here
Contents
1. 52 7 Click OK to save your changes Local Area Connection Properties General Authentication Advanced Connect using Eg NVIDIA nForce Networking Controller This connection uses the following items e Clent tor Microsott Networks ial File and Printer Sharing for Microsott Networks Jl GoS Packet Scheduler Internet Protocal TCPYIP instal He Description Transmission Control Protocol lnternet Protocol The default Wide area network protocol that provides cornmunication across diverse interconnected netwarks Show icon in notification area when connected 3 7 Web Configuration Interface BiGuard 2 10 includes a Web Configuration Interface for easy administration via virtually any browser on your network To access this interface open your web browser enter the IP address of your router which by default is 192 168 1 254 and click Go A user name and password window prompt will appear Enter your user name and password the default user name and password are admin and admin to access the Web Configuration Interface Enter Network Password E i P x J Please type your user name and passwd Site 192 166 1 254 Fi ealm WebAdmin User Name admin Password E Save this password in your password list 53 Status Qu2. C Use the following DNS server addresses 4b To manually assign your PC a fixed IP address select the Use the following IP address radio button and enter your desired IP address subnet mask and default gateway in the blanks provided Remember that your PC must reside in the same subnet mask as the router To designate a DNS server select the Use the following DNS server and fill in the preferred DNS address Internet Protocol TCP IP Properties teem General Tou can get IF settings assigned automatically if your network supports this capability Othenvise you need to ask your network administrator for the appropriate IP settings Obtain an IP address automatically Use the following IP address rae ECR SEE Subnet mask Default gateway Use the following DNS server addresses Preferred ONS server 132 S Alternate DNS server 5 Click OK to finish the configuration 29 3 4 2 2 Verifying Settings To verify your settings using a command prompt 1 Click Start gt Programs gt Accessories gt Command Prompt in z e ah nse a pary w a Command Prompt Microsoft Windows AF UJersion 5 1 2608 G gt Copyright 1985 2081 Microsoft Corp C 5 Documents and Settings Benno Hong sipconf ig If you are using BiGuard 2 10 s default settings your PC should have
3. en Virbae Preate Hebar M ES aar jki hesi q E i Demie a Si BUA Bra PTF 3 a ard r Save in BAR rame mii pinion fer Hee kring LTT Fai Eke ii Aare he aa a porrie reece Cmca Ppeti eo PS You can also refer the Properties gt Security page as below by default DF RNE mere eoma Sly heng Adee 4 Type eral ees EARE Tay Sey EE TSAN Rigin aeri pre Apae ikk my gta eS BG Se rey i keam rame irii A Flue CL eee a E re 164 H 5 PPTP Remote Access by BiGuard Internet Branch Office p 4 Headquarter 200 200 200 1 100 100 100 1 Internet I BiGuard amp PPTP Server a Local subnet 192 168 30 0 Local mask 255 255 255 0 BiGuard amp PPTP Client Step1 Go to Configuration gt VPN gt PPTP and Enable the PPTP function Disable the Encryption then Click Apply Status Quick Siar Conhguration Pap or Chap Stat fom 122 168 1500 lo Min lh Fnabi daa encryption vA ase ME CHAPY i0 ubenkicaie the poor Account Seting Name Enable ype Pear Network Crate O all i Step2 Click Create to create a PPTP Account 165 PPTP Add PPTP Account Commection Mame FaGuardiO Tune nabe Disable Usemame et Password a Retype Passeord ewes Connection Type emote Access LAN ta LAN Pees Ntwenk IP he ha m ho Peer Natmash pa 25 soo boo Netbios Broadcast C nabe Disable Apply SA
4. 100 57 Internet 133 I 71 246 194 83 186 141 Transport Mode This mode is used to provide data security between two networks It provides protection for the entire IP packet and is sent by adding an outer IP header corresponding to the two tunnel end points Since tunnel mode hides the original IP header it provides security of the networks with private IP address space Ly a E x ii b ise e edly 193 61 71 246 it a 194 83 103 186 OCOC E 2 3 Tunnel Mode AH AH is typically applied to a data packet in the following manner Original Packet Packet with PSec Authentication Header Authenticatede E 2 4 Tunnel Mode ESP Here is an example of a packet with ESP applied Original Packet Packet with IPSec encapsulation Security Paes i encrypted Authenticated 142 E 2 5 Internet Key Exchange IKE Before either AH or ESP can be used it is necessary for the two communication devices to exchange a secret key that the security protocols themselves will use To do this IPSec uses Internet Key Exchange IKE as a primary support protocol IKE facilitates and automates the SA setup and exchanges keys between parties transferring data Using keys ensures that only the sender and receiver of a message can access it These keys need to be re created or refreshed frequently so that the parties can communicate securely with each other Refreshing keys on a regular basis ensures data
5. An IP address between 192 168 1 1 and 192 168 1 253 A subnet mask of 255 255 255 0 Command Prompt Microsoft Windows KP Version 5 1 2600 G gt Copyright 1985 2081 Microsoft Corp C o Documents and Settings Benno Hong gt ipconf ig Mindows IP Configuration Ethernet adapter Local Area Connection Connection specific DNS Suffix IP Address w 192 168 1 188 Subnet Mask a a a n n ws we ew 255 255 255 6 Default Gateway anan 192 168 1 254 C2 Documents and Settings Benno Hong 30 To verify your settings using the Windows XP GUI 1 Click Start gt Settings gt Network Connections i i 5l i a roi Set Program fone and et als wes a i D Wiiredowes Cog a Windoves Updabe FProyens I 2 Domenis I eee DG Corni Pare kn 5 l Sead I HA Ea Printers and Fags Help and Support Pe Taia and Start Menu y Pun 5 P Log iF Benno Horg lal Turn CFF Computer y E a oS ra a 2 Right click one of the network connections listed and select Status from the pop up menu E aL tee eT ia Fle G Wee faote Took Advanced ite Ga po eh gh ois ii A etwork Comicon F E og LAS ar biieh Speed nbernet u i n i LA n i jj aj z aun danara 1 A at s bridge Comectons a Si pip Shortcut ja Dai a Fi diiri Lote Aree Caie LEN te Heyr Sheed Deere 31 3 Click the Support tab Local Area Connection S
6. HEA A 126 Appendix A Product Specifications A 1 BiGuard 10 Product Specifications BILLION Virtual Private Network IPSec VPN supports up to 10 IPSec tunnels IPSec VPN performance is up to 20 Mbps PPTP VPN support up to 4 PPTP tunnels PPTP VPN performance is up to 10 Mbps Manual key Internet Key Exchange IKE authentication and Key Management Authentication MD5 SHA 1 DES 3DES encryption AES 128 192 256 encryption IP Authentication Header AH IP Encapsulating Security Payload ESP Dynamic VPN FQDN support Supports remote access and office to office IPSec Connections Firewall Stateful Packet Inspection SPI and Denial of Service DoS prevention Packet filter un permitted inbound WAN Inbound LAN Internet access by IP address port number and packet type Email alert and logs of attack Intrusion detection Content Filtering URL Filter settings prevent user access to certain sites on the Internet Java Applet Active X Cookie Blocking 127 Quality of Service Control Supports DiffServ approach Traffic prioritization and bandwidth management based on IP protocol port number and IP or MAC address Web Based Management Easy to use WEB interface Firmware upgradeable via WEB interface Local and remote management via HTTP amp HTTPS Network Protocols and Features Web Diagnostics System Logs PPPoE PPTP Big Pond and DHCP client co
7. fo fo fo fo PPTP QoS Main Mode Aggressive Mode Manual Key Virtual Server ESP AH Advanced 3DES S Save Config to Flash M5 Enabled Disabled f 2345678 28800 Seconds 3600 Seconds C Enabled Disabled Annlw bi SAVE CONFIG RESTART Kolcielthi l A Step 5 Click Save Config to save all changes to flash memory H 3 Intrusion Detection Mie BiGuard Safe DoS Attack _ aj m Il Server Safer Intrusion Detection on B DoS Attack Internet bs tuck aback wad Detected Dropped DoS Attack 157 Step 1 Go to Configuration gt Firewall gt Intrusion Detection and Enable the settings Statue Quack Sian Conficuration Pecket Filter URL Filter LAN MAC Fiter Glock WAN Request Inman Deerin Ma T H Virtual Server Arhearmned save Conhy to Flesh E cour Step 2 Click Apply and then Save Config to save all changes to flash memory H 4 PPTP Remote Access by Windows XP Business Trip Windows XP Aa l PPTP Client E internet Guia I BiGuard amp PPTP Server Local subnet 192 168 30 0 Local mask 255 255 255 0 158 Step1 Go to Configuration gt VPN gt PPTP and Enable the PPTP function Click Apply Steabus Duik Sian Conhcuratimn Bantai Settings Sy s em Firewall PH IPSec Sec Wiad Sec Policy Lonhcuratin Save Conhy to Flesh ft LAN to LAR abe Disable lemete
8. star A E a BAA 3 15PM 42 2 In the Control Panel double click Network and choose the Configuration tab EJ Control Panel meiraipel a Control Panel AY ra Add Mew Add Remove Date Time Desktop Display Fonts Game Hardware Programs Themes Controllers Control Panel Gj Q f Network NVIDIA niew Confiqures network hardware Internet Keyboard Moderns Mouse Multimedia and software Options Desktop Ma Microsoft Home 2 J ES Q Technical Support ODBC Data Passwords Power Printers Regional Sound Effect Sounds Sources 32bit Management Settings Manager e E Telephony Users Network Client for Microsoft Networks Microsoft Family Logon ADSL Company ADSL USE Modem A ASUSTek Broadcom 440 10 100 Integrated Controller Dial Up Adapter Soe Ties Microsoft Family Logon A3 POwoENG communicator with 4 Secu rity 3 Select the name of your PC s TCP IP Network Interface Card NIC and click Properties TCP IP gt ASUSTek is illustrated in the example below Network Ei Configuration Identification Access Control The following network components are installed af ASUSTeK Broadcom 440 10 1700 Integrated Controller af Dial Up Adapter TCPIP gt ADSL Company ADSL USB Modern 2 TCPVIP gt ASUSTeK Broadcom 440 10 100 Integrated TCP IP gt Dial Up Adapter Remove Properties Frima Network Logon Microsoft Family Log
9. Contact Billion Worldwide http www billion com ibs cin Femi ij licen ae ees ae ieee bel eel Pe alajn E b p iee ji e S ees Oo eee Gree Gree So epee ajj En ome pier corey crt tee pe ine AHLIDA T i Fipa ket eee j Peder Eee j fee Fme Eart i Li Mke ae La Contact Us i oa 1 Pee een ew pea oe edie tere ee oe ee oe i ei ee a i Ep ee eee eee hee ee eee eed eee ee ee ee a nye Alege s oe ed hire mi jaiii pid pi a jm a ai i ei 1 Fe pull iira pee eee ee eee pre het Pp ere as ee bee ee ed Sema ieee tor BY TEESE wena a el a ee eS et a ee a aT Pe o MLL n Genoa fer eye CE gt Wii e in They j Ci mui for rinin z H 131 Appendix C FCC Interference Statement This device complies with Part 15 of FCC rules Operation is subject to the following two conditions This device may not cause harmful interference This device must accept any interference received including interference that may cause undesired operations This equipment has been tested and found to comply within the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a commercial environment If this equipment does cause harmful interference to radio television reception which can be determined by turning the equipment off and on the user is encou
10. Max ISP Bandwidth The maximum bandwidth afforded by the ISP for WAN s inbound traffic Creating a New QoS Rule To get started using QoS you will need to establish QoS rules These rules tell the BiGuard 2 10 how to handle both incoming and outgoing traffic The following example shows you how to configure WAN Outbound QoS Configuring the other traffic types follows the same process To make a new rule click Rule Table This will bring you to the Rule Table which displays the rules currently in effect 105 r d EE Next click Create to open the QoS Rule Configuration window n Quality of Service Add QoS Rule Quick Start efe WANs Guaranteed k a Maximum fo Bandwidth Settings Priority 5 N D Gemma gy aE ormal System S _ DSCP Marking Disable z Firewall Address Type IP Address MAC Address Source IP Address Range From 0 0 0 0 To 255 255 255 255 ae Destination IP Address Range From 0 0 0 0 To 255 255 255 255 Any Advanced a Source Port Range Helper From To 25535 Destination Port Range Helper From From To 65535 Apply SAVE CONFIG RESTART Eolcielthi zil i Application User defined application name for the current rule Packet Type The type of packet this rule applies to Choose from Any TCP UDP or I CMP Guaranteed The guaranteed amount of bandwidth for this rule as a percentage Maximum The maximum amount of bandwidth for this rule a
11. Perched Filler UPIL Filter LAN MAC Filter Black WAN Request Intnasaon Deerin WPN Rule Enable or disable this entry Action When Matched Select to Drop or Forward the packet specified in this filter entry MAC Address The MAC Address you would like to apply Candidates You can also select the Candidates which are referred from the ARP table for automatic input 4 4 5 4 Block WAN Request Block WAN Request Status Enable for preventing any ping test fram Internet such as hacker attack Quick Start afta Block WAN Re paes Enchle C Disable Coniguraion LAH Apply WATA RJ Eandewidih Settings 5 FS fem Fiore Packet Filter UEL Filter LAN MAC Fiker Elak WAH Reguesi labusion Deiecbon Save Canig to Flash Blocking WAN requests is one way to prevent DDoS attacks by preventing ping requests from the Internet Use this menu to enable or disable function 91 4 4 5 5 Intrusion Detection Intrusion Detection Enable tor preweating hacker attack from Internet infrusion Detection nable Disable intrusion Log C Enable Disable Apply Pecket Filter UPL Filter LAN WAC Fiter Block WAH Request Ininasion Decean Save Conhiy io Flee SAVE CONFIG 4 LOGOUT Intrusion Detection can prevent most common DoS attacks from the Internet or from LAN users Intrusion Detection Enable or disable this function Intrusion Log All the detected and dropped attacks will be shown in the system
12. 2 Click SAVE CONFIG to save the current settings permanently to the device 3 Click RESTART to restart the device There are two options to restart the device Select Current Settings if would like to restart using the current configuration Select Factory Default Settings if you would like to restart using the factory default configuration 55 4 To exit the router s web interface click LOGOUT Please ensure that you have Saved your configuration settings before you logout Be aware that the router is restricted to only one PC accessing the web configuration interface at a time Once a PC has logged into the web interface other PCs cannot gain access until the current PC has logged out If the previous PC forgets to logout the second PC can access the page after a user defined period 5 minutes by default The following sections will show you how to configure your router using the Web Configuration Interface 4 2 Status The Status menu displays the various options that have been selected and a number of statistics about your BiGuard 2 10 In this menu you will find the following sections ARP Table Routing Table Session Table DHCP Table IPSec Status PPTP Status System Log IPSec Log Status Quick Start Configuration Save Config to Flash Status Device Information Device Name System Up Time Current Time Private LAN Mac Address Public WAN Mac Address Firmwa
13. BiGuard 2 10 includes a full Stateful Packet Inspection SPI firewall for controlling Internet access from your LAN and preventing attacks from hackers Your router also acts as a natural Internet firewall when using Network Address Translation NAT as all PCs on your LAN will use private IP addresses that cannot be directly accessed from the Internet Please see the WAN configuration section for more details Status Stat i Device Information Quick Start Device Name Configuration System Up Time LAN W A N Current Time Private LAN Mac Address Public WAN Mac Address Bandwidth Settings System r ee Firmware Version Firewall Home URL Packet Filter LAN URL Filter edness LAN MAC Filter Netmask Block WAN Request DHCP Serer Intrusion Detection WAN VPN 5 Connection Method QoS i IP Address Virtual Server Netmask Advanced Gateway Save Config to Flash DNS Up Time Refresh BiGuard10 0 0 3 24 day hour min sec Mon Aug 1 05 03 12 2005 00 11 73 24 45 11 00 11 73 24 45 00 1 03 Billion Electric Co Ltd Sync Now 192 168 1 254 255 255 255 0 Enabled Connect by DHCP not connected Release Renew You can find three items under the Firewall section Packet Filter URL Filter and Block WAN Request 4 4 5 1 Packet Filter Packet Filter Packet Filter Table Status Quick Start Coniguraion LAH Created YAN Randeidih Settings System EE Facket Filter UNL Filter
14. IP Range The IP Range of the Local network Single Address The IP address of the local host Remote This section configures the remote host Secure Gateway Address or Domain Name The IP address or hostname of the remote VPN device that is connected and establishes a VPN tunnel ID The identity type of the local host Choose from the following three options Remote IP Address Automatically use the remote gateway Address as ID with ID type IP Address IP Address Use an IP address format FQDN DNS Fully Qualified Domain Name Consists of a hostname and domain name For example WWW VPN COM is a FQDN WWW is the host name VPN COM is the domain name When you enter the FQDN of the local host the router will automatically seek the IP address of the FQDN FQUN E Mail Fully Qualified User Name Consists of a username and its domain name For example user vpn com is a FQUN user is the username and ypn com is the domain name 100 Data Enter the ID data using the specific ID type Network Set the subnet IP Range single address or gateway address of the remote network Subnet The subnet of the remote network Selecting this option allows you to enter an IP address and netmask IP Range The IP Range of the remote network Single Address The IP address of the remote host Gateway Address The gateway address of the remote host Proposal Secure Association SA SA is a method of establishing a security policy be
15. LAH MAT Fifer Blerk WAH Reguesi irusion Deiechun VEN Oe wire Adanced Save Cong ta Flash ID Ematle Acton ODeectior Se IP Dest IP Protec Sre Pot Dest Fort 85 The Packet Filter function is used to limit user access to certain sites on the Internet or LAN The Filter Table displays all current filter rules If there is an entry in the Filter Table you can click Edit to modify the setting of this entry or click Delete to remove this entry or click Move to change this entry s priority When the entry is upper the priority is higher To create a new filter rule click Create Packet Filter eee Add Filtering Rules au aaa iD eae e e Pule Enable C Disable is Alin Wien btaiched Dinag caine Settings lt p rd D i TE po Ci Source P Any EWPAdess h 6 p p BELE as 5 a i diene Filter ay rer bl bl bd 5 oe Las Destination E Any EmPAness E pP kko LAN MAC Fitter waaay i I 5 Bihar kc WAH Request a ane any a labrusion Deiecbon Source Parl ange Heber O a WEI Destination Pod Range Helpar iO ESH ot Le Virtual Serrar Acgvanced Save Config to Flash ID This is an identify that allows you to move the rule by before or after an ID Rule Enable or Disable this entry Action When Matched Select to Drop or Forward the packet specified in this filter entry Direction Incoming Packet Filter rules prevent unauthorized computers or applications accessing your local net
16. PPTP Client IP Enter the PPTP Client IP provided by your ISP PPTP Client IP Netmask Enter the PPTP Client IP Netmask provided by your ISP PPTP Client IP Gateway Enter the PPTP Client IP Gateway provided by your ISP PPTP Server IP Enter the PPTP Server IP provided by your ISP Connection Select whether the connection should Always Connect or Trigger on Demand If you want the router to establish a PPTP session when starting up and to automatically re establish the PPTP session when disconnected by the ISP select Always Connect If you want to establish a PPTP session only when there is a packet requesting access to the Internet i e when a program on your computer attempts to access the Internet select Trigger on Demand Idle Time Auto disconnect the router when there is no activity on the line for a predetermined period of time Select the idle time from the drop down menu Active if Trigger on Demand is selected Click Apply to save your changes To reset to defaults click Reset 68 4 3 5 Big Pond Quick Start WAN Big Pond Connection hielhod Fag Pond settings i 1 Quick Start Conbguraiion Usemame Save Cong to Flach Password Retype Passa rd Login Sewer Username Enter your user name Password Enter your password Retype Password Retype your password Login Server Enter the IP of the Login server provided by your ISP Click Apply to save your changes To reset to defaults click Rese
17. The following chapter takes you through the very first steps to configuring your network for BiGuard 2 10 Take a look and see how easy it is to get your network up and running 3 2 Before You Begin BiGuard 2 10 is a flexible and powerful networking device To simplify the configuration process and increase the efficiency of your network consider the following items before setting up your network for the first time 1 Plan your network You may need a fully qualified domain name either for convenience or if you have a dynamic IP address See Chapter 2 Router Applications for more information 2 Set up your accounts Have access to the Internet and locate the Internet Service Provider ISP configuration information 3 Determine your network management approach BiGuard 2 10 is capable of remote management However this feature is not active by default If you reset the device remote administration must be enabled again If you decide to manage your network remotely be sure to change the default password to something more secure 4 Prepare to physically connect BiGuard 2 10 to Cable or DSL modems and a computer 24 Be sure to also review the Safety Warnings located in the preface of this manual before working with your BiGuard 2 10 3 3 Connecting Your Router Connecting BiGuard 2 10 is an easy three step process 1 Connect BiGuard 2 10 to your LAN by connecting Ethernet cables from your networked PCs to the
18. possible TCP IP software identifies each address class by reading a unique bit pattern that precedes each address type Once the address class has been recognized the software can then correctly determine the addresses host section With this structure IP addresses can uniquely identify each network and node D 1 1 1 Netmask With each address class the size of the two subdivided parts network address and host address is implied by the class A net mask associated with an IP address can also express this partitioning A net mask 32 bit quantity yields the network address when combined with an IP address As an example the net masks for Class A B and C are 255 0 0 0 255 255 0 0 and 255 255 255 0 respectively Instead of dotted decimal notation the net mask can also be written in terms of the number of ones from the left This number is added to the IP address following a back slash For example a typical Class C address could be written as 133 192 168 234 245 24 which means that the net mask is 24 ones followed by 8 zeros 11111111 11111111 11111111 00000000 D 1 1 2 Subnet Addressing Subnet addressing enables the split of one IP network address into multiple physical networks These smaller networks are called subnetworks and these subnetworks can make efficient use of each address when compared to needing a different network number at each end of a routed link This technique is especially useful in smaller
19. 1 3 1 1 Front Panel BIT RHA aii BiGuard 0 a ct E a i eel J a aa 7 LED Power A solid light indicates a steady connection to a power source Status A blinking light indicates the device is writing to flash memory Lit when connected to an Ethernet device 10 100M Lit green when connected at 100Mbps Not lit when connected at 10Mbps 11 Link ACT Lit when device is connected Blinking when data is transmitting receiving Lit when connected to an Ethernet device 10 100M Lit green when connected at 100Mbps Not lit when connected at 10Mbps Link ACT Lit when device is connected Blinking when data is transmitting receiving 1 3 1 2 Rear Panel After the device is powered on press it to reset the device or restore to factory default settings 0 3 seconds The Status LED will light 6 seconds above restore to factory default settings this is used when you cannot login to the router E g forgot the password 1X 8X Connect a UTP Ethernet cable Cat 5 or Cat 5e to one of the eight LAN ports RJ 45 connector when connecting to a PC or an office home network of LOMbps or 100Mbps WAN 10 100M Ethernet port with auto crossover support connect xDSL Cable modem here Za DC12V Connect DC power adapter here DC12V Power 12 1 3 1 3 Rack Mounting To rack mount BiGuard 10 carefully secure the device to your rack on both sides using the included brackets and screws See the
20. 10 and the computers are on the same subnet 5 2 3 Can t Access Web Configuration I nterface If you are having trouble accessing BiGuard 2 10 s Web Configuration Interface from a PC connected to the network Check the connection between the PC and the router Make sure your PC s IP address is on the same subnet as the router If your BiGuard 2 10 s IP address has changed and you don t know the current IP address reset the router to factory defaults by holding the Reset button on the back of your router for 6 seconds This will reset the router s IP address to 192 168 1 254 Check to see if your browser had Java JavaScript or ActiveX enabled If you are using Internet Explorer click Refresh to ensure that the Java applet is loaded Try closing the browser and re launching it Make sure you are using the correct User Name and Password User Names and Passwords are case sensitive so make sure that CAPS LOCK is not on when entering this information Try clearing your browser s cache 1 With Internet Explorer click Tools gt Internet Options 2 Under the General tab click Delete Files 120 Internet Gptions Ee General Security Privacy Content Connections Programs Advanced Home page ou can change which page to use for your home page Address htta Avww billion com se Current Use Default se Blank Temporary Internet files Pages you view on the Internet are stored
21. 78 4 4 4 1 Time Zone Time Zone rare sansa fiat cal Tse Boos H IGMTOF 00 Mountain Time US Canadal WIP Seram iP tddrece boos Daylight aers I Automate Ati BiGuard 2 10 does not use an onboard real time clock instead it uses the Network Time Protocol NTP to acquire the current time from an NTP server outside your network Simply choose your local time zone enter NTP Server IP Address and click Apply After connecting to the Internet BiGuard 2 10 will retrieve the correct local time from the NTP server you have specified Your ISP may provide an NTP server for you to use To have BiGuard 2 10 automatically adjust for Daylight Savings Time check the Automatic checkbox 4 4 4 2 Remote Access n Remote Access Status ai You may permit remote administration of this network device HTTPS Quick Start enuresis Remote Access Control C Enable Disable Configuration PT Allow R A s By Everyone Change default password AN ow Remote Acces an Only This PC fo o o fo Bandwidth Settings Apply System Time Zone Remote Access Firmware Upgrade Pai Backup Restore Restart Password System Log Server E Mail Alert Firewall Virtual Server Advanced Save Config to Flash 79 To allow remote users to configure and manage BiGuard 2 10 through the Internet select the Enable radio button To deactivate remote access select the Disable radio button This function also ena
22. A STE me F a or y elanikonna inaa r ey perg oe ee ne ia Gerr mAr jamn Tha core ori a ee ee pea Go eae Weil Pid Diii ert 3 Under Microsoft VM make sure that a safety level for Java permissions is selected 4 Click OK to close the dialogue NOTE If Java from Sun Microsystems is installed scroll down to Java Sun and ensure that the checkbox is filled 123 5 3 WAN Interface If you are having problems with the WAN Interface refer to the tips below 5 3 1 Can t Get WAN IP Address from the ISP If the WAN IP address cannot be obtained from the ISP If you are using PPPoE or PPTP you will need a user name and password Ensure that you have entered the correct Service Type User Name and Password Note that user names and passwords are case sensitive If your ISP requires MAC address authentication clone the MAC address from your PC on the LAN as BiGuard 2 10 s WAN MAC address If your ISP requires host name authentication configure your PC s name as BiGuard 2 10 s system name 5 4 ISP Connection Unless you have been assigned a static IP address by your ISP your BiGuard 2 10 will need to request an IP address from the ISP in order to access the Internet If your BiGuard 2 10 is unable to access the Internet first determine if your router is able to obtain a WAN IP address from the ISP To check the WAN IP address 1 Open your browser and choose an external site i e
23. Aobess Pertek P 159 Power ing communications with Security Step3 Click Apply you can see the account is successfully created PPTP General Seting PPTP fonction nable Disable Auth Type Pap ar Chap Dalia Ercryplura Exeatte Encryption Key Length auto Peer Ercryation Mode Oriy Stateless PAddesses Assigned to Peer Stat tom 1216810200 ide Timeout bo ni gilb Eoahe daa anemones WS CHAPY 70 authenboate hhe peel Apply Account Seting Mame Enable lype Fear Hcet Wank w Memole Access Delete Create D Step4 Click Save Config to save all changes to flash memory Step5 In Windows XP go Start gt Settings gt Network Connections i z E7 m eng DAT Achar Tig OFF Commeaster 7 uo im all 7 ba a L E L T 160 fig ee ee A Pe aS ot 9 Setup a hore omma Aber jemi Ea TE Does ean mei yE oe Ais Ji k Tau Other Phere g Latin Mie fed Pip Pimak Places be Enare y Hi Cee Ea Sete Ce bo ee mnie fe ope eon 9 Setup a hore orma iFa r slice gi Change tinira ena plist J tee Theses Othe Pleret g Daini Mire Wi fiy Priererk Places aa lp Bertie F Hi Coe Ea Hiri Cey e Step6 In Network Tasks Click Create a new connection and press Next Welcome to the New Connection Wizard Then memg fee you b Connect che ae Darna a Cebeeet gach ae your elec Sale b DE uh bhari er atl Be ae few Gorton P
24. Con 1 152 eS 1 0 pint sn a aali 0 0 0 0 LAN 0 No Number of the list Destination The IP address of the destination network Netmask The destination netmask address Gateway Interface The IP address of the gateway or existing interface that this route will use Cost The number of hops counted as the cost of the route 58 4 2 3 Session Table The NAT Session Table displays a list of current sessions for both incoming and outgoing traffic with protocol type source IP source port destination IP and destination port each page shows 10 sessions Session Table Sosshan Tale Na Preteen Fiom IP Fium Pon To IP Ta Pon TCr 12168 4 100 Mig 132168 254 Bil TEP 132 160 100 m23 i5216 38a EN J fcr 133 16 1 po aa 1 1 1 2a ta TCE 12 ea tt 25 1S ie Bal 5 TCR 92 168 1100 H 193 168 1254 Bo ii fer 12 10 1 au 142 101 2a EH Kimlar R aff Wt ites From IP From Pon Ta P Te Peet Firat Press Paar Lan duimp du sialan B i GO No Number of the list Protocol Protocol type of the Session From IP Source IP of the session From port source port of the session To IP Destination IP of the session To port Destination port of the session Sessions Filter when the presented field is filled please click Filter button From IP please input the source IP you would like to filter From port please input the source port you would like to filter To IP please input the destination IP you woul
25. Desktop Ma G i l cy r i ODBC Data Passwords Power Printers Regional Sound Effect Sounds Sources 32bit Management Sethings Manager System Telephony Users 46 Powering communication a ee 7h vith O CUrity 4 3 From the drop down box select your Ethernet adapter IP Configuration mfe Ea Ethernet Adapter Information PPP Adapter z PPP Adapter Adapter Address AC STek Broadcom 440 10 100 IF Address 0 0 0 0 Subnet Mask 0 0 0 0 Default Gateway PO Release HENEN Release All Renew All More Info gt gt The window is updated to show your settings Using the default BiGuard 2 10 settings your PC should have An IP address between 192 168 1 1 and 192 168 1 253 A subnet mask of 255 255 255 0 A default gateway of 192 168 1 254 Ee IP Configuration Of x Ethernet Adapter Information ASUST ekBroadcom 440s 10 1 Sha Adapter Address 00 E 0 1 8 FD 50 54 IP Address 192 168 1 100 subnet Mask 255 255 255 0 Default Gateway 192 168 1 254 Releaze Renew Release All Renew All More Info gt gt 3 5 Factory Default Settings Before configuring your BiGuard 2 10 you need to know the following default settings Web Interface Username admin Password admin LAN Device IP Settings 47 IP Address 192 168 1 254 Subnet Mask 255 255 255 0 ISP setting in WAN site Obtain an IP Address automatically DHCP Client DHCP server
26. Effect Sounds Sources 32bit Management Settings Manager System Telephony Users Configures network hardware and software E My Computer 38 N ebwork 4 Chent for Microsoft Metvrorks i Microsoft Family Logan ADSL Company ADSL USB Modem a ASUS Tek Broadcom 440s 107100 Integrated Controller Dial Up Adapter Microsoft Family Logon You must have the following installed An Ethernet adapter TCP IP protocol Client for Microsoft Networks If you need to install a new Ethernet adapter follow these steps a Click Add e Client for Microsoft H etwork s Microsoft Family Logon ADSL Company ADSL USE Modem ASUSTek Broadcom 440 107100 Integrated Controller Dial Up Adapter Microsoft Family Logon 39 Powering remmunicohon with Secu rity b Select Adapter then Add Select Hetwork Component Type EF Adapter Service c Select the manufacturer and model of your Ethernet adapter then click OK Select Network adapters detected net drivers a Esishng Ndise Driver Infrared COM port or d FE sisting ODI Driver Com A ACTEON H Adaptec If you need TCP IP a Click Add m Client for Microsoft Networks Microsoft Family Logon Mf 405 Company ADSL USE Modem me ASUS 7 ek Broadcom 440 10 1700 Integrated Controller af Dial Up Adapter Microsoft Family Logon 40 aban sommunication Ti h Secu rity b Select Protocol then click Add Select Network Component Type Y B
27. ISP generally shown by LEDs on the modem turn on the power to your router If an IP address still cannot be obtained Your ISP may require a login program Consult your ISP whether they require PPPoE or some other type of login If your ISP requires a login check to see that your User Name and Password are entered correctly Your ISP may check for your PC s host name Assign the PC Host Name of your ISP 125 account as your PC s host name on the router Your ISP may check for your PCs MAC address Either inform your ISP that you have purchased a new network device and ask them to use your router s MAC address or configure your router to spoof your PC s MAC address If an IP address can be obtained but your PC cannot load any web pages from the Internet Your PC may not recognize DNS server addresses Configure your PC manually with DNS addresses Your PC may not have the router correctly configured as its TCP IP gateway 5 5 Problems with Date and Time If the date and time is not being displayed correctly be sure to set it for your BiGuard 2 10 via the Web Configuration Interface Both date and time can be found under Configuration gt System gt Time Zone 5 6 Restoring Factory Defaults You can restore your BiGuard 2 10 to its factory settings by holding the Reset button on the back of your router until the Status LED begins to blink This will reset your router to its default settings
28. LAN ports on the router Connect BiGuard 2 10 to your broadband Internet connection via router s WAN port j E pay a 2 Plug BiGuard 2 10 to an AC outlet with the included AC Power Adapter 3 Ensure that the Power and WAN LEDs are solidly lit and that on any LAN port that has an Ethernet cable plugged in the LED is also solidly lit The Status LED will remain solid as the device boots Once the boot sequence is complete the LED will shut off indicating that BiGuard 2 10 is ready BILLON re ee ee u BiGuard 10 If the router does not power on please refer to Chapter 5 Troubleshooting for possible solutions 25 3 4 Configuring PCs for TCP IP Networking Now that your BiGuard 2 10 is connected properly to your network it s time to configure your networked PCs for TCP IP networking In order for your networked PCs to communicate with your router they must have the following characteristics 1 Have a properly installed and functioning Ethernet Network Interface Card NIC 2 Be connected to BiGuard 2 10 either directly or through an external repeater hub via an Ethernet cable 3 Have TCP IP installed and configured with an IP address The IP address for each PC may be a fixed IP address or one that is obtained from a DHCP server If using a fixed IP address it is important to remember that it must be in the same subnet as the router The default IP address of BiGuard 2 10 is 19
29. Security Algorithm 154 H 2 VPN Concentrator Local ID Type Subnet Local subnet 0 0 0 0 Local mask 0 0 0 0 Remote ID Type Subnet Remote subnet 192 168 3 0 Local ID Type Subnet Local subnet 192 168 3 0 Local mask 255 255 255 0 Remote ID Type Subnet Remote subnet 0 0 0 0 Remote mask 0 0 0 0 Remote mask 255 255 255 0 192 168 2 x BiGuard 2 Headquarter Local ID Type Subnet Local subnet 0 0 0 0 Local mask 0 0 0 0 Remote ID Type Subnet Remote subnet 192 168 4 0 Remote mask 255 255 255 0 200 200 200 1 192 168 3 x A o N Seed BiGuard 2 O Branch A A BiGuard 2 a 5 Branch B 4 Senne 192 168 4 x 201 201 201 1 Local ID Type Subnet Local subnet 192 168 4 0 Local mask 255 255 255 0 Remote ID Type Subnet Remote subnet 0 0 0 0 Remote mask 0 0 0 0 Step 1 Go to Configuration gt IPSec and configure the link from BiGuard 2 10 Headquarter to BiGuard 2 10 Branch A Status Quick Start Configuration LAN WAN Bandwidth Settings System Firewall YPN IPSec IPSec Wizard IPSec Policy PPTP QoS Virtual Server Advanced Save Config to Flash Annlw test1 Enabled Disabled IP Address Data S 100 100 100 1 a FEF IP Address Hostname E Data 200 200 2001 Remote WANIP gt Data f200 200 2001 Se SP PP a a o Netmask ss ps s fo Ma
30. WARM Outbound Application FTP Packet Type Guaranteed Maximum Priority DSCP Marking Disabled 5 Address Type IP Address MAC Address Source IP Address Range From 192 168 100 1 To 192 168 100 100 Destination IP Address Range SEO 0 0 0 To 255 255 255 255 source Port Range From fi To E5535 Destination Port Range From 20 To 21 Apply 18 2 2 4 Policy Based Traffic Shaping Policy Based Traffic Shaping allows you to apply specific traffic policies across a range of IP addresses or ports This is particularly useful for assigning different policies for different PCs on the network Policy based traffic shaping lets you better manage your bandwidth providing reliable Internet and network service to your organization Quality of Service Add QoS Rule Interface WAN Outbound Application FIP Packet Type TCP Guaranteed jo ag 2 Maximum T OF Priority b Lowest DSCP Marking Disabled gt Address Type P aed E Z source P Address Range Destination IP Address Range source Port Range Destination Port Range Apply 2 2 5 Priority Bandwidth Utilization Assigning priority to a certain service allows BiGuard 2 10 to give either a higher or lower priority to traffic from this particular service Assigning a higher priority to an application ensures that it is processed ahead of applications with a lower priority a
31. by using main mode IPSec Wizard Step of 3 Remote Information Chick Stand Remote Secure Galeway Address tor Rostra Conhcuratimn Back Hesi Status SAVE CONFIG Secure Gateway Address or Domain Name The IP address or hostname of the remote VPN device that is connected and establishes a VPN tunnel Back Back to the Previous page Next Go to the next page 96 4 LAN to Mobile Host BiGuard would like to establish an IPSec VPN tunnel with remote client software using Dynamic Internet IP by using aggressive mode IPSec Wizard Step Z of 3 Remote Information Quack Siar Pe inedentifier i ne Conficuraiimn Status Back Next SAWE CONFIG LOGOUT Remote Identifier The Identifier of remote gateway all input value type will be auto defined as IP Address FQDN DNS or FQUN E mail Back Back to the Previous page Next Go to the next page 97 5 LAN to Host for BiGuard VPN Client only BiGuard would like to establish an IPSec VPN tunnel with BiGuard VPN Client software CO1 by using aggressive mode Situs Quick Etat Conky LAN Bandexth Settings System lirs TPH Fiag te See Wira IPSec Pabey PPTP Gas Wirlual Serv ruranini Sane Config to Flash IPSec Wizard Step 2 of Remote Information VEN Cliant IP Address Bock teat abt Piast anie fat this fed meal be caian wit fhe aelhing of Ermua VW Gren 2 Ge dune thal gach chen mual cae diferea VPN
32. diagram below for a more detailed explanation 1 3 1 4 Cabling Most Ethernet networks currently use unshielded twisted pair UTP cabling The UTP cable contains eight conductors arranged in four twisted pairs and terminated with an RJ45 type connector One of the most common causes of networking problems is bad cabling Make sure that all connected devices are turned on On the front panel of BiGuard 10 verify that the LAN link and WAN line LEDs are lit If they are not check to see that you are using the proper cabling 1 3 2 BiGuard 2 BiGuard 2 iBusiness Security Gateway Home Office Getting Started CD ROM Quick Start Guide Ethernet CAT 5 LAN Cable AC DC Power Adapter 12VDC 1A 13 1 3 2 1 Front Panel BION O o BiGuard 2 ene Iie 7 amp 5S 4 3 2 4 Terea Security GMreiy POWER A solid light indicates a steady connection to a power source STATUS A blinking light indicates the device is writing to flash memory Lit when connected to an Ethernet device 10 100M Lit green when connected at 100Mbps Not lit when connected at 10Mbps Link ACT Lit when device is connected Blinking when data is transmitting receiving Lit when connected to an Ethernet device 10 100M Lit green when connected at 100Mbps Not lit when connected at 10Mbps Link ACT Lit when device is connected Blinking when data is transmitting receiving 1 3 2 2 Rear Panel 14 A
33. in a special folder for quick viewing later Delete Cookies Delete Eiles settings Histor The History folder contains links to pages you ve visited for quick access to recently viewed pages Days to keep pages in histary 20 Clear History Colors Fonts Languages Accessibility coc ev _ 3 Make sure that the Delete All Offline Content checkbox is checked and click OK Delete Files x AN Delete all tiles in the Temporary Internet Files You can also delete all your offline content stored locally res 4 Click OK under I nternet Options to close the dialogue In Windows type arp d at the command prompt to clear you computer s ARP table 121 5 2 3 1 Pop up Windows To use the Web Configuration Interface you need to disable pop up blocking You can either disable pop up blocking which is enabled by default in Windows XP Service Pack 2 or create an exception for your BiGuard 2 10 s IP address Disabling All Pop ups In Internet Explorer select Tools gt Pop up Blocker and select Turn Off Pop up Blocker You can also check if pop up blocking is disabled in the Pop up Blocker section in the Privacy tab of the Internet Options dialogue 1 In Internet Explorer select Tools gt Internet Options 2 Under the Privacy tab clear the Block pop ups checkbox and click Apply to Save your changes Enabling Pop up Blockers with Exceptions If y
34. is designed for managing traffic flow and bandwidth to solve this problem You can first classify different applications online games FTP Skype email as shown in the table below Then you can manage and prioritize the flow of bandwidth at different levels e g 30 for games 20 for downloads 10 for email 20 for FTP and 35 for others QoS can be used to identify different applications and assign priority to enable a smooth and responsive 149 broadband connection oe poo High Download Normal ec G 4 2 Office Users QoS is also ideal for small businesses using an office server as a web server With QoS control web pages served to your customers can be given top priority and delivered first so that it will not be impeded by email and office web browsing Here is a good example of how QoS can work in an office environment A CEO is holding a videoconference with international clients in the meeting room However the streaming video and voice frequently lag Sales people are talking to international agencies via VoIP phone while sending orders via email to vendors for production However some staff are downloading MP3 music files large size photos and watching video streaming online Consequently the Internet connection slows down This is why business users need QoS to manage data traffic With QoS the network administrator can define and classify important packets specify a minimum guaranteed rate for each applic
35. like P2P you ll understand why QoS is such a breakthrough for home users and office users Billion makes itself unique by integrating QoS in its routers for both inbound and outbound traffic QoS helps users manage bandwidth and effectively prioritize data traffic It gives you full control over the traffic of any type of data Employed on DiffServ Differentiated Services architecture data traffic is given priority by the router ensuring latency sensitive applications like voice and mission critical data such as VPN move through the router at lightning speeds even under heavy load You can throttle the speed of different types of data passing through the router limit the speed of unimportant or bandwidth consuming applications and even distribute the bandwidth for different groups of users at home or in the office QoS keeps your Internet connection smooth and responsive G 3 How Does QoS Work QoS employs three different methods for optimizing bandwidth 148 Prioritization Assigns different priority levels for different applications prioritizing traffic High Normal and Low priority settings Outbound and Inbound IP Throttling Controls network traffic and allows you to limit the speed of each application DiffServ Technology Manages priority queues and DSCP tagging through the Internet backbone Manages traffic among Ethernet wireless and ADSL interfaces G 4 Who Needs QoS QoS is ideal for home and office users
36. the information Select Read Write to allow your SNMP software to read and write the information 4 5 Save Configuration To Flash After changing the router s configuration settings you must save all of the configuration parameters to flash memory to avoid them being lost after turning off or resetting your router Click Apply to write your new configuration to flash memory BILLION BiGuard 2 iBusiness Security Gateway Home Office Save Config to Flash Please confinm that you wish to cave the configuration Thare vail eg delay weule sarg as conata mofo a writes bo PLASH chs t Statues Gui Sart Coniguratian Save Config to Flash Apply 4 6 Logout To exit the router s web interface click Logout Please ensure that you have saved your configuration settings before you logout 116 Be aware that the router is restricted to only one PC accessing the web configuration interface at a time Once a PC has logged into the web interface other PCs cannot gain access until the current PC has logged out If the previous PC forgets to logout the second PC can access the page after a user defined period 5 minutes by default You can modify this value using the Advanced gt Device Management section of the Web Configuration Interface Please see the Advanced section of this manual for more information 117 Chapter 5 Troubleshooting 5 1 Basic Functionality This section deals with issues regarding
37. www billion com r Pee ee eee ee Lal F ad 1 E m i ta T k ao 7 T i n mifi ij B Se ge ee bbi a Ti e Sf Bee eee 6G a a em r F a j foe p Fee Eee Wiis eee oe ae a iy eiie beeping Aer H ar Crick Foa par Dee oe a MM Moe 124 2 Access the Web Configuration Interface by entering your router s IP address default is 192 168 1 254 E Security Broadband Router Microsoft Internet Explorer File Edit Yiew Favorites Tools Help Back amp A Asearch GaFavortes meda lt 4 G gt tp 68 1 254 3 The WAN IP Status is displayed on the first page Status Frafieah Chievo ErGeuard Prevate LAN Mac Address Oa 46 35 FF Pubic WAM Wee Addnine OO T3148 27 00 Fierrevare Wergagn TOF Herma URL ren Eti LAN iP Actes 0 iaa a i 4 Platonian ee Ped deh UF sl oc Eripeliled WAH ew io Connect by Static Sethnga P Abiti 217 21 ET Parti gi ai para P55 2 Ds Galewvay 201 21 E ms aam 4 Check to see that the WAN port is properly connected to the ISP If a Connected by x where x is your connection method is not shown your router has not successfully obtained an IP address from your ISP If an IP address cannot be obtained 1 Turn off the power to your cable or DSL modem 2 Turn off the power to your BiGuard 2 10 3 Wait five minutes and power on your cable or DSL modem 4 When the modem has finished synchronizing with the
38. you to input a WAN Ethernet MAC check the checkbox and enter your MAC address in the blanks below DNS If your ISP requires you to manually setup DNS settings check the checkbox and enter your primary and secondary DNS RIP To activate RIP select Send Receive or Both from the drop down menu To disable RIP select Disable from the drop down menu MTU Enter the Maximum Transmission Unit MTU for your network Click Apply to save your changes To reset to defaults click Reset 73 4 4 2 2 Static IP WAN Static IP Connection Method static IP Settings Passgeedbyyourlse fp p P Pp cs IP Suanet Mask Po o p bp bp WAN ISP Galeeay Address i caalus Duic Stat Caniguriion Bandwidth Settings Biala paaa WAC Address Tm io i ko fo o aes Primary DHS f b 17 I7 Secondary DNS f hb fT fo HIP Disable E RPR RPJ MIU haw Adanced save Gonhg to Flash App Reset SAVE CON IG IP assigned by your ISP Enter the static IP assigned by your ISP IP Subnet Mask Enter the IP subnet mask provided by your ISP ISP Gateway Address Enter the ISP gateway address provided by your ISP MAC Address If your ISP requires you to input a WAN Ethernet MAC check the checkbox and enter your MAC address in the blanks below Primary DNS Enter the primary DNS provided by your ISP Secondary DNS Enter the secondary DNS provided by your ISP RIP To activate RIP select Send Receive or Both from the drop down
39. 2 168 1 254 with a subnet mask of 255 255 255 0 Using the default configuration networked PCs must reside in the same subnet and have an IP address in the range of 192 168 1 1 to 192 168 1 253 However you ll find that the quickest and easiest way to configure the IP addresses for your PCs is to obtain the IP addresses automatically by using the router as a DHCP server If you are unable to access the web configuration interface check to see if you have any software based firewalls installed on your PCs as they can cause problems accessing the 192 168 1 254 IP address of BiGuard 2 10 The following sections outline how to set up your PCs for TCP IP networking Refer to the applicable section for your PC s operating system 3 4 1 Overview Before you begin make sure that the TCP IP protocol and a functioning Ethernet network adapter is installed on each of your PCs The following operating systems already include the necessary software components you need to install TCP IP on your PCs Windows 95 98 Me NT 2000 XP 26 Mac OS 7 and later All versions of UNIX Linux If you are using Windows 3 1 you must purchase a third party TCP IP application package Any TCP IP capable workstation can be used to communicate with or through the BiGuard 2 10 To configure other types of workstations please consult the manufacturer s documentation 3 4 2 Windows XP 3 4 2 1 Configuring 1 Select Start gt Settings gt Net
40. 3 7 Web Configuration I nterface Chapter 4 Router Configuration 4 1 Overview 4 2 Status 4 2 1 ARP Table 4 2 2 Routing Table 4 2 3 Session Table 4 2 4 DHCP Table 4 2 5 IPSec Status 4 2 6 PPTP Status 4 2 7 System Log 4 2 8 IPSec Log 4 3 Quick Start 4 3 1 DHCP 4 3 2 Static IP 4 3 3 PPPoE 4 3 4 PPTP 4 3 5 Big Pond 4 4 Configuration 4 4 1 LAN 4 4 1 1 Ethernet 4 4 1 2 DHCP Server 4 4 2 WAN 4 4 2 1 DHCP 4 4 2 2 Static IP 4 4 2 3 PPPoE 4 4 2 4 PPTP 4 4 2 5 Big Pond 4 4 3 Bandwidth Settings 4 4 4 System 4 4 4 1 Time Zone 4 4 4 2 Remote Access 4 4 4 3 Firmware Upgrade 4 4 4 4 Backup Restore 4 4 4 5 Restart 4 4 4 6 Password 4 4 4 7 System Log Server 4 4 4 8 E mail Alert 4 5 4 6 5 1 5 2 4 4 5 4 4 6 4 4 7 4 4 8 4 4 9 Firewall 4 4 5 1 Packet Filter 4 4 5 2 URL Filter 4 4 5 3 LAN MAC Filter 4 4 5 4 Block WAN Request 4 4 5 5 Intrusion Detection VPN 4 4 6 1 IPSec 4 4 6 1 1 IPSec Wizard 4 4 6 1 2 IPSec Policy 4 4 6 2 PPTP QoS Virtual Server 4 4 8 1 DMZ 4 4 8 2 Port Forwarding Advanced 4 4 9 1 Static Route 4 4 9 2 Dynamic DNS 4 4 9 3 Device Management Save Configuration To Flash Logout Chapter 5 Troubleshooting Basic Functionality orp ia 5 1 2 5 1 3 5 1 4 Router Won t Turn On LEDs Never Turn Off LAN or Internet Port Not On Forgot My Password LAN I nterface 5 2 1 922 5 2 3 Can t Access BiGuard 2 10 from the LAN Can t Ping Any PC on the LAN Can t Access Web Con
41. 8 1 100 Subnet Mask a a ww ew ew wt 255 255 255 0 Default Gateway a a a a wt 192 168 1 254 C Documents and Settings Administrator gt 3 4 4 Windows 98 Me 3 4 4 1 Installing Components To prepare Windows 98 Me PCs for TCP IP networking you may need to manually install TCP IP on each PC To do this follow the steps below Be sure to have your Windows CD handy as you may need to insert it during the installation process 37 1 On the Windows taskbar select Start gt Settings gt Control Panel Internet Network Explorer Neighborhood Windows Update Programs Favorites Documents L l Printers F i Taskbar amp Start Menu AJ Folder Options a E E Active Desktop k I Control Panel Windows Update Log Off Null Shut Down AIRE 15 PM 2 Double click the Network icon The Network window displays a list of installed components EJ Control Panel oo f 2 mm x a Fack Eomsand Up File Edit View Go Favorites Help T Cut Copy Paste Unda Delete Properties vue pa 5 x a a Add Hew Add Remove DateTime Desktop Display Fonts Game Hardware Programs Themes Controllers of Control Panel Network Configures network hardware Internet Keyboard Modems Mouse le NVIDIA mie Ed enttiare Options Desktop Ma A aogasg Microsoft Home se Ed Technical Support ODBC Data Passwords Power Printers Regional Sound
42. Am Bina Canik Wigan Harok Canadan ype Arka Goa watia aT O Dannsa to tha internat Desmeci fa liay hiama pa ypy gim eteri he Veb pef road gaai E Cpr tn the rmb a y ipia Cemneri be a busnen meted jisma dE up g WEN 92 PSU SN ene Ree epe Aleid ieh i motes ma Bet up a hore or mmal offiess meterek Lermi u ari morire borme oe erol payg eiae u ph p ee ot Sot un an ajoe connection Correct deai te ecole comqiuiet wiry four serial pore ot infrared peel or et api ie ee es ee ee Se Ce a feck e toca _ B Mes Gomeri PAIE U 161 Step8 Select Virtual Private Network connection and press Next Fert h Taeka ie Come A ee oo 4 Seto 6 hoe or ee eS pai mee a ee bh ee ee or eel Phy ries ee Canc inira Prenat peee Dere he loien rrac DI Dia up cereri Fasie SON pcre Tr air saan rr pona C Mitua Private Noten connection omedia that aie umg Wil pete eo AP A oonnection ove the Fimi Li ieee 1 pene Other Pleres g Cib Pa uy ty Pienk Paces fp Erare Step9 Input the user defined name for this connection and press Next Met ete h ornp ime a P bi ro mh ij Fers iie hEarT E a Looe bel gt salle f Mrih Tareks New Connection Wizard tal Dimni j fe pnma bom Cameria Marne i 4 Tetig B hoe or ma Sacy araire or thee borraa tS pour Pg neinei gi Car iindows Prewal gi Tyee a AAEE ter H AESA Poise PAg be Cirnea Mgrs Hee Ais J e tahea Za rm pan qed ye ee en of par eae m Pn ee od ei
43. BILLION BiGuard 10 iBusiness Security Gateway Small Office ELETE LC BiGuard 2 iBusiness Security Gateway Home Office User s Manual Version Release 3 00 FW 1 03 BiGuard 2 10 User s Manual Updated December 1 2005 Copyright Information 2005 Billion Electric Corporation Ltd The contents of this publication may not be reproduced in whole or in part transcribed stored translated or transmitted in any form or any means without the prior written consent of Billion Electric Corporation Published by Billion Electric Corporation All rights reserved Disclaimer Billion does not assume any liability arising out of the application of use of any products or software described herein Neither does it convey any license under its patent rights nor the patent rights of others Billion reserves the right to make changes in any products described herein without notice This publication is subject to change without notice Trademarks Mac OS is a registered trademark of Apple Computer Inc Windows 98 Windows NT Windows 2000 Windows Me and Windows XP are registered trademarks of Microsoft Corporation Safety Warnings Your BiGuard 2 10 is built for reliability and long service life For your safety be sure to read and follow the following safety warnings Read this installation guide thoroughly before attempting to set up your BiGuard 2 10 Your BiGuard 2 10 is a complex electroni
44. Bandwidth Settings aad akadai itai Secondary WINS Server lo lo lo l o System ystem Domain Name Firevyall VPN Apply Reset Fixed Host QoS Virtual Server Advanced Save Config to Flash To disable the router s DHCP Server select the Disable radio button and then click Apply When the DHCP Server is disabled you will need to manually assign a fixed IP address to each PC on your network and set the default gateway for each PC to the IP address of the router 192 168 1 254 by default 71 To configure the router s DHCP Server select the Enable radio button and then configure parameters of the DHCP Server including the IP Pool starting IP address and ending IP address to be allocated to the PCs on your network DNS Server WINS Server and Domain Name These details are sent to each DHCP client when they request an IP address from the DHCP server Click Apply to enable this function Fixed Host allows specific computer network clients to have a reserved IP address Fixed Hot Table Ha MAC Address Addmet IP Address Enter the IP address that you want to reserve for the above MAC address MAC Address Enter the MAC address of the PC or server you wish to be assigned a reserved IP Candidates You can also select the Candidates which are referred from the ARP table for automatic input Fixed Host Create F fdidiess Cardidsies 1321610 MAC Address E U U S F Apply Click the Apply butt
45. DHCP server is enabled Start IP Address 192 168 1 100 End IP Address 192 168 1 199 3 5 1 Username and Password The default user name and password are admin and admin respectively If you ever forget your user name and or password you can restore your BiGuard 2 10 to its factory settings by holding the Reset button on the back of your router until the Status LED begins to blink Please note that doing this will also erase any previous router settings that you have made The Status LED will remain solid as the device boots Once the boot sequence is complete the LED will shut off indicating that BiGuard 2 10 is ready 3 5 2 LAN and WAN Port Addresses The default values for LAN and WAN ports are shown below IP address 192 168 1 254 DHCP server The DHCP Client is enabled to function Enabled automatically get the WAN port configuration from the ISP IP addresses for 100 IP addresses continuing distribution to from 192 168 1 100 through PCs 192 168 1 199 48 3 6 Information From Your ISP 3 6 1 Protocols Before configuring this device you have to check with your ISP Internet Service Provider to find out what kind of service is provided such as DHCP Static IP PPPoE or PPTP The following table outlines each of these protocols Configure this WAN interface to use DHCP client protocol to get an IP DHCP address from your ISP automatically Your ISP provides an IP address to the router dynamically when loggi
46. Giant iP Arias VPN Client IP Address The VPN Client Address for BiGuard VPN Client this value will be apply on both remote ID and remote Network as single address Back Back to the Previous page Next Go to the next page Status Quick Start Configuration LAN WAN Bandwidth Settings System Firewall VPN IPSec IPSec Wizard IPSec Policy BREIE QoS Virtual Server Advanced save Config to Flash IPSec Wizard Configuration Summary Connection Name Tunnel Local Network Secure Gateway Remote ID Network Secure Association Method Encryption Protocol Authentication Protocol Proposal Perfect Forward Secure Key Group PreShared Key IKE Life Time Key Life Time Back Done Tunnelt Enabled WAN IP Address 192 166 1 254 255 255 255 0 200 200 200 1 Remote Secure Gateway IP Address 192 168 3 0 255 255 255 0 Main Mode ESE 3DES MDS Enabled Group 2 12345678 3600 seconds 28800 seconds Type Type Type Type Type IP Address Subnet IP Address Hostname IP Address Subnet After your configuration is done you will see a Configuration Summary Back Back to the Previous page Done Click Done to apply the rule 98 4 4 6 1 2 IPSec Policy Bandwidth Settings oystem TE wirus Serer Ay hr H Taa i orig to EIE Click Create to create a new IPSec VPN connection account Configuring a New VPN Connection Status Quick Start Configuration kero a datiu Settin
47. Its placement depends on whether ESP is used in transport mode or tunnel mode ESP Trailer Placed after the encrypted data the ESP Trailer contains padding that is used to align the encrypted data ESP Authentication Data This contains an Integrity Check Value ICV for when ESP s optional authentication feature is used ESP provides authentication integrity and confidentiality which provides data content protection and protects against data tampering A typical ESP packet looks like this 140 SPI sequence Number E 2 1 3 Security Associations SA Security Associations are a one way relationships between sender and receiver that specify IPSec related parameters They provide data protection by using the defined IPSec protocols and allow organizations to control according to the security policy in effect which resources may communicate securely SA is identified by 3 parameters Security Parameters Index SPI a locally unique value Destination IP Address Security Protocol AH or ESP but not both There are several other parameters associated with an SA that are stored in a Security Association database E 2 2 IPSec Modes To exchange data between different types of VPNs IPSec provides two major modes Tunnel Mode This mode is used for host to host security Protection extends to the payload of IP data and the IP addresses of the hosts must be public IP addresses i 17 26 192
48. P Address to filter web access with an IP address as the domain name Exception List You can input a list of IP addresses as the exception list for URL filtering Keywords Filtering mals E Create Quick Stari Keyan Canigur ion LAN pph WAN Bandwidth Settings Block WEE URLs which contain these keywords System u Kernew Fiera Packet Filter URL Filter LAN MAC Filter Bock WAH Reguesi lsbrusiom Deiechon VEN Oo Viriual Server Avance Save Gong to Flash Enter a keyword to be filtered and click Apply Your new keyword will be added to the filtered keyword listing Domains Filtering Click the top checkbox to enable this feature You can also choose to disable all web traffic except for trusted sites by clicking the bottom checkbox To edit the list of filtered domains click Details 88 Domains Filtering Status Create Quick Start asi Domain Mame Conigurdion i Type Furbidden Dursan LAH WFAN Appo Gandeidih Settings System Trusted Domain Table fete Ho Domain Packet Filter Forbidden Domain Table URL Filter Ho Damain LAN MAC Filter Bock WAH Riequnesi lhusion Deiecton YF i a Advanced Ta amas va L save Gonhg to Flach Enter a domain and selected whether this domain is trusted or forbidden with the pull down menu Next click Apply Your new domain will be added to either the Trusted Domain or Forbidden Domain listing depending on which you selected p
49. S policies according to the applications you are running you can use BiGuard 2 10 to optimize the bandwidth that is being used on your network Normal PCs C i N Savvummemsressssmnn et 3 Restricted PC 17 As illustrated in the diagram above applications such as Voiceover IP VoIP require low network latencies to function properly If bandwidth is being used by other applications such as an FIP Server users using VoIP will experience network lag and or service interruptions during use To avoid this scenario this network has assigned VoIP with a guaranteed bandwidth and higher priority to ensure smooth communications The FTP server on the other hand has been given a maximum bandwidth cap to make sure that regular service to both VoIP and normal Internet applications is uninterrupted 2 2 3 Guaranteed Maximum Bandwidth Setting a Guaranteed Bandwidth ensures that a particular service receives a minimum percentage of bandwidth For example you can configure BiGuard 2 10 to reserve 10 of the available bandwidth for a particular computer on the network to transfer files Alternatively you can set a Maximum Bandwidth to restrict a particular application to a fixed percentage of the total throughput Setting a Maximum Bandwidth of 20 for a file sharing program will ensure that no more than 20 of the available bandwidth will be used for file sharing Quality of Service Add QoS Rule Interface
50. SP save Config to Flash IP assignd by your ISP C Fixed Your ISP requires you to input IP address fo fo 10 0 Your ISP requires you to input WAN Ethernet MAC MAC Address foo L foc k foo foo p foo l foo l Your ISP requires you to manually setup DNS settings MAC Address DNS Primary DNS fo fo fo fo Secondary DNS fo fo fo f RIP Disable RIP 2B RIP 2M MTU 1432 Apply Reset a SAVE CONFIG RESTART Eolcielthi zi L Username Enter your user name Password Enter your password Retype Password Retype your password PPTP Client IP Enter the PPTP Client IP provided by your ISP PPTP Client IP Netmask Enter the PPTP Client IP Netmask provided by your ISP PPTP Client IP Gateway Enter the PPTP Client IP Gateway provided by your ISP PPTP Server IP Enter the PPTP Server IP provided by your ISP Connection Select whether the connection should Always Connect or Trigger on Demand If you want the router to establish a PPTP session when starting up and to automatically re establish the PPTP session when disconnected by the ISP select Always Connect If you want to establish a PPTP session only when there is a packet requesting access to the Internet i e when a program on your computer attempts to access the Internet select Trigger on Demand Idle Time Auto disconnect the router when there is no activity on the line for a predetermined period of time Select the idle time from the drop down menu Active if Trig
51. VE DONFIG 1ESTAR LOGOUT Step3 Click Apply you can see the account is successfully created PPTP General Setting PPTP function Enable Disable Auth Type Pap or Chap Data Encryption Disable Encryption Key Length Quick Start Configuration Save Config to Flash Peer Encryption Mode IP Addresses Assigned to Peer Start from 192 168 10 200 Idle Timeout 0 Min 1 Enable data encryption will use MS CHAPv2 to authenticate the peer Apply Account Setting Name Enable Type Peer Network BiGuard10 vV LAN to LAN 192 168 30 100 24 Edit Delete Create SAVE CONFIG RESTART LOGOUT Step4 Click Save Config to save all changes to flash memory 166 i Step5 In another BiGuard as Client Go to Configuration gt WAN Status Quick Start PTP Settings Configuration LAN Bandwidth Settings System i jo A Hi hi Firewall VPN T T a QoS ways Connect Virtual Server A dva nce d save Config to Flash 468 52 ES aS a isable v i Step6 Click Apply and Save CONFIG 167 Powering communications with Secu rity
52. VPN The following chapter describes how BiGuard 2 10 can work for you 2 2 Bandwidth Management with QoS Quality of Service QoS gives you full control over which types of outgoing data traffic should be given priority by the router By doing so the router can ensure that latency sensitive applications like voice bandwidth consuming data like gaming packets or even mission critical files efficiently move through the router even under a heavy load You can throttle the speed at which different types of outgoing data pass through the router In addition you can simply change the priority of different types of upload data and let the router sort out the actual speeds 2 2 1 QoS Technology QoS generally involves the prioritization of network traffic QoS is comprised of three major components Classifier Meter and Scheduler Each of these components has a distinct role in ensuring that incoming and outgoing data is managed according to user specifications The Classifier analyses incoming packets and marks each one according to configured parameters The Meter communicates the drop priority to the Scheduler and measures the temporal priorities of the output stream against configured parameters Finally the Scheduler schedules each packet for transmission based on information from both the Classifier and the Meter 16 gt Inbound y Outbound 2 2 2 QoS Policies for Different Applications By setting different Qo
53. amic Host Configuration Protocol DHCP server PCs on the network can automatically obtain IP addresses from a list of addresses stored on the DHCP server In addition other information such as gateway and DNS address can also be assigned with a DHCP server When connecting to the ISP BiGuard 2 10 also functions as a DHCP client BiGuard 2 10 can automatically obtain an IP address Subnet mask gateway address and DNS server addresses if the ISP assigns this information via DHCP D 2 Router Basics D 2 1 What is a Router A router is a device that forwards data packets along networks A router is 135 connected to at least two networks Usually this is a LAN and a WAN that is connected to an ISP network Routers are located at gateways the places where two or more networks connect Routers use headers and forwarding tables to determine the best path for forwarding the packets and they use protocols to communicate with each other and configure the best route between any two hosts Routers can vary in performance and scale the types of physical WAN connection they support and the number of routing protocols supported BiGuard 2 10 offers a convenient and powerful way for small to medium businesses to connect their networks D 2 2 Why use a Router While large bandwidth can easily and inexpensively be provided in a LAN having high bandwidth between a LAN and the Internet can be prohibitively expensive Because of this Interne
54. and Scheduled SoundMas Sounds and Symantec Cameras Tasks Multimedia LiveUpdate Date Time Display Folder Options Connects to other computers networks and the Internet 33 3 In Network and Dial up Connections double click Local Area Connection EY Network and Dial up Connections 3 O x File Edit wiew Favorites Tools Advanced Help Back CGisearch G4 Folders 4 aS OS x oA Feb Address Network and Dial up Connections Make New Local Area Connection Connection Connections Local Area Connection Type LAN Connection Status Enabled 3Com EtherLink L 10 100 PCI For Complete PC Management MIC SC905C Ts 3Com EtherLink L 10 100 PCI For Complete PC Management NIC fSC90SC TH 2 4 In the Local Area Connection window click Properties Local Area Connection Status General Connection Status Connected Duration 4 days 21 19 24 Speed 100 0 Mbps Activity m Sent s Recened Packets 432 400 1 553 647 34 5 Select Internet Protocol TCP IP and click Properties Local Area Connection Properties eo x General Sharing Connect using SCom EtherLink sL 10 100 PCI For Complete PC Manage Components checked are used by this connector 3 File and Printer Sharing for Microsoft Networks Y Network Monitor Driver otocal TCPYIP r Install Uninstall Properties Description Transmission Contr
55. anyan y Ps5 Ps compatible Protocol Y IBM Microsoft 32 bit DLC Y Microsoft FS Microsoft DLC i 4 MetBEUI YO OWAN support for ATM If you need Client for Microsoft Networks a Click Add E Client for Microsoft Networks Microsoft Family Logon ADSL Company ADSL USE Modem ASUST ek Broadcom 440 10 100 Integrated Controller Dial Up Adapter SET Pe Hes Microsoft Family Logon 41 iiaia 3 ammunicalion Ti h Secu rity b Select Client then click Add Select Network Component Type GIES Click the type of network component wou want to install Add Cancel A chent enables your computer to connect to other computers c Select Microsoft gt Client for Microsoft Networks and then click OK Select Network Chent Click the Network Client that you want to install then click OF IF pou have E an installation disk for this device click Hawe Disk Manufacturers Metwork Clients G Client for Microsoft Networks LA Microsoft m Chent for Metw are Networks m Microsoft Family Logon Have Disk Sonea 3 Restart your PC to apply your changes 3 4 4 2 Configuring 1 Select Start gt Settings gt Control Panel windows Update Programe Favorites Documents Contral Panel Settings Printers Taskbar amp Start Menu Folder Options 7 Active Desktop Windows Update Log Off Null os 2 am amp wp g9 P 3 E z Shut Down
56. ary DNS Enter your secondary DNS Click Apply to save your changes To reset to defaults click Reset 66 LODU 4 3 3 PPPoE Quick Start WAN PPPE Connection aiB PPPoE Soitings LAs arr Paraan Palpet Farrand Cannacton idie Tart Username Enter your user name Password Enter your password Retype Password Retype your password Connection Select whether the connection should Always Connect or Trigger on Demand If you want the router to establish a PPPoE session when starting up and to automatically re establish the PPPoE session when disconnected by the ISP select Always Connect If you want to establish a PPPoE session only when there is a packet requesting access to the Internet i e when a program on your computer attempts to access the Internet select Trigger on Demand Idle Time Auto disconnect the router when there is no activity on the line for a predetermined period of time Select the idle time from the drop down menu Active if Trigger on Demand is selected Click Apply to save your changes To reset to defaults click Reset 67 4 3 4 PPTP Quick Start WAN PPTP Connection aiB PPTP Settings Liama a Parewnnd n Ralret Parras EL PPTP Cien iF T PPTP Clon IP Metmawk p p PPTP Ciam IP Gateway p Do PPTP Server IP Po P Po Connection z Idim Tore Apih Pen Aheuys Connect Username Enter your user name Password Enter your password Retype Password Retype your password
57. ation and ensure that important packets have priority to ensure a good quality of broadband connection for the entire organization 150 ETE TE Oa BILLIOA 10 P oad High Download Normal Ves 3 Lom MSN Nomad Powering communications with Security Appendix H Router Setup Examples H 1 VPN Configuration This section outlines some concrete examples on how you can configure BiGuard 2 10 for your VPN H 1 1 LAN to LAN Branch Office Head Office Public IP Public IP y 192 163 0 254 69 121 1 30 669 121 1 3 192 168 1254 ka 63 Q a cs Router Router Encryption Data IPSec _ IPSec VPN Connection 192 168 1 0 24 enai IPSec VPN LAN to LAN BC Branch Office Head Office Local Ss o o o pe p Nemas ssassassa ps5255 2550 Secure Gateway Address or 69 121 1 30 Hostname 152 S a a o pe Proposal Nemask os 55255 ps5255 2550 IKE Pre shared Key 12345678 12345678 H 1 2 Host to LAN Head Office Public IP Public IP l te 69 12 1 1 30 69 121 1 3 192 168 1244 EL oT oa i _ Windows XP Router iF Encryption Data IPSec IPSec VPN Connection 192 468 1 0 24 IPSec VPN Host to LAN 153 sing ct Head Office Local Oo o o o pe pe wenes pows pssassasa Remote Secure Gateway Address or 69 121 1 3 69 121 1 30 Hostname Heras o 55255 ps5255255 25 Proposal IKE Pre shared Key 12345678 12345678
58. authorized INVALID ID Require peer to have ID s but peer declares s INVALID ID INFORMATION Initial Aggressive Mode packet claiming to be from s on s but no connection has been authorized Received Delete SA payload and deleting IPSEC State integer Received Delete SA payload Deleting ISAKMP State integer 146 Powering communications with Security Appendix G Bandwidth Management with QoS G 1 Overview In a home or office environment users constantly have to transmit data to and from the Internet When too many are accessing the Internet at the same time service can slow to a crawl causing service interruptions and general frustration Quality of Service QoS is one of the ways BiGuard 2 10 can optimize the use of bandwidth ensuring a smooth and responsive Internet connection for all users G 2 What is Quality of Service QoS is a feature that prioritizes and guarantees bandwidth to achieve optimal service performance QoS can maximize the use of available network bandwidth by prioritizing time sensitive traffic to avoid latencies and delays By ensuring that time sensitive applications such as VoIP and streaming video get priority access to bandwidth users in both home and office environments can enjoy smooth and responsive data transmission no matter which applications they are running If you ve ever experienced slow Internet speeds due to other network users using bandwidth consuming applications
59. bles you grant access from any PC or from a specific IP address Click Apply to save your settings NOTE When enabling remote access be sure to change the default administration password to something more secure 4 4 4 3 Firmware Upgrade Firmware Upgrade You may upgrade the system software on your network device Hew Firmware image o n Uorn Upgrading your BiGuard 2 10 s firmware is a quick and easy way to enjoy increased functionality better reliability and ensure trouble free operation To upgrade your firmware simply visit Billion s website http www billion com and download the latest firmware image file for BiGuard 2 10 Next click Browse and select the newly downloaded firmware file Click Upgrade to complete the update NOTE DO NOT power down the router or interrupt the firmware upgrade while it is still in process Interrupting the firmware upgrade process could damage the router 80 4 4 4 4 Backup Restore Backup Restore Allewa pou te backup the confiqurntion settings ta your computer Backup configuration to your competer Configuration File owas Tiai ae anea lie Gue eaa e niian he det U ene wari fo eed fhe Cume configuration pledeu ude Backhoe fee fo kha crani confcoration This feature allows you to save and backup your router s current settings or restore a previously saved backup This is useful if you wish to experiment with different settings knowing that yo
60. bove destination subnet IP Gateway This is the gateway IP address to which packets are to be forwarded Interface Select the interface through which packets are to be forwarded Cost This is the same meaning as Hop Click Apply to save your changes 4 4 9 2 Dynamic DNS The Dynamic DNS function allows you to alias a dynamic IP address to a static hostname allowing users whose ISP does not assign them a static IP address to use a domain name This is especially useful when hosting servers via your WAN connection so that anyone wishing to connect to you may use your domain name rather than having to use a dynamic IP address that changes periodically This dynamic IP address is the WAN IP address of the router which is assigned to you by your ISP Click Edit in the Dynamic DNS Settings Table to set related parameters for a specific interface 113 Dynamic DNS Settings Parameters Dynamic ONS e Enable Oeeble Oynanuc ORS Serve wer dyndne ong dyrnanuc F aidea Enable Diestly Domin Mams mauren dyndne ang aera Pat gen a FEFEFE Karad You will first need to register and establish an account with the Dynamic DNS provider using their website Example DYNDNS http www dyndns or BiGuard 2 10 supports several Dynamic DNS providers such as www zoneedit com www orgdns org www dhs org www dyns cx www 3domain hk www dyndns org www 3322 org Dynamic DNS Disable Check to disable the Dynami
61. c DNS function Enable Check to enable the Dynamic DNS function The following fields will be activated and required Dynamic DNS Server Select the DDNS service you have established an account with Wildcard Select this check box to enable the DYNDNS Wildcard Domain Name Enter your registered domain name for this service Username Enter your registered user name for this service Password Enter your registered password for this service Click Apply to save your changes 114 4 4 9 3 Device Management The Device Management Advanced Configuration settings allow you to control your router s security options and device monitoring features Device Management Device Hame Status Quick Start BiGuectto Conigur ion Web Server Settings HTI Port fe St lt i CS 20 is default HTP poet Management IF Address b CO bh bh bo o M means Anp Expire to utol Ipar Bao gt seconds SMP Access Control SNMP Function C Enable Disable SMP Wl and We Read Community public PAdress OOO Write Community assur P Adress pooo Trap Comman y Poo PAdress SMP WS Uisemame ee Password po Access Righi Read Feadhmhe Tits setting wall become efective offer wou seve tolisi and mestat ihe uer Apply Device Name Name Enter a name for this device Web Server Settings HTTP Port This is the port number the router s embedded web server for web based configuration will use The default value is th
62. c device DO NOT open or attempt to repair it yourself Opening or removing the covers can expose you to high voltage and other risks In the case of malfunction turn off the power immediately and have it repaired at a qualified service center Contact your vendor for details Connect the power cord to the correct supply voltage Carefully place connecting cables to avoid people from stepping or tripping on them DO NOT allow anything to rest on the power cord and DO NOT place the power cord in an area where it can be stepped on DO NOT use BiGuard 2 10 in environments with high humidity or high temperatures DO NOT use the same power source for BiGuard 2 10 as other equipment DO NOT use your BiGuard 2 10 and any accessories outdoors If you mount your BiGuard 2 10 make sure that no electrical water or gas pipes will be damaged during installation DO NOT install or use your BiGuard 2 10 during a thunderstorm DO NOT expose your BiGuard 2 10 to dampness dust or corrosive liquids DO NOT use your BiGuard 2 10 near water Be sure to connect the cables to the correct ports DO NOT obstruct the ventilation slots on your BiGuard 2 10 or expose it to direct Sunlight or other heat sources Excessive temperatures may damage your device DO NOT store anything on top of your BiGuard 2 10 Only connect suitable accessories to your BiGuard 2 10 Keep packaging out of the reach of children If disposing of the device please follow your local
63. ce for hackers to access or disrupt your network A simple NAT router provides a basic level of protection by shielding your network from the outside Internet Still there are ways for more dedicated hackers to either obtain information about your network or disrupt your network s Internet access Your BiGuard 2 10 provides an extra level of protection from such attacks with its built in firewall 137 Appendix E Virtual Private Networking E 1 What is a VPN A Virtual Private Network VPN is a shared network where private data is segmented from other traffic so that only the intended recipient has access It allows organizations to securely transmit data over a public medium like the Internet VPNs utilize tunnels which allow data to be safely delivered to the intended recipient Because private networks lack data security IPSec based VPNs employ encryption technologies that protect a private network from data theft or tampering These private networks can be implemented over any type of IP network which allows for excellent flexibility E 1 1 VPN Applications VPNs are traditionally used three ways Extranets Extranets are secure connections between two or more organizations IPSec based VPNs are ideal for extranet connections as they can be quickly and inexpensively installed Extranets are often used to securely share a company s information with suppliers vendors customers or other businesses Intranets Intra
64. ch office traffic will be redirected to the VPN tunnel to headquarter with the exception of LAN side traffic This way all branch offices can connect to each other through headquarter via the headquarter firewall management You can also configure BiGuard 2 10 to function as a VPN 22 Concentrator Please refer to appendix H for example settings Local ID Type Subnet Local subnet 192 168 3 0 Local mask 255 255 255 0 Local ID Type Subnet Remote ID Type Subnet Local subnet 0 0 0 0 Remote subnet 0 0 0 0 Local mask 0 0 0 0 Remote mask 0 0 0 0 Remote ID Type Subnet Remote subnet 192 168 3 0 Remote mask 255 255 255 0 200 200 200 1 192 168 3 x 192 168 2 x mp Sa BiGuard 2 eee ee eis ii D ge BiGuard 2 BiGuard 2 Seosed C Local ID Type Subnet q Local subnet 0 0 0 0 201 201 201 1 i 192 168 4 x Local mask 0 0 0 0 Local ID Type Subnet Remote ID Type Subnet Local subnet 192 168 4 0 Remote subnet 192 168 4 0 Local mask 255 255 255 0 Remote mask 255 255 255 0 Remote ID Type Subnet Remote subnet 0 0 0 0 Remote mask 0 0 0 0 23 Chapter 3 Getting Started 3 1 Overview BiGuard 2 10 is designed to be a powerful and flexible network device that is also easy to use With an intuitive web based configuration BiGuard 2 10 allows you to administer your network via virtually any Java enabled web browser and is fully compatible with Linux Mac OS and Windows 98 Me NT 2000 XP operating systems
65. confidentiality There are two phases to this process Phase I deals with the negotiation and management of IKE and IPSec parameters This phase can be carried out in either one of two modes Main Mode or Aggressive Mode Main mode utilizes three message pairs that negotiate IKE parameters establish a shared secret and derive session keys and exchange and provide identities retroactively authenticating the information sent This method is very secure but when using the pre shared key method for authentication it is possible to use IDs other than the packets s IP addresses Aggressive mode reduces this process to three messages but parameter negotiation is limited identity protection is lacking except when using public key encryption and is more vulnerable to Denial of Service attacks Phase II known as Quick Mode establishes symmetrical IPSec Security Associations for both AH and ESP It does this by negotiating IPSec parameters exchange nonces to derive session keys from the IKE shared secret exchange DH values to generate a new key and identify which traffic this SA bundle will protect using selectors IDi and IDr payloads The following is an illustration on how data is handled with IKE Start Phase 1 Negotiate ISAKMP SA Mutual Authentication New IPSec tunnel or Rekeying Phase Negotiate SAs for AH and ESP Protected Data Transfer 143 Appendix F I PSec Logs and Events F 1 IPSec Log Eve
66. d like to filter To port please input the destination port you would like to filter First To the first page Previous To the previous page Next To the next page Last To the last page Jump to the session please input the session number you would like to see and press GO 59 4 2 4 DHCP Table The DHCP Table displays a list of IP addresses that have been assigned to PCs on your network via Dynamic Host Configuration Protocol DHCP DHCP Table Status sits DHCP IP Assignment Table ARP Table sit Mo IF Address Device Harme MAC Address Leaca ima Rating Table earls 1 192 168 1 100 TEST DNI OC S0 ba 1 18 25 254009 Session labe DFCP Table Retesh IPSec Stus PETP Status System Log IPSec Log Quick Start re Ty Serve Gang to Flash Se ae No Number of the list IP Address A list of IP addresses of devices on your LAN Device Name The host name computer name of the client MAC Address The MAC address of client 60 4 2 5 IPSec Status The IPSec Status window displays the status of the IPSec Tunnels that are currently configured on your BiGuard 2 10 IPSec Status IPSec Tunnels Hame Enablz stats LocelNework Femte Networt Remote Gateway SA Actor PFTP Status System Log IPSec Log Quick Start Coniguration Save Config to Flash Name The name you assigned to the particular IPSec entry Enable Whether the IPSec connection is currently Enable or Disable Sta
67. d logs of attack Intrusion detection 129 Content Filtering URL Filter settings prevent user access to certain sites on the Internet Java Applet Active X Cookie Blocking Quality of Service Control Supports DiffServ approach Traffic prioritization and bandwidth management based on IP protocol port number and IP or MAC address Web Based Management Easy to use WEB interface Firmware upgradeable via WEB interface Local and remote management via HTTP amp HTTPS Network Protocols and Features Web Diagnostics System Logs PPPoE PPTP Big Pond and DHCP client connections to the ISP NAT static routing and RIP 2 Dynamic Domain Name System DDNS Virtual Server and DMZ DHCP Server NTP Physical I nterface Ethernet WAN 1 ports 10 100 Base T support Auto Crossover MDI MDIX Ethernet LAN 8 ports 10 100 Base T switch support Auto Crossover MDI MDIX Physical Specifications Dimensions 10 43 x 6 93 x 1 73 265mm x 176 mm x 44mm Power Requirement Input 12VDC 1A Operating Environment Operating temperature 0 40 degrees Celsius Storage temperature 20 70 degrees Celsius Humidity 20 95 non condensing 130 Appendix B Customer Support Most problems can be solved by referring to the Troubleshooting section in the User s Manual If you cannot resolve the problem with the Troubleshooting chapter please contact the dealer where you purchased this product
68. e There are 5 connection types 1 LAN to LAN BiGuard would like to establish an IPSec VPN tunnel with remote router using Fixed Internet IP or domain name by using main mode IPSec Wizard Step w 3 Remote loformatiun Famole Secure Gateway Qddrass for Hosters P Address Remote Meteor Back Next FRNT ataus SWE CONFIG RESTART LOGOUT Secure Gateway Address or Domain Name The IP address or hostname of the remote VPN device that is connected and establishes a VPN tunnel Remote Network The subnet of the remote network Allows you to enter an IP address and netmask Back Back to the Previous page Next Go to the next page 94 2 LAN to Mobile LAN BiGuard would like to establish an IPSec VPN tunnel with remote router using Dynamic Internet IP by using aggressive mode IPSec Wizard iii Step 7 of 3 Remote Information Quick Start Remote Indentifier as Conficuraiin fi T fi h Remote Network pies 1 5 Metnask T T 7 Back Nea SAWE CONFIG LOGOUT Remote Identifier The Identifier of remote gateway all input value type will be auto defined as IP Address FQDN DNS or FQUN E mail Remote Network The subnet of the remote network Allows you to enter an IP address and netmask Back Back to the Previous page Next Go to the next page 95 3 LAN to Host BiGuard would like to establish an IPSec VPN tunnel with remote client software using Fixed Internet IP or domain name
69. e standard HTTP port 80 Users may specify an alternative if for example they are running a web server on a PC within their LAN Management IP Address You may specify an IP address allowed to logon and access the router s web server Setting the IP address to 0 0 0 0 will disable IP address restrictions allowing users to login from any IP address Expire to auto logout Specify a time frame for the system to auto logout the user s configuration session Example User A changes HTTP port number to 100 specifies their own IP address of 192 168 1 100 and sets the logout time to be 100 seconds The router will only allow User A access from the IP address 192 168 1 100 to logon to the Web GUI by typing http 192 168 1 254 100 in their web browser After 100 seconds the device will automatically logout User A SNMP Access Control SNMP Function Select Enable to activate this function Disable to deactivate this function 115 SNMP V1 and V2 Read Community Input the string for Read community to match your SNMP software Write Community Input the string for Write community to match your SNMP software Trap Community Input the string for Trap community to match your SNMP software IP Address Input the device IP address with SNMP software installed SNMP V3 Username Input the Username for your SNMP software Password Input the Password for your SNMP software Access Right Select Read to allow your SNMP software to read
70. ec Log Events for more information on log events 64 4 3 Quick Start The Quick Start menu allows you to quickly configure your network for Internet access using the most basic settings DHCP Quick Start Connection Method Obtem an IP Adress Automatically Conigquraion i Host Hame zae onhig to Flash prh Feszt Connection Method Select your router s connection to the Internet Selections include Obtain an IP Address Automatically Static I P Settings PPPoE Settings PPTP Settings and Big Pond Settings 4 3 1 DHCP The following is information regarding your ISP that you will need to enter in order to properly configure your Internet connection If you select to Obtain an IP Address Automatically these will be automatically set for you provided that your ISP dynamically assigns an IP address Saus DHCP Quick Start Connection Kethod Cbtam an P Adcress Autcmatizally Coniguraion c Host Hame Sa Conig bo Flach 65 4 3 2 Static IP Static IP Connection Method Sialic IP Sectings Keaen IP assigned by your ISP T bh fo F save Cong to Flach IP Suanet Mask T T T pP ISP Gatemay Address b Wp F Primary DNS bP ib fb Secondary DMS T I p o i fai pi IP assigned by your ISP Enter the assigned IP address from your IP IP Subnet Mask Enter your IP subnet mask ISP Gateway Address Enter your ISP gateway address Primary DNS Enter your primary DNS Second
71. ecific Virtual Server entries just for the ports your application requires instead of using DMZ is recommended 111 4 4 9 Advanced Configuration options within the Advanced section are for users who wish to take advantage of the more advanced features of BiGuard 2 10 Users who do not understand the features should not attempt to reconfigure their router unless advised to do so by support staff static Route Dynamic DNS There are three items within the Advanced section Static Route Dynamic DNS and Device Management 4 4 9 1 Static Route The static route settings enable the router to route IP packets to another network subnet The routing table stores the routing information so the router knows where to redirect the IP packets Static Route status Tab Quick Start ena Ho Erab e Jesination Heirat Galeway niece Goniguraion LAH Crate i WAN Randeidih Setiings System Adanced Hale Hore Dynamic CHS Desens Marsgereni Sar Conig to Flash al ih Click on Static Route and then click Create to add a routing table 112 Static Route Create Rula Fila Enable Diable Caontinaiion i T i ln Halmark z T p p Galeri 7 z D T DENTI LAM Coat lo Her Rule Select Enable to activate this rule Disable to deactivate this rule Destination This is the destination subnet IP address Netmask This is the subnet mask of the destination IP addresses based on a
72. ely imresre Upgrade i T Howdy Eackup Pese eee Alert via E Mail when C bay 0z eam Cpu Restart T Weeki Jouuda Fasson ae When bog is fl system Log Serer E tal Alen Apply Firza The Email Alert function allows a log of security related events such as System Log and IPSec Log to be sent to a specified email address Email Alert You may enable or disable this function by selecting the appropriate radio button Recipient s Email Address Enter the email address where you wish the alert logs to be sent SMTP Mail Server Enter your email account s outgoing mail server It may be an IP address or a domain name Sender s Email Address Enter the email address where you wish the alert logs to be sent by which address Mail Server Login some SMTP servers may request users to login before serving Select Enable to activate SMTP server login function disable to deactivate Username Input the SMTP server s username Password Input the SMTP server s password Alert via Email when Select the frequency of each email update Choose one of the five options Immediately The router will send an alert immediately Hourly The router will send an alert once every hour Daily The router will send an alert once a day The exact time can be specified using the pull down menu Weekly The router will send an alert once a week When log is full The router will send an alert only when the log is full 84 4 4 5 Firewall
73. er your password Retype Password Retype your password Login Server Enter the IP of the Login server provided by your ISP MAC Address If your ISP requires you to input a WAN Ethernet MAC check the checkbox and enter your MAC address in the blanks below DNS If your ISP requires you to manually setup DNS settings check the checkbox and enter your primary and secondary DNS RIP To activate RIP select Send Receive or Both from the drop down menu To disable RIP select Disable from the drop down menu MTU Enter the Maximum Transmission Unit MTU for your network Click Apply to save your changes To reset to defaults click Reset A simpler alternative is to select Quick Start from the main menu Please see the Quick Start section of this chapter for more information Ti 4 4 3 Bandwidth Settings Under Bandwidth Settings you can easily configure both inbound and outbound bandwidth WAN Enter your ISP inbound and outbound bandwidth for WAN NOTE These values entered here are referenced by QoS 4 4 4 System The System menu allows you to adjust a variety of basic router settings upgrade firmware set up remote access and more In this menu are the following sections Time Zone Remote Access Firmware Upgrade Backup Restore Restart Password System Log Server and Email Alert oystem Time Zone Remote Firmware Upgrade Backup Restore Restart Password oystem Log server lail Alert
74. ernet access also required a range of IP addresses from the Internet Service Provider ISP Not only was this method very costly but the number of available IP addresses for PCs is limited Instead BiGuard 2 10 uses a type of address sharing called Network Address Translation to grant Internet access to several PCs on the same network through the Same Internet account This method translates internal IP addresses to a single address that is unique on the Internet This unique address can either be fixed or dynamic depending on the type of Internet account and the internal LAN IP addresses may also be either private or registered addresses NAT also offers firewall like protection to your network since internal LAN addresses are shielded from the public Internet All incoming traffic to the public IP address is handled by the router which means added security for your network from intruders If a particular PC on your LAN requires access from outside PCs you can use port forwarding to accomplish this For information on how to configure port forwarding on BiGuard 2 10 refer to the Virtual Server section of Chapter 4 Router Configuration D 1 3 Dynamic Host Configuration Protocol DHCP If the PCs on a LAN require access to the Internet each PC must be configured with an IP address a gateway address and one or more DNS server addresses Rather than configuring each PC manually you can instead configure a network device to act as a Dyn
75. erver Te k etmas DHCP Serer WAN Connection Method IP Address Advanced save Config to Flash Netmask Gateway DNS Up Time Refresh BiGuard10 0 0 14 16 day hour min sec Mon Aug 1 05 14 04 2005 00 11 73 24 45 11 00 11 73 24 45 00 1 03 Billion Electric Co Ltd Sync Now 192 168 1 254 255 255 255 0 Enabled No Link 70 4 4 1 1 Ethernet Ethernet aan Pera ae Quick Start IP Address fio fie ea oniguration obn hisk Ea Ee ba boo Sik RP Disable RP C RPW Elhemel DHCP Server Agehy Reset UAFA R WAN EGandeadih Settings System Adanced save Gonhg to Flash IP Address Enter the internal LAN IP address for BiGuard 2 10 192 168 1 254 by default Subnet Mask Enter the subnet mask 255 255 255 0 by default RIP RIP v2 Broadcast and RIP v2 Multicast Check to enable RIP 4 4 1 2 DHCP Server In this menu you can disable or enable the Dynamic Host Configuration Protocol DHCP server The DHCP protocol allows your BiGuard 2 10 to dynamically assign IP addresses to PCs on your network if they are configured to automatically obtain IP addresses DHCP Server Status Parameters Quick Start 7 DHCP Server Functions Enable Disable Configuration IP Pool Range From 192 168 1 100 LAN IP Pool Range to 192 168 1 fis9 Eth t ANE Primary DNS Server fo p fo fo DHCP S BESA Secondary DNS Server lo lo lo lo WAN Primary WINS Server lo lo o o
76. ew G 2 What is Quality of Service G 3 How Does QoS Work G 4 Who Needs QoS G 4 1 Home Users G 4 2 Office Users Appendix H Router Setup Examples H 1 VPN Configuration H 1 1 LAN to LAN H 1 2 Host to LAN H 2 VPN Concentrator H 3 Intrusion Detection H 4 PPTP Remote Access by Windows XP H 5 PPTP Remote Access by BiGuard Chapter 1 Introduction 1 1 Overview Congratulations on purchasing BiGuard 2 10 Router from Billion Combining a router with an Ethernet network switch BiGuard 2 10 is a state of the art device that provides everything you need to get your network connected to the Internet over your Cable or DSL connection quickly and easily The Quick Start Wizard and DHCP Server will get first time users up and running with minimal fuss and configuration while sophisticated Quality of Service QoS and traffic management features grant advanced users total control over their network and Internet connection This manual illustrates the many features and functions of BiGuard 2 10 and even takes you through the various ways you can apply this versatile device to your home or office Take the time now to familiarize yourself with BiGuard 2 10 1 2 Product Highlights 1 2 1 Virtual Private Network Support BiGuard 2 10 supports comprehensive IPSec VPN protocols for businesses to establish private encrypted tunnels over the Internet to ensure data transmission security among multiple sites such as a branch office or dial up connecti
77. exchange proposal and key values Sending the first message of quick mode Phase Il Done to exchange proposal and key values IPSec Received the first message of quick mode Phase II Done to exchange proposal and key values IPSec Sending the first response message of quick mode Phase Il Done to exchange proposal and key values IPSec 145 Received Quick mode first Received the first response message of quick mode Phase II Done to response message exchange proposal and key values IPSec Send Quick mode second message Sending the second message of quick mode Phase Il Received Quick mode second Received the second message of quick mode Phase ll message ISAKMP IKE Packet Indicates IKE packet ISAKMP Information Indicates Information packet ISAKMP Quick Mode Indicates quick mode packet NO PROPOSAL CHOSEN No acceptable Oakley Transform NO PROPOSAL CHOSEN No acceptable Proposal in IPsec SA NO PROPOSAL CHOSEN PFS is required in Quick Initial SA NO PROPOSAL CHOSEN PFS is not required in Quick Initial SA NO PROPOSAL CHOSEN Initial Aggressive Mode message from s but no connection has been configured NO PROPOSAL CHOSEN Initial Main Mode message received on s u but no connection has been authorized INVALID ID Require peer to have ID s but peer declares s INVALID ID INFORMATION Initial Aggressive Mode packet claiming to be from s on s but no connection has been
78. figuration I nterface 5 2 3 1 Pop up Windows 5 2 3 2 Javascripts 5 2 3 3 Java Permissions 5 3 5 4 5 5 5 6 A 1 A 2 WAN Interface 5 3 1 Can t Get WAN IP Address from the ISP ISP Connection Problems with Date and Time Restoring Factory Defaults Appendix A Product Specifications BiGuard 10 Product Specifications BiGuard 2 Product Specifications Appendix B Customer Support Appendix C FCC Interference Statement Appendix D Network Routing and Firewall Basics D 1 Network Basics D 2 D 3 D 1 1 IP Addresses D 1 1 1 Netmask D 1 1 2 Subnet Addressing D 1 1 3 Private IP Addresses D 1 2 Network Address Translation NAT D 1 3 Dynamic Host Configuration Protocol DHCP Router Basics D 2 1 What is a Router D 2 2 Why use a Router D 2 3 Routing Information Protocol RIP Firewall Basics D 3 1 What is a Firewall D 3 1 1 Stateful Packet Inspection D 3 1 2 Denial of Service DoS Attack D 3 2 Why Use a Firewall Appendix E Virtual Private Networking E 1 What is a VPN E 1 1 VPN Applications E 2 What is IPSec E 2 1 IPSec Security Components E 2 1 1 Authentication Header AH E 2 1 2 Encapsulating Security Payload ESP E 2 1 3 Security Associations SA E 2 2 IPSec Modes E 2 3 Tunnel Mode AH E 2 4 Tunnel Mode ESP E 2 5 Internet Key Exchange IKE Appendix F I PSec Logs and Events F 1 IPSec Log Event Categories F 2 IPSec Log Event Table Appendix G Bandwidth Management with QoS G 1 Overvi
79. fter the device is powered on press itto reset the device or restore to factory default settings 1 RESET 0 3 seconds The Status LED will light 6 seconds above restore to factory default settings this is used when you cannot login to the router E g forgot the password LAN Connect a UTP Ethernet cable Cat 5 or Cat 5e to one of the eight LAN 1X 8X ports when connecting to a PC or an office home network of 10Mbps or RJ 45 connector 100M bps WAN 10 100M Ethernet port with auto crossover support connect xDSL Cable modem here DC12V Connect DC power adapter here DC12V Power 1 3 2 3 Cabling Most Ethernet networks currently use unshielded twisted pair UTP cabling The UTP cable contains eight conductors arranged in four twisted pairs and terminated with an RJ45 type connector One of the most common causes of networking problems is bad cabling Make sure that all connected devices are turned on On the front panel of BiGuard 2 verify that the LAN link and WAN line LEDs are lit If they are not check to see that you are using the proper cabling 15 Chapter 2 Router Applications 2 1 Overview Your BiGuard 2 10 Router is a versatile device that can be configured to not only protect your network from malicious attackers but also ensure optimal usage of available bandwidth with Quality of Service QoS Alternatively BiGuard 2 10 can also be set to handle secure connections with Virtual Private Networking
80. g algorithm that produces a 128 bit hash SHA1 A one way hashing algorithm that produces a 160 bit hash Perfect Forward Secure Choose whether to enable PFS using Diffie Hellman 101 public key cryptography to change encryption keys during the second phase of VPN negotiation This function will provide better security but extends the VPN negotiation time Diffie Hellman is a public key cryptography protocol that allows two parties to establish a shared secret over the Internet Pre shared Key This is for the Internet Key Exchange IKE protocol IKE is used to establish a shared security policy and authenticated keys for services such as IPSec that require a key Before any IPSec traffic can be passed each router must be able to verify the identity of its peer This can be done by manually entering the pre shared key into both sides router or hosts IKE Life Time Allows you to specify the timer interval for renegotiation of the IKE security association The value is in seconds e g 28800 seconds 8 hours Key Life Time Allows you to specify the timer interval for renegotiation of another key The value is in seconds e g 3600 seconds 1 hour Netbios Broadcast Allows BiGuard to send local Netbios Broadcast packet through the IPSec Tunnel please select Enable or Disable Click the Apply button to save your changes After you have created the IPSec connection the account information will be displayed IPSec IPSec Ta
81. ge IKE Provides key management and Security Association SA management These components are discussed below E 2 1 1 Authentication Header AH The Authentication Header AH is a protocol that provides authentication and integrity protecting data from tampering It provides authentication of either all or part of the contents of a datagram through the addition of a header that is calculated based on the values in the datagram The AH can also protect packets from unauthorized re transmission with anti replay functionality The presence of the AH header allows us to verify the integrity of the message but doesn t encrypt it Thus AH provides authentication but not privacy ESP protects data confidentiality Both AH and ESP can be used together for added protection 139 A typical AH packet looks like this Payload Reserved Length Sequence Number Authentication Data E 2 1 2 Encapsulating Security Payload ESP Encapsulating Security Payload ESP provides privacy for data through encryption An encryption algorithm combines the data with a key to encrypt it It then repackages the data using a special format and transmits it to the destination The receiver then decrypts the data using the same algorithm ESP is usually used with AH to provide added data security ESP divides its fields into three components ESP Header Placed before encrypted data the ESP Header contains the SPI and Sequence Number
82. ger on Demand is selected IP Assigned by your ISP If your IP is dynamically assigned by your ISP select the Dynamic radio button If your IP assigns a static IP address select the Static radio button This will take you to another page for inputting the IP address information MAC Address If your ISP requires you to input a WAN Ethernet MAC check the checkbox and enter your MAC address in the blanks below DNS If your ISP requires you to manually setup DNS settings check the checkbox 76 and enter your primary and secondary DNS RIP To activate RIP select Send Receive or Both from the drop down menu To disable RIP select Disable from the drop down menu MTU Enter the Maximum Transmission Unit MTU for your network Click Apply to save your changes To reset to defaults click Reset 4 4 2 5 Big Pond WAN Status 3 Big Pond Quick Start p Connection Method Big Pond Settings Configuration Username LAN Password WAN Retype Password Bandwidth Settings Login server fo fo f 0 system MAC Add I Your ISP requires you to input WAN Ethernet MAC ewe ress Hii MAC Address foo foo Hoo foo fo fo YPN l Your ISP requires you to manually setup DNS settings los TET DNS Primary DNS o fo fo i Virtual Server Secondary DNS fo fo Ic l Ic Advanced RIP Disable gt RIP 2B RIP 2M save Config to Flash MTU 1500 Apply Reset Username Enter your user name Password Ent
83. gos Packet Scheduler Internet Protocol TCP IP Install Uninstall Description Transmission Control Protocol nternet Protocol The default wide area network protocol that provides communication across diverse interconnected networks Show icon ia notification area when connected 51 5 If an IP address subnet mask and a Default gateway are shown write down the information If no address is present your account s IP address is dynamically assigned Click the Obtain an IP address automatically radio button Internet Protocol TCP IP Properties General Alternate Configuration fou can get IP settings assigned automatically if your network supports this capability Otherwise you need to ask your network administrator for the appropriate IP settings Obtain an IF address automatically O Use the following IP address Use the following ONS server addresses 6 If any DNS server addresses are shown write them down Click the Obtain DNS server address automatically radio button Internet Protocol TCP IP Properties General Alternate Configuration Tou can get IF settings assigned automatically if your network supports this capability Othenwite you need to ask your network administrator for the appropriate IF settings Obtain an IP address automatically O Use the following IP address
84. gs Any Local Address z EN o 0o ai Sa Neimose PP PP pse P IPSec Wizard IP Address bo bo b IPSec Policy oe sunt E E T Netmask PD bo pP Po aS ae eee Virtual Server Advanced Save Config to Flash 99 Powering communications with Secu ry ity Connection Name A user defined name for the connection Tunnel Select Enable to activate this tunnel Select Disable to deactivate this tunnel Local This section configures the local host ID This is the identity type of the local router or host Choose from the following four options WAN IP Address Automatically use the current WAN Address as ID IP Address Use an IP address format FQDN DNS Fully Qualified Domain Name Consists of a hostname and domain name For example WWW VPN COM is a FQDN WWW is the host name VPN COM is the domain name When you enter the FQDN of the local host the router will automatically seek the IP address of the FQDN FQUN E Mail Fully Qualified User Name Consists of a username and its domain name For example user vpn com is a FQUN user is the username and ypn com is the domain name Data Enter the ID data using the specific ID type Network Set the IP address IP range subnet or address range of the local network Any Local Address Will enable any local address on the network Subnet The subnet of the local network Selecting this option enables you to enter an IP address and netmask
85. ick Start Configuration save Config to Flash SAVE CONFIG l RESTART OGOUT If the Web Configuration Interface appears congratulations You are now ready to configure your BiGuard 2 10 If you are having trouble accessing the interface please refer to Chapter 5 Troubleshooting for possible resolutions 54 Powering communicahons with Secu rity Chapter 4 Router Configuration 4 1 Overview The Web Configuration Interface makes it easy for you to manage your network via any PC connected to it On the Web Configuration homepage you will see the navigation pane located on the left hand side From it you will be able to select various options used to configure your router Status Refresh Device Information ate Device Name BiGuard10 ol ele System Up Time 0 1 36 9 day hour min sec sel REAR Current Time Mon Aug 1 06 35 57 2005 Sync Now Private LAN Mac Address 00 11 73 24 45 11 Public WAN Mac Address 00 11 73 24 45 00 Firmware Version qa Home URL Billion Electric Co Ltd LAN IP Address 192 168 1 254 Netmask 2552552550 DHCP Server Enabled WAN Connection Method No Link IP Address Netmask Gateway DNS Up Time SAVE CONFIG RESTART Eolcielthi 1 Click Apply if you would like to apply the settings on the current screen to the device The settings will be effective immediately however the configuration is not saved yet and the settings will be erased if you power off or restart the device
86. idates You can also select the Candidates which are referred from the ARP table for automatic input Select the Apply button to apply your changes 4 4 8 2 Port Forwarding Because NAT can act as a natural Internet firewall your router protects your network from being accessed by outside users as all incoming connection attempts will point to your router unless you specifically create Virtual Server entries to forward those ports to a PC on your network 109 When your router needs to allow outside users to access internal servers e g a web server FTP server Email server or game server the router can act as a virtual server You can set up a local server with a specific port number for the service to use e g web HTTP port 80 FTP port 21 Telnet port 23 SMTP port 25 or POP3 port 110 When an incoming access request is received it will be forwarded to the corresponding internal server Virtual Server Port Forwarding TMZ Enable DMZ Function Enable Dicabie OME Addmss Cectidatis M Apply Pon Forwarding Tahko Agel aby Pretoce Extarnal IP Ewtarnal Port intarreal IP internal Port ita F Click Create to add a new port forwarding rule There are two port forwarding modes Port Range Mapping and Port Redirection This function allows any incoming data addressed to a range of service port numbers from the Internet WAN Port to be re directed to a particular LAN private internal IP addre
87. idates which are referred from the ARP table for automatic input 107 Source Port Range The range of source ports this rule applies to Destination Port Range The range of destination ports this rule applies to Click Apply to save your changes Helper You could also select the application type you would like to apply for automatic input 4 4 8 Virtual Server In TCP IP and UDP networks a port is a 16 bit number used to identify which application program usually a server incoming connections should be delivered to Some ports have numbers that are pre assigned to them by the Internet Assigned Numbers Authority IANA and these are referred to as well known ports Servers follow the well known port assignments so clients can locate them If you wish to run a server on your network that can be accessed from the WAN i e from other machines on the Internet that are outside your local network or any application that can accept incoming connections e g peer to peer applications and are using NAT Network Address Translation then you will usually need to configure your router to forward these incoming connection attempts using specific ports to the PC on your network running the application You will also need to use port forwarding if you want to host an online game server The reason for this is that when using NAT your publicly accessible IP address will be used by and point to your router which then needs to deliver all
88. in Mode Aggressive Mode Manual Key ESP AH 3DES ff MD5 Enabled Disabled fizsaser 20000 3600 Seconds C Enabled Disabled i Seconds SAVE CONFIG RESTART LOGOUT LS LLMM 155 Step 2 Go to Configuration gt IPSec and configure the link from BiGuard 2 10 Headquarter to BiGuard 2 10 Branch B Status Quick Start Configuration LAN Bandwidth Settings System Firewall VPN IPSec IPSec Wizard IPSec Policy cd ol Ue a Virtual Server Advanced Save Config to Flash Connection Name Tunnel Local ID Network Remote Secure Gateway ID Network Proposal Secure Association Method Encryption Protocol Authentication Protocol Perfect Forward Secure PreShared Key IKE Life Time Key Life Time Netbios Broadcast Annilw ftest2 Enabled Disabled IP Address Subnet IP Address Hostname Reroew WAN IP Subnet Data IP Address End IP Address Netmask Data Data IP Address End IP Address Netmask nne p 201 201 201 1 201 201 1 201 fi92 i68 T pss fess fs al uii Main Mode Aggressive Mode Manual Key ESP AH 3DES MDS Enabled Disabled 12345676 20600 Seconds 3600 Seconds C Enabled Disabled gt ea SAVE CONFIG RESTART LOGOUT Step 3 Go to Configuration gt IPSec and configure the connection from BiGuard 2 10 Branch A to BiGuard 2 10 Headquarter S
89. log 92 4 4 6 VPN 4 4 6 1 IPSec IPSec is a set of protocols that enable Virtual Private Networks VPN VPN is a way to establish secured communication tunnels to an organization s network via the Internet 4 4 6 1 1 IPSec Wizard IPSec Wizard alatus Step 1 of 3 Connection Information Commection Mame Confituration PreShered Key LAH F I LAN ia LAN LAN 19 LAM Mobile LANL Banded Settings z gt Conmection Type C LAN 13 Host Sys em LAN ta Host Mobile Client LAN i Hoot Far AiGuarnd VPH Client Only Connection Name A user defined name for the connection Interface Select the interface the IPSec tunnel will apply to WAN1 Select interface WAN1 WAN2 Select interface WAN2 Auto The device will automatically apply the tunnel to WAN1 or WAN2 depending on which WAN interface is active when the IPSec tunnel is being established Note Auto only applies to Fail Over mode For Load Balance mode please do not select Auto In Load Balance mode Auto will be forced to WAN1 interface if Auto is selected Pre shared Key This is for the Internet Key Exchange IKE protocol IKE is used to establish a shared security policy and authenticated keys for services such as IPSec that require a key Before any IPSec traffic can be passed each router must be able to verify the identity of its peer This can be done by manually entering the pre shared key into both sides router or hosts 93 Connection Typ
90. lt eypeord Fikenmg l Enable Details Ab sels Enable Details WAN Jomains Filter ng I Disable all WEG trafic except for Tnsied Dor ains Bandwidth Settings l Black wea Applet System a I Black Actes a jestact URL Features l Black Web proxy Packet Filter l Bleck Cooks Black Cooke WAL Filter l Black Surhng by IP Auidress LAN MAC Fifer Bock WAH Reguesi bison Deiechon Exception List VEN Hame IF Abiss oS Lreate i wilwa Serres Adanced Sae Cong to Flach SAVE CONFIG Sid The URL Filter is a powerful tool that can be used to limit access to certain URLs on the Internet You can block web sites based on keywords or even block out an entire domain Certain web features can also be blocked to grant added security to your network URL Filtering You can choose to Enable or Disable this feature 87 Keyword Filtering Click the checkbox to enable this feature To edit the list of filtered keywords click Details Domain Filtering Click the enable checkbox to enable filtering by Domain Name Click the Disable all WEB traffic except for trusted domains check box to allow web access only for trusted domains Restrict URL Features Click Block Java Applet to filter web access with Java Applet components Click Block ActiveX to filter web access with ActiveX components Click Block Web proxy to filter web proxy access Click Block Cookie to filter web access with Cookie components Click Block Surfing by I
91. menu To disable RIP select Disable from the drop down menu MTU Enter the Maximum Transmission Unit MTU for your network Click Apply to save your changes To reset to defaults click Reset 74 4 4 2 3 PPPoE WAN PPPoE Status Quick Start Configuration LAN WAN Bandwidth Settings System Firewall VPN QoS Virtual Server Advanced Save Config to Flash Connection Method Username Password Retype Password Connection Idle Time IP assignd by your ISP MAC Address PPPoE Settings gt Always Connect gt Dynamic IP automatically assigned by your ISP C Fixed Your ISP requires you to input IP address lo l lo ll T Your ISP requires you to input WAN Ethernet MAC MAC Address i 0 foo foc E fo i k foo t foc T Your ISP requires you to manually setup DNS settings Primary DNS lo fo lo Ic Secondary DNS fo fo fo fo RIP Disable gt RIP 2B RIP 2M MTU 1492 Apply Reset Username Enter your user name Password Enter your password Retype Password Retype your password Connection Select whether the connection should Always Connect or Trigger on Demand If you want the router to establish a PPPoE session when starting up and to automatically re establish the PPPoE session when disconnected by the ISP select Always Connect If you want to establish a PPPoE session only when there is a packet requesting access to the Internet i e when a program on your computer attempts
92. nah Hara Enable Local Meteckh Remoleheiwork Remoa Galery Ser Proposal Tunnall s IS Tap Od 132 16 id 200 20 200 1 MAIN Moda ESP OER BIDS cds oO ile E Name This is the user defined name of the connection Enable This function activates or deactivates the IPSec connection Local Subnet Displays IP address and subnet of the local network 102 Remote Subnet Displays IP address and subnet of the remote network Remote Gateway This is the IP address or Domain Name of the remote VPN device that is connected and has an established IPSec tunnel IPSec Proposal This is the selected IPSec security method For examples on how to apply IPSec to your network see Appendix F I PSec Logs and Events 4 4 6 2 PPTP PPTP is a set of protocols that enable Virtual Private Networks VPN VPN is a way to establish secured communication tunnels to an organization s network via the Internet PPTP Status z General Setting Quick Start Configuration LAN WAN Bandwidth Settings System PPTP function Auth Type Data Encryption Encryption Key Length Peer Encryption Mode IP Addresses Assigned to Peer C Enable Disable Pap or Chap x Enable Auto zl Only Stateless x Start from 192 168 1 200 Idle Timeout lS Min L Enable data encryption will use MS CHAPv2 to authenticate the peer IPSec Wizard Apply IPSec Policy PPTP Account Setting QoS Name Enable Type Peer Network Virtual Serve
93. nd vice versa 19 Quality of Service AC Address to 192 168 100 100 To 255 255 255 255 To 65535 me 2 2 6 Management by IP or MAC address BiGuard 2 10 can also be configured to apply traffic policies based on a particular IP or MAC address This allows you to quickly assign different traffic policies to a specific computer on the network Quality of Service WAM Outbound o 20 Powering F 2 2 7 DiffServ DSCP Marking DiffServ a k a DSCP Marking allows you to classify traffic based on IP DSCP values These markings can be used to identify traffic within the network Other interfaces can match traffic based on the DSCP markings DSCP markings are used to decide how packets should be treated and is a useful tool to give precedence to varying types of data Quality of Service Add QoS Rule Interface WAM Outbound Application Packet Type Any Guaranteed Maximum Priority DSCP Marking Address Type Ees ree source MAC Address Premium Source Port Range Gold service L Gold service Destination Port Range Gold service Silver service Silver service Apply 2 3 Virtual Private Networking A Virtual Private Network VPN enables you to send data between two computers across a shared or public network in a manner that emulates the properties of a point to point private link As such it is perfect for connecting branch offices to headquarter acros
94. nets are private networks that connect an organization s locations together These locations range from a headquarter to branch offices to a remote employee s home Intranets are often used for email and for sharing applications and files A firewall protects Intranets from unauthorized access Remote Access Remote access enables mobile workers to access email and business applications Remote access VPNs greatly reduce expenses by enabling mobile workers to dial a local Internet connection and then set up a secure IPSec based VPN communications to their organization E 2 What is IPSec Internet Protocol Security IPSec is a set of protocols and algorithms that provide 138 data authentication integrity and confidentiality as data is transferred across IP networks IPSec provides data security at the IP packet level and protects against possible security risks by protecting data IPSec is widely used to establish VPNs There are three major functions of IPSec Confidentiality Conceals data through encryption Integrity Ensures that contents did not change in transit Authentication Verifies that packets received are actually from the claimed sender E 2 1 IPSec Security Components IPSec contains three major components Authentication Header AH Provides authentication and integrity Encapsulating Security Payload ESP Provides confidentiality authentication and integrity Internet Key Exchan
95. network environments such as small office LANs A Class B address provides 16 bits of node numbers which enable 65 536 nodes Since most organizations don t require such a large number of nodes the free bits can be reassigned with subnet addressing Multiple Class C addresses can be made from a Class B address For example the IP address of 172 20 0 0 allows eight extra bits to use as a subnet address since node addresses are limited to a maximum of 255 The IP address of 172 20 52 212 would be read as IP network address 172 20 subnet number 52 and node number 212 Besides extending the number of available addresses this technique also allows a network manager to design an address scheme for the network by using different subnets This can be useful when trying to distinguish other geographical locations in the network or other departments in the organization D 1 1 3 Private IP Addresses When isolated from the Internet the hosts on your local network may be assigned IP addresses with no conflicts However the Internet Assigned Numbers Authority IANA has reserved several blocks of IP addresses for private networks These include 10 0 0 0 10 255 255 255 172 16 0 0 172 16 255 255 192 168 0 0 192 168 255 255 When assigning IP addresses to your private network be sure to use IP addresses from these ranges 134 D 1 2 Network Address Translation NAT Traditionally multiple PCs that needed simultaneous Int
96. nformation from your PC s Network TCP IP Properties window before reconfiguring your computer for use with BiGuard 2 10 The following sections describe how you can obtain this information This section uses illustrations from Windows XP However other versions of Windows will follow a similar procedure Have your Windows CD handy as it may be required during the configuration process 1 Select Start gt Settings gt Control Panel 3 W Kear Connections Gh Printers and Fass Teskber and Sart Menu w F Airc ete Buby Cage arg Tiroa Toe Lastolite Sour fie Sate rel 3 Trikia and Last apie Margi Aio Dewane Shart Marui 50 3 In the Network Connections window right click Local Area Connection and select Properties Pehr Copied ip Pm Ect We Favorites Joe Airt ep J o oseh rote AG Neteork Connections Abe ert Tianhe E i ta TESE b ee Tai nii Set up a hore or asl HILS riri al Deedes Hee eter Se more Chin Cone oe Perupe ha oe re ta ei oe Cl Socio A Chars oibie it oh ora Other Places fete hare af Mu fan Mg Py De 4 H Corre 4 Select Internet Protocol TCP IP and click Properties t Local Area Connection Properties PIX General Authentication Advanced Connect using Ea NVIDIA nForce Networking Controller This connection uses the following tems El Client for Microsoft Networks File and Printer Sharing for Microsott Networks ft
97. ng in Configure this WAN interface with a specific IP address This IP address should be provided by your ISP PPPoE PPP over Ethernet is Known as a dial up DSL or cable service It PPPoE is designed to integrate the broadband services into the current widely deployed easy to use and low cost dial up access networking infrastructure PPTP If your ISP provides a PPTP connection you can use the PPTP protocol to establish a connection to your ISP Big Pond The Big Pond login for Telstra cable in Australia If your account uses PPP over Ethernet PPPoE you will need to enter your login name and password when configuring your BiGuard 2 10 After the network and firewall are configured BiGuard 2 10 will login automatically and you will no longer need to run the login program from your PC 3 6 2 Configuration Information If your ISP does not dynamically assign configuration information but instead uses fixed configurations you will need the following basic information from your ISP An IP address and subnet mask A gateway IP address One or more domain name server DNS IP addresses 49 Depending on your ISP a host name and domain suffix may also be provided If any of these items are dynamically supplied by the ISP your BiGuard 2 10 will automatically acquire them If an ISP technician configured your computer or if you configured it using instructions provided by your ISP you need to copy the configuration i
98. nnections to the ISP NAT static routing and RIP 2 Dynamic Domain Name System DDNS Virtual Server and DMZ DHCP Server NTP Physical I nterface Ethernet WAN 1 ports 10 100 Base T support Auto Crossover MDI MDIX Ethernet LAN 8 ports 10 100 Base T switch support Auto Crossover MDI MDIX Physical Specifications Dimensions 18 98 x 6 54 x 1 77 482mm x 166 mm x 45mm with Bracket 9 84 x 6 54 x 1 38 250mm x 166 mm x 35mm non Bracket Power Requirement Input 12VDC 1A Operating Environment Operating temperature 0 40 degrees Celsius Storage temperature 20 70 degrees Celsius Humidity 20 95 non condensing 128 A 2 BiGuard 2 Product Specifications Virtual Private Network IPSec VPN supports up to 2 IPSec tunnels IPSec VPN performance is up to 4 Mbps PPTP VPN support up to 4 PPTP tunnels PPTP VPN performance is up to 10 Mbps Manual key Internet Key Exchange IKE authentication and Key Management Authentication MD5 SHA 1 DES 3DES encryption AES 128 192 256 encryption IP Authentication Header AH IP Encapsulating Security Payload ESP Dynamic VPN FQDN support Supports remote access and office to office IPSec Connections Firewall Stateful Packet Inspection SPI and Denial of Service DoS prevention Packet filter un permitted inbound WAN Inbound LAN Internet access by IP address port number and packet type Email alert an
99. nt Categories There are three major categories of IPSec Log Events for your BiGuard 2 10 These include 1 IKE Negotiate Packet Messages 2 Rejected IKE Messages 3 IKE Negotiated Status Messages The table in the following section lists the different events of each category and provides a detailed explanation of each F 2 IPSec Log Event Table Log Event Explanation Send Main mode initial message of Sending the first initial message of main mode phase Done to exchange ISAKMP encryption algorithm hash algorithm and authentication method Send Aggressive mode initial Sending the first message of aggressive mode phase message of ISAKMP Received Main mode initial Received the first message of main mode message of ISAKMP Send Main mode first response Sending the first response message of main mode Done to exchange message of ISAKMP encryption algorithm hash algorithm and authentication method Received Main mode first response Received the first response message of main mode Done to exchange message of ISAKMP encryption algorithm hash algorithm and authentication method Send Main mode second message Sending the second message of main mode Done to exchange key values of ISAKMP Received Main mode second Received the second message of main mode Done to exchange key message of ISAKMP values 144 Send Main mode second response message of ISAKMP Received Main mode second respon
100. nt unauthorized access to your router s configuration interface it requires the administrator to login with a password You can change your password by entering your new password in both fields Click Apply to save your changes Click Reset to reset to the default administration password admin 4 4 4 7 System Log Server Status alll Quick Start rine Send Log To Remote Server Enzble Disable Cooniguration i Log serer IF Addre 12 ibe 1 LAN ai an WAN Appi Randwidth Settings System Time Jone Remote Access Fimr are Upgrade Backup Restore Restart Password system Lag Server ae Alen Virlual Server Adranced save Cong to Flach This function allows BiGuard 2 10 to send system logs to an external Syslog Server Syslog is an industry standard protocol used to capture information about network activity To enable this function select the Enable radio button and enter your Syslog server IP address in the Log Server IP Address field Click Apply to save your changes To disable this feature simply select the Disable radio button and click Apply 83 4 4 4 8 E mail Alert E Mail Alert Parameters E Mail Alet Ensbe Disable Conigur ion a 7 j Recipient E f ail Address LAH i Sender s E Mai Address WaN iik SMTP Mal Serer Eandwidih Settings 7 i Mail Serre Login Encble amp JisaHe T Tolem Us eran Fasswond TETTI Pemole Access ES immediat
101. ol Protocollnternet Protocol The default Wide area network protocol that provides communication across diverse interconnected networks M Show icon in taskbar when connected 6a To have your PC obtain an IP address automatically select the Obtain an IP address automatically and Obtain DNS server address automatically radio buttons Internet Protocol TCP IP Properties d ajx General fou can get IP settings assigned automatically if your network supports this capability Othenvwse you need to ask your network administrator for the appropriate IP settings Obtain an IF address automatically Use the following IF address IP address Subnet mask Detault gateway Use the following ONS server addresses Preferred DHS server Alternate DHS server 35 6b To manually assign your PC a fixed IP address select the Use the following IP address radio button and enter your desired IP address subnet mask and default gateway in the blanks provided Remember that your PC must reside in the same subnet mask as the router To designate a DNS server select the Use the following DNS server and fill in the preferred DNS address Internet Protocol TCP IP Properties General You can get IP settings assigned automatically if pour network supports this capability Othenvise you need to ask your network administrator for the appropriate IP settings Obtain an IP addre
102. on File and Print Sharing Description TCP IP ts the protocol you use to connect to the Internet and wide area network 4 Select the IP Address tab and click the Obtain an I P address automatically radio button TCP IP Properties 3 Bindings Advanced NetBlos ONS Configuration Gateway WINS Configuration F Address n F address can be automatically assigned to this computer IF your network does not automatically assign IP addresses ask pour network administrator for an address and then type it in the space below C Specify an IF address 44 5 Select the DNS Configuration tab and select the Disable DNS radio button T CP IP Properties magts arais Ula SEWED Seaton elar f i ft 4 FETE ni Domat Sui searc Aden oo ir 6 Click OK to apply the configuration Se Client for Microsott Wetworks Microsoft Family Logon ADSL Company ADSL USE Modem W ASUST ek Broadcom 440 10 100 Integrated Controller W Dial Up Adapter REMENE opens Microsoft Family Logon 45 Powering communica with O CU rity 3 4 4 3 Verifying Settings To check the TCP IP configuration use the winipcfg exe utility 1 Select Start gt Run I 1 j i Ent ia Beate mare ate anwad Addres 2 a Control Panel Add Remove Date Time Desktop Display Game Hardware Programs Themes Controllers Internet Keyboard Moderns Mouse Multimedia Network NVIDIA nyiew Options
103. on Up to 2 simultaneous IPSec VPN connections are possible on BiGuard 2 10 with performance of up to 4Mbps 1 2 2 Advanced Firewall Security Aside from intelligent broadband sharing BiGuard 2 10 offers integrated firewall protection with advanced features to secure your network from outside attacks Stateful Packet Inspection SPI determines if a data packet is permitted to enter the private LAN Denial of Service DoS prevents hackers from interrupting network services via malicious attacks In addition BiGuard 2 10 firewall can be configured to alert you via email should your network come under fire offering both tight network security and peace of mind 10 1 2 3 Intelligent Bandwidth Management BiGuard 2 10 utilizes Quality of Service QoS to give you full control over the priority of both incoming and outgoing data ensuring that critical data such as customer information moves through your network even while under a heavy load Transmission speeds can be throttled to make sure users are not saturating bandwidth required for mission critical data transfers Priority types of upload data can also be changed allowing BiGuard 2 10 to automatically sort out actual speeds for unmatched convenience 1 3 Package Contents 1 3 1 BiGuard 10 BiGuard 10 iBusiness Security Gateway Small Office Bracket x 2 for rack mounting Screw x 4 for rack mounting Getting Started CD ROM Quick Start Guide AC DC Power Adapter 12VDC 1A
104. on to add the configuration into the Host Table Press the Delete button to delete a configuration from the Host Table de 4 4 2 WAN WAN refers to your Wide Area Network connection In most cases this means your router s connection to the Internet through your ISP WAN Sias DOP Quick Start nei Conneciion Plelhod Obiam an IP Address Autorraticclly Lannigurairon nee a 3 3 7 z ost Hame HAC Adds Secondary DNS f i i 7 EIP Diszhls amp PIPE C 2iP2M MTJ 1501 See Conig to Flach Connection Method Select how your router will connect to the Internet Selections include Obtain an IP Address Automatically Static I P Settings PPPoE Settings PPTP Settings and Big Pond Settings For each WAN port the factory default is DHCP If your ISP does not use DHCP select the correct connection method and configure the connection accordingly Configurable items will vary depending on the connection method selected 4 4 2 1 DHCP WAN Salus DHOP Quick Start nei Connection hethod Oban an F Address Aubtoraticelly Coniquration er A o Heme T Your GP raquiras yau to input WAN Ethernet WAC WAC Auid ess foo Soc Hoc Shoo Ti Boo T Your ISF requires you bo manually setup DNS setings IHS Frnmary DAS T E A IT Secondary DNS c i I i RIP Dischle RIP2B C 2IP2M MTJ 150 Aap Reset eave Conig bo Flach Host Name Some ISPs authenticate logins using this field MAC Address If your ISP requires
105. ou only want to allow pop up windows with your BiGuard 2 10 1 In Internet Explorer select Tools gt Internet Options 2 Under the Privacy tab click Settings to open the Pop up Blocker Settings dialogue 3 Enter the IP address of your router 4 Click Add to add the IP address to the list of Allowed sites 5 Click Close to return to the Privacy tab of the Internet Options dialogue 6 Click Apply to save your changes 5 2 3 2 Javascripts If the Web Configuration Interface is not displaying properly in your browser check to make sure that JavaScripts are allowed 1 In Internet Explorer click Tools gt Internet Options 2 Under the Security tab click Custom Level 122 Beles aaah caient Borie M ipii at eecuety bering Pron Lonel rie Tiii Gl Fett ml mimg Vise shia Enab Tha pre Corry a yet pes jae H O Pron PEET Em JB Seed of bee meets O mais p Demak beea bia Pei it ushia 49 charge wating ch Coie Tb ines tea aAA aAa ete Cipla Lined Cone 3 Under Scripting check to see if Active scripting is set to Enable 4 Ensure that Scripting of Java applets is set to Enable 5 Click OK to close the dialogue 5 2 3 3 Java Permissions The following Java Permissions should also be given for the Web Configuration Interface to display properly 1 In Internet Explorer click Tools gt Internet Options 2 Under the Security tab click Custom Level ec Poem reo Fe
106. p e Ee aea Other Pler g Cib Pire uy Ay Pienk Paces th Drar 162 Step10 Input PPTP Server Address and press Next ti i ee h arre iae E D E Ph fo en TD Agent A nagrerk Correctors fertedrh Tarka laj zenis A rem ar 5 VEN Server Selection Setup a home or mrw Weal a lhe rare w pda d lha VIN eee sar emri gi Cag hindoe ena Laii Teee haa neea hene Prococe P odda of the commuter ic mhh you re ea Ta Tag Aka F Heat rama or iF khaaa Bor pag m conor 197 54 5 1 TO PO P LL teeter Te te 00 FOO hog Other Pleres g Latin Mie fed Pty Primak Places h erie E Hi Cee smock C es oc Step11 Please press Finish L L L Mehek ampeg ie Fertword Tasks Hew Cannerition Wisard fish nie hese Chore Eon a wi Gal E a Completing the New Connection ete relecrl 5 4 Wizard i Cog indo Preval D f niFgi Tou Paper Oar nged Pe lee needed ID a crate the loimi irran i J x Ter Aha a Dhr wih al aera of n como J iak The ees Other Plane The comrescnon Wi fe ed in che Maaori Ln h g Caini Pee fed Piy Prierert Places fp Bocce af My Comey To genit the comedian and ciaee thin maa click Pirie cii fram rs 163 Step12 Double click the connection and input Username and Password that defined in BiGuard PPTP Account Settings bi po mmh j Poker Tea Fn fe ete Coos bors LAK or righ Speed internet i Laii BES ri a i i i Liy See Deme e i N m
107. r send OFFER 192 168 1 100 DHCP server send ACK 192 168 1 100 Connecting to ISP for WWAN DHCP client send discover DHCP client select IP 192 168 17 54 DHCP client Obtain IP 192 168 17 54 lease time 300 DHCP bound IP address to 192 168 17 54 255 255 255 0 ISP of WAN connection has been established DHCP client send renew DHCP client Obtain IP 192 168 17 54 lease time 300 DHCP renew DHCP client send renew Refiesh Clear Log Send Log Save Log SAVE CONFIG RESTART Eoelcielthi Refresh Refresh the System Log Clear Log Clear the System Log Send Log Send the System Log to your email account You can set the email address in Configuration gt System gt Email Alert See the Email Alert section for more details Save Log Save the System log to a text file 63 4 2 8 IPSec Log This page displays the router s IPSec Log entries Major events are logged to this window IPSec Log Status ARP Table Routing Table session Table DECF Tale IPSec Status PFTP Status System Log IPSec Log Quick Start Coniguration 3a Cong to Flash Se ae Refresh Refresh the IPSec Log Clear Log Clear the IPSec Log Send Log Send IPSec Log to your email account You can set the email address in Configuration gt System gt Email Alert See the Email Alert section for more details Save Log Save the IPSec log to a text file Please refer to Appendix F IPS
108. r Create reate Advanced save Config to Flash PPTP function Select Enable to activate PPTP Server Disable to deactivate PPTP Server function Auth Type The authentication type Pap or Chap PaP Chap Data Encryption Select Enable or Disable the Data Encryption Encryption Key Length Auto 40 bits or 128 bits Peer Encryption Mode Only Stateless or Allow Stateless and Stateful IP Addresses Assigned to Peer Start from 192 168 1 x please input the IP assigned range from 1 254 except BiGuard 30 s LAN IP address with 192 168 1 254 as BiGuard 30 s default LAN IP address and IP pool range of DHCP server settings with 100 199 as BiGuard 30 s default DHCP IP pool range Idle Timeout Min Specify the time for remote peer to be disconnected without any activities from 0 120 Click Create to create a new PPTP VPN connection account 103 PPTP Add PPTP Accouns Cannaction Mama n Tunnel amp Enable Oisatie Lsurmamne j Pasaword Eo l Fetype Panewoed Connection Type E Romote 4ocene LAN te LAN Paar Network IP SS SS os ee Peer Metmaak E E gq Malbins roras Bnable Dinas Appt Connection Name A user defined name for the connection Tunnel Select Enable to activate this tunnel Select Disable to deactivate this tunnel Username Please input the username for this account Password Please input the password for this account Retype Password Please repeat the same password as p
109. raged to try to correct the interference by one or more of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment and the receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radio TV technician for help Notice Changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment 132 Appendix D Network Routing and Firewall Basics D 1 Network Basics D 1 1 IP Addresses With the number of TCP IP networks interconnected across the globe ensuring that transmitted data reaches the correct destination requires each computer on the Internet has a unique identifier This identifier is known as the IP address The Internet Protocol IP uses a 32 bit address structure and the address is usually written in dot notation A typical IP address looks like this 198 25 12 8 The 32 bits of the address are subdivided into two parts The first part of the address identifies the network while the second part identifies the host node or station on the network How the address is divided depends on the address range and the application The five standard IP address classes each have different methods to determine the network and host sections of the address which makes multiple hosts on a network
110. re Version Home URL LAN IP Address Netmask DHCP Server WAN Connection Method IP Address Netmask Gateway DNS Up Time BiGuard10 0 1 36 9 day hour min sec Mon Aug 1 06 35 57 2005 00 11 73 24 45 11 00 11 73 24 45 00 1 03 Billion Electric Co Ltd 192 166 1 254 266 250 2000 Enabled No Link 56 Refresh Sync Now 4 2 1 ARP Table The Address Resolution Protocol ARP Table shows the mapping of Internet IP addresses to Ethernet MAC addresses This is a quick way to determine the MAC address of your PC s network interface to use with the router s Firewall MAC Address Filter function See the Firewall section of this chapter for more information on this feature ARP Table IP lt gt MAC List Pai IP Address MAC Agdi ti laita Stabe 1 192 168 1 100 0ST BA FE IEJ LAN no No Number of the list IP Address A list of IP addresses of devices on your LAN MAC Address The Media Access Control MAC addresses for each device on your LAN Interface The interface name on the router that this IP address connects to Static Static status of the ARP table entry NO indicates dynamically generated ARP table entries YES indicates static ARP table entries added by the user 57 4 2 2 Routing Table The Routing Table displays the current path for transmitted packets Both static and dynamic routes are displayed Routing Table Roming Tahle Wy Destination Nolivaah Gateway tetera
111. regulations for the safe disposal of electronic products to protect the environment 1 1 1 2 1 3 2 1 2 2 2 3 Table of Contents Chapter 1 Introduction Overview Product Highlights 1 2 1 Virtual Private Network Support 1 2 2 Advanced Firewall Security 1 2 3 Intelligent Bandwidth Management Package Contents 1 3 1 BiGuard 10 1 3 1 1 Front Panel 1 3 1 2 Rear Panel 1 3 1 3 Rack Mounting 1 3 1 4 Cabling 1 3 2 BiGuard 2 1 3 2 1 Front Panel 1 3 2 2 Rear Panel 1 3 2 3 Cabling Chapter 2 Router Applications Overview Bandwidth Management with QoS 2 2 1 QoS Technology 2 2 2 QoS Policies for Different Applications 2 2 3 Guaranteed Maximum Bandwidth 2 2 4 Policy Based Traffic Shaping 2 2 5 Priority Bandwidth Utilization 2 2 6 Management by IP or MAC address 2 2 7 DiffServ DSCP Marking Virtual Private Networking 2 3 1 General VPN Setup 2 3 2 Concentrator 3 1 3 2 3 3 3 4 3 5 3 6 Chapter 3 Getting Started Overview Before You Begin Connecting Your Router Configuring PCs for TCP IP Networking 3 4 1 Overview 3 4 2 Windows XP 3 4 2 1 Configuring 3 4 2 2 Verifying Settings 3 4 3 Windows 2000 3 4 3 1 Configuring 3 4 3 2 Verifying Settings 3 4 4 Windows 98 ME 3 4 4 1 Installing Components 3 4 4 2 Configuring 3 4 4 3 Verifying Settings Factory Default Settings 3 5 1 Username and Password 3 5 2 LAN and WAN Port Addresses I nformation From Your ISP 3 6 1 Protocols 3 6 2 Configuration Information
112. revious field Connection Type Select Remote Access for single user Select LAN to LAN for remote gateway Peer Network IP Please input the IP for remote network Peer Netmask Please input the Netmask for remote network Netbios Broadcast Allows BiGuard to send local Netbios Broadcast packet through the PPTP Tunnel please select Enable or Disable 4 4 7 Qos BiGuard 2 10 can optimize your bandwidth by assigning priority to both inbound and outbound data with QoS This menu allows you to configure QoS for both inbound and outbound traffic 104 Quality of Service alus WAH Outheund Quick Start i Qai irinn t Enchle Disable Fale Tabe Q Canbgurdion l Max ISF bandwidth TEU Bobps Bandwidth Settiags g LAN WAH bound WWAN QoS iracion Frchie amp Disahie Rule Tabe Q Bantah Settings 3 i ee Max ISP Eandwaidth 102400 kbps Eandwadih Settiags iD System Firma App Adanced da Long to Flach The first menu screen gives you an overview of which WAN ports currently have QoS active and the bandwidth settings for each WAN Outbound QoS Function QoS status for WAN outbound Select Enable to activate QoS for WAN s outgoing traffic Select Disable to deactivate Max ISP Bandwidth The maximum bandwidth afforded by the ISP for WAN s outbound traffic WAN Inbound QoS Function QoS status for WAN inbound Select Enable to activate QoS for WAN s incoming traffic Select Disable to deactivate
113. reviously Restrict URL Features Use this to disable certain web features Select the options you want Block Java Applet Block ActiveX Block Web proxy Block Cookie Block Surfing by IP Address and click Apply to save your changes You may also designate which IP addresses are to be excluded from these filters by adding them to the Exception List To do so click Add 89 Bandwidth Settings Jroen Firma Packet Filter URL Filter LAN MAC Filter Bock WAH Riequnesi lbusion Deiecbon WF i i Enter a name for the IP Address and then enter the IP address itself Click Apply to save your changes The IP address will be entered into the Exception List and excluded from the URL filtering rules in effect 4 4 5 3 LAN MAC Filter rr ae i E aLUsS ini AN bie a AN Handed Settings Sys 02m Firesrall Pecka Filter URL Filter LAN MAC Filter Flock WAH Request Inim Deerin Ny P H 90 Powering communications with Security LAN Mac Filter can decide that BiGuard will serve those devices at LAN side or not by MAC Address Default Rule Forward or Drop all LAN requests Forward by default Create You can also input a specified MAC Address to be dropped or Forward without depending on the default rule E LAN MAC Filter JLLS Create Rule ukk Sia Rule Enable Disable Conheurati wi Acton Wher Mabkthed Drop Hac Addes Candies Apply
114. s a percentage 106 YO we rin te Priority The priority assigned to this service Select a value from O to 6 O being highest DSCP Marking Used to classify traffic Select from Best Effort Premium Gold Service High Medium Low Silver H M L and Bronze H M L Address Type The type of address this rule applies to Select IP Address or MAC Address For IP Address default Source IP Address Range The range of source IP Addresses this rule applies to Destination IP Address Range The range of destination IP Addresses this rule applies to Source Port Range The range of source ports this rule applies to Destination Port Range The range of destination ports this rule applies to Helper You could also select the application type you would like to apply for automatic input Click Apply to save your changes For MAC Address m Quality of Service alus Ga Add QeS Rale Quick Start Interface WAN Outbound Conigur ion es Application LAN f Guarniced fi Ga TAN Maximum fioo T Eandwidth Settings ae Fronty 3 Honea System em DSCP Mabig Disab EI Address Type IP Addrass MAC Addrass Source MAC Address Candidate ti fez XAA AEE FProtacal Any Source Pot Range Helper From fi daie Destination Pot Range Helpar iO Femi Sarre Gong to Flach Apply SAVE CONFIG Shiatald Source MAC Address The source MAC Address of the device this rule applies to Candidates You can also select the Cand
115. s the Internet in a secure fashion The following section discusses Virtual Private Networking with BiGuard 2 10 2 3 1 General VPN Setup There are typically three different VPN scenarios The first is a Gateway to Gateway setup where two remote gateways communicate over the Internet via a 21 secure tunnel 100 100 100 1 700 200 200 192168 2x 192 1683 SECURE Tunnel The next type of VPN setup is the Gateway to Multiple Gateway setup where one gateway Headquarter is communicating with multiple gateways Branch Offices over the Internet As with all VPNs data is kept secure with secure tunnels 200 200 200 1 ijj 7 P J pi m oOo 192 168 3 x 100 100 100 1 a mje Secure Tunnel 201 201 201 1 192 166 2 x a n rhe 4 99 4664 x The final type of VPN setup is the Client to Gateway A good example of where this can be applied is when a remote sales person accesses the corporate network over a secure VPN tunnel 100 100 100 1 EE ii BiGuard Client VPN provides a flexible cost efficient and reliable way for companies of all sizes to my lD d ndns org SSS a 192 168 2 x stay connected One of the most important steps in setting up a VPN is proper planning The following sections demonstrate the various ways of using BiGuard 2 10 to setup your VPN 2 3 2 Concentrator The VPN Concentrator provides an easy way for branch offices to connect to headquarter through a VPN tunnel All bran
116. se message of ISAKMP Send Main mode third message of ISAKMP Received Main mode third message of ISAKMP Send Main mode third response message of ISAKMP Received Main mode third response message of ISAKMP Received Aggressive mode initial ISAKMP Message Send Aggressive mode first response message of ISAKMP Received Aggressive mode first response message of ISAKMP Send Aggressive mode second message of ISAKMP Received Aggressive mode second ISAKP Message Send Quick mode initial message Received Quick mode initial message Send Quick mode first response message Sending the main mode second response message Done to exchange key values Received the main mode second response message Done to exchange key values Sending the third message of main mode Done for authentication Received the third message of main mode Done for authentication Sending the third response message of main mode Done for authentication Received the third response message of main mode Done for authentication Received the first message of aggressive mode Sending the first response message of aggressive mode Done to exchange proposal and key values Received the first response message of aggressive mode Done to exchange proposal and key values Sending the second message of aggressive mode Done to exchange proposal and key values Received the second message of aggressive mode Done to
117. ss This option gives you the ability to handle applications that use more than one port such as games and audio video conferencing 110 Virtual Server Add Forwarding Rule Status Lies otart ae He o Coniguradion Protocol Ary Extermal Port Redireri Por 1 External IP Aude ness o Intemal IP Address Candedstes W T p p pii Ssonei F OLID tear drmamtaly assayed IiE Serve Cong bo Flash LOGOUT Application User defined application name for the current rule Helper You could also select the application type you would like to apply for automatic input Protocol type please select protocol type External Port Enter the port number of the service that will be sent to the Internal IP address Redirect Port Enter a new port number for the service that will be sent to the Internal IP address External Port Range Enter the port number of the service that will be sent to the Internal IP address Internal IP Address Enter the LAN server host IP address that the service request from the Internet will be sent to Candidates You can also select the Candidates which are referred from the ARP table for automatic input NOTE You need to give your LAN server host a static IP address for the Virtual Server to work properly Click Apply to save your changes Using port forwarding does have security implications as outside users will be able to connect to PCs on your network For this reason using sp
118. ss automatically IP address 192 7668 1 100 Subnet mask 255 255 256 U Default gateway 192 768 1 254 Obtain DHG server address automatically f Use the following ONS server addresses Preferred DNS server 192 168 1 254 Advanced Alternate DNS server 7 Click OK to finish the configuration 3 4 3 2 Verifying Settings 1 Click Start gt Programs gt Accessories gt Command Prompt Accessibility Communications Entertainment Games Microsoft Script Debugger System Tools Address Book Calculator oe Conmmand Prompt Accessories Sdministrative Tools Documents E Internet Explorer Outlook Express Raiden TPO Settings Search Help Run Shut Gown 36 2 In the Command Prompt window type ipconfig and then press ENTER Commat t Microsoft Windows 2000 Version 5 00 2195 CG Copyright 1985 20060 Microsoft Corp C Documents and Settings Administrator gt ipconf iym If you are using BiGuard 2 10 s default settings your PC should have An IP address between 192 168 1 1 and 192 168 1 253 A subnet mask of 255 255 255 0 Comme pt lel Ea Microsoft Windows 2000 Version 5 00 2195 cC Copyright 1985 2000 Microsoft Corp C Documents and Settings Administrator gt ipconfig Windows 2000 IP Configuration Ethernet adapter Local Area Connection Connection specific DH Suffix IP Address 2 onono 192 16
119. st some types of attacks the firewall can discard intruder packets thereby fending off the hacker from the private network D 3 1 1 Stateful Packet Inspection BiGuard 2 10 uses Stateful Packet Inspection SPI to protect your network from intrusions and attacks Unlike less sophisticated Internet sharing routers SPI ensures secure firewall filtering by intercepting incoming packets at the network layer and analyzing them for state related information that is associated with all network connections User level applications such as Web browsers and FTP can make complex network traffic patterns which BiGuard 2 10 analyzes by looking at groups of connection states All state information is stored in a central cache Traffic passing through the firewall is analyzed against these states and then is either allowed to pass through or rejected D 3 1 2 Denial of Service DoS Attack A hacker may be able to prevent your network from operating or communicating by launching a Denial of Service DoS attack The method used for such an attack can be as simple as merely flooding your site with more requests than it can handle A more sophisticated attack may attempt to exploit some weakness in the operating system used by your router or gateway Some operating systems can be disrupted by simply sending a packet with incorrect length information D 3 2 Why Use a Firewall With a LAN connected to the Internet through a router there is a chan
120. t For detailed instructions on configuring WAN settings please refer to the WAN section of this chapter 4 4 Configuration The Configuration menu allows you to set many of the operating parameters of the BiGuard 2 10 In this menu you will find the following sections LAN WAN Bandwidth Settings System Firewall 69 VPN QoS Virtual Server Advanced These items are described below in the following sections Status Status Device Information Quick Start 5 Device Name Configuration System Up Time via Current Time WAN Private LAN Mac Address Bandwidth Settings Public WAN Mac Address System a Firmware Version Firewall Home URL VPN LAN i IP Address Virtual Server Netmask Advanced See Save Config to Flash WAN Connection Method IP Address Netmask Gateway DNS Up Time 4 4 1 LAN Refresh BiGuard10 0 0 14 16 day hour min sec Mon Aug 1 05 14 04 2005 00 11 73 24 45 11 00 11 73 24 45 00 1 03 Billion Electric Co Ltd Sync Now 192 168 1 254 255 255 255 0 Enabled No Link There are two items within this section Ethernet and DHCP Server Status Status Device Information Quick Start Device Name Configuration LAN WAN System Up Time Current Time Private LAN Mac Address Bandwidth Settings l Public WAN Mac Address system Firmware Version Home URL LAN IP Address Firewall VPN QoS Virtual S
121. t access is usually done through a slower WAN link such as a cable or DSL modem To efficiently use this slower connection a router acts as a mechanism for selecting and transmitting data meant for the Internet By using a router organizations can enjoy relatively inexpensive Internet access while maintaining a high speed local area network D 2 3 Routing Information Protocol RIP Routing Information Protocol RIP is an interior gateway protocol that specifies how routers exchange routing table information Routers periodically update each other with RIP changing their routing tables when necessary BiGuard 2 10 supports the RIP protocol RIP also supports subnet and multicast protocols RIP is not required for most home applications D 3 Firewall Basics D 3 1 What is a Firewall Firewalls prevent unauthorized Internet users from accessing private networks connected to the Internet All messages entering or leaving the intranet pass through the firewall which examines each message and blocks those that do not meet the specified security criteria With the functionality of a NAT router the 136 firewall adds features that deal with outside Internet intrusion and attacks When an attack or intrusion is detected the firewall can be configured to log the intrusion attempt and can also notify the administrator of the incident With this information the administrator can work with the ISP to take action against the hacker Again
122. tatus General Support Connection Status Connected Duration daps 01 15 02 Speed 100 0 Mbps Archivity Receved Packets 346 If you are using BiGuard 2 10 s default settings your PC should Have an IP address between 192 168 1 1 and 192 168 1 253 Have a subnet mask of 255 255 255 0 Local Area Connection Status IX General Support Internet Protocol TCPIF Address Type Assigned by DHCP IP Address 192 168 1 100 Subnet Mask 255 255 255 0 Default Gateway 192 168 1 254 32 3 4 3 Windows 2000 3 4 3 1 Configuring 1 Select Start gt Settings gt Control Panel E windows Update Programs Documents Settings Search Help H Taskbar amp Start Menu Run Shut Down Windows2000 Advanced Server 2 In the Control Panel window double click Network and Dial up Connections J Control Panel File Edit View Favorites Tools Help d Back op fey G Search L4 Folders ga As OG x Ez Address Control Panel T a HL wae 5a F JT E ao 8 amp amp ww Accessibility Add Remove Automatic Control Panel Options Hardware Programs Toals Updates Network and Dial up Connections pa r Lar AL Connects bo other computers networks and the Internet Windows Update P Windows 2000 Support yD ig Internet KeyOoard Licensing Network and Options Dial up Connections NVIDIS view Phone and Power Options Printers Regional Desktop Mi Modem Options Scanners
123. tatus Quick Start Configuration LAN WAN Bandwidth Settings System Firewall YPN IPSec IPSec Wizard IPSec Policy eile QoS Virtual Server Advanced Save Config to Flash Connection Name Tunnel Local ID Network Remote Secure Gateway ID Network Proposal Secure Association Method Encryption Protocol Authentication Protocol Perfect Forward Secure PreShared Key IKE Life Time Key Life Time Netbios Broadcast Annly ftest1 Enabled Disabled iP Address Subnet IP Address Hostname Remote WAN IP Subnet Data IP Address End IP Address Netmask Data Data IP Address End IP Address Netmask LT l Main Mode Aggressive Mode Manual Key ESP AH 3DES MDS Enabled Disabled f 2345676 28800 Seconds 3600 Seconds C Enabled Disabled 156 gt pui SAVE CONFIG RESTART Eolcielthi Step 4 Go to Configuration gt IPSec and configure the connection from the BiGuard 2 10 Branch B to BiGuard 2 10 Headquarter test Enabled Disabled iP Address est o Status Quick Start ho Oo ho Oo a ho G Configuration i Hi LAN d 1 Bandwidth Settings Netmask 255 255 255 system Firewall fir Address Hostname z E 100 100 100 1 F Remote WANIP Z Data fi 100 1001 Sec Pases P pP p f IPSec Wizard Subnet z ee fo P P i IPSec Policy Netmask
124. to access the Internet select Trigger on Demand Idle Time Auto disconnect the router when there is no activity on the line for a predetermined period of time Select the idle time from the drop down menu Active if Trigger on Demand is selected IP Assigned by your ISP If your IP is dynamically assigned by your ISP select the Dynamic radio button If your IP assigns a static IP address select the Static radio button and input your IP address in the blank provided MAC Address If your ISP requires you to input a WAN Ethernet MAC check the checkbox and enter your MAC address in the blanks below DNS If your ISP requires you to manually setup DNS settings check the checkbox and enter your primary and secondary DNS RIP To activate RIP select Send Receive or Both from the drop down menu To disable RIP select Disable from the drop down menu MTU Enter the Maximum Transmission Unit MTU for your network Click Apply to save your changes To reset to defaults click Reset 75 4 4 2 4 PPTP WAN Status PPTP Quick Start Connection Method PPTP Settings Configuration Username LAN Password WAN Retype Password Bandwidth Settings TESA PPTP Client IP b b bE b System a PPTP Client IP Netmask 0 T f p Firewall z PPTP Client IP Gateway O fo fo fo VPN PPTP Server IP fo fo fo fo QoS Connection Always Connect Virtual Server Idle Time Advanced Dynamic IP automatically assigned by your I
125. traffic to the private IP addresses used by your PCs Please see the WAN Configuration section of this manual for more information on NAT BiGuard 2 10 can also be configured as a virtual server so that remote users accessing services such as Web or FTP services via the public WAN IP address can be automatically redirected to local servers in the LAN network Depending on the requested service TCP UDP port number the device redirects the external service request to the appropriate server within the LAN network 4 4 8 1 DMZ The DMZ Host is a local computer exposed to the Internet When setting a particular internal IP address as the DMZ Host all incoming packets will be checked by the Firewall and NAT algorithms then passed to the DMZ host when a packet received 108 does not use a port number used by any other Virtual Server entries Caution Such Local computer exposure to the Internet may face a variety of security risks Virtual Server Port Forwarding OMZ Enable OME Function Enable Ditebas ORF Addmss date of i Apply Pon Forwarding Tahko Aggi alan Pretoced Extarmal IP External Port intarreal IP ibarat Port fe Enable DMZ function Enable Activates your router s DMZ function Disable Default setting Disables the DMZ function DMZ IP Address Give a static IP address to the DMZ Host when the Enable radio button is selected Be aware this IP will be exposed to the WAN Internet Cand
126. traight through Ethernet cable or an Ethernet crossover cable 5 1 4 Forgot My Password Try entering the default User Name and Password User Name admin Password admin Please note that both the User Name and Password are case sensitive If this fails you can restore your BiGuard 2 10 to its factory default settings by holding the Reset button on the back of your router until the Status LED begins to blink Then enter the default User Name and Password to access your router 5 2 LAN Interface Refer to this section for issues relating to BiGuard 2 10 s LAN Interface 5 2 1 Can t Access BiGuard 2 10 from the LAN If there is no response from BiGuard 2 10 from the LAN Check your Ethernet cable types and each connection Make sure the computer s Ethernet adapter is installed and functioning properly If the error persists you may have a hardware problem and should contact technical support 5 2 2 Can t Ping Any PC on the LAN If PCs connected to the LAN cannot be pinged 119 Check the 10 100 LAN LEDs on BiGuard 2 10 s front panel One of these LEDs Should be on If they are both off check the cables between BiGuard 2 10 and the hub or PC Check the corresponding LAN LEDs on your PC s Ethernet device are on Make sure that driver software for your PC s Ethernet adapter and TCP IP software is correctly installed and configured on your PC Verify the IP address and the subnet mask of BiGuard 2
127. tus Whether the IPSec is Active Inactive or Disable Local Subnet The local IP address or subnet used Remote Subnet The subnet of the remote site Remote Gateway The remote gateway IP address SA The Security Association for this IPSec entry Action Manually connect or drop the tunnel 61 4 2 6 PPTP Status The PPTP Status window displays the status of the PPTP Tunnels that are currently configured on your BiGuard 2 10 PPTP Status PPTP Acounis Hame Eraale Halls Type Peer Network Commrect By AciOn SAWE CONFIG LEEDUT Name The name you assigned to the particular PPTP entry Enable Whether the PPTP connection is currently Enable or Disable Status Whether the PPTP is Active Inactive or Disable Type Whether the Connection type is Remote Access or LAN to LAN Peer Network The Remote subnet for LAN to LAN as connection type Connect by The remote address when connected Action Manually drop the tunnel 62 4 2 7 System Log This window displays BiGuard 2 10 s System Log entries Major events are logged on this window Status ARP Table Routing Table Session Table DHCP Table IPSec Status PPTP Status System Log IPSec Log Quick Start Configuration save Config to Flash System Log Aug 1 05 00 16 Aug 1 05 00 16 Aug 1 05 00 24 Aug 1 05 00 26 Aug 1 05 00 27 Aug 1 05 00 27 Aug 1 05 00 28 Aug 1 05 00 41 Aug 1 05 02 58 Aug 1 05 02 58 Aug 1 05 02 58 Aug 1 05 05 28 DHCP serve
128. tween two points There are three methods of creating SA each varying in degrees of security and speed of negotiation Main Mode Uses the automated Internet Key Exchange IKE setup most secure method with the highest level of security Aggressive Mode Uses the automated Internet Key Exchange IKE setup mid level security Speed is faster than Main mode Manual Key Standard level of security It is the fastest of the three methods Method There are two methods of checking the authentication information AH Authentication Header and ESP Encapsulating Security Payload Use ESP for greater security so that data will be encrypted and authenticated AH data will be authenticated but not encrypted Encryption Protocol Select the encryption method from the pull down menu There are several options DES 3DES and AES 128 192 and 256 3DES and AES are more powerful but increase latency DES Stands for Data Encryption Standard It uses a 56 bit encryption method 3DES Stands for Triple Data Encryption Standard It uses a 168 bit encryption method AES Stands for Advanced Encryption Standard You can use 128 192 or 256 bits as encryption method Authentication Protocol Authentication establishes data integrity and ensures it is not tampered with while in transit There are two options Message Digest 5 MD5 and Secure Hash Algorithm SHA1 While slower SHA1 is more resistant to brute force attacks than MD5 MD5 A one way hashin
129. u have a backup handy It is advisable to backup your router s settings before making any significant changes to your router s configuration To backup your router s settings click Backup and select where to save the settings backup file You may also change the name of the file when saving if you wish to keep multiple backups Click OK to save the file To restore a previously saved backup file click Browse You will be prompted to select a file from your PC to restore Be sure to only restore setting files that have been generated by the Backup function and that were created when using the same firmware version Settings files saved to your PC should not be manually edited in any way After selecting the settings file you wish to use clicking Restore will load those settings into the router 81 4 4 4 5 Restart The Restart feature allows you to easily restart BiGuard 2 10 To restart with your last saved configuration select the Current Settings radio button and click Restart If you wish to restart the router using the factory default settings select Factory Default Settings and click Restart to reboot BiGuard 2 10 with factory default settings You may also reset your router to factory default settings by holding the Reset button on the router until the Status LED begins to blink Once BiGuard 2 10 completes the boot sequence the Status LED will stop blinking 4 4 4 6 Password 82 In order to preve
130. who need to use a variety of real time applications like VoIP on line games P2P video streaming and FTP simultaneously With QoS you can optimize your bandwidth to accommodate several of these applications without experiencing latency or service interruptions G 4 1 Home Users Low latency is everything for gamers Most home users feel frustrated when trying to play an online game over a shared ADSL connection Unfortunately most routers have no way of determining the importance of the packet at any given time All the traffic is treated equally so a packet containing an urgent command may be delayed QoS gives you the ability to control the bandwidth Using IP Throttling bandwidth limits can be enforced on a particular application or any system within the LAN Prioritization specifies which packets have priority and should not be delayed and which packets have lower priority and should be moved to the end of the upload queue Suppose there are four students sharing a three floor house with one single broadband connection Tom a college freshman is playing the online game with his group members while Mary a sophomore student is talking to her net pal via Skype Meanwhile Jacky is downloading a movie file by using the P2P application program Sophia however is just trying to log on to the website to send her photos to her family As a result the net speed slows to a crawl and affects everyone sharing the Internet connection QoS
131. work Connections a Tastber and Start Mien 2 In the Network Connections window right click Local Area Connection and select Properties 2 e Ej E e Heperek Geanectines RE Fit Yee Fear Tok dered Hep J E g peach FP rens Ez E saai kddbess WEL Mawon Corredis 3 Select Internet Protocol TCP IP and click Properties t Local Area Connection Properties General Authentication Advanced Connect using BS NVIDIA nForce Networking Controller Thi connection uses the Following items El Client for Microsott Networks ial File and Printer Sharing for Microsoft Networks Jl as Packet Scheduler Internet Protocol TCP IP Install Uninstall Description Transmission Control Protocol Internet Protocol The default Wide area network protocol that provides communication across diverse interconnected networks Show icon in notification area when connected 4a To have your PC obtain an IP address automatically select the Obtain an IP address automatically and Obtain DNS server address automatically radio buttons 28 Internet Protocol TCP IP Properties General Alternate Configuration Tou can get IF settings assigned automatically if your network supports this capability Othenvise you need to ask your network administrator for the appropriate IP settings Obtain an IP address automatically O Use the following IP address
132. work from the Internet Outgoing Packet Filter rules prevent unauthorized computers or applications accessing the Internet Select if the new filter rule is incoming or outgoing Source IP Select Any Subnet IP Range or Single Address Starting IP Address Enter the source IP or starting source IP address this filter rule is to be applied End IP Address Enter the End source IP Address this filter rule is to be applied for IP Range only Netmask Enter the subnet mask of the above IP address 86 Destination IP Select Any Subnet IP Range or Single Address Starting IP Address Enter the destination IP or starting destination IP address this filter rule is to be applied End IP Address Enter the End destination IP Address this filter rule is to be applied for IP Range only Netmask Enter the subnet mask of the above IP address Protocol Select the Transport protocol type Any TCP UDP Source Port Range Enter the source port number range If you only want to specify one service port then enter the same port number in both boxes Destination Port Range Enter the destination port number range If you only want to specify one service port then enter the same port number in both boxes Helper You could also select the application type you would like to apply for automatic input 4 4 5 2 URL Filter URL Filter alus z Configuration Quick Start ante URL Filtering C Enable amp Disable Gonbguralion ae z E
133. your BiGuard 2 10 s basic functions 5 1 1 Router Won t Turn On If the Power and other LEDs fail to light when your BiGuard 2 10 is turned on Make sure that the power cord is properly connected to your firewall and that the power supply adapter is properly connected to a functioning power outlet Check that you are using the 12VDC power adapter supplied by Billion for this product If the error persists you may have a hardware problem and should contact technical support 5 1 2 LEDs Never Turn Off When your BiGuard 2 10 is turned on the LEDs turn on for about 10 seconds and then turn off If all the LEDs stay on there may be a hardware problem If all LEDs are still on one minute after powering up Cycle the power to see if the router recovers Clear the configuration to factory defaults If the error persists you may have a hardware problem and should contact technical support 5 1 3 LAN or Internet Port Not On If either the LAN LEDs or Internet LED does not light when the Ethernet connection is made check the following 118 Make sure each Ethernet cable connection is secure at the firewall and at the hub or workstation Make sure that power is turned on to the connected hub or workstation Be sure you are using the correct cable When connecting the firewall s Internet port to a cable or DSL modem use the cable that was supplied with the cable or DSL modem This cable could be a standard s
Download Pdf Manuals
Related Search
here hereditary heretic heredity here movie here comes the sun heretic definition hereditary meaning hereinafter heresy definition here\u0027s johnny hereby here comes the guide hereditary angioedema hereditary hemochromatosis here comes the sun lyrics heretic movie hereditary spherocytosis hereditary hemorrhagic telangiectasia herencia hereditary movie here to slay heredia costa rica heretic game heretic streaming here come the mummies