as the router The default IP address of BiGuard 30 is 192 168 1 254 with a subnet mask of 255 255 255 0 Using the default configuration networked PCs must reside in the same subnet and have an IP address in the range of 192 168 1 1 to 192 168 1 253 However you ll find that the quickest and easiest way to configure the IP addresses for your PCs is to obtain the IP addresses automatically by using the router as a DHCP server If you are unable to access the web configuration interface check to see if you have any software based firewalls installed on your PCs as they can cause problems accessing the 192 168 1 254 IP address of BiGuard 30 The following sections outline how to set up your PCs for TCP IP networking Refer to the applicable section for your PC s operating system 3 4
65. 5 Enabled Disabled 12345678 28800 Seconds 3600 Seconds C Enabled Disabled Ji gt Le SAVE CONFIG RESTART meolclo thy 197 Step 4 Go to Configuration gt VPN gt IPSec gt IPSec Policy and configure the connection from BiGuard 10 Branch B to BiGuard 30 Y snow Status Quick Start Configuration LAN WAN Dual WAN System Firewall YPN IPSec IPSec Wizard IPSec Policy Hee Qos Virtual Server Advanced Save Config to Flash BiGuard 50 igusiness Security Gateway SMB test2 Enabled Disabled WANT C WAN2 Auto Ii Subnet IP Address 7 Data fion 100 1001 PAd ess gt gt gt fb as E E E IP Address Hostname E Data M o 201 2011 IP Address e Netmask I 1 N ag nn No mn an Main Mode Aggressive Mode Manual Key ESP AH toe Ji nf Enabled Disabled fizaa5e78 28800 Seconds 3600 Seconds C Enabled Disabled Hl kea SAVE CONFIG RESTART Eelcieithi Step 5 Click Save Config to save all changes to flash memory H 10 Protocol Binding Step 1 Go to Configuration gt Dual WAN gt General Settings Select the Load Balancing radio button Y BHION Status Quick Start Configuration LAN WAN Dual WAN General Setting Outbound Load Balance Inbound Load Balance Protocol Binding system Firewall VPN Qos Virtual Server save Config to Flash BiGuard 50 iBusiness security Gateway SMB
66. AN1 and WAN2 are properly configured according to the settings provided by your ISP If not please refer to Chapter 4 2 2 1 ISP Settings for details on how to configure your WAN ports Step 1 Go to Configuration gt Dual WAN gt General Settings Select the Fail Over radio button and configure your fail over policy A BILLION BiGuar d 50 iBusiness Security Gateway SMB General Setting Dual WAN Mode Quick Start Mode Loat alance Fail Over Configuration WAN Port Service Detection Policy Service Detection for load balance Enable Tot in service when probing failed after B constxutive Dual WAN Connectivity Decision General Settin ener e pearing ASES robe Cycle Every seconds 9 Probe Cycl 30 Outbound Load Balance C Gat ateway Inbound Load Balance Probe WAN a Host 168 fos fis2 I Protocol Binding Pen c ateway EE Probe WAN2 Pied Host he fs f fi eee Failback to WAN1 when C Enable possible me for failover Virtual Server Apply Ady anced save Config to Flash Step 2 Go to Configuration gt Dual WAN gt Inbound Load Balance Select the 181 Enable radio button and configure DNS Server 1 by clicking Edit A Bulins BiGuard SO iBusiness Security Gateway SME Powering communications SELIO N wih Security Status Quick Start Q e Configuration LAN WAN Dual WAN General Setting Outbound Load Balance Inbound Load Balance Protocol Binding s y stem
67. BILLION BiGuard 30 iBusiness Security Gateway SMB BILLION EUETE L Bey d Giniress Security Galeway User s Manual Version Release 7 01 FW 1 06p BiGuard 30 User s Manual Updated March 28 2007 Copyright Information 2007 Billion Electric Corporation Ltd The contents of this publication may not be reproduced in whole or in part transcribed stored translated or transmitted in any form or any means without the prior written consent of Billion Electric Corporation Published by Billion Electric Corporation All rights reserved Disclaimer Billion does not assume any liability arising out of the application of use of any products or software described herein Neither does it convey any license under its patent rights nor the patent rights of others Billion reserves the right to make changes in any products described herein without notice This publication is subject to change without notice Trademarks Mac OS is a registered trademark of Apple Computer Inc Windows 98 Windows NT Windows 2000 Windows Me and Windows XP are registered trademarks of Microsoft Corporation Safety Warnings Your BiGuard 30 is built for reliability and long service life For your safety be sure to read and follow the following safety warnings Read this installation guide thoroughly before attempting to set up your BiGuard 30 Your BiGuard 30 is a complex electronic device DO NOT open or attempt to
68. Connection Status a x General Connection Statue Connected Duration 4 days 21 19 24 Speed 100 0 Mbps Activity im Sent aa Recerved Packets 432 400 1 553 647 i Disable 5 Select Internet Protocol TCP IP and click Properties Local Area Connection Properties 2 X General Sharing Connect using SCom EtherLink sL 10 100 PCl For Complete PC Manage Components checked are used by this connection 3 File and Printer Sharing for Micrasott Networks Y Network Monitor Driver Intemet Protocol TCP IP r H Install Uninstall Properties Description Transmission Control Protocollnternet Protocol The default Wide area network protocol that provides communication across diverse interconnected networks M Show icon in taskbar when connected 44 6a To have your PC obtain an IP address automatically select the Obtain an IP address automatically and Obtain DNS server address automatically radio buttons Internet Protocol TCP IP Properties 2 _ General You can get F settings assigned automatically if pour network supporta this capability Dthenwise pou need to ask pour network administrator for the appropriate IP settings Obtain an IP address automatically Use the following IF address IP address Subnet mask Default gateway Use the following ONS server addresses Prefered DHS ser
69. DNS server The DNS server will reply 200 200 200 1 because this is the only active WAN port Should WAN1 fail BiGuard 30 will instead reply with WAN2 s IP address 100 100 100 1 and the remote PC will gain access to the network via WAN2 By configuring BiGuard 30 for DNS Inbound Fail Over incoming requests will enjoy increased reliability when accessing your network Please refer to appendix H for example settings 2 5 2 DNS Inbound Load Balancing DNS Inbound Load Balancing allows BiGuard 30 to intelligently manage inbound traffic based on the amount of load of each WAN connection by assigning the IP address with the lowest traffic load to incoming requests 2 Authoritative Domain Name Server NS Reauest 192 168 2 2 200 200 200 1 a www mydomain com DNS Repl FTP i WAN 192 168 2 3 Built in DNS 100 100 100 1 200 200 200 1 Heavy load on WAN 2 200 200 200 1 HTTP 192 168 2 2 iene Reauest ETP www mydomain com a WAN DNS Repl 192 168 2 3 Built in DNS HTTP la In the above example an FTP server IP_192 168 2 2 and an HTTP server 100 100 100 1 100 100 100 1 Heavy load on WAN 1 IP_192 168 2 3 are connected to the Internet via WAN1 IP_200 200 200 1 and WAN2 IP_100 100 100 1 on BiGuard 30 Remote PCs are attempting to access the servers via the Internet by making a DNS request entering a URL www mydomain com Using a load balancing algorithm BiGuard 30 can d
70. Disabled PreShared Key 12345678 IKE Life Time 28800 Seconds Key Life Time 3600 Seconds Netbios Broadcast C Enabled Disabled SAVE CONFIG RESTART Eoelcielthi Step 4 Click Save Config to save all changes to flash memory To configure BiGuard 10 gateway refer to the screenshot below Y Snu Connection Name BiGuard 10 iBusiness Security Gateway Smail Office biguard Tunnel Enabled Disabled Status peal Eaa ID IP Address gt Data 200 200 2001 SUE P Address fis2 he B fo 7 Network Subnet ree b o b poo Netmask 55 55 55 oC Remote ERA Secure Gateway IP Address Hostname Data biguard billion com D FON ON Data iguard bilion com IPSec IP Address h2 he p Do Pec Wizard Network a a e eo IPSec Policy Netmask 255 255 265 fo PPTP Proposal QoS Secure Association Main Mode Aggressive Mode Manual Key Virtual Server Method ESP AH Advanced Encryption Protocol 3DES_ gt Save Config to Flash Authentication Protocol MD5 gt Perfect Forward Secure Enabled Disabled PreShared Key 12345678 IKE Life Time 28800 Seconds Key Life Time 3600 Seconds Netbios Broadcast Annlw Enabled Disabled 195 SAVE CONFIG RESTART Eelcielthi gt a gt i H 9 VPN Concentrator Local ID Type Subnet Local subnet 0 0 0 0 Local mask 0 0 0 0 Remote ID Type Subnet Remote subnet 192 168 3 0 Remote mask 255 255 255 0 192 168 2 x i BiGuard 3
71. Enabled Group 2 1 3600 seconds 28800 seconds Type Type Type Type Type IP Address Subnet Dynamic IP IP Address Remote Secure Gateway After your configuration is done you will see a Configuration Summary Back Back to the Previous page Done Click Done to apply the rule 117 4 4 6 1 2 IPSec Policy Status Guick Start Mame Enable Local Network Remote Network Remote Gateway IPSec Proposal Configuration LAN Create WAM Dual VAN J System 7 Firewall VPN IPSec IPSec Wizard IPSec Polic y PPTP Clos Virtual Server save Config to Flash Click Create to create a new IPSec VPN connection account Configuring a New VPN Connection 118 IPSec Create Connection Name fo Tunnel f Enabled Disabled Interface WANT WAN C Auto Local ID IP Address Data IP Address End IP Any Local Address eee Metmask Remote secure Gateway IP Address Hostname Data ID IP Address Data IP Address End IF Metwork Subnet Renee Netmask Proposal secure Association Main Mode C Aggressive Mode C Manual Key Method f ESP AH Encryption Protocal 3DES Authentication Protocol MDS Perfect Forward Secure Enabled Disabled Preshared Key IKE Life Time 20000 Seconds Key Life Time B00 seconds Netbias Broadcast C Enabled Disabled DPD Setting DPD Function C Enabled Disabled Detection Interval fso seconds Idle Timeout fa consecutive ti
72. Go to Configuration gt Dual WAN gt General Settings Select the Load Balance radio button E J cat iB ines b j SME Powering communications 4 with Security Quick Start WAN Port Service Detection Policy LAN sue iene ee Probe Cycle Every B0 seconds a EEO Coad Baines Inbound Load Balance i o PE P P Gateway O System EE eee O irewa VPN z Wa SS SSS Advanced Save Config to Flash SAVECONFIG W RESTART OGOUT 176 Powe ring communicotons with Security Step 4 Go to Configuration gt Dual WAN gt Outbound Load Balance Choose the Load Balance mechanism you want and click Apply A Billion BiGuard 50 iBusiness Security Gateway SMB Dual Wan Outbound Load Balance Status Quick Start C Balance by Session Round Robin Configuration aa Balance by Session weight of link capacity AN Based on session mechanism C Balance by Session weight WAN Load Balance Policy C Balance by Traffic weight of link capacity Dual WAN Balance by Traffic weight Hl General Setting Balance by weight of link capacity Outbound Load Balance C Based on IP address hash mechanism C Balance by weight Inbound Load Balance Protocol Binding Apply system Firewall VPN QoS Virtual Server Advanced Save Config to Flash SAVE CONFIG RESTART iMeolclol ths Step 5 Complete To check traffic statistics go to Status gt Traffic Statistics A BILLION
73. IP Alias 4 4 3 Dual WAN In this section you can setup the fail over or load balance function outbound load balance or inbound load balance function or setup specific protocol to bind with specific WAN port In this menu are the following sections General Settings Outbound Load Balance Inbound Load Balance and Protocol Binding 4 4 3 1 General Settings 89 General Setting Dual WAN Mode eee Mode Load Balance Fail Over cha WAN Port Service Detection Policy LAN Senice Detection YAN for load balance Status Quick Start Enable Disable Mot in sevice when probing failed after 2 consecutive times General Setting ___________ Probe Cycle Every fo seconds Outbound Load Balance Dual VWWAN Connectivity Decision Gateway Inbound Load Balance Probe WAN i Host o fo i fo Protoca Binding m Satine WANE Gateway System rope i Host p bP bP pP EE Failback to WANT when ere PN possible for failover Disable Bos Virtual Server Apply save Contig ta Flash Mode You can select Load Balance or Fail Over Service Detection Enables or disables the service detection feature For fail over the service detection function is enabled For load balance user is able to enable or disable it Connectivity Decision Establishes the number of times probing the connection has to fail before the connection is judged as failed Probe Cycle The number of seconds
74. ISP does not use DHCP select the correct connection method and configure the connection accordingly Configurable items will vary depending on the connection method selected 4 4 2 1 1 DHCP WANT DHCP Giuick Start aa ad Connection Method Obtain an IF Address Automatically Configuration Host Name LAN MAC Address l Your ISP requires you to input WAN Ethernet MAC IAA pee MAC Address 00 po foo foo fon lf ISP Settings Status Your ISP requires you to manually setup DNS settings Bandwidth Settings Tna aaea ae Primary DNS lo ii p i eee dies secondary DNS poo poo fo ob Dual WAN RIP Disable RIP2B C RIP 2M System ae ih ee a MTU 1500 Firewall Network Address SPN Translation oS Apply Feset Virtual Server Enable Disable save Config ta Flash Host Name Some ISPs authenticate logins using this field MAC Address If your ISP requires you to input a WAN Ethernet MAC check the checkbox and enter your MAC address in the blanks below Candidates You can also select the MAC address from the list in the Candidates DNS If your ISP requires you to manually setup DNS settings check the checkbox 82 and enter your primary and secondary DNS RIP To activate RIP select Send Receive or Both from the drop down menu To disable RIP select Disable from the drop down menu MTU Enter the Maximum Transmission Unit MTU for your network Network Address Translation Enabl
75. NOTE When enabling remote access please make sure to change the default administration password for security reason Remote Access Remote Access Function Action C Enable Disable ites ort 443 Status Quick Start Configuration LAN WAN This setting will become effective after you save to flash and restart the router Dual WAN Apply System Remote Access Table E No IP Address Time Zone R e mote A ec ess Firmware Upgrade Create Backup Restore Restart Password system Log Server E Mail Alert Virtual Server Advanced Save Config to Flash Action Select Enable or Disable remote access function HTTPS Port Please input the remote access HTTPS port you would like to use default is 443 Click Apply to apply your settings Click Create to add a Remote Access Table to specify the allowed remote access addresses 98 Remote Access Status Quick Start Everyone Change default password Configuration C only this PC r ri BE za Allow Remote Access By PC from this subnet Dual VY AN rT rr rl System Time Zone Apply Remote Access Firmware Upgrade Backup Restore Restart Password System Log Server E Mail Alert Firewall YPN QoS Virtual Server save Config to Flash Allow Remote Access By Everyone Please check if you allow any IP addresses for the remote user to access Only the PC Please specify the IP Address that is allowed to access PC from th
76. Neighborhood Windows Update Programs Favorites Documents Control Panel rinters askbar amp Start Menu Folder Options oe E I Active Desktop Windows Update Log Oft Mull Shut Down BEAR 3 15PM 2 Double click the Network icon The Network window displays a list of installed components 48 EJ Control Panel aons ana Ea Control Panel Add Add Remove DateTime Game Hardware Programs Themes Controllers Control Panel ee aetiore ho d AGTE Interet Keyboard Modems Mouse Multimedia NVIDIA miem and software Options Desktop Ma Microsoft Home DP as e Qe E Technical Support ODBC Data Passwords Fower Printers Regional Sound Effect Sounds Sources 32bit Management Settings Manager E System Telephony Users ee Client for Microsott Networks Microsoft Family Logori ARSL Company ADSL USE Modem y ASUSTeK Broadcom 440 10 700 Integrated Controller Dial Up Adapter Hiem ortho rel CITE Es Microgott Family Logon You must have the following installed 49 Powering commun ih wit Getin r ity An Ethernet adapter TCP IP protocol Client for Microsoft Networks If you need to install a new Ethernet adapter follow these steps a Click Add Hl Client for Microsoft Networks Microsoft Family Logon 405L Company ADSL USB Modern ASUS TekBroadcom 440 107 100 Integrated Controller ff Dial Up Adapter Stearn Microsoft Family Logon b
77. P Table IPSec Status PPTP Status Traffic Statistics Quick Start Configuration Save Config to Flash Refiesh Clear Log Send Log Save Log Refresh Refresh the IPSec Log Clear Log Clear the IPSec Log Send Log Send IPSec Log to your email account You can set the email address in Configuration gt System gt Email Alert See the Email Alert section for more details Please refer to Appendix F I PSec Log Events for more information on log events 4 3 Quick Start The Quick Start menu allows you to quickly configure your network for Internet access using the most basic settings Connection Method Select your router s connection to the Internet Selections include Obtain an IP Address Automatically Static I P Settings PPPoE Settings PPTP Settings and Big Pond Settings 4 3 1 DHCP The following is information regarding your ISP that you will need to enter in order to properly configure your Internet connection If you select to Obtain an IP Address Automatically these will be automatically set for you provided that your ISP dynamically assigns an IP address Quick Start WAN1 Status DHCP Quick Start z Connection Method Obtain an IP Address Automatically gt Quick Start VWWAN1 Host Name Quick Start WWAN2 Configuration Apply Reset Save Co nfig to Flash 73 4 3 2 Static IP Quick Start WAN1 Static IP Status Quick Start Quick Start WAN1 Quick Start WAN2
78. P for WAN2 s inbound traffic 125 Creating a New QoS Rule To get started using QoS you will need to establish QoS rules These rules tell BiGuard 30 how to handle both incoming and outgoing traffic The following example shows you how to configure WAN1 Outbound QoS Configuring the other traffic types follows the same process To make a new rule click Rule Table This will bring you to the Rule Table which displays the rules currently in effect Quality of Service Status WAH1 Outbound QoS Rule Table total 0 rules used maximum 50 rules Cluick Start Application Guaranteed Maximum Priority Non Assigned Bandwidth Ratio 100 0 kbps Create Configuration LAN AN Dual WAN system Firewall PH 05 Virtual Server Advanced save Config to Flash Next click Create to open the QoS Rule Configuration window 126 Quality of Service Add QoS Rule Status Quick Start Interface WANI Outbound Configuration LAN WAN Dual WAM Application Guaranteed Maximum l Friority 3 Normal Y System DE DSCP Marking Disable Firevyall Address Type IF Address MAC Address i ee es Bandwidth Type Shared Bandwidth Bandwidth per Source IP Address ae Source P Address Range From booo lt To 255 255 255 255 CAE Destination IP Address Range From pooo lt To 255 255 255 255 E Protocol Any gt See cu AE source Port Range Helper From i fi Destinat
79. PCs is limited Instead BiGuard 30 uses a type of address sharing called Network Address Translation to grant Internet access to several PCs on the same network through the Same Internet account This method translates internal IP addresses to a single address that is unique on the Internet This unique address can either be fixed or dynamic depending on the type of Internet account and the internal LAN IP addresses may also be either private or registered addresses NAT also offers firewall like protection to your network since internal LAN addresses are shielded from the public Internet All incoming traffic to the public IP address is handled by the router which means added security for your network from intruders If a particular PC on your LAN requires access from outside PCs you can use port forwarding to accomplish this For information on how to configure port forwarding on BiGuard 30 refer to the Virtual Server section of Chapter 4 Router Configuration D 1 3 Dynamic Host Configuration Protocol DHCP If the PCs on a LAN require access to the Internet each PC must be configured with an IP address a gateway address and one or more DNS server addresses Rather than configuring each PC manually you can instead configure a network device to act as a Dynamic Host Configuration Protocol DHCP server PCs on the network can automatically obtain IP addresses from a list of addresses stored on the DHCP server In addition other info
80. Public WAN1 MAC Address Public WAN2 MAC Address Firmware Version Home URL LAN IP Address Save Config to Flash Netmask DHCP Serer WAN1 Connection Method IP Address Netmask Gateway DNS Up Time WAN2 Connection Method IP Address Klatmsaale BiGuard30 2 17 6 25 day hour min sec Load Balance only WAN1 is active Thu Aug 4 05 06 10 2005 00 04 ed aa bb de 00 04 ed aa bb df 00 11 22 33 44 57 1 06p Billion Electric Co Ltd 192 168 1 254 255 255 255 0 Enabled Connect by not connected No Link If the Web Configuration Interface appears congratulations You are now ready to configure your BiGuard 30 If you are having trouble accessing the interface please refer to Chapter 5 Troubleshooting for possible resolutions 65 Chapter 4 Router Configuration 4 1 Overview The Web Configuration Interface makes it easy for you to manage your network via any PC connected to it On the Web Configuration homepage you will see the navigation pane located on the left hand side From it you will be able to select various options used to configure your router M BILLION BiGuard 50 jgusiness Security Gateway SMB Status Status 5 A Device Information Quick Start Device Name BiGuard30 Configuration System Up Time 2 17 6 25 day hour min sec Log amp E mail Alert gt 3 Failover Status Load Balance only WAN1 is active S fig to Flash ave Con g to Flas Current Timeo Thu Aug
81. TP Account Guick Start a el Connection Mame Configuration Tunnel Enable Disable Status LAN WAN Usermame Password Dual VAN Retype Password Connection Type Remote Access LAN to LAN Peer Network IP System Firewall VPN L l Peer Metmask IPSec PPTP es S O Apply Virtual Server Metbios Broadcast Enable Disable cave Config ta Flash Connection Name A user defined name for the connection Tunnel Select Enable to activate this tunnel Select Disable to deactivate this tunnel Username Please input the username for this account Password Please input the password for this account Retype Password Please repeat the same password as previous field Connection Type Select Remote Access for single user Select LAN to LAN for remote gateway Peer Network IP Please input the IP for remote network Peer Netmask Please input the Netmask for remote network Netbios Broadcast Allows BiGuard to send local Netbios Broadcast packets through the PPTP Tunnel please select Enable or Disable 4 4 7 Qos BiGuard 30 can optimize your bandwidth by assigning priority to both inbound and outbound data with QoS This menu allows you to configure QoS for both inbound and outbound traffic 124 Quality of Service WAN 1 Outbound oS function C Enable Disable Rule Table Max ISP Bandwidth kbps Bandwidth Settings WAH 1 Inbound oS function C Enable Disable Rule Table Max ISP B
82. WAN menu contains two items ISP Settings Bandwidth Settings and WAN IP Alias 4 4 2 1 ISP Settings ISP Settings WAN Service Table Quick Start a a M Name Description Configuration WANT DHCP WANZ2 DHCP Status LAN ISP Settings WAN IP Alias Dual VWWAN System Firewall YPN QoS Virtual Server Advanced save Config to Flash This WAN Service Table displays the different WAN connections that are configured on BiGuard 30 To edit any of these connections click Edit You will be taken to the following menu 81 WANT DHCP Quick Start iE aoa a ee Connection Method Obtain an IF Address Automatically Bea Host Name Obtain an IP Address Automatically LAN static IP Settings MAC Address PPPoE Settings Ethernet MAC sale Candidates PPTP Settings ISP Settings o Big Pond Settings Jo foo fon Status Your ISP requires you to manually setup DNS settings DNS Primary DNS Bandwidth Settings Dual WAN secondary DNS Joa WAS SS RIP Disable RIP 2B C BIPM System k MTU fison Firewall Cele Network Address VPN Translation Enable Disable doS Dea a a MMN Apply Reset Virtual Server ee ian Advanced Save Config to Flash Connection Method Select how your router will connect to the Internet Selections include Obtain an IP Address Automatically Static I P Settings PPPoE Settings PPTP Settings and Big Pond Settings For each WAN port the factory default is DHCP If your
83. a large number of nodes the free bits can be reassigned with subnet addressing Multiple Class C addresses can be made from a Class B address For example the IP address of 172 20 0 0 allows eight extra bits to use as a subnet address since node addresses are limited to a maximum of 255 The IP address of 172 20 52 212 would be read as IP network address 172 20 subnet number 52 and node number 212 Besides extending the number of available addresses this technique also allows a network manager to design an address scheme for the network by using different subnets This can be useful when trying to distinguish other geographical locations in the network or other departments in the organization D 1 1 3 Private P Addresses When isolated from the Internet the hosts on your local network may be assigned IP addresses with no conflicts However the Internet Assigned Numbers Authority IANA has reserved several blocks of IP addresses for private networks These include 10 0 0 0 10 255 255 255 172 16 0 0 172 16 255 255 192 168 0 0 192 168 255 255 When assigning IP addresses to your private network be sure to use IP addresses 154 from these ranges D 1 2 Network Address Translation NAT Traditionally multiple PCs that needed simultaneous Internet access also required a range of IP addresses from the Internet Service Provider ISP Not only was this method very costly but the number of available IP addresses for
84. al Server 4 4 8 1 DMZ 4 4 8 2 Port Forwarding Table Advanced 4 4 9 1 Static Route 4 4 9 2 Dynamic DNS 4 4 9 3 Device Management 4 4 9 4 IGMP 4 4 9 5 VLAN Bridge Save Configuration To Flash Logout Chapter 5 Troubleshooting Basic Functionality 5 1 1 5 1 2 5 1 3 5 1 4 Router Won t Turn On LEDs Never Turn Off LAN or I nternet Port Not On Forgot My Password LAN I nterface 5 2 1 5 2 2 5 2 3 Can t Access Router from the LAN Can t Ping Any PC on the LAN Can t Access Web Configuration I nterface 5 2 3 1 Pop up Windows 5 2 3 2 Javascripts 5 3 5 4 5 5 5 6 5 2 3 3 Java Permissions WAN Interface 5 3 1 Can t Get WAN IP Address from the ISP ISP Connection Problems with Date and Time Restoring Factory Defaults Appendix A Product Specifications Appendix B Customer Support Appendix C FCC Interference Statement Appendix D Network Routing and Firewall Basics D 1 Network Basics D 2 D 3 E 1 D 1 1 IP Addresses D 1 1 1 Netmask D 1 1 2 Subnet Addressing D 1 1 3 Private IP Addresses D 1 2 Network Address Translation NAT D 1 3 Dynamic Host Configuration Protocol DHCP Router Basics D 2 1 Why use a Router D 2 2 What is a Router D 2 3 Routing Information Protocol RIP Firewall Basics D 3 1 What is a Firewall D 3 2 1 Stateful Packet Inspection D 3 2 2 Denial of Service DoS Attack D 3 2 Why Use a Firewall Appendix E Virtual Private Networking What is a VPN E 1 1 VPN A
85. anagement IGMP VLAN Bridge Schedule Save Config to Flash 9 VLAN Mode Select Disable to disable VLAN mode select Bridge Mode to use VLAN Bridge function and select Tagging Mode to use the VLAN Tagging mode option Click Create to create another VLAN group Create VLAN _______ Parameters Liuick Start SS VLAN Mame WLAN ID if 2 4000 Configuration F a Tagged Member Partis MOWANI DT WAN D P1 r P27 P3 Ppa fps 7 Per pT Pe 2 Untagged Member Pats D WANI D WAN D P1 D P2 D Pa T Pa r Ps 0 Pe TP Pe WAN Cancel Return Dual WAN Status system Firewall PN G05 Virtual Server static Route Dynamic DNS Device Management IGMP VLAN Bridge save Config to Flash VLAN Name Please input VLAN name of this rule VLAN ID Please input VLAN ID that will be used for Tagged member port s 137 Tagged Member port s Please check the interface that you would like to use in this VLAN ID group Untagged Member port s Please check the interface that you would like to use in this VLAN ID group Click Apply to add this rule 4 5 Save Configuration To Flash After changing the router s configuration settings you must save all of the configuration parameters to flash memory to avoid them being lost after turning off or resetting your router Click Apply to write your new configuration to flash memory Save Config to Flash Please confirm that you wish to save the configuration Status Guick St
86. and services into the current widely deployed easy to use and low cost dial up access networking infrastructure PPTP If your ISP provides a PPTP connection you can use the PPTP protocol to establish a connection to your ISP Big Pond The Big Pond login for Telstra cable in Australia If your account uses PPP over Ethernet PPPoE you will need to enter your login name and password when configuring your BiGuard 30 After the network and firewall are configured BiGuard 30 will login automatically and you will no longer need to run the login program from your PC 3 6 2 Configuration Information If your ISP does not dynamically assign configuration information but instead uses fixed configurations you will need the following basic information from your ISP An IP address and subnet mask A gateway IP address One or more domain name server DNS IP addresses Depending on your ISP a host name and domain suffix may also be provided If any of these items are dynamically supplied by the ISP your BiGuard 30 will automatically acquire them 60 If an ISP technician configured your computer or if you configured it using instructions provided by your ISP you need to copy the configuration information from your PC s Network TCP IP Properties window before reconfiguring your computer for use with BiGuard 30 The following sections describe how you can obtain this information 3 6 2 1 Windows This section uses ill
87. andwidth kbps Bandwidth Settings WAN Outbound QoS function Enable Disable Rule Table Max ISP Bandwidth kbps Bandwidth Settings WAN Inbound oS function C Enable Disable Rule Tabled Max ISP Bandwidth kbps Bandwidth Settings status Quick Start Configuration LAN WAN Dual WAN System Firewall VP Glos Virtual Server save Config to Flash The first menu screen gives you an overview of which WAN ports currently have QoS active and the bandwidth settings for each WAN1 Outbound QoS Function QoS status for WAN1 outbound Select Enable to activate QoS for WAN1 s outgoing traffic Select Disable to deactivate Max ISP Bandwidth The maximum bandwidth afforded by the ISP for WAN1 s outbound traffic WAN1 Inbound QoS Function QoS status for WAN1 inbound Select Enable to activate QoS for WAN i s incoming traffic Select Disable to deactivate Max ISP Bandwidth The maximum bandwidth afforded by the ISP for WAN1 s inbound traffic WAN2 Outbound QoS Function QoS Status for WAN2 outbound Select Enable to activate QoS for WAN2 s outgoing traffic Select Disable to deactivate Max ISP Bandwidth The maximum bandwidth afforded by the ISP for WAN2 s outbound traffic WAN2 Inbound QoS Function QoS Status for WAN2 inbound Select Enable to activate QoS for WAN2 s incoming traffic Select Disable to deactivate Max ISP Bandwidth The maximum bandwidth afforded by the IS
88. applied End I P Address Enter the End destination IP Address this filter rule is to be applied for IP Range only Netmask Enter the subnet mask of the above IP address Protocol Select the Transport protocol type Any TCP UDP Source Port Range Enter the source port number range If you only want to specify one service port then enter the same port number in both boxes Destination Port Range Enter the destination port number range If you only want to specify one service port then enter the same port number in both boxes Helper You could also select the application type you would like to apply for automatic input 4 4 5 2 URL Filter URL Filter Configuration URL Filtering C Enable Disable Keyword Filtering Enable Details Enable Details Status Guick Start Configuration LAN Wht AB Domains Filtering Disable all WEB traffic except for Trusted Domains Block Java Applet Block Activex Restrict URL Features T Block Web proxy Block Cookie l Block Surfing by IP Address Dual WAN system Firewall Packet Filter URL Filter LAN MAC Filter Poe Sere eee Opn Intrusion Detection Exception List PN Name IP Address Gos Create Virtual Server save Config ta Flash 106 The URL Filter is a powerful tool that can be used to limit access to certain URLs on the Internet You can block web sites based on keywords or even block out an entire domain Certain web features can also
89. ard 30 is turned on the LEDs turn on for about 10 seconds and then turn off If all the LEDs stay on there may be a hardware problem If all LEDs are still on one minute after powering up Cycle the power to see if the router recovers Clear the configuration to factory defaults If the error persists you may have a hardware problem and should contact technical support 5 1 3 LAN or Internet Port Not On If either the LAN LEDs or Internet LED do not light when the Ethernet connection is made check the following Make sure each Ethernet cable connection is secure at the firewall and at the hub 139 or workstation Make sure that power is turned on to the connected hub or workstation Be sure you are using the correct cable When connecting the firewall s Internet port to a cable or DSL modem use the cable that was supplied with the cable or DSL modem This cable could be a standard straight through Ethernet cable or an Ethernet crossover cable 5 1 4 Forgot My Password Try entering the default User Name and Password User Name admin Password admin Please note that both the User Name and Password are case sensitive If this fails you can restore your BiGuard 30 to its factory default settings by holding the Reset button on the back of your router until the Status LED begins to blink Then enter the default User Name and Password to access your router 5 2 LAN Interface Refer to this section for issue
90. art a e There wil be a delay while saving as configuration information is written to PLASA Chips Configuration save Contig ta Flash Apply 4 6 Logout To exit the router s web interface click Logout Please ensure that you have saved your configuration settings before you logout Be aware that the router is restricted to only one PC accessing the web configuration interface at a time Once a PC has logged into the web interface other PCs cannot gain access until the current PC has logged out If the previous PC forgets to logout the second PC can access the page after a user defined period 5 minutes by default You can modify this value using the Advanced gt Device Management section of the Web Configuration Interface Please see the Advanced section of this manual for more information 138 Chapter 5 Troubleshooting 5 1 Basic Functionality This section deals with issues regarding your BiGuard 30 s basic functions 5 1 1 Router Won t Turn On If the Power and other LEDs fail to light when your BiGuard 30 is turned on Make sure that the power cord is properly connected to your firewall and that the power supply adapter is properly connected to a functioning power outlet Check that you are using the 12VDC power adapter supplied by Billion for this product If the error persists you may have a hardware problem and should contact technical support 5 1 2 LEDs Never Turn Off When your BiGu
91. ave your changes Local Area Connection Properties General Authentication Advanced Connect using Be NVIDIA nForce Networking Controller This connection uses the following thems El Client for Microsott Networks File and Printer Sharing for Microsoft Metworks QoS Packet Scheduler ms Internet Protocol T CPP Install Uninstall Properties Description Transmission Control Protocollnternet Protocol The default Wide area network protocol that provides communication across diverse interconnected networks Show icon in notitication area when connected 64 3 7 Web Configuration Interface BiGuard 30 includes a Web Configuration Interface for easy administration via virtually any browser on your network To access this interface open your web browser enter the IP address of your router which by default is 192 168 1 254 and click Go A user name and password window prompt will appear Enter your user name and password the default user name and password are admin and admin to access the Web Configuration Interface Enter Network Password _ x a Please type your user name and passord Site 192 168 1254 Realm VWiehAdon User Name admin Password a Save this password in your password list orea Status Status Device Information Quick Start Device Name Configuration Log amp E mail Alert System Up Time Failover Status Current Time Private LAN MAC Address
92. be carried out in either one of two modes Main Mode or Aggressive Mode Main mode utilizes three message pairs that negotiate IKE parameters establish a shared secret and derive session keys and exchange and provide identities retroactively authenticating the information sent This method is very secure but when using the pre shared key method for authentication it is possible to use IDs other than the packets s IP addresses Aggressive mode reduces this process to three messages but parameter negotiation is limited identity protection is lacking except when using public key 164 encryption and is more vulnerable to Denial of Service attacks Phase II known as Quick Mode establishes symmetrical IPSec Security Associations for both AH and ESP It does this by negotiating IPSec parameters exchange nonces to derive session keys from the IKE shared secret exchange DH values to generate a new key and identify which traffic this SA bundle will protect using selectors IDi and IDr payloads The following is an illustration on how data is handled with IKE l Start Phase 1 Negotiate ISAKMP SA Mutual Authentication New IPSec tunnel or Rekeying Phase 2 Negotiate SAs For AH and ESP Protected Data Transfer 165 Appendix F IPSec Logs and Events F 1 IPSec Log Event Categories There are three major categories of IPSec Log Events for your BiGuard 30 These include 1 IKE Negotiate Packet Messages 2 Reject
93. below Then you can manage and prioritize the flow of bandwidth at different levels e g 30 for games 20 for downloads 10 for email 20 for FTP and 35 for others QoS can be used to identify different applications and assign priority to enable a smooth and responsive broadband connection 171 A G 4 2 Office Users QoS is also ideal for small businesses using an office server as a web server With QoS control web pages served to your customers can be given top priority and delivered first so that it will not be impeded by email and office web browsing Here is a good example of how QoS can work in an office environment A CEO is holding a videoconference with international clients in the meeting room However the streaming video and voice frequently lag Sales people are talking to international agencies via VoIP phone while sending orders via email to vendors for production However some staff are downloading MP3 music files large size photos and watching video streaming online Consequently the Internet connection slows down This is why business users need QoS to manage data traffic With QoS the network administrator can define and classify important packets specify a minimum guaranteed rate for each application and ensure that important packets have priority to ensure a good quality of broadband connection for the entire organization FTP oe High Download Normal 172 Appendix H Router Setup Examp
94. bound Fail Over allows you to ensure that outgoing traffic is uninterrupted by having BiGuard 30 default to WAN2 should WAN1 fail 21 230 100 100 1 1st Connection 192 168 2 2 213 10 10 2 In the above example PC 1 IP_192 168 2 2 and PC 2 IP_192 168 2 3 are connected to the Internet via WAN1 IP_230 100 100 1 on BiGuard 30 Should WAN 1 fail Outbound Fail Over tells BiGuard 30 to reroute outgoing traffic to WAN2 IP_213 10 10 2 Configuring your BiGuard 30 for Outbound Fail Over provides a more reliable connection for your outgoing traffic Please refer to appendix H for example settings 2 3 2 Outbound Load Balancing Outbound Load Balancing allows BiGuard 30 to intelligently manage outbound traffic based on the amount of load of each WAN connection 192 168 2 2 E 230 100 100 1 gt SEO 4 192 168 2 3 ISP 213 10 10 2 a d 4 i p 22 In the above example PC 1 IP_192 168 2 2 and PC 2 IP_192 168 2 3 are connected to the Internet via WAN1 IP_230 100 100 1 and WAN2 IP_213 10 10 2 on BiGuard 30 You can configure BiGuard 30 to balance the load of each WAN port with one of two mechanisms 1 Session by session by traffic weight of link capability 2 IP Hash by traffic weight of link capability The IP Hash mechanism will ensure that the traffic from the same source IP address and destination IP address will go through the same WAN port This is useful for some
95. c traffic can be passed each router must be able to verify the identity of its peer This can be done by manually entering the pre shared key into both sides router or hosts Connection Type There are 5 connection types 1 LAN to LAN BiGuard would like to establish an IPSec VPN tunnel with remote router using Fixed Internet IP or domain name by using main mode 113 IPSec Wizard Step 7 of 3 Remote Information Status Quick Start Remote Secure Gateway Address for Hostname Configuration IP Add ress LAN Remote Metwork Metmask WAT system Firewall VPN IPSec IPSec Wizard IPSec Polic y PPIE Glos Virtual Server save Config to Flash Secure Gateway Address or Domain Name The IP address or hostname of the remote VPN gateway Remote Network The subnet of the remote network Allows you to enter an IP address and netmask Back Back to the Previous page Next Go to the next page 2 LAN to Mobile LAN BiGuard would like to establish an IPSec VPN tunnel with remote router using Dynamic Internet IP by using aggressive mode 114 IPSec Wizard bast a Step 2 of 3 Remote Information ee Femote Indentifier Configuration AE EE SN IP Address if a fo fo LAM emote Networ Do a a a 0 fo fo fo Netmask Vl A M Back Next Firewall IPSec IPsec Vizard IPSec Polic y PPTF Virtual Server save Config to Flash Remote Identifier The Identifier of the remote gateway According
96. ceived Rx bytes and packets for WAN2 Display Allows you to change the units of measurement for the traffic graph 4 2 8 System Log This window displays BiGuard 30 s System Log entries Major events are logged on this window Status ARP Table Routing Table session Table DHCP Table IPSec Status PPTP Status Traffic Statistics system Log IPSec Log Quick Start Configuration Save Config to Flash System Log Aug 1 05 00 27 Aug 1 05 00 28 Aug 1 05 00 26 Aug 1 05 00 30 Aug 1 05 00 52 Aug 1 05 00 34 Aug 1 05 00 38 Aug 1 05 01 37 Aug 1 05 01 59 Aug 1 05 01 41 Aug 1 05 01 46 Aug 1 05 02 08 Initialize WAN for failover mode Switch active gateway to VWWAN1 Connecting to ISP for WANT DHCP client send discover DHCP client send discover DHCP client send discover DHCP fail to obtain lease DHCP client send discover DHCP client send discover DHCP client send discover DHCP fail to obtain lease Connecting to ISP for WWAN2 Refresh Clear Log Send Log Save Log Refresh Refresh the System Log Clear Log Clear the System Log Send Log Send the System Log to your email account You can set the email address in Configuration gt System gt Email Alert See the Email Alert section for more details 4 2 9 This page displays the router s IPSec Log entries Major events are logged to this window IPSec Log T2 IPSec Log Status ARP Table Routing Table session Table DHC
97. chars without an ending dot its name is then added with domain name and it becomes FQDN Primary Name Server The name assigned to the Primary Name Server e g aaa its FQDN is aaa abc com Admin Mail Box The administrator s email account e g admin abc com Serial Number It is the version number that keeps in the SOA record Refresh Interval The interval refreshes are done Denoted in seconds Retry Interval The interval retries are done Denoted in seconds Expiration Time The length of time that can elapse before the zone is no longer authoritative Denoted in seconds Minimum TTL The minimum time to live Denoted in seconds NS Record Name Server The name of the Primary Name Server MX Record Mail Exchanger The name of the mail server IP Address The mail server IP address Click Apply to save your changes 93 To edit the Host Mapping URL list click Edit This will open the Host Mapping URL table which lists the current Host Mapping URLs Host URL Mapping List List table Status a sa Host URL Domain Name Local IP Address Protocol Port Range Loantiguration Seq LAN VLAN Dual VAN General Setting Outbound Load Balance Protocal Binding System Firewall WPN Glos Virtual Server save Config to Flash To add a host mapping URL to the list click Create Host URL Mappings A Record Status Eire Start B in M amain Mame Host URL Private IP Address Candidates Configurati
98. cket Inspection SPI to protect your network from intrusions and attacks Unlike less sophisticated Internet sharing routers SPI ensures secure firewall filtering by intercepting incoming packets at the network layer and analyzing them for state related information that is associated with all network connections User level applications such as Web browsers and FTP can make complex network traffic patterns which BiGuard 30 analyzes by looking at groups of connection states All state information is stored in a central cache Traffic passing through the firewall is analyzed against these states and then is either allowed to pass through or rejected D 3 1 2 Denial of Service DoS Attack A hacker may be able to prevent your network from operating or communicating by launching a Denial of Service DoS attack The method used for such an attack can be as simple as merely flooding your site with more requests than it can handle A more sophisticated attack may attempt to exploit some weakness in the operating system used by your router or gateway Some operating systems can be disrupted by simply sending a packet with incorrect length information 157 D 3 2 Why Use a Firewall With a LAN connected to the Internet through a router there is a chance for hackers to access or disrupt your network A simple NAT router provides a basic level of protection by shielding your network from the outside Internet Still there are ways for more d
99. d for email and for sharing applications and files A firewall protects Intranets from unauthorized access Remote Access Remote access enables mobile workers to access email and business applications Remote access VPNs greatly reduce expenses by enabling mobile workers to dial a local Internet connection and then set up a secure IPSec based VPN communications to their organization E 2 What is IPSec Internet Protocol Security IPSec is a set of protocols and algorithms that provide 159 data authentication integrity and confidentiality as data is transferred across IP networks IPSec provides data security at the IP packet level and protects against possible security risks by protecting data IPSec is widely used to establish VPNs There are three major functions of IPSec Confidentiality Conceals data through encryption Integrity Ensures that contents did not change in transit Authentication Verifies that packets received are actually from the claimed sender E 2 1 IPSec Security Components IPSec contains three major components Authentication Header AH Provides authentication and integrity Encapsulating Security Payload ESP Provides confidentiality authentication and integrity Internet Key Exchange IKE Provides key management and Security Association SA management These components are discussed below E 2 1 1 Authentication Header AH The Authentication Header AH is a
100. d of time Select the idle time from the drop down menu Active if Trigger on Demand is selected Click Apply to save your changes To reset to defaults click Reset 4 3 5 Big Pond 75 Quick Start WAN1 Big Pond Connection Method Big Pond Settings Username Password Status Quick Start Quick Start WAN1 Quick Start WAN2 Configuration Retype Password Login server Save Config to Flash Username Enter your user name Password Enter your password Retype Password Retype your password Login Server Enter the IP of the Login server provided by your ISP Click Apply to save your changes To reset to defaults click Reset For detailed instructions on configuring WAN settings please refer to the WAN section of this chapter 4 4 Configuration The Configuration menu allows you to set many of the operating parameters of BiGuard 30 In this menu you will find the following sections LAN WAN Dual WAN System Firewall VPN QoS Virtual Server Advanced These items are described below in the following sections 76 Configuration Dual WAM System O Firewall PN Qos Virtual Server Agd z nce dd 4 4 1 LAN There are three items within this section Ethernet DHCP Server and LAN Address Mapping OLAN Ethernet DHCP Server LAN Ad f re s Mapping 4 4 1 1 Ethernet Status Quick Start IP Address Subnet Mask RIP Configuration LAN Ethernet
101. d press Next z s Network Connections Bac P S P Search n Folders Ez Address Network Connections Network Tasks New Connection Wizard J Create a new connection Set up a home or small Specify a name for this connection to your workplace office network Change Windows Firewall settings Type a name for this connection in the following box Company Name See Also BiGuard30 4 Network Troubleshooter For example you could type the name of your workplace or the name of a server you will connect to Other Places Control Panel My Network Places B My Documents 4 My Computer Details Network Connections System Folder E Network Connections a New Connection Wizard 204 Step10 Input PPTP Server Address and press Next SSeS s Network Connections Ry Bec P pP Search n Folders Ez Address Network Connections LAN or High Speed Internet sierra fo New Connection Wizard Create a new connection VPN Server Selection 2 Set up a home or small What is the name or address of the VPN server office network Change Windows Firewall settings Type the host name or Intemet Protocol IP address of the computer to which you are connecting Host name or IP address for example microsoft com or 157 54 0 1 100 100 100 1 See Also Network Troubleshooter Other Places G Control Panel E My Network Places 3 My Documents
102. ddress Subnet maszk Detault gateway Use the following ONS server addresses Preferred OWS server Alternate DWS server 5 Click OK to finish the configuration 38 3 4 2 2 Verifying Settings To verify your settings using a command prompt 1 Click Start gt Programs gt Accessories gt Command Prompt amp Set Program Access and Defaults a iS Windows Catalog th Windows Update Te A Documents gt 457 Settings j 2 Search gt Help and Support fj Run c Log OFF Benno Hong kg Turn OFF Computer k n Games Accessibility an Communications an Entertainment I System Tools J Address Book z Calculator i eTit Notepad W Paint Program Compatibility Wizard EStHINO 3S ailt ON Synchronize Tour Windows xP LQ Windows Explorer 4 Windows Movie Maker a WordPad fa M Camtasia Studio 2 lt gt b odec Pack gt b b b IM Realtek Sound Manager Startup amp Internet Explorer MSN Explorer i Outlook Express p Remote Assistance windows Media Player 2 Windows Messenger Microsoft Windows AP Uersion 5 1 2606 LC Copyright 1985 2081 Microsoft Corp C Documents and Settings Benno Hong ipconf ig If you are using BiGuard 30 s default settings your PC should have 39 An IP address between 192 168 1 1 and 192 168 1 253 A subnet mask of 255 255 255 0 Micr
103. ddress The Media Access Control MAC addresses for each device on your LAN Interface The interface name on the router that this IP address connects to Static Static status of the ARP table entry NO indicates dynamically generated ARP table entries YES indicates static ARP table entries added by the user 4 2 2 Routing Table The Routing Table displays the current path for transmitted packets Both static and dynamic routes are displayed Routing Table Routing Table Status ARP Table Rauting Table No Destination Netmask Gateway Intertace 1 192 168 1 0 255 255 255 0 0 0 0 0 LAN 2 192 168 1 0 255 255 255 0 0 0 0 0 WANT 3 0 0 0 0 0 0 0 0 192 169 1254 WAN session Table DHCP Table IPSec Status PPTP Status Traffic Statistics system Log IPSec Log Quick Start Configuration save Contig to Flash No Number of the list Destination The IP address of the destination network Netmask The destination netmask address Gateway Interface The IP address of the gateway or existing interface that this route will use Cost The number of hops counted as the cost of the route 68 4 2 3 Session Table The NAT Session Table displays a list of current sessions for both incoming and outgoing traffic with protocol type source IP source port destination IP and destination port each page shows 10 sessions Session Table Session Table Protocol From IP From Port Tee 192 168 1 25 1256 192 168 1 254 80
104. dle time from the drop down menu Active if Trigger on Demand is selected Click Apply to save your changes To reset to defaults click Reset 74 4 3 4 PPTP Quick Start WAN1 PPTP Connection Method PPTP Settings Username Status Quick Start Quick Start WAN Quick Start WAN Password Retype Password PPTP Client IP PPTP Client IP Netmask PPTP Client IP Gateway ji l PPTP Server IF 0 Configuration Save Config to Flash Connection Always Connect h Idle Time Username Enter your user name Password Enter your password Retype Password Retype your password PPTP Client IP Enter the PPTP Client IP provided by your ISP PPTP Client IP Netmask Enter the PPTP Client IP Netmask provided by your ISP PPTP Client IP Gateway Enter the PPTP Client IP Gateway provided by your ISP PPTP Server IP Enter the PPTP Server IP provided by your ISP Connection Select whether the connection should Always Connect or Trigger on Demand If you want the router to establish a PPTP session when starting up and to automatically re establish the PPTP session when disconnected by the ISP select Always Connect If you want to establish a PPTP session only when there is a packet requesting access to the Internet i e when a program on your computer attempts to access the Internet select Trigger on Demand Idle Time Auto disconnect the router when there is no activity on the line for a predetermined perio
105. e applies to 127 Helper You could also select the application type you would like to apply for automatic input Click Apply to save your changes For MAC Address Quality of Service Add QoS Rule p Interface WANI Outbound Configuration ae pe Application LAN Guaranteed w WAT pd Mlaxiniurm fi o OF Dual WWAN Status Guick Start Priority 3 Normal system pe DSCP Marking Disable Firewall Address Type C IF Address MAC Address ie Source MAC Address Candidates ie FORGO OC IOC KH Glos l 2 Protocal Any i a a source Port Range Helper From i ar Destination Port Range Helper Fram fi save Config to Flash Apply Source MAC Address The source MAC Address of the device this rule applies to Candidates You can also select the Candidates which are referred from the ARP table for automatic input Source Port Range The range of source ports this rule applies to Destination Port Range The range of destination ports this rule applies to Helper You could also select the application type you would like to apply for automatic input 4 4 8 Virtual Server In TCP IP and UDP networks a port is a 16 bit number used to identify which application program usually a server incoming connections should be delivered to Some ports have numbers that are pre assigned to them by the Internet Assigned Numbers Authority IANA and these are referred to as well known ports
106. e subnet Please specify the subnet that is allowed to access 4 4 4 3 Firmware Upgrade Firmware Upgrade New Firmware Image Browse Configuration LAN Upgrade WAN Status Quick Start Dual VV AN System Time Zone Remote Access Firmware Upgrade Backup Restore Restart Password system Log Server E Mail Alert Firewall VPN QoS Virtual Server Advanced save Config to Flash Upgrading your BiGuard 30 s firmware is a quick and easy way to enjoy increased 99 functionality better reliability and ensure trouble free operation To upgrade your firmware simply visit Billion s website http www billion com and download the latest firmware image file for BiGuard 30 Next click Browse and select the newly downloaded firmware file Click Upgrade to complete the update NOTE DO NOT power down the router or interrupt the firmware upgrade while it is still in process Interrupting the firmware upgrade process could damage the router 4 4 4 4 Backup Restore BILLION BiGuard 5 0 iBusiness Security Gateway SMB Backup Restore Allows you to backup the configuration settings to your computer Quick Start or restore configuration from your computer Status Configuration Backup Configuration Backup configuration to your computer Backup Time Zone Restore Configuration Remote Access Configuration File Browse Firmware Upgrade Restore will overwrite the current configura
107. ed IKE Messages 3 IKE Negotiated Status Messages The table in the following section lists the different events of each category and provides a detailed explanation of each F 2 IPSec Log Event Table Log Event Explanation Send Main mode initial message of Sending the first initial message of main mode phase Done to exchange ISAKMP encryption algorithm hash algorithm and authentication method Send Aggressive mode initial Sending the first message of aggressive mode phase message of ISAKMP Received Main mode initial Received the first message of main mode message of ISAKMP Send Main mode first response Sending the first response message of main mode Done to exchange message of ISAKMP encryption algorithm hash algorithm and authentication method Received Main mode first response Received the first response message of main mode Done to exchange message of ISAKMP encryption algorithm hash algorithm and authentication method Send Main mode second message Sending the second message of main mode Done to exchange key values of ISAKMP Received Main mode second Received the second message of main mode Done to exchange key message of ISAKMP values 166 Send Main mode second response message of ISAKMP Received Main mode second response message of ISAKMP Send Main mode third message of ISAKMP Received Main mode third message of ISAKMP Send Main mode third response message
108. edicated hackers to either obtain information about your network or disrupt your network s Internet access Your BiGuard 30 provides an extra level of protection from such attacks with its built in firewall 158 Appendix E Virtual Private Networking E 1 What is a VPN A Virtual Private Network VPN is a shared network where private data is segmented from other traffic so that only the intended recipient has access It allows organizations to securely transmit data over a public medium like the Internet VPNs utilize tunnels which allow data to be safely delivered to the intended recipient Because private networks lack data security IPSec based VPNs employ encryption technologies that protect a private network from data theft or tampering These private networks can be implemented over any type of IP network which allows for excellent flexibility E 1 1 VPN Applications VPNs are traditionally used three ways Extranets Extranets are secure connections between two or more organizations IPSec based VPNs are ideal for extranet connections as they can be quickly and inexpensively installed Extranets are often used to securely share a company s information with suppliers vendors customers or other businesses Intranets Intranets are private networks that connect an organization s locations together These locations range from a headquarters to branch offices to a remote employee s home Intranets are often use
109. er Manual Product Box Quick Start Guide wae Network diagram and more gt and more gt Firewall d Trend Micro Home Network Security security scan anti virus anti spam parental controis amp more Education Product Award Mowi E Recommendation of the editors office ADSL2 Modem Rout ADSL2 myGuard 7500GL ecpcibs sl sors Internet Professionell 07 2005 t Up ID 2 ps oo vnstream Easy Talk VPN Passthru When suirfina the net Firewall aa mm ose zi Worldwide http www billion com 151 Appendix C FCC Interference Statement This device complies with Part 15 of FCC rules Operation is subject to the following two conditions This device may not cause harmful interference This device must accept any interference received including interference that may cause undesired operations This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a commercial environment If this equipment does cause harmful interference to radio television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures Reorient or relocate the receiving antenna Increase the separation between the e
110. erconnected networks Show icon in notification area when connected 4a To have your PC obtain an IP address automatically select the Obtain an IP 37 address automatically and Obtain DNS server address automatically radio buttons Internet Protocol TCP IP Properties General Alternate Configuration You can get F settings assigned automatically if pour network supports thi capability Oth hermise you need to ask your network administrator for the appropriate IF settings g Obtain an IP address automatically gt Use the following IP address Use the following OWS server addresses L Da x J 4b To manually assign your PC a fixed IP address select the Use the following IP address radio button and enter your desired IP address subnet mask and default gateway in the blanks provided Remember that your PC must reside in the same subnet mask as the router To designate a DNS server select the Use the following DNS server and fill in the preferred DNS address Internet Protocol TCP IP Properties a lt ES General You can get F settings assigned automatically if pour network supporta this capability Othenwise you need to ask your network administrator for the appropriate IP settings Obtain an IP address automatically Use the following IP address IP a
111. erver Netbios over VPN 148 Firewall Stateful Packet Inspection SPI and Denial of Service DoS prevention Packet filter un permitted inbound WAN Inbound LAN Internet access by IP address port number and packet type Email alert and logs of attack MAC Address Filtering Intrusion detection Content Filtering URL Filter settings prevent user access to certain sites on the Internet Java Applet Active X Cookie Blocking Quality of Service Control Supports DiffServ approach Traffic prioritization and bandwidth management based on IP protocol port number and IP or MAC address Web Based Management Easy to use WEB interface Firmware upgradeable via WEB interface Local and remote management via HTTP amp HTTPS Network Protocols and Features Web Diagnostics System Logs PPPoE PPTP Big Pond and DHCP client connections to the ISP NAT static routing and RIP 2 Dynamic Domain Name System DDNS Virtual Server and DMZ DHCP Server NTP SMTP Client SNMP SIP Pass through IGMP snooping amp IGMP Proxy Port based VLAN Bridge mode Multiple NAT Multiple LAN amp Multiple WAN 149 Physical I nterface Ethernet WAN 2 ports 10 100 Base T support Auto Crossover MDI MDIX Ethernet LAN 8 ports 10 100 Base T switch support Auto Crossover MDI MDIX Physical Specifications Dimensions 18 98 x 6 54 x 1 77 482mm x 166 mm x 45mm with Bracket 9 84 x 6 54
112. es data integrity and ensures it is not tampered with while in transit There are two options Message Digest 5 MD5 and Secure Hash Algorithm SHA1 While slower SHA1 is more resistant to brute force attacks than MD5 MD5 A one way hashing algorithm that produces a 128 bit hash SHA1 A one way hashing algorithm that produces a 160 bit hash Perfect Forward Secure Choose whether to enable PFS using Diffie Hellman public key cryptography to change encryption keys during the second phase of VPN negotiation This function will provide better security but extends the VPN 121 negotiation time Diffie Hellman is a public key cryptography protocol that allows two parties to establish a shared secret over the Internet Pre shared Key This is for the Internet Key Exchange IKE protocol IKE is used to establish a shared security policy and authenticated keys for services such as IPSec that require a key Before any IPSec traffic can be passed each router must be able to verify the identity of its peer This can be done by manually entering the pre shared key into both sides router or hosts IKE Life Time Allows you to specify the timer interval for renegotiation of the IKE security association The value is in seconds eg 28800 seconds 8 hours Key Life Time Allows you to specify the timer interval for renegotiation of another key The value is in seconds eg 3600 seconds 1 hour Netbios Broadcast Allows BiGuard to send loca
113. es of outgoing data traffic should be given priority by the router By doing so the router can ensure that latency sensitive applications like voice bandwidth consuming data like gaming packets or even mission critical files efficiently move through the router even under a heavy load You can throttle the speed at which different types of outgoing data pass through the router In addition you can simply change the priority of different types of upload data and let the router sort out the actual speeds 2 2 1 QoS Technology QoS generally involves the prioritization of network traffic QoS is comprised of three major components Classifier Meter and Scheduler Each of these components has a distinct role in ensuring that incoming and outgoing data is managed according to user specifications The Classifier analyses incoming packets and marks each one according to configured parameters The Meter communicates the drop priority to the Scheduler and measures the temporal priorities of the output stream against configured parameters Finally the Scheduler schedules each packet for transmission based on information from both the Classifier and the Meter 16 Scheduler WANI NANE EE ww 0o T W Be e ujm pE 30E OF DE JE i Ihnbound Outbound 2 2 2 QoS Policies for Different Applications By setting different QoS policies according to the applications you are running you can use BiGuard 30 to optimize the bandwid
114. es or Disables the NAT function To apply this interface as router mode please select Disable Due to default firewall feature if you would like to use router mode you have to input the packet filter rules you would like to forward in Configuration gt Firewall gt Packet filter Click Apply to save your changes To reset to defaults click Reset 4 4 2 1 2 Static IP WANT1 Static IP Status Quick Start a Connection Method Static IF Settings Z Configuration IP assigned by your ISP i i A il ISP Settings l 0 0 i o 0 Pe eee 2 IP Subnet Mask i 0 if ae b j 0 o J0 ISP Gateway Address MAC Address Candidates Your ISP requires you to input Ethernet MAC b p p f Bandwidth Settings WAN IP Alias Primary ONS secondary DNS Dual WARN System ee ci RIP Disable RIP 2B C RIP 2M Firewall VPN NATL Network Address Translation fi s00 Enable Disable Virtual Server Apply Reset Advanced save Contig ta Flash IP assigned by your ISP Enter the static IP assigned by your ISP IP Subnet Mask Enter the IP subnet mask provided by your ISP ISP Gateway Address Enter the ISP gateway address provided by your ISP MAC Address If your ISP requires you to input a WAN Ethernet MAC check the checkbox and enter your MAC address in the blanks below Candidates You can also select the MAC address from the list in the Candidates Primary DNS Enter the primary DNS
115. figure the router s DHCP Server select the Enable radio button and then configure parameters of the DHCP Server including the IP Pool starting IP address and ending IP address to be allocated to the PCs on your network DNS Server WINS Server and Domain Name These details are sent to each DHCP client when they request an IP address from the DHCP server Click Apply to enable this function Fixed Host allows specific computer network clients to have a reserved IP address 78 Fixed Host Fixed Host Table Name Status Quick Start Configuration LAN Active Enable Disable Ethernet IP Address DHCP Server MAC Address LAN Address Mapping Add Candidates WAN Dual WAN System Firewall VPN QoS Virtual Server Advanced Log amp E mail Alert Save Config to Flash Name Enter the name you want to give for the IP Mac Address Fixed Host account Active Select whether you want to Enable or Disable this particular Fixed Host account IP Address Enter the IP address that you want to reserve for the above MAC address MAC Address Enter the MAC address of the PC or server you wish to be assigned a reserved IP Candidates You can also select the Candidates which are referred from the ARP table for automatic input Click the Apply button to add the configuration into the Host Table 4 4 1 3 LAN Address Mapping LAN Address Mapping is a function that can support multiple subnet and
116. ftware Password Input the Password for your SNMP software Access Right Select Read to allow your SNMP software to read the information Select Read Write to allow your SNMP software to read and write the information 4 4 9 4 IGMP IGMP snooping and IGMP proxy are functions to be used for home users who will access IPTV applications IGMP Parameters Status Guick Start l E R ISMP Snooping C Enable Disable Lantgquration LAN WAR Dual WAR System Apply Cancel TIENEN VPN SMP Proxy C Enable Disable AA gt This setting wil become effective after you save to flash and restart the router 05 Virtual Server Advanced static Route Dynamic ONS Device Management SMP VLAN Bridge save Config ta Flash I GMP Snooping Please select enable or disable IGMP Snooping function I GMP Proxy Please select enable or disable the IGMP Proxy function 136 Click Apply to apply this function and please note that the setting will become effective after you save to flash and restart the router 4 4 9 5 VLAN Bridge This section allows you to create VLAN group and specify the member Status J s Quick Start VLAN Bridge T VLAN Mode onfiguration LAN Disable F VLAN Mode Bridge Mode Dual WAN O Tagging Mode System E VLAN Bridge Table VPN Name VLAN ID Tagged Ports UnTagged Ports Edit Delete Default 1 P1 P2 P3 P4 P5 P6 P7 P8 Edit Create Virtual Server Advanced Static Route Dynamic DNS Device M
117. g Co Disable 2 eee office network ea Disable this network _ Ree device x Repair this connection mp Rename this connection Create Shortcut elete view status of this connection Rename Change settings of this connection Bridge Connections Properties Other Places Control Panel My Network Places E3 My Documents ig My Computer Details Local Area Connection LAN or High Speed Internet 10 Paint s Network Connections ex Command Prompt 3 Click the Support tab Local Area Connection Status Connection Status Connected Duration daps 01 15 02 Speed 100 0 Mbps Achivity Recerved 346 4 o listed and select Status from the TE sjij zj Hudotgy O Quick VoIP Setting D estpings New Rich Text Document y ice 4 36 PM If you are using BiGuard 30 s default settings your PC should Have an IP address between 192 168 1 1 and 192 168 1 253 Have a subnet mask of 255 255 255 0 Local Area Connection Status General Support s Internet Protocol TCR IP Address Type Assigned by DHCP IP Address 192 168 1 100 Subnet Mask 205 255 255 0 Default Gatewar 192 168 1 254 Details 3 4 3 Windows 2000 3 4 3 1 Configuring 1 Select Start gt Settings gt Control Panel windows Update Programs Documents SJE Control Panel i Network and Dial up Connections a Printers Help a Taskbar amp Start Menu Sea
118. g fields will be activated and required Dynamic DNS Server Select the DDNS service you have established an account with Wildcard Select this check box to enable the DYNDNS Wildcard Domain Name Enter your registered domain name for this service Username Enter your registered user name for this service Password Enter your registered password for this service Click Apply to save your changes 134 4 4 9 3 Device Management The Device Management Advanced Configuration settings allow you to control your router s security options and device monitoring features Device Management Device Name Quick Start Name BiGuard30 Configuration Web Server Settings LAN sisi Mle tein fso 80 is default HTTP port WAN Management IP Address 0 0 0 0 0 0 0 0 means Any Dual VV AN te Expire to auto logout 3600 seconds System zoos SNMP Access Control SNMP Function C Enable Disable SNMP V1 and V2 Read Community public IP Address Virtual Serve gop Write Community password IF Address Advanced Trap Community IP Address Static Route SNMP V3 Dynamic DNS Z Username Password Device Management A ave Access Right Read Read Write shiv Status Firewall VPN los VLAN Bridge I This setting will become effective after you save to flash and restart the router save Config to Flash Apply Device Name Name Enter a name for this device Web Server Settings HTTP Port T
119. g to save all changes to flash memory 185 Powe ring communicotons with Security Powering communications with Security Powering communications with Security H 6 Dynamic DNS Inbound Load Balancing 192 168 2 2 www billion2 dyndns org www billion3 dyndns org FTP P SL www billion3 dyndns org 192 168 2 3 HTTP www billion2 dyndns org All Remote Access from Internet Step 1 Go to Configuration gt WAN gt Bandwidth Settings Configure your WAN inbound and outbound bandwidth A BILLION BiGuard 50 business Security Gateway SMB Bandwidth Settings Status aa Max Bandwidth Provided by ISP Quick Start pars Outbound Bandwidth 102400 kbps Configuration WAN 1 Inbound Bandwidth 102400 kbps LAN Outbound Bandwidth 5120 kbps WAN WAN 2 Inbound Bandwidth 5120 kbps Dual VWAN i A These bandwidth settings will be referenced by QoS and Loadbalance functions General Setting Outbound Load Balance Apply Inbound Load Balance Protocol Binding System Firewall VPN Qos Virtual Server Ady a t c ed Save Config to Flash SAVE CONFIG RESTART LOGOUT 186 Step 2 Go to Configuration gt Dual WAN gt General Settings and enable Load Balance mode A BHULION Status Quick Start Configuration LAN WAN Dual WAN General Setting Outbound Load Balance You may then decide whether to enable Service Detection or not BiGuard 50 jeusiness Sec
120. he first message of quick mode Phase II Done to exchange proposal and key values IPSec Sending the first response message of quick mode Phase Il Done to exchange proposal and key values IPSec 167 Received Quick mode first Received the first response message of quick mode Phase II Done to response message exchange proposal and key values IPSec Send Quick mode second message Sending the second message of quick mode Phase Il Received Quick mode second Received the second message of quick mode Phase ll message ISAKMP IKE Packet Indicates IKE packet ISAKMP Information Indicates Information packet ISAKMP Quick Mode Indicates quick mode packet NO PROPOSAL CHOSEN No acceptable Oakley Transform NO PROPOSAL CHOSEN No acceptable Proposal in IPsec SA NO PROPOSAL CHOSEN PFS is required in Quick Initial SA NO PROPOSAL CHOSEN PFS is not required in Quick Initial SA NO PROPOSAL CHOSEN Initial Aggressive Mode message from IP Address but no connection has been configured NO PROPOSAL CHOSEN Initial Main Mode message received on IP P ort but no connection has been authorized INVALID ID Require peer to have ID ID but peer declares ID INVALID ID INFORMATION Initial Aggressive Mode packet claiming to be from ID on IP but no connection has been authorized INVALID ID Require peer to have ID ID but peer declares ID INVALID ID INFORMATION Initial Aggres
121. hen enabled ARP Protection will only protect computers that were set in Fixed Host refer to page 78 so that the ARP table of the hosts can be updated Periodically BiGuard30 will send ARP packets to these computers to refresh their ARP tables Enabling ARP Protection can prevent potential viruses infecting computers within the local network Enabling this option will mitigate the effect of ARP virus attack on LAN Session Limit Allows administrators to self define the amount of sessions that currently allowed to connect to BiGuard30 This function limits the number of connections on per user basis This is useful when controlling users who will use the applications which create a large number of connections such as P2P software No Limit No restrictions on the amount of sessions allowed to connect to BiGuard30 Limit Maximum sessions per IP to Restricts an upper limit of sessions allowed to connect to BiGuard30 additional sessions beyond the maximum limit will 111 Limit Maximum sessions per IP to with reject and drop options Just like the previous option this option expands on what to do with additional sessions above the maximum limit You can either reject the additional sessions for a period of time or just drop all packets from those sessions for a period of time 4 4 6 VPN VPN is a way to establish secured communication tunnels to an organization s network via the Internet You can find two items under the VPN section
122. his is the port number the router s embedded web server for web based configuration will use The default value is the standard HTTP port 80 Users may specify an alternative if for example they are running a web server on a PC within their LAN Management I P Address You may specify an IP address allowed to logon and access the router s web server Setting the IP address to 0 0 0 0 will disable IP address restrictions allowing users to login from any IP address Expire to auto logout Specify a time frame for the system to auto logout the user s configuration session Example User A changes HTTP port number to 100 specifies their own IP address of 192 168 1 100 and sets the logout time to be 100 seconds The router will only allow User A access from the IP address 192 168 1 100 to logon to the Web GUI by typing http 192 168 1 254 100 in their web browser After 100 seconds the device will automatically logout User A SNMP Access Control 135 SNMP Function Select Enable to activate this function Disable to deactivate this function SNMP V1 and V2 Read Community Input the string for Read community to match your SNMP software Write Community Input the string for Write community to match your SNMP software Trap Community Input the string for Trap community to match your SNMP software IP Address Input the device IP address with SNMP software installed SNMP V3 Username Input the Username for your SNMP so
123. ied Source IP was chosen here s where the IP can be entered Source IP Netmask If Specified Source IP was chosen here s where the subnet mask can be entered Destination IP Range All Destination IP Click it to specify all source IPs Specified Destination IP Click to specify a specific destination IP address and Destination IP Netmask Destination IP Address If Specified Destination IP was chosen here s where the IP can be entered Destination IP Netmask If Specified Destination IP was chosen here s where the subnet mask can be entered Port Range The range of ports for the specified policy if you only want to use one port enter the same value in both boxes Click Apply to save your changes 96 4 4 4 System The System menu allows you to adjust a variety of basic router settings upgrade firmware set up remote access and more In this menu are the following sections Time Zone Remote Access Firmware Upgrade Backup Restore Restart Password System Log and E mail Alert o Stem Time Zone Remote Access Firmware Upgrade Backup Restore Password oystem Log Server Mlail Alert 4 4 4 1 Time Zone BiGuard does not use an onboard real time clock instead it uses the Network Time Protocol NTP to acquire the current time from an NTP server outside your network Simply choose your local time zone enter NTP Server IP Address and click Apply After connecting to the Internet BiGuard 30 will
124. igently direct network traffic 29 ama a d 2 peisina DNS Inbound is a three step process First a DNS request is made to the router via a remote PC BiGuard 30 based on settings specified by the user will direct the requesting PC to the correct WAN port by replying the selected WAN IP address through the built in DNS server The remote PC then accesses the network via the specified WAN port How BiGuard 30 directs this traffic through the built in DNS server depends on whether it is configured for Fail Over or Load Balancing Learn how to make DNS Inbound on BiGuard 30 work for you in the following section 2 5 1 DNS Inbound Fail Over BiGuard 30 can be configured to reply the WAN2 IP address for the DNS domain name request should WAN1 fail 26 Authoritative Domain Name Server 192 168 2 2 200 200 200 1 1st connection T N www mydomain com DNS 192 168 2 3 Built in DNS Ta 2 d connection ee 200 200 1 Before Fail Over 1st connection FTP www mydomain com nd DNS 192 168 2 3 Built in DNS pesis va After Fail Over In the above example an FTP Server IP_192 168 2 2 and an HTTP Server IP_192 168 2 3 are connected to the Internet via WAN1 IP_200 200 200 1 on BiGuard 30 A remote computer is trying to access these servers via the Internet and makes a DNS request The DNS request www mydomain com will be sent through WAN1 200 200 200 1 to the built in
125. ion Port Range Helper amp From Apply Interface The current traffic type This can be WAN1 outbound inbound and WAN2 outbound inbound Application User defined application name for the current rule Packet Type The type of packet this rule applies to Choose from Any TCP UDP or I CMP Guaranteed The guaranteed amount of bandwidth for this rule as a percentage Maximum The maximum amount of bandwidth for this rule as a percentage Priority The priority assigned to this service Select a value from O to 6 0 being highest DSCP Marking Used to classify traffic Select from Best Effort Premium Gold Service High Medium Low Silver H M L and Bronze H M L Address Type The type of address this rule applies to Select IP Address or MAC Address Bandwidth Type Shared Bandwidth Please select Shared Bandwidth if you would like the specified bandwidth to be shared for all IP address in specified IP range Bandwidth per source IP Address Please select Bandwidth per source IP Address if you would like the specified bandwidth to be applied individually per source IP address in specified IP range For I P Address Source I P Address Range The range of source IP Addresses this rule applies to Destination I P Address Range The range of destination IP Addresses this rule applies to Source Port Range The range of source ports this rule applies to Destination Port Range The range of destination ports this rul
126. irect incoming requests to either WAN port based on the amount of load each WAN port is currently experiencing If WAN2 is experiencing a heavy load BiGuard 30 responds to incoming DNS requests with WAN1 By balancing the load between WAN1 and WAN2 your BiGuard 30 can ensure that inbound traffic is efficiently handled making sure that both ports are equally sharing the load and preventing situations where service is slow because one port is completely saturated by inbound traffic Please refer to appendix H for example settings A typical scenario of how traffic is directed with DNS Inbound Load Balancing is illustrated below 28 11 HTTP Reply 5 DNS Reply e 1 DNS Request 6 HTTP Request DNS Server 3 Bandwidth Monitor 8 HTTP Server In the example above the client is making a DNS request The request is sent to the DNS server of BiGuard 30 through WAN2 1 WAN2 will route this request to the embedded DNS server of BiGuard 30 2 BiGuard 30 will analyze the bandwidth of both WAN1 and WAN2 and decide which WAN IP to reply to the request 3 After the decision is made BiGuard 30 will route the DNS reply to the user through WAN2 4 The user will receive the DNS reply with the IP address of WAN1 5 The browser will initiate an HTTP request to the WAN1 IP address 6 The HTTP request will be send to BiGuard 30 s URL Host Map 7 The Host Map will then redirect the HTTP request to the HTTP serve
127. k Any Local Address Will enable any local address on the network Subnet The subnet of the local network Selecting this option enables you to enter an IP address and netmask IP Range The IP Range of the local network Single Address The IP address of the local host Remote This section configures the remote host Secure Gateway Address or Domain Name The IP address or hostname of the remote VPN device that is connected and establishes a VPN tunnel ID The identity type of the local host Choose from the following three options Remote IP Address Automatically use the remote gateway Address as ID with ID type IP Address IP Address Use an IP address format FQDN DNS Fully Qualified Domain Name Consists of a hostname and domain name For example WWW VPN COM is a FQDN WWW is the host name VPN COM is the domain name When you enter the FQDN of the local host the router will automatically seek the IP address of the FQDN FQUN E Mail Fully Qualified User Name Consists of a username and its domain name For example user vpn com is a FQUN user is the username and vpn com is the domain name Data Enter the ID data using the specific ID type Network Set the subnet IP Range single address or gateway address of the remote network 120 Any Local Address Will enable any local address on the network Subnet The subnet of the remote network Selecting this option allows you to enter an IP address and netmask
128. l Netbios Broadcast packet through the IPSec Tunnel please select Enable or Disable DPD Setting DPD Dead Peer Detection DPD Function Select Enable or Disable DPD function Detection Interval please input the interval time to send out DPD packet Idle Timeout Please input the consecutive no response time to disconnect this tunnel Click the Apply button to save your changes After you have created the IPSec connection the account information will be displayed IPSec IPSec Tunnels Status Quick Start Name Enable Local Network Remote Network Remote Gateway IPSec Proposal Tunnell v Any 192 168 2 0 24 2222 MAIN Mode ESP 3DES MD5 Edit Delete Configuration LAN WAN Create Dual WAN System IPSec Wizard IPSec Polic y PIRE QoS Virtual Server Advanced Save Config to Flash Name This is the user defined name of the connection Enable This function activates or deactivates the IPSec connection 122 Local Subnet Displays IP address and subnet of the local network Remote Subnet Displays IP address and subnet of the remote network Remote Gateway This is the IP address or Domain Name of the remote VPN device that is connected and has an established IPSec tunnel IPSec Proposal This is the selected IPSec security method 4 4 6 2 PPTP PPTP is a set of protocols that enable Virtual Private Networks VPN VPN is a way to establish secured communication tunnels to an organization s
129. le No IP Address Device Name MAC Address Lease Time Status ARP Table Routing Table Session Table Refresh DHCP Table IPSec Status PPTP Status Traffic Statistics System Log Quick Start Configuration Save Config to Flash No Number of the list IP Address A list of IP addresses of devices on your LAN Device Name The host name computer name of the client MAC Address The MAC address of client 4 2 5 IPSec Status The IPSec Status window displays the status of the IPSec Tunnels that are currently configured on your BiGuard 30 IPSec Status IPSec Tunnels Status ARP Table Local Remote Remote Routing Table a Seven Les Network Network Gateway SA Action Session Table DHCP Table IPSec Status PPTP Status Traffic Statistics System Log IPSec Log Quick Start Configuration Save Config to Flash Name The name you assigned to the particular IPSec entry Enable Whether the IPSec connection is currently Enable or Disable Status Whether the IPSec is Active Inactive or Disable Local Subnet The local IP address or subnet used Remote Subnet The subnet of the remote site Remote Gateway The remote gateway IP address SA The Security Association for this IPSec entry Action Manually connect or drop the tunnel 70 4 2 6 PPTP Status The PPTP Status window displays the status of the PPTP Tunnels that are currently configured on your BiGuard 30 PPTP Status PPTP Acounts
130. les H 1 Outbound Fail Over Step 1 Go to Configuration gt WAN gt ISP Settings Select WAN1 and WAN2 and click Edit 4 Billion BiGuard 50 iBusiness security Gateway SMB 7 ISP Settings status ae WAN Service Table Quick Start nr Name Description Configurat P oae ah i WANI DHCP Edit LAN WAN2 DHCP Edit WAN ISP Settings Bandwidth Settings Dual WAN System Firewall VPN QoS Virtual Server Advanced Save Config to Flash SAVE CONFIG RESTART Molciel ths Step 2 Configure WAN1 and WANZ2 according to the information given by your ISP p BLLIOA BiGuard 50 iBusiness Security Gateway SMB WAN1 Static IP Quick Start z Connection Method Static IP Settings Conti uration i IP assigned by your ISP z p gt Status ii ji Wii LAN IP Subnet Mask WAN ISP Gateway Address No 55 I ISP Settings Sar amet EEIN T Your ISP requires you to input Ethernet MAC andwidth Settings E EE fo lo bo o fo w o Dual VWWAN Primary DNS he fos pa ft S Y st e zara Secondary DNS l ji l fi Firewall RIP Disable RIP 2B RIP 2M VPN MTU 1500 QoS Virtual Server Apply Reset Save Config to Flash SAVE CONFIG RESTART Molclo thy 173 A BILION Status Quick Start Configuration LAN WAN ISP Settings Bandwidth Settings Dual VWWAN system Firewall VPN QoS Virtual Server Advanced Save Config ta Flash Step 3 Go to Configuration gt
131. lick Apply to save your changes 4 4 9 2 Dynamic DNS The Dynamic DNS function allows you to alias a dynamic IP address to a static hostname allowing users whose ISP does not assign them a static IP address to use a domain name This is especially useful when hosting servers via your WAN connection so that anyone wishing to connect to you may use your domain name rather than having to use a dynamic IP address that changes periodically This dynamic IP address is the WAN1 WAN2 IP address of the router which is assigned to you by your ISP Click Edit in the Dynamic DNS Settings Table to set related parameters for a specific interface 133 Dynamic DNS Settings Parameters Status Giuick Start Dynamic DNS C Enable Disable Configuration 3 ee 8 Dynamic ONS Server NONE LAN N Wildcard Enable Disable poe au Domain Mame Dual WAM i l semarme System Fa ee Password Firewall Na static Route Dynamic DNS Device Management IGMP VLAN Bridge cave Config ta Flash You will first need to register and establish an account with the Dynamic DNS provider using their website Example DYNDNS http www dyndns or BiGuard 30 supports several Dynamic DNS providers such as www dyndns org www orgdns org www dhs org www dyns cx www 3domain hk www dyndns org www 3322 0rg Dynamic DNS Disable Check to disable the Dynamic DNS function Enable Check to enable the Dynamic DNS function The followin
132. lign the encrypted data ESP Authentication Data This contains an Integrity Check Value ICV for when ESP s optional authentication feature is used ESP provides authentication integrity and confidentiality which provides data content protection and protects against data tampering A typical ESP packet looks like this 161 SPI Sequence Number Authentication Data E 2 1 3 Security Associations SA Security Associations are a one way relationships between sender and receiver that specify IPSec related parameters They provide data protection by using the defined IPSec protocols and allow organizations to control according to the security policy in effect which resources may communicate securely SA is identified by 3 parameters Security Parameters Index SPI a locally unique value Destination IP Address Security Protocol AH or ESP but not both There are several other parameters associated with an SA that are stored in a Security Association database E 2 2 IPSec Modes To exchange data between different types of VPNs IPSec provides two major modes Tunnel Mode This mode is used for host to host security Protection extends to the payload of IP data and the IP addresses of the hosts must be public IP addresses 162 a ra ee 192 168 17 26 192 168 100 57 193 61 71 246 194 83 103 186 Transport Mode This mode is used to provide data security between two networks It
133. ly 187 C Balance by Session Round Robin Balance by Session weight of link capacity C Balance by Session weight C Balance by Traffic weight of link capacity C Balance by Traffic weight Balance by weight of link capacity C Balance by weight Step 4 Go to Configuration gt Advanced gt Dynamic DNS and input the dynamic DNS settings for WAN1 and WAN2 M Powering communications with Security Status Quick Start Configuration LAN WAN Dual WAN System Firewall VPN QoS Virtual Server Advanced Static Route Dynamic DNS Device Management Save Confi g to Flash SAVE CONFIG RESTART OGOUT WANL E 7 gt i J ICAI M Powering communications LLIS L E wih Security Status Quick Start Configuration esau www dyndns org dynamic v LAN WAN www billion2 dyndns org Dual WAN username System Firewall VPN QoS Virtual Server Advanced Static Route Dynamic DNS Device Management Save Config to Flash SAVE CONFIG RESTART OGOUT 188 Powe ring communicohens with Security WAN 2 4 H L ICIL UI u j i Powering communications LLEN wih Security Status Quick Start Configuration www dyndns org dynamic v LAN www billion3 dyndns org username Dual WAN System Firewall VPN QoS Virtual Server Advanced Static Route Dynamic DNS Device Management Save Config to
134. ly setup DNS settings check the checkbox and enter your primary and secondary DNS RIP To activate RIP select Send Receive or Both from the drop down menu To disable RIP select Disable from the drop down menu MTU Enter the Maximum Transmission Unit MTU for your network Network Address Translation Enables or Disables the NAT function To apply this interface as router mode please select Disable Due to default firewall feature if you would like to use router mode you have to input the packet filter rules you would like to forward in Configuration gt Firewall gt Packet filter Click Apply to save your changes To reset to defaults click Reset 4 4 2 1 5 Big Pond Settings 86 Status Quick Start Configuration ISP Settings Bandwidth Settings WAN IP Alias Dual VAN system Firewall VPN 105 Virtual Server WAN1 Big Pond Connection Method Username Password Retype Password Login server MAC Address Candidates DNS RIF WITU Network Address Translation Big Fond Settings Your ISP requires you to input WAN Ethernet MAC M Your ISP requires you to manually setup ONS settings Primary DNS fo fo I i Secondary DNS f l fo f i Disable RIP 2B8 RIP 2M Enable Disable save Config ta Flash Username Enter your user name Password Enter your password Retype Password Retype your password Login Server Enter the IP of the Login server provided by your
135. meant for the Internet By using a router organizations can enjoy relatively inexpensive Internet access while maintaining a high speed local area network D 2 3 Routing Information Protocol RIP Routing Information Protocol RIP is an interior gateway protocol that specifies how routers exchange routing table information Routers periodically update each other with RIP changing their routing tables when necessary BiGuard 30 supports the RIP protocol RIP also supports subnet and multicast protocols RIP is not required for most home applications 156 D 3 Firewall Basics D 3 1 What is a Firewall Firewalls prevent unauthorized Internet users from accessing private networks connected to the Internet All messages entering or leaving the intranet pass through the firewall which examines each message and blocks those that do not meet the specified security criteria With the functionality of a NAT router the firewall adds features that deal with outside Internet intrusion and attacks When an attack or intrusion is detected the firewall can be configured to log the intrusion attempt and can also notify the administrator of the incident With this information the administrator can work with the ISP to take action against the hacker Against some types of attacks the firewall can discard intruder packets thereby fending off the hacker from the private network D 3 1 1 Stateful Packet Inspection BiGuard 30 uses Stateful Pa
136. mes Apply Connection Name A user defined name for the connection Tunnel Select Enable to activate this tunnel Select Disable to deactivate this tunnel Interface Select the interface the IPSec tunnel will apply to WAN1 Select interface WAN1 WAN2 Select interface WAN2 Auto The device will automatically apply the tunnel to WAN1 or WAN2 depending on which WAN interface is active when the IPSec tunnel is being established Note Auto only applies to Fail Over mode For Load Balance mode please do not select Auto In Load Balance mode Auto will be forced to WAN1 119 interface if Auto is selected Local This section configures the local host ID This is the identity type of the local router or host Choose from the following four options WAN IP Address Automatically use the current WAN Address as ID IP Address Use an IP address format FQDN DNS Fully Qualified Domain Name Consists of a hostname and domain name For example WWW VPN COM is a FQDN WWW is the host name VPN COM is the domain name When you enter the FQDN of the local host the router will automatically seek the IP address of the FQDN FQUN E Mail Fully Qualified User Name Consists of a username and its domain name For example user vpn com is a FQUN user is the username and ypn com is the domain name Data Enter the ID data using the specific ID type Network Set the IP address IP range subnet or address range of the local networ
137. n IP DSCP values Other interfaces can match traffic based on the DSCP markings DSCP markings are used to decide how packets should be treated and is a useful tool to give precedence to varying types of data Quality of Service Add QoS Rule Interface WAN Outbound Application Guaranteed of Maximum Priority 3 Normal DSCP Marking i al le Address Type gt Address Bandwidth Type Bandwidth per Source IP Address To 192 168 100 100 To 255 255 255 755 Source IP Address Range Destination IP Address Range Protocol silver service L Silver service M Source Port Range Helper Silver service H To 65535 e ae Bronze service L Destination Port Range Helper a ee a To 65535 e DSCcP Schedule Candidates Always Bronze semice H 2 2 8 DSCP Matching Just like the DSCP Marking DSCP is used on traffics Both inbound rules and outbound rules have DSCP matching DSCP matching is used to identify traffic for the rule It is just like what source IP and destination IP do When this option of the QoS rule is selected the QoS rule will only be applied to the packets whose DSCP field s IP header matches the criteria selected These markings can be used to identify traffic within the network 2 3 Outbound Traffic This section outlines some of the ways you can use BiGuard 30 to manage outbound traffic 2 3 1 Outbound Fail Over Configuring BiGuard 30 for Out
138. nation PNetmask PO P Po po Protocol TCP Poa a a System Firewall d Protocot Binding has higher priority than Routing ewa 7 TA QoS Virtual Server Advanced save Config to Flash SAVE CONFIG RESTART Melelol thes u uuu Step 4 Click Save Config to save all changes to flash memory 199 H 11 Intrusion Detection WB Hacker BiGuard Safe PA pn 1I o Server Safe Intrusion Detection on laa 3 BM DoS Attack internet r Hacker e o a hacker T Step 1 Go to Configuration gt Firewall gt I ntrusion Detection and Enable the Detected Dropped DoS Attack settings Intrusion Detection Enable for preventing hacker attack from Intern Configuration O Enable Disable OAN O Enable Disable WAN Disable O Enable Dual WAN Sg O Limit maximum sessions per IP to 200 O Limit maximum sessions per IP to 20 Packet Filter reject new session from this IP in 5 minutes drop all packets from this IP in 5 minutes URL Filter LAN MAC Filter Block WAN Request Intrusion Detection Virtual Server l Advanced Step 2 Click Apply and then Save Config to save all changes to flash memory H 12 PPTP Remote Access by Windows XP Business Trip Windows XP PPTP Client internet CECA F BiGuard amp PPTP Server _ Local subnet 192 168 30 0 Local mask 255 255 255 0 100 100 100 1 200 Step1 Go to Configura
139. nced Save Config to Flash Create SAVE CONFIG RESTART melee the a rs er 207 Step2 Click Create to create a PPTP Account BILLION BiGuard 50 iBusiness security Gateway SMB PPTP Status Add PPTP Acount Quick Start S Connection Name BiGuard10 Configuration 3 Tunnel Enable Disable LAN Username ltest WAN Password leeee Dual WAN Retype Password leeee system Connection Type C Remote Access LAN to LAN ala Peer Network IP fi 92 f 65 430 f 00 VPN Peer Netmask 255 255 255 IPSec PPTP QoS Apply Virtual Server Netbios Broadcast Enable Disable Advanced Save Config to Flash Step3 Click Apply you can see the account is successfully created BiGuard 50 iBusiness Security Gateway SMB BILLION PPTP status General Setting Quick Start PPTP function Enable Disable Configuration Auth T z Sh uth Type ap or Chap LAN Data Encryption Disable i Encryption Key Length Auto Feer Encryption Wode only Stateless IP Addresses Assigned to Peer Start fram 192 168 30 200 Idle Timeout i Min ID Enable data encryption wil use MS CAAP v2 to authenticate the peer PPTP Apply Virtual Server Account Setting Advanced Name Enable Type Peer Network save Config ta Flash BiGuardid v LAN ta LAN 192 168 30 100 24 Edit Delete Create SAVE CONFIG RESTART LOGOUT a Soe i Se a F A aA Step4
140. nd configure your dynamic DNS settings Both WAN1 and WAN2 A BILLION Status Quick Start Configuration LAN WAN Dual WAN System Firewall YPN QoS Virtual Server Advanced static Route Dynamic DNS Device Management Save Config to Flash BiGuard 50 jsusiness Security Gateway SMB Dynamic DNS Settings Enable Disable www dyndns org dynamic C Enable Disable biguard billion cam Juserame Jececeece SAVE CONFIG RESTART melcle thy 194 rove Step 3 Go to Configuration gt VPN gt IPSec gt IPSec Policy Click Create to configure VPN settings A BILLION BiGuard 50 iBusiness security Gateway SMB Connection Name Jbiguard Tunnel Enabled Disabled stale Interface C WANI C WAN2 Auto Quick Start me Configuration ID FQDN DNS Data biguard billion com moe IP Address fi92 fies P P WAN End IP m poo Seer Network Subnet Address lo lo 0 arc Netmask 255 _ 255 255 fo oystem Firewall eel VPN Secure Gateway IP Address Hostname Data IPSec ID Remote WAN IP Data PSec Wizard IP Address 192 168 g lo End IP IPSec Policy Network Subnet aes fo o lo i lo PPTP Netmask 255 255 255 fo QoS Proposal Virtual Server Secure Association Main Mode Aggressive Mode Manual Key Advanced Method ESP AH Save Config to Flash Encryption Protocol 3DES gt Authentication Protocol MDS gt Perfect Forward Secure Enabled
141. nt VLAN Bridge There are five items within the Advanced section Static Route Dynamic DNS Device Management I GMP and VLAN Bridge 4 4 9 1 Static Route The static route settings enable the router to route IP packets to another network subnet The routing table stores the routing information so the router knows where to redirect the IP packets Static Route Static Route Table status ou ail Mo Enable Destination Metmask Gateway Interface Loantiguration LAN Create Dual VAN system Firewall VPN QoS Virtual Server Static Route Dynamic ONS Device Management SMP VLAN Bridge cave Config ta Flash Click on Static Route and then click Create to add a routing table 132 Static Route Create Rule Rule status R Guick St a rt Configuration LAS VAD Destination Netmask Gateway 1 1 1 Interface Dual YWAN Cost system Firewall Apply VPN oS Virtual Server static Route Dynamic DNS Device Management IShP VLAN Bridge save Config to Flash Rule Select Enable to activate this rule Disable to deactivate this rule Destination This is the destination subnet IP address Netmask This is the subnet mask of the destination IP addresses based on above destination subnet IP Gateway This is the gateway IP address to which packets are to be forwarded Interface Select the interface through which packets are to be forwarded Cost This is the same meaning as Hop C
142. nter the IP address itself Click Apply to Save your changes The IP address will be entered into the Exception List and excluded from the URL filtering rules in effect 4 4 5 3 LAN MAC Filter LAN MAC Filter Quick Start Action Forward Drop Apply Dual WAN No Enable Action MAC Address system Sal Created Packet Filter URL Filter LAN MAC Filter Block WAN Request Intrusion Detection WPN Virtual Server save Contig ta Flash LAN Mac Filter can decide that BiGuard will serve those devices at LAN side or not by MAC Address Default Rule Forward or Drop all LAN request Forward by default 109 Create You can also input a specified MAC Address to be dropped or Forward without depending on the default rule LAN MAC Filter Create Rule __ Fule Enable Disable Action When Matched Drop gt Mac Address Candidates a Apply Dual WWAN Status Quick Start system Firewall Packet Filter URL Filter LAN MAC Filter Block WAN Request Intrusion Detection VPN Virtual Server save Config to Flash Rule Enable or disable this entry Action When Matched Select to Drop or Forward the packet specified in this filter entry MAC Address The MAC Address you would like to apply Candidates You can also select the Candidates which are referred from the ARP table for automatic input 4 4 5 4 Block WAN Request Block WAN Request Enable for p
143. nternal servers e g a web server FTP server Email server or game server the router can act as a virtual server You can set up a local server with a specific port number for the service to use e g web HTTP port 80 FTP port 21 Telnet port 23 SMTP port 25 or POP3 port 110 When an incoming access request is received it will be forwarded to the corresponding internal server Virtual Server Port Forwarding DMZ Enable DMZ Function C Enable Disable SUE DMZ IP Address Candidates f l fo c fo LAN WAN Ap ply Dual WAN Status Quick Start System Port Forwarding Table Firewall Application Protocol External IP External Port Internal IP Internal Port VPN 2 Create QoS Virtual Server Advanced save Config to Flash Click Create to add a new port forwarding rule This function allows any incoming data addressed to a range of service port numbers from the Internet WAN Port to be re directed to a particular LAN private internal IP address This option gives you the ability to handle applications that use more than one port such as games and audio video conferencing 130 Virtual Server Add Forwarding Rule Application Helper status Quick Start Configuration LAN VAR Protocol External Port Redirect Port Dual WAM External IP Address Candidates system Internal IP Address Candidates Firewall VP Apply Virtual Server save Config ta Flash Applicati
144. o make sure that JavaScripts are allowed 1 In Internet Explorer click Tools gt Internet Options 2 Under the Security tab click Custom Level 143 2 x Ea ea General Securty Privacy Content Connections Programs Advanced Settings Select a Web content zone to specify its security settings Fit re 3 Active scripting Disable Enable Intemet Localintranet Trusted sites Restricted __ Prompt sites 3 Allow paste operations via script Disable Internet Enable rA This zone contains all Web sites you O Prompt Ar 2 Scripting of Java applets Disable Enable Prompt Custom Lias Anbhanmbiasbiam Hon settings To change the settings click Custom Level To use the recommended settings click Default Level Reset custom settings Reset to medium Reset Custom Level Default Level Cancel r Security level for this zone 3 Under Scripting check to see if Active scripting is set to Enable 4 Ensure that Scripting of Java applets is set to Enabled 5 Click OK to close the dialogue 5 2 3 3 Java Permissions The following Java Permissions should also be given for the Web Configuration Interface to display properly 1 In Internet Explorer click Tools gt Internet Options 2 Under the Security tab click Custom Level General Secunty Privacy Content Connections Programs Advanced Settings Select a Web content zone to specif
145. o the Internet and wide area networks OF Cancel 4 Select the IP Address tab and click the Obtain an I P address automatically radio button TCP IP Properties Ei Bindings Advanced NetBIOS l DNS Configuration Gateway WINS Configuration IP Address An F address can be automatically assigned to this computer IF your network does not automatically assign IP addresses ask pour network administrator for an address and then type it in the space below cancel _ 55 5 Select the DNS Configuration tab and select the Disable DNS radio button TCP IP Properties ia Bindings Advanced NetBIOS DANS Configuration Gateway WINS Configuration IP Address Darnaire Adad ed a E DHe Semer reach Winder Doman suhe Search urde Poo c Bemaore Canea 6 Click OK to apply the configuration Network Fix Configuration Identification Access Control The following network components are installed m Microsort Family Logon Sf ADSL Company ADSL USB Modem af ASUSTek Broadcom 440 10 100 Integrated Controller if Dial Up Adapter il F Bemaore Properties Primary Network Logon Microzott Family Logon oa File and Print Sharing Description OF Cancel 56 3 4 4 3 Verifying Settings To check the TCP IP configuration use the winipcfg exe utility 1 Select Start gt Run see a a Pepa leite Ll O hl Je ddress
146. of ISAKMP Received Main mode third response message of ISAKMP Received Aggressive mode initial ISAKMP Message Send Aggressive mode first response message of ISAKMP Received Aggressive mode first response message of ISAKMP Send Aggressive mode second message of ISAKMP Received Aggressive mode second ISAKP Message Send Quick mode initial message Received Quick mode initial message Send Quick mode first response message Sending the main mode second response message Done to exchange key values Received the main mode second response message Done to exchange key values Sending the third message of main mode Done for authentication Received the third message of main mode Done for authentication Sending the third response message of main mode Done for authentication Received the third response message of main mode Done for authentication Received the first message of aggressive mode Sending the first response message of aggressive mode Done to exchange proposal and key values Received the first response message of aggressive mode Done to exchange proposal and key values Sending the second message of aggressive mode Done to exchange proposal and key values Received the second message of aggressive mode Done to exchange proposal and key values Sending the first message of quick mode Phase Il Done to exchange proposal and key values IPSec Received t
147. on LAN VAAN Protocol Port Range Helper CNAME Namel Mame Dual WAN al Setting Qutb o und L z ad Balance Inbound Load Balance Protocal Binding System t Domain will be appended automatically in these Meds euc EE Apply VPN Virtual Server Advanced save Config ta Flash Domain Name The domain name of the local host Host URL The URL to be mapped Private IP Address The IP address of the local host Helper You could also select the application type you would like to apply for automatic input 94 Port Range The port range of all incoming packets are accepted and processed by a local host with the specified private IP address Candidates You can also select the Candidates which are referred from the ARP table for automatic input Namel The Alias Host URL Name2 The Alias Host URL Click Apply to save your changes 4 4 3 4 Protocol Binding Protocol Binding lets you direct specific traffic to go out from a specific WAN port Click the Create button to create a new policy entry Policies entered would tell specific types of Internet traffic from a particular range of IPs to go to a particular range of IPs with ONE WAN port rather than using both of the WAN ports with load balancing NOTE If any policies are added in the Protocol Binding section please note that it would take precedence over the settings that are already configured in the Load Balance Setting section
148. on User defined application name for the current rule Helper You could also select the application type you would like to apply for automatic input Protocol type please select protocol type External Port Enter the port number of the service that will be sent to the Internal IP address Redirect Port Enter a new port number for the service that will be sent to the Internal IP address External I P Address Please click candidate to select the WAN interface or the WAN IP address Internal I P Address Enter the LAN server host IP address that the service request from the Internet will be sent to Candidates You can also select the Candidates which are referred from the ARP table for automatic input NOTE You need to give your LAN server host a static IP address for the Virtual Server to work properly Click Apply to save your changes Using port forwarding does have security implications as outside users will be able to connect to PCs on your network For this reason using specific Virtual Server entries just for the ports your application requires instead of using DMZ is recommended 4 4 9 Advanced Configuration options within the Advanced section are for users who wish to take 131 advantage of the more advanced features of BiGuard 30 Users who do not understand the features should not attempt to reconfigure their router unless advised to do so by support staff Advanced Static Route Dynamic DNS Device Manageme
149. osoft Windows AP Version 5 1 2606 LC Copyright 1985 2081 Microsoft Corp Co Documents and Settings Benno Hong gt ipconf ig Windows IP Configuration Ethernet adapter Local Area Connection Connection specific DHS Suffix IP Address 2 2 2 ow e 192 168 1 108 Subnet Mask ww ew ee 255 255 255 0 Default Gateway a a a n a 192 168 1 254 C2 Documents and Settings Benno Hong To verify your settings using the Windows XP GUI 1 Click Start gt Settings gt Network Connections CA MY VDOcuments RECISLE J hake IMNpUure UICK VoIP setting f amp Set Program Access and Defaults a o windows Catalog th windows Update f Programs b 2 Documents gt P O Control Panel z om Search EA 1 4 Printers and Faxes Help and Support ef Taskbar and Start Menu fj Run c Log Off Benno Hong g Turn OFF Computer YY oy my 54 6 40 2 Right click one of the network connections pop up menu ha My Documents a pr My Computer ca a My Network Places r Internet Explorer al agba Camtasia Studio 2 a s Network Connections DER ar File Edit View Favorites Tools Advanced Help Q Bact Q S l Search ear Folders 3 Address e Network Connections e LAN or High Speed Internet Network Tasks ocal Area Connection E Create a new ALBI 7 connection i a NVIDIA nForce Networkin
150. page Next Go to the next page 5 LAN to Host for BiGuard VPN Client only BiGuard would like to establish an IPSec VPN tunnel with BiGuard VPN Client software CO1 by using aggressive mode 116 status Quick Start Configuration LAN VAN Dual WAN system Firewall WEN IPSec iP Se c Wi zard IPsec Policy PPTP Glos Virtual Server save Config to Flash IPSec Wizard Step 2 of 3 Remote Information YPN Client IP Address 2 De sure that each chent must use differant VPA Chant IP Address Rack Next s 1 Please note that tis Feld must be consistent with the setting of VEN Ghent VPN Client IP Address The VPN Client Address for BiGuard VPN Client this value will be applied on both remote ID and Remote Network as single address Back Back to the Previous page Next Go to the next page status 7 Quick Start Configuration LAN WAN Dual WAN System Firevyall IPSec Vizard IPSec Polic y EEE QoS Virtual Server Advanced save Config to Flash IPSec Wizard Configuration Summary Connection Name Tunnel Interface ID Network Local Secure Gateway Remote ID Network Secure Association Method Encryption Protocol Authentication Protocol Proposal Perfect Forward Secure Key Group PreShared Key IKE Life Time Key Life Time 1 Enabled WANI WAN IP Address 192 168 1 254 255 255 255 0 ANY 100 100 100 1 Remote Secure Gateway IP Address Aggressive Mode ESE 3DES MDS
151. pplications E 2 What is IPSec E 2 1 E 2 2 IPSec Security Components E 2 1 1 Authentication Header AH E 2 1 2 Encapsulating Security Payload ESP E 2 1 3 Security Associations SA IPSec Modes E 2 3 Tunnel Mode AH E 2 4 Tunnel Mode ESP E 2 5 Internet Key Exchange IKE Appendix F I PSec Logs and Events F 1 IPSec Log Event Categories F 2 IPSec Log Event Table Appendix G Bandwidth Management with QoS G 1 Overview G 2 What is Quality of Service G 3 How Does QoS Work G 4 Who Needs QoS G 4 1 Home Users G 4 2 Office Users Appendix H Router Setup Examples H 1 Outbound Fail Over H 2 Outbound Load Balancing H 3 Inbound Fail Over H 4 DNS Inbound Fail Over H 5 DNS Inbound Load Balancing H 6 Dynamic DNS Inbound Load Balancing H 7 VPN Configuration H 7 1 LAN to LAN H 7 2 Host to LAN H 8 IPSec Fail Over Gateway to Gateway H 9 VPN Concentrator H 10 Protocol Binding H 11 Intrusion Detection H 12 PPTP Remote Access by Windows XP H 13 PPTP Remote Access by BiGuard 10 Chapter 1 Introduction 1 1 Overview Congratulations on purchasing BiGuard 30 Router from Billion Combining a router with an Ethernet network switch BiGuard 30 is a state of the art device that provides everything you need to get your network connected to the Internet over your Cable or DSL connection quickly and easily The Quick Start Wizard and DHCP Server will get first time users up and running with minimal fuss and configuration while
152. products to protect the environment 1 1 1 2 1 3 2 1 2 2 2 3 2 4 2 5 2 6 Table of Contents Chapter 1 Introduction Overview Product Highlights 1 2 1 Increased Bandwidth Scalability and Resilience 1 2 2 Virtual Private Network Support 1 2 3 Advanced Firewall Security 1 2 4 Intelligent Bandwidth Management Package Contents 1 3 1 Front Panel 1 3 2 Rear Panel 1 3 3 Rack Mounting 1 3 4 Cabling Chapter 2 Router Applications Overview Bandwidth Management with QoS 2 2 1 QoS Technology 2 2 2 QoS Policies for Different Applications 2 2 3 Guaranteed Maximum Bandwidth 2 2 4 Policy Based Traffic Shaping 2 2 5 Priority Bandwidth Utilization 2 2 6 Management by IP or MAC address 2 2 7 DiffServ DSCP Marking 2 2 7 DSCP Matching Outbound Traffic 2 3 1 Outbound Fail Over 2 3 2 Outbound Load Balancing Inbound Traffic 2 4 1 Inbound Fail Over 2 4 2 Inbound Load Balancing DNS Inbound 2 5 1 DNS Inbound Fail Over 2 5 2 DNS Inbound Load Balancing Virtual Private Networking 3 1 3 2 3 3 3 4 3 5 3 6 3 7 4 1 4 2 2 6 1 General VPN Setup 2 6 2 VPN Planning Fail Over 2 6 3 Concentrator Chapter 3 Getting Started Overview Before You Begin Connecting Your Router Configuring PCs for TCP IP Networking 3 4 1 Overview 3 4 2 Windows XP 3 4 2 1 Configuring 3 4 2 2 Verifying Settings 3 4 3 Windows 2000 3 4 3 1 Configuring 3 4 3 2 Verifying Settings 3 4 4 Windows 98 ME 3 4 4 1 In
153. provided by your ISP Secondary DNS Enter the secondary DNS provided by your ISP RIP To activate RIP select Send Receive or Both from the drop down menu To disable RIP select Disable from the drop down menu MTU Enter the Maximum Transmission Unit MTU for your network Network Address Translation Enables or Disables the NAT function To apply this interface as router mode please select Disable Due to default firewall feature if you 83 would like to use router mode you have to input the packet filter rules you would like to forward in Configuration gt Firewall gt Packet filter Click Apply to save your changes To reset to defaults click Reset 4 4 2 1 3 PPPoE WAN PPPoE Cee e Connection Method PPPoE settings Quick Start RT Configuration aul Retype Password i an ee Connection Always Connect ISP Settings Password ee Idle Time 10 minutes Bandwidth Settings Seiten Dynamic IP automatically assigned by your ISP VIAN IP Alias IP assignd by your ISP C Fixed Your ISP requires you to input IP address Dual WAN bp op 1p system MAC Address M Your ISP requires you to input WAN Ethernet MAC eee La e MAC Address 00 po cfo co tho dho ie M Your ISF requires you to manually setup DNS settings Pieca aod DNS Primary ONS po po po po A secondary DNS po po po po RIP Disable RIP 2B RIP 2M cave Config ta Flash MITU T Network Address Taare f Enable
154. provides protection for the entire IP packet and is sent by adding an outer IP header corresponding to the two tunnel end points Since tunnel mode hides the original IP header it provides security of the networks with private IP address space ISP Internet go ISP gt g 193 61 71 246 194 83 103 186 E 2 3 Tunnel Mode AH AH is typically applied to a data packet in the following manner Original Packet Packet with IPSec Authentication Meager Authenticated 163 E 2 4 Tunnel Mode ESP Here is an example of a packet with ESP applied Original Packet Packet with IPSec Encapsulation Security Payload D E e encrypted Authenticated E 2 5 Internet Key Exchange IKE Before either AH or ESP can be used it is necessary for the two communication devices to exchange a secret key that the security protocols themselves will use To do this IPSec uses Internet Key Exchange IKE as a primary support protocol IKE facilitates and automates the SA setup and exchanges keys between parties transferring data Using keys ensures that only the sender and receiver of a message can access it These keys need to be re created or refreshed frequently so that the parties can communicate securely with each other Refreshing keys on a regular basis ensures data confidentiality There are two phases to this process Phase I deals with the negotiation and management of IKE and IPSec parameters This phase can
155. quipment and the receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radio TV technician for help Notice Changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment 152 Appendix D Network Routing and Firewall Basics D 1 Network Basics D 1 1 IP Addresses With the number of TCP IP networks interconnected across the globe ensuring that transmitted data reaches the correct destination requires each computer on the Internet has a unique identifier This identifier is known as the IP address The Internet Protocol IP uses a 32 bit address structure and the address is usually written in dot notation A typical IP address looks like this 198 25 12 8 The 32 bits of the address are subdivided into two parts The first part of the address identifies the network while the second part identifies the host node or station on the network How the address is divided depends on the address range and the application The five standard IP address classes each have different methods to determine the network and host sections of the address which makes multiple hosts on a network possible TCP IP software identifies each address class by reading a unique bit pattern that precedes each address type Once the address class has been recognized the soft
156. r 8 The HTTP server will reply 9 The URL Host Map will route the packet through WAN1 to the user 10 Finally the client will receive an HTTP reply packet 11 2 6 Virtual Private Networking A Virtual Private Network VPN enables you to send data between two computers across a shared or public network in a manner that emulates the properties of a point to point private link As such it is perfect for connecting branch offices to headquarters across the Internet in a secure fashion The following section discusses Virtual Private Networking with BiGuard 30 2 6 1 General VPN Setup There are typically three different VPN scenarios The first is a Gateway to Gateway setup where two remote gateways communicate over the Internet via a secure tunnel 100 100 100 1 200 200 200 1 gt moere ais 192 168 2 x 192 168 3 x secure turns The next type of VPN setup is the Gateway to Multiple Gateway setup where one gateway Headquarters is communicating with multiple gateways Branch Offices over the Internet As with all VPNs data is kept secure with secure tunnels 200 200 200 1 O _ es Secure Tunnel f 192 168 3 x sx 00 100 100 1 gt ee 192 168 2 x 201 201 201 1 a 192 168 4 x The final type of VPN setup is the Client to Gateway A good example of where this can be applied is when a remote sales person accesses the corporate network over a secure VPN tunnel 100 100 100 m
157. rch Run Shut Down A J ip s i z 42 2 In the Control Panel window double click Network and Dial up Connections EJ Control Panel File Edit wiew Favorites Tools Help Back gt EA Search Lat Folders ga Fey Uz O wh E A Control Panel L el fe Accessibility AddfRemove Administrative Automatic Control Panel Options Hardware Frograms Tools Updates ca Network and Dial up Connections Ba D Al Connects to other computers E aadikhe Inrecnck Date Time Display Folder Options Fonts Gaming Options Windows Update EEE F njer g Windows 2000 Support x E DO Internet keyboard Licensing Mouse Network and Options Dial up Connections v NVIDIA mivievy Power Options Printers Regional Desktop M Modem Options aaja ms lt E Scanners and Scheduled SoundMAX Sounds and Symantec Cameras Tasks Multimedia LiveUpdate E Network and Dial up Connections File Edit wiew Favorites Tools Advanced Help 4a Back p Search L Folders 4 VAS D x e El Address 2 Network and Dial up Connections fen Local rea Network and Dial up connection EE Connections Local Area Connection Type LAN Connection Status Enabled 37om EtherLink L 10 100 PCI For Complete PC Management MIT 3C905C TH Com EtherLink L 10 100 PCI For Complete PC Management WIC fSC905C Txh 43 4 In the Local Area Connection window click Properties Local Area
158. rection Outgoing gt Dual WAN Status Start IP Address Source IP End IP Address Netmask Start IP Address Destination IP End IP Address Netmask system Firewall Packet Filter URL Filter LAN MAC Filter Block WAN Request tee Protocol Any Intrusion Detection Source Port Range Helper fi 55535 VPN re Destination Port Range Helper fi mi65535 aS Jos Virtual Server Apply Advanced save Config to Flash ID This is an identify that allows you to move the rule by before or after an ID Rule Enable or Disable this entry Action When Matched Select to Drop or Forward the packet specified in this filter entry Direction Incoming Packet Filter rules prevent unauthorized computers or 105 applications accessing your local network from the Internet Outgoing Packet Filter rules prevent unauthorized computers or applications accessing the Internet Select if the new filter rule is incoming or outgoing Source IP Select Any Subnet IP Range or Single Address Starting I P Address Enter the source IP or starting source IP address this filter rule is to be applied End IP Address Enter the End source IP Address this filter rule is to be applied for IP Range only Netmask Enter the subnet mask of the above IP address Destination I P Select Any Subnet IP Range or Single Address Starting IP Address Enter the destination IP or starting destination IP address this filter rule is to be
159. rer f l Advanced cancel _ Albenate DHS semer 6b To manually assign your PC a fixed IP address select the Use the following IP address radio button and enter your desired IP address subnet mask and default gateway in the blanks provided Remember that your PC must reside in the same subnet mask as the router To designate a DNS server select the Use the following DNS server and fill in the preferred DNS address 45 Internet Protocol TCP IP Properties General You can get F settings assigned automatically iF pour network supporta this capability Othenwse you need to ask pour network administrator for the appropriate IP settings Obtain an IP address automatically IP address 1952 168 1 100 Subnet mask 255 25857 255 0 Default gateway 1952 168 1 254 Obtain DHS server address automatically f Use the following DMS server addresses Prefered ONS server 192 768 1 254 Advanced 4 bernate ONS server 7 Click OK to finish the configuration 3 4 3 2 Verifying Settings 1 Click Start gt Programs gt Accessories gt Command Prompt 46 Accessibility Communications Entertainment ames Microsoft Script Debugger T i ch System Tools Address Book ee Calculator i CPP was Command Prompt t Imaging Notepad Faint Synchronize windows Explorer wordPad Accessories E Adminis
160. reventing any ping test from Internet such as hacker attack status Guick Start Block WAN Request Enable Disable Configuration LAN Apply WAN Dual VAAN system Firewall Packet Filter URL Filter LAN MAC Filter B ock WAM Request Intrusion Detection VPN oS Virtual Server save Config to Flash 110 Blocking WAN requests is one way to prevent DDOS attacks by preventing ping requests from the Internet Use this menu to enable or disable function 4 4 5 5 Intrusion Detection Status Intrusion Detection Quick Start Enable for preventing hacker attack from Internet Configuration Intrusion Detection O Enable Disable N Intrusion Log O Enable Disable WAN ARP Protection Disable Enable Sendiri No Limit System Limit maximum sessions per IP to 200 Firewall Session Limit Limit maximum sessions per IP to 200 Packet Filter reject new session from this IP in 5 minutes URL Filter drop all packets from this IP in 5 minutes LAN MAC Filter Block WAN Request Intrusion Detection VP Q da S i Virtual Server Advanced Save Config to Flash Intrusion Detection can prevent most common DoS attacks from the Internet or from LAN users Intrusion Detection Enable or disable this function Intrusion Log All the detected and dropped attacks will be shown in the system og ARP Protection ARP protection is used to protect users on the LAN against ARP virus W
161. ring your BiGuard 30 for Inbound Fail Over provides a more reliable connection for your incoming traffic Please refer to appendix H for example settings 2 4 2 Inbound Load Balancing Inbound Load Balancing allows BiGuard 30 to intelligently manage inbound traffic based on the amount of load of each WAN connection 24 gt _____ 192 168 2 2 sq HE www billion3 dyndns org www billion2 dyndns org Toh 192 168 2 3 BEA x www billion3 dyndns org www billion2 dyndns org l Remote Access from Internet In the above example an FTP server IP_192 168 2 2 and an HTTP server IP_192 168 2 3 are connected to the Internet via WAN1 www billion2 dyndns org and WAN2 www billion3 dyndns org on BiGuard 30 FTP HTTP Remote PCs are attempting to access the servers via the Internet Using Inbound Load Balancing BiGuard 30 can direct incoming requests to the correct WAN port based on group assignment For example a sales force can be directed to www billion2 dyndns org while the R amp D group can access www billion3 dyndns org By balancing the load between WAN1 and WANZ2 your BiGuard 30 can ensure that inbound traffic is efficiently handled with both ports equally sharing the load preventing situations where service is slow because one port is completely Saturated by inbound traffic Please refer to appendix H for example settings 2 5 DNS Inbound Using DNS Inbound is a great way to intell
162. rmation such as gateway and DNS address can also be assigned with a DHCP server When connecting to the ISP BiGuard 30 also functions as a DHCP client BiGuard 30 can automatically obtain an IP address subnet mask gateway address and DNS server addresses if the ISP assigns this information via DHCP 155 D 2 Router Basics D 2 1 What is a Router A router is a device that forwards data packets along networks A router is connected to at least two networks Usually this is a LAN and a WAN that is connected to an ISP network Routers are located at gateways the places where two or more networks connect Routers use headers and forwarding tables to determine the best path for forwarding the packets and they use protocols to communicate with each other and configure the best route between any two hosts Routers can vary in performance and scale the types of physical WAN connection they support and the number of routing protocols supported BiGuard 30 offers a convenient and powerful way for small to medium businesses to connect their networks D 2 2 Why use a Router While large bandwidth can easily and inexpensively be provided in a LAN having high bandwidth between a LAN and the Internet can be prohibitively expensive Because of this Internet access is usually done through a slower WAN link such as a cable or DSL modem To efficiently use this slower connection a router acts as a mechanism for selecting and transmitting data
163. rts when connecting a PC to the network DC12V Connect DC Power Adapter here 12VDC ee OO 1 3 3 Rack Mounting To rack mount BiGuard 30 carefully secure the device to your rack on both sides using the included brackets and screws See the diagram below for a more detailed explanation piiLia 14 1 3 4 Cabling Most Ethernet networks currently use unshielded twisted pair UTP cabling The UTP cable contains eight conductors arranged in four twisted pairs and terminated with an RJ45 type connector One of the most common causes of networking problems is bad cabling Make sure that all connected devices are turned on On the front panel of BiGuard 30 verify that the LAN link and WAN line LEDs are lit If they are not check to see that you are using the proper cabling 15 Chapter 2 Router Applications 2 1 Overview Your BiGuard 30 router is a versatile device that can be configured to not only protect your network from malicious attackers but also ensure optimal usage of available bandwidth with Quality of Service QoS and both Inbound and Outbound Load Balancing Alternatively BiGuard 30 can also be set to redirect incoming and outgoing network traffic with the Fail Over capability ensuring minimal downtime and increased reliability The following chapter describes how BiGuard 30 can work for you 2 2 Bandwidth Management with QoS Quality of Service QoS gives you full control over which typ
164. s Host URL Mappings General setting Outbound Load Balance Apply Inbound Load Balance Protocol Binding system Firewall VPN Gos Virtual Server save Config ta Flash Function Used to enable or disable inbound load balancing DNS Server 1 DNS Server 1 settings including Host URL mappings DNS Server 2 DNS Server 2 settings including Host URL mappings To edit server settings click Edit The following example illustrates DNS Server 1 settings DNS Server 2 settings follow a similar procedure 92 status Guick Start Configuration LAN WAN Dual wia General Setting Outbound Load Balance l Inbound Load Balance aa Shayne o Bi n d in H System Firewall WPN Gos Virtual Server DNS Server 1 SOA Domain Name Primary Mame Server Admin Mail Box Serial Number Refresh Interval Retry Interval Expiration Time Minimum TTL NS Record Name Server MX Record Mail Exchanger Jabe com aaa Jadmin abe com fi 36000 Sec OU Sec a6400 Sec 180 SEC Private Public IF Address b gt b bP save Config ta Flash t Domain wil be appended automatically in these Helds SOA Domain Name The domain name of DNS Server 1 It is the name that you register on DNS organization You have to fill out the Fully Qualified Domain Name FQDN with an ending character a dot for this text field ex abc com When you enter the following domain name you can only input different
165. s name as BiGuard 30 s system name 5 4 ISP Connection Unless you have been assigned a static IP address by your ISP your BiGuard 30 will need to request an IP address from the ISP in order to access the Internet If your BiGuard 30 is unable to access the Internet first determine if your router is able to obtain a WAN IP address from the ISP To check the WAN IP address 1 Open your browser and choose an external site i e www billion com 2 Access the Web Configuration Interface by entering your router s IP address default is 192 168 1 254 3 The WAN IP Status is displayed on the first page 145 p BULON BiGuar d 50 iBusiness Security Gateway SMB Status a Device Information Status Device Name BiGuard30 ARP Table System Up Time 3 6 51 4 day hour min sec Routing Table Failover Status Load Balance only WAN1 is active Session Table Current Times Thu Aug 4 18 50 49 2005 DHCP Table Private LAN MAC Address 00 04 ed aa bb de IPSec Status Public WAN1 MAC Address 00 04 ed aa bb df PPTP Status Public WAN2 MAC Address 00 11 22 33 44 57 Traffic Statistics Firmware Version 1 06n PPPO System Log Home URL Billion Electric Co Ltd IPSec Log LAN Quick Stat IP Address 192 168 1254 Configuration Netmask 255 255 255 0 Save Config to Flash DHCP Serer iO Enabled WAN1 Connection Method Connect by IP Address not connected Netmask Gateway DNS Up Time WAN2 Connection Method No Link IP Address Netmask Gateway 7
166. s relating to BiGuard 30 s LAN Interface 5 2 1 Can t Access BiGuard 30 from the LAN If there is no response from BiGuard 30 from the LAN Check your Ethernet cable types and each connection Make sure the computer s Ethernet adapter is installed and functioning properly If the error persists you may have a hardware problem and should contact technical support 5 2 2 Can t Ping Any PC on the LAN If PCs connected to the LAN cannot be pinged 140 Check the 10 100 LAN LEDs on BiGuard 30 s front panel One of these LEDs should be on If they are both off check the cables between BiGuard 30 and the hub or PC Check the corresponding LAN LEDs on your PC s Ethernet device are on Make sure that driver software for your PC s Ethernet adapter and TCP IP software is correctly installed and configured on your PC Verify the IP address and the subnet mask of BiGuard 30 and the computers are on the same subnet 5 2 3 Can t Access Web Configuration I nterface If you are having trouble accessing BiGuard 30 s Web Configuration Interface from a PC connected to the network Check the connection between the PC and the router Make sure your PC s IP address is on the same subnet as the router If your BiGuard 30 s IP address has changed and you don t know the current IP address reset the router to factory defaults by holding the Reset button on the back of your router for 6 seconds This will rese
167. s up to 30 simultaneous IPSec VPN connections are possible on BiGuard 30 with performance of up to 30Mbps PPTP VPN is up to 4 simultaneous PPTP VPN 11 connections are possible on BiGuard 30 with performance of up to 10Mbps 1 2 3 Advanced Firewall Security Aside from intelligent broadband sharing BiGuard 30 offers integrated firewall protection with advanced features to secure your network from outside attacks Stateful Packet Inspection SPI determines if a data packet is permitted to enter the private LAN Denial of Service DoS prevents hackers from interrupting network services via malicious attacks In addition BiGuard 30 firewall can be configured to alert you via email should your network come under fire offering both tight network security and peace of mind 1 2 4 Intelligent Bandwidth Management BiGuard 30 utilizes Quality of Service QoS to give you full control over the priority of both incoming and outgoing data ensuring that critical data such as customer information moves through your network even while under a heavy load Transmission speeds can be throttled to make sure users are not saturating bandwidth required for mission critical data transfers Priority types of upload data can also be changed allowing BiGuard 30 to automatically sort out actual speeds for unmatched convenience 1 3 Package Contents BiGuard 30 iBusiness Security Gateway SMB Bracket x 2 for rack mounting Screw x 4 for rack mounting
168. second PC can 66 access the page after a user defined period 5 minutes by default The following sections will show you how to configure your router using the Web Configuration Interface 4 2 Status The Status menu displays the various options that have been selected and a number of statistics about your BiGuard 30 In this menu you will find the following sections ARP Table Routing Table Session Table DHCP Table IPSec Status PPTP Status Traffic Statistics System Log IPSec Log Status ARP Table Routing Table session Table DHCP Table IPSec Status PPTP Status Traffic Statistics System Log IPSec Lo i 4 2 1 ARP Table The Address Resolution Protocol ARP Table shows the mapping of Internet IP addresses to Ethernet MAC addresses This is a quick way to determine the MAC address of your PC s network interface to use with the router s Firewall MAC Address Filter function See the Firewall section of this chapter for more information on this feature 67 ARP Table IP lt gt MAC List No IP Address MAC Address Interface Static 1 192 168 1 25 00 05 1C 06 38 48 LAN no Status ARP Table Routing Table Session Table DHCP Table IPSec Status PPTP Status Traffic Statistics System Log IPSec Log Quick Start Configuration Save Config to Flash No Number of the list IP Address A list of IP addresses of devices on your LAN MAC A
169. server applications that need to identify the source IP address of the client By balancing the load between WAN1 and WANZ2 your BiGuard 30 can ensure that outbound traffic is efficiently handled by making sure that both ports are equally Sharing the load preventing situations where one port is completely saturated by outbound traffic Please refer to appendix H for example settings 2 4 Inbound Traffic Learn how BiGuard 30 can handle inbound traffic in the following section 2 4 1 Inbound Fail Over Configuring BiGuard 30 for Inbound Fail Over allows you to ensure that incoming traffic is uninterrupted by having BiGuard 30 default to WAN2 should WAN1 fail 23 192 168 2 2 ftp ftp billion dydns org we at billion dyndns org ee 192 168 2 3 HTTP P 3 Before Fail Over Remote Access from Internet 192 168 2 2 ftp ftp billion dydns org _ 7 gt ltl 192 168 2 3 HTTP In the above example an FTP Server IP_192 168 2 2 and an HTTP Server IP_192 168 2 3 are connected to the Internet via WAN1 ftp billion dyndns org on BiGuard 30 A remote computer is trying to access these servers via the Internet a onanan After Fail Over Remote Access from Internet Under normal circumstances the remote computer will gain access to the network via WAN1 Should WAN 1 fail Inbound Fail Over tells BiGuard 30 to reroute incoming traffic to WAN2 by using the Dynamic DNS mechanism Configu
170. sive Mode packet claiming to be from ID on IP but no connection has been authorized Received Delete SA payload and deleting IPSEC State integer 168 Powering communications with Security Appendix G Bandwidth Management with QoS G 1 Overview In a home or office environment users constantly have to transmit data to and from the Internet When too many are accessing the Internet at the same time service can slow to a crawl causing service interruptions and general frustration Quality of Service QoS is one of the ways BiGuard 30 can optimize the use of bandwidth ensuring a smooth and responsive Internet connection for all users G 2 What is Quality of Service QoS is a feature that prioritizes and guarantees bandwidth to achieve optimal service performance QoS can maximize the use of available network bandwidth by prioritizing time sensitive traffic to avoid latencies and delays By ensuring that time sensitive applications such as VoIP and streaming video get priority access to bandwidth users in both home and office environments can enjoy smooth and responsive data transmission no matter which applications they are running If you ve ever experienced slow Internet speeds due to other network users using bandwidth consuming applications like P2P you ll understand why QoS is such a breakthrough for home users and office users Billion makes itself unique by integrating QoS in its routers for both inbound and
171. sophisticated Quality of Service QoS and Load Balancing features grant advanced users total control over their network and Internet connection This manual illustrates the many features and functions of BiGuard 30 and even takes you through the various ways you can apply this versatile device to your home or office Take the time now to familiarize yourself with BiGuard 30 1 2 Product Highlights 1 2 1 Increased Bandwidth Scalability and Resilience With integrated Dual WAN ports BiGuard 30 combines two broadband lines such as DSL or Cable into one Internet connection providing optimal bandwidth sharing for multiple PCs on your network or allowing maximum reliability with network redundancy Load Balancing enables BiGuard 30 to efficiently balance network traffic across two connections ideal for small to medium businesses that require increased bandwidth network scalability and resilience for mission critical network and Internet applications Auto failover can also be configured to ensure smooth continuous service should one connection fail providing maximum business uptime and productivity plus uninterrupted service for you and your customers 1 2 2 Virtual Private Network Support BiGuard 30 supports comprehensive IPSec amp PPTP VPN protocols for businesses to establish private encrypted tunnels over the Internet to ensure data transmission security among multiple sites such as a branch office or dial up connection IPSec VPN i
172. stalling Components 3 4 4 2 Configuring 3 4 4 3 Verifying Settings Factory Default Settings 3 5 1 Username and Password 3 5 2 LAN and WAN Port Addresses Information From Your ISP 3 6 1 Protocols 3 6 2 Configuration Information 3 6 2 1 Windows Web Configuration I nterface Chapter 4 Router Configuration Overview Status 4 2 1 ARP Table 4 2 2 Routing Table 4 2 3 Session Table 4 2 4 DHCP Table 4 3 4 4 4 2 5 IPSec Status 4 2 6 PPTP Status 4 2 7 Traffic Statistics 4 2 8 System Log 4 2 9 IPSec Log Quick Start 4 3 1 DHCP 4 3 2 Static IP 4 3 3 PPPoE 4 3 4 PPTP 4 3 5 Big Pond Configuration 4 4 1 LAN 4 4 1 1 Ethernet 4 4 1 2 DHCP Server 4 4 1 3 LAN Address Mapping 4 4 2 WAN 4 4 2 1 ISP Settings 4 4 2 1 1 DHCP 4 4 2 1 2 Static IP 4 4 2 1 3 PPPoE 4 4 2 1 4 PPTP 4 4 2 1 5 Big Pond 4 4 2 2 Bandwidth Settings 4 4 2 3 WAN IP Alias 4 4 3 Dual WAN 4 4 3 1 General Settings 4 4 3 2 Outbound Load Balance 4 4 3 3 Inbound Load Balance 4 4 3 4 Protocol Binding 4 4 4 System 4 4 4 1 Time Zone 4 4 4 2 Remote Access 4 4 4 3 Firmware Upgrade 4 4 4 4 Backup Restore 4 4 4 5 Restart 4 4 4 6 Password 4 4 4 7 System Log Server 4 5 4 6 5 1 5 2 4 4 5 4 4 6 4 4 7 4 4 8 4 4 9 4 4 4 8 Email Alert Firewall 4 4 5 1 Packet Filter 4 4 5 2 URL Filter 4 4 5 3 LAN MAC Filter 4 4 5 4 Block WAN Request 4 4 5 5 Intrusion Detection VPN 4 4 6 1 IPSec 4 4 6 1 1 IPSec Wizard 4 4 6 1 2 IPSec Policy 4 4 6 2 PPTP QoS Virtu
173. t the router s IP address to 192 168 1 254 Check to see if your browser had Java JavaScript or ActiveX enabled If you are using Internet Explorer click Refresh to ensure that the Java applet is loaded Try closing the browser and re launching it Make sure you are using the correct User Name and Password User Names and Passwords are case sensitive so make sure that CAPS LOCK is not on when entering this information Try clearing your browser s cache 1 With Internet Explorer click Tools gt Internet Options 2 Under the General tab click Delete Files 141 Internet Gptions 7 x General Security Privacy Content Connections Programs Advanced Home page You can change which page to use for your home page Address http Awww billion cam Use Current Use Default Use Blank Temporary Internet files A Fages you view on the Internet are stored in a special tolder for quick viewing later Delete Cookies Delete Files settings History The History folder contains links to pages you ve visited for quick 3 access to recently viewed pages Days to keep pages in history zo Clear History Colors Fonts Languages Accessibility ne y 3 Make sure that the Delete All Offline Content checkbox is checked and click OK Delete Files E x AN Delete all tiles in the Temporary Internet Files You can also delete all yo
174. te several of these applications without experiencing latency or service interruptions G 4 1 Home Users Low latency is everything for gamers Most home users feel frustrated when trying to play an online game over a shared ADSL connection Unfortunately most routers have no way of determining the importance of the packet at any given time All the traffic is treated equally so a packet containing an urgent command may be delayed QoS gives you the ability to control the bandwidth Using IP Throttling bandwidth limits can be enforced on a particular application or any system within the LAN Prioritization specifies which packets have priority and should not be delayed and which packets have lower priority and should be moved to the end of the upload queue Suppose there are four students sharing a three floor house with one single broadband connection Tom a college freshman is playing the online game with his group members while Mary a sophomore student is talking to her net pal via Skype Meanwhile Jacky is downloading a movie file by using the P2P application program Sophia however is just trying to log on to the website to send her photos to her family As a result the net speed slows to a crawl and affects everyone sharing the Internet connection QoS is designed for managing traffic flow and bandwidth to solve this problem You can first classify different applications online games FTP Skype email as shown in the table
175. th that is being used on your network H j H l ail a al gue B Ji a9 f ooo I Normal PCs A al L Reeeeecee ae eter eee a Restricted PC As illustrated in the diagram above applications such as Voiceover IP VoIP require 17 low network latencies to function properly If bandwidth is being used by other applications such as an FIP server users using VoIP will experience network lag and or service interruptions during use To avoid this scenario this network has assigned VoIP with a guaranteed bandwidth and higher priority to ensure smooth communications The FTP server on the other hand has been given a maximum bandwidth cap to make sure that regular service to both VoIP and normal Internet applications is uninterrupted 2 2 3 Guaranteed Maximum Bandwidth Setting a Guaranteed Bandwidth ensures that a particular service receives a minimum percentage of bandwidth For example you can configure BiGuard 30 to reserve 10 of the available bandwidth for a particular computer on the network to transfer files Alternatively you can set a Maximum Bandwidth to restrict a particular application to a fixed percentage of the total throughput Setting a Maximum Bandwidth of 20 for a file sharing program will ensure that no more than 20 of the available bandwidth will be used for file sharing Quality of Service
176. ting attacks from hackers Your router also acts as a natural Internet firewall when using Network Address Translation NAT as all PCs on your LAN will use private IP addresses that cannot be directly accessed from the Internet Please see the WAN configuration section for more details You can find five items under the Firewall section Packet Filter URL Filter LAN MAC Filter Block WAN Request and Intrusion Detection Firewall Packet Filter URL Filter LAN MAC Filter Block WWAN Request Intrusion Detection 4 4 5 1 Packet Filter 104 Packet Filter Packet Filter Table ID Enable Action Direction Src IP Dest IP Protocol Src Port Dest Port Status Quick Start Configuration LAN Create YAN Dual VY AN system Firewall Packet Filter URL Filter LAN MAC Filter Block WWAN Request Intrusion Detection YPN QoS Virtual Server Advanced save Config to Flash The Packet Filter function is used to limit user access to certain sites on the Internet or LAN The Filter Table displays all current filter rules If there is an entry in the Filter Table you can click Edit to modify the setting of this entry click Delete to remove this entry or click Move to change this entry s priority When the entry is upper the priority is higher To create a new filter rule click Create Packet Filter m Add Filtering Rules a k Start ID i eae Rule Enable C Disable Action When Matched Drop z ih Di
177. tion gt VPN gt PPTP and Enable the PPTP function Click _ o w J 7 T GU P ar a y BILION Status Quick Start Confi guration LAN WAN Dual WWAN System Firewall Virtual Server Advanced Save Confi g to Flash Step2 Click Create to create a PPTP Account Status Quick Start Configuration Advanced Save Config to Flash Step3 Click Apply you can see the account is successfully created 201 Powe ring communicohons with Security BILLION BiGuard 50 iBusiness Security Gateway SMB PPTP General Setting a PPTP function Enable Disable pane A Auth Type Pap or Chap Z Data Encryption Enable gt Encryption Key Length Auto gt Peer Encryption Mode Only Stateless gt IP Addresses Assigned to Peer Start from 192 169 30 200 Idle Timeout lo Min A Enebie data encryption will use MS CHAPy2 to authenticate the peer Apply Status Quick Start Account Setting ced Name Enable Type Peer Network Save Config to Flash WinXP v Remote Access eos Edit Delete Create Step4 Click Save Config to save all changes to flash memory Step5 In Windows XP go Start gt Settings gt Network Connections h g Disk Cleanup es Disk Defragmenter a Windows Update Programs Documents Control Panel Network Connections 23 Printers and Faxes me P Help and Support A Taskbar and Start Menu Run
178. tion and restart the device If you want to keep the current configuration please use Backup first to save current configuration Backup Restore Restart Restore Password system Log Server E Mail Alert Save Config to Flash This feature allows you to save and backup your router s current settings or restore a previously saved backup This is useful if you wish to experiment with different settings knowing that you have a backup handy It is advisable to backup your router s settings before making any significant changes to your router s configuration To backup your router s settings click Backup and select where to save the settings backup file You may also change the name of the file when saving if you wish to keep multiple backups Click OK to save the file 100 To restore a previously saved backup file click Browse You will be prompted to select a file from your PC to restore Be sure to only restore setting files that have been generated by the Backup function and that were created when using the same firmware version Settings files saved to your PC should not be manually edited in any way After selecting the settings file you wish to use clicking Restore will load those settings into the router 4 4 4 5 Restart Restart After restarting Please wait for several seconds to let the system restart Status Quick Start Current Settings Configuration Restart Router with LAN WAN Restart
179. traffic of both WAN ports routed through the same ISP 3 Determine your network management approach BiGuard 30 is capable of remote management However this feature is not active by default If you reset the device remote administration must be enabled again If you decide to manage your network remotely be sure to change the default 33 password for security reason 4 Prepare to physically connect BiGuard 30 to Cable or DSL modems and a computer Be sure to also review the Safety Warnings located in the preface of this manual before working with your BiGuard 30 3 3 Connecting Your Router Connecting BiGuard 30 is an easy three step process 1 Connect BiGuard 30 to your LAN by connecting Ethernet cables from your networked PCs to the LAN ports on the router Connect BiGuard 30 to your broadband Internet connection via router s WAN port Cp s wT ee 2 Plug BiGuard 30 to an AC outlet with the included AC Power Adapter m ed e ee Ee ee Ee Eed LLP 3 Ensure that the Power and WAN LEDs are solidly lit and that on any LAN port that has an Ethernet cable plugged in the LED is also solidly lit The Status LED will remain solid as the device boots Once the boot sequence is complete the LED will shut off indicating that BiGuard 30 is ready If the router does not power on please refer to Chapter 5 Troubleshooting for possible solutions 34 3 4 Configuring PCs for TCP IP Networking Now that your BiGuard
180. trative Tools Internet Explorer Lal Outlook Express Settings RaidenFTPo Search x Help RUM Shuk Down i Start 2 In the Command Prompt window type ipconfig and then press ENTER e Command Pi ompt Ioj x Microsoft Windows 2606 Version 5 06 2195 CG Copyright 1985 2666 Microsoft Corp C2 Documents and Settings Administrator gt ipconf ig If you are using BiGuard 30 s default settings your PC should have An IP address between 192 168 1 1 and 192 168 1 253 A subnet mask of 255 255 255 0 47 t Command Prompt Microsoft Windows 2660 Version 5 00 2195 C Copyright 1985 2606 Microsoft Corp G Documents and Settings Administrator ipconfig Windows 2666 IF Configuration Ethernet adapter Local Area Connection Connection specific DHE Suffix IP Address 192 168 1 188 Subnet Mask a 255 255 255 868 Default Gateway a a a n n 192 168 1 254 C Documents and Settings Administrator 3 4 4 Windows 98 Me 3 4 4 1 Installing Components To prepare Windows 98 Me PCs for TCP IP networking you may need to manually install TCP IP on each PC To do this follow the steps below Be sure to have your Windows CD handy as you may need to insert it during the installation process 1 On the Windows taskbar select Start gt Settings gt Control Panel z5 My Documents Connect to the Internet Sal on et Metwork Explorer
181. ur offline content stored locally res 4 Click OK under Internet Options to close the dialogue In Windows type arp d at the command prompt to clear you computer s ARP table 142 5 2 3 1 Pop up Windows To use the Web Configuration Interface you need to disable pop up blocking You can either disable pop up blocking which is enabled by default in Windows XP Service Pack 2 or create an exception for your BiGuard 30 s IP address Disabling All Pop ups In Internet Explorer select Tools gt Pop up Blocker and select Turn Off Pop up Blocker You can also check if pop up blocking is disabled in the Pop up Blocker section in the Privacy tab of the Internet Options dialogue 1 In Internet Explorer select Tools gt Internet Options 2 Under the Privacy tab clear the Block pop ups checkbox and click Apply to Save your changes Enabling Pop up Blockers with Exceptions If you only want to allow pop up windows with your BiGuard 30 1 In Internet Explorer select Tools gt Internet Options 2 Under the Privacy tab click Settings to open the Pop up Blocker Settings dialogue 3 Enter the IP address of your router 4 Click Add to add the IP address to the list of Allowed sites 5 Click Close to return to the Privacy tab of the Internet Options dialogue 6 Click Apply to save your changes 5 2 3 2 Javascripts If the Web Configuration Interface is not displaying properly in your browser check t
182. urity Gateway SMB General Setting Dual WAN Mode Mode Load Balance Fail Over WAN Port Service Detection Policy Service Detection for load balance Enable Disable Inbound Load Balance Protocol Binding system Firewall VPN Qos Virtual Server Advanced Save Config to Flash Apply Connectivity Decision n in service when probing failed after B consecutive imes Probe Cycle Every Bo seconds Probe WANT Ly robe C Host i i fo fo Probe WAN2 A a robe Host i p fo fo Failback to WAN when Siena possible l for failover Disable Step 3 Go to Configuration gt Dual WAN gt Outbound Load Balance Choose your load balance policy and click Apply to apply your changes If you selected Based on session mechanism as your policy the source IP address and destination IP address may go through WAN1 or WAN2 depending on policy settings If you selected Based on IP hash mechanism as your policy the source IP address and destination IP address will go through a specific WAN port according to the IP hash algorithm Y ano Status Quick Start Configuration LAN WAN Dual WAN General Setting Outbound Load Balance Inbound Load Balance Protocol Binding system Firewall VPN QoS Virtual Server Advanced Save Config to Flash BiGuard 50 jsusiness Security Gateway SMB Dual Wan Outbound Load Balance Based on session mechanism Load Balance Policy Based on IP address hash mechanism App
183. ustrations from Windows XP However other versions of Windows will follow a similar procedure Have your Windows CD handy as it may be required during the configuration process 1 Select Start gt Settings gt Control Panel Fa f gt 2 DEYE S a My Network Places r Internet Explorer Set Program Access and Defaults es Windows Catalog W windows Update A Programs x 2 Documents Settings 5 h R Network Connections earc gt Printers and Faxes O J Help and Support Cc Taskbar and Start Menu A Run BP Log Off Benno Hong Windows XP Professional Turn OFf Computer T PChome Online Micr 2 Double click the Network icon 61 E Control Panel File Edit Tools Help Fa Search Key Folders Gi view Favorites ax v Eco Address ie Control Panel 4C3 Filter va Control Panel a gt Switch to Category view See Also Options w YW Display Folder Options Windows Update Help and Support Phone and Power Options Printersand Regionaland Scanners and Modem Sounds and Audio Devices Sound Effect Manager 3 In the Network Connections window right click Local Area Connection and select Properties File Edit view Favorites Tools Advanced Help amp uO Search E gt Folders Ei Accessibility Add Hardware Bb a B amp B P Add or Administrative Automatic Date and Time Remoy
184. ware can then correctly determine the addresses host section With this structure IP addresses can uniquely identify each network and node D 1 1 1 Net mask With each address class the size of the two subdivided parts network address and host address is implied by the class A net mask associated with an IP address can also express this partitioning A net mask 32 bit quantity yields the network address when combined with an IP address As an example the net masks for Class A B and C are 255 0 0 0 255 255 0 0 and 255 255 255 0 respectively Instead of dotted decimal notation the net mask can also be written in terms of the number of ones from the left This number is added to the IP address following a 153 back slash For example a typical Class C address could be written as 192 168 234 245 24 which means that the net mask is 24 ones followed by 8 zeros 11111111 11111111 11111111 00000000 D 1 1 2 Subnet Addressing Subnet addressing enables the split of one IP network address into multiple physical networks These smaller networks are called subnetworks and these subnetworks can make efficient use of each address when compared to needing a different network number at each end of a routed link This technique is especially useful in smaller network environments such as small office LANs A Class B address provides 16 bits of node numbers which enable 65 536 nodes Since most organizations don t require such
185. work Protocols SPS SP amp compatible Protocol a Microsoft 32 bit DLC Microsoft DLC af NetBEUI TWAN support for 47M hd Have Disk area If you need Client for Microsoft Networks a Click Add Hetwork rd EA Configuration Identification Acess Contral The following network components are installed Primar Network Logon Microsoft Family Logon r Eile and Print Sharing Description Cancel 52 b Select Client then click Add Select Network Component Type Fl x Click the type of network component you want to mstall Add Cancel 4 clent enables pour computer to connect to other Computers c Select Microsoft gt Client for Microsoft Networks and then click OK Select Network Chent E4 Click the Metwork Client that you want to install then click OF IF you have oe an installation disk for this device click Have Disk Manufacturers Network Clients G Client for Microsoft Networks m Chent for Metws are Networks m Microsoft Family Logon Have Disk Cancel 3 Restart your PC to apply your changes 3 4 4 2 Configuring 1 Select Start gt Settings gt Control Panel Windows Update Programs Favorites Documents i etnias Control Panel Printers Find Taskbar amp Start Menu Folder Options SEE Dae Ue c iwe Deskto 9 A P 2 Run windows Update E Log Off Mull Shut Crown stat A
186. y D dyndns org el i s Secure Tunnel L___ secure Tune BiGuard Client VPN provides a flexible cost efficient and reliable way for companies of all sizes to stay connected One of the most important steps in setting up a VPN is proper 30 planning The following sections demonstrate the various ways of using BiGuard 30 to setup your VPN 2 6 2 VPN Planning Fail Over Configuring your VPN with Fail Over allows BiGuard 30 to automatically default to WAN2 should WAN1 fail EEE iguard billion co 192 168 3 x 192 168 2 x gt 200 200 200 1 q A e aii Before Fail Over 192 168 3 x 192 168 2 x j CE 200 200 200 1 T C gt BiGuard30 BiGuard10 After Fail Over Because the dynamic domain name biguard billion com is configured for both WAN1 and WAN2 the active WAN port will announce the domain name through the WAN IP address The remote gateway will then be able to connect to the VPN through the domain name In this Gateway to Gateway example BiGuard 30 is communicating to a remote gateway using WAN1 through a secure VPN tunnel Should WAN1 fail outbound traffic from BiGuard 30 will automatically be redirected to WAN2 This process is completely transparent to the remote gateway as BiGuard 30 will automatically update the domain name biguard billion com with the WAN2 IP address Configuring a Gateway to Multiple Gateway setup with Fail Over is similar as shown below
187. y ts security settings ee nadie 4 23 Font download O Disable nemet Localintranet Trustedsites Restricted Enable sites O Prompt Microsoft YM insana A B Java permissions This zone contains all Web sites you Stns O Custom soll a re Disable Java High safety Low safety O Medium safety Custom PE E PESA Custom settings To change the settings click Custom Level To use the recommended settings click Default Level Reset custom settings Reset to Medium 7 Reset Custom Level Defauk Level Cancel r Securty level for this zone 3 Under Microsoft VM make sure that a safety level for J ava permissions is selected 144 4 Click OK to close the dialogue NOTE If Java from Sun Microsystems is installed scroll down to Java Sun and ensure that the checkbox is filled 5 3 WAN Interface If you are having problems with the WAN Interface refer to the tips below 5 3 1 Can t Get WAN IP Address from the ISP If the WAN IP address cannot be obtained from the ISP If you are using PPPoE or PPTP encapsulation you will need a user name and password Ensure that you have entered the correct Service Type User Name and Password Note that user names and passwords are case sensitive If your ISP requires MAC address authentication clone the MAC address from your PC on the LAN as BiGuard 30 s WAN MAC address If your ISP requires host name authentication configure your PC
Download Pdf Manuals
Related Search