User Manual
Contents
1. 1S ae ee ee eee ee 56 oe FS EE EE EE T 58 SE Add EG EEE EE EE sias oea aa 61 VIL VPN Coda 63 Zu Display All VPN SUMMEN irinse iini E EE ENE a i i 63 742 Gateway to Gateway VPN avse NO i 66 21 TUNNEL SQUID inna EE e EEE a a A 67 TSN l3 Fie VPN AGANG a eo E 78 7 3 Client to Gateway amp Group VPN rrrnrrsnvresssnrrnnssnvrenssnvrnnsssvvrnsssvvrnnnssvvrrnsssvvesssnvrenssnnrrnsssnvresssnvrenssvnvenee 79 FT ANN 81 TS YPN PSTN NN 83 VL NN NSM 85 DE COME I E A E PE AA E A E A A OE A A 87 TEEN 87 JESS ETE ES 1 EE EEE 89 TT ENN 90 9 4 AN PT 92 Nie LOC OUI een 96 Appendix I VPN NN og Secs ces cccsrec tose ve caneas a a a a a boeetegoeces 97 Appendix II Qno Technical Support Information ccssssssssscccccccsscsssscccssssscsscccscccccccscscssees 101 IV ND your future life 2 WAN 3 LAN VPN Firewall I Introduction 2 WAN 3 LAN VPN Firewall referred as VPN Firewall hereby is a small business local branch and government and school department level router that high efficiently integrates full function VPN firewall with well worth it s value This VPN Firewall has two WAN ports and also provides high proformance dual line Intelligent Load Balancing which supports exteral connections of WAN prot Besides Internet connection capacity is satisfied with the spec of most bandwidth marketing Moreover the second WAN port can be a configurable hardware DMZ port In addition VPN Firewall has 3 10 100 Bazs T TX Ethernet2. Green LED blinking Packets are transmitting through Green light at the Ethernet port right of the port 100M Speed Amber Green LED on Ethernet is running at 100Mbps Green LED off Ethernet is running at 10Mbps Amber light at the left of the port Connect Green Green LED on WAN is connected and gets the IP address Reset Action Description Press Reset Button For 5 Secs Warm Start DIAG indicator Amber LED flashing slowly Press Reset Button Over 10 Secs Factory Default DIAG indicator Amber LED flashing quickly System Built in Battery A system timing battery is built into VPN Firewall The lifespan of the battery is about 1 2 years If the battery life is over or it can not be charged VPN Firewall will not be able to record time correctly nor synchronize with internet NTP time server Please contact your system supplier for information on how to replace the battery Attention Do not replace the battery yourself otherwise irreparable damage to the product may be caused Installing VPN Firewall on a Standard 19 Rack ND INO your future life Attention In order for the device to run smoothly wherever users install it be sure not to obstruct the vent on each side of the device Keep at least 10cm space in front of both the vents for air convection 2 2 VPN Firewall Network Connection as 6 Ea XDE a Hub Switch nd PC Hub Switch Server Internet WA
3. Remote Security Group Type 7 2 2 IPSec Setup 2 WAN 3 LAN VPN Firewall This option allows users to set the remote VPN connection access type The following offers a few items for remote settings Please select and set appropriate parameters 1 IP address This option allows the only IP address which is entered to build the VPN tunnel Remote Security Group Type p aseress J C Reference When this VPN tunnel is connected computers with the IP address of 192 168 2 1 can establish connection 2 Subnet This option allows local computers in this subnet can be connected to the VPN tunnel Remote Security Group Type P Address 192 168 2 o Subnet Mask 255 255 Reference When this VPN tunnel is connected only computers with the session of 192 168 2 0 and with subnet mask as 255 255 255 0 can connect with remote VPN If there is any encryption mechanism the encryption mechanism of these two VPN tunnels must be identical in order to create connection And the transmission data must be encrypted with IPSec key which is known as the encryption key The device provides the following two encrypted Key Management They are Manual and IKE automatic encryption mode IKE with Preshared Key automatic By using the drop down menu select the desired encryption mode as illustrated below Key Mode When users set this VPN tunnel to use any encryption and authentication mode users must set the par
4. When this VPN tunnel is connected only computers with the session of 192 168 1 0 and with subnet mask as 255 255 255 0 can connect with remote VPN 3 IP Address Range This option allows connection only when IP address range which is entered after the VPN tunnel is connected Local Security Group Type Reference When this VPN channel is connected computers with the IP address range between 192 168 2 1 and 192 168 1 254 can establish connection This setting offers three operation modes which are Domain Name FQDN Domain Name E mail Address USER FQDN Email Address Microsoft XP 2000 VPN Client Microsoft XP 2000 VPN Client end 1 Domain Name FQDN Domain Name If users select Domain Name type please enter the domain name to be authenticated FQDN refers to the combination of host name and domain name that are available on the Internet i e vpn Server com The domain name must be identical to the status setting of the client end to establish successful connection 80 ND your future life 2 WAN 3 LAN VPN Firewall Remote Client Domain Hame FQDH Domain Name 2 E mail Addr USER FQDN E mail address If users select this option only filling in the E mail address allows access to this tunnel Remote Client E mail Address USER FADH r E mail address al 3 Microsoft XP 2000 VPN Client Microsoft XP 2000 VPN Client end If users select XP 2000 VPN Client end status users do
5. fore 220 1350 108 59 DONS j updated successfully EnoDDW org cn QnoDDHS org cn 0 0 0 0 DENS function ie disabled or Noa Internet connection DDNS Check either of the boxes before DynDNS org 3322 org DtDNS com and QnoDDNS org cn to select one of the four DDNS website address transfer functions User name The name which is set up for DDNS Input a complete website address such as abc qnoddns org cn as a user name for QnoDDNS Password The password which is set up for DDNS Host Name Input the website address which has been applied from DDNS Examples are abc dyndns org or xyz 3322 org 43 ONO your future life 2 WAN 3 LAN VPN Firewall Internet IP Address Input the actual dynamic IP address issued by the ISP Status An indication of the status of the current IP function refreshed by DDNS Apply After the changes are completed click Apply to save the network configuration modification Cancel Click the Cancel button to cancel the modification This only works before Apply is clicked 4 7 MAC Clone Some ISP will request for a fixed MAC address network card physical address for distributing IP address which is mostly suitable for cable mode users Users can input the network card physical address MAC address O00 xx xx xx xx xx here The device will adopt this MAC address when requesting IP address from ISP Logout Advanced Setting gt MAC
6. we are going to introduce Gateway to Gateway VPN setting 66 ND your future life 2 WAN 3 LAN VPN Firewall 7 2 1 Tunnel Setup The following instructions will guide users to set a VPN tunnel between two devices VPN gt Gateway to Gateway Tunnel No E Tunnel Mame Enable 7 Tunnel No To set the embedded VPN feature please select the Tunnel number This device supports up to 5 VPN tunnel settings Tunnel Name Displays the current VPN tunnel connection name such as XXX Office Users are well advised to give them different names to avoid confusion should users have more than one tunnel settings Note If this tunnel is to be connected to any other VPN device not VPN firewall some device requires that the tunnel name is identical to the name of the host end to facilitate verification This tunnel can thus be successfully enabled Enabled Click to Enable the VPN tunnel This option is set to enable by default Afterwards users may select to enable this tunnel feature Local Group Setup This Local Security Gateway Type must be identical with that of the remote type Remote Security Gateway Type Local Group Setup Local Security Gateway Type from Paddress 220 iso fies gt Local Security Group Type subnet IP address fio fo fro fo Subnet Mask 255 255 pss fo Local Security This local gateway authentication type comes with five 67 ND your future l
7. while specific IP designation is not necessary input O in the IP boxes Destination In the boxes input an external static IP address For example if IP connections to destination IP address 210 11 1 1 are to be ND your future life 2 WAN 3 LAN VPN Firewall restricted to WAN1 the external static IP address 210 1 1 1 210 1 1 1 should be input If a range of destinations is to be assigned input the range such as 210 11 1 1 210 11 255 254 This means the Class B Network Segment of 210 11 x x will be restricted to a specific WAN If only specific Service Ports need to be designated while a specific IP destination assignment is not required input O into the IP boxes Interface Enable gt To activate the rule Add To List To add this rule to the list Delete To remove the rules selected from the Service List Select the WAN for which users want to set up the binding rule selected application Click Apply to save the modification Click Cancel to leave without making any change but only it works before you click apply button Add or Remove Service Ports If the Service Port users want to activate is not in the list users can click Add or Remove Service Ports from Service Management to arrange the list as described in the following 19 ND your future life 2 WAN 3 LAN VPN Firewall Service Manarement Microsoft Internet Explorer ll Servi
8. works before Apply is clicked The Router will distribute the bandwidth as 60 the highest and 10 the lowest If you set the service port 80 as High priority the router will give 60 bandwidth to the port 80 In the other hand if you give the port 21 as Low priority the device will only give it 10 bandwidth The remained 30 bandwidth will be shared by the other service 2l ND your future life 2 WAN 3 LAN VPN Firewall Quality of Serice Type Rate Control Priority TIGGE C wam C wane Service Direction Priority Enable SMTP TCP25 25 v service Management Add to list POPS TORA 10 110 Upstream High VWah1 2 ShowTables Apply Cancel Select on which WAN the QoS rule should be executed It can be a single selection or multiple selections Service Port Select what bandwidth control is to be configured in the QoS rule If FTP uploads or downloads need to be controlled select FTP Port 2121 Refer to the Default Service Port Number List Direction Upstream Means the upload bandwidth for Intranet IP Downstream Means the download bandwidth for Intranet IP Server in LAN Upstream If a Server for external connection has been built in the device this option is to control the bandwidth for the traffic coming from outside to this Server Server in LAN Downstream If there are web sites built in the Intranet this option is to control the upload bandwidth for the co
9. 0 1 10 254 254 254 to go only through WAN1 while WAN2 is not to support these destinations users should select this option When the WAN1 connection is interrupted packets for 10 0 0 1 10 254 254 254 cannot be transmitted through WAN 2 and there is no need to remove the connection when WAN 1 is interrupted 2 Remove the Connection If an ISP connection failure is detected no error message will be recorded in the System Log The packet transmitted through this WAN will be shifted to the other WAN automatically and be shifted back again when the connection for the original WAN is repaired and reconnected This option is suitable when one of the WAN connections fails and the traffic going through this WAN to the destination IP should go through the other WAN to reach the destination In this way when any of the WAN connections is broken other WANSs can serve as a backup traffic can be shifted to a WAN that is still connected Detecting Feedback Servers Default Gateway The local default communication gateway location such as the IP address of an ADSL router will be input automatically by the device Therefore users just need to check the option if this function is needed Attention Some gateways of an ADSL network will not affect packet detection If users have an optical fiber box or the IP issued by ISP is a public IP and the gateway is located at the port of the net caf rather than at the IP pro
10. 80 the service port of WWW is Port 80 to access the internal server directly In the configuration page if a web server address such as 192 168 1 2 and the Port 80 have been set up in the configuration this web page will be accessible from the Internet by keying in the device actual IP address such as http 220 130 188 45 This is VPN Firewall legal IP address At this moment the device actual IP will be converted into 192 168 1 2 by Port 80 to access the web page In the same way to set up other services please input the server TCP or UDP port number and the virtual host IP addresses Port Range Forwarding Service IP Address Enable fall Traffic TCPRUDP 1 65535 10 10 10 E Service Management Add to list Delete selected application Service To select from this option the default list of service ports of the virtual host that users want to activate Such as All TCP amp UDP 0 65535 80 80 80 for WWW and 34 i GJE your future life Internal IP Address Enable Service Management Add to list 2 WAN 3 LAN VPN Firewall 21 21 for FTP Please refer to the list of default service ports Input the virtual host IP addresses To activate this function Add or remove service ports from the list of service ports Add to the active service content Add or Remove Service Ports The services in the list mentioned above are frequently used services If the servi
11. Authentication MDs I I pos Encryption Key fT Authentication Key If the Manual mode is selected users need to set encryption key manually without negotiation It is divided into two types Encryption KEY and Authentication KEY Users may enter an exchange password made up of either digits or characters The systems will automatically transcode what users entered into the exchange password and authentication mechanism during the VPN tunnel connection This exchange password can be made up of digits and characters up to 23 Moreover the exchange strings for Incoming SPI and Outgoing SPI must be Tq ND your future life 2 WAN 3 LAN VPN Firewall identical to those of the connected VPN device For the Incoming SPI parameters users must set it the same with the Outgoing SPI string of the remote VPN device And the Outgoing SPI string must be the same with the coming SPI string of the remote VPN device 7 2 3 VPN Advanced IKE Preshared Key Only Advanced Aggressive Mode Keep Alive MetBlos broadcast MAT Traversal qaaa Dead Peer Detection DPE Interval 5 seconds Aggressive Mode This mode is mostly adopted by remote devices The IP connection is designed to enhance the security control if dynamic IP is used for connection If this option is selected in the connected VPN tunnel the device supports IP Payload Compression Protocol Keep Aliv
12. Clone want 7 7 4 1 zo f f e i User Defined WAN1MAC Address 5 00 e 01 80 00 120020 is Detault 00 De a0 00 02 15 MAC Address fromthisPC 40 0b ee 40 bf ff WANZ User Defined WAN MAC Address 00 de 1280 oo ete Defaut 00 06 30 00 02 18 MAC Address from this PC 5 4 0b ee 40 bf tf your future fire 44 p gt OON M EEE fF gt i J your future life 2 WAN 3 LAN VPN Firewall User Defined WAN The default MAC location of the current equipment MAC Address MAC Address from Current address of MAC that is connected with this PC connected device Apply After the changes are completed click Apply to save the network configuration modification Cancel Click the Cancel button to cancel the modification This only works before Apply is clicked 4 8 DHCP IP Issuing Server With an embedded DHCP server it supports automatic IP acquisition for LAN computers This function is similar to the DHCP service in NT servers It benefits users by freeing them from the inconvenience of recording and configuring IP addresses for each PC respectively When a computer is turned on it will acquire an IP address from the device automatically This function is to make management easier VPN Firewall offers a class C DHCP server with default setting to on It can provide the computer to get the IP address automatically in the LAN Like the DHCP service in the NT Server It benefits the co
13. DMZ Host Name and Domain Name Device name and domain name can be input in the two boxes Though this configuration is not necessary in most environments some ISPs in some countries may require it LAN Setting This is configuration information for the device current LAN IP address The default configuration is 192 168 1 1 and the default Subnet Mask is 255 255 255 0 Now it can support to the IP Class C network and also it can be changed according to the actual network structure Dual WAN DMZ Setting It provides a configurable WAN 2 or DMZ port First choose this port as the second WAN port or define it as DMZ mode and then keep doing the following setting DMZ Setting For some network environments an independent DMZ port may be required to set up externally connected servers such as WEB and Mail servers Therefore the device supports a set of independent DMZ ports for users to set up connections for servers with real IPs The 10 ND your future life 2 WAN 3 LAN VPN Firewall DMZ ports act as bridges between the Internet and LANS Subnet The DMZ and WAN located in different Subnets For example If the ISP issued 16 real IP addresses 220 243 230 1 16 with Mask 255 255 255 240 users have to separate the 16 IP addresses into two groups 220 243 230 1 8 with Mask 255 255 255 248 and 220 243 230 9 16 with Mask 255 255 255 248 and then set the device and the gateway in the same group with the other group in th
14. Default Rules to restore all settings to the default values and delete all the self defined settings After modification press Apply button to save the network settings or press Cancel to keep the settings unchanged 6 2 1 Add a new Rule irewall gt Access Rule M Services Action Al low Service All Traffic TCP amp UDP 1 65535 Log Hot log Source Interface rar Source F Destination IP Single me ah a a ei TM RI scheduling Apply this rule always to m 24 Hour Format IT Everyday EF sun IT mon IT tue IT Wea F Thu TT ri IT sat Action Allow Permits the pass of packets compliant with this control rule Deny Prevents the pass of packets not compliant with this control rule Service Port From the drop down menu select the service that users grant or do not give permission Service Port If the service that users wish to manage does not exist in the 61 ND your future life Management Log Interface Source IP Dest IP Scheduling Apply this rule is LO wax Day Control Apply Delete 2 WAN 3 LAN VPN Firewall drop down menu press Service Management to add the new service From the pop up window enter a service name and communications protocol and port and then click the Add to list button to add the new service No Log There will be no log record Create Log when matched Event
15. Explorer htp 200 130 186 20 B080 Dhep_tablet him IP amp MAC binding List mir IP MAC Enable TOADAD TOS O0 11 2f 5a 2030 10 1010102 OOF Stadt tt 10 10 10 50 00 09 26 65 02 98 10 4010 101 D Oc 61 00 00 00 1910 40 100 After the changes are completed click Apply to save the network configuration modification or click Cancel to leave without making any change Show Tables 48 DN your future life 2 WAN 3 LAN VPN Firewall IP amp MAC binding Last Windows Internet Es plo er 5 hitp 220 190 188 39 8080 Dhep table him IP amp MAC binding List Refresh Close E PN MAC Name Enable Edit _ 1040 140 1402 O047 31 ta dt 1t TESToOO2 Enabled Edit 0 Edt 10 10 10 103 00 11 24 5a a0 90 TESTOD Enabled Eat CO Dene km Click Edit to set binding rule 4 8 3 DNS amp WINS Server This is for checking the DNS from which an IP address has been leased to a PC port If you have specific DNS Server input the IP address of this server directly As an IP address has been leased to a PC port it also gets designated DNS Server address DHS DHS Server Required 1 h Jho NS EG Wins DNS Server 1 Input the IP address of the DNS server DNS Server 2 Input the IP address of the DNS server WINS Server If there is a WIN server in the network users can input the IP address of that server directly WINS Server Input the IP
16. PT 6 3 2 9 ES Sr Setung 1 EEE E 7 3 2 4 Advanced Setting Status wo icc ccccsssccesssssccsssssccessssecesssesecsessseceesssecesessseceeseeeeseseees 8 3 229 Firewall SENG Status cscecscizacccsacscczcarsoncetacsocanesnecdexgacnosneedbacaaatenssigeecepubvatioawasaeosbieeceGensuacteansahocuaeg 8 OVNEN 9 3 3 General SN 9 SG NE Sa EE EEE NN 9 NN VNR 14 Doe De FO EE EE EE EEE 21 EG 0 EE eet ee 29 PIT 30 AE GET GK GET en EE EE EE EE 33 4 1 DMZ Host Demilitarized Zone rerronovernannvnonnenovnrnennvernannonsnnennvnenennvnennnnvnennrnaveensnnenennsnennensnnveenene 33 2 FIN 34 4 3 UPnP Universal Plug and Play rrmsssrrnnsssvrnnnssnrrnnssnrrnnssvrnnsssnnrrnnsrnvrnnssvrnnsssnvrnsssvvrenssnvrnnsssnvrnssnnnne 37 FT RON 39 aS ETNE 40 4 6 DDNS Dynamic Domain Name Service rrmmrrrrvvvrverrerrvrrnesersrrrrnnssrserrnnsssssvrrensssrsvrrnsssssnrrnnssssvnrssee 42 ME JE 44 4 8 DHCP IP Issuing SEVERN cccsvicecsccosszcssasnnecaessantestasaseseonsactecepieustaconantassaoncedaesaace penne vataowianeedbaastedaawnieenaracenne 45 Ux Me WAC Phra 45 4 8 2 PBN 46 4 8 3 DNS amp WINS Server re 49 G GE EG 1 EEE E 49 AARE OIIE I E A E A E A seerne 51 ST NNN 51 M ND your future life 2 WAN 3 LAN VPN Firewall EEE EEE EE 52 5 3 Return to Factory Default Setting oo sccsssssccessesecsssnscessesecsssesscesserscsesersessssesesessenecs 52 5 4 NNN 53 Saro NT BA KU a AEE ENE ANE E E ATE AA EA AAA 54 LT 56 SF On ere ae 1 OL
17. address of WINS Apply Click Apply to save the network configuration modification Cancel Click Cancel to leave without making any changes 4 8 4 DHCP Status 49 ND INO your future life 2 WAN 3 LAN VPN Firewall This is an indication list of the current status and setup record of the DHCP server The indications are for the administrator s reference when a network modification is needed DHCP gt Status status DHCP Server 1010101 hmnamic IP Used 0 Static IP Used 0 DHCP Available 50 Total 50 QVMFunction i Client Table Client Host Hame IP Address MAC Address eased Hie Delete DHCP Server This is the current DHCP IP Dynamic IP Used The amount of dynamic IP leased by DHCP Static IP Used The amount of static IP assigned by DHCP IP Available The amount of IP still available in the DHCP server Total IP The total IP which the DHCP server is configured to lease Host Name The name of the current computer IP Address The IP address acquired by the current computer MAC Address The actual MAC network location of the current computer Client Lease Time The lease time of the IP released by DHCP Delete Remove a record of an IP lease 50 ND INO your future life 2 WAN 3 LAN VPN Firewall V Tool Configuration This chapter introduces the management tool for controlling the device and testing network connection 5 1 Diagnostic The de
18. and hold for more than 10 seconds The flicker of the yellow light indicates the default value is being restored Please note that this feature resets all the data on the device 52 ONO your future life 2 WAN 3 LAN VPN Firewall al Ge Tool gt Factory Default Factory De 5 4 Firmware Upgrade Users may directly upgrade the device firmware on the Firmware Upgrade page Please confirm all information about the software version in advance Select and browse the software file click Firmware Upgrade Right Now to complete the upgrade of the designated file Note Please read the warning before firmware upgrade Users must not exit this screen during upgrade Otherwise the upgrade may fail 53 ND ONO your future life 2 WAN 3 LAN VPN Firewall Logout Tool gt Firmware Upgrade EE lt CRR 2 Upgrading tirmware may take tour minutes ar more please dont turn ott the power or pressthereset Firmware Upgrad button i Setting Backup 3 Please dont close the window or disconnect the link during the upgradeprocess 4 Pladee use IER 0 r ebove for on line firmware uparade 5 5 Setting Backup Tool gt Setting Backup import configuration File HEN ai ackup Export configuration File ND your future life 2 WAN 3 LAN VPN Firewall Import configuration file This feature allows users to integrate all backup content of parame
19. future life 2 WAN 3 LAN VPN Firewall settings Please select and set appropriate parameters 1 IP address This option allows the only IP address which is entered to build the VPN tunnel Local Security Group Type IP Address P Address 192 168 1 o Reference When this VPN tunnel is connected computers with the IP address of 192 168 1 0 can establish connection 2 Subnet This option allows local computers in this subnet can be connected to the VPN tunnel Local Security Group Type Subnet IP Address l l l Subnet Mask Reference When this VPN tunnel is connected only computers with the session of 192 168 1 0 and with subnet mask as 255 255 255 0 can connect with remote VPN 3 IP Range This option allows connection only when IP address range which is entered after the VPN tunnel is connected Local Security Group Type Reference When this VPN tunnel is connected computers with the IP address of 192 168 1 0 254 can establish connection Remote Group Setup This remote gateway authentication type Remote Security Gateway Type must be identical to the remotely connected local security gateway authentication type Local Security Gateway 70 ND your future life 2 WAN 3 LAN VPN Firewall Remote Group Setup Remote Security Gateway Type IF Only Remote Security Group Type Subnet rs TTT TT IP address gt Subnet Mask 255 255 255 0
20. numbers are unsymmetrical Therefore the port numbers for this special software must be input in the Port Triggering as in the above fig 36 ND INO your future life 2 WAN 3 LAN VPN Firewall a Port Triggering Application Name Trigger Port Range Incoming Port Range o Wo of yourttture hfe Application Name Users can define names for special application software This is to make management simple Trigger Port Range Input the port numbers for data going from the device to the Internet Such as 90006600 Incoming Port Range Input the port numbers for data coming in from the Internet to the device Such as 20042005 Add to list Add the service to the active service list Delete selected To remove selected services application Apply Click the Apply button to save the modification Cancel Click the Cancel button to cancel the modification This only works before Apply is clicked 4 3 UPnP Universal Plug and Play UPnP Universal Plug and Play is a protocol set by Microsoft If the virtual host supports UPnP system such as Windows XP users could also activate the PC UPnP function to work with the device 37 ND your future life 2 WAN 3 LAN VPN Firewall UPnP Function Automatically Mapping Yes NO UPnP Mapping Service Port DNS UDP 52 gt 53 w Sery e Port Hian nyere Host Name ar IP Address Service Port Ho
21. sec the automatic balance ratio will be 2 1 Therefore to ensure the load can be really balanced please input the actual upstream and downstream bandwidth In addition the data users input will also affect the QoS configuration Please refer to QoS Configuration Protocol Binding Users can define specific IP addresses or specific application service ports to go through a user assigned WAN for external connections For any other unassigned IP addresses and services WAN load balancing will still be carried out 17 ND your future life 2 WAN 3 LAN VPN Firewall Protocol Binding Service SMTP TOP 25 25 Service Management Source IP 192 948 it 0 Destination IP bo fo fot Interface WANT Enable a Add to list appy J Cancel This is to select the Binding Service Port to be activated The default such as ALL TCP amp UDP 0 65535 WWW 80 80 FTP 21 to 21 etc can be selected from the pull down option list The default Service is All 0 65535 Option List for Service Management Click the button to enter the Service Port configuration page to add or remove default Service Ports on the option list Users can assign packets of specific Intranet virtual IP to go through a specific WAN port for external connection In the boxes here input the Intranet virtual IP address range for example if 192 168 1 100 150 is input the binding range will be 100 150 If only specific Service Ports need to be designated
22. this function 41 ND your future life 2 WAN 3 LAN VPN Firewall has been set up the Internet IP server or PC which is mapped with a LAN port will be exposed on the Internet To prevent Internet users from actively connecting with the One on One NAT server or PC please set up a proper denial rule for access as described Firewall 4 6 DDNS Dynamic Domain Name Service DDNS supports the dynamic web address transfer for QnoDDNS org cn 3322 org DynDNS org and DtDNS com This is for VPN connections to a website that is built with dynamic IP addresses and for dynamic IP remote control For example the actual IP address of an ADSL PPPoE time based system or the actual IP of a cable modem will be changed from time to time To overcome this problem for users who want to build services such as a website it offers the function of dynamic web address transfer This service can be applied from www qno cn ddns www 3322 org www dyndns org or www dtdns com and these are free Also in order to solve the issue that DDNS server is not stable the device can update the dynamic IP address with different services at the same time 42 ND your future life 2 WAN 3 LAN VPN Firewall M WAN2 DDHS Service Internet IP Address Status User name Password Internet IP Address Status Advanced Setting gt DDNS DONS Service Ea Ore User name TEsT1 528 Register Password 20090000 Host Hame 2322
23. 211 21 1377 of 0 0 192 166 353 101 UPP 16086 WAR 221 216 135 191 14372 0 0 192 166 353 101 UPP 16086 WAR 163 25 149 153 30416 0 0 192 168 3 101 UPP 16086 WAR 81 111 168 144 9749 4 G 192 168 3 101 UPP 16086 WAR 220 210 225 129 18569 T 15 192 168 3 101 UPP 16086 WAR 24 253 72 162 45076 0 0 192 1665 3 101 TCP 3637 WAR 220 130 115 245 S 0 0 Specific Port Status Enter the service port number in the field and IP that are currently used by this port will be displayed 94 ND your future life 2 WAN 3 LAN VPN Firewall specific IP Port status for Port Downstream Upstream Bytes Sec Bytes Sec 192 166 5101 TEF Ja WAR 220 150 115 246 a0 20 BO Source IP Protocol Source Port Interface WAH Dest IP Dest Port 95 ND ONO your future life 2 WAN 3 LAN VPN Firewall X Logout Click the Logout button which is to terminate VPN Firewall management meanwile it also terminates the management user interface If you want to go into this user interface please repeat the same steps and input administrator s ID and password Log gt Traffic Statistic 96 ND your future life 2 WAN 3 LAN VPN Firewall Appendix I VPN setting Sample VPN Environment Sample 1 Gateway to Gateway Head Office A Head Office B EEE WAN IP 200 200 200 200 WANIP 10010510010 xDSLWAN s i gt xDSL WAN Data Base A Data Base e e Data Base B FVA9416 SME Multi WAN FYR9416 SME Multi WAN Firew
24. B Direction Upstream Means the upload bandwidth for Intranet IP Downstream Means the download bandwidth for Intranet IP Server in LAN Upstream If a Server for external connection has been built in the device this option is to control the bandwidth for the traffic coming from outside to this Server Server in LAN Downstream If there are web sites built in the Intranet this option is to control the upload bandwidth for the connections from outside to this Server For example game servers have been built in many Internet caf s This rule can be used to control the bandwidth for connections from outside to the game server of a caf to update data In this way game players inside the caf will not be affected Min amp Max The minimum bandwidth The rule is to guarantee minimum Rate available bandwidth Kbit Sec The maximum bandwidth This rule is to restrict maximum available bandwidth The maximum bandwidth will not exceed the limit set up under this rule Attention The unit of calculation used in this rule is Kbit Some software indicates download upload speed by the unit KB 1KB 8Kbit Bandwidth Sharing total bandwidth with all IP addresses Sharing If this option is selected all IPs or Service Ports will share the bandwidth range from minimum to maximum bandwidth Assign bandwidth for each IP address If this option is selected every IP or Service Port in this range can have this bandwidth minimum to maxi
25. Default Gateway ee ik Remote Host oa Remote Host DNS Lookup Host ONS Lookup Host Network Service Detection System This is a detection system for network external services If this option is selected information such Retry Count or Retry Timeout will be displayed If two WANs are used for external connection be sure to activate the NSD system so as to avoid any unwanted break caused by the device misjudgment of the overload traffic for the Retry Count This selects the retry times for network service detection The default is five times If there is no feedback from the Internet in the configured Retry Times it will be judged as External Connection Interrupted Retry Timeout Delay time for external connection detection latency The default is 30 seconds After the retry timeout external service detection will restart 1 Generate the Error Condition in the System Log If an ISP connection failure is detected an error message will be recorded in the System Log This line will not be removed therefore the some of the users on this line will not have normal connections This option is suitable under the condition that one of the WAN ND your future life 2 WAN 3 LAN VPN Firewall connections has failed the traffic going through this WAN to the destination IP cannot shift to another WAN to reach the destination For example if users want the traffic to 10 0
26. N connection A WAN port can be connected with xDSL Modem Fiber Modem Switching Hub or through an external router to connect to the Internet LAN Connection The LAN port can be connected to a Switching Hub or directly to a PC ND your future life 2 WAN 3 LAN VPN Firewall Users can use servers for monitoring or filtering through the port after Physical Port Mangement configuration is done DMZ The DMZ port can be connected to servers that have legal IP addresses such as Web servers mail servers etc ND pp TJ pp P SIM Bs N met your future life 2 WAN 3 LAN VPN Firewall III Quick Configuration In this chapter we are going to introduce software setting interface explaining the message of home page as well as basic connection setting 3 1 Login and Set Up Connect to 192 168 1 1 Iser name cs vi Passivord TRemembet my password VPN Firewall default username and password are both admin Users can change the login password in the setting later Attention For security we strongly suggest that users must change password after login Please keep the password safe or you can not login to VPN Firewall Press Reset button for more than 10 sec all the setting will return to default 3 2 Home Page In the Home page all the device parameters and status are listed for users reference For detailed settings click each parameter or status hyperlink below the r
27. PN Device LOCAL Gateway to Gateway VPN Device 64 ND your future life 2 WAN 3 LAN VPN Firewall Client to Gateway Click Add to enter the setting page of Client to Gateway CLIENT Mobile Users LOCAL Client to Gateway VPN Device VPN Tunnel Status The following describes VPN Tunnel Status the current status of VPN tunnel in detail Pr nnel Status Add Mew Tunnel Jump to I wi page E Y entries per page 13 Fhasez Local Remote Remote Tunnel H St FE ER Contig No Parr BEA Enc Authi amp rp Group Group atemay Test FE ig Tunnels Enabled E Tunnels Defined Click Previous page or Next page to view the desired VPN tunnel page Or users can select the page number directly to Page Next Page view all VPN tunnel statuses such as 3 5 10 20 or All Previous Jump to _ Page Entries Per Page Tunnel No To set the embedded VPN feature please select the tunnel number It supports up to 300 IPSec VPN tunnel Setting 65 ND your future life Status Account ID Phase2 Encrypt Auth Gro up Local Group Remote Group Remote Gateway Control Config 7 2 Gateway to Gateway VPN 2 WAN 3 LAN VPN Firewall gateway to gateway as well as client to gateway Successful connection is indicated as Connected Failing hostname resolution is indicated as Hostname Resolution Failed Resolving hostname is indicated as Resolving Hos
28. RJ45 Switch ports each of which can connect extra switches to connect more Internet devices To fulfill the requirement for self defense of most enterprise against from the Internet network attack our VPN Firewall has firewall system embedded In addition to include NAT it has DoS Denial of Service and SPI Stateful Packet Inspection Also it could use the default setting to automatically detect the Internet network attack And Qno is a supporter of the IPSec Protocol IPSec VPN provides DES 56bit 3DES 168bit MD5 amp SHA certification VPN Firewall also has unique QVM VPN SmartLink IPSec VPN Just input VPN server IP user name and password and IPSec VPN will be automatically set up Through VPN Firewall exclusive QVM function users can set up QVM to work as a server and have it accept other QVM series products from client ports VPN Firewall also has unique QVM VPN SmartLink IPSec VPN Just input VPN server IP user name and password and IPSec VPN will be automatically set up Through VPN Firewall exclusive QVM function users can set up QVM to work as a Server and have it accept other QVM series products from client ports QVM offers easy VPN allocation for users users can do it even without a network administrator VPN Firewall enables enterprises to benefit from VPN without being troubled with technical and network management problems The central control function enables the host to log in remote client computers at any tim
29. Remote Security Gateway Type This remote gateway authentication type comes with five operation modes which are IP only Authentication by use of IP only IP Domain Name FQDN Authentication IP Domain name IP E mail Addr USER FQDN Authentication IP Email address Dynamic IP Domain Name FQDN Authentication Dynamic IP address Domain name Dynamic IP E mail Addr USER FQDN Authentication Dynamic IP address Email address name 1 IP only If users select the IP Only type entering this IP allows users to gain access to this tunnel If the IP address of the remote client is unknown choose IP by DNS Resolved allowing DNS to transcode IP address When users finish the setting the corresponding IP address will be displayed under the remote gateway of Summary Remote Security Gateway Type IP Only WF Or users can choose IP by Multiple DNS Resolved and IP 71 ND your future life 2 WAN 3 LAN VPN Firewall address can be transcoded through DNS When users finish the setting the corresponding IP address will be displayed under the remote gateway of Summary Remote Security Gateway Type IP Only Ww 2 IP Domain Name FQDN Authentication If users select IP domain name please enter IP address and the domain name to be verified FQDN refers to the combination of host name and domain name Users may enter any name that corresponds to the domain name of FQDN This IP addres
30. Server VPN Setting VPN Summary Add New Tunnel Gateway to Gateway oe ie 5 Local Security Group Type gt IP Address 20 20 20 0 10 10 10 10 ND your future life 2 WAN 3 LAN VPN Firewall Local Security Group Type Subnet Mask Remote Security Gateway Type Remote Security Gateway Type Domain Name Company domain Name 0 Remote Security Gateway Type IP Address Remote Security Group Type Remote Security Group Type IP Address Remote Security Group Type gt Subnet Mask PY 255 252550 Phase Encryption DES DES Phase 1 Authentication MD5 MD5 Phase 1 SA Life Time 28 gt 800 Seconds 28 gt 800 Seconds Perfect Forward Secrecy Checked Checked Phase 2 Encryption DES DES Phase 2 Authentication MD5 MD5 Phase 2 SA Life Time 3600 Seconds 3600 Seconds Preshared Key Your tunnel password VPN Environment Sample 3 Client to Gateway Tunnel Head Office WAM IP 200 200 200 200 E Home N xDSL WAN se Ethernet LAN FYR9416 SME Multi WAN Firewall YPN Router ert es dW LAN IF 20 20 20 1 Host IP Address IF 100 100 100 100 VPN Setting VPN Summary Add New Tunnel Client to Gateway Tunnel 99 ND your future life 2 WAN 3 LAN VPN Firewall Head Office A Homel VPN Client SW Tunnel Name Homel Wa Enable Checked Your tunnel password Interface 100 ND your future life 2 WAN 3 LAN VPN Firewall Appendix II Qno Technical Support Information For more inf
31. Service SMTP TCR 25 25 wt Service Management Mini Rate Kbit sec Max Rate Kbit sec Bandwidth Share total bandwidth with all IP addresses sharing Assign bandwidth for each IF address Enable Add to list SMTP TCP 25 25 192 1681 0 O Upstream 3 5kbitisec VWAN 2 HTTP TCF 80 80 192 1681 10 20 Upstream 3 6kbitizec WANT 2 All Traffic TCR amp UDPA 65535 192 1681 100 4 50 Upstream 3 d0Kbitisec VWAaNt 2 To select on which WAN the QoS rule should be executed It can be a single selection or multiple selections To select what bandwidth control is to be configured in the QoS rule If the bandwidth for all services of each IP is to be controlled select All TCP amp UDP 165535 If only FTP uploads or downloads need to be controlled select FTP Port 21 21 Refer to the Default Service Port Number List This is to select which user is to be controlled If only a single IP is to be restricted input this IP address such as 192 168 1 100 to 100 The rule will control only the IP 192 168 1 100 If an IP range is to be controlled input the range such as 192 168 1 100 150 The rule will control IPs from 192 168 1 100 to 150 If all 25 ND your future life 2 WAN 3 LAN VPN Firewall Intranet users that connect with the device are to be controlled input O in the boxes of IP address This means all Intranet IPs will be restricted QoS can also control the range of Class
32. Ss GINO your future life 2 WAN 3 LAN VPN Firewall Load Balance Bandwidth Management VPN and Network Security English User s Manual ND your future life 2 WAN 3 LAN VPN Firewall Product Manual Using Permit Agreement Product Manual hereafter the Manual Using Permit Agreement hereafter the Agreement is the using permit of the Manual and the relevant rights and obligations between the users and Qno Technology Inc hereafter Qno and is the exclusion to remit or limit the liability of Qno The users who obtain the file of this manual directly or indirectly and users who use the relevant services must obey this Agreement Important Notice Qno would like to remind the users to read the clauses of the Agreement before downloading and reading this Manual Unless you accept the clauses of this Agreement please return this Manual and relevant services The downloading or reading of this Manual is regarded as accepting this Agreement and the restriction of clauses in this Agreement 1 Statement of Intellectual Property Any text and corresponding combination diagram interface design printing materials or electronic file are protected by copyright of our country clauses of international copyright and other regulations of intellectual property When the user copies the Manual this statement of intellectual property must also be copied and indicated Otherwise Qno regards it as tort and relevan
33. address not on the list There are two ways to input static IP If users want to set up a MAC address to acquire IP from DHCP but the IP need not be a static IP input 0 0 0 0 in the boxes The boxes cannot be left empty If users want DHCP to assign a static IP for a PC every single time users should input the IP address users want to assign to this computer in the boxes The server or PC which is to be bound will then acquire a static virtual IP whenever it restarts MAC Address Input the static real MAC the address on the network card for the server or PC which is to be bound Name oO For distinguishing clients input the name or address of the 47 ND your future life 2 WAN 3 LAN VPN Firewall client that is to be bound The maximum acceptable characters are 12 Either Chinese or English can be accepted Enabled To activate this configuration Add To List To add the configuration or modification to the list Delete Selected To remove the selected binding from the list Items Block MAC When this option is activated MAC addresses which are not address on the included in the list will not be able to connect with the list with wrong Internet IP address Block MAC When this option is checked user modified IP or IP which is address not on not configured in the list will not be able to connect with the the list Internet Show New IP User IP amp MAC binding List Windows Internet
34. age May 8 02 07 19 DPD INFO DPD failure count 1 DPD Retry 3 Try DPD again May 8 21438 PM 43 max number of retransmissions 20 reached STATE AGGR H May 8 02 14 39 VPM AS Tunnel Negotiation Info Initiator Send Aggressive Mode 1st packet ay 8 09 20 21 MPM 4 Tunnel Negotiation Info Responder Received Quick Model st packet Mar 802222 VPNASE Tunnel Negotiation Info Inbound SPI value 40239487 havanrane MeMa Tunnel Meartiatian Intal fithaine SPI walie 63085715 PT a 9 2 System Statistics The device has the real time surveillance management feature that provides system current operation information such as port location device name current WAN link status IP address MAC address subnet mask default gateway DNS number of received sent total packets number of received sent total Bytes Received and Sent Bytes Sec total number of error packets received total number of the packets dropped number of session number of the new Session Sec and upstream as well as downstream broadband usage 89 N your future life 2 WAN 3 LAN VPN Firewall Log gt System Statistic he LAN WAR WAR Device Name eth eth eth2 Status Connect Enabled IP Address 10 10 10 1 220 130 168 359 0 0 0 0 MAC Address 00 17 16 01 F0 B1 00 17 16 01 F0 B2 00 1 7 16 01 FO B3 Subnet Mask 255 255 255 0 255 255 255 240 0 0 0 0 Default Gateway 220 130 188 335 0 0 0 0 DNS 165 95 1 1 0 0 0 0 Metwo
35. all VPN Router Firewall VPN Router LAN P 20 92020 1 LAN 19 10 10 1 ean LAN IP 10 10 10 024 Server A Ethernet LAN Gateway 101001 LAN IP 20 20 20 0 24 Gateway 20 2020 1 Firewall Setting Firewall gt General gt Block WAN Request Disable VPN Setting VPN gt Summary gt Add New Tunnel Gateway to Gateway QVM100 VPN Configuration for Tunnel Name HOB HOA Interface WAN Enable Checked Local Security Group Type Subnet Local Security Group Type gt IP Address 10 10 10 0 Local Security Group Type Subnet 255 255 255 0 255 255 255 0 Mask Remote Security Gateway Type Remote Security Gateway Type gt IP 100 100 100 100 200 200 200 200 Address Remote Security Group Type Subnet Remote Security Group Type gt IP 10 10 10 0 20 20 20 0 Address Remote Security Group Type Subnet 255 255 255 0 255 255 255 0 ND your future life 2 WAN 3 LAN VPN Firewall Mask Keying Mode IKE with preshared IKE with preshared key key phase 1 Authentication VPN Environment Sample 2 Gateway to Gateway Head Office Home LT WAN IP 200 200 200 200 ET WAN IP 198 100 106 1060 Local LAN OSL WAN fia eai aa DSL WAN Data Base A ADS dem ADSL Modem Og Data Base B wv Install VPN Client Software Ethernet LAN Ethernet LAN FVA9416 SME Multi WAN Home Router Firewall VPN Router LAN IP 10 10 10 1 TENG LAN P 20 2020 1 LAN IP 10 1010 10 24 we L Gateway 10 10 10 1
36. ameter of this exchange password with that of the remote Setting methods include Auto IKE or Manual To do the settings select any one from the two options 75 ND your future life 2 WAN 3 LAN VPN Firewall IKE with Preshared Key Click the shared key generated by IKE to encrypt and authenticate the remote user If PFS Perfect Forward Secrecy is enabled the Phase 2 shared key generated during the IKE coordination will conduct further encryption and authentication When PFS is enabled hackers using brute force to capture the key will not be able to get the Phase 2 key in such a Short period of time e Perfect Forward Secrecy When users tick the PFS option don t forget to activate the PFS function of the VPN device and the VPN Client as well Phase 1 Phase 2 DH Group This option allows users to select Diffie Hellman groups Group 1 Group 2 Group 5 Phase 1 Phase 2 Encryption This option allows users to set this VPN tunnel to use any encryption mode Note that this parameter must be identical to that of the remote encryption parameter DES 64 bit encryption mode 3DES 128 bit encryption mode AES the standard of using security code to encrypt information It Supports 128 bit 192 bit and 256 bit encryption keys Phase 1 Phase 2 Authentication This authentication option allows users to set this VPN tunnel to use any authentication mode Note that this parameter must be identical to that of the remote a
37. ce users want to activate is not in the list we recommend that users use Service Management to add or remove ports as follows Service Name Protocol TCP Port Range l Add to list 3 Service Manarement Microsoft Internet Explorer x All Traffic TORSUDPM 65535 DNS UDP S3x53 FTP TCP 21 21 HTTP TCF 50 80 HTTP Secondary TCR S080 8080 HTTPS TOPA43 443 HTTPS Secondary TCP 8443 8443 TFTP UDP 69 69 IMAP ITCRA 4371443 NNTP TEP S419 POPS TCPM 10 4410 SAMP UDP 61161 SMTP TCP 25 25 TELNET TCP 23 23 TELNET Secondary TCP 8023 8023 gt 35 ND your future life 2 WAN 3 LAN VPN Firewall Service Name In this box input the name of the Service Port which users want to activate such as BT etc Protocol This option list is for selecting a packet format such as Port range In the boxes input the range of Service Ports users Add To List Click the button to add the configuration into the Services List Users can add up to 100 services into the list Delete selected To remove the selected activated Services Apply Click the Apply button to save the modification Click the Cancel button to cancel the modification service This only works before Apply is clicked To quit this configuration window Port Triggering For some special application software the Internet accessing port
38. ce Name All Traffic TCPSUDP 65535 N DNS UDPIS3 53 FTP TCR 21 HTTP TCP S0 80 ppt HTTP Secondary TCP S8080 5080 HE HTTPS TCP 43xd43 TOR MA HTTPS Secondary TCP 8443 8443 RS TFTP UDF 59 69 MAP TOP M 43 43 ta NNTP TOP S143 i POPS TCP 10 110 SMMP UDF 61161 SMTP TCP 25 35 TELNET TCP 23 23 TELNET Secondary TCP 8023 8023 il 3 I Add to list Pee ester ae Service Name In this box input the name of the Service Port which users want to activate such as BT etc Protocol This option list is for selecting a packet format such as bedt TCP or UDP for the Service Ports users want to activate Port range In the boxes input the range of Service Ports users want to add Add To List Click the button to add the configuration into the Services List Users can add up to 100 services into the list Delete selected To remove the selected activated Services service Apply Click the Apply button to save the modification Click the Cancel button to cancel the modification This only works before Apply is clicked To quit this configuration window 20 ND your future life 2 WAN 3 LAN VPN Firewall 3 3 3 QoS QoS is an abbreviation for Quality of Service The main function is to restrict bandwidth usage for some services and IPS to save bandwidth or provide priority to speci
39. e A function to calculate the correct time is available with the device Users can either select the embedded NTP Server synchronization function or set up a time reference This function enables users to know the exact time of event occurrences that are recorded in the System Log and the time of closing or opening access for Internet resources Configuring Automatic Synchronize With NTP Function Select the time zone from the Time Zone pull down option list If there is Daylight Saving Time in the area input it The device will adjust the time for the Daylight Saving period automatically If users have their own Time Server Address input the Server s IP address 30 ONO your future life 2 WAN 3 LAN VPN Firewall Logout GINO General Setting gt Time General Setting anm mm i Set the local time using Network Time Protocol NTP automatically Set the local time Manually Hong Kong GMT O8 00 M aylight Saving Enabled from Month Day to gt monthy Day Input Date and Time Manually Logout General Setting gt Time Set the local time using Network Time Protocol NTP automatically Set the local time Manually e Hours 5 Minutes50 Seconds j Month Day 2005 Year Input the correct date and time in the boxes 31 ND your future life 2 WAN 3 LAN VPN Firewall After the changes are completed click Appl
40. e If this option is selected VPN tunnel will keep this VPN connection This is mostly used to connect the remote node of the branch office and headquarter or used for the remote dynamic IP address NetBIOS If this option is selected the connected VPN tunnel allows the Broadcast passage of NetBIOS broadcast packet This facilitates the easy connection with other Microsoft network however the traffic using this VPN tunnel will increase NAT Traversal It will let VPN related packs transcend the front NAT rules without any limits Dead Peer If this option is selected the connected VPN tunnel will regularly Detection DPD transmit HELLO ACK message packet to detect whether there is connection between the two ends of the VPN tunnel If one end is ND your future life 2 WAN 3 LAN VPN Firewall disconnected the device will disconnect the tunnel automatically and then create new connection Users can define the transmission time for each DPD message packet and the default value is 10 seconds 7 3 Client to Gateway amp Group VPN The following describes how an administrator builds a VPN tunnel between devices Users can set this VPN tunnel to be used by one client or by a group of clients Group VPN at the client end If it is used by a group of clients the individual setting for remote clients can be reduced Only one tunnel will be set and used by a group of clients which allows easy setting The fol
41. e Security and secrecy are guaranteed to meet the IPSec standard so as to ensure the continuity of VPN service NAT Network Address Translation can do Private IP and Public IP exchange which you can only need one Public IP but many people could go to the Internet at the same time Besides it includes virtual NAT application function which makes the network environment more flexible and easier to manage Through web based UI VPN Firewall enables enterprises to have their own network access rules To control web access users can build and edit filter lists It also enables users to ban or monitor websites according to their needs By the filter setting and complete OS management school and business internet management will be clearly improved VPN Firewall offers various on line SysLog records It supports on line management setup tools it makes setting up networks easy to understand It also reinforces the management of network access rules VPN and all other network services ND your future life 2 WAN 3 LAN VPN Firewall II Hardware Installation In this chapter we are going to introduce hardware interface as well as physical installation 2 1 VPN Firewall LED Signal LED Signal Description LED Color Description Power Green Green LED on Power ON DIAG Amber Amber LED on System self test is running Amber LED off System self test is completed successfully Link Act Green Green LED on Ethernet connection is fine
42. e DMZ DMZ Subnet Range DMZ amp VAN within same subnet Specify DMZ IP Address 243 a Range DMZ and WAN within same Subnet DMZ Sot ati c IF Subnet Range DMZ VAN within same subnet IP Range for DMZ port 220 faa 18 h to IP Range for DMZ port Put IP range in DMZ port After the changes are completed click Apply to save the configuration or click Cancel to leave without making any changes 11 ND your future life 2 WAN 3 LAN VPN Firewall WAN Connection Type Obtain an IP automatically This mode is often used in the connection mode to obtain an automatic DHCP IP This is the device system default connection mode It is a connection mode in which DHCP clients obtain an IP address automatically which is often applied in Cable Modem or DHCP Client connection mode etc If having a different connection mode please refer to the following introduction for selection of appropriate configurations Users can also set up their own DNS IP address Use the Following DNS Server Address Check the options and input the user defined DNS IP addresses Obtain an IP automatically Use the Following DNS Server Addresses DNS Server Required 1 0 10 o Jo zb b Jp Ib Static IP If ISP issue a static IP such as one IP or eight IPs etc please select this connection mode and follow the steps below to input the IP numbers issued by ISP into the relevant bo
43. e default configuration is Off Remote Management Indicates if remote management is activated on or off Click the hyperlink to enter and manage the configuration The default configuration is Off 3 2 6 VPN Setting Status VPN Setting Status VPM Summary Tunnel s Used Tunnelia Available VPN Summary Indicates VPN configuration status Click the hyperlink to enter and manage the configuration Tunnel s Used Indicates number of tunnels that have been configured in VPN Virtual Private Network Tunnel s Available Indicates number of tunnels that are available for VPN Virtual Private Network 3 3 General Setting General Setting provides basic VPN firewall Internet connection setting For most users it s enough to go to Internet after making basic setting without doing any changes However to connect Internet still needs some ISPs to provide advanced detail information Therefore please refer to the following explaination of the detail setting 3 3 1 Configure ND INO your future life 2 WAN 3 LAN VPN Firewall Ba al NO General Setting General Setting gt Configure Host Name Compact 9YM Kouter Required by some ISPs Compact BYE Router Domain Name Required by some ISPs LAN Setting MAC Address 00 17 16 01 F0 BT1 Device IP Address Subnet Mask HETT TET 255 255 255 0 Dual WAN I DMZ Setting C Dual WAN
44. egarding the product upgrade or change of technical specification If it is necessary the change or termination will be announced in the relevant block of the Qno website 4 3 All the set parameters are examples and they are for reference only You may also purpose your opinion or suggestion We will take it as reference and they may be amended in the next version 4 4 This Manual explains the configuration of all functions for the products of the same series The actual functions of the product may vary with the model Therefore some functions may not be found on the product you purchased 4 5 Qno reserves the right to change the file content of this Manual and the Manual content may not be updated instantly To know more about the updated information of the product please visit Qno official website 4 6 Qno and or distributors hereby declares that no liability will be born for any guarantee and condition of the corresponding information The guarantee and condition include tacit II ND your future life 2 WAN 3 LAN VPN Firewall Content Lodu Gon EE O A ee 1 M Hardyare Tis Calan EE 2 2 1 VPN Firewall LED Signal mrrrorrrrorronrrnnrenernnrennssnrennsrnnrensrnnrenernnrennsrnnrnnsrnnrenssnnrenesnnrennssnnvenssnnrenssnnrenessnne 2 2 2 VPN Firewall Network Connection smrarnrrnvrrsvrnanrrrnvrnnvrrenrrnnvrrsvrrenrernvrrsvrrenrssnvrnnvrnsnrssnversvrrsnrssnsssnvene 3 ME kome 5 TON NNN 5 HOMO FAG O en 5 SLN 5
45. el and the WAN IP address will be automatically filled into this space Users 68 ND your future life Local Security Group Type 2 WAN 3 LAN VPN Firewall don t need to do further settings Local Security Gateway Type IF E mail User FQDN Authentication le P Addresa 192 168 4 0 171 4 Dynamic IP Domain Name FQDN Authentication If users use dynamic IP address to connect to the device users may select this option to link to VPN If the remote VPN gateway requires connection to the device for VPN connection this device will start authentication and respond to this VPN tunnel connection if users select this option to link to VPN please enter the domain name Local Security Gateway Type Crnamci IP Domain Name FQDN Authentication 5 Dynamic IP E mail Addr USER FQDN Authentication If users use dynamic IP address to connect to the device users may select this option to connect to VPN without entering IP address When VPN Gateway requires for VPN connection the device will start authentication and respond to VPN tunnel connection If users select this option to link to VPN enter E Mail address to the empty field for E Mail authentication Local Security Gateway Type Drnamic IP E mail User F DN Authentication cmt el This option allows users to set the local VPN connection access type The following offers a few items for local 69 ND your
46. elevant set up tab will be loaded for users to choose their management options 3 2 1 System Information ND ONO your future life 2 WAN 3 LAN VPN Firewall ra i 5 T RT ONO Home Home i wh system Information Logout Serial umber 6nozS1NI005091 0680 Firmwate version 1 5 0 2no0 Feb 27 2008 15 23 451 CPU High Speed Network Processor System active time 21 Days S Hours 20 Minutes 46 Seconds Current time Thu May 8 2008 145122 Port Statistics Port ID 1 1 2 i 3 Internet DMZitrternet Interface LAN VAN DMZ Status Enabled Enabled Connected Connected Enabled Serial No This number is the device serial number Firmware version Information about the device present software version CPU Central Processing Unit Indicates the device CPU model No Intel IXP425 533MHz System active time Indicates how long the device has been running Current Time Indicates the device present time but you have to pay attention to set the synchronous time with that of the romote NTP server and then the time will be shown correctly 3 2 2 Port Statistics ND your future life Port Statistics Port ID 1 2 3 Interface LARN Status Enabled Enabled Connected 2 WAN 3 LAN VPN Firewall Internet DNL internet Va Dh Connected Enabled The current port setting status information will be shown in the Port Status Table Examples Network connection port on or off
47. emote into external client ends 3 VPN Disconnection Backup Solves data transmission problem arising from failed ISP connection with remote ends or the branches QVM Client gt Setup M Enable OVM Client Account ID PO Password PO Confirm Password P Remote Server DO Connect Status If When OVUM connection failed Retry every E minutes M Tunnel Backup Remote Server 2 Remote Server 3 Remote Server 4 advanced Settings Change QVM Client s Service Port 44 Enable QVM Enable this account ND your future life 2 WAN 3 LAN VPN Firewall Must be identical to that of the remote client end such as QVM100 QVM330 or QVM660 Please enter the remote client user name in either English or Chinese Password Must be identical to that of the remote client end such as QVM100 Confirm Please enter the password and confirm again Password Remote Server Input the IP address or Domain name of QVM Server Displays the QVM VPN connection status Red means disconnection and green means connection When QVM This function is to set re connect duration if QVM contention connection drops The range is 1 60 mins failed gt Retry every minutes Tunnel Backup You can input at most 3 backup IP addresses or domain names for backup Once the connection is dropped the function will be automatically enabled to backup the VPN connection and ensure data transition sec
48. et PC When the number of external connections reaches the limit to allow new connections to be built some of the existing connections must be closed For example when BT or P2P is being used to download information and the connections exceed the limit the user will be unable to connect with other services until either BT or P2P is closed block this IP to add new session for s Minutes If this function is selected when the user s port connection reach the limit this user will not be able to make a new connection for five minutes Even if the previous connection has been closed new connections cannot be made until the setting time ends O block this IFs all connection for 5 Minutes If this function is selected when the user s port connections reach the limit all the lines that this user is connected with will be removed and the user will not be able to connect with the Internet for five minutes New connections cannot be made until the delay time ends If Always is selected the rule will be executed around the clock If From is selected the rule will be executed according to the configured time range For example if the time control is from Monday to Friday 8 00am to 6 00pm users can refer to the following figure to set up the rule If Everyday is selected the rule will be activated for the control time range every day Users can choose to activate the rule during certain days of the wee
49. ewall and percentage Traffic Type Inbound Service Protocol Dest Port bytes serc a Outbound Service Ports The figure displays the network protocol type destination IP address bytes per second and percentage Traffic Type Sutbound Service Protocol Dest Port bytes sec Yo Inbound Session The figure displays the source IP address network protocol type source port destination IP address destination port bytes per second and percentage Traffic Type Inbound Session s Source IP Protocol Source Port Dest IP Dest Port bytes serc w Outbound Session The figure displays the source IP address network protocol type source port destination IP address destination port bytes per second and percentage Traffic Type Source IP Protocol Source Port Dest IP Dest Port bytes sec a 9 4 Specific IP Port Status The device allows administrators to inquire a specific IP or from a specific port about the addresses that this IP had visited or the users source IP who used this service port This facilitates the identification of websites that needs authentication but allows single WAN port rather than Multi WAN Administrators may find out the destination IP for protocol binding to solve this login problem For example when certain port software is denied inquiring about the IP address of this specific software server port may apply this feature Moreover to find out 92 ONO
50. ewall configuration 3 2 4 Advanced Setting Status P advanced Setting Status DM Host Disabled Working Mode Gateway DONS MMANT WAND off Off DMZ Host Indicates if DMZ is activated Click the hyperlink to enter and manage the configuration The default configuration is Disabled Working Mode Indicates the the device current operation mode either Gateway mode or Router mode Click the hyperlink to enter and manage the configuration The default operation mode is Gateway mode DDNS Dynamic Domain Name Service Indicates if Dynamic Domain Name is activated Click the hyperlink to enter and manage the configuration The default configuration is Off 3 2 5 Firewall Setting Status EN Firewall Setting Status SPI Stateful Packet Inspection Off Dos Denial of Service Ott Block VAM Request Off Remote Management On SPI Stateful Packet Inspection Indicates whether SPI Stateful Packet Inspection is on or off Click the hyperlink to enter and manage the configuration The default configuration is Off DoS Denial of Service Indicates if DoS attack prevention is activated Click the hyperlink to enter and manage the configuration The default configuration is Off Block WAN Request Indicates that denying the connection from Internet is activated Click the hyperlink to ND your future life 2 WAN 3 LAN VPN Firewall enter and manage the configuration Th
51. fic applications or services and also to enable other users to share bandwidth as well as to ensure stable and reliable network transmission To maximize the bandwidth efficiency network administrators should take account of the practical requirements of a company a community a building or a caf etc and modify bandwidth management according to the network environment application processes or services QoS Setting The Maximum Bandwidth provided by ISP Upstream Downstream err ace Kbit Sec Kbit Sec want WAM 512 512 In the boxes for WAN1 and WAN2 bandwidth input the upstream and downstream bandwidth which users applied for from bandwidth supplier The bandwidth QoS will make calculations according to the data users input In other words it will guarantee a minimum rate of upstream and downstream for each IP and Service Port based on the total actual bandwidth of WAN1 and WAN2 For example if the upstream bandwidths of both WAN1 and WAN2 are 512Kbit Sec the total upstream bandwidth will be WAN1 WAN2 1024Kbit Sec Therefore if there are 50 IPs in the Intranet the minimum guaranteed upstream bandwidth for each IP would be 1024Kbit 50 20Kbit Sec Thus 20Kbit Sec can be input for Mini Rate Downstream bandwidth can be calculated in the same way Session Control Session management controls the acceptable maximum simultaneous connections of Intranet PCs This function is very useful for managing connection quan
52. g IP address will be displayed under the remote gateway of Summary Remote Security Gateway Type IP E mail User F DN Authentication IF br DNS Resolved emt Jel oOo fh Or users can choose IP by Multiple DNS Resolved and IP 73 ND your future life 2 WAN 3 LAN VPN Firewall address can be transcoded through DNS When users finish the setting the corresponding IP address will be displayed under the remote gateway of Summary Remote Security Gateway Type IF E mail User FQDN Authentication IP br Multiple DNS Resolved w PbyDNSResoved1 OOO O P by DNS Resowed 2 O OOOO si sCOY F by DNS Resoved 3 O OOO O lt _ lt 4 Dynamic IP Domain Name FQDN Authentication If users use dynamic IP address to connect with the device users may select the combination of the dynamic IP address host name and domain name Remote Security Gateway Type Drmamci IP Domain Name FQDN Authentication 5 Dynamic IP E mail Addr USER FQDN Authentication If users use dynamic IP address to connect with the device users may select this type to link to VPN When the remote VPN gateway requires connection to facilitate VPN connection the device will start authentication and respond to the VPN tunnel connection Please enter the E Mail to the empty space Remote Security Gateway Type Drnamic IP E mail User FQDN Authentication w cmt el 74 ND your future life
53. gement Enable C Disable Port 8080 Multicast Pass Through Enable Disable Prevent ARP Virus Attack Enable amp Disable Router sends ARP Eoo times per second MTU amp Auto C Manual 1980 bytes Restrict WEB Features Block Java Cookies Activex E Access to HTTP Proxy Servers Don t block Java ActiveXCookies Proxy to Trusted Domains 6 2 Access Rule Users may turn on off the setting to permit or forbid any packet to access internet Users may select to set different network access rules from internal to external or from external to 58 ND your future life 2 WAN 3 LAN VPN Firewall internal Users may set different packets for IP address and communication port numbers to filter Internet access rules Network access rule follows IP address destination IP address and IP communications protocol status to manage the network packet traffic and make sure whether their access is allowed by the firewall The device has a user friendly network access regulatory tool Users may define network access rules They can select to enable disable the network so as to protect all internet access The following describes the internet access rules All traffic from the LAN to the WAN is allowed by default All traffic from the WAN to the LAN is denied by default All traffic from the LAN to the DMZ is allowed by default All traffic from the DMZ to the LAN is denied by default All traffic fr
54. ife Gateway Type 2 WAN 3 LAN VPN Firewall operation modes which are IP only Authentication by the use of IP only IP Domain Name FQDN Authentication IP Domain name IP E mail Addr USER FQDN Authentication IP Email address Dynamic IP Domain Name FQDN Authentication Dynamic IP address Domain name Dynamic IP E mail Addr USER FQDN Authentication Dynamic IP address Email address name 1 IP only If users decide to use IP only entering the IP address is the only way to gain access to this tunnel The WAN IP address will be automatically filled into this space Users don t need to do further settings den A IP Address 192 l 168 l 4 l 171 2 IP Domain Name FQDN Authentication If users select IP domain name type please enter the domain name and IP address The WAN IP address will be automatically filled into this space Users don t need to do further settings FQDN refers to the combination of host name and domain name and can be retrieved from the Internet i e vpn server com This IP address and domain name must be identical to those of the VPN secure gateway setting type to establish successful connection Local Security Gateway Type IF Domain Name FQDN Authentication vr omno O SOSA P Address 192 ies 4 ivi 3 IP E mail Addr USER FQDN Authentication If users select IP address and E mail enter the IP address and E mail address to gain access to this tunn
55. is used in NAT Users can respectively configure the other four real IP addresses for Multi DMZ as follows 210 11 1 2 gt 3 210 11 1 3 gt 210 11 1 49 210 11 1 55 Attention 192 168 1 3 192 168 1 4 192 168 1 5 192 168 1 6 The device WAN IP address can not be contained in the One to One NAT IP configuration 40 ND INO your future life 2 WAN 3 LAN VPN Firewall Advanced Setting gt One to One NAT One to One NAT Enable M Add Range JE Private Range Begin Public Range Begin Range Length re WAT wee OOOO _ QVMFunction Em 9 falete Selected renee One to One NAT To enable or close the One to One NAT function Check to Enable or Close the function Private IP Range Input the Private IP address for the Intranet One to One NAT Begin function Public IP Range Input the Public IP address for the Internet One to One NAT Begin function Range Length The numbers of final IP addresses of actual Internet IP addresses Please do not include IP addresses in use by WANS Add to List Add this configuration to the One to One NAT list Delete Sleeted Item Remove a selected One to One NAT list Apply Click Apply to save the network configuration modification Cancel Click the Cancel button to cancel the modification This only works before Apply is clicked Attention One to One NAT mode will change the firewall working mode If
56. k 23 ND your future life Exempted Port or IP Service Service Service Management Source IP Group Enable Add To List Apply Cancel QoS Configuration 2 WAN 3 LAN VPN Firewall The important services or IPs in a company or business can be configured to be free of the Connection Restriction Rule To select a Service Port to be free of the connection rule To add or remove a Service Port To add IP addresses Groups that are free from restriction To activate the added rule To add the rule into the list Click the Apply button to save the modification Click the Cancel button to cancel the modification This only works before Apply is clicked There are two options for bandwidth management one is Rate Control the other is Priority Control The two kinds of management cannot be used at the same time Network administrators must choose one or the other based on the Intranet needs Rate Control The network administrator can set up bandwidth or usage limitations for each IP or IP range according to the actual bandwidth The network administrator can also set bandwidth control for certain Service Ports A guarantee bandwidth control for external connections can also be configured if there is an internal server 24 ND your future life 2 WAN 3 LAN VPN Firewall Ey Quality of Service Type Rate Control Priority Interface wani wane
57. lowing introduces Group Mode VPN setting Group No Two Group VPN settings at most Group Name Displays the current VPN tunnel connection name such as XXX Office Users are well advised to give them different names to avoid confusion Note If this tunnel is to be connected to other VPN device some device requires that the tunnel name is identical to the name of the host end to facilitate verification This tunnel can thus be successfully enabled Interface From the pull down list users can select the Interface for this VPN tunnel Enabled Click to Enabled the VPN tunnel This option is set to Enabled by default After the set up users may select to activate this tunnel feature Local user group This option allows users to set the local VPN user group type configuration The following are a few items for local settings Please select and set appropriate parameters 1 IP address This option allows the only IP address which is entered to build the VPN tunnel Local Security Group Type IP address 192 18 ja ddo Reference When this VPN channel is connected computers 79 ND your future life Remote Client configuration 2 WAN 3 LAN VPN Firewall with the IP address of 192 168 1 0 can establish connection 2 Subnet This option allows remote computers in this IP session can be connected when the VPN tunnel is connected Local Security Group Type IP Address a Subnet Mask Reference
58. mputer do not need to record and setup its IP address When the PC started it would get the IP address automatically from the VPN Firewall and it is easier to management 4 8 1 Dynamic IP fo D z GNO DHCP gt DHCP Setup General Setting Cdvanced Setting gt V Enabled DHCP Server DHCP Setup Status T Qn a Dynamic IP Port Management Dynamic IP Range ca se R Range End 192 188 E 148 g C amsn 45 ND your future life Client Lease Time Range Start Range End 4 8 2 IP amp MAC Binding 2 WAN 3 LAN VPN Firewall This is to set up a lease time for the IP address which is acquired by a PC The default is 1440 minutes a day Users can change it according to their needs The time unit is minute This is an initial IP automatically leased by DHCP It means DHCP will start the lease from this IP The default initial IP is 192 168 1 100 This means DHCP will terminate the lease at this IP address The default terminal IP address is 149 Though the default supports automatic IP acquisition for 50 computers users can increase or reduce the number according to their needs 46 N your future life 2 WAN 3 LAN VPN Firewall SIP amp MAC binding Show new IF user Static IP Addres mm MAC Address Hame nm Enable Add to list Delete Selected Enrrs C Block MAC address on the list with wrong IP address C Block MAC
59. mum For example If the rule is set for the IP of each PC the IP of each PC will have the same bandwidth Attention If Share Bandwidth is selected be aware of the actual usage conditions and avoid an improper configuration that might cause a malfunction of the network when the bandwidth is too small For example if users do not want an FTP to occupy too ND your future life 2 WAN 3 LAN VPN Firewall much bandwidth users can select the Share Bandwidth Mode so that no matter how much users use FTPs to download information the total occupied bandwidth is fixed To activate the rule Add To List To add this rule to the list Move up amp Move Down Delete selected application Show Table Apply Priority Control The QoS rules will be executed from the bottom of the list to the top of the list In other words the lower down the list the higher the priority of execution Users can arrange the sequence according to their priorities Usually the service ports which need to be restricted such as BT e mule etc will be moved to the bottom of the list The rules for certain IPs would then be moved upward To remove the rules selected from the Service List This will display all the Rate Control Rules users made for the bandwidth Click Edit to modify Click the Apply button to save the modification Click the Cancel button to cancel the modification This only
60. n t need to do extra settings Remote Client Microsoft XF 2000 VPH Client As far the details of setting please refer to 7 2 IPSec Setup 7 4 PPTP Setting It supports the PPTP of Window XP 2000 to create point to point tunnel protocol for single device users to create VPN connection 81 ND INO your future life 2 WAN 3 LAN VPN Firewall VPN gt PPTP od a Enable PPTP Server S PPTP IP Address Range Range Start 10 40 10 29 Range End 10 40 40 201 E Users f User s Defined User Hame l Hew Password Confirm Hew Password dd to list MWASSAL connection List User Hame Remote Address PPTP IP Address Enable PPTP Service When this option is selected the point to point tunnel protocol PPTP server can be enabled PPTP IP Address Please enter PPTP IP address range so as to provide the remote users with an entrance IP into the local network 82 ND your future life Range User Name Password Confirm Password Add to List Delete Selected Item Client Table User Name Remote Client IP PPTP IP Address 7 5 VPN Pass Through 2 WAN 3 LAN VPN Firewall Enter Range Start Enter the value into the last field Enter Range End Enter the value into the last field Please enter the name of the remote user Enter the password and confirm again by entering the new password Add a new account and password Delete Selected I
61. nnections from outside to this Server For example game servers have been built in many Internet caf s This rule can be used to control the bandwidth for connections from outside to the game server of a caf to update data In this way game players inside the caf will not be affected 28 ND INO your future life 2 WAN 3 LAN VPN Firewall Priority High 60 guaranteed bandwidth to the service re longa amonh omeno mmea Delete Remove the rules selected from the Service List Selected items Show Table This will display all the Priority Rules users made for the bandwidth Click Edit to modify Apply Click Apply to save the configuration Cancel Click Cancel to leave without making any change 3 3 4 Password This is an advanced management tool for the device The default password of the host is admin Users can change the password after configuration has been completed Remember to click Apply when the configuration data has been completed Sse ONG General Setting gt Password General Setting Configure User Name admin Old Password New Password Confirm New Password 29 ND your future life 2 WAN 3 LAN VPN Firewall Old Password Input the original password Input the new user name New Password Input the changed password Confirm New Input the new password again for verification Password 3 3 5 Tim
62. om the WAN to the DMZ is allowed by default All traffic from the DMZ to the WAN is allowed by default Users may define access rules and do more than the default rules However the following four extra service items are always on and are not affected by other user defined settings HTTP Service from LAN to Device is on by default for management DHCP Service from LAN to Device is set to on by default for the automatic IP retrieval DNS Service from LAN to Device is on by default for DNS service analysis Ping Service from LAN to Device is on by default for connection and test 59 ONO your future life 2 WAN 3 LAN VPN Firewall irewall gt Access Rule entries per page Time Day Jump to 1 0 page Priorty Enable Action Service Interface Source Destination EE SD Allow ATraffefn LAN Any Any Aways i E Deny Al Traffic 1 Van Any Any mest Any Ahvays Always F Deny All Traffic 1 WAND any Bee OPE toler es 60 ND INO your future life 2 WAN 3 LAN VPN Firewall In addition to the default rules all the network access rules will be displayed as illustrated above Users may follow or self define the priority of each network access rule Click on Edit to define the network access rule item and press Delete to remove the item Press Add New Rule to create a new network access rule Or press Return to
63. ormation about the Qno s product and technology please log onto the Qno s bandwidth forum refer to the examples of the FTP server or contact the technical department of Qno s dealers as well as the Qno s Mainland technical center Qno Official Website http www Qno com tw Dealer Contact Users may log on to the service webpage to check the contacts of dealers http www qno com tw web where buy asp Taiwan Support Center E mail QnoFAE qno com tw 101
64. priority high or normal connection speed 10Mbps or 100Mbps duplex status half duplex or full duplex and auto negotiation Enabled or Disabled 3 2 3 General Setting Status P General Setting Status LAM IP 1982 108 2 1 WANT IP 59 115 228 173 WANZ IP 59 115 228 171 Default Gateway WANT 681 216 112 254 VANS 61 216 112254 DNS WANT 166 85 792 7 160852721 MVANZ 68 95 1821 165951 1 LAN IP Indicates the LAN port current IP configuration The default IP is 192 168 1 1 Click the hyperlink to enter and manage the configuration WAN 1 IP Indicates the WAN1 current IP configuration Click the hyperlink to enter and manage the configuration When Obtain an IP automatically is selected two buttons Release and Renew will appear on the right of the page Click Release to release the IP that is issued by the ISP and click Renew to refresh the IP that is issued by the ISP If a WAN connection such as PPPoE or PPTP is selected Disconnect and Connect will appear on the page WAN 2 DMZ IP Indicates the WAN2 or DMZ current IP configuration Click the hyperlink to enter and manage the configuration Default Gateway Indicates the current Gateway IP configuration Click the hyperlink to enter and manage the configuration DNS Indicates the current DNS IP configuration Click the hyperlink to enter and manage the ND your future life 2 WAN 3 LAN VPN Fir
65. remote network IP locations and subnet that is to Subnet Mask be routed For example the IP subnet is 192 168 2 0 255 255 255 0 Default Gateway The default gateway location of the network node which is to be routed Hop Count This is the router layer count for the IP If there are two routers under the device users should input 2 for the router layer the default is 1 Max is 15 39 ND your future life Interface Add to list Delete selected IP Show Running Table 4 5 One to One NAT 2 WAN 3 LAN VPN Firewall This is to select WAN port or LAN port for network connection location Add the routing rule into the list or remove the selected routing rule from the list Show current routing table AS both the device and ATU R need only one actual IP if ISP issued more than one actual IP such as eight ADSL static IP addresses or more users can map the remaining real IP addresses to the intranet PC virtual IP addresses These PCs use private IP addresses in the Intranet but after having One to One NAT mapping these PCSs will have their own public IP addresses For example if there are more than 2 web servers requiring public IP addresses administrators can map several public IP addresses directly to internal private IP addresses Example Users have five available IP addresses 210 11 1 1 5 one of which 210 11 1 1 has been configured as a real IP for WAN and
66. rk Service Detection Test Succeeded Test Failed Received Packets 37357499 154193 1 sent Packets 43572970 126036 1116 Total Packets 6170469 262229 1118 Received Bytes 1004369820 20359754 1 sent Bytes 4946043563 31851702 64092 Total Bytes 1495974153 52241486 GE4092 Received Bytes Sec T 43530 T Sent Bytes Sec 1 55373 1 Error Packets Received 1 1 1 Dropped Packets Received 0 T Sessions 2 1 Mew Sessions Sec 1 1 Upstream Bandwidth Usage 1 od T Downstream Bandwidth Usage Fi 0 9 3 Traffic Statistic Six messages will be displayed on the Traffic Statistic page to provide better traffic management and control 90 N ONO your future life 2 WAN 3 LAN VPN Firewall pr Logout Log gt Traffic Statistic C Enabled Traffic Statistic Traffic Type Inbound IP Address he Sorem l oss Traffic Statistic sje es pri ELLE j a p RT fea E FOLUT TUTUTE lire d Inbound IP Address The figure displays the source IP address bytes per second and percentage Traffic Type Inbound IP Address w Source IP Outbound IP Address The figure displays the source IP address bytes per second and percentage Traffic Type Cutbound IP Address w source IP bytes sec Ta Inbound Service The figure displays the network protocol type destination IP address bytes per second 91 ND your future life 2 WAN 3 LAN VPN Fir
67. s and domain name must be identical to those of the remote VPN security gateway setting type to establish successful connection Remote Security Gateway Type IF Domain Name FQDN Authentication sd Te If the remote IP address is unknown choose IP by DNS Resolved allowing DNS to transcode the IP address This domain name must be available on the Internet When users finish the setting the corresponding IP address will be displayed under the remote gateway of Summary Remote Security Gateway Type IF Domain Name FQDN Authentication IP br DNS Fesolved 72 ND your future life 2 WAN 3 LAN VPN Firewall Or users can choose IP by Multiple DNS Resolved and IP address can be transcoded through DNS When users finish the setting the corresponding IP address will be displayed under the remote gateway of Summary Remote Security Gateway Type IF Domain Name FQDN Authentication IP br Multiple DNS Resolved w 3 IP E mail Addr USER FQDN Authentication If users select IP address and E mail type entering the IP address and the E mail allows users to gain access to this tunnel Remote Security Gateway Type IF E mail User FQDN Authentication iP Aden 3 HON emat fel If the remote IP address is unknown choose IP by DNS Resolved allowing DNS to transcode the IP address This domain name must be available on the Internet When users finish the setting the correspondin
68. st Name or IP Address Enabled Service Port Management Add to List Delete Selected Item Show Table Apply Cancel Enabled Add io list Eno Jelle Aril 0 Gansel Select the UPNP service number default list here for example WWW is 80 80 FTP is 2121 Please refer to the default service number list Input the Intranet virtual IP address or name that maps with UPnP such as 192 168 1 100 Activate this function Add or remove service ports from the management list Add to active service content Remove selected services This is a list which displays the current active UPnP functions Click Apply to save the network configuration modification Click Cancel to leave without making any change 38 ND your future life 2 WAN 3 LAN VPN Firewall 4 4 Routing When there are more than one router and IP subnets the routing mode for the device should be configured as static routing Static routing enables different network nodes to seek necessary paths automatically It also enables different network nodes to access each other Click the button Show Routing Table as in the figure to display the current routing list Advanced Setting gt Routing 4 Static Routing Destination IP TT SubnetMask O 7 Default Gateway __ i T Hop Count interface LAN Add to list eee SAKO eda Destination IP Input the
69. t duty will be prosecuted as well 2 Scope of Authority of Manual The user may install use display and read this Manual on the complete set of computer 3 User Notice If users obey the law and this Agreement they may use this Manual in accordance with Agreement If the users violate the Agreement Qno will terminate the using authority and destroy the copy of this Manual The hardcopy or softcopy of this Manual is restricted using for information non commercial and personal purpose Besides it is not allowed to copy or announce on any network computer Furthermore it is not allowed to disseminate on any media It is not allowed to modify any part of the file Using for other purposes is prohibited by law and it may cause serious civil and criminal punishment The transgressor will receive the accusation possibly 4 Legal Liability and Exclusion ND your future life 2 WAN 3 LAN VPN Firewall 4 1 Qno will check the mistake of the texts and diagrams with all strength However Qno distributors and resellers do not bear any liability for direct or indirect economic loss data loss or other corresponding commercial loss to the user or relevant personnel due to the possible omission 4 2 JIn order to protect the autonomy of the business development and adjustment of Qno Qno reserves the right to adjust or terminate the software Manual any time without informing the users There will be no further notice r
70. tem Displays relevant information with regard to the use of PPTP Server tunnel Remote user name after connection is established Remote IP address after connection is established The local PPTP server IP address after connection is established VPN Pass Through setting allows or rejects other VPN devices of Local network or VPN PC clients and remote VPN devices to set VPN tunnel 83 ND ONO your future life 2 WAN 3 LAN VPN Firewall VPN gt VPN Pass Through PPTP Pass Through Enable Disable L2TP Pass Through G Enable Disable i IPSec Pass Through If this option is enabled the PC is allowed to use VPN IPSec packet to pass in order to connect to external VPN device PPTP Pass Through If this option is enabled the PC is allowed to use VPN PPTP packet to pass in order to connect with external VPN device L2TP Pass Through If this option is enabled the PC end is allowed to use VPN L2TP packet to pass in order to connect with external VPN device 84 ND your future life 2 WAN 3 LAN VPN Firewall VIII QVM VPN Function Setup The QVM series device provides three major convenient functions 1 Smart Link IPSec VPN Easy VPN setup replaces the conventional complicated VPN setup process by entering Server IP User Name and Password 2 Central Control Feature Displays a clear VPN connection status of all remote ends and branches Its central control screen allows setup from r
71. ter settings into the device Before upgrade confirm all information about the software version Select and browse the backup parameter file config exp Select the file and click Import to import the file Export Configuration File This feature allows users to backup all parameter settings Click Export and select the location to save the config exp file 55 ND INO your future life 2 WAN 3 LAN VPN Firewall VI Firewall Configuration This chapter introduces the option of firewall setting as well as the setting of network access and control 6 1 General Settings The firewall is enabled by default If the firewall is set as disabled features such as SPI DoS and outbound packet responses will be turned off automatically Meanwhile the remote management feature will be activated The network access rules and content filter will be turned off NO Firewall gt General Advanced Setting Firewall Enable C Disable SPI Stateful Packet Inspection Enable Disable Dos Denial of Service Enable Disable Block WAN Request Enable Disable Remote Management Enable T Disable Port 2080 Multicast Pass Through C Enable amp Disable Prevent ARP Virus Attack Enable amp Disable Router sends ARP fi times per second QVM Function MTU Auto C Manual 1990 bytes Restrict WEB Features Block I Java Cookies Activex a Access to HTTP Pro
72. tity when P2P software such as BT Thunder or emule is used in the Intranet causing large numbers of connections Setting up proper limitations on connections can effectively control the connections created by P2P software It will also have a limiting effect on bandwidth usage 21 ND your future life 2 WAN 3 LAN VPN Firewall In addition if any Intranet PC is attacked by a virus like Worm Blaster and sends a huge number of connection requests session control will restrict that as well Session Control f Disable Single IP cannot exceed 200 Session When single IP exceed 200 Session block this IP to add new session for F minuts C block this IP s all connection for minuts S Scheduling Apply this rule alwars aj fou oo to 00 co 24 Hour Format F Everyday F sun I mon IT Tue D wea I Thu Fri set Exempted service Port or IP Address sr reres iY Service Service Management Source IP fio fro fo fo lige fro fio fo Enable _ Add ta list Delete Selected application 22 ND your future life Disable Single IP cannot exceed Session Network Service Detection When single IP exceed limit Scheduling from oo O00 to 00 700 i Days Management E Everyday C sun C mon C Tue C wea 2 WAN 3 LAN VPN Firewall To disable Session Control function This option enables the restriction of maximum external connections to each Intran
73. tname Waiting to be connected is indicated as Waiting for Connection If users select Manual setting for IPSec setup the status message will display as Manual and there is no Tunnel test function available for this manual setting Displays the current VPN tunnel connection name such as XXX Office Users are well advised to give them different names to avoid confusion should users have more than one tunnel settings Note If this tunnel is to be connected to other VPN device not QVM750 some device requires that the tunnel name is identical to the name of the host end to facilitate verification This tunnel can thus be successfully enabled Displays settings such as encryption DES 3DES authentication MD5 SHA1 and Group 1 2 5 If users select Manual setting for IPSec Phase 2 DH group will not display Displays the setting for VPN connection secure group of the local end Displays the setting for remote VPN connection secure group Set the IP address to connect the remote VPN device Please set the VPN device with a valid IP address or domain name Click Connect to verify the tunnel status The test result will be updated To disconnect click Disconnect to stop the VPN connection Setting items include Edit and Delete icon Click on Edit to enter the setting items and users may change the settings Click on the trash bin icon Mand all the tunnel settings will be deleted In this session
74. udio and visual streaming media on the network Broadcasting may allow the client end to receive this type of packet message format This feature is off by default This feature is designed to prevent the intranet from being attacked by ARP spoofing causing the connection failure of the PC This ARP virus cheat mostly occurs in Internet cafes When attacked all the online computers disconnect immediately or some computers fail to go online Activating this feature may prevent the attack by this type of virus Prevent ARP attack by broadcast packet issued on the intranet MTU is an acronym for Maximum Transmission Unit The default value is 1500 But in different network environments different values can be applied ADSL 57 ND INO your future life 2 WAN 3 LAN VPN Firewall PPPoE is the most common condition ADSL PPPoE MTU Size 1492 But the MTU Size of many users of Servers and ADSL PPPoE are identical Generally the default value of Auto is good enough and further settings are not necessary Apply After the changes are completed click Apply to save the network configuration modification Delete Click the Cancel button to cancel the modification This only works before Apply is clicked Firewall gt General Firewall Enable T Disable SPI Stateful Packet Inspection Enable Disable DoS Denial of Service Enable Disable Block WAN Request Enable Disable Remote Mana
75. unnel numbers PPTP IPSec QnoKey and IPSec VPN setting parameters and Group VPN and so forth Logout VPN gt Summary EE Tunnetisytsea F Tunnetis Available S Tunnel Status Jump to E one 3 l Gris per pene 3 EE i meg Phase Loeil Remote Remote Tunnel Me Meme Site ensauives Gu Group Gateway Ter Sm fo Tonne Enabled fo Tunnels Defined Summary VPN gt Summary Detail Detail Push this button to display the following information with regard to all current VPN configurations to facilitate VPN connection management 63 2 WAN 3 LAN VPN Firewall WAND IP 192 168 5 181 Wahl IP 0 0 0 0 Fri Aug 27 07 32 42 2004 Phase 2 Local Remote Remote Ma MAME Status Enc uth Grp Group Group Gateway Close Tunnel Status Tunnel Status Add Mew Tunnel Jump to 4 vja page 3 Y entries per page Phase2 Local Remote Remote Tunnel 1 H St ra ER T 7 ee Contig Ne Hama Status Enc Authi amp rp Group Group atenay Tast FEE io TunnelsjEnabled i Tunnels Defined Add New Tunnel The device supports Gateway to Gateway tunnel or Client to Gateway tunnel The VPN tunnel connections are done by 2 VPN devices via the Internet When a new tunnel is added the setting page for Gateway to Gateway or Client to Gateway will be displayed Gateway to Gateway Click Add to enter the setting page of Gateway to Gateway REMOTE V
76. urity Remote Server Input the IP address or Domain Name of QVM back up central 2 3 4 server After modification push Apply button to save the network setting or push Cancel to keep the settings unchanged QVM Advanced Settings 86 ONO your future life 2 WAN 3 LAN VPN Firewall IX Log Configuration From the log management and look up we can see the relevant operation status which is convenient for us to facilitate the setup and operation 9 1 System Log Its system log offers three options system log E mail alert and log setting og gt System Log M syslog Enable Syslog Syslog Server Mame or IF Address E E mail I Enable E Mail Alert Mall Server Name ot IP Address send E mail to E mail Address Log Queue Lengtr 50 entries Log Time Threshold L minutes Ea Ne Syslog Enabled If this option is selected the System Log feature will be enabled SysLog Server The device provides external system log servers with log collection feature System log is an industrial standard communications protocol It is designed to dynamically capture related system message from the network The system log provides the source and the destination IP addresses during the connection service number 87 ND your future life and type To apply this feature enter the system log server name or 2 WAN 3 LAN VPN Firewall the IP address into the empty s
77. uthentication mode MD5 or SHA1 Phase 1 SA Life Time The life time for this exchange code is set to 28800 seconds or 8hours by default This allows the automatic generation of other exchange password within the valid time of the VPN connection so as to guarantee security Phase2 SA Life Time The life time for this exchange code is set to 3600 seconds or 1hours by default This allows the automatic generation of other exchange password within the valid time of the VPN connection so as to guarantee security Preshared Key For the Auto IKE option enter a password of any digit or characters in the text of Pre shared Key the example here is set as test and the system will automatically transcode what users entered as exchange password and authentication mechanism during the VPN tunnel connection This exchange password can be made up of up to 30 characters 76 ND your future life 2 WAN 3 LAN VPN Firewall IPSec Setup Keying Mode TRE with Preshered Ker Phase CH Group Group Phase Encryption DES w Phase Authentication 205 w Phase SA Life Time 28800 Seconds Perfect Forward Secrecy w Phase DH Group Groups Phase Encryption DES r Phase Authentication MDS Phase SA Life Time 360 Sende Preshared Key Manual Mode z IPSec Setup Keying Mode Manual Incoming SPI Outgoing SPI Encryption CES
78. vice provides a simple online network diagnostic tool to help users troubleshoot network related problems This tool includes DNS Name Lookup Domain Name Inquiry Test and Ping Packet Delivery Reception Test DNS Name Lookup On this test screen please enter the host name of the network users want to test For example users may enter www abc com and press Go to start the test The result will be displayed on this page Tool gt Diagnostic DHS Hame Lookup C Ping Look up the name eo vm Functor This item informs users of the status quo of the outbound session and allows the user to know the existence of computers online On this test screen please enter the host IP that users want to test such as 192 168 5 20 Press Go to start the test The result will be displayed on this screen 51 ONO your future life 2 WAN 3 LAN VPN Firewall 5 2 Restart As the figure below if clicking Restart Router button the dialog block will pop out confirming if users would like to restart the device ool gt Restart Restart Router QVM Function 5 3 Return to Factory Default Setting Select Return to Factory Default Setting to reset all the settings and restart the device Alternatively users may press Reset button on the device to manually restore the default value and clear all settings including port configures password setting and etc Press Reset
79. vider s port do not activate this option This is the detected location for the ISP port such as the DNS IP address of ISP When configuring an IP address for this function make sure this IP is capable of receiving feedback stably and speedily Please input the DNS IP of the ISP port 16 ND your future life 2 WAN 3 LAN VPN Firewall Remote Server This is the detected location for the remote Network Segment This Remote Host IP should better be capable of receiving feedback stably and speedily Please input the DNS IP of the ISP port Use DNS server This is the detect location for DNS Only a web address such as for Domain www hinet net is acceptable here Do not input an IP address Name Service In addition do not input the same web address in this box for two different WANs Apply After the changes are completed click Apply to save the _ network configuration modification Click Cancel to leave without making any change but only it ma works before you click apply button Bandwidth Bandwidth Upstream 71 khitSec Downstream 712 kbit Sec Upstream 51 2 khit Sec Downstream g z Kbit Sec Automatic load balance ratio will be made according to the upstream bandwidth users input for the two WAN ports For instance if the upstream bandwidth for both WANs is 512Kbit sec the automatic balance ratio will be 1 1 If one WAN upstream bandwidth is 1024Kbit sec while the other is 512Kbit
80. ware will no longer be used for network connection 13 ND your future life 2 WAN 3 LAN VPN Firewall PPPoE We Connect on Demand Max Idle Time kin O Keep Alive Redial Period SEC User Name Password Connect Demand Keep Alive Input the user name issued by ISP Input the password issued by ISP on This function enables the auto dialing function to be used ina PPPoE dial connection When the client port attempts to connect with the Internet the device will automatically make a dial connection If the line has been idle for a period of time the system will break the connection automatically The default time for automatic break off resulting from no packet transmissions is five minutes This function enables the PPPoE dial connection to keep connected and to automatically redial if the line is interrupted It also enables a user to set up a time for redialing The default is 30 seconds After the changes are completed click Apply to save the configuration or click Cancel to leave without making any change 3 3 2 Dual WAN If you have chosen the second WAN then you can employment this setting Network Service Detection 14 your i life 2 WAN 3 LAN VPN Firewall General Setting gt Dual WAN SE Network Service Detection Enable Network Service Detection Retry count 5 Retry timeout 30 second WAN WAN2 Firewall i Default Gateway C
81. will be recorded in the log Select the source port whether users are permitted or not for example LAN WAN1 WAN2 or Any Select from the drop down menu Select the source IP range for example Any Single Range or preset IP group name If Single or Range is selected please enter a single IP address or an IP address within a session Select the destination IP range such as Any Single Range or preset IP group name If Single or Range is selected please enter a single IP address or an IP address within a session Select Always to apply the rule on a round the clock basis Select from and the operation will run according to the defined time Select Always to apply the rule on a round the clock basis If From is selected the activation time is introduced as below This control rule has time limitation The setting method is in 24 hour format such as 08 00 18 00 8 a m to 6 p m Everyday means this period of time will be under control everyday If users only certain days of a week should be under control users may select the desired days directly Click Apply to save the configuration Click the Cancel button to cancel the modification This only works before Apply is clicked 62 ONO your future life 2 WAN 3 LAN VPN Firewall VII VPN Configuration 7 1 Display All VPN Summary This VPN Summary displays the real time data with regard to VPN status These data include all t
82. xes Attention Even if ISP offers a static IP address it might be an automatic mode to obtain a DHCP IP or to obtain a PPPoE dial up IP Although the IP address obtained will be the same each time users still must select the correct connecting mode 12 ND your future life 2 WAN 3 LAN VPN Firewall Specify WAH IP Address lo l bo l oo i b amet esco Joe Je Je Default Gateway Address bo bd bd o DNS Server Required 1 0 10 o o zbo e fo Jb Specify WAN Input the available static IP address issued by ISP IP address Subnet Mask Input the subnet mask of the static IP address issued by ISP such as Issued eight static IP addresses 255 255 255 248 Issued 16 static IP addresses 255 255 255 240 Default Input the default gateway issued by ISP For ADSL users it is Gateway usually an ATU R IP address As for optical fiber users please input Address the optical fiber switching IP Domain Name Input the DNS IP address issued by ISP At least one IP group Server DNS should be input The maximum acceptable is two IP groups Point to Point Protocol over Ethernet This option is for an ADSL virtual dial up connection suitable for ADSL PPPoE Input the user connection name and password issued by ISP Then use the PPP Over Ethernet software built into the device to connect with the Internet If the PC has been installed with the PPPoE dialing software provided by ISP remove it This soft
83. xy Servers Don t block Java Active Cookies Proxy to Trusted Domains Firewall This feature allows users to turn on off the firewall SPI Stateful Packet This enables the packet automatic authentication Inspection detection technology The Firewall operates mainly at 56 ND your future life DoS Denial of Service Block WAN Request Remote Management Multicast Pass Through Prevent ARP Virus Attack Router sends ARP times per second MTU 2 WAN 3 LAN VPN Firewall the network layer By executing the dynamic authentication for each connection it will also perform an alarming function for application procedure Meanwhile the packet authentication firewall may decline the connections which use non standard communication protocol This averts DoS attacks such as SYN Flooding Smurf LAND Ping of Death IP Spoofing and so on If set as Enabled then it will shut down outbound ICMP and abnormal packet responses in connection If users try to ping the WAN IP from the external this will not work because the default value is set as activated in order to decline the outbound responses To enter the device web based UI by connecting to the remote Internet this feature must be activated In the field of remote browser IP a valid external IP address WAN IP for the device should be filled in and the modifiable default control port should be adjusted the default is set to 80 modifiable There are many a
84. y to save the configuration or click Cancel to leave without making any changes 32 ONO your future life 2 WAN 3 LAN VPN Firewall IV Advanced Configuration This chapter introduces the VPN Firewall advanced configuration including opening the link of virtual server routing setting physical IP corresponding to virtual IP as well as setting dynamic DNS etc 4 1 DMZ Host Demilitarized Zone When the NAT mode is activated sometimes users may need to use applications that do not Support virtual IP addresses such as network games We recommend that users map the device actual WAN IPs directly to the Intranet virtual IPs as follows Advanced Setting gt DMZ Host DMZ Private IP Address 10 10 10 fo If the DMZ Host function is selected to cancel this function users must input 0 in the following DMZ Private IP This function will then be closed After the changes are completed click Apply to save the network configuration 33 ND your future life 2 WAN 3 LAN VPN Firewall modification or click Cancel to leave without making any changes 4 2 Forwarding Setting up a Port Forwarding Virtual Host If the server function which means the server for an external service such as WWW FTP Mail etc is contained in the network we recommend that users use the firewall function to set up the host as a virtual host and then convert the actual IPs the Internet IPs with Port
85. your future life 2 WAN 3 LAN VPN Firewall BT or P2P software users may select this feature to inquire users from the port Logout I Log gt Specific IP Port status C Enabled IP Port Statistic Search Type IF Address IP Address g 0 E 93 ND your future life 2 WAN 3 LAN VPN Firewall Specific IP Status Enter the IP address that users want to inquire and then the entire destination IP connected to remote devices as well as the number of ports will be displayed Specific PPort status for IP address 192 165 3 Downstream Upstream Source IP Protocol Source Port Interface VWAH Dest IP Dest Port Bytes Sec Bytes Sec 192 165 353 101 TCP 4522 WAR 24 147 69 61 44677 BO 29 192 168 3 101 UPP 16086 WAR 219 134 169 251 9533 a 3 192 168 3 101 TCP 4926 WAR 24 252 220 45 40638 g 4 192 168 3 101 TCP 4927 WAR 91 98 30 81 2045 g 4 192 168 3 101 UPP 160586 WAR 24 15 195 99 47466 0 0 192 168 3 101 UPP 16086 WAR 24 252 220 45 40638 a J 192 165 3 101 UCF 16086 WAR 211 162 238 215 32523 0 0 192 165 353 101 UPP 16086 WAR 91 98 30 81 2045 a 5 192 168 3 101 TCP 4945 WAR 211 162 238 215 32523 0 0 192 168 3 101 TCP 4946 WAR 24 15 195 99 47466 0 0 192 168 3 101 UPP 16086 WAR 211 31 56 225 of 64 0 0 192 168 3 101 UPP 16086 WAR 210 6 20 120 55670 G 15 192 168 3 101 UPP 16086 WAR 220 15 76 4 25576 0 0 192 168 3 101 UPP 16086 WAR 219 212 45 36 62510 0 0 192 168 3 101 UPP 16086 WAR
86. ystem log server field E mail Enabled Mail Server E mail Log Queue Length Log Time Threshold E mail Log Now If this option is selected E mail Warning will be enabled If users wish to send out all the logs please enter the E mail server name or the IP address for instance mail abc com This is set as system log recipient email address such asabc mail abc com Set the number of Log entries and the default entry number is 50 When this defined number is reached it will automatically send out the log mail Set the interval of sending the log and the default is set to 10 minutes Reaching this defined number it will automatically send out the Mail log The device will detect which parameter either entries or intervals reaches the threshold first and send the log message of that parameter to the user Users may send out the log right away by pressing this button Clink View System Log and then you can review the related list of system log View System Log Clear Log How This option allows users to view system log The message content can be read online via the device They include All Log System Log Access Log Firewall Log and VPN log which is illustrated as below 88 N your future life 2 WAN 3 LAN VPN Firewall VE system log Windows Internet Explorer fa hitp 290 130 180 39 A0808s9s Jog htm system Log Current Time Fri May 9 12 58 47 2008 M Time Event Type Mess
Download Pdf Manuals
Related Search