OfficeServ 7400-GWIM User Manual
Contents
1. Remote Access Default Policy Allow Remote IP Configuration Configuration source IF COOC OCOC e EL OS Define fa r _ C Range I g Multi Protocol all Port Days M Everyday Time Set M Sun M Mon M Tue M Wed M Thu M Fri M Sat Time 24 Hours fo a fc a fo fc aj Target Allow Insert a z Default Policy e Allow The basic policy is Allow and the administrator can set up the policy by using Target e Deny Blocks all accesses from the outside except the PC that is set up as the manager IP e Administration IP Enter the manager IP Pay attention on entering the IP because all accesses may be denied 35 Table of Contents IP Filtering IP Filtering source IF N U E kE Destination IP ih si si E ly B a Define fal l OuUser _ Crangel SO E O ft O Protocol all Se Days M Everyday Time Set M sun M mon M Tue M wed M Thu eri M sat Time 24 Hours fo fo 0 fo E Configuration List w sena OO Mo Entry URL Filtering Administrator can deny web access to PCs connected to the system URL Filtering Source IF il J Key Word Days M Everyday Time Set M Sun M Mon M Tue M Wed M Thu M Fri M Sat Time 24 Hours fo a fc a 0 a fo Configuration List Setting OOO Mo Entry 36 a Source IP To set the origination IP Keyword To enter the keyword of the2. Enable Disable Enable To enable the Filter function Disable To disable the Filter function Configuration The administrator can set up the filtering policy for the packets passing through the system Basic Mode Enter the minimum options required for packet filtering Config Mode f Basic Mode Advanced Mode Filter Configuration Source IF UO W ik EL Destination IP Target Source IP To set the origination IP Destination IP To set the destination IP Target To select Allow or Deny 33 a Advanced Mode This window allows the administrator to assign additional options for packet filtering Contig Mode Basic Mode Advanced Mode Filter Configuration Category Configuration Source IP Destination IP Beet Define fall l Range g ez Multi se zz se Protocol fall Days M Everyday Time Set M Sun M Mon M Tue M Wed M Thu M Fri M Sat Time 24Hours ChA b B fo A fo A Target allow E Insert L E Source IP To set the origination IP Destination IP To set the destination IP Port To set the port Protocol To set the protocol Time Set To set the time to apply the filtering rule Insert To select a location to insert the entered rule This table displays the current setup status Configuration List ett OO Mo Entry 34 Se Remote Access Allow or Deny remote access Remote Access Default Policy Allow Deny Administration IP i
3. asnannnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nnn 1 Introduction to OfficeServ 7400 GWIM cccccecceeceeceeceeccecceeceeceeceeseeseuseeseeseeseeeseeseesneees 2 CHAPTER 2 Installing OfficeServ 7400 GWIM 5 ELE ae PE E A E E E E A T E 5 Gening SAU ec E euecseeenetainee 7 CHAPTER 3 Using OfficeServ 7400 GWIM 8 Network Menu aasannnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nnmnnn nnnm nnnm nnna 9 PSG eeo EA E 10 i E e A EIEEE NTE E EEEE TAE ENE E E EEE TENEAT ETETE 23 CA e E eceetece ae neces etions aoe 26 Firewall NIM ieicastcaas dct estecsactas cs sete sac ciate cucestcaa eas eseiciadaw ssa oe en susie suauecessacioase cantante seaneuss cadueteustacsesacs 28 PT aeseerce cece sete ccc etc eeccest ge tnnecnnns aectae ec eis net cae zctacaingtee eee encase see entanseatcecsieencctneses 29 PSN N E EE E one maacap ion baebaessacienaeaeaer E A EE 33 ROTOT orei E AE EE S 38 E E e E EEE A E EEA E ENE E EEE EEEE E EA 39 C Onno MIO seori a E E EE EEE 40 E EE E PA EE E NE ARE A ATN E E E EAEE S AE E S AE A EA EEEE 47 Vil e a e A E E A E A A E E E NAER 54 IPM G e E esecete ee eneoes cet oeene seu teasteeeeess 57 OUTS e wearers getters EEPE EE een stags EEA A A T E EA T A 58 CONNOTATION eeaen eee eter ine AEREO E ee nee ee ae 59 RUS STE E E E A EE O E E N E O E A 65 E Lo bo E EE AE E ene eer A E tee NE A E E 67 UD a E E E E EE EEE E A E S E A T E A OE 67 POC n A E
4. Sun Mon Tue OSH 12H 6 Mbps Click the Add button of HTB Class Group List in the lt HTB Class Group gt window to display the window where HTB class group can be set If the class type is root the window is displayed as follows Set each item and click the OK button HTB Class Group ID root Class Type root general C nondeaf leaf Rate fio mbps Burst Eyte aj 72 a If the class type is general the window is displayed as follows Set each item and click the OK button HTB Class Group ID general Class Type root general nondeaf leaf Parent ID root aj Friority Rate Cell Burst CBurst If the class type is non leaf the window is displayed as follows Set each item and click the OK button HTB Class Group category O OO O vae OO ID a Class Type C root general non deaf leaf Parent IQ root Priqrity Rate Cell Burst Burst 73 a If the class type is leaf the window is displayed as follows Set each item and click the OK button HTB Class Group category Yalu ID Class Type root 2 general oe lear Parent ID none Priority Rate Ceil Burst CBurst none Leaf Odise Attach on Leaf class Filter Apply Filter List Apply Filter 400 ALL gt REMOVE lt lt 2 PRPEMOVE ALL Time Setting Scheduling Parameter O C sun C mon DO Tue C wen D Thu l Fri O Sat Start Time oo Hour End Time Rate Eps
5. of Local settings as the value for IP Address of Remote settings Connection ID Value Configuration The value of Connection ID should be configured of alohanumerical characters and the first character should be an alphabet The value cannot be composed of only numbers Advance Click the Advanced button from the lt IPsec Add gt or lt IPsec Mod gt window to display the following window and it is available to set up detailed items of IPSec Advance Phase 1 Mode Enerytion Hash Algorithm Sdes shal key Life Time 3600 se Phase 2 Protocol sp Encrytion Hash Algorithm Sdes shal Key Life Time 25000 _ se Dead Peer Detect Time Gut Delay Action Advance Negotiation Count Perfect Forward Secrecy Rekey Connection Ipsec Letp 87 DH Groups es Initiator m e Item Description Phase1 mode Ike mode main Configures a secure channel to perform the ISAKMP exchange of phase one aggressive Different type of phase one which is more simple and faster than the main mode Encryption Supporting Algorithm Hash Algorithm 3DES MD5 3DES SHA1 AES128 MD5 AES128 SHA1 AES192 MD5 AES192 SHA1 AES256 MD5 AES256 SHA1 Key life time IKE Duration If Key life time is passed the host authentication the phase one IKE is performed again Phase2 Protocol Selects a packet authentication protocol Authentication Header AH Allows the authentication of
6. Insert To select the location to insert the entered rule Advanced Mode This table allows the administrator to select and set up a port or protocol that is not included to the basic configuration additionally Contig Mode Basic Mode Advanced Mode Private Network Configuration WAM IP 1 1 1 mottuseqd By T Intt J Port C Dynamic IP Peroe ey Etherneta E Inside CO WE IE LE IF BEL Outside CO PE WEO IE IF WL ER Definefal l Cuser Range l C multi H H H Protocol Index Mo Port For only some specific ports It is allowed to set up for the outside Protocol Select TCP and UDP protocols Both TCP and UDP are set up for All The administrator can view the current status of configuration on Configuration List Configuration List Setting OOO Mo Entry 30 a Port Forward This table allows connecting to PC which has a private IP inside the system from outside environment Basic Mode The basic mode is set up by using the minimum value of the options for port forwarding Contig Mode f Basic Mode Advanced Mode Private Network Port Forward Category Contiguration Inside IP Outside WAN IP Insert Inside IP To set the IP to be connected from the outside Outside To enter the network address connected to WAN or select the range of netmask netmask range all WAN IP To set an authenticated IP netmask range all Insert To select t
7. 103 a Num Numbers of detected by IDS according to port when attacked Destination IP is a network e g LAN Port Attacked host IP of logs detected by IDS Priority Risk level depending on the rules level of IDS High Rule level is one day the highest risk level Med Rule level is 2 or 3 days mid level Low Rule level is 4 days low level Description Type of logs detected by IDS Port Scan The administrator can summarize alerts for Port Scan If selecting this category the following window appears Port scan summary Thu Jan 1 00 00 00 1970 Tue Feb 7 10 59 50 2006 There is no alert Ports Number of TCP and UDP ports that are scanned in logs detected by IDS Hosts Number of host that a port scanned in logs detected by IDS Remote host IP that attempts port scan Search The administrator can search by condition Search Log Priority All v Source IP peer aca Destination IP Destination Port 104 a If selecting the category including the desired condition the selection box is activated Then the administrator can select the desired condition Set up the condition and click the OK button to display the desired information on the window as follows Result of Search Src IP Dest Deus Mur Description gt Destination IP Port NG med 174 192 168 0 210 gt Lee eee a L Laz Leite 10 LE gt Ere AE a L LAZ LEE 100 gt lee glee A aL Ea ILSE a dl 2 a ALNE gt ele Ee e 1
8. 24 e Protocol Protocol to be applied Gateway External network interface that the corresponding traffic session passes throughdf the default gateway is selected the load balancing by Network Load Balance Configuration is applied Backup Backup interface to perform the failover function when any failure occurs in the external network interface line selected in the Gateway field For the application of load balancing select default gateway The input of 0 0 0 0 in the IP address and netmask input field represents that any IP addresses are allowed as the source and the destination IP addresses In addition all Os of the source port number means that any port number is allowed as the source port number Network Load Balance Management The Network Load Balance Management window is used for starting and stopping the NLB service Network LoadBalance Management e Activity Current activity e Action Click the Run button to start the NLB service If the OfficeServ 7400 system is restarted the NLB service will automatically return to its last state 25 a Utility Select the Network menu The submenus will be displayed in the upper left side of the window as follows Wetwork El Network Etherneto Etherneti Ethernetz Serial w 35 Seriall HSS ODMS Network Link ARF Network Status El NLB Contiguratian Management O utility t Ping Ping The Ping menu is used to in
9. ADOOS A A 127 Management Menili sesscesiccsncesecescdesecsuenesnensneenensewmudenenacssecetmsecuenentwseusaweusuenwesetaeeumameensniedes 128 SNIN e E T E E 129 SULE EAE E E EE A E A E PE EEE EEIE EPE E E E E T 132 VIM TENE ING g i EE E E E E E E E E E shexsuae caceueentecvins 135 VIII a ABBREVIATION 136 DPS emcee teeta tec A P E E E O E E A E E E 136 a E E E E aes T E EAA TEE E E ETE 137 E E A E AI E AE NT E TAN AEE E A A T E E T E 138 ELTE CHAPTER 1 Overview of OfficeServ 7400 GWM This chapter introduces OfficeServ 7400 system and OfficeServ 7400 GWIM Introduction to OfficeServ 7400 The OfficeServ 7400 is a single platform that delivers the convergence of voice data wired and wireless communications for small and medium offices The office in a box solution offers TDM voice processing voice over IP integration wireless communications voice mail computer telephony integration data router and switching functions all in one powerful platform With the GWIM GPLIM and GSIM modules the OfficeServ 7400 provides network functions such as a gigabit switching Power Over Ethernet high speed data routing and network security in a single converged solution This document describes the data and routing capabilities of OfficeServ 7400 GWIM Structure of OfficeServ 7400 N For information on the structure features or specifications of the OfficeServ 7400 refer NOTE to OfficeServ 7400 General Descrip
10. Ceil Burst Byte Churst _ Delete r Class Type Configuration window depends on the type of the class to be set root Sets the root class general Sets the class that connects the root with the leaf classes non leaf Sets the default class Leaf Sets the leaf class 74 e Item Description Parent ID If the target class is a child class of another class set the parent class in the Parent ID item Do not set the Parent ID if the target class is the root class highest level class physically connected to the device or if the default class class including the bandwidth for traffics that do not belong to a filter Priority If several classes compete to occupy leftover bandwidths or if all classes attempt to occupy excess bandwidth set the priority so that the class with the highest priority occupies the bandwidth first MTU The Maximum Transmit Unit MTU represents the maximum amount of packets that can be transmitted at a time It is recommended that this configuration does not exceed the maximum packet size 1504 Byte of Ethernet If this item is not entered the default value 1500 Byte will be applied Rate This is the basic bandwidth needed for setting class for an assigned bandwidth Ceil Maximum value of assigned bandwidth Burst Size of data that can be sent by the class Cburst Maximum data size that can be sent at a time Filter List Sets filtering rules for the class Leaf Qdi
11. Password to be modified Confirms the password to be modified Description 135 ABBREVIATION ALG AH ARP AS BGP BPDU BSR CHAP CTI DHCP DNS DRR DSMI DVMRP ESP GWIM GVRP HDLC HTTP HTB Application Level Gateway Authentication Header Address Resolution Protocol Autonomous System Border Gateway Protocol Bridge Protocol Data Unit Bootstrap Router Challenge Handshake Authentication Protocol Computer Telephony Integration Dynamic Host Configuration Protocol Domain Name Server Deficit Round Robin Data Server Module Interface Distance Vector Multicast Routing Protocol Encapsulating Security Payload Gigabit WAN Interface Module GARP VLAN Registration Protocol High level Data Link Control Hypertext Transfer Protocol Hierarchical Token Bucket 136 CITE e IDS Intrusion Detection System IGMP Internet Group Management Protocol IKE Internet Key Exchange IPMC IP Multicast IPSec IP Security Protocol ISAKMP Internet Security Association Key Management Protocol LAN Local Area Network L2TP Layer 2 Tunneling Protocol NAT Network Address Translation NTP Network Time Protocol RMON Realtime Monitoring RP Rendezvous Pointv RSTP Rapid Spanning Tree Protocol PAP Password Authentication Protocol PIM SM Protocol Independent Multicast Sparse Mode PD Power Device PoE Power Of Etnernet PPTP Point to Point Tunneling Protocol PT Protocol Translation PVC Permanent Virtual Circuit PVID Po
12. gt RIP Interface Select the target interface and enter the protocol configuration command directly RIP Interface eth If the entered command is successfully executed the execution result is directly applied to lt Current Status gt of Router gt Configuration gt RIP Interface Help Select the argument corresponding to the RIP interface Clicking the Argument item displays all arguments corresponding to the command commana OOO armet lip rip authentication key chain LINE 42 Table of Contents RIP Interface Basic After selecting each item click the OK button Then the applied value is displayed in the lt Current Status gt window RIP Interface Basic receive version Ti O 2 send version Ti i E Displays the command configuration currently entered Current Status Fouter RIP Interface etho Mo Entry OSPF Configuration gt OSPF Select the target interface and enter the protocol configuration command directly OSPF Command If the entered command is successfully executed the execution result is directly applied to lt Current Status gt of Router gt Configuration gt OSPF Help Select the argument corresponding to the OSPF command Clicking the Argument item displays all arguments corresponding to the command ra o 4 6 0 0 lt 0 4294967295 gt authentication 43 a OSPF Basic After selecting each item click
13. 192 168 0 99fetho 4dvertisement interval 60 seconds Next Cand RP_advertisement in 00 00 58 63 a RP Information This menu is used to display the information on RP router Click the Delete button to delete all RP configurations RP Information RP Information PIM Group to RP Mappings Grouptsh 224 0 0 0 4 RP 192 166 0 99 Info source 192 168 0 99 via bootstrap priority 22 Uptime 00 00 02 expires 00 02 28 Groups 224 0 0 0 4 Static RP 192 166 17 100 Uptime 00 00 38 PIM SM Intf This menu is used to set PIM SM VIF RD Interface This menu is used to add PIM SM VIF Select the target L3 interface from the Interface item enter the target values and click the Add button to add PIM SM VIF RD Interface command Regument OOOO Interface etho 192 169 17 100 16 Mode Sparse DR Priority p O 42 04067294 Hello Interval 30 1 65535 e Interface Select the target L3 interface to be added to PIM SM VIF e Mode Select the target PIM SM protocol mode Sparse Passive e DR Priority Enter the priority value used when selecting Designate Router DR High value has high priority e Hello Interval Cycle of exchanging hello packets with connected PIM SM neighbors 64 a PIM SM Interfaces This menu is used to display the VIFs added to PIM SM To delete a VIF click the check box on the left and click the Delete button PIM SM Interfaces Address ena DR Prio ee Inty Hold 10
14. E E E E 76 Manageme sceite E erae aE E aa aai 77 SUS ge ace es E A A 78 aA D p E E E A EEEE N ES E E A one ener E T es 79 UE a E E E 80 MOONIN aseran E E E 81 IEN O ne E E eee eee 82 NPRN MONU ia E ue cenes encueae ee vosenuceusutnescsicane quemceeueescseeere 84 JP Se Sets sche pasa eset tte sce essere cated ek E Sse poses A E dogeeseee 85 E i NE E E A E A aaae seach E AT 93 PETT e E A E es adeesexnaciiousesenausew eaneweies 96 RMU Sa ese mcrae E E E E A E E A E T A E E E A EA E 98 DS MENU se cs enepeseontunntaceetesssesecthantaceasssguaius 99 BD SG o E E E A E A E A P A E A N E EE E E 100 VOIP S rvice Men sor 111 VOIP SIGS Seran E E EE E E 111 SIP ALG MENU srs ee ene ee eee ne errr ener a ere eer eee ee 114 ONG T E A E A AEN E E N E E E re se easeneceemeemeeaneee 114 ManagemMmeNMi srersieroeosrtk arpia E E r ke E RNA A e ESEE O eA iinr 116 SVS MET aeea A E tese ee cepts sec cedeeeee av eacceueceteeeees 117 DECON eenesigss seca ec E E A 118 PIPE ONO soeren r E E TE 118 LO E E E E a gees etiaste eeeocmaceeetepsseeuereeeenedeseecee 119 DHCP IN E EE E EAE E A E E E NEE 121 DHCP Relay Agent sce icoecesccesionanechncwsesaisetadewmasusucuMnensvincbaenpacucsonesecenpnestesiesaenebencoatenccen 123 Time COMMUTATION sosstscinsccnaconsvendccnscsucewnsnandecaceceetsuarendccndatasioeddneadecmsguedtcmscebdesnaneedeoadares 124 0 ee 2 0 ne een ae eee ee E EE ee ee AE ee eee 126 PDD pee eee dene E E dense geen E E E denote E E seem tenet TTE EN E 126
15. EE f16 1007 Jovco 16 IP 4ddress isz E ies oa E fi z4 Gateway EE ss koo m7 Default Gateway IM The Gateway is a Default Gateway PT WI s00 128 1500 Default 1500 Edit F 17 a To delete a specific PVC mark the check box of the corresponding PVC and click the Delete button PWC Interfaces a tevertoce aires catewow per cw active viru Bl pycOoys1e 192 168 100 2 fe4 192 1658 100 1 yes i1500 Ci pycoys17 Wee ee so ee 192 168 101 1 no 1500 O pvc ig 192 168 102 224 192 168 102 1 no 1500 Serial Interface Summary The Serial Interface Summary table briefly displays the current information of the serial port The following figure is an example that uses Cisco HDLC protocol and specifies the IP address as 172 16 0 2 16 Serialo Interface Summary Serial Interface Summary Interface Serial Scope both Mode type is EXTERNAL Protocol type is Cisco HOLe Transparent ts Proxyarp is popoe mtu is 1492 pppoe username is Pseudo name is PPPOE client is disabled Hardware is Unknown index 5 metric 1 mtu 1500 lt UP POINTOPOINT RUNNING WOARP gt DHCP client is disabled VRE Binding Not bound Inet 1 2 16 0 2 16 pointopoint 1 2 16 0 1 physical line type is W 35 encapsulation protocol is Cisco HOLE keepalive interval 10 timeout 25 line protocol is up input packets amp bytes 706 dropped O multicast packets O input errors O length O averrun O CRC O frame OC fifo O
16. Immediate Stat T Timed Stat F Forwarder installed e Mroute Multicast Routing identifier Uptime Time passed after starting the operation of multicast routing entry e Expires Rest time until multicast routing entry is expired e Flags Multicast routing feature flag Refer to the description on the lower side Incoming Name of VIF to which multicast is sent e Outgoing List of VIF where multicast is sent Management This menu is used to run or stop dvmrpd and pimd IPMC protocol demons lt Current Status gt of Management shows the current status of each demon To change the demon status select another status from Action and click the OK button Management DVMRP Stop PIM Stop Ort e Protocol IPMC protocol e Current Status Current IPMC protocol demon status e Action New status of IPMC protocol demon status 58 a Configuration IGMP This menu is used to display and change IGMP configuration IGMP amp Help IGMP commands can be entered and executed Enter the target command into the input field and click the OK button Then the command is executed IGMP Command Help clear ip igmp v IGMP Basic Enter new information and click the OK button to change the default configuration of IGMP IGMP Basic comman O O arome Interface i All etha F 192 168 17 100 16 IGMP Query Interval fuzs 1 65535 Default 125 Max Response Time fio 1 25 Default 10 e Interf
17. Link ARP Network Status El NLE Configuration Management El utility t Ping Network Ethernet0O setup for Ethernet port P1 Ethernet1 setup for Ethernet port P2 Ethernet2 setup for Ethernet port P3 Serial0 V 35 Sets V 35 Serial ports Serial1 HSSI Sets HSSI Serial ports Z S Sets domain name servers Network Link Sets the speed and transfer method of Ethernet port gt JJ U Manages the addition deletion of ARP Network status Briefly displays the setup information on all ports e Network The Network menu displays the five network interfaces built in to the GWIM This menu sets IP information transfer speed and transfer mode of each interface In addition this menu sets DNS and ARP Note It is recommended that your network interfaces be programmed before any other options in the GWIM Ethernet Setup Network gt Ethernet Select one of three Ethernet categories to display the setup window below The selection fields are displayed depending on the method used for the corresponding interface According to the selection of fields different sub setup window is displayed on the lower section of the window The details by fields are as follows Interface Type f WAN LAN Protocol Type Static IP PPPoE e WAN The following protocol types can be selected in WAN Static IP Select Static IP if your Internet service account uses Fixed IP Static IP assignment PP
18. MISC SSLY 3 Invalid Client Hello attempt Num Number of logs detected by IDS according to the host source IP that attacks the logs Remote host Host IP that attacks logs detected at IDS Priority Risk level depending on the rules level of IDS high Rule level is one day the highest risk level med Rule level is 2 or 3 days mid level low Rule level is 4 days low level Description Type of logs detected at IDS 102 a Destination IP The administrator can summarize alerts by the destination IP If selecting this category the following window appears Summary by destination IP Mon Sep 26 04 16 59 2005 Mon Sep 26 21 21 08 2005 192 168 1 100 ICMP PING 192 168 17 100 med ICMP PING NIX LEE oblate Ik aL med ICMP PING BSDtype 192 168 17 100 med ICMP Echo Reply 192 168 17 100 med WEB MISC SSLV3 invalid Clhent Hello attempt Num Number of logs detected by IDS according to attacked Destination IP Local host Attacked host IP of logs detected by IDS Priority Risk level depending on the rules level of IDS High Rule level is one day the highest risk level Med Rule level is 2 or 3 days mid level Low Rule level is 4 days low level Description Type of logs detected by IDS Destination Port The administrator can summarize alerts by destination port If selecting this category the following category appears Summary by destination port Mon Sep 26 04 16 59 2005 Mon Sep 26 21 27 06 2005
19. Mail Contig Block Contig Management Menu Submenu ription IDS Config Log Analysis Classifies the logs currently stored in types to verify and search the logs Configuration Sets up the rule and detection level of IDS Rule Config Updates to new rule files Mail Config Registers the mail server and email address of the manager Block Config Registers IP IP that is not checked to block module confirming and trusting the block list registered to a block module Management Allows or inhibits executing IDS module and block module 99 a IDS Config Log Analysis The administrator can view alerts detected in the IDS module by category Select the desired category and click the OK button Then the following page appears Log Analysis Intrusion Type Alert summary by intrusion type Source IP Alert summary by source IP Destination IP Alert summary by destination IP Destination Port Alert summary by destination port Port Scan Port scan summary Search Log LI Priority All Source IP Destination IP Destination Port Category Analyzes logs detected by IDS rule Analyzes logs by Source IP detected at IDS Analyzes logs of the OfficeServ 7400 external IP ethO eth1 eth2 detected at IDS Destination Port Analyzes logs when the destination IP of a log detected at IDS is the port of an external IP ethO eth1 eth2 Port Scan Analyzes the logs when the logs detected at IDS have port scan type Date
20. Note that all external administrators are allowed to access the firewall when the Remote IP is set to 0 0 0 0 and Port is set to 0 When Setting IP Range The number of IPs for the Local IP range and that for the Remote IP range should be identical when setting PPTP VPN For example if the number of IPs for Local IP range is 10 and that for Remote IP range is 20 only 10 calls will be set When Setting PPTP in Windows XP 2000 In Windows XP 2000 the administrator can use DHCP client If VPN PPTP client is connected while the DHCP client is operating errors will be found To prevent this problem close the DHCP client operation on the Start gt Program gt Administrative Tools gt Services menu of the Windows PPTP client installed When Changing Network Interface Note that all IP sessions in working are disconnected for a while if network interface i e IP Gateway and Subnet Mask is changed and finally applied while operating a router When Using a Web Browser Use Microsoft Internet Explorer version 6 0 or higher as the web browser for the maintenance of GWIM Other web browsers are not supported CITE When Using Dynamic IPs of DHCP PPPoE and VDSL When a dynamic IP is used the public information of Port Forward and Static NAPT is not automatically changed Therefore Fixed IPs should be used for the VolP related serv
21. Password a Radius Enter the information on the Radius authentication server Up to 5 lists can be entered Radius E Radius Server IP Radius Server a Te tf _ Taccas Enter the information on the Taccas authentication Up to 5 lists can be entered or deleted When deleting the list of all server IPs the corresponding secret key values are also deleted Taccast t Server This page allows setting up the system log and retrieving the log information Configuration This page allows setting up the log to determine whether to add a log to the system Log Policy Advanced Service System NMETV ORE FIRE ALL PPTP IFsec Lee Select added logs from the logs for system log network firewall VPN and click the OK button to add logs to the system log Click the Reset button to return to the previous status before applying the configuration 119 a Report The administrator can retrieve the logs stored in the system according to an item and time Report Policy Advanced Service ALL SYSTEM NETWORK FIREWALL PPTIP L2TP O IPSEC DE A Log Type Detail Search Set up the desired log type and time and click the OK button to verify the log Click the Reset button to return to the previous status Log Report 2005 9 27 11 00 2005 9 27 18 00 2005 9 27 17 50 40 2005 9 27 17 50 40 2005 9 27 accepted smus peer oid SNMPy2 SMI enterprises 3317 1 2 2 11 24
22. The encryption method supports pap and chap Setting up IP Range The number of IPs for the Local IP range and that for the Remote IP range should be CAUTION identical For example if the number of IPs for Local IP range is 10 and that for Remote IP range is 20 only 10 calls will be set 95 a PPTP The administrator can set up the security tunnel between a local subnet and remote host simply by using Point to Point Tunneling Protocol PPTP Since it is simpler to set up than IPSec and software is provided from the Windows operating system the administrator can apply the VPN function easily Configuration On the PPTP gt Configuration menu the administrator can create modify delete and retrieve VPN tunnel data User List The menu buttons are defined as follows Add Create a PPTP administrator Delete Delete a PPTP administrator Edit Modify PPTP administrator information Add Add gt lt PPTP administrator list gt User Add ID Password Confirm Password Auto IP Allocation Static IP Allocation 96 a Administrator l ID composed of certain letters ID Password Shared password Dynamic IP Enter dynamic IP to remote client Static IP Enter static IP to remote client Enter IP address Edit Edit gt lt Administrator List gt User Mod ID Password Confirm Password f Auto IP Allocation Static IP Allocation Manag
23. Time that log is recorded Search Log e Analyzes and retrieves logs 100 a Intrusion Type The administrator can summarize alerts by type If selecting the category of Intrusion Type the following window appears Summary by intrusion type Mon Sep 26 04 16 59 2005 Mon Sep 26 20 00 37 2005 eat eof med ICMP PING eof med ICMP PING NIx 2am med ICMP PING BSDtype 15 81 med ICMP Echo Reply 12 69 med WEB MISC SSLY 3 Invalid Client Hello attempt Rate Monitors logs detected by IDS according to type and displays logs as a percentage Num Number of logs detected by IDS according to type Priority Risk level depending on the rules level of IDS high Rule level is one day the highest risk level med Rule level is 2 or 3 days mid level low Rule level is 4 days low level Description Type of logs detected by IDS If clicking the unique ID of an alert Sid displays the information on the alert Sid 384 This event is generated when an generic ICMP echo request is made 101 a Source IP The administrator can summarize alerts by the Source IP If selecting this category the following window appears Summary by source IP Mon Sep 26 04 16 59 2005 Mon Sep 26 21 17 42 2005 6 192 165 0 210 med ICMP PING 192 165 0 210 med ICMP PING NIX 192 168 0 210 med ICMP PING BSDtype 192 168 0 1 med ICMP Echo Reply 192 168 0 117 WEB MISC SSLY 3 Invalid Client Hello attempt 192 168 0 119 WEB
24. as follows Current Status eee e o O o ooo a a ooo t seq 5 permit 100 0 0 0 24 Delete All 48 a Prefix list information being set in GWIM can be displayed Click the Delete button to delete the entry of the selected prefix list Click the Delete All button to delete all entries of the prefix list ID Prefix list name information Entry Prefix list information Route Map List gt Route Map Enter the target value and click the OK button Route Map Name ltest Action Permit C Deny Sequence 1 Name Route map name Action Sets whether to apply set operation Sequence Sets the sequence No to additionally delete a route map If the entered command is successfully executed the execution results are directly applied to lt Current Status gt of Router gt List gt Route Map For example when a route map is entered the lt Current Status gt window is displayed as follows Route Map Setting me e O G test permit 10 49 a This menu is used to view the information on the route map set in GWIM Name Route map name Entry Route map information Click the Delete button to delete the target route map Click the Edit button to display the window as follows Through this window the target Set Match operation of the route map can be Set Address Use prefix list p Wext hop l Use prefix list IP Next hop ma EE Metric Weight Community M
25. e Source and Destination items are the information set in the Port Group and IP Group menus e All TCP packet traffics of which the internal IP is Develop_Team 192 168 0 0 24 and the connection port is VoIP 10000 20000 are filtered with a priority of 1 e The filter is then associated with the class group set at the QoS gt Group gt Class Group menu Click the Add button in the above window to display a window from which a filter group can be set Set the items and select the target IP and port from the list and click the Save button Filter Group a OO O ve O O O ID Metwork Protocol Priority Transport Protocol 2 TOS pec C Hex o Source IP Port any any Destination IP Port any t is i siS dS flin Save Cancel Filter means a configuration filtering for the values in the packet header Values set in QoS gt Group gt Port Group and IP Group are used Protocols and TOS fields can also be filtered In addition priority can be set for each filter and apply the filtering rule according to the priority 70 a Class Group Select Class Group to retrieve set edit or delete SPQ class group and HTB class group A class includes information on the defined filtering rule and the bandwidth that should be assigned to the filtered traffic SPQ Class Group SPQ Class Group List Name Tye High Priority Middle Priority Low Priority i spg_lea
26. for internal IP that VoIP terminals existed in internal LAN network of GWIM have Ports for Private IP of VoIP Terminal Configured with total 64 ports 1 1 mapping with public port number of GWIM Internal End Port Last external source port number Configured with 64 external ports for each MGI 113 e SIP ALG Menu Select the SIP AGP menu The submenus will be displayed in the upper left side of the window as follows SIP ALG Config Management Config Sets up SIP environment Management Allows Inhibits SIP AGP implementation Set SIP ALG to be executed when the system reboots SIP ALG SIP aware ALG KN Typically if a firewall protects internal network based on NAT such as the GWIM module NOTE of OfficeServ 7400 SIP AGP SIP aware ALG is safe from external attacks and resolves the limits on the services so that SIP devices of a firewall can communicate with external devices Contig In this page the administrator can set up the SIP environment on the Config menu Set up the following items and click the Save button SIP Configuration This page displays firewall installation data SIP IP Configuration External IP Internal IP 172 16 0 1 E 114 a The external IP and internal IP items are displayed on the list box so that the web manager collects and selects the usable information from the firewall configuration If the external or internal network is two or more it is available
27. in the execution of IPSec the IPSec service is automatically performed IPSec Management O aai O O aion OOOO Running Create the new RSA key Download the current RSA key i etho Click the OK button on the Create the new RSA key item to add a new RSA public key password method key Use this menu to add a new RSA key if the host authentication method of RSA key used Click the OK button after selecting a device in the External Device items to apply the IPsec connection to the device 89 a Certificate The administrator can verify Issue delete download of CA Certificate and Host certificate addition delete of an external certificate and the current certificate list CA Certificate List Subject Cert file Country ko State 1 Locality 1 Organiation 1 Organiztion unit 1 cammon name 1 Email 1 date Sep 22 12 49 10 2005 GMT Sep 21 12 49 10 2009 GMT External CA Certificate List category ID Host Certificate List Subject Cert file The menu buttons are defined as shown below CA Download CA Certificate download CA Delete CA Certificate delete Ex upload External CA Certificate upload Ex Delete External CA Certificate delete Host Add Host Certificate add Host Delete Host Certificate delete 90 a CA Certificate CA Certificate Distinguish Name Country 2 letter ka jp 3 State Locality Organization Organization Unit common Email Passwor
28. is given to the eth 0 In this way the load balancing according to the performance of the external network line is performed The system has the Failover function that a different internal network interface line automatically backs up when any failure occurs in some of multiple external interfaces The details by fields are as follows e NLB Weight Relatively higher load is distributed in the line of the external interface side that higher numerical value is assigned The weighted value for each external interface should be the greatest common divisor minimum irreducible unit Static Configuration Along with the Network Load Balance Configuration the Static Configuration window is used to pass a specific external network interface line by separately specifying the traffic session to satisfy a specific condition In this window entries can be added or deleted by clicking the Add or the Delete button in the bottom of the window 0 0 0 0 of the IP address field and all Os of the port field indicates all IP addresses all port numbers respectively Static Configuration ie fo fo ff Protocol tcp masko b fo p Gateway eth0 192 16 5 port lo fo Backup default gate e Source Source IP address netmask and port number of transfer session Destination Destination IP address netmask and port number of transfer session Traffic distribution Interface and protocol that transfer session passes through
29. missed O output packets bytes 154 dropped a output errors O aborted O carrier O fifo O heartbeat O window O collisions O 18 Table of Contents DNS Click this menu to display the following configuration window Enter the domain name and the IP address of DNS server to the Domain name field and the DNS server field After then click the OK button to store the domain name and the IP address Static DNS Name Server List E 168 126 63 1 E 168 126 63 2 Network Link The Network Link menu is used for the setup of connections transmission speeds and transmission modes by network interfaces Network Link Ethernet Type Negotiation speed Duplex Mac ITECTechnologies Etherneto J auto aj LO00Mbps full 00 00 f0 11 32 24 Sm SFP24 MS3LT AGILENT S5 Etherneti 1000Mbps full 00 00 f0 11 32 25 HFE k 37 10L AGILENT S Ethernet auto aj LO00Mbps full 00 00 f0 11 32 26 HFBR 3 10L e Ethernet Logical name of each Ethernet port e Type Type of Ethernet Cables SFP GBIC Adapters e Negotiation Setup of auto and force modes 19 a e Speed Mbps Transmission bandwidth of the corresponding Ethernet interface e Duplex Transfer mode of the corresponding Ethernet interface e MAC MAC addresses by Ethernet interfaces ARP The ARP menu is used for the addition deletion management of the ARP information in each Ethernet interface ARP list According to each interface the ARP table is di
30. rete ee 1S See Wo Si Lo el eae W e ape Sh PS ea 1040 1 41 Me 3104 3105 S106 3107 ASSURED ASSURED ASSURED ASSURED ASSURED ASSURED ASSURED 127 0 0 1 LEs d LE da A ASe Neale WILE Ge 165 213 110 41 ASe aai L LAS ia a1 LSR SmuU SmUX SMUx http http http http Protocol Type of the protocol connected with session UDP TCP Src IP Source IP Src Port Source port Status UNREPLIED Packets that are expected to be answered are received but there is no response packet ASSURED There is no response packet UNREPLIED is changed to ASSURED Dst IP Destination IP Dst Port Destination port 79 a Statistics This menu is used to display GWIM network statistics of each device and protocol Devices Select Statistics gt Devices and display GWIM network statistics by classifying received part and transmitted part of each device Received Ethernet 0 18314987 162219 0 0 Ethernet 1 8351384 6 601 Serial D o Oo j Ethernet 2 536234 Perd j j 0 Seriali T o Transmitted Ethernet 0 21932538 20795 Ethernet 1 774129 41635 0 oO Ethernet 2 T T oO Serial 0 0 0 0 Seriali T T Devices Port type Bytes Total number of bytes received or transmitted Packets Total number of packets received or transmitted Errs Number of packets where an error occurs Drop Number of packets lost Fifo FIFO queue is full FIFO Overrun Frame Ethernet header is not met the format Frame A
31. the Certificate Download button to store RSA key to your PC and send it to other PC through a path After RSA key of Remote settings receives file in the target PC through a path click the Upload button to enter a key value Preshared Key Authentication method entering password Certificate its own certificate and the CA certificate that authenticates the previous certificate are used for the authentication For Local settings select a certificate from the certificate list If selecting a certificate the Local ID of Advanced is entered automatically For Remote settings enter Remote ID It is available to check the integrity of the host certificate registered to Local If the value of the Router item is not entered the IP address item of the Local settings and Remote settings will be used as the Router item 86 CITE If the Subnet IP item value and the Subnetmask item value are not entered in the Remote settings the security tunnel between local subnet and remote host will be added Then remote IPSec client can operate as a part of local subnet Router Value Configuration If IP Address of Local settings and the network address of IP Address of Remote settings the result of Netmask for IP Address are identical enter the value of IP Address of Remote settings as the value for the Router of Local settings and enter the value of IP Address
32. the OK button Then the applied value is displayed in the lt Current Status gt window OSPF Basic redistribute connected static C rip l bgp network E O i O sek i area ID OSPF Interface Configuration gt OSPF Interface Select the target interface and enter the protocol configuration command directly If the entered command is successfully executed the execution result is directly applied to lt Current Status gt of Router gt Configuration gt OSPF Interface OSPF Interface eth Help Select the argument corresponding to the OSPF interface Clicking the Argument item displays all arguments corresponding to the command ip aspt BEE authentication null message digest 44 a OSPF Interface Basic After selecting each item click the OK button The applied value is displayed in the lt Current Status gt window OSPF Interface Basic cost lt 1 65535 gt Cost dead interyal lt 1 65535 gt Seconds hello interval lt 1 65535 gt Seconds transmit delay lt 1 65535 gt Seconds retransmit lt 1 65535 gt Seconds interwal Display the command configuration currently entered Current Status Router OSPF Interface etho Ho Entry BGP Select Configuration gt BGP and set BGP After setting the target item and click the Save button Enter the BGP configuration command directly BGP network 100 0 0 0 24 I
33. the Save button the information that is set up by the administrator is applied to the system If clicking the Reset button the information that the administrator is to set up 1s reset History Option MA History Buckets 50 5000 MIN History Interval min a 60 History Option History Option allows setting up the RMON history option MAX History Buckets Sets up the maximum history storage space MIN History Interval Sets up the minimum history sample collection cycle 132 Event Options Even Options allows the administrator to set up the RMON event option Event Option MAX Event Logs O eee Max Event Logs Sets up the maximum number of Event Logs Status RMON gt Status RMON Global Status allows the administrator to retrieve the SNMP configuration History Global Status MAM History Buckets Granted History Buckets Used History Buckets MIN History Interval Event Global Status Mas Event Logs 400 Saved Event Logs 0 MAX History Displays the maximum history storage space that has been Buckets set up Granted History Displays the history storage space that is currently Buckets allocated Used History Displays the history storage space that is currently used Buckets MIN History Sets up the minimum history sample collection cycle Interval Max Event Logs Displays the maximum number of logs that are set up Saved Event Logs Displays the number of logs that is currently stored 13
34. to external DHCP server for the auto configuration of network environment QoS Function e Priority queuing process for layer 3 packets and priority queuing for a specified IP e Priority queuing process for layer 4 packets and priority for RTP packets UDP TCP port e Management Function e Advanced debugging functions via Telnet connection e Configuration and verification functions for the operations of GWIM functional block via a browser e Configuration and verification functions for the operations of GWIM functional block via the Simple Network Management Protocol SNMP e 4 Real time Monitoring 4RMON function e Program Upgrade Program upgrade via Trivial File Transfer Protocol TFTP Program upgrade via Hypertext Transfer Protocol HTTP Program upgrade via local manager s PC CITE CHAPTER 2 Installing OfficeServ 7400 GMM This chapter describes the installation and the login procedure for OfficeServ 7400 GWIM Software Installation OfficeServ 7400 GWIM software is pre installed The software package is composed of the following items described below Package Description Bootrom gwim bootldr img vx xx Boot ROM program Package gwim bootldr img vx xx sum Main Package gwim pkg vx xx tar gz Upgrade package for HTTP gwim os img VX XX os partition upgrade package for TFTP gwim firmware img vx xx Firmware partition upgrade package for TFTP gwim configdb img vx xx configdb partit
35. to select the desired network to be the list box as follows SIP IP Configuration External IP 192 168 17 100 Internal IP 100 0 0 10 h Map LIST Enter SIP devices data inside of the firewall Map List Numbert ID IP E default 10 0 0 10 If a IP address or phone number is not entered the IP set in the default item will be used Therefore this item should be entered Since configuration is convenient if all traffic is regarded as the calls of a digital phone through the Call Server the IP of the Call Server should be entered in the default item 115 a Clicking the Add button will allow you to add additional Map information Check the check box of the deletion information and click the Delete button to delete the Map information All configurations are reflected to the system when clicking the OK button on the bottom of the SIP Configuration I Management Select the Management menu to allow inhibit operating SIP ALG SIP ALG Management Management is composed of Activity that shows the current status and Action that the executable commands are displayed Activity Current status of SIP ALG Action Command that is available to execute in current status 116 a System Menu Select the System menu The submenus will be displayed in the upper left side of the window as follows system DEB Config Admin Contig El Log Configuration Report Download El DHCP
36. 0 1 2 10 24 Sparse Gee eee 30 105 a rda 100 1 3 10 24 Sparse 100 1 3 10 30 105 IGMP Groups This menu is used to display the information on registered IGMP group IGMP Group Information e Group Address IGMP group address Intf IGMP interface name Uptime Time passed after IGMP group is created Expires Left time until the IGMP Group information is expired e Last Reporter Client IP address that sends the last membership report Status DVMRP This menu is used to display the DVMRP protocol status DVMRP Neighbors This menu is used to display the information on the DVMRP neighbor whose information is exchanged DYMRP Neighbors 65 a e Neighbor Address IP address of DVMRP Neighbor e Interface VMRP VIF name e Uptime Time passed after being connected e Expires Left time until the Neighbor connection information is expired DVMRP Prune Information This menu is used to display DVMRP Prune items DYMRP Prune Information TG ea iL 4 lt lt 4 1 1 100 F 01 59 06 Ort P Pruned H Host D Holddown N NeghMFC I Init e Source Address Host Ip address that sends multicast packets e MaskLen Mask length of DVMRP Prune e Group Address Multicast group address e State Flags that display the DVMRP Prune status Refer to the description on the lower side e FCR Cnt DVMRP Forwarding Cache count e Expires Time passed after the DVMRP Prune information is created e RexXmit Left time unti
37. 3 Table of Contents a Management The administrator can start terminate the RMON service on the RMON gt Management menu If clicking the Run button the RMON service starts If clicking the Stop button the RMON service stops RMON Management The administrator can start stop the RMON service RMON Management Activity Displays the operational status of the current service Action Select whether to start stop 134 CITE My Info Menu Click My Info on the upper right of Web to identify the administrator information Enter the target Tel no E mail address and desciption into the input fields and click the Save button Enter the target password into the Password field and click the Save button Then the login password is modified Last setting 1s restored even if the system reboots O My Infomation Login ID Login IP Login Time Last Login IP Last Login Time Last Logout Time Tel no E mail address Password Password Confirm Description admin 192 168 0 126 2006 1 9 6 3 192 168 0 13 2006 1 9 5 3 2 a J Save Cancel Item Login ID Login IP Login Time Last Login IP Last Login Time Last Logout Time Tel no E mail address Password Password Confirm Description Description Displays login ID Displays login IP Displays time when login occurs Displays last login IP Displays last login time Displays last logout time Telephone No E mail address
38. 30 descr zebos 7 2 1 zeb05 7 2 1 rcl customer 2005 9 27 11 24 30 SO05 o 27 accepted smux peer oid SNMPv2 SMI eanterprises 3317 1 2 5 11 24 30 descr zebos 7 2 1 2eb05 7 2 1 re1 customer 2005 9 27 11 24 30 2S005 9 2 accepted smux peer oid SNMPv2 SMI enterprises 3317 1 2 5 11 24 30 descr zebos 7 2 1 2eb05 7 2 1 re1 customer 2005 9 27 Li 24 30 ROOT LOGIN on console login session opened for user toor by fuid 0 login snmpd smux accept accepted fd 12 from 1l27 0 0 1 32775 snmpd snmpd smux accept accepted fd 11 from 127 0 0 1 32774 snmpd snmpd smux_ accept accepted fd 10 from 127 0 0 1 32773 snmpd accepted smux peer oid SNMPy2 SMI eanterprises 3317 1 2 10 descr zebos 7 2 1 e6b05 2 1 snmpd rel customer 2005 9 27 LI gab E 2005 9 27 smus_accept accepted fd 9 from 127 0 0 1 32772 snmpd 11 24 28 Git Geto Geren 1 etd Geet as 120 a Download This page allows downloading the system log that is currently saved Press the Download button to download the system log in the form of a compressed file Log File Management Download log file To download log files Click the Download button I DHCP Server System gt DHCP Server Configuration The Configuration menu allows setting of various configuration items in the DHCP Server Pool Name Network Address and Range Address are all required fields in DHCP Server configuration General Options Poo
39. 92 168 0 1 gt Lge LEE a L LE LEa d o ILE gt Lgs loa Lz Laza LL cee Eve LDE a a L LAZ LE LLE gt Ae LE e o L ICMP PING NO med ICMP PING NIX NO med TE LEE FING BSOtYpe med INFO TELNET access med ICMP Echo Reply med INFO TELNET access med WEB MISC SSLv3 invalid med WEB MISC SSL 3 invalid Selecting Search Condition Since the conditions are not displayed dependently the administrator cannot obtain a CHECK result that satisfies all conditions Configuration This page allows the configuration required for the IDS module The administrator can set up the network monitored by IDS detection level rule file to be used at the IDS module etc Select Device The administrator can set up a network to monitor For IDS module the interface is WAN and the protocol monitors only for a static network Therefore if the network status is in UP the administrator can select a check box as the check box is activated Select Device Ethernet0 Etherneti E Ethernet 105 e Set Detection Level amp Type The intrusion type is classified into High Medium and Low according to the risk level The administrator can set up the intrusion detection level as alert is generated when an intrusion exceeding the level occurs In addition the administrator can set up the associated operation for each level If setting up a block this block is associated with the block module So if an intrusion correspondi
40. Configuration t Certificate Management El LTP Configuration Management El PPTP Configuration Management El STATUS Pe See L2TP PPTP Menu Description IPSec Configuration Sets up IPSec Management Allows Inhibits execution of IPSec Sets whether to execute IPSec when the system reboots Certificate Generates or deletes a certificate L2TP Configuration Sets up L2TP Management Allows Inhibits execution of L2TP Sets whether to execute L2TP when the system reboots PPTP Configuration Sets up PPTP Management Allows Inhibits execution of PPTP Sets whether to execute PPTP when the system reboots STATUS IPSec Checks if IPSec tunnel is properly connected L2TP PPTP Checks if L2TP PPTP is properly connected Setting up VPN Client in Windows XP 2000 Setting up VPN client in MS Windows is required when IPSec and PPTP are set in the VPN menu in the OfficeServ 7400 Data Server For detailed information on setting method refer to Appendix A 84 CITE IPSec IP Security Protocol IPSec provides security services in the IP layer through implementing Internet Key Exchange IKE The security service is categorized into two services depending on remote equipment the services providing security tunnels between local subnet and remote subnet and between local subnet and remote host Even if IPSec can be set up to provide a security tunnel between local host and remote host the GWIM board is used for a gatewa
41. P Server DHCP Server Management Stop Run 122 Se Lease Info The Lease Info window shows the active Lease information DHCP Leases Usage root wame Network Total used Usage DHCP Leases Information eae Lease Starts DHCP Relay Agent DHCP Relay Agent is used for applying one DHCP server to multiple Subnets Therefore when DHCP Server and DHCP Client are in different networks each other the DHCP Client allows allocating an IP from IP Configuration DHCP Relay is configured by assigning the interface to be relayed and registering DHCP Server Designate an interface which is relayed from the list of the activated interfaces by using the Add button If pressing the Delete button on the list the interface is deleted To save the list of DHCP Server enter the IP address that the DHCP Server is using and click the Add button Interface List Configuration cne O aromen Sawai Lise i i i 123 a Management This page starts stops the DHCP daemon DHCP Relay Agent Management Stop Run Time Configuration Synchronize the date and time of the system on the Time Configuration menu of the System through a network or manual configuration NTP Config Select Time Configuration gt NTP Config and set up Time Server to synchronize the information on the time server date and time Current Time indicates the current time of the system NTP Server Status indicates th
42. PoE Select PPPoE if your Internet service account uses PPP over Ethernet login protocol such as in ADSL account DHCP Select DHCP if your Internet service account uses Dynamic IP assignment such as a Cable Modem account e LAN The following protocol types can be selected in LAN Private Select to assign the internal network numbers based on private IP address Public Select to assign the internal network numbers based on public IP address e NONE Select when the corresponding interface is not used 10 e The detailed setup in accordance with the selection of each field is as follows WAN gt Static IP Select the WAN Static IP category to display the following configuration window The details by fields are as follows WAN Static IP Ethernet Interface 192 168 18 100 255 255 0 0 1500 Byte Gateway Default Gateway Transparent Proxy e WAN Static IP IP Enter the public IP address assigned to the current network interface Network Enter the netmask address of the current network interface Gateway Enter the public IP address received from Internet Service Provider or the IP address of a router Default Gateway Mark the check box in the Default Gateway field to select the default gateway interface when two interfaces are used for the external network Transparent Proxy Proxy ARP is used when hosts or networks are added in the Transparent Proxy field U
43. Server Configuration Management Lease Info El DHCP Relay Agent Configuration Management El Time Configuration NTP Contig Manual Contig Timezone Upgrade Appl Server Reboot DB Config Manages the current configuration DB of GWIM Admin Config Sets up the authentication of the manager Log Configuration Sets up whether to generate a log for each item Report Searches the system logs stored currently Download Downloads the system logs 117 a DB Contig DB Config Configuration System DB Import a Export Export the current system db Default Change the current system db to default system db Import Restore a previously saved database Export Saves the existing DB Default Restore the DB to factory defaults After defaulting the DB the adminstrator should access the web manager using one of the default IP addresses such as 10 0 4 1 through the LAN port Admin Contig This function sets up the authentication server of the system login It sets up the Local Radius and Taccas authentication server Select the target authentication method and click the OK button Then the setting is applied and the setting page for the selected authentication method is displayed Login Policy Set Policy Local C Radius P jaceas Local Change the Local Password Enter new password and click the OK button to change the Local Password of the system Category Configuration New Password Contirm New
44. TATIC oS deele too 2ao2os O 0 eae tos ad Ethernetl Ethernet INT PRIM STATIC Oro Oe 25a cles clon el Serial Seriali Name Server Server 1 168 126 63 1 Server 2 166 126 62 2 22 a NLB Select the Network menu The submenus will be displayed in the upper left side of the window as follows Network El Network Etherneto Etherneti Ethernet2 Seriald v 35 Seriali HSST DAS Network Link ARP Network Status E NLE Configuration Management El utility Ping The GWIM supports 5 external WAN interfaces The system can distribute the Internet access traffic to each external interfaces by using the NLB function For effective access traffic balancing the system uses the Weighted Round Robin method The NLB menu is used for the setup of the Network Load Balancing function Configuration Network gt NLB gt Configuration Network Load Balance Configuration MLB Weight etho 1 MAT Status Enable Static Configuration 23 e Network Load Balance Configuration The Network Load Balance Configuration is valid when at Leaset two network interfaces are specified as the external network interface For example if T1 private line and ADSL line are selectively connected to Ethernet 0 Interface eth 0 and Ethernet 1 Interface eth 1 the higher weighted value is given to the eth 1 connected with ADSL line that its bandwidth is relatively bigger and the lower weighted value
45. VoIP Service menu The submenus will be displayed in the upper left side of the window as follows VoIP Service El oIP Service t Management El oIP Status VoIP OB WoIP MAFT List Configuration Sets up VoIP Service VoIP Status VoIP NAPT Status VoIP Service VoIP Status Displays the configuration status of VoIP service Displays the configuration status of VoIP NAPT VoIP Service Management The Management menu is used to enable or disable the VoIP service VoIP Service Management Activity Current VoIP service status Action Command that currently can be executed WAN interface can be selected Last setting is restored even if the system reboots When the information on the selected WAN interface is changed WAN interface is automatically set VoIP NAPT Management oO etho EXTERNAL STATIC 192 168 158 100 ethi INT_PRIV STATIC alaam Ao a b O eth2 EXTERNAL STATIC 20 0 0 2 Serialo EXTERNAL Cisco HDLC 22 0 0 2 Seriall 111 a Category Interface Usage Type of each interface Protocol Protocol type of each interface IP IP of each interface VoIP DB The VoIP DB menu allows displaying the current information on the OfficeServ 7400 system VoIP Database MCP Connected 165 213 176 10 00 00 f0 ff 74 49 ibis Slots Status MAC Address Cabinet Call Server Displays the type of call server 7400 Status Displays the status of each card and phone IP Display
46. a Enterprise IP Solutions OfficeSery 7400 GWIM User Manual Every effort has been made to eliminate errors and ambiguities in the information contained in this guide Any questions concerning information presented here should be directed to SAMSUNG TELECOMMUNICATIONS AMERICA 1301 E Lookout Dr Richardson TX 75082 telephone 972 761 7300 SAMSUNG TELECOMMUNICATIONS AMERICA disclaims all liabilities for damages arising from the erroneous interpretation or use of information presented in this guide e Samsung Telecommunications Publication Information SAMSUNG TELECOMMUNICATIONS AMERICA reserves the right without prior notice to revise information in this publication for any reason SAMSUNG TELECOMMUNICATIONS AMERICA also reserves the right without prior notice to make changes in design or components of equipment as engineering and manufacturing may warrant Copyright 2006 Samsung Telecommunications America All rights reserved No part of this manual may be reproduced in any form or by any means graphic electronic or mechanical including recording taping photocopying or information retrieval systems without express written permission of the publisher of this material Trademarks Enmiormrise OF Sokitinenrs OfficeSery is a trademark of SAMSUNG Telecommunications America L P WINDOWS 95 98 XP 2000 are trademarks of Microsoft Corporation PRINTED IN USA CITE INTRODUCTION Purpose This document in
47. ace Select the target IGMP interface and select All Then all interface configuration values are applied e IGMP Query Interval Cycle of sending IGMP Membership Query e Max Response Time Maximum time of waiting a response after sending Membership Query 59 Table of Contents IGMP Interface Information This menu is used to display the IGMP interfaces IGMP Interface Information uer Max Res Address I Querier Address Q Y J p Interval Time 125 10 ntf 100 1 2 10 24 rd2 100 1 2 10 24 100 1 3 10 24 rd 100 1 35 10 24 125 10 e Address IGMP group address Intf IGMP interface name e Querier Address IP address of IGMP interface that sends membership query IP address of Designate Router DR e Query Interval Cycle of sending Membership Query e Max Resp Time Maximum time of waiting a response to Membership Query Configuration DVMRP This menu is used to set DVMRP DVMRP amp Help Enter a command into DVMRP field and click the OK button to execute the command DVMRP Command Help T commana O OOO arome OOOO clear ip dymrp vw route 4 B 0 0 M 60 e DVMRP Routes This menu is used to display DVMRP Route items in use DYVMRP Routes Direct 100 1 2 0 24 alae ral Y 1 00 05 10 00 00 00 Connected Directly Connected 100 1 3 0 24 IER rd3 00 03 03 00 00 00 Source Network VIF network address to which multicast packets flow Flags DVMRP route feature flag N New D Direct Connec
48. atic NAT Firewall Management onfigureton IP Filtering JRL Filtering ICMP Filtering IDS Config Log Analysis Configuration Rule Config Mail Contig Block Config Management Router IPMC General General Routes Mroutes Management Management Configuration Configuration static IGME RIP DYMRP RIP Interface DOVMRP Intf aur Interface SM Intf BGP Status List Access List Prefix List Route Mar As Path List Community Us Key Chain Status iF VoIP Service SIP ALG E VoIP Service Configuration Management Management El VoIP Status VoIP DB VOIP NAPT List Group Port Group IP Group Filter Group lass Group Policy Management System DB Config Admin Config Log Configuration Report Download El DHCP Server Configuration Management DHCP Relay Agent Contiguration Management Status Connection Sessions Statistics Protocols Monitoring urrent History Process Service Management SNMP Configuration Status Management E RMON Configuration Status Management E Time Configuration NTP Config Manual Config Timezone Upgrade Appl Server Reboot Table of Contents e Network Menu Select the Network menu The submenus will be displayed in the upper left side of the window as follows Network El Network Etherneto Etherneti Ethernet Serialf 4 35 Seriali HSS DAS Network
49. d Confirm Password Each item of the CA Certificate is defined as follows Country name Country name Two characters ex kr cn State name State name Locality name Local name Organization name Company name Organization unit name Organization division name Common name Name Email address Email Password Certificate password Confirm Password Confirming the password of certificate Verify the certificate password when deleting CA Certificate 91 a External Certificate External CA Certificate Upload CA Certificate E The uploaded items of an external certificate are defined as follows CA Certificate External certificate upload Host Certificate Host Certificate Distinguish Name Common Email Password Confirm Password The uploaded items of the external certificate are defined as follows Common name Name Email address Email address Password Certificate password Confirm Password Confirming certificate password 92 a L2TP The administrator can set up the security tunnel between a local subnet and remote host by using the Layer2 Tunneling Protocol L2TP Since it is simpler to set up than IPSec and software is provided from the Windows operating system the administrator can apply the VPN function easily Configuration In the L2TP gt Configuration menu the administrator can create modify delete retrieve the VPN tunnel data User List The me
50. d by using these service Application Server OO ono OOOO SSH FTF Telnet 126 a Reboot The administrator can reboot the system in the Reboot menu System Reboot Network will be disconnected If clicking the OK button all services are terminated and the system is rebooted The webscreen returns to the initial login window and the webscreen does not operate until the network and service are all executed after rebooting 127 e Management Menu Select the Management menu The submenus will be displayed in the upper left side of the window as follows Management El SNMP t Configuration Status Management El RMON Configuration status Management SNMP Configuration Displays the configuration items of SNMP Status Displays the SNMP configuration currently configured Management Starts Stops the SNMP service RMON Configuration Displays the configuration items of RMON Status Displays the RMON configuration currently configured Management Starts Stops the RMON services 128 a SNMP Configuration Set up SNMP in the SNMP gt Configuration menu Click the Save button to apply the configuration to the system Click the Reset button to reset the configuration currently set up by the administrator System Option Set up SNMP System Option System Option Location Contact Hame Engine ID Location Sets up the information on System Location Con
51. data transmitter Encapsulating Security Payload ESP Allows the authentication and data encryption Encryption Supporting Algorithm Hash Algorithm 3DES MD5 3DES SHA1 AES128 MD5 AES128 SHA1 AES192 MD5 AES192 SHA1 AES256 MD5 AES256 SHA1 Key life time The cycle of newly added key used for packet encryption by the repeated phase two IKE negotiation Advance PFS Selects whether to use a session key transfer security Re Key Sets whether to add a new key whether to add a new key and negotiate again in the phase 1 2 IKE Negotiation Reattempt count of key exchange when key count exchange is failed on the phase 1 IKE Connection IPSec Connection Attempt initiator Attempting a connection response Attempt to receive a connection IPSec l2tp Sets when IPSec over I2tpis is used Supports Window XP SP 2 DPD Time out Effective time when the counterparty receives a DPD packet and receive packet Delay Alive check time of the counter party Action Action after Dead Peer Detect hold Waiting for connection clear No more connection 88 a The aggressive mode only supports the authentication methods of Pre shared key and Encryption Algorithm 3DES The items use defaults and it is available to modify the value of PFS or Key lifetime for the interaction with other equipments Management The administrator allows inhibits executing IPSec services on the IPSec gt Management menu When the system is rebooted
52. e execution status of NTP Demon The Time Server is registered in the Time Server table For the registration method both IP and Domain Name methods are available But DNS Server should be set up to use Domain Name and a network should be connected to synchronize with Time Server by configuring such NTP Click the OK button to start or restart NTP demon to register Time Server NTP Configuration 2005 Sep 26 Mon 19 13 57 MTP Server Status Status Time Server Server 1 Server 2 Current Time indicates the current time of the system e NTP Server Status indicates the execution status of NTP Demon 124 a Time Server is registered in the Time Server table For the registration method both IP and Domain Name methods are available But DNS Server should be set up to use Domain Name and a network should be connected to synchronize with Time Server by configuring such NTP Manual Config The administrator can set and modify the date and time of the system to the time that the administrator wants in the menu of Time Configuration gt Manual Config If clicking the OK button after selecting the desired date and time in the table of Date Time Configuration the date and time of the system is changed to the selected date and time Check the check box and click the OK button to synchronize the date and time of the system with Call Server Manual Configuration 2005 Sep 26 Mon 21 36 43 Date Ti
53. ement In the PPTP gt Management menu the administrator can allow inhibit executing PPTP services When the system is rebooted in the execution of PPTP the PPTP service is automatically performed PPTP Management Local IF Remote IP 97 a The administrator can set up the IP range of the remote client that uses dynamic IP in the Local IP range item and set up the IP range of PPP demon responsible for remote client in the Remote IP range item The encryption method supports pap and chap Setting up IP Range The number of IPs for the Local IP range and that for the Remote IP range should be CAUTION identical For example if the number of IPs for Local IP range is 10 and that for Remote IP range is 20 only 10 calls will be set i Status Status Local Remote ISAKMP IPSEC Local IP Remote IP fAuth Protocol Subnet Subn MEM IO OEE 100 0 0 100 200 0 0 100 20 0 00 psk esp Log wf contents OOOO Check the IPSec tunnel set up in STATUS gt IPsec to insure it is properly connected Check the L2TP PPTP tunnel set up in STATUS gt L2TP PPTP to insure it is properly connected PPTP L2TP Status Local IP Remote IP PPPO 192 168 0 234 192 169 1 234 98 e IDS Menu If selecting the IDS menu The submenus will be displayed in the upper left side of the window as follows El IDS Config t Log Analysis Configuration Rule Config
54. es Select General gt Routes to retrieve the routing table of GWIM S 0 0 0 0 0 1 0 via 192 168 0 1 etho Cts 10 10 0 0 16 is directly connected eth2 127 0 0 0 8 is directly connected lo 192 168 0 0 16 170 via 192 168 0 1 etho 192 168 0 0 16 is directly connected eth Type C Network directly connected to GWIM network interface S Static network set by a administrator R Path information received from another router via RIP O Path information received from another router via OSPF protocol B Path information received from another router via BGP gt Whether to have activated routing table Network Network Netmask information of route Entry Route information 39 a Management Select General gt Management to start stop RIP OSPF and BGP services Management RIP Start on aj SPF Start BaP Start Configuration This menu is used to set static route RIP OSPF protocol and BGP Static Route Select Configuration gt Static and set a static route After setting the target item click the Save button Enter the Static Route command Static fip route 100 0 0 0 24 192 168 0 1 When the entered command is successfully executed the configuration is directly applied to lt Current Status gt of Router gt Configuration gt Static For example when entering the static route command the lt Current Status gt window is displayed as follows Current Stat
55. es from 100 to 199 or from 2000 to 2699 Destination Match Match can be set as well as the Source Match condition Any All packets Host A host Network Network range Exact match Available when ID is set to word and when match condition is set to Network Sets only the packets matched correctly with the prefix If the entered command is successfully executed the execution results are directly applied to lt Current Status gt of Router gt List gt Access List For example when Access list is entered the lt Current Status gt window is displayed as follows Current Status a ee ee ee ie permit 100 0 0 0 24 exact match 47 a Click the Delete button to delete the corresponding access list ID Access list name information Entry Access list description Prefix List Select List gt Prefix List and set Prefix list After setting the target item click the OK button Prefix List Action f Permit Deny jf Any Prefix Match r i wN N E E ET ID Sets the prefix list name Seq Sets the sequence No of the prefix list Action Allows Rejects the packets matched Prefix Match Sets the match condition Any All packets Network network range If the entered command is successfully executed the execution results are directly applied to lt Current Status gt of Router gt List gt Prefix List For example when a prefix is entered the lt Current Status gt window is displayed
56. etric Tyoe Local Preference IP Address Sets access list or prefix list for an IP to be matched Next hop Sets the Next hop IP to be matched Metric Sets the Metric to be matched Set options are as follows IP Sets next hop of the BGP table Metric Sets metric of the BGP table Weight Sets weight of the BGP table Community Sets community of the BGP table 50 a Metric Type Sets metric type of the BGP table Type 1 External Type 1 Type 2 External Type 2 Local Preference Sets local preference from BGP attribute When the match condition is met and Action is set to Permit the job corresponding to Set operation is performed If the command is successfully executed the execution result is directly applied to lt Current Status gt Current Status C E 1 match ip address test 10 set ip nest op 1 1 1 1 Sequence Matches Sets operation Sequence No of route map Entry Matches Sets operation information of route map Click the Prev button to return to the route map window mentioned above Click the Delete button to delete the selected Match Set operation As Path List Select List gt As Path List and set AS Path access list of GWIM BGP Enter the target value and click the Save button As Path otio O O O parameter OOOO fte st Permit C Deny 100 Sets AS Path access list name 51 a Action Decides whether to allow reject if the BGP route informatio
57. f leaf Filter dey voip spg_root spg_leaf Click the Add button of the SPQ Class Group list in the lt Class Group gt window Then the window that can set SPQ class group appears If Class Type is set to leaf the window displayed is as follows Set the ID and filter of leaf class and click the OK button SPQ Class Group ID lear Class Type root f leaf Filter Apply Prien aon p eter 400 dey_voip 400 ALL REMOVE REMOVE ALL When the Class type is set to root the window is as follows Set the root class ID and child class and click the OK button SPQ Class Group let t i i sSS Class Type root leaf High none Middle Low 71 a Class Type Configuration window depends on the type of the class to be set root Sets the root class Leaf Sets the leaf class High Sets the leaf class whose priority will be set to high Middle Sets the leaf class whose priority will be set to middle low Sets the leaf class whose priority will be set to low Filter List Sets the filtering rule for the target traffic in the target class SPQ CN SPQ queue is the simplest queuing method The priority of the leaf class can be set to NOTE high middle or low From the highest priority service is provided HTB Class Group HTB Class Group List neme type arentpriel mru Rate cot Burst f churst_ te root root 10 Mbps C leaf leaf root 5 5 Mbps dev_yoip
58. f the entered command is successfully executed the execution result is directly applied to lt Current Status gt of Router gt Configuration gt BGP For example when the BGP command is entered the lt Current Status gt window is displayed as follows Current Status Router BGP router bop i00 network 100 0 0 0 24 45 Help Select the argument corresponding to the BGP command Clicking the Argument item displays all arguments corresponding to the command Select an argument from them BGP Basic After entering each item and clicking the OK button the configuration values are displayed in the lt Current Status gt window BGP Basic AS number E S N Ges l ebgp multihop next hop self network sy U W a redistribute O connected O static O rip O ospf neighbor Current Status Display the configuration information related with BGP of GWIM Click the Delete button to delete all configuration information Current Status Router BGP router bop 100 network 100 0 0 0 24 46 a List Access List List gt Access List Access List ID word lest Action Permit C Deny O any Source Match acne ion rt E T ia Exact match M Exact match ID Sets the Access list name Action Allows Rejects the packet matched Source Match Sets the match condition Any All packets Host A host Network Network range Destination If ID rang
59. figuration To set the Filtering policy Remote Access To permit or block the remote access to the system IP Filtering To block a specific IP access URL Filtering To block the web access to the specified site ICMP Redirect To block ICMP Replay of the system 28 a NAT The Network Address Translation NAT menu is used for the assignment of a network using private IPs Management The use of NAT is set NAT Enable Disable setting OOOO Enable Disable Enable To enable the NAT function Disable To disable the NAT function Configuration The administrator can configure a network configured with private IPs A private IP can be transferred to the Internet through an authenticated IP Basic Mode This table configures a network by using the minimum value of the options required for the configuration of a private network Config Mode Basic Mode Advanced Mode Private Network Configuration Category Configuration Not Used WAN IPEN O Dynamicip PPPoE gy Etherneta k Inside C CO E ee ee Outside L E e e W mi Index Ma B 29 a WAN IP To set a general IP Set up the connected port after selecting a dynamic IP for ADSL or Cable modem Inside To enter a network address to configure a private network or select the range of netmask netmask range all Outside To enter the network address connected to WAN or select the range of netmask netmask range all
60. he location to insert the entered rule Advanced Mode The administrator can select and set up ports or protocols that are not included in the basic configuration additionally Contig Mode Basic Mode Advanced Mode Private Network Port Fonwvard Inside IF Port e mt W inane Outside hf Jf it ft mi WAN IP jt IL IO e eL aaa Define all aj C User C Range al Multi I I Protocol Insert F 31 a Port It is available to set up as only some specific ports are allowed to transfer to the outside Protocol Select a TCP and UDP protocol For All both TCP and UDP should be set up Configuration List displays the current setup status Configuration List Set OOO Mo Entry Static NAT This window allows the administrator to connect the PC which has a private IP on the internal system to the outside The administrator can designate the port range and the port is mapped by 1 1 Static NAT Category Configuration Inside IP Port WAR TPs Port Protocal Insert Configuration List Seng OOO Mo Entry Inside IP Port To set an IP connected to the outside and a port WAN IP Port To set a port to be connected to the configured WAN IP Protocol To select a protocol Insert To select a location to insert the entered rule 32 a Filter The administrator can set up the filtering for the traffic forwarding through the system Management Filter Enable Disable
61. ices that the setups of Port Forward and Static NAPT menus are required In addition the Fixed IP are used for the VPN services that the setups of WAN IP addresses are needed When Changing DB If the DB is changed in OfficeServ 7400 GWIM the system restarts When Using a Private Key The private key is provided with the package The private key allows accessing SSH from the outside Thus only trusted administrators should use the key When Deleting Internet Temporary Files If GWIM package is upgraded Internet temporary files should be deleted Select Internet Explorer gt Tools gt Internet Options menu and click the Delete Cookies and the Delete Files buttons in Internet Temporary Files area If these files are not deleted the webscreen of GWIM may not be normally displayed VI CIEI TABLE OF CONTENTS INTRODUCTION 1 FOSS penenr i A cs S eco cee ese es eee se ences eee ees Document Content and OrganiZation ccccccccccssesseeeceeeeeeeeeseeeceesesaeeeeeeeeeesssaaaeeeeeees CC CIN SONI ees cio inknn a KENNA DEANA nK NA ADNANA NEA Se sic casas A KNER dite seas detonate ese once aces II Console Screen Output ereiaro e AAE E II PRET SI ea E E II Revision IFISLONY erca r iera a Ea Eiai III SAFETY CONCERNS IV VIO ONS srna EE REE E EEEE IV CUO ersa E AEA EA ERSA Ea V CHAPTER 1 Overview of OfficeServ 7400 GWIM 1 Introduction to OfficeServ 7400
62. ion upgrade package for TFTP gwim logdb img vx xx logdb partition upgrade package for TFTP gwim flash1 img vx xx Fusing file for the first flash memory gwim flash1 img vx xx sum gwim flash2 img vx xx Fusing file for the second flash gwim flash2 img vx xx sum memory e GWIM Installation Insert the GWIM into an open slot in the OfficeServ 7400 cabinet 2 Connect a PC to port 1 3 of the GWIM module You will need to configure your TCP IP settings to match the corresponding default IP address of the GWIM shown in step 3 3 Using Internet Explorer navigate to one of the folling IP addresses to access the management interface of the GWIM The IP initial value of the GWIM board is set as follows e Port 1 10 0 0 1 24 https 10 0 0 1 e Port 2 10 0 1 1 24 https 10 0 1 1 e Port 3 10 0 2 1 24 https 10 0 2 1 Caution for the Use of a Web Browser The version of the Internet Explorer should be 6 0 or higher for the maintenance of CAUTION GWIM Other web browsers are not supported a Getting Started Start Internet Explorer and enter the IP address of the GWIM into the address bar The login window shown below will appear OfficeServ 7400 is enterprise IP solutions made by samsung Electronics It provides integrated solutions for you Password Save Your ID O 2 Log in using the administrator ID and password The following window will appear The GWIM menu
63. itiate a ping test The Destination IP item is used to enter the destination address of a remote host to check if communication is being established Enter the target information into the Destination IP item and click the Run button Then a ping test is executed 26 Table of Contents Only one destination IP can be tested of each time and the radio button of the IP to be tested is checked The radil button of the destination IP on the top is default PING 192 168 0 1 192 168 0 1 from 192 168 18 100 56 84 bytes of data 64 bytes from 192 168 0 1 icmp_seq 1 ttl 64 time 0 279 ms 64 bytes from 192 168 0 1 icmp _seq 2 ttl 64 time 0 129 ms 64 bytes from 192 168 0 1 icmp_seq 3 ttl 64 time 0 129 ms 192 168 0 1 ping statistics 3 packets transmitted 3 received 0 loss time 1998ms rt minfavg maxmdey 0 129 0 179 0 279 0 070 ms 27 a Firewall Menu Select the Firewall menu The submenus will be displayed in the upper left side of the window as follows Firewall El NAT Management t Configuration Port Forward Static WAT El Filter Management Configuration Remote Access IP Filtering URL Filtering ICMP Redirect Menu Submenu Description NAT Management To select the use of NAT function Configuration To set the private IP sharing function Port Forward To set the port forwarding function Static NAT To set the static forwarding function Filter Management To select the Filter function Con
64. k module or enter a trusted IP Manage Blocked IP List Blocked IP List Manage Trusted IP List PT rrote tst Neti O Manage Blocked IP List If an intrusion is detected when the IDS module and block module are all in operation the IP of the block that is set up at Configuration Menu according to the intrusion risk is blocked to access to the system for an amount of time Manage Blocked IP List shows the list of IP that the access is blocked 109 a Manage Trusted IP List The administrator can register a trusted IP Enter the IP and netmask and click the OK button to register Check the IP list that is already registered and click the Delete button to delete the list The IP registered in this page is not blocked even in the abnormal status defined at IDS Management In this page the administrator can set up the operation of the IDS module and block module IDS Management Block Management Status Running Status that the module is in operation Stopped Status that the module is not in operation Action If clicking the Run button the module operates If clicking the Stop button the module stops operating Block time When detecting an intrusion in the block module the relevant IP is listed on the block list and the system access is blocked for a configured time After the configured time the IP is reLeased from the block list and can access to the system 110 a VoIP Service Menu Select the
65. l Name Network Address Range Address O i DE Lease Time Ours o mm Minutes LJ Infinite Group Number Client ID Vendor ID Domain Name Default Router Hast Fixed Address IP DAS Server WINS Server Current Running Configured Information Sa J aroument OO Mo Entry 121 e The configuration options are as follows Pool Name Sets up the name of Pool to distinguish from the other Pools Network Address The value of a Network to be set up The value is classified into IP type and Netmask Range Address Sets up the range of IP addresses that DHCP Server allocates to DHCP Client Enter the first last IP addresses to be allocated in order to designate the range Lease Time Sets up the duration to Lease an IP address to DHCP Client The default is 1Days Client ID Sets up Client Identifier Vendor ID Sets up Vendor Class Identifier Domain Name Sets up Domain Name Default Router Sets up IP address of Default Router Fixed Host Sets up Name of Host Address MAC Sets up MAC address of a specific client IP Sets up IP Address to be allocated DNS Server Sets up DNS Server WINS Server Sets up WINS Server Fixed Address are used for allocating a fixed IP address for a specific client Press the Delete button after checking the target Pool in order to delete Check the target pool and click the Edit button for modification Management This page allows managing the operation of DHC
66. l retransmission PIM SM This menu is used to display the neighbor list of PIM SM protocol PIM SM Neighbors e Neighbor Neighbor IP address e Intf IP address of VIF connected with neighbor Uptime Time passed after being connected with neighbor Expires Left time until the Neighbor connection information is expired e Ver Version of the PIM SM protocol used for the connection e DR Priority Designate Router DR priority of neighbor e DR Displays whether the neighbor is Designate Router DR 66 CE Te QoS Select the QoS menu The submenus will be displayed in the upper left side of the window as follows El Group l Port Group IP Group Filter Group Class Group Policy Management Group Port Group Retrieves sets edits or deletes a port group Retrieves sets edits or deletes an IP group Retrieves sets edits or deletes a filter group Retrieves sets edits or deletes a class group Policy Le Sets a class for a port Management Aa Starts or stops the execution of a QoS and sets to execute when the system reboots Group The Group menu is used to retrieve set edit or delete a port group an IP group a filter group or a class group Port Group Select Port Group to retrieve set edit or delete a port group Port Group List ie Portioo 67 a Click the Add button in the above window to display a window from which a port group can be set Port Group Catego
67. le Screen Output The lined box with Courier New font will be used to distinguish between the main content and console output screen text e Bold Courier New font will indicate the value entered by the operator on the console screen CITE Reference OfficeServ 7400 General Description OfficeServ 7400 System Description introduces OfficeServ 7400 and describes the system information necessary for the understanding of this system such as hardware configuration specification and functions OfficeServ 7400 Installation Manual OfficeServ 7400 Installation Manual describes the conditions necessary for the installation of the system and how to inspect and operate the system OfficeServ 7400 Programming Manual The OfficeServ 7400 Call Server Programming Manual describes the method of using the Man Machine Communication MMC program that changes system settings by using phones Revision History EDITION DATE OF ISSUE REMARKS 00 05 2006 Initial Release e SAFETY CONCERNS For product safety and correct operation the following information must be given to the operator administrator and shall be read before the installation and operation Symbols Caution Indication of a general caution Restriction Indication for prohibiting an action for a product Instruction Indication for commanding a specifically required action CITE AN CAUTION For Security
68. lignment Error Compressed Number of compressed packets Multicast Number of multicast packets 80 a Protocols Select Statistics gt Protocols and display GWIM network statistics of each protocol Unit Byte Network statisics by protocols 18461967 15866041 34328008 ICMP 14820017 14621615 29641632 TEP Saga cia Ee al 70803 UDP 11 raf ISLS alize Monitoring This menu is used to display GWIM network statistics in real time or display as accumulation value of a certain period Current This menu is used to display GWIM network statistics in real time and the data is updated every 5 seconds Rate Bytes Sec Devices Received Transmitted Trans Recy Ethernet 0 Zro a513 2249 Ethernet 1 D o E Ethernet 2 Sel 0 Serial O 0 o E Serial 1 D 81 a History This menu is used to display CPU use available memory capacity and network statistics of GWIM as the accumulation value on an hourly weekly monthly and yearly Accumulated Monitoring Graph CPU Utilization O Free Memory Ethernet Interface Selection Check Ethernet 0 Ethernet 1 Ethernet 2 Services This menu is used to display the status of the Security Router and Management services provided by GWIM in a table format If Auto Start is set to On the services are provided automatically while the system reboots If Activity is set to Running the service is being performed If Activity is
69. ly to community list If the entered command is successfully executed the execution results are directly applied to lt Current Status gt of Router gt List gt Community List For example when as path access list is entered the lt Current Status gt window is displayed as follows Current Status ie expanded test permit no advertise Delete al ID Community list name Entry Community list information Click the Delete button to delete the target community list entry Click the Delete All button to delete all community list entries of the name 53 a Status RIP This menu is used to display the RIP connection status and information RIP Information F 20 0 1 024 0 0 eal SA ILa L rdz2 eee F 30 0 1 0 24 rd R 192 168 0 0 16 S001 Il DPL rde2 024r Network Displays network information Next Hop Next Hop address of the RIP route that sends neighbor Metric Metric information From Displays the address being connected If Displays interface information Time Update time OSPF This menu is used to check the OSPF connection status and information with the other party s router OSPF Information Neighbor ID Neighbor ID of the other party s router Pri Priority Status Displays the connection process Dead Time Displays the dead time Address Address of the other party Interface Interface connected 54 a BGP This menu is used to check the BGP connection status informa
70. mber of neighbors connected to DVMRP VIF e Remote Address Address of the other party in case of Tunnel or Point to Point type Peer Address PIM SM This menu is used to set PIM SM PIM SM amp Help Enter the target command into the input field of PIM SM and click the OK button nlia Help Command sparse mode bsr rp set 62 a PIM SM Basic This menu is used to set BSR and RP of PIM SM protocol Mark the check box on the right and enter the configuration values Click the OK button to apply the values Mark the check box of the target item and click the Delete button PIM SM Basic eee Ta RP Address s2 BE faz roo Ta RF Candidate etho zz PriorityfO 255 Wo BSF Candidate etha 20 MaskLen O0 32 1o00 PriorityfO 2554 e RP Address When setting static RP enter the IP address of RP e RP Candidate When setting RP Candidate select VIF and enter the target priority Low value has high priority e BSR Candidate When setting BSR Candidate select VIF and enter the target Mask Length and Priority High value has high priority BootStrap Information This menu is used to display the information on BootStrap router BootStrap Information BootStrap Information PIM Bootstrap information This system is the Bootstrap Router BSR BSR address 192 168 0 99 Uptime 00 00 04 BSR Priority 100 Hash mask length 30 Expires 00 02 06 Role Candidate BSR State Pending BSR Candidate RP
71. me Configuration 2005 E ser Y 26 21 E 36 E Timezone The administrator can change Time Zone by selecting the timezone corresponding to the administrator from the Time Configuration gt Timezone menu Select the desired area city or GMT in the areas separated by GMT and click the OK button to modify the timezone information of the system Time Configuration 125 a Upgrade Upgrade the Kernel and Ramdisk in the PC Upgrade menu For the types of upgrade there are TFTP Method and File Transmission Method through HTTP as well as Local Method that uploads the administrator s PC Select Package Upgraded Select Upgrade Method TFTP HTTP O Local O When upgrading a package the package version should be entered in the type such as v0 19 in the Package Version field For TFTP HTTP enter the address of the TFTP HTTP server and click the OK button For Local method the relevant package file should exist in the administrator s PC Click the OK button after selecting the file In the TFTP HTTP method the files of the relevant version are searched automatically and downloaded but for Local method the entered version name and file name to upload should be identical If Package Version is v0 19 the file name is gwim pkg v0 19 tgz Appl Server The Appl Server menu manages the services of SSH FTP and Telnet and it is available to connect to the GWIM boar
72. n exists that meets the match condition Match Sets normally match condition If the entered command is successfully executed the execution results are directly applied to lt Current Status gt of Router gt List gt As Path List For example when as path access list is entered the lt Current Status gt window is as follows Current Status i ee G permit 100 Delete Al This menu is used to display the information on the as path access list set in GWIM ID As path access list name Entry As path access list information Click the Delete button to delete the entry of the selected as path access list Click the Delete All button to delete all as path access list entries of the corresponding name Community List Select List gt Community List and set Community List of GWIM BGP Set the target value and click the Save button Community List Ite st Expanded Standard Permit Deny C Ss No Advertise 52 a ID Sets Community list name Expanded When normally community list is set Standard When community list with selected format is set Action Sets whether to allow reject the community to be matched Match No Advertise Do not distribute path to the neighbor router No Export Do not distribute path to an external neighbor router Local AS Do not distribute path to the neighbor router of the lower AS located at BGP combination network In other cases set normal
73. ncapsulation type as PPP Protocol in the Encapsulation field to display the PPP Configuration table Specify the value for each field and click the OK button to store the configuration PPP Configuration Keep 4live Interval fac 1 100 Default 10 Max Keep Alive Count a 1 100 Default 6 C PAP CHAP f Mone Authentication Mame Password IPCP Dynamic IP L tenable IP Address negotiation at IPCP layer IP Address Jase r jiss Jaco 2 z4 Gateway 92 ss l Jaco E Default Gateway W The Gateway is a Default Gateway e Keep Alive Interval Time interval to check Keep Alive e Max Keep Alive Count Count of Keep Alives to estimate as the disconnection e Authentication Information for PPP authentication PAP CHAP and None Authentication method Name and Password Administrator ID and Password IPCP Dynamic IP Use of Dynamic IP function to support IPCP e IP Address IP Address of the serial port e Gateway Gateway IP Address Peer Address of the serial port e Default Gateway Mark the check box to set this gateway to default gateway This item is displayed if WAN is set Frame Relay Configuration Set the Encapsulation type as Frame Relay protocol to display the Frame Relay Configuration table Specify the value of each field and click the OK button to store the configuration Frame Relay Configuration LMI Type f ANSI SCC C None Keep Alive Interval Jao S30 seconds Default 10 H331 l 1 255 full
74. nd and Inbound NAT Network Address Translation PT Protocol Translation function Access control for internal resources via the conversion between common IP and public IP e Firewall function Access control from the outside by Extended Access List e Intrusion Detection System IDS function Detection and report of the access for the access control area by the access list Recognition and notification of illegal packets by applying the basic intrusion rule for packets Detection and block of DoS attack such as SYN Flood e Virtual Private Network VPN function VPN gateway function based on Point to Point Tunneling Protocol PPTP Layer 2 Tunneling Protocol L2TP and Internet Protocol Security protocol I PSec Confidentiality and integrity functions via VPN tunneling and data encryption Data Network Application Functions e Data network application functions such as NAT PT firewall VPN DHCP and Application Level Gateway ALG Use of Application Software operating in GWIM board e ALG function Support to operate the security function and smoothly pass the VoIP packets by implementing the AIG function for signaling and media traffic e DHCP Server function Auto configuration of network environment for the IP equipment in another functional block of the OfficeServ 7400 system e DHCP Relay function Function to connect the IP equipment in another functional block of the OfficeServ 7400 system
75. ng to the relevant level is detected the relevant IP is blocked not to prevent to access to the system for a configured time Refer to Block Config If setting up Mail alerts are transferred when a mail is transmitted Refer to Mail Config Set Detection Level amp Type Prin a medium to C Block C Block C Block Mail Mail Mail 106 a IDS Rule Configuration This page allows setting up the rule file to be used in the IDS module IDS Rule Configuration local rules bad traffic rules esploit rules scan rules finger rules Tio rules telnet rules roc rules rservices rules dos rules ddos rules dns rules ttp rules web cgirules web caldfusion rules wWeb is rules web frontpage rules web misc rules web client rules Wweb php rules sql rules 11 rules icmp rules netbios rules misc rules attack responses rules oracle rules mysghrules samp rules smtp rules imap rules pop rules pops rules nntp rules other ids rules web attacks rules backdoor rules shellcode rules policy rules porn rules Info rules Icmp into rules WIrus rules chat rules EEE HEHEHE HHH HHH EHH A multimedia rules p2p rules experimental rules Pressing the OK button after selecting the desired rule activates all of the selected rule sets By checking the check box on the top of each column all rules in the relevant column will be selected Click the Default button to select the default rules 107 Table
76. nt T7 e Status Select the Status menu The submenus will be displayed in the upper left side of the window as follows Status El Connection t Sessions El Statistics Devices Protocols El Monitoring Current History Process Service Menu Submenu Description Connection Sessions Displays the information on the IP and port connected to GWIM Statistics Devices Displays GWIM network statistics by classifying Tx and Rx of each device Protocols Displays GWIM network statistics of each protocol Monitoring Current Provides the GWIM network statistics in the table format in real time History Displays the GWIM network statistics on an hourly weekly monthly yearly basis Process Displays the information on processes being operated in GWIM Services Displays service status in a table format by classifying various functions provided by GWIM into Security Router and Management 78 Connection The Connection menu is used to display the GWIM session connection status Sessions This menu is used to display the information connected to GWIM Session list DP 165 213 110 41 1503 UNREPLIED 165 213 57 65 5025 UDF i27 0 0 1 1106 ASSURED Ler dai snmp UDP LaS Laai WE Th 1503 UNREPLIED ISI dass ziza UDF Lae Sa dL IE Th 1503 ASSURED UE eed ake ee UDP earen 3424 UNREPLIED 299 200 eel ae are snmp domain TCP TER TEP TCF TCP TEF ee 127 0 0 1 LA On ed eee ATE alk TI alge TS al
77. nu buttons are defined as follows Add Create a PPTP administrator Delete Delete a PPTP administrator Edit Modify a PPTP administrator information Add If clicking the Add button on the lt L2TP administrator list gt window the following window appears Enter each item and click the OK button to create a L2TP administrator User Add ID Password Confirm Password Auto IP Allocation Static IP Allocation 93 a Administrator ID composed of certain letters ID Password Shared password Dynamic IP Enter dynamic IP to remote client Static IP Enter static IP to remote client Enter IP address Edit Click the Edit button from the lt Administrator List gt window Then the window below appears Enter each item value and click the OK button to edit VPN tunnel data User Mod ID Password Confirm Password Auto IP Allocation Static IP Allocation 94 a Management In the L2TP gt Management menu the administrator can allow inhibit executing PPTP services When the system is rebooted in the execution of L2TP the L2TP service is automatically performed L2TP Management Stop Run Local IP i92 fies esa fos Remote IP fsz fica f2sa for oa Method The administrator can set up the IP range of the remote client that uses dynamic IP in the Local IP range item and set up the IP range of PPP demon responsible for remote client in the Remote IP range item
78. o the Interface Type setup of Ethernet setup Interface Type Co WARY LAN NONE Serial Basic The Serial Basic table sets the basic information of Serial Interface Select one of the Serial Protocols in the Encapsulation field of this table to display the configuration window Serial Basic Serial Interface Name Serialdo Physical Line Type Whos hTT Wt Jaso0 128 1500 Default 1500 Encapsulation Cisco HDLC i PPP Frame RPelay e Serial Interface Name Name of the current serial port e Physical Line Type Physical line type of the current serial port e MTU Maximum size of the packet to transfer at once e Encapsulation Serial protocol to be used Cisco HDLC Configuration Set the Encapsulation type as Cisco HDLC to display the Cisco HDLC Configuration window Specify the value for each field and click the OK button to store the configuration Cisco HDLc Configuration Eeep 4live Interval Jio C1 100 Default 10 4 Keep Alive Timeout 1 100 Default 25 IP Address Hoo z E 24 Gateway zoo E Default Gateway e Keep Alive Interval Time interval to check Keep Alive e Keep Alive Timeout Time to estimate the failure of Keep Alive e IP Address IP Address of the serial port e Gateway Gateway IP Address Peer Address of the serial port e Default Gateway Mark the check box to set this gateway to default gateway This item is displayed if WAN is set 15 CE Te PPP Configuration Set the E
79. of Contents Rule Config The administrator can update the rule set file used in the IDS module to the latest version The following window shows the version of the current rule set file and the reLeased date Current Rules Information Rules Information Current version w 1 151 Release Date 2005 03 02 15 45 04 Th administrator can manulally update the rule set by clicking the Browse button and KN selecting a new Rule Set to upload NOTE Mail Config Set SMTP Server IP The administrator can enter an E Mail address to receive the SMTP Server IP and alert record Up to 10 E Mail addresses can be entered Set SMTP Server IP Server s IP 108 a Set Time for Sending Mail The administrator can set up the time to send an email Set Time for Sending Mail Category Configuration Moia et Send Mail Now If clicking the button in the Now category an email is sent to the e mail address stored above the recorded alert Select One Time to send a mail at the relevant time The other items are used to check if there is an alert and send to Mail at the configured time daily weekly or monthly SMTP Server IP Configuration If you are not receiving an email verify the SMTP Server IP or retrieve the IDS log in CAUTION System gt Log If there is no recorded alert an email was not sent Block Config In this page the administrator can view the block list applied to the bloc
80. on h BGP dampening is activated gt best route i Indicates the network entered by IBGP Nexthop address of the BGP route sent from neighbor MED value of BGP neighbor Local Preference Default is 100 Weight allocated in prefix Local route default is 32768 The default of the sent route is 0 Displays the list of AS path that should be passed to go to the network corresponding to the prefix Origin code information Information received by the network command e Information received via EGP Information received by redistribution 56 e IPMC Select the IPMC menu The submenus will be displayed in the upper left side of the window as follows E General t Mroutes Management El Configuration IGMP DAMIR DVMRP Intt PIM SM PIM SM Intt E Status IoMP Groups DY MRP PIM SM Ea General Displays Multicast Routing Entry Starts Stops IPMC protocol demons Configuration Displays or changes IGMP configuration Displays or changes DVMRP default configuration Displays or changes VIF of DVMRP Displays or changes PIM SM default configuration Displays or changes VIF PIM SM Status Displays IGMP Group information Displays DVMRP neighbor and Prune information Displays PIM SM Neighbor information 57 a General Mroutes This menu is used to display multicast routing entries being shown in this window Mroutes 100 1 1 11 224 1 1 100 00 00 08 00 03 22 F I
81. p to 128 Proxy ARPs can be set in the OfficeServ 7400 system without the change of the existing network To add entries click the Add button and enter the following IP address and netmask To delete entries select the entry to be deleted and click the Delete button IP Alias Is used to add up to 32 IP addresses To add entries click the Add button and enter the following IP address and netmask To delete entries select the entry to be deleted and click the Delete button 11 a WAN gt PPPoE Select the WAN PPPoE field to display the following setup window Enter ID and Password of the ADSL account that is assigned from the ISP providing ADSL service based on dynamic IP WAN PPPoE Authenation I linnopia Password eveece Check the Option check box in the lower section to display Method MTU and DNS setup window El Option Method any MITU i492 byte DNS f Auto Manual The details by fields are as follows e Method Authentication Method e MTU Input of the maximum transmission frame size default 1412 DNS Auto Automatically receives DNS information from ISP manual Does not receive DNS information 12 a WAN gt DHCP WAN gt DHCP field is automatically set without a special setup field Therefore press the OK button to complete the setup For cable modem service that requires detailed setup mark the check box in the Option field to display the detailed set
82. rt VLAN Identification STP Spanning Tree Protocol SMTP Simple Mail Transfer Protocol SNAT Source Network Address Translation SNMP Simple Network Management Protocol SPQ Strict Priority Queuing TFITP Trivial File Transfer Protocol 137 e VLAN Virtual Local Area Network VolP Voice Over IP VPN Virtual Private Network 138
83. ry Configuration VoIP E 10000 ma z00nq Enter the target ID and port No and click the Save button Click the Add button to add a port and click the Delete button after marking the checkbox to delete the target port ID Name of the port group Should include both letters and numbers Group ID shall start only with letters not numbers No blanks should be left in between characters Port Port range Enter 0 to set all ports 68 a IP Group Select IP Group to retrieve set edit or delete an IP group IP Group List O ame ie Wen Dane 10 0 0 100 32 Click the Add button in the above window to display a window from which an IP group can be set IP Group I Develope_Team IF E i92 ies fo fo za Enter the target ID and port No and click the Save button Click the Add button to add an IP and click the Delete button to delete the target IP ID Name of the IP group Should include both letters and numbers Group ID shall start only with letters not numbers No blanks should be left in between characters IP IP address Used for entering subnet Used for entering the range of IPs Enter 0 0 0 0 0 to set all ports 69 e Filter Group Select Filter Group to retrieve set edit or delete a filter group Filter Group List ca If dev_voip is registered as the filter group as shown above the filtering rule is as follows
84. s IPs of each card and phone MAC Address Displays MAC addresses of each card and phone MGI Slots Displays the slot of the MGI card ITP Index Displays the index of ITP Phone WIP Index Displays the index of WIP Phone Port Displays the port of ITP WIP Phone TEL NUM Displays the phone number of ITP WIP Phone 112 e VoIP NAPT List VoIP NAPT Status displays NAPT items for VoIP communication on the VoIP NAPT List menu It connects 64 internal ports and external ports to each MGI card through one to one mapping The external ports for the VoIP service in GWIM provide UDP port 60000 61343 total 1344 and the internal ports using VoIP are assigned in MCP So the following information on the following window shows the current status that the VoIP terminals connect to the external environment through the firewall of GWIM VoIP For NAPT Status Public IP External IP to communicate with the external environment GWIM instead of the internal VoIP terminal in the system WAN Interface IP of GWIM Public Start Port Port number for external IP to communicate with external media instead of VoIP terminal in GWIM WAN Interface IP ports of GWIM Configured with total 64 ports 1 1 mapping with Internal Port Public End Port Last external source port number Configured with 64 external ports for each MGI Internal IP Internal IP that VoIP terminals uses inside firewall of Data Server IPs of VoIP terminals Internal Start Port Port number
85. s are displayed in the upper part of the screens Select each menu to display its submenus on the left section of the screen For more detailed information for each menu refer to Chapter 3 Using OfficeServ 7400 GWIM of this document The default administrator name is admin and the default password is root Exterprme P Sottors OfficeServ 7400 Home My Info Logout Network Firewall Router IPMC QoS Status YPN IDS VoIP Service SIP ALG System Management Interface Type WAN C NONE Protocol Type Static IP PPPoE DHCP WAN Static IP Ethernet Interface IP Netmask MTU Gateway Default Gateway Transparent Proxy i SE O Netmask IP Alias a OOOO me OOOO OOOO O Netmask O Add Delete J Click the Logout button on the upper section of the screen to close the connection to the GWIM system This chapter describes how to use the menus of OfficeServ 7400 GWIM CHAPTER 3 Using OfficeServ 7400 GWM The configuration of OfficeServ 7400 GWIM menus are as follows Network Network EthernetO Ethernet Ethernet 1 35 SerialO seriall HSSI ci NLB Configuration Management Utility Ping IPSEC Configuration ertiricate Management E L2TP Sonfiguration Management El PPTP Configuration Management STATUS Ipsec L2tp pptp Firewall E NAT Management Sonfiguration Port Forward St
86. sc Set a desired Qdisc for the Leaf Qdisc parameter when setting the Parameter lowest level class Scheduling Changes the bandwidth of the class based on day and hour Parameter Click the Add ort Delete button to add or delete Because of the attribute of QoS layer the class to be set may be the highest class Root Class or the lowest class Leaf Class In addition the class to be set is classified into Parent class and Child class 75 a Policy The Policy menu is used for setting a class for a port Enter the following items and click the Save button to select a class for a port Device want E QDISC Type C SPQ HTB R2O Root Class Default Class QDISC Type Root Class Default Class WAR 1 LAN WANS SERIAL Device Selects a port ethO eth1 eth2 V 35 or HSSI QDISC Type Selects QDISC to be applied to the port R2Q R2Q is used as a variable for calculating the amount of Deficit Round Robin DRR Bps r2q Root Class Class connected to the port Select the class group from the class group list Default Class This class defines the bandwidth for incoming traffics that are not applicable to all filtering rules Select the class group from the class group list 76 a Management This menu is used to execute stop and re execute QoS In addition this menu is used to execute or stop the execution of the Scheduling Parameter set in QoS gt Group gt Class Group QoS Manageme
87. set to Stopped the service stops Security This menu is used to display the current status of the Security service provided by GWIM Security MAT Network Address Translation Running Filter Running PPTP Point to Point Tunneling Protocol Stopped IDS Intrusion Detection System Stopped L 2TP Layer 2 Transfer Protocol Stopped IPSEC IF Security Stopped 82 a Router This menu is used to display the current status of the Router service provided by GWIM Router RIP Routing Information Protocol Running OSPF Open Shortest Path First Running BGP Bolder Gateway Protocol Running DYMRP Distancd Vector Multicast Routing Protocol Stopped PIM SM Stopped Application This menu is used to display the current status of the Application service provided by GWIM Application MoS Quality of Service Stop SIP ALG Session Initiation Protocol Stop WTP Network Time Protocol Stop DHCP Dynamic Host Configuration Protocol Stop SSH Secure Shell Running Telnet Running FTP File Transfer Protocol Stop Management This menu is used to display the current status of the Management service provided by GWIM Management Network LoadBalance Stopped Accumulated Network System Monitoring Running SNMP Simple Network Management Protocol Stopped 83 e VPN Menu Select the VPN menu The submenus will be displayed in the upper left side of the window as follows YP E IPSec
88. site to deny Time Set To set the time to apply the filtering rule ICMP Redirect Administrators can deny the INTERNET CONTROL MESSAGE PROTOCOL ICMP Replay packet Select the target interface and enable the interface to apply to this table ICMP Redirect Etherneto Enable Disable Etherneti C Enable Disable Ethernete Enable f Disable 37 Router e Select the Router menu The submenus will be displayed in the upper left side of the window as follows Router El General t Routes Management El Configuration Static RIP RIP Interface OSPF OSPF Interface BtsP El List Access List Prefix List Route Map 4s Path List Community List Key Chain El Status RIP OSPF General Configuration Routes Management Static RIP Interface OSPF OSPF Interface BGP Displays the routing table of GWIM Starts or stops RIP OSPF and BGP Sets a static route Sets RIP Sets RIP interface Sets OSPF protocol Sets OSPF interface Sets BGP 38 a List Sets Access list Sets Prefix list Sets Route map Sets BGP AS path list Sets BGP Community list Sets the key used for authentication of RIP v2 Status RIP Displays RIP network information Displays OSPF neighbour information BGP Displays the Neighbor status connected with the BGP network information General This menu is used to start stop RIP OSPF and BGP services or to retrieve the routing table of GWIM Rout
89. splayed on the ARP List window Use the Refresh button and the Delete button to update and delete the current ARP table respectively ARP List Ethernet f EthernetO Etherneti Ethernet 2 R y E E E E reachable 192 168 0 120 00 09 74 11 11 11 reachable 192 168 0 1 00 09 74 00 10 03 e Type ARP status e IP IP address sent ARP e Mac Mac address sent ARP Static ARP Add static ARP add The Static ARP Add window is used for the addition of static ARP e Ethernet Ethernet to add static Mac e IP IP address to be added e Mac Mac to be added 20 a ARP Age Time The ARP Age Time window is used for the setup of the cycle at Leaset 600 sec unit sec to delete the unused ARP in the ARP table ARP Age Time ARP refresh The ARP Refresh window is used for the modification of the changed ARP information in the ARP table of a route or a host when the network is changed In the host or the route with the destination IP the Mac with the current source IP is updated into the Ethernet Mac of the OfficeServ 7400 system ARP Refresh Ethernet Ethernet to be changed e Source IP IP to be changed Destination IP host or Mac to be changed 21 HomePage Table of contents Network Status Select the Network Status submenu to display the Network Status window The window displays the access network of each Ethernet interface and its information Network Status Etherneto EXTERNAL S
90. status polling counter Default 6 N3392 3 1 10 LMI error threshold Default 3 M393 fa 1 10 LMI monitored event count Default 4 e LMI Type LMI type of Frame Relay e Keep Alive Interval Time interval to check Keep Alive 16 e N391 Cycle to request all status information The information on all status is requested at every cycle specified in the N391 field As usual only Keep Alive is exchanged e N392 Count of Keep Alives to estimate as the disconnection e N393 Buffer size to record success failure of Keep Alive The value of N393 should be bigger than that of N392 PVC Interface Select the Frame Relay protocol to display the PVC Interface table Enter the value of each field and press the Add button to create new PVC PWC Interface DLZI c fis 16 100F73 c IF Address isz Ess koo IE g z4 Gateway Esz faes oo fa Default Gateway W The Gateway is a Default Gateway PTT WI soa C126 1500 Default 15007 e DLCI Number of DLCI a type of network address IP Address IP Address to be used by PVC e Gateway Gateway IP Address Peer Address of PVC e Default Gateway Mark the check box to set this gateway to default gateway This item is displayed if WAN is set e MTU Maximum size of the packet to transfer at once To edit the setting of a specific PVC select the target PVC from the list and enter the target information into each item Click the Edit button P C Interface OLCI
91. tact Sets up the information on System Contact Name Sets up the information on System Name Engine ID Sets up the information on System Engine ID Community Add new community used in SNMP v1 2c Community New Community name SY Community Network ff mi Access Read Only O Read Write New Community name Fill in new community name to add Community Network Set up new community network to add Access Set up the access authority 129 a SNMPv3 Administrator Add SNMPv3 Administrator Add allows adding a administrator to be used at SNMP v3 SNMPv3 User Add Liser Name User Password Authentication Encryption Access Read Only Read Write Administrator Fill in new administrator s name to add Name Administrator Fill in new administrator s password 8 alphanumeric Password characters Authentication Set up authentication method Encryption Set up ciphering method Access Set up access authority Trap Manager This window is used to set up IP address to transmit a trap Up to five addresses can be designated IP Address O oro amie eae Community Name IP Address Set up new Trap IP Address to add Community Name Set up a community to be used for transmitting to the Trap IP Address added 130 a Status The function is used for retrieving the SNMP configuration in the SNMP gt Status menu If clicking the Delete button the item that the administra
92. ted H Hold down Intf VIF name to which multicast packets flow Neighbor DVMRP neighbor IP address that provides information on DVMRP route Metric DVMRP route Metric distance value Uptime Time passed after using the DVMRP route item Expires Left time until the DVMRP route item is expired DVMRP Intf This menu is used to add or set DVMRP VIF RD Interface This menu is used to add L3 interface where an IP address is set to DVMRP VIF Select the target interface to be added to VIF from the Interface item enter the target value and click the Add button RD Interface a OO O arume OO Interface etho aj 192 168 17 100 16 Reject Non pruners D ido not allow old version OVMRP neighbors Metric p 1 31 e Interface Select the target L3 interface Reject Non pruners Non pruners indicate the neighbors that only support DVMRP with the previous version Mark if this is not communicated with the DVMRP with the previous version e Metric Metric distance value to be used for multicasting routing by VIF 61 a DVMRP Interfaces This menu is used to display the configuration DVMRP VIF To delete a specific VIF check the check box on the left and click the Delete button DVMRP Interfaces O 1 rd2 100 1 2 10 24 BCAST N A a rds 100 1 3 10 24 BCAST O N A 7 Intf DVMRP VIF name e Address IP address of DVMRP VIF e Type DVMRP VIF type Tunnel Point to Point Broadcast e Neighbor Count Nu
93. tion e Introduction to OfficeServ 7400 GWIM OfficeServ 7400 provides the following functions Router Functions e Path management and queuing function of data packets for external WAN and internal LAN e Static and dynamic routing functions Support of Routing Information Protocol version1 RIPv1 RIPv2 Open Shortest Path First version2 OSPFv2 Border Gateway Protocol 4 BGP4 routing protocol e Dynamic Host Configuration Protocol DHCP Point to Point Protocol over Ethernet PPPoE client function in Ethernet WAN interface e Encapsulation function of High level Data Link Control HDLC PPP and Frame Relay in Serial WAN interface Support of IP multicast Support of IGMPv1 nternet Group Management Protocol version1 IGMPv2 protocols Support of Distance Vector Multicast Routing Protocol DVMRP Protocol Independent Multicast Sparse Mode PIM SM multicast routing protocol e Access interface function for WAN 3 Gigabit Ethernet port For WAN or LAN interface 2 Serial WAN port For data private line service by connecting to DSU or CSU which is data line equipment support of V 35 1 port and HSSI 1 port e Network Load Balance NLB function Function that equally distributes the load by setting several gigabit Ethernets or serial interfaces into WAN and increases the availability by automatically sharing the load with other lines when a line is not operated Data Network Security Functions e Outbou
94. tion and BGP routing table information BGP Information BGP Router ID ele dere JU ers Local 45 Number 100 BGP Table Version BGP AS PATH Entries BGP Community Entries Total Neighbor BGP Router ID Current system router ID Sets to the IP address that is the highest in the IPs set in loopback when an address or a loopback that is the highest from the IP addresses is used Local AS Number Local AS No set by a administrator BGP Table Version BGP table change version information BGP AS PATH Entries Number of AS PATH Hash tables used in BGP BGP Community Number of Hash table of community attribute used in BGP Entries Total Neighbor Total sum of BGP neighbor Neighbor IP address of the neighbor router V Version No used by neighbor AS AS No of neighbor MsgRcvd Message number received from neighbor MsgSent Message number sent from neighbor TblVer Latest BGP database version sent from neighbor InQ Number of messages that should be received from neighbor and processed 55 a OutQ Up Down State PfxRcd Network Nexthop Metric LocalPrf Weight Path Number of messages sent to neighbor Displays the path time when BGP session is finished Displays the status when BGP session is not finished Number of BGP routes via neighbor or peer group or BGP current status Displays network information Status code information s Indicates the suppressed network Indicates proper network informati
95. tor has selected by marking on the check box is deleted If clicking the Reset button all check boxes are initialized SNMP Config Information The administrator can retrieve the SNMP configuration System Infomation Location Seoul Korea Contact support Mame OS 400 G5IM Engine ID GSIM Community Name Community Net private local Read Write public anynet Read Only root Fead Write F LSS fete D LES 162 System Displays the information set up at System Options Information Select Selects information to delete Community Name Displays the community name Community Net Displays the configured name of the Community Network Community Displays the access authority of the configured community Access Administrator Displays the configured administrator s name Name Access Displays the access authority of the configured administrator Trap IP Displays the configured Trap IP Trap Port Displays the configured Trap Port 131 a Management The administrator can start stop the SNMP service on the SNMP gt Management menu If clicking the Run button the SNMP service starts If clicking the Stop button the SNMP service stops SNMP Management Running SNMP Management allows the administrator to start stop the SNMP service Activity Displays the operational condition of the current service Action Selects whether to start stop RMON Configuration RMON gt Configuration If clicking
96. troduces the OfficeServ 7400 Data Server an application module of the OfficeServ 7400 and describes procedures for installing and using the software Document Content and Organization This document consists of three chapters an abbreviation which are summarized as follows CHAPTER 1 Overview of OfficeServ 7400 GWIM This chapter briefly introduces the OfficeServ 7400 GWIM CHAPTER 2 Installing OfficeServ 7400 GWIM This chapter describes the installation procedure and login procedure CHAPTER 3 Using OfficeServ 7400 GWIM This chapter describes how to use the menus of the OfficeServ 7400 GWIM ABBREVIATIONS Abbreviations frequently used in this document are described CITE Conventions The following types of paragraphs contain special information that must be carefully read and thoroughly understood Such information may or may not be enclosed in a rectangular box separating it from the main text but is always preceded by an icon and or a bold title WARNING Provides information or instructions that the reader should follow in order to avoid WARNING personal injury or fatality CAUTION Provides information or instructions that the reader should follow in order to avoid a CAUTION service failure or damage to the system CHECKPOINT Provides the operator with checkpoints for stable system operation NOTE Indicates additional information as a reference Conso
97. up field To enter a vendor ID or fetch the DNS information check Auto WAN DHCP DHCP Click OK button to start Gl Option Vendor ID DNS Auto Manual LAN gt Private IP Enter the IP address and the netmask value to be assigned to the network interface connected to the internal network in the IP field and the netmask field of the LAN Private IP table below The IP Alias field is the same as the corresponding input field displayed when selecting WAN gt Static IP After the completion of the setup click the OK button LAN Private IP Ethernet Interface IP io fo fo lfa Netmask 255 255 255 fo MTU Byte 13 a LAN gt Public IP Enter the IP address and the netmask provided by ISP The IP Alias and the Transparent proxy field is the same as the corresponding input field displayed when selecting WAN gt Static IP After the completion of the setup click the OK button LAN Public IP Ethernet Interface IP Netmask MTU Byte Transparent Proxy OO m OO e OOOO OOOO netmask O IP Alias NONE NONE is selected when the corresponding interface is not used NONE Disable network interface 14 CE Te Setup for Serial0 V 35 and Serial1 HSSI Interface Type The Interface Type table is configured in the same way as that of Ethernet tablesin the previous sections Refer t
98. us nie 0 0 0 0 0 1 0 via 192 168 0 1 etho Sc 00 0 1 0 24 1 0 via 192 166 168 200 etho 40 a Help Select the argument corresponding to the ip route or no ip route command Click Argument to display all arguments corresponding to the command Current Status Displays the current static table from the GWIM Displayed information is identical to Router gt General gt Routes Type S Static network ser by a administrator gt Whether to include activated routing table Network Network Netmask information of route Entry Route information RIP Configuration gt RIP Enter the RIP command If the entered command is successfully executed the execution result is directly applied to lt Current Status gt of Router gt Configuration gt RIP RIP Help Select the Argument corresponding to the RIP command Clicking the Argument item displays all arguments corresponding to the command default information originate 41 Se RIP Basic After selecting each item click the OK button Then the applied value is displayed in the lt Current Status gt window RIP Basic Version f 2 default redistribute T connected O static C ospf C bgp network a o E Bo Displays the command configuration currently entered Current Status Router RIP router rip network 192 165 0 0 24 redistribute static RIP Interface Configuration
99. y not a host Thus this service is not used Since IPSec setting requires two gateways for a security tunnel local configuration and remote configuration have the same items IPSec Tunnel Mode OfficeServ 7400 Data Server only supports the IPSec Tunnel mode NOTE The transport mode is not supported In addition if the WAN interface is used for SERIAL IPSec is not supported Since a SERIAL line is used for a dedicated line IPSec is not required for the security Config On the IPSec gt Configuration menu the administrator can add delete and search an IPSec tunnel IPSec Connection The menu buttons are defined as shown below Add Creates IPSec tunnel Delete Deletes IPSec tunnel Edit Modifies IPSec tunnel data 85 e Add Click the Add button from the lt IPSec Connection gt window to display the window below Enter the value of each item and click the Add button to add an IPSec tunnel Category Local Settings Remote Settings Connection ID KXXX IP i92 168 18 100 H 211 feiz 22 Router IF jicz faces fa fk Subnet IP EC Subnet Mask 255 255 255 fo Authentication Method Connection ID ID composed of certain letters Required IP Address External IP address Required Router Router IP address Subnet IP Internal IP address Subnet Mask Internal subnet mask RSA Key Selects host authentication method Preshared Key RSA Key Public key is RSA key of Local settings Click
Download Pdf Manuals
Related Search