RS-3000 User`s Manual - Airlivecam.eu
Contents
1. None gt E None None lo lo 0 means unlimited lo Range 1 99999 0 means unlimited fo Range 1 99999 0 means unlimited Figure14 38 Setting the VPN Tunnel Outgoing Policy Figure14 39 Complete the VPN Tunnel Outgoing Policy Setting 122 STEP 5 Enter the following setting in Incoming Policy Figure14 40 E Trunk Select PPTP_VPN_ Tunnel m Click OK Figure14 41 Comment Max 32 characters Add New Policy Source Address Traffic Log Statistics MAA Bandwidth Per Source IP MAX Concurrent Sessions Per IP MAX Concurrent Sessions Bl Enable Figure14 40 Setting the VPN Tunnel Incoming Policy Source Destination Service configure Move Guteide Any Inside Amy Routing Figure14 41 Complete the VPN Tunnel Incoming Policy Setting 123 The Default Gateway of Company B is the LAN IP of the RS 3000 192 168 20 1 Follow the steps below STEP 1 Add the following settings in PPTP Client of VPN function in the RS 3000 of Company B Click New Entry Button Figure14 42 User Name Enter PPTP Connection Password Enter123456789 Server IP or Domain Name Enter 61 11 11 11 Select Encryption Click OK Figure14 43 Add New PPTP Client Liser Name PPTP_ Connection Server For Doman Mame 61444111 Encryption VAM intertace Ovens ian E anual Connect Figure 14 42 PPTP VPN Client Setting PPTP Client User tame Seter IF or Domain Mame2. Figure17 13 DMZ to WAN Policy Setting STEP 6 Enter the following setting in Mail Relay function of Setting Figure1 7 14 Domain Name of Internal Mail Server cr Configure Allowed External IP of Mail Relay broadband _ comtw C6111142 Figure17 14 Mail Relay Setting of External Mail to Internal Mail Server G Mail Relay function makes the mails that sent to DMZ s mail server could be relayed to its mapped mail server by RS 3000 171 STEP 7 Enter the following setting in Setting function of Anti Spam Figure1 7 15 Spam Setting M Enable Anti Spam M External WAN The threshold score of spam mail is Add the spam string to the subject line Spam W Check spam fingerprint Use TCP port 2703 and UDP port 53 to connect database server Test M Enable Bayesian filtering Bayesian filtering not work until database has at least 200 spams and 200 hams If Enable spam signature push update Use TCP port 1153 and UDP port 1153 to update signature Test M Verify sender account is valid V Check sender IP address in RBL Use UDP port 53 to connect DNS server Test I Add score tag to the subject line Action of Spam Mail Internal Mail Server C Delete the spam mail lM Deliver to the recipient E Forward to Max 128 characters ex usen mydomain com External Mail Server I Deliver to the recipient Always enable Figure17 15 Spam Setting and Action of Spam Mail G When select
3. Outlook Express Rosetta Stubbs spam alium for less 9 20 2004 2 55 PM QO Local Folders ProductTestPanel com spam This 6 3 Megapixel Canon Dig Cam could yours 9 20 2004 9 06 AM Ba Inbox 0 sender mydomain c spam Spam Mail Notice 0 Spam Mails 9 20 2004 8 02 AM g Outbox t 4 Penny Sherman spam Sobs Need software Click here 9 20 2004 8 43 AM SE HamMail Shelby Lundy spam Paying too much for your Insurance 9 20 2004 2 31 PM LIA 14 Rubin Corbin spam Online ordering is the greatest 9 20 2004 2 11 PM SA Sent Items A Sonja Hathaway spam new info 9 20 2004 12 22 PM 9 Deleted Items 296 Wonderful Daily Savin spam Multiple ways to get home loans 9 20 2004 10 56 AM E Drafts Dick Rucker spam Hiya 9 20 2004 9 30 AM Bi Virus Rene Clement spam Hi there 9 20 2004 1 17 PM No cost Laptop spam Find out how to get a Free IBM Thinkpad 9 20 2004 2 36 PM JEric Cline spam Carole why can t you call me back 9 20 2004 12 27 PM nigel lutao spam Relief From pa iin event 9 17 2004 7 23 PM Bob Allen spam Right out of the T studio audience 9 20 2004 2 33 PM alexa ramirez RE You can become a legally ordained minister 9 20 2004 9 06 AM Contacts v x LA Rayearth C sender mydamain com 15 message s 14 unread E Working Online AN Error Figure17 36 Select SpamMail Folder 186 a SpamMail Outlook Express 7 4 4 Chi O Ss ward AMENES
4. 131 Set up the policy that can monitor the internal users Take Logging Statistics and Alarm Threshold for example STEP 1 Enter the following setting in Outgoing Policy Click New Entry E Select Traffic Log Select Statistics mM Click OK Figure15 1 Comment Max 32 characters Inside_Any Outside _Any gt ANY None None F None i PERMIT ALL T None None fo fo 0 means unlimited Range 1 99999 0 means unlimited WW er Range 1 99099 0 means unlimited prr re ox ia is m cin ra 1 Cattinn tha Aiffarant Dalinine Figure15 1 Setting the different Policies STEP 2 Complete the setting of Logging Statistics and Alarm Threshold in Outgoing Policy Figure15 2 Figure15 2 Complete Policy Setting STEP 3 Obtain the information in Traffic of Log function if you want to monitor all the packets of the RS 3000 Figure15 3 132 Time Source Destination Protocol tar 2 TB3S740 192 76e 3 1927166 4 921660425 1286 80 Te re 286 80 1921680101 l1OG 445 921661 3 110 gt 445 1521630101 132166143 321680101 3246613 3216513 4221660101 32168643 19 16604104 Figure15 3 Traffic Log Monitor WebUI 133 STEP 4 To display the traffic record that through Policy to access to Internet in Policy Statistics of Statistics function Figure15 4 Service ANY Action PERMIT Inside Any to Outs
5. Auto Training Figure17 19 Add Blacklist Setting Export Blacklist To Client Import Blacklist Form Client sid OK tax size 100 KBytes Direction Blacklist Auto Training Configure Figure17 20 Complete Blacklist Setting H When enable Auto Training function the mail that correspond to Blacklist setting will be trained as Spam Mail automatically according to the time setting in Training function G The address of Whitelist and Blacklist can be set as complete mail address For example josh broadband com tw or the word string that make up off For example yahoo means the e mail account that includes yahoo inside G The privilege of Whitelist is greater than Blacklist So when RS 3000 is filtering the soam mail it will adopt the standard of Whitelist first and then adopt Blacklist next 175 STEP 10 When the external yahoo mail account send mail to the recipient account of mail server of broadband com tw in RS 3000 josh broadband com tw and steve broadband com tw m If the sender account is share2k01 yahoo com tw then these two recipient accounts both will receive the mail that sent by this sender account m f it comes from other yahoo sender account share2kOO03 yahoo com tw and then there will only be josh broadband com tw can receive the mail that sent from this sender account the mail that sent to steve broadband com tw will be considered as spam mail m After RS 3000 had filtered the mai
6. STEP 1 in IDP Report gt Log it shows the IDP status in RS 3000 2007 05 03 03 39 13 T Event Signature Class Interface Attack IP Victim IPP ort Action 2007 05 03 03 39 13 H ANOMALY large icmp Detect Anomalous Con 92416842 1a 768 0101 2007 05 03 03 39 07 ANOMALY large icmp Detect Anomalous Con 19216812 maeno Figure19 9 The IDP log The icon description in Log 1 Action 2 Risk on OD Description High Risk Medium Risk Low Risk 24l Chapter 20 Anomaly Flow IP When the RS 3000 had detected attacks from hackers and internal PC who are sending large DDoS attacks The Anomaly Flow IP will start on blocking these packets to maintain the whole network In this chapter we will have the detailed illustration about Anomaly Flow IP Define the required fields of Virus infected IP The threshold sessions of virus infected per source IP m When the session number per source IP has exceeded the limitation of anomaly flow sessions per source IP RS 3000 will take this kind of IP to be anomaly flow IP and make some actions For example block the anomaly flow IP or send the notification Anomaly Flow IP Blocking E RS 3000 can block the sessions of virus infected IP Notification m RS 3000 can notice the user and system administrator by e mail or NetBIOS notification as any anomaly flow occurred a af x After System Manager enable Anomaly Flow IP if th
7. Deleted Items 121 Prin i moma 1 Reply to Sender Drafts Reply to 4ll 2 HamMail 5 Forward Forward As Attachment Mark as Read Mark as Unread Move to Folder Copy to Folder Add Sender to Address Book Properties Contacts Sy x There are no contacts to display Click on Contacts to create a new contact Deletes the selected messages Figure17 52 Delete All of Mails in HamMail File 202 Chapter 18 Anti Virus RS 3000 can scan the mail that sent to Internal Mail Server and prevent the e mail account of enterprise to receive mails include virus so that it will cause the internal PC be attacked by virus and lose the important message of enterprise In this chapter we will have the detailed illustration about Anti Virus Define the required fields of Setting Anti Virus Settings m It can detect the virus according to the mails that sent to internal mail server or receive from external mail server m sIt will add warning message in front of the subject of the mail that had been detected have virus If after scanning and do not discover virus then it will not add any message in the subject field m It can set up the time to update virus definitions for each day Or update virus definitions immediately Synchronize It will show the update time and version at the same time 203 Action of Infected Mail m The mail that had been detected have virus can choose to Delete mail Deliver to the re
8. Figure15 31 Complete the Policy access to Mail Service by DMZ to WAN 148 Chapter 16 Mail Security According to the Mail Security Configure function it means the dealing standard towards mail of RS 3000 In this chapter it is defined as Setting and Mail Relay After scanning the mails that sent to Internal Mail Server by Anti Spam and Anti Virus functions of RS 3000 then to setup the relevant setting in Mail Relay function Define the required fields of Setting Scanned Mail Setting m It can setup to deal with the size of mail in order to judge if to scan the mail or not Unscanned Mail Setting m According to the unscanned mail it can add an unscanned message in the mail subject For example add the following setting in this function 1 The scanned mail size is less than 200Kbytes 2 Add the message to the subject line Unscanned 3 Click OK Figure16 1 Scanned Mail Setting The scanned spam mail size is less than 128 KBytes Range 10 512 The scanned virus mail size is less than 128 KBytes Range 10 512 Unscanned Mail Setting M Add the message to the subject line Unscanned Max 255 characters Figure16 1 Scanned Mail Setting 149 When receive unscanned mail it will add the tag in front of the e mail subject Figure16 2 i Inbox Outlook Express Fle Edt View Tools Message Help DB e L 2 3 x 8 amp NewMail Reply Reply All Forward Print Delete
9. High Risk Drop M Log Pass recommended Medium Risk Drop M Log Fass recommended Low Risk Pass M Log Pass recommended Figure19 4 The IDP configure setting STEP 2 In Signature gt Anomaly add the following settings Figure 19 5 i L Go EMEGEGCHESHEFELEEQD Figure19 5 The Anomaly setting 218 STEP 3 In Signature gt Custom add the following setting Click New Entry Figure 19 6 Name enter Software Crack Website Protocol select TCP Source Port enter 0 65535 Destination Port enter 80 80 Risk select High Action select Drop and Log Content enter cracks Click OK to complete the setting Figure 19 7 Signature Source Port Destination Port Figure19 6 The custom setting Name SOnware Crack website Figure19 7 Complete the custom setting 219 STEP 4 In Policy gt Outgoing add the new policy and enable IDP Figure 19 8 19 9 Comment Max 32 characters Outside Any eean None fie None gt None None Jz PERMTALL E E _ M Eal Hone None fo lo 0 means untimited lo Range 1 99999 0 means unlimited lo Range 1 99999 0 means unlimited Figure19 8 The IDP setting in Policy Figure19 9 Complete the IDP setting in Policy 220 19 3 IDP Report The RS 3000 can display the IDP record by statistics and log so the enterprises can easily know the whole network status
10. NO WARRANTY 11 BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE THERE IS NO WARRANTY FOR THE PROGRAM TO THE EXTENT PERMITTED BY APPLICABLE LAW EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND OR OTHER PARTIES PROVIDE THE PROGRAM AS IS WITHOUT WARRANTY OF ANY KIND EITHER EXPRESSED OR IMPLIED INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FORA PARTICULAR PURPOSE THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU SHOULD THE PROGRAM PROVE DEFECTIVE YOU ASSUME THE COST OF ALL NECESSARY SERVICING REPAIR OR CORRECTION 12 INNO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER OR ANY OTHER PARTY WHO MAY MODIFY AND OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE BE LIABLE TO YOU FOR DAMAGES INCLUDING ANY GENERAL SPECIAL INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program and you want it to be of the greatest possible use to the public the best way to achieve this is to make it free software which everyone c
11. 126 STEP 4 Enter the following setting in Incoming Policy Figure14 48 E Trunk Select PPTP_VPN_ Tunnel m Click OK Figure14 49 A g d M 2 Wi F i i 2 Y cource Address Destination Address Schedule Trunk Traffic Log Statistics Figure14 48 Setting the VPN Tunnel Incoming Policy SOUFLE Destination configure hove Guteide Any Inside Anyl Routing Figure14 49 Complete the VPN Tunnel Incoming Policy Setting STEP 5 Complete PPTP VPN Connection 127 Chapter 15 Policy Every packet has to be detected if it corresponds with Policy or not when it passes the RS 3000 When the conditions correspond with certain policy it will pass the RS 3000 by the setting of Policy without being detected by other policy But if the packet cannot correspond with any Policy the packet will be intercepted The parameter of the policy includes Source Address Destination Address Service Schedule Authentication User Tunnel Action WAN Port Traffic Log Statistics Content Blocking IM P2P Blocking QoS MAX Bandwidth Per Source IP MAX Concurrent Sessions Per IP and MAX Concurrent Sessions Control policies decide whether packets from different network objects network services and applications are able to pass through the RS 3000 i T O How to use Policy The device uses policies to filter packets The policy settings are source address destination address services permission packet log packet sta
12. 29 13 35 57 2007 ACCEPT 192 168 weeny 29 13 36 20 2007 ACCEPT 192 168 Log Backup 29 13 37 55 2007 ACCEPT 192 168 29 13 37 55 2007 ACCEPT 192 168 Accounting Ri 29 13 37 55 2007 ACCEPT 192 168 192 168 192 168 192 168 192 168 192 168 192 168 192 168 192 168 192 168 192 168 192 168 192 168 192 168 192 168 192 168 192 168 192 168 192 168 192 168 192 168 TCP 1840 80 TCP 1842 80 TCP 1844 80 TCP 1846 80 TCP 1848 80 TCP 1850 80 TCP 1853 80 TCP 1855 80 TCP 1857 80 TCP 1859 80 TCP 1866 80 TCP 1869 80 TCP 1870 80 TCP 1872 80 TCP 1874 80 TCP 1876 80 TCP 1878 80 TCP 1880 80 TCP 1882 80 TCP 1884 80 i gt Statistics 29 13 37 57 2007 ACCEPT 192 168 192 168 TCP 1886 80 29 13 38 01 2007 ACCEPT 192 168 192 168 TCP 1888 80 Wake on Lan 29 13 39 37 2007 ACCEPT 192 168 192 168 TCP 1890 80 Status 29 13 39 38 2007 ACCEPT 192 168 192 168 TCP 1892 80 29 13 42 19 2007 ACCEPT 192 168 29 13 42 52 2007 ACCEPT 192 168 29 13 42 53 2007 ACCEPT 192 168 29 13 42 53 2007 ACCEPT 192 168 29 13 42 55 2007 ACCEPT 192 168 29 13 42 57 2007 ACCEPT 192 168 29 13 43 14 2007 ACCEPT 192 168 29 13 43 14 2007 ACCEPT 192 168 29 13 43 17 2007 ACCEPT 192 168 2007 ACCEPT 192 168 192 168 192 168 192 168 192 168 192 168 L01 192 168 101 192 168 101 192 168 Be en kae ke Pe E eTe TCP 1894 80 TCP 1896 80 TCP 1898 80 TCP 1900 80 TCP 1902 80 TCP 190
13. 7 1 Pre defined Define the required fields of Service Pre defined WebUI s Chart and Illustration chat station TCP Service For example AFPoverTCP AOL BGP FIP FINGER HTTP HTTPS IMAP SMTP POP3 GOPHER InterLocator IRC L2TP LDAP NetMeeting NNTP PPTP Real Media RLOGIN SSH TCP ANY TELNET VDO Live WAIS WINFRAME X WINDOWS MSN etc UDP Service For example IKE DNS NFS NTP PC Anywhere RIP SNMP SYSLOG TALK TFTP UDP ANY UUCP etc ICMP Service Foe example PING TRACEROUTE etc Define the required fields of Service New Service Name m The System Manager can name the custom service Protocol m The protocol type to be used in connection for device such as TCP and UDP mode Client Port m The port number of network card of clients The range is 0 65535 suggest to use the default range Server Port The port number of custom service 53 7 2 Custom Allow external user to communicate with internal user by VoIP through policy VoIP Port TCP 1720 TCP 15328 15333 UDP 15328 15333 STEP 1 Set LAN and LAN Group in Address function as follows Figure 7 1 7 2 IF Metmask MAC Address configure 000 000 Mame Figure 7 2 Setting LAN Group Address Book WebUI STEP 2 Enter the following setting in Custom of Service function m Click New Entry Figure 7 3 m Service Name Enter the preset name VoIP E Protocol 1 select TCP need not to ch
14. Auto ki Connect Mode IF Address z 7 3 S r Ponigute Priority connections Dynamic IP CEMR Rhine i MEA Figure 5 8 Complete Dynamic IP Connection Setting 40 E Static IP Address Figure 5 9 1 Select Static IP Address 2 Enter IP Address Netmask and Default Gateway that provided by ISP 3 Enter DNS Server1 and DNS Server2 In WAN2 the connecting of Static IP Address does not need to set DNS Server 4 Enter Max Downstream Bandwidth and Max Upstream Bandwidth According to the flow applied by user Select Ping and HTTP 6 Click OK Figure 5 10 WAN Interface Service ICMP Alive Indicator Site IP Wait seconds between the sending of each aliwe packet Range 0 99 0 do not check PPPoE ADSL User Dynamic IP Address Cable Modem User Static IP Address PPTP European User Onby IP Address 60 250 158 66 Netmask MAC Address Default Gateway DNS Server 1 DNS Server Z Max Downstream Bandwidth Kbps Range 1 51200 Max Upstream Bandwidth 1024 Kbps i Range 1 51200 Enable System Management Ping HTTP Figure 5 9 Static IP Address Connection Balance Mode iP S Saturate WAN No Connect Mode ed Configure Priority ms ctions Figure 5 10 Complete Static IP Address Connection Setting G When selecting Ping and WebUI on WAN network Interface users will be able to ping the RS 3000 and enter the WebU WAN network It may influence network
15. Microsoft Internet Explorer Sel votes Tools Hel a ak x a A r Search SIY Favorites 4 X ZS im La Fel Address E 192 168 1 1 v co inks Connect to 192 168 1 1 A Office UTM Gateway Administration Tools User name admin Password eeeeeee C Remember my password Internet Figure 2 1 Login page STEP 2 After entering the username and password the Security Gateway WEB UI screen will display Select the Interface tab on the left menu and a sub function list will be displayed Click on WAN from the sub function list enter proper the network setup information Click Modify to modify WAN1 2 settings i e WAN1 Interface WANT1 interface IP Address 60 250 158 66 NetMask 255 255 255 0 Default Gateway 60 250 158 254 DNS Server1 168 95 1 1 WANT Interface Service ICMP v Alive Indicator Site IP 4 66 95 1 1 Assist Wait seconds between the sending of each alive packet Range 0 99 0 do not check PPPoE ADSL User Dynamic IP Address Cable Modem User Static IP Address PPTP European User Only Anomaly Flow IP IP Address 60 250 158 66 Netmask 255 255 255 0 MAC Address 00 4F 68 00 1F 02 Defaut Gateway 660 250 158 254 DNS Server 1 168 9511 DNS Server 2 Max Downstream Bandwidth 51200 Kbps Range 1 51200 Max Upstream Bandwidth 51200 Kbps Range 1 51200 Enable System Managem
16. Outlook Express 18 x File Edit View Tools Message Help l D S amp s BB amp New Mail Reply Reply All Forward Print Delete Send Recv Addresses Find Inbox g Spammail 14 S Sent Items Deleted Items 295 BS Drafts EA Virus Contacts v x CA Rayearth cA sender mydomain com 1 message s 1 unread working Online Error Figure18 2 The Subject of Infected Mail WebUI G When select Disable in Virus Scanner it will stop the virus detection function to e mail 205 Define the required fields of Virus Mail Top Total Virus To show the top chart that represent the virus mail that the recipient receives and the sender sent In Top Total Virus Report it can choose to display the scanned mail that sent to Internal Mail Server or received from External Mail Server In Top Total Virus it can sort the mail according to Recipient and Sender Total Virus and Scanned Mail 206 To detect if the mail that received from external Mail Server have virus or not STEP 1 in LAN Address to permit a PC receiving the mail from external mail server Its network card is set as 192 168 139 12 and the DNS setting is DNS server STEP 2 In LAN of Address function add the following settings Figure18 3 Name IPF Netmask Configure 0 0_0_0 0 0 0 0 Figure18 3 Mapped IP of Internal User s PC in Address Book STEP 3 Add the following setting in Group of Servic
17. SendfRecv Inbox t xito Fron pp Outlook Express E Mr Heckathorne K Unscanned I viagrnet E K Local Folders ae eTa ASS Outbox IA Sent Items J Deleted Items 76 SE Drafts There are no contacts to display Click on Contacts to create a new contact Figure16 2 The Unscanned Mail Subject WebUI 150 To setup RS 3000 as Gateway Mail Server is in DMZ Transparent Mode Preparation WAN Port IP 61 11 11 11 Mail Server IP 61 11 11 12 Map the DNS Domain Name that apply from ISP broadband com tw to DNS Server IP setup MX record is Mail Server IP When external sender to send mail to the recipient account in broadband com tw add the following Mail Relay setting STEP 1 Add the following setting in Mail Relay function of Configure Select Domain Name of Internal Mail Server Domain Name of Mail Server Enter the Domain Name IP Address of Mail Server Enter the IP address that Mail Server s domain name mapped to Mail Relay setting is complete The mails from external and its destination mail server have to be in the domain name setting that can be received by RS 3000 and be sent to the appointed mail server after filtering Figure16 3 G Domain Name of Internal Mail Server Allowed External IP of Mail Relay Add Domain Name Domain Name of Mail Server IP Address of Mall Server 61 11 11 12 ex 6137230 Figure16 3 Mail Relay Setting WebUI 151 To setup RS 3
18. 192 168 10 X Company B WAN IP 211 22 22 22 LAN IP 192 168 20 X This example takes two RS 3000s as flattop Suppose Company B 192 168 20 100 is going to have VPN connection with Company A 192 168 10 100 and download the resource 118 The Default Gateway of Company A is the LAN IP of the RS 3000 192 168 10 1 Follow the steps below STEP 7 Enter PPTP Server of VPN function in the RS 3000 of Company A Select Modify and enable PPTP Server Client IP Range Keep the setting with original ex 192 44 75 1 254 E Enter DNS Server or WINS Server IP if necessary m Idle Time Enter 0 Figure14 33 Modify PPTP Sener Setting 3 Dizashle PETE Enable PPTP Encryption Client IP Range 192413191 E DAS Server WIRES Server 4 Allow PPTP cllent ta connect the Internet ALito Disconnect if idle oo E Echo Reguest Retry times Timeout serana OK f Cancel Figure14 33 Enable PPTP VPN Server Settings Client IP Range the setting can not be the same as LAN IP subnet or the PPTP function will not be workable Idle Time the setting time that the VPN Connection will auto disconnect under unused situation Unit minute 119 STEP 2 Add the following settings in PPTP Server of VPN function in the RS 3000 of Company A Select New Entry Figure14 34 User Name Enter PPTP_Connection Password Enter 123456789 Client IP assigned by Select IP Range Click OK Figure14 35 Add Mew PPP Ser
19. F Interface Policy Object F Policy F Anomaly Flow IP Traffic Event Connection Log Backup Accounting Report Statistics Wake on Lan Status Figure21 7 Download Event Log Records WebUI 229 To Detect Event Description of WAN Connection STEP 1 Click Connection in LOG It can show up WAN Connection records of the RS 3000 Figure21 8 Mar 2913 47 19 4 Back Mart 2913 4719 eSsage5 Connection Log har 29134719 Mar 29 13 4720 har 29 147 3 i max Number of retransmissions 0 reached STATE MAIN N Ho acceptable response to our first PRA deleting connection added connection description EM A Mar 29 BS Sages Mar 29 134549 Mar 29 13 48 51 har 29 134901 sions 0 reached STATE MAIN N Mo acceptable response to our first Marag 1 SeS0219 MPN A deleting connection Marza 1 30 20 added connection description MEM A bar 23 Mar 29 1350545 Mar 29 TSi 34 26 max number ot retransmissions 0 reached STATE MAIN Mo acceptable response to cur first i added connection description PM a Figure21 8 Connection records WebUI 230 STEP 2 Click on Download Logs RS 3000 will pop up a notepad file with the log recorded User can choose the place to save in PC instantly Figure21 9 local 1 Notepad o 4 pes 3 gt g j a File Edit Format Yiew Help Jan 31 16 01 42 2006 Firewall dhcpcd 859 broadcasting DHCP_DISCOVER Jan 31 16
20. MD5 SHA1 Here we select 3DES for ENC Algorithm and MD5 for AUTH Algorithm to make sure the encapsulation way for data transmission Figure14 24 IPSec Algorithm Dala Encryption Authentication FRI Algorthin AUTH Algorithm Authentication anly Figure14 24 IPSec Algorithm Setting STEP 7 After selecting GROUP1 in Perfect Forward Secrecy enter 3600 seconds in ISAKMP Lifetime enter 28800 seconds in IPSec Lifetime and selecting Main mode in Mode Figure14 25 Optional tem Pertect Forward Secrecy T ry K fl F Li et ime a B0 z SCcongd IPSec Litetine 256500 Seconds ObMain mode amp Agressive mode Figure14 25 IPSec Perfect Forward Secrecy Setting 114 STEP 8 Complete the IPSec Autokey setting Figure14 26 Mame Gateway IP IPSec Algorithm Contigure ee OT eS Figure14 26 Complete Company B IPSec Autokey Setting STEP 9 Enter the following setting in Trunk of VPN function Figure14 27 m Enter a specific Tunnel Name From Source Select LAN From Source Subnet Mask Enter 192 168 20 0 255 255 255 0 To Destination Select To Destination Subnet Mask To Destination Subnet Mask Enter 192 168 10 0 255 255 255 0 IPSec PPTP Setting Select VPN_B Enter 192 168 10 1 the Default Gateway of Company A as the Keep alive IP Select Show remote Network Neighborhood Click OK Figure14 28 tew Entry Trunk LAN gow From Source Subnet Mask Ol To Destination
21. No matter to send or to receive the mail the Client user still has to use mail system by MUA that provided by operation system For example Outlook Express in Windows is MUA The main function of MUA Is to receive or send e mail from mail master and provide the function for users to browse and edit mail MTA Mail Transfer Agent When the user sending or receiving mails they are both completed by MTA Basically its functions are as below 1 To receive the mail that sent by external master when receiving the mails from external only if the recipient exists in MTA internal account then this mail will be received by MTA 2 To send mail for user Only if the user has the authority to use MTA and then the mail can be sent by MTA 3 To let user to receive his her own mail The user can take the mails to his her own PC from mail master Se Generally the Mail Server we refer to is talking about MTA m MDA Mail Delivery Agent To let the mail that received by MTA be put in the Mailbox according to its destination Or by MTA to send the mail to the next MTA 163 To introduce the delivery procedure of the mail by two Send and Receive way If the user wants to send the mail the steps can be divided as follows m Use MUA to send mail to MTA Enter the following setting while the user write e mail by MUA 1 The e mail address and the mail server of the sender To receive the MTA that sent by MTA from the sender 2 The e m
22. Print Delete Send Recv Addresses Find NewMall Reply Reply All Forward Inbox papas xfer From Siocon dR Jassensnre bauneseccucsesesassenssseccsesssenseussnenseanagussgasssasssessgussgescestsnensndapsnseansssssensnsnansesedassuessnensgenssanseeseed Outlook Express EENS Local Folders ETS ASS Outbox SY Sent Items J Deleted Items 76 SE Drafts There are no contacts to display Click on Contacts to create a new contact Figure17 2 the subject of the mail that considered as spam mail WebUI 156 When receive Ham mail it will only add score tag in front of the e mail s subject Figure1 7 3 af Inbox Outlook Express Reply Inbox 3 Outlook Express Local Folders G inboe H Q Outbox S HamMail 4 SpamMail 42 S Sent Items a Deleted Items 136 g SpamMail 1 132 BS Drafts A Virus cA sender mydomain com Figure17 3 the subject of the mail that considered as Spam mail WebUI 157 17 2 Rule Define the required fields of Rule Rule Name m The name of the custom spam mail determination rule Comment m To explain the meaning of the custom rule Combination E Add It must be fit in with all of the custom rule mails that would be considered as spam mail or ham mail m Or Only be fit in with one of the custom rule mails that would be considered as spam mail or ham mail Classification m When setting as Spam it will
23. a work containing the Program or a portion of it either verbatim or with modifications and or translated into another language Hereinafter translation is included without limitation in the term modification Each licensee is addressed as you Activities other than copying distribution and modification are not covered by this License they are outside its scope The act of running the Program is not restricted and the output from the Program is covered only if its contents constitute a work based on the Program independent of having been made by running the Program Whether that is true depends on what the Program does 1 You may copy and distribute verbatim copies of the Program s source code as you receive it in any medium provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty keep intact all the notices that refer to this License and to the absence of any warranty and give any other recipients of the Program a copy of this License along with the Program You may charge a fee for the physical act of transferring a copy and you may at your option offer warranty protection in exchange for a fee 2 You may modify your copy or copies of the Program or any portion of it thus forming a work based on the Program and copy and distribute such modifications or work under the terms of Section 1 above provided that you also meet all of these conditions a You m
24. 1 192 168 4 1 192 168 5 1 Routing Mode m itis the same as NAT mode approximately but does not have to correspond to the real WAN IP address which let internal PC to access to Internet by its own IP External user also can use the IP to connect with the Internet 25 4 4 Route Table STEP 1 Enter the following settings in Route Table in System function m Destination IP Enter 192 168 10 1 E Netmask Enter 255 255 255 0 m Gateway Enter 192 168 1 252 m Interface Select LAN E Click OK Figure 4 9 Add New Static Route Destination IP 192 165 10 1 255 0 i Figure 4 9 Add New Static Route1 STEP 2 Enter the following settings in Route Table in System function Destination IP Enter 192 168 20 1 Netmask Enter 255 255 255 0 Gateway Enter 192 168 1 252 Interface Select LAN Click OK Figure 4 10 Add New Static Route Destination IP 192 168 20 1 Figure 4 10 Add New Static Route2 STEP 3 Enter the following setting in Route Table in System function Destination IP Enter 10 10 10 0 Netmask Enter 255 255 255 0 Gateway Enter 192 168 1 252 Interface Select LAN Click OK Figure 4 11 26 Add New Static Route Destination IP Netmask Gateway Interface Figure 4 11 Add New Static Route3 STEP 4 Adding successful At this time the computer of 192 168 10 1 24 192 168 20 1 24 and 192 168 1 1 24 can connect with each other an
25. 112 The Default Gateway of Company B is the LAN IP of the RS 3000 192 168 20 1 Follow the steps below STEP 1 Enter the default IP of Gateway of Company B s RS 3000 192 168 20 1 and select IPSec Autokey in VPN Click New Entry Figure14 19 Eq Name Gateway IF IPSec Algorithm configure Figure14 19 IPSec Autokey Web UIl STEP 2 in the list of IPSec Autokey fill in Name with VPN_B Figure14 20 Mecessary Item WAN Interface Owen Wane Figure14 20 IPSec Autokey Name Setting STEP 3 Select Remote Gateway Fixed IP or Domain Name In To Destination list and enter the IP Address Figure1 4 21 To Destination RemoteGateway 61 11 11 11 i Fixed Poor Doman Mame Remote Gateway or Client Dynamic IP Figure14 21 IPSec To Destination Setting STEP 4 Select Preshare in Authentication Method and enter the Preshared Key max 100 bits Figure1 4 22 Authentication Metti Preshared Key 123456789 Ma Figure14 22 IPSec Authentication Method Setting STEP 5 Select ISAKMP Algorithm in Encapsulation list Choose the Algorithm when setup connection Please select ENC Algorithm 3DES DES AES AUTH Algorithm MD5 SHA1 113 Encapsulation ISAKMP Algorithm EMC Algorithm AUTH Algarthin Figure14 23 IPSec Encapsulation Setting STEP 6 You can choose Data Encryption Authentication or Authentication Only to communicate in IPSec Algorithm list ENC Algorithm 3DES DES AES NULL AUTH Algorithm
26. 192 168 10 0 255 255 255 0 To Destination Select To Destination Subnet Mask To Destination Subnet Mask Enter 192 168 20 0 255 255 255 0 IPSec PPTP Setting Select VPN_A Enter 192 168 20 1 the Default Gateway of Company B as the Keep alive IP Select Show remote Network Neighborhood and Click OK Figure14 14 PSec_VPN Max 16 characters te 192 168 10 0 fe 255 255 255 0 t lt Available Tunnel _ gt selected Tunnel VPA VPN_A _ 4 Remove ic Figure14 13 New Entry Tunnel Setting 110 Figure14 14 Complete New Entry Tunnel Setting STEP 10 Enter the following setting in Outgoing Policy Figure1 4 15 E Trunk Select IPSec_VPN_ Tunnel m Click OK Figure14 16 Comment Max 32 characters Inside Any Outside_Any Y None None fo fo 0 means unlimited fo Range 1 99999 0 means unlimited lo Range 1 99999 0 means unlimited Figure14 15 Setting the VPN Tunnel Outgoing Policy mil Le Figure14 16 Complete the VPN Tunnel Outgoing Policy Setting 111 STEP 11 Enter the following setting in Incoming Policy Figure1 4 1 7 m Trunk Select IPSec_VPN_ Tunnel m Click OK Figure14 18 Enable red a Figure14 17 Setting the VPN Tunnel Incoming Policy Source Destination Service Contigure wiog Outside AT Inside AriytRouting Figure14 18 Complete the VPN Tunnel Incoming Policy Setting
27. 8 Name IF Netmask 6 0 0 070 0 0 0 Figure18 8 Mapped IP Setting in Address of Mail Server STEP 3 Enter the following setting in Group in Service function Figure18 9 Group name emic Configure Mai Service 01 POPS SMTP kait Service 02 DNS POPS SMTP Figure18 9 Setting Service Group that include POP3 SMTP or DNS STEP 4 Enter the following setting in Server1 in Virtual Server function Figure18 10 Virtual Server Real P PELIPE WAN Port Server Virtual IF Configure Toe Fed 1 Figure18 10 Virtual Server Setting WebUI 210 STEP 5 Enter the following setting in Incoming Policy Figure18 11 Source Destination Action Configure Outside Any Virtual Server 1 61 11 11 12 Mail Service 0i Ee ainsi flodify Removell Figure18 11 Incoming Policy Setting STEP 6 Enter the following setting in Outgoing Policy Figure18 12 Destination Action Option Configure outseAny Wakserviceo2 1 Figure18 12 Outgoing Policy Setting STEP 7 Enter the following setting in Mail Relay function of Configure Figure18 13 Domain Name of Internal Mail Server or Configure Allowed External IP of Mail Relay broadband comtw 192 168 2 12 Figure18 13 Mail Relay Setting of External Mail to Internal Mail Server G Mail Relay function makes the mails that sent to LAN s mail server could be relayed to its mapped mail server by RS 3000 211 STEP 8 Add the following setting in Se
28. 9 16 2004 1 30 AM A Inbox 7 BA Karla Doss score 3 spam Re ildhd IkjIt s abou 9 15 2004 11 50 PM Outbox BA jospeh pumphrey score 4 spam your presc ription 9 17 2004 4 24 AM N Sent Items BA Jayne Baca score 4 spam Win dows XP shipped 9 16 2004 10 24 AM a Deleted Items 121 EY SpamMail 1 BI Drafts ey tom ail o New Folder Rename Delete Add to Outlook Bar Contacts ty x There are no contacts to display Click on Contacts to create a new contact 5 message s 5 unread a Working Online Figure17 49 Select Properties of HamMail File WebUI 199 Jada Gist Figure17 50 Copy the File Address that HamMail File Store 200 STEP 5 Paste the route of copied HamMail file to the Ham Mail for Training field in Training function of Anti Spam And press OK to transfer this file to the RS 3000 instantly and to learn the uploaded mail file as ham mail in the appointed time Figure1 7 51 Free space for training 676 KBytes The amount of spam mail 1155 The amount of ham mail 231 Bayesian filtering does not work until database has at least 200 spams and 200 hams Training Database Export Training Database Reset Training Database apam fail for Training Harr Mail for Training Spam Accounttor Training POPS Server Pe Wax BO characters ex my domain com 3 User name Pe Max GO characters ex Spam Password k Max 53 characters ex Sd2 k
29. AES AUTH Algorithm MD5 SHA1 and Group GROUP1 2 5 Both sides have to choose the same group Here we select 3DES for ENC Algorithm MD5 for AUTH Algorithm and GROUP 1 for Group Figure14 9 Encapsitaton ISAKMP Algorithm ERE Algorithin AUTH Algorithm Gra Hip Figure14 9 IPSec Encapsulation Setting STEP 6 You can choose Data Encryption Authentication or Authentication Only to communicate in IPSec Algorithm list ENC Algorithm 3DES DES AES NULL AUTH Algorithm MD5 SHA1 Here we select 3DES for ENC Algorithm and MD5 for AUTH Algorithm to make sure the encapsulation way for data transmission Figure14 10 IPSec Algorithm Data Encryption Authentication EN Algorithm AUTH Algorithin Authentication Only Figure14 10 IPSec Algorithm Setting STEP 7 Select GROUP1 in Perfect Forward Secrecy enter 3600 seconds in ISAKMP Lifetime enter 28800 seconds in IPSec Lifetime and selecting Main mode in Mode Figure14 11 Optional tem Perfect Forvyard Secrecy ISAKMP Lifetime S600 Seconds Fec Litetine 20000 Seconds Mode O Main mode Aggressive mode Figure14 11 IPSec Perfect Forward Secrecy Setting STEP 8 amp Complete the IPSec Autokey setting Figure1 4 12 109 Figure14 12 Complete Company A IPSec Autokey Setting STEP 9 Enter the following setting in Trunk of VPN function Figure1 4 13 m Enter a specific Tunnel Name From Source Select LAN From Source Subnet Mask Enter
30. Bandwidth and Maximum Bandwidth according to the bandwidth range you applied from ISP Upstream Bandwidth m To configure the Guaranteed Bandwidth and Maximum Bandwidth according to the bandwidth range you applied from ISP Priority To configure the priority of distributing Upstream Downstream and unused bandwidth Guaranteed Bandwidth m The basic bandwidth of QoS The connection that uses the IPSec Autokey of VPN or Policy will preserve the basic bandwidth Maximum Bandwidth m The maximum bandwidth of QoS The connection that uses the IPSec Autokey of VPN or Policy which bandwidth will not exceed the amount you set 63 Setting a policy that can restrict the user s downstream and upstream bandwidth STEP 1 Enter the following settings in QoS Click New Entry Figure9 3 Name The name of the QoS you want to configure Enter the bandwidth in WAN1 WAN2 Select QoS Priority Click OK Figure9 4 Air Live Policy Object QoS Setting Add New QoS Policy Object ee Address Service WAN Downstream Bandwidth Upstream Bandwidth QoS Priority Schedule G Bandwicth 200 Kbps G Bandwidth 20 Kbps S008 M Bandwidth Kbps M Bandwidth Kbps L Setting gt G Bandwidth 300 Kbps G Bandwidth iso M Bandwidth Kbps M Bandwidth Kbps Kbps Figure9 3 QoS WebUl Setting Mame WAR Downstream Bandwidth Upstream Bandwidth Priority configure gt Bandwidth 200 Kbps amp Ranc
31. Chapter 17 Anti Spam RS 3000 can filter the e mails that are going to send to the mail server of enterprise In order to make sure the e mail account that communicates with outside won t receive a mass advertisement or Spam mail meanwhile it can reduce the burden of mail server Also can prevent the users to pick up the message he she needs from a mass of useless mails or delete the needed mail mistakenly while deleting mails It will raise the work efficiency of the employees and will not lose the important information of enterprise In this chapter we will have the detailed illustration about Anti Spam 17 1 Setting Define the required fields of Setting Spam Setting m It can choose the inspection way of the mails where the mail server is placed in Internal LAN or DMZ or External WAN m It can inspect all of the mails that are sent to the enterprise Also can add score tag or message to the subject line of Spam mail while it exceeds the standard After filtering if the mails still don t reach the standard it will only add score tag to the subject of the soam mail m It also can check sender address in blacklist of anti spam website to determine if it is spam mail or not 154 Action of Spam Mail E he mail that considered as spam mail can be coped with Delete mail Deliver to the recipient Forward to another mail account After setup the relevant settings in Mail Relay function of Configure add the following
32. Complete the policy rule of only allows the users who pass authentication to access to Internet in particular time Figure15 16 Spurte Destination Service Configure howe izide Any Outside Ary ay i E T mama lodi i ji Figure15 16 Complete Policy Setting 140 The external user controls the internal PC through remote control software Take pcAnywhere for example STEP 1 Set up a Internal PC controlled by external user and Internal PC s IP Address is 192 168 1 2 STEP 2 Enter the following setting in Virtual Server1 of Virtual Server function Figure15 17 Virtual Server RealIP 614114112 SeMice WAM Port Sever Virtual IF Configure F C ri 4 g te ie i T j z 5644 56321 Figure15 17 Setting Virtual Server STEP 3 Enter the following in Incoming Policy Click New Entry Destination Address Select Virtual Server1 61 11 11 12 m Service Select PC Anywhere 5631 5632 Click OK Figure15 18 Comment Po Max 32 characters Add Mew Policy Source Address Louse Any S Traffic Log E Enable none MAs Handed Per Source IP Downstream te Kbps Upstream MA Concurrent Sessions Fer F E nati Figure15 18 Setting the External User Control the Internal PC Policy STEP 4 Complete the policy for the external user to control the internal PC through remote control software Figure15 19 141 Source Destination Service Action Option configure hove Outside Any Wirtual Server
33. Encryption Uptime Configure E PPTP Connection i a a E a aa ah inglit niiit Figure 14 43 Complete PPTP VPN Client Setting 124 STEP 2 Enter the following setting in Tunnel of VPN function Figure1 4 44 m Enter a specific Tunnel Name From Source Select LAN From Source Subnet Mask Enter 192 168 20 0 255 255 255 0 To Destination Select To Destination Subnet Mask To Destination Subnet Mask Enter 192 168 10 0 255 255 255 0 IPSec PPTP Setting Select PPTP_Client_PPTP Connection Select Show remote Network Neighborhood Click OK Figure14 45 New Entry Trunk From Source Subnet Mask To Destination Subnet Mask 192 168 10 0 Remote Client Tunnel Renove Add Figure14 44 New Entry Tunnel Setting Keep alive IP al Show remote Network Neighborhood Mame Source Subnet Destination Subnet IPSec sPPTP Configure PPTP_ PM THR 192 766 20 0 182 766 1070 PPTP EI Figure14 45 Complete New Entry Tunnel Setting 125 STEP 3 Enter the following setting in Outgoing Policy Figure1 4 46 m Trunk Select PPTP_VPN_ Tunnel m Click OK Figure14 47 Comment Max 32 characters ANY PERMIT ALL r E E e None None bpo b o i 0 means unlimited Range 1 99999 0 means unlimited Range 1 99999 0 means unlimited Figure14 46 Setting the VPN Tunnel Outgoing Policy Figure14 47 Complete the VPN Tunnel Outgoing Policy Setting
34. It is the statistics of the downstream and upstream of the LAN WAN and all kinds of communication network services Source IP m The IP address used by LAN users who use RS 3000 Destination IP m The IP address used by WAN service server which uses RS 3000 Service The communication service which listed in the menu when LAN users use RS 3000 to connect to WAN service server 234 Inbound Accounting Report It is the statistics of downstream upstream for all kinds of communication services the Inbound Accounting report will be shown if Internet user connects to LAN Service Server via RS 3000 Source IP m The IP address used by WAN users who use RS 3000 Destination IP m The IP address used by LAN service server who use RS 3000 Service The communication service which listed in the menu when WAN users use RS 3000 to connect to LAN Service server 235 Outbound STEP 1 Select to enable the items for Outbound Accounting Report in Setting of Accounting Report function Figure22 1 Accounting Report Setting Outbound Accounting Report Source IP Destination IP Service inbound Accounting Report C Source IF _ Destination IP Service Figure22 1 Accounting Report Setting STEP 2 Enter Outbound in Accounting Report and select Source IP to inquire the statistics of Send Receive packets Downstream Upstream First packet Last packet Duration from the LAN or DMZ user s IP that
35. Item and use Contains Condition and enter josh as a characteristics Afterward when the sender and receiver s mail account has josh inside and then it will be considered as spam mail or ham mail 159 17 3 Whitelist Define the required fields of Whitelist Whitelist m To determine the mail comes from specific mail address that can send to the recipient without being restricted Direction a From To judge the sending address of the mail m To To judge the receiving address of the mail 17 4 Blacklist Define the required fields of Blacklist Blacklist m To determine the mail comes from specific mail address that cannot be sent to the recipient 160 17 5 Training Define the required fields of Training Training Database m The System Manager can Import or Export Training Database here Spam Mail for Training m The System Manager can import the file which is not determined as spam mail here To raise the judgment rate of soam mail after the RS 3000 learning the file Ham Mail for Training m The System Manager can import the file which is determined as spam mail here To raise the judgment rate of ham mail after the RS 3000 learning the file Training time m The System Manager can set the training time for RS 3000 to learn the import file each day here 17 6 Spam Mail Define the required fields of Soam Mail Top Total Spam m To show the top chart that represent the spam mail that recipien
36. L Selected address gt if Remove vr Add Figure 6 6 Add New LAN Address Group 49 Mame Member Configure Figure 6 7 Complete Adding LAN Address Group G The setting mode of WAN Group and DMZ Group of Address are the same as LAN Group STEP 3 Enter the following settings in WAN of Address function m Click New Entry Figure 6 8 m Enter the following data Name IP Address Netmask m Click OK Figure 6 9 Add Mew Address Figure 6 8 Add New WAN Address Name IP t Netmask configure Agiman mi nEs E 2541 S255 255 255 255 Figure 6 9 Complete the Setting of WAN Address 50 STEP 4 To exercise STEP1 3 in Policy Figure 6 10 6 11 VTA TT Add New Policy Outgoing Destination Address LAN To DMZ Authentication User DMZ To LAN F Anomaly Flow IP Content Blocking MAX Bandwidth Per Source lP Downstream oono o Kbps Upstream o Kbps MAX Concurrent Sessions Per IP F Policy Object Figure 6 10 To Exercise Address Setting in Policy Source Destination Action Option Configure ie es ease oe Seed ed eed y Figure 6 11 Complete the Policy Setting The Address function really take effect only if use with Policy 51 Chapter 7 Service TCP and UDP protocols support varieties of services and each service consists of a TCP Port or UDP port number such as TELNET 23 SMTP 21 SMTP 25 POP3 110 etc The RS 3000 includes two services Pre defined Serv
37. MTU 1500 Bytes Range 40 1500 Figure 4 4 Reset Factory Settings 19 Enabling E mail Alert Notification STEP 1 Select Enable E mail Alert Notification under E Mail Settings STEP 2 Device Name Enter the Device Name or use the default value STEP 3 Sender Address Enter the Sender Address Required by some ISPs STEP 4 SMTP Server IP Enter SMTP server s IP address STEP 5 E Mail Address 1 Enter the e mail address of the first user to be notified STEP 6 E Mail Address 2 Enter the e mail address of the second user to be notified Optional STEP 7 Click OK on the bottom right of the screen to enable E mail Alert Notification Figure 4 5 Air Live Ir IVe System Configure Setting E mail Setting Administration Enable E mail Alert Notification f b Sender Address Required by some ISPs jacky mydomain col Max 60 characters ex sender mydomain com Setting gt Date Time SMTP Server mail mycomain com Max 80 characters ex mail nydomain com s Multiple Subnet E mail Address 1 mis mydomain com Max 60 characters ex useri mydomain com Route Table E mail Address 2 gary mydomain con Max 60 characters ex user2 mydomain com DHCP Mail Test Mail Test gt Dynamic DNS Host Table Web Management VAN Interface SNMP HTTP Port Range 1 65535 gt Language MTU Setting MTU w vtew danas aul Aue in 5 Link Speed Du
38. Modify Policy Authentication User Action WAN Port Traffic Log Figure 8 3 Complete the Setting of Comparing Schedule with Policy The Schedule must compare with Policy 61 Chapter9 QoS By configuring the QoS you can control the OutBound and InBound Upstream Downsitream Bandwidth The administrator can configure the bandwidth according to the WAN bandwidth Downstream Bandwidth To configure the Guaranteed Bandwidth and Maximum Bandwidth Upstream Bandwidth To configure the Guaranteed Bandwidth and Maximum Bandwidth QoS Priority To configure the priority of distributing Upstream Downstream and unused bandwidth The RS 3000 configures the bandwidth by different QoS and selects the suitable QoS through Policy to control and efficiently distribute bandwidth The RS 3000 also makes it convenient for the administrator to make the Bandwidth to reach the best utility Figure 9 1 9 2 512 0 K 384 0 K 256 0 K Bits per Second 128 0 K 10 18 10 26 10 38 10 46 Minute 9 48 9 58 10 08 Figure 9 1 the Flow Before Using QoS 512 0 K Maximum Bandwidth 384 0 K 256 0 K Guarateed Bandwidth Bits per Second 128 0 K 9 46 9 58 10 06 10 18 10 28 10 36 10 46 Minute Figure 9 2 the Flow After Using QoS Max Bandwidth 400Kbps Guaranteed Bandwidth 200Kbps 62 Define the required fields of QoS WAN m Display WAN1 and WAN2 Downstream Bandwidth m To configure the Guaranteed
39. RS 3000 to detect if the WAN can connect or not So the Alive Indicator Site IP DNS Server IP Address or Domain Name must be able to use permanently Or it will cause judgmental mistakes of the device 38 STEP 3 Select the Connecting way m PPPoE ADSL User Figure 5 5 1 Select PPPoE 2 Enter User Name as an account 3 Enter Password as the password 4 Select Dynamic or Fixed in IP Address provided by ISP If you select Fixed please enter IP Address Netmask and Default Gateway 5 Enter Max Downstream Bandwidth and Max Upstream Bandwidth According to the flow that user apply 6 Select Ping and HTTP 7 Click OK Figure 5 6 PPPoE ADSL User Dynamic IP Address Cable Modem User Static IP Address D PPTP European User Only Current Status Connected IP Address 61 229 44 225 User Name 66126161 hinet net Max 60 characters Password Max 60 characters IP Address obtained from ISP via Dynamic Fixed Padaras Cd Max Downstream Bandwidth Kbps Range 1 51200 Max Upstream Bandwidth Kbps Range 1 51200 Auto Disconnect if idle for0 minutes Range 1 99999 0 means always connected Enable System Management Ping HTTP Figure 5 5 PPPoE Connection Balance Mode WAN No Connect Mode IP Address Saturated Connections a oe 5122044225 Figure 5 6 Complete PPPoE Connection Setting You can set up Auto Disconnect if idle in order to disconnec
40. Range 0 9999 0 means unlimited Wait time Seconds Range 1 9999 Interface VPN WANT 192 166 1 1 a ee a OK jf Cancel Figure 24 3 Ping configuration via VPN 251 24 2 Traceroute STEP 1 In Diagnostic gt Traceroute function user can configure RS 3000 to trace specific IP address or domain name and confirm RS 3000 WAN connecting status Figure24 4 Traceroute Traceroute Res Type in available Internet IP address or domain name Choose the Ping Packets size 40 Bytes by default Type in the Max Time to Live value 30 Hops by default Type in the Wait Time the default setting is 2 seconds Choose the source interface to send out the Ping packets Press OK to ping the IP address or domain name Figure24 5 Setting Max 30 characters 40 Bytes Range 40 9999 30 Hops Range 1 255 2 Seconds Range 2 9999 WANT Figure 24 4 Traceroute Diagnostic sult traceroute to 166 95 1 1 166 95 1 1 30 hops max 40 byte packets from 61 229 44 173 From 61 229 44 173 To hop 1 IP 218 160 24 254 round trip mivjavg max 45 321 72 861 127 906 ms 2 IP 168 95 71 10 round trip min avqimax 36 690 43 577 50 730 ms 3 F 220 128 11 202 round trip mivavgimax 43 832 59 794 70 045 ms P 220 128 3 118 round trip min avg max 33 450 47 098 51 666 ms 5 F 220 128 3 101 round trip min avqimax 41 690 53 133 66 3897 ms P 202 39 179 185 round trip
41. S Deleted Items 121 EY SpamMail 1 BS Drafts A 5 Contacts S x There are no contacts to display Click on Contacts to create a new contact 5 message s 5 unread j Working Online Figure17 47 Select HamMail File 197 k HamMail Outlook Express Etri tO score 4 spam Nominate yourself fo 9 16 2004 4 16 AM score 4 spam Certify EU Guidelines 9 16 2004 1 30 AM score 3 spam Re ildhd IkjIt s abou 9 15 2004 11 50 PM j score 4 pam your presc ription Prin TALE Compact m arrir R s Properties Alt Enter Exit and Log Offi Identity There are no contacts to display Click on Contacts to create a new contact Figure17 48 Compact HamMail File 198 STEP 4 To copy the route of HamMail Folder in Outlook Express to convenient to upload the training to RS 3000 m Press the right key of the mouse in HamMail file and select Properties function Figure 7 49 m Copy the file address in HamMail Properties WebUI Figure17 50 k HamMail Outlook Express File Edit View Tools Message Help G A New Mail Reply Reply Al Forward Z Print a Send Recy a amp Addresses Find Delete HamMail Folders x sTe le rom E e Outlook Express Zachery Lane score 4 spam Nominate yourself fo 9 16 2004 4 16 AM A Local Folders ito Galvan score 4 spam Certify EU Guidelines
42. Spam account test Ham Accounttor Training POPS Server ynail_backup Hamb hax 80 characters ex my domain com User name fe Max 50 characters ex ham J Passyvord Max 63 characters ex Sd2 k Hain account test Training time Training database starts at 00 00 y day Training immediately Figure17 51 Paste the File Address that HamMail File Save to make RS 3000 to be trained 201 STEP 6 Remove all of the mails in HamMail File in Outlook Express so that new mails can be compressed and upload to RS 3000 to training directly next time E Select all of the mails in HamMail and press the right key of the mouse to select Delete function Figure1 7 52 m Make sure that all of the mails in HamMail file had been deleted completely i HamMail Outlook Express 5 x File Edit View Tools Message Help A amp TEG 3 New Mail Reply Reply 4 Forward Print Delete Send Recy Addresses Find 1 HamMail Folders x s e le rom E S Outlook Express Zachery Lane score Nominate yourself fo 9 16 2004 4 16 AM Local Folders P ito Galvan score 4 Certify EU Guidelines 9 16 2004 1 30 AM fa Inbox 7 Karla Doss score Re ildhd IkjIt s abou 9 15 2004 11 50 PM Outbox jospeh pumphrey score 4 your presc ription 9 17 2004 4 24 AM g Sent Items Hayne Baca score Win dows XP shipped 9 16 Open I
43. Subnet Mask Remote Client Tunnel Remove E Show remote Netw ork Neighborhood Figure14 27 New Entry Tunnel Setting 115 Figure14 28 Complete New Entry Tunnel Setting STEP 10 Enter the following setting in Outgoing Policy Figure14 29 Trunk Select IPSec_VPN_ Tunnel Click OK Figure14 30 Comment Max 32 characters inside_Any ind Outside _Any ANY None 7 l None PERMIT ALL T lo 0 means unlimited lo Range 1 99999 0 means unlimited lo Range 1 99999 0 means unlimited Figure14 29 Setting the VPN Tunnel Outgoing Policy Figure14 30 Complete the VPN Tunnel Outgoing Policy Setting 116 STEP 11 Enter the following setting in Incoming Policy Figure14 31 m Trunk Select IPSec_VPN_ Tunnel m Click OK Figure1 4 32 Add New Pe licy cource Address Destination Address m Al A ctn Traffic Log Enable MAX Bandwidth Per Source IP Downstream oo o Kbps Upsiream oC Kbps MAX Concurrent Sessions Per IF in hable i Enable Figure14 31 Setting the VPN Tunnel Incoming Policy Source Destination Semice Action Coton Configure Move Outside Any mate Anyi Routing Figure14 32 Complete the VPN Tunnel Incoming Policy Setting STEP 12 Complete IPSec VPN Connection 117 Setting PPTP VPN connection between two RS 3000s Preparation Company A WAN IP 61 11 11 11 LAN IP
44. and checking sender IP in RBL system work to filter soam mail automatically Mail Training system Update system with the error judged type of mail to improve the accurate rate of Anti Spam Network Security IDP Intrusion Detection Prevention The IDP system provides the function to detect and stop the hacker software s attack from Internet It filters the malicious packets based on the embedded signature database user can select to update the database by regularly or manually Anti Virus for HTTP FTP P2P IM NetBIOS RS 3000 Anti Virus not only can filter mail it also supports to scan HTTP FTP P2P IM and NetBIOS packets Detect and block the anomaly flow IP Anomaly flow packets usually spread out to the network as abnormal type and administrator IPSec and PPTP VPN VPN Virtual Private Network uses to secure the data transferring with encrypted and private channel IPSec provides high level of data encrypted and PPTP provides easily configuration VPN Trunk VPN trunk function allows user to create two VPN tunnels simultaneously and offers VPN fail over feature IM P2P Blocking Currently IM and P2P can be managed separately the access right IM types include MSN Yahoo Messenger ICQ QQ Google Talk Gadu Gadu and Skype and P2P types include eDonkey Bit Torrent WinMX Foxy KuGoo AppleJuice AudioGalaxy DirectConnect iMesh MUTE Thunder5 VNN Client PPLive Ultra Surf PPStream GoGoBox Tor UUSee QQLive Q
45. classify the mails that correspond to the rule as spam mail E When setting as Ham Non Spam it will classify the mails that correspond to the rule as ham mail Action Only when Classification is set as Spam that will enable this function Because only spam mail needs to be handled m You can choose to Delete mail Deliver to the recipient or Forward to another mail account Auto Training m When Classification is set as Spam and enable this function and then the mails that correspond to this rule will be trained to identify as soam mail according to the setting time in Training function When Classification is set as Ham Non Spam and enable this function and then the mails correspond to this rule will be trained to identify as ham non spam mail according to the setting time in Training function Item m To judge if it is soam mail or not according to the Header Body Size of the mail m The Header items to detect the mail are Received Envelope To Form To Cc Bcc Subject Sender Reply To Errors To Message ID and Date Condition 158 m When Item is set as Header and Body the available conditions are Contains Does Not Contain Is Equal To Is Not Equal To Starts With Ends With Exist and Does Not Exist m When Item is set as Size the available conditions are More Than Is Equal To Is Not Equal To and Less Than Pattern m Enter the relevant value in Item and Condition field For example From
46. e PIIG ea TEE Compact Properes Exit and Log Off Identity Contacts OOOO X There are no contacts to display Click on Contacts to create a new contact Figure17 37 Compact SpamMail Folder 187 STEP 4 To copy the route of SoamMail File in Outlook Express to convenient to upload the training to RS 3000 m Press the right key of the mouse in SpamMail file and select Properties function Figure 7 38 E Copy the file address in SpamMail Properties WebUI Figure1 7 39 k SpamMail Outlook Express File Edit View Tools Message Help lame 2 Zl 2 am a NewMail Reply Reply All Forward Pint Delete M a Add esses Find SpamMail Outlook Express Ed Rosetta Stubbs spam alium for less 20 2004 2 5 Be Local Folders Ed ProductTestPanel com spam This 6 3 Megapixel Canon Dig Cam could yours 9 20 2004 9 0 i Gral Inbox 3 sender mydomain c spam Spam Mail Notice 0 Spam Mails 9 20 2004 3 02 Q Outbox b4 Penny Sherman spam Sobs Need software Click here 20 2004 8 42 Shelby Lundy spam Paying too much for your Insurance 20 2004 2 3 A Sent Items Rubin Corbin spam Online ordering is the greatest 9 20 2004 2 1 5 Deleted Items 109 A Sonja Hathaway 5pam new info 9 20 2004 12 2 A Spammail Wonderful Daily Savin spam Multiple ways to get home loans 9 20 2004 10 SS Drafts Dick Rucker spam Hiya 9 20 2064 9 36 bA Rene Cleme
47. is disconnected 9 17 2004 5 01 PM ins E Outbox root MH3000_ 1 00 Hacker Attack Alarm 9 17 2004 4 49 PM e Sent Items ALEE score 3 spam Re ildhd IkjIt s abou 9 15 2004 11 50 PM l Deleted Items 121 jospeh pumphrey score 4 spam your presc ription 9 17 2004 4 24 AM 4B SpamMail Jayne Baca score Open ipped at no cost bloke rainbow E Drafts 2 erasmo wortham Bate 9 17 2004 3 50 PM S HamMail M Clyde Tripp X na 9 17 2004 4 37 PM EY SpamMail BA Agustina Damico re eL Reply to Sender 9 17 2004 4 00 PM Reply to All Forward Forward As Attachment Mark as Read Mark as Unread Copy to Folder be Delete Add Sender to Address Book There are no contacts to display Click on Contacts to create a new contact Properties Moves selected messages to a folder Figure17 34 Move Spam Mail WebUI 184 More je Outlook Express Ef Local Folders Inbox Ee AES Outbox SEY Sent Items Deleted Items Drafts Figure17 35 Select Folder for Spam Mail to move to 185 STEP 3 Compress the SpamMail Folder in Outlook Express to shorten the data and upload to RS 3000 for training Select SpamMail Folder Figure 7 36 Select Compact function in selection of the folder Figure 7 37 at SpamMail Outlook Express is j File Edt View Tools Message Help Uu Y 2 4 x ae a oS NewMail Reply Reply All Forward Print Addresses Find SpamMail
48. minjavqimax 49 406 52 599 54 713 ms IP 166 95 1 1 round trip min avg max 47 91 462 249 79 215 ms Traceroute complete Figure 24 5 Traceroute result 252 Chapter 25 Wake on Lan Wake on Lan WOL function works to power on the computer remotely The computer s network card must also support WOL function when it receive the waked up packets and the computer will auto boot up Normally the broadcast packets are not allowed to transfer within Internet but user can login RS 3000 remotely and enable Wake on Lan function to boot up the LAN computer To configure Wake on Lan function in RS 3000 STEP 1 Select Setting in Wake on Lan and enter MAC Address to specify the computer who needs to be booted up remotely User can press Assist to obtain the MAC Address from the table list Figure25 1 Add Wake on lan setting Figure 25 1 Wake on Lan Setting STEP 2 User only needs to press Wake Up button to boot up the specific LAN computer Figure 25 2 Mame WAC Address Configure 152 165612 o0 00 59 59 79 20 Vake li Madi Figure 25 2 Complete Wake on Lan Setting 253 Chapter 26 Status The users can know the connection status in Status For example LAN IP WAN IP Subnet Netmask Default Gateway DNS Server Connection and its IP etc m Interface Display all of the current Interface status of the RS 3000 Authentication The Authentication information of RS 3000 m ARP Table Record all the ARP
49. policy to automatically execute the function in a certain time Authentication User m The user have to pass the authentication to connect by Policy Trunk m Select the specific VPN setting to allow the packets passing through Traffic Log Record all the packets that go through policy Statistics Chart of the traffic that go through policy IDP Select to enable IDP feature in Policy Content Blocking m To restrict the packets that passes through the policy IM P2P Blocking To restrict the packets passing via IM or P2P 130 QoS E Setting the Guarantee Bandwidth and Maximum Bandwidth of the Policy the bandwidth is shared by the users who correspond to the Policy MAX Bandwidth Per Source IP E Set the maximum bandwidth that permitted by policy And if the IP bandwidth exceed the setting value the surplus connection cannot be set successfully MAX Concurrent Sessions Per IP m Set the concurrent sessions that permitted by policy And if the IP sessions exceed the setting value the surplus connection cannot be set successfully MAX Concurrent Sessions Set the concurrent sessions that permitted by policy And if the whole Policy sessions exceed the setting value the surplus connection cannot be set successfully Move m Every packet that passes the RS 3000 is detected from the front policy to the last one So it can modify the priority of the policy from the selection
50. potentially Language harm your computer If you do not trust the source do not save this Ers ex sender mydomain com pe Wal bee ers ex mail mydomain com rere Patios anad E mail Address 1 Max 60 characters ex useri mydomain com oley Objec Policy E mail Address 2 e Max 60 characters ex user2 mydomain com Mail Security Mail Test f Mail Test Web Management GNAN Interface Anomaly Flow IP HTTP Port Range 1 65535 MTU 1500 Bytes Range 40 1500 X Figure 4 1 Select the Destination Place to Save the Exported File 17 System Settings Importing STEP 1 In System Setting WebUI click on the Browse button next to Import System Settings from Client When the Choose File pop up window appears select the file to which contains the saved RS 3000 Settings then click OK Figure 4 2 STEP 2 Click OK to import the file into the RS 3000 Figure 4 3 e L E 2 g IVe System Configure Setting Office UTM Gateway Configuration Export System 3 Choose file Import System Setting Date Time Multiple Subnet Route Table System Name P A My Recent ponsa Device Name Documents Dynamic DNS Host Table E mail Setting SNMP C Enable E m Language Sender Ad S cogout SMTP Serv mai Policy Object FMail Security Mail Test Web Manager Anomaly Flow IP bs HTTP Port f MTU Se
51. provided by the host of the domain Virtual IP Address The virtual IP address is corresponding to the Host It must be LAN or DMZ IP address STEP 1 Select Host Table in Settings function and click on New Entry m Host Name The domain name of the server Virtual IP Address The virtual IP address is corresponding to the Host m Click OK to add Host Table Figure 4 15 Add New Host Table Entry Virtual IP Address 192 166 100 712 Figure 4 15 Add New Host Table To use Host Table the user PC s first DNS Server must be the same as the LAN Port or DMZ Port IP of RS 3000 That is the default gateway 31 4 8 SNMP STEP 1 Select SNMP in Settings function click Enable SNMP Agent and type in the following information SNMP Agent Setting Enable SNMP Agent Device Name Device Location Community Contact Person C Enable SNMPVv3 Security Level User Name Auth Protocol Auth Password SNMP Trap Setting Enable SNMP Trap Alert Notification SNMP Trap Recever Address SNMP Trap Port SNMP Trap Test Device Name The default setting is Office UTM Gateway and user can change it Device Location The default setting is Taipei Taiwan and user can change it Community The default setting is public and user can change it Contact Person The default setting is root public and user can change it Description The default setting is Office UTM gateway Appliance and
52. s PC If the Administrator starts the E Mail Alert Notification in Setting the RS 3000 will send e mail to Administrator automatically 223 Chapter 21 Log Log records all connections that pass through the RS 3000 s control policies The information is classified as Traffic Log Event Log and Connection Log Traffic Log s parameters are setup when setting up policies Traffic logs record the details of packets such as the start and stop time of connection the duration of connection the source address the destination address and services requested for each control policy Event Log record the contents of System Configurations changes made by the Administrator such as the time of change settings that change the IP address used to log in etc Connection Log records all of the connections of RS 3000 When the connection occurs some problem the Administrator can trace back the problem from the information i T O How to use the Log The Administrator can use the log data to monitor and manage the device and the networks The Administrator can view the logged data to evaluate and troubleshoot the network such as pinpointing the source of traffic congestions 224 To detect the information and Protocol port that users use to access Internet or Intranet by RS 3000 STEP 1 Add new policy in DMZ to WAN of Policy and select Enable Logging Figure21 1 comment ___ Qa 32 characters Add Mew Policy Source Add
53. security The suggestion is to Cancel Ping and WebuUI after all the settings have finished And if the System Administrator needs to enter Ul from WAN he she can use Permitted IPs to enter 41 m PPTP European User Only Figure 5 11 1 2 3 4 9 10 11 12 13 Select PPTP European User Only Enter User Name as an account Enter Password as the password If the MAC Address is required for ISP then click on Clone MAC Address to obtain MAC IP automatically Select Obtain an IP address automatically or Use the following IP address provided by ISP Hostname Enter the hostname provided by ISP Domain Name Enter the domain name provided by ISP If user selects Use the following IP address please enter IP Address Netmask and Default Gateway Enter PPTP server IP address as the PPTP Gateway provided by ISP Enter Max Downstream Bandwidth and Max Upstream Bandwidth According to the flow applied by user Select BEZEQ ISRAEL Israel User Only Select Ping and HTTP Click OK Figure 5 12 You can choose Service On Demand for WAN Interface to connect automatically when disconnect or to set up Auto Disconnect if idle not recommend 42 WAN Interface ne Alive Indicator Site IP 168 95 1 1 Wait 1 seconds between the sending of each alive packet Range 0 99 0 do not check PPPoE ADSL User Dynamic IP Address Cable Modem User PPTP European User Only 0 0 0 0 Obt
54. settings in this function 1 The Mail Server is placed in Internal LAN or DMZ 2 The threshold score Enter 5 3 Add the message to the subject line Enter spam 4 Select Add score tag to the subject line 5 Select Deliver to the recipient 6 Click OK Figure1 7 1 spam Setting W Enable AntiSpam The Mail Server is placed in I internal LAN or DMZ T External WAN The threshold score of spam mail is 5 Add the spam string to the subject line Spam Max 256 characters M Check spam fingerprint Use TCP port 2703 and UDP port 53 to connect database server Test M Enable Bayesian filtering Bayesian filtering does not work until database has at least 200 spams and 200 hams M Enable spam signature push update Use TCP port 1153 and UDP port 1153 to update signature Test E Verify sender account is valid C Check sender IP address in RBL Use UDP port 53 to connect ONS server Test Add score tag to the subject line Action of Spam Mail Internal Mail Server Delete the spam mail M Deliver to the recipient D Forward to Max 126 characters ex uzerg imydomain com External Mail Server TF Deliver to the recipient Always enable Figure17 1 Anti Spam Setting WebUI 155 When receive Spam mail it will add score tag and message in front of the subject of the E mail Figure1 7 2 et Inbox Outlook Express Fie Edt View Tools Message Help A S Y s a x 8 B B
55. user can change it Click OK m The SNMP Agent setting is done So administrator can install SNMP management software on PC and monitor RS 3000 via SNMP Agent Figure 4 16 Max 255 characters ipei Tai Max 255 characters Max 255 characters Max 255 characters Max 255 characters tax 30 characters P 18 characters Max 79 characters Range 1 65535 _ TrapTest Figure 4 16 SNMP Agent setting 32 STEP 2 Select SNMP in Settings function click Enable SNMP Trap Alert Notification and type in the following information SNMP Trap Receiver Address Inout SNMP Trap Receiver site of IP address SNMP Trap Port Input the port number Click OK SNMP Trap setting is done So administrator can receive alert message from PC installed with SNMP management software via RS 3000 SNMP Trap function System will transfer the alert messages to specific IP address when RS 3000 is attacked by hacker or connect disconnect status of line Figure 4 17 ONMP Trap Setting Enable SNMP Trap Alert Notification SNMP Trap Receiver Address 192 168 1 2 Max 79 characters SNMP Trap Port Range 1 65535 SNMP Trap Test TrapTest Figure 4 17 SNMP Trap setting 4 9 Language Select the Language version English Version Traditional Chinese Version or Simplified Chinese Version and click OK Figure 4 18 Language Setting O English Version Traditional Chinese Version simplified Chinese V
56. virus to the compact or non encryption files Virus engine The default setting is free to use Clam engine tw The MIS engineer can click Test in order to make sure the RS 3000 can connect to the signature definition server normally 214 Set default action of all signatures E The internet attack risks included High Medium and Low The MIS engineer can select the action of Pass Drop and Log to the default signatures InIDP gt Configure gt Setting to add the following settings 1 Select Enable Anti Virus High Risk Select Drop and Log Medium Risk Select Drop and Log Low Risk Select Pass and Log Click OK Figure19 1 Select enable IDP in Policy oe ae PY IDP Setting The latest update time OF 05 02 03 58 16 Update signature definitions every 120 minutes The newest version 0 0 8 Signature definitions updated at 06 11 30 10 00 00 Update signature definitions immediately Use TCP port 30 and UDP port 53 7 Enable Anti Virus for HTTP FTP PZP IM NetBIOS Set default action of all signatures High Risk rop M Log Pass recommended Medium Risk a r ea Log Pass recommended Low Risk alia L Log Pass recommended Figure19 1 The IDP setting When the RS 3000 detected the attack types corresponded to the signature then it will save the Log results in IDP gt IDP Report 215 19 2 Signature The RS 3000 can provide the correspond comparison rules inc
57. 000 between the original Gateway and Mail Server Mail Server is in DMZ Transparent Mode Preparation The Original Gateway s LAN Subnet 172 16 1 0 16 WAN Port IP 61 11 11 11 RS 3000 s WAN Port IP 172 16 1 12 Mail Server IP 172 16 1 13 Map the DNS Domain Name broadband com tw to DNS Server IP setup MX record is Mail Server IP When LAN 172 16 1 0 16 user use the sender account of broadband com tw mail server to send mail to the recipient account in external mail server have to add the following mail relay setting STEP 1 Add the first setting in Mail Relay function of Configure E Select Domain Name of Internal Mail Server Domain Name of Mail Server Enter the Domain Name IP Address of Mail Server Enter the IP address that Mail Server s domain name mapped to Figure16 4 Domain Name of Internal Mail Server Allowed External IP of Mail Relay Add Domain Name Domain Name of Mail Server IP Address of Mail Server Figure16 4 The First Mail Relay Setting WebUI STEP 2 Add the second setting in Mail Relay function of Configure Select Allowed External IP of Mail Relay IP Address Enter the IP Address of external sender Enter the Netmask Complete Mail Relay setting Figure16 5 Domain Name of Internal Mail Server Allowed External IP of Mail Relay Add IF Address Netmask Figure16 5 The Second Mail Relay Setting WebUI 152 The Headquarters setup RS 3000 as Gateway Mail Server is in
58. 01 43 2006 F an 31 16 01 55 2006 Firewall pluto 955 including NAT Traversal para Version 0 6 Jan 31 System 9 Default garean 192 168 0 254 Jan 31 16 03 25 2006 Firewall dhcpcd 1479 Domain name SF ARTS 14 46 2007 Firewall pluto 955 adding interface ipsecO ethl 192 168 0 39mMar 29 13 14 46 20 Interface 955 VPN_A deleting connectionMar 29 13 15 28 2007 Firewall pluto 955 added connectio F Policy Object pluto 955 VPN_A deleting connectionmar 29 13 18 32 2007 Firewall pluto 955 added conn Se ewall pluto 955 time moved backwards 2 secondsMar 29 13 21 31 2007 Firewall pluto 955 v Policy N_I1 No acceptable response to our first IKE messageMar 29 13 24 35 2007 Firewall pluto 95 Anomaly Elow IP TATE_MAIN_I1 No acceptable response to our first IKE messageMar 29 13 27 36 2007 Firewall Sal r ached STATE_MAIN_I1 No acceptable response to our first IKE messagemar 29 13 30 37 2007 S sions 0 reached STATE_MAIN_I1 No acceptable response to our first IKE messageMar 29 13 3 retransmissions 0 reached STATE_MAIN_I1 No acceptable response to our first IKE messagem 5 18 initiating Main ModeMar 29 13 38 28 2007 Firewall pluto 955 VPN_A 18 max number o Trafi gt VPN_A 20 initiating Main Modemar 29 13 41 28 2007 Firewall pluto 955 VPN_A 20 ma cane pluto 955 VPN_A 22 initiating Main Modemar 29 13 44 31 2007 Firewall pluto 955 vPN_ Event Firewall pluto 955 VPN_A 24 ini
59. 1067 17 77 12 Pc Anywhere S631 5632 Modify Remove Pause Figure15 19 Complete Policy Setting 142 Set a FTP Server under DMZ NAT Mode and restrict the download bandwidth and the MAX Concurrent Sessions STEP 1 Set a FTP Server under DMZ which IP is 192 168 3 2 The DMZ Interface Address is 192 168 3 1 24 STEP 2 Enter the following setting in Virtual Server1 of Virtual Server function Figure15 20 Virtual Server Real IP 61 11 1142 _ WAM Port Server Virtual IF Configure FIP 24 7 fe 1 Be 32 a al Figure15 20 Setting up Virtual Server Corresponds to FTP Server w When using the function of Incoming or WAN to DMZ in Policy strong suggests that cannot select ANY in Service It may be attacked by Hacker easily STEP 3 Enter the following in QoS Figure15 21 Modify Gos oo FTP_tios hla fat Downstream Bandwidth Upstream Bandwidth aos Priority a G Aandi Mes 4 28 iS Bandwicth Kops MBanchwicth Khas i Bandwidth Kbps y Middle k Kbps G Bandwidth o o t Range 4 C G Bandwidth kbps ti Banclyvictth Kepa M Bandwidth Er Figure15 21 QoS Setting 143 STEP 4 Enter the following in WAN to DMZ Policy Click New Entry Destination Address Select Virtual Server 61 11 11 12 Service Select FTP 21 QoS Select FTP_QoS MAX Concurrent Sessions Enter 100 Click OK Figure15 22 Comment Po Max 32 characters Add Mew Policy Mone Figure1
60. 2 23 AND Y Assist Figure13 6 Virtual Server Real IP Setting Click New Entry Service Select HTTP 80 External Service Port Change to 8080 Load Balance Server1 Enter 192 168 1 101 Load Balance Server2 Enter 192 168 1 102 Load Balance Server3 Enter 192 168 1 103 Load Balance Server4 Enter 192 168 1 104 Click OK and complete the setting of Virtual Server Figure13 7 94 Virtual Server Configuration Virtual Server Real IF F See 2 Load Balance Server Server Virtual IP Ea A NN sco SE Figure13 7 Virtual Server Configuration WebUI STEP 3 Add a new policy in Incoming Policy which includes the virtual server set by STEP2 Figure13 8 Source Destination Configure howe Outside Amy Virtual Server 1211 22 22 25 Figure13 8 Complete Virtual Server Policy Setting this example the external users must change its port number to 8080 before entering the Website that set by the Web server STEP 4 Complete the setting of providing a single service by virtual server 95 The external user use VoIP to connect with VoIP of LAN VoIP Port TCP 1720 TCP 15328 15333 UDP 15328 15333 STEP 1 Set up VoIP in LAN network and its IP is 192 168 1 100 STEP 2 Enter the following setting in LAN of Address function Figure13 9 Name IP t Metmask MAC Address configure a g ii Figure13 9 Setting LAN Address WebUI STEP 3 Add new VolP service group in Custom of Service function Figure13 10 seri
61. 2 Complete IM Blocking setting 84 STEP 2 Add anew Outgoing Policy and use in IM P2P Blocking function Figire12 3 Modify Policy Source Address Action WAN Port Traffic Log W Enable IM P2P Blocking AX Bandwidth Per Source IP AX Concurrent Sessions Per IP AX Concurrent Sessions Figure12 3 Add New IM Blocking Policy STEP 3 Complete the policy of restricting the internal users to send message files audio and video by instant messaging in Outgoing Policy Figure12 4 Destination Contigure Woe In ide Any Outside Any Figure12 4 Complete IM Blocking Policy Setting 85 12 2 Instant Messaging File Transfer Restrict the Internal Users to transfer file by Instant Messaging STEP 1 Enter as following in IM P2P Blocking function m Enter the rule name as IM_File_Blocking m Select MSN Yahoo Messenger ICQ QQ Google Talk and Gadu Gadu Figure12 5 Click OK Complete the setting of IM Blocking Figure12 6 Add IM P2P Blocking Max 16 characters Instant Messaging Login d H nsn yahoo Mico E oqrm2008 d Skype d Google Talk E Gadu Gadu Instant Messaging File Transfer d MSN Yahoo cQ Google Talk Gadu Gadu Peer to Peer Application i d Edonkey E Bit Torrent E vinx d Foxy E kutoo d AppleJuice d AudioGalaxy E DirectConnect E iMesh E MUTE W Thunders E VNN Client E PPLive W Uitra Surf E PPStream E GoGoBox H Tor E UUSee E OOLive QOGame E QODownload H Ares W Hamachi E Tea
62. 4 80 39 TCP 3918 39 TCP 3918 39 TCP 3919 39 TCP 3919 COC ORRBBBBBBBBEBBBEBBBEBEBBBBEBBBEBEBEBEEE NNNNNNNNNNNN NN NNN NNN NNN NN NNN NNN NNN NNN NNN HHEHPEHPEPHPPEPPEPEPEPPEPPEPPEHPEHEPEPEPPEEH COCORRPBEBBBBBBBBBBBEBBBEBBBEBBBEBEBEBEEE GO G0 OO OO He FE He Fe He te te He GE te ee Te He Te Ee HE Te HE He T Te Te EE t H OOOO 4p Fe te te Set ee ee ee Ne ee ee pe eet nee pams Figure21 5 Download Traffic Log Records WebUI 228 To record the detailed management events such as Interface and event description of RS 3000 of the Administrator STEP 1 Click Event log of LOG The management event records of the administrator will show up Figure21 6 Mar 29 13 43 17 Me user admin Login success from 192 163 0104 admin Add Policy Dh to External DMZ Any Outside Any ANY permit fram 192 1681 2 admin Modit Language Language Setting English trom 13216812 29 4S 5 03 admin Modify Language Language Setting Traditional Chinese from 192 168 1 2 far 29 13 14 34 useradmin Login success from 192 166 1 2 Mar 29 131353 admin WAR lecannected Figure21 6 Event Log WebUI STEP 2 Click on Download Logs RS 3000 will pop up a notepad file with the log recorded User can choose the place to save in PC instantly Figure21 7 B event 1 Notepad i File Edit Format View Help ay Mar 29 13 13 53 2007 Cadmin WANL is connected Mar 29 13 14 34 2007 Cuser admin Login succes F System
63. 441 har 29 1 33444 har 2913337 Maree Tass War 29 13 25 47 Mar 29 73 25 44 Mareg 1S 25 44 Mar 28 1 25 44 har 29 1 3 75 06 Figure21 4 The WebUI of detecting the Traffic Log by IP Address Source 492 TREAT 2 Tae 166 1 2 13215017 192 1658 12 192 7684 2 192 468 42 T2681 2 P92 166 4 2 TEEDE N 19241654 2 192 1661 2 t32 F684 2 13216812 Destination 13246811 132 1685 1 1 Se 1681 182 7651 1324 1601 132 169 1 1921651 IS2 768 1 42 168 11 AGA 2760 1 Jatea 216a 132 163 1 1 22 Protacal rer Fort LSS lt gt 80 SSR 88 150 gt 4h tas STEP 5 Click on Download Logs RS 3000 will pop up a notepad file with the log recorded User can choose the place to save in PC instantly Figure21 5 KEk gt File Edit Format View Help ART War 29 13 14 31 2007 ACCEPT 192 168 system Mar 29 13 14 37 2007 ACCEPT 192 168 Interface 29 13 14 51 2007 ACCEPT 192 168 29 13 14 54 2007 ACCEPT 192 168 F Policy Object 29 13 14 59 2007 ACCEPT 192 168 Fron 29 13 15 06 2007 ACCEPT 192 168 DuC 29 13 25 44 2007 ACCEPT 192 168 F Anomaly Flow 29 13 25 44 2007 ACCEPT 192 168 29 13 25 44 2007 ACCEPT 192 168 5 29 13 25 47 2007 ACCEPT 192 168 29 13 34 36 2007 ACCEPT 192 168 29 13 34 37 2007 ACCEPT 192 168 Traffic 29 13 34 37 2007 ACCEPT 192 168 29 13 34 41 2007 ACCEPT 192 168 Event 29 13 34 41 2007 ACCEPT 192 168
64. 5 22 Add New Policy STEP 5 Complete the policy of restricting the external users to access to internal network server which may occupy the resource of network Figure15 23 Source Destination Action Option Configure blove Outside Any Virtual Server 16771717 12 FIPE2TI PATRTAR Figure15 23 Complete the Policy Setting 144 Set a Mail Server to allow the internal and external users to receive and send e mail under DMZ Transparent Mode STEP 1 Set a Mail Server in DMZ and set its network card s IP Address as 61 11 11 12 The DNS setting is external DNS Server STEP 2 Add the following setting in DMZ of Address function Figure15 24 Mame IF Metmask Figure15 24 Specify Mail Server s IP STEP 3 Add the following setting in Group of Service function Figure15 25 Group name Configure DNS POPS SMTP Figure15 25 Setting up a Service Group that has POP3 SMTP and DNS 145 STEP 4 Enter the following setting in WAN to DMZ Policy Click New Entry Destination Address Select Mail_ Server Service Select E mail Click OK Figure15 26 comment OOOO Max 32 characters Add Mew Policy purge Sddree Outside Any hestination Address hail Server s Tratfic Log E Enable MAr Bandwidth Per Source F A Concurrent Sessione Per IP Figure15 26 Setting a Policy to access Mail Service by WAN to DMZ STEP 5 Complete the policy to access mail service by WAN to DMZ Figure15 27 Sour
65. A II SEC AUC KY ie a N Masacnteianseladouccest tevin Mernanlecangeineie 102 ie 2 acl mat g gamer re Ra ee a To Pe ee ea en ene ee 105 14 PPTP CIEI nenn N 106 TATE a a A E E erated 107 Chapter 19 P OlCY ciri a a a tanner ueluasnvatuuteuaes 128 Chapter 16 M il Sec rity sisuna areas cateecestetassuteiciemtounteieocinioctscsvetecutaateeatadawtieaeians 149 Chapter 17 ANSAN wrcesiadistecas onde cectise caussiiee a veacinuunh viene sareawarraubnstienns 154 Tif aco EMM aa a es uaesae tance teaanaanewtanttineduarte seunae E T E E ten seeeetan 154 0 al 18 ee ence N er Re ee 158 oT de gt aed R E E E NAE EEE EEE DV PE oS OR OP DO NTT 160 MeCN tasceactecd sates aeasete peatarse a eda sees at ec atace ana NN 160 S MUMMY aos cata n E skis Maka ed stins cae N eae cess eaten tenet meee 161 ae ga eave eiea RN r Ferengi A E NR E E TT 161 Chapter 19 ANU VITUS cariosna an aaa aaka aaa 203 chapter 19 IDP icoon a a a aaa aa a a daia 214 TO ENN ea E E A T 214 ge Faas 2 9 F 110 i ett AA eee ee nee eee 216 TI SDE ROPO liner ene ree en Ret Om MRE TDL ODE UN ECD OO PT 221 Chapter 20 Anomaly Flow IP vsccecsrccuctsassteceretencerautaadecacraleSeaaracesaviiedetenn nnna nannaa 222 Chapter 21 LOO iire a r 224 Chapter 22 Accounting Report ssnsssnennnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nnmnnn nnmnnn 234 Chapter 23 Statis tie cening a aeae 245 Chapter24 DIAQNOSUGC arinarssi enoni a aoa aa a aaa a a akaa 250 Wy He MN a E
66. DMZ Transparent Mode to make the Branch Company s employees can send mails via Headquarters Mail Server Preparation WAN Port IP of RS 3000 61 11 11 11 Mail Server IP 61 11 11 12 WAN Port IP of the Branch Company s Firewall 211 22 22 22 Map the DNS Domain Name broadband com tw to DNS Server IP setup MX record is Mail Server IP When the branch company s users send mail to the external mail server s recipient account by mail server s sender account of broadband com tw add the following Mail Relay setting STEP 1 Add the first setting in Mail Relay function of Configure E Select Domain Name of Internal Mail Server Domain Name of Mail Server Enter the Domain Name IP Address of Mail Server Enter the IP address that Mail Server s domain name mapped to Figure16 6 Domain Name of Internal Mail Server Allowed External IP of Mail Relay Add Domain Name Domain Name of Mail Server IP Address of Mail Server 61 11 11 12 ex 61 217 22 30 Figure16 6 The First Mail Relay Setting WebUI STEP 2 Add the second setting in Mail Relay function of Configure Select Allowed External IP of Mail Relay IP Address Enter the IP Address of external sender Enter the Netmask Add IP Address Complete Mail Relay setting Figure16 7 C Domain Name of Internal Mail Server Allowed External IP of Mail Relay I oK Cancel Ii L L i rir LPT oO Figure16 7 The Second Mail Relay Setting WebUI 153
67. Delete mail in Action of Spam Mail and then the other functions Deliver to the recipient or Forward to cannot be selected So when RS 3000 had scanned spam mail it will delete it directly But still can check the relevant chart in Spam Mail function G Action of Spam Mail here is according to the filter standard of Blacklist to take action about spam mail 172 STEP 8 Enter the following setting in Whitelist of Anti Spam function Click New Entry Whitelist Enter share2k01 yahoo com tw Direction Select From Enable Auto Training Click OK Figure1 7 16 Enter New Entry again Whitelist Enter josh broadband com tw Direction Select To Enable Auto Training Click OK Figure1 7 17 Complete setting Figure1 7 18 Add Whitelist Whitelist Direction Figure17 16 Add Whitelist Setting 1 Add whitelist Vuhitehst Joshig broadband com tw y a e Figure17 17 Add Whitelist Setting 2 173 Direction From Ta Figure17 18 Complete Whitelist Setting H When enable Auto Training function the mail that correspond to Whitelist setting will be trained as Ham Mail automatically according to the time setting in Training function 174 STEP 9 Enter the following setting in Blacklist of Anti Spam function Enter New Entry Blacklist Enter yahoo Direction Select From Enable Auto Training Click OK Figure17 19 Complete the Setting Figure1 7 20 Add Blacklist Biacklist innt From
68. E E TT 250 24 2 MaC O os e E EE E a vallat olncmeusaataaag 232 Chapter 25 Wake on Lah seseciseessssccenssnerececuuceseecsnvenweccesverwecasedecssunssauesoovusseacuaseersesuaenneeines 253 Chapter 20 StalUS aa EN E E E NEA 254 Chapter 1 Introduction Congratulations on your purchase of this outstanding RS 3000 Office UTM Gateway This product is specifically designed for the office that has the higher security request It provides an advanced security protection to internal clients or servers from threats such as virus spam and hacker attack It can also manage user s access right for IM and P2P to save precious bandwidth from being exhausting With all in one security device user can fully utilize the budget to construct the security environment and does not need to purchase the further device Instructions for installing and configuring this product can be found in this manual Before you install and use this product please read this manual carefully for fully exploiting the functions of this product 1 1 Functions and Features Mail Security Anti Virus for Inbound E mail filter Integrated with Clam AV virus engine can filter the attached virus of incoming mail Regularly or manually updated virus pattern The virus pattern can be auto updated regularly every 10 minutes or manually updated And the license is free Anti Spam for Inbound E mail filter Built in with Bayesian fingerprint verifying sender account
69. E iMesh MUTE MM Thunders E NN Client W PPLive Figure15 8 IM P2P Blocking Setting AN Blocking can restrict the Internal Users only can access to some specific Website i tc Brownia Blocking can restrict the Internal Users to access to video audio and some specific sub name file by http protocol directly G IM P2P Blocking can restrict the Internal Users to send message files audio and video by instant messaging Ex MSN Yahoo Messenger QQ ICQ and Skype and to access to the file on Internet by P2P eDonkey BT 136 Script Blocking can restrict the Internal Users to access to Script file of Website Java Cookies STEP 2 Enter as following in WAN and WAN Group of Address function Figure15 9 15 10 IF Metmask Configure Remote sewer BA 11112552552 4 Wao ee ee ee ee Pa naa a a ue a od Figure15 9 Setting the WAN IP that going to block ae Pan Figure15 10 WAN Address Group Gin Administrator can group the custom address in Address It is more convenient when setting policy rule 137 STEP 3 Enter the following setting in Outgoing Policy m Click New Entry Destination Address Select WAN_Group that set by STEP 2 Blocking by IP Action WAN Port Select Deny Select to enable Content Blocking Select to enable IM P2P Blocking Click OK Figure15 11 Comment Max 32 characters None m r w IM_P2P_Blocking lo lo 0 means unlimited f
70. Folder Q Sent Items ERT Deleted Items E a 1 SpamMail qB Drafts EA SpamMail Figure17 44 Create Folder Function WebUI 194 STEP 2 In Inbox Outlook Express move spam mail to HamMail Folder m In Inbox select the spam mail that all of the recipients need and press the right key of the mouse on the mail and choose Move to Folder function Figure1 7 45 E Select HamMail folder in Move WebUI and click OK Figure1 7 46 af Inbox Outlook Express Fie Edit View Tools Message Help 2 amp y a New Mail Reply Reply Al Forward Print Delete Send Recy Addresses Find X Folders x lole Frm sbe UU O Re E Outlook Express Zachery Lane score 4 spam Nominate yourself fo 9 16 2004 4 16 AM Local Folders ito Galvan score 4 spam Certify EU Guidelines 9 16 2004 1 30 AM a Inbox 9 root WANI is disconnected 9 17 2004 5 01 PM BY Outbox Mroot MH3000_ 1 00 Hacker Attack Alarm 9 17 2004 4 49 PM i e Sent Items Karla Doss score 3 spam Re ildhd IkjIt s abou 9 15 2004 11 50 PM Deleted Items 121 jospeh pumphrey score 4 spam your presc ription 9 17 2004 4 24 AM EY SpamMail Jayne Baca score SE ipped at no cost bloke rainbow ED Drafts E erasmo wortham Print tner 9 17 2004 3 50 PM Q HamMail M Clyde Tripp Xanai 9 17 2004 4 37 PM S SpamMail Agustina Damico re eL Reply to Sender 9 17 2004 4 00 PM R
71. N Air Live Powered by OvisLink Corp RS 3000 Office UTM Gateway User s Manual www airlive com Declaration of Conformity We Manufacturer Importer OvisLink Corp SF NO 6 Lane 130 Min Chuan Rd Hsin Tien City Taipei County Taiwan Declare that the product Multi Security Firewall RS 3000 is in conformity with In accordance with 89 336 EEC EMC Directive and 1999 5 EC R amp TTE Directive Clause E EN 55022 1998 A1 2000 A2 2003 MEN 61000 3 2 2000 E EN 61000 3 3 1995 A1 2001 E EN 55024 1998 A1 2001 A2 2003 E CE marking Signature Name Position Title Description Limits and methods of measurement of radio disturbance characteristics of information technology equipment Disturbances in supply systems caused by household appliances and similar electrical equipment Harmonics Disturbances in supply systems caused by household appliances and similar electrical equipment Voltage fluctuations Information Technology equipment Immunity characteristics Limits And methods of measurement CE Manufacturer Importer Vice President Date 2006 6 8 Stamp RS 3000 CE Declaration Statement OvisLink Corp timto prohlaSuje Ze tento RS Siuo OvisLink Corp deklaruoja kad Sis RS 3000 Bede Czech 3000 je ve shod se z kladn mi po adavky a ee atitinka esminius reikalavimus ir kitas 1999 5 EB dal mi p slu n mi ustanoven mi sm rnice Lithuanian Direktyvos nuosta
72. Policy of Restricting the Specific IP to Access to Internet STEP 3 Complete assigning the specific IP to static users in Outgoing Policy and restrict them to access FTP net service only through policy Figure 6 4 Destination oenice Action Optio Configure Jacky Outside Any Figure 6 4 Complete the Policy of Restricting the Specific IP to Access to Internet H When the System Administrator setting the Address Book he she can choose the way of piit arii Address to make the RS 3000 to fill out the users MAC Address automatically clicking on G In LAN of Address function the RS 3000 will default an Inside Any address represents the whole LAN network automatically Others like WAN DMZ also have the Outside Any and DMZ Any default address setting to represent the whole subnet G The setting mode of WAN and DMZ of Address are the same as LAN the only difference is WAN cannot set up MAC Address 48 6 2 LAN Group Setup a policy that only allows partial users to connect with specific IP External Specific IP STEP 1 Setting several LAN network Address Figure 6 5 Figure 6 5 Setting Several LAN Network Address STEP 2 Enter the following settings in LAN Group of Address Click New Entry Figure 6 6 m Enter the Name of the group m Select the users in the Available Address column and click Add Click OK Figure 6 7 TestTeam Max 16 characters T _ Available address gt
73. QGame QQDownload Ares Hamachi TeamViewer and GLWorld Content Blocking Four types of Internet services can be managed the access right URL Scripts Popup ActiveX Java Cookie Download and Upload User Authentication User must pass the authenticated for the Internet accessed right The account database can be the local database RADIUS and POPS server Qos Divided the bandwidth per service or IP address to guarantee a certain bandwidth for the specific service server to be accessed Personal QoS Just a simple setting to unify the bandwidth of all internal clients Advanced functions Multiple WANs Load Balance Supports Round Robin By Traffic Session Packet Load Balance types to fit the different kinds of request and environment Load Balance by Source IP Destination IP WAN path will be defined based on the first access packets from Source IP or Destination IP The function can avoid the disconnection due to the specific server only accepts a single IP per each client such as banking system and Internet on line Game Server Multiple Subnet Multiple LAN subnets are allowable to be configured simultaneously but only the subnet of LAN port supports the DHCP server function DMZ Transparent The function uses to simulate WAN port real IP to DMZ device 1 2 Front Panel Office UTM Gateway Figure 1 1 Front Panel LED Color Status Description Power on the device Blinking Device is at
74. Real IP Enter 211 22 22 23 click Assist for assistance Click OK Figure13 18 Add Mew Virtual Server IP vitua Server Real lF 211 22 22 23 WAR ka a Lg 7 Forse E fT PA Me ox Figure13 18Virtual Server Real IP Setting Click New Entry Service Select Group Service Mail_ Service External Service Port From Service Group Enter the server IP in Load Balance Server Click OK Complete the setting of Virtual Server Figure13 19 Virtual Server Configuration Virtual Server Real F External Service Port From servicelGroup Load Balance Server Server virtual lF e OK 4f tancer Figure13 19 Virtual Server Configuration WebUI 99 STEP 5 Add a new Incoming Policy which includes the virtual server that set by STEP 4 Figure13 20 Source Destination service Action Configure howe Ouiside Any Virtual Server 1f211 22 22 23 Figure13 20 Complete Incoming Policy Setting STEP 6 Add a new policy that includes the settings of STEP2 3 in Outgoing Policy It makes server can send e mail to external mail server by mail service Figure13 21 spurte Destination Action configure hove Server Group Dutside_ Any Mail_Service Figure13 21 Complete Outgoing Policy Setting STEP 7 Complete the setting of providing several services by Virtual Server 100 Chapter 14 VPN The RS 3000 adopts VPN to set up safe and private network service And combine the remote Authentication s
75. S29 4450 38 OSS 15 07 02 Daza 16 0724 Haeg 44 47 04 03 29 14 49 54 oaa 1440 43 Hao 14 4as8 Oso tyga bso 44 49 43 00 1916 BOE 4 DOES 5 B02 paoi Action Total Traffic Figure22 3 Outbound Destination IP Statistics Report Enter Outbound in Accounting Report and select Top Services to inquire the statistics webpage of Send Receive packets Downstream Upstream First packet Last packet Duration and the service from the WAN Server to pass the RS 3000 Figure22 4 TOP Select the data you want to view It presents 10 results in one page the Protocol Distribution chart Figure22 5 According to the downstream upstream report of the selected TOP numbering to draw Service To display the report sorted by Port which LAN users use the RS 3000 to connect to WAN service server Downstream The percentage of downstream and the value of each WAN service server who passes through RS 3000 and connects to LAN user Upstream The percentage of upstream and the value of each LAN user who passes through RS 3000 to WAN service server First Packet When the first packet is sent to the WAN Service Server the sent time will be recorded by the RS 3000 Last Packet When the last packet is sent from the WAN Service Server the sent time will be recorded by the RS 3000 Duration The period of time starts from the first packet to the last packet to be recorded Total Traffic The RS 3000 will record an
76. Sec VPN connection between two RS 3000 Preparation Company A WAN IP 61 11 11 11 LAN IP 192 168 10 X Company B WAN IP 211 22 22 22 LAN IP 192 168 20 X This example takes two RS 3000s as work platform Suppose Company A 192 168 10 100 create a VPN connection with Company B 192 168 20 100 for downloading the sharing file The Default Gateway of Company A is the LAN IP of the RS 3000 192 168 10 1 Follow the steps below STEP 7 Enter the default IP of Gateway of Company A s RS 3000 with 192 168 10 1 and select IPSec Autokey in VPN Click New Entry Figure14 5 E Hame Gateway IF IPSec Algorithm configure Figure14 5 IPSec Autokey WebUI STEP 2 in the list of IPSec Autokey fill in Name with VPN_A Figure14 6 Mecessary item WARN Intertace Q WANI wanes Figure14 6 IPSec Autokey Name Setting STEP 3 Select Remote Gateway Fixed IP or Domain Name In To Destination list and enter the IP Address Figure1 4 7 To bestination Remote Gateway 211 22 22 22 Max 99 PixecdiF or Doman Name Remote Gateway or Client Dynamic IF Figure14 7 IPSec To Destination Setting STEP 4Select Preshare in Authentication Method and enter the Preshared Key Figure14 8 108 Authentication Method Preshared bey 123456759 Figure14 8 IPSec Authentication Method Setting STEP 5 Select ISAKMP Algorithm in Encapsulation list Choose the Algorithm when setup connection Please select ENC Algorithm 3DES DES
77. Spam Setting W Enable Anti Spam The Mail Server is placed in internal LAN or DMZ Please set Mail Relay first V External WAN The threshold score of spam mail is 2 Add the spam string to the subject ine spam Max 256 characters M Check spam fingerprint Use TCP port 2703 and UDP port 53 to connect database server Test V Enable Bayesian filtering Bayesian filtering does not work until database has at least 200 spams and 200 hams al Enable spam signature push update Use TCP port 1153 and UDP port 1153 to update signature Test Verify sender account is valid Check sender IP address in REL Use UDP port 53 to connect DNS server Test L Add score tag to the subject line Action of Spam Mail Internal Mail Server I Delete the spam mail D Deliver to the recipient gt Forward to Max 126 characters ex user External Mail Server M Deliver to the recipient Always enable Figure17 7 Action of Spam Mail and Spam Setting 167 H Anti Spam function is enabled in default status So the System Manager does not need to set up the additional setting and then the RS 3000 will filter the soam mail according to the mails that sent to the internal mail server or received from external mail server Figure1 7 8 Spam Setting Enable Anti Spam The Mail Server is placed in IM internal LAN or DMZ I External WAN The threshold score of spam mailis _ Add the spam s
78. TEP 6 Enter the following setting of the internal users using VolP to connect with external network VolP in Outgoing Policy Figure13 14 Source Destination Service Action Configure hove Suitside Ary WolP_Service Figure13 14 Complete the Policy Setting of VoIP Connection STEP 7 Complete the setting of the external internal user using specific service to communicate with each other by Virtual Server 97 Make several servers that provide several same services to provide service through policy by Virtual Server Take POP3 SMTP and DNS Group for example STEP 1 Setting several servers that provide several services in LAN network Its network card s IP is 192 168 1 101 192 168 1 102 192 168 1 103 192 168 1 104 and the DNS setting is External DNS server STEP 2 Enter the following in LAN and LAN Group of Address function Figure13 15 13 16 IF Netmask MAC Address Configure Figure13 15 Mapped IP Setting of Virtual Server in Address Mamber Configure Figure13 16 Group Setting of Virtual Server in Address 98 STEP 3 Group the service of server in Custom of Service Add a Service Group for server to send e mail at the same time Figure13 1 7 Group name Configure DNS POPS SMTP Figure13 17 Add New Service Group STEP 4 Enter the following data in Server1 of Virtual Server Click the button next to Virtual Server Real IP click here to configure in Servert E Virtual Server
79. This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer in accord with Subsection b above The source code for a work means the preferred form of the work for making modifications to it For an executable work complete source code means all the source code for all modules it contains plus any associated interface definition files plus the scripts used to control compilation and installation of the executable However as a special exception the source code distributed need not include anything that is normally distributed in either source or binary form with the major components compiler kernel and so on of the operating system on which the executable runs unless that component itself accompanies the executable If distribution of executable or object code is made by offering access to copy from a designated place then offering equivalent access to copy the source code from the same place counts as distribution of the source code even though third parties are not compelled to copy the source along with the object code 4 You may not copy modify sublicense or distribute the Program except as expressly provided under this License Any attempt otherwise to copy modify sublicense or distribute the Program is void and will automatically terminate your rights under this License However parties who have received copies or rights from you un
80. UI 257 DHCP Clients STEP 1 10 DHCP Clients of Status function it will display the table of DHCP Clients that are connected to the RS 3000 Figure26 4 m IP Address The dynamic IP that provided by DHCP Server mE MAC Address The IP that corresponds to the dynamic IP m Leased Time The valid time of the dynamic IP Start End Year Month Day Hour Minute Second Leased Time IF Address WAC Address T326 OO dO SaS r 2007 a0 636 37 S007 Sst TE Sa SF Figure 26 4 DHCP Clients WebUI 258
81. VPN connection status via icon cen amp User Name m Ddisplays the PPTP Client user s name when connecting to PPTP Server Server IP or Domain Name m Displays the PPTP Server IP addresses or Domain Name when connecting to PPTP Server Encryption m Displays PPTP Client and PPTP Server transmission whether opens the encryption authentication mechanism Uptime m Displays the connection time between PPTP Server and Client Configure m Click Modify to change the argument of PPTP Client click Remove to remote the setting Figure14 3 PPTP Client ifs User Mame Semer F or Domain Name Encryption SONIGHE Figure14 3 PPTP Client WebUI 106 14 4 Trunk Define the required fields of Tunnel Function m To display the VPN connection status via icon Chat fF Connecting Not be applied Disconnect Connecting Name m The VPN name to identify the VPN tunnel definition The name must be the only one and cannot be repeated Source Subnet m Displays the Source Subnet Destination Subnet m Displays the Destination Subnet Tunnel m Displays the Virtual Private Network s IPSec Autokey PPTP Server PPTP Client settings of Tunnel function Configure Click Modify to change the argument of VPN Tunnel click Remove to remote the setting Figure1 4 4 ie Name Source Subnet Destination Subnet Tunnel Configure Figure14 4 VPN Tunnel Web Ul 107 Setting IP
82. a Stubbs spam alium for less 9 20 2004 2 55 PM A H Local Folders ProductTestPanel com spam This 6 3 Megapixel Canon Dig Cam could yours 9 20 2004 9 06 4M FA Inbox Z sender mydomain c spam Spam Mail Notice 0 Spam Mails 9 20 2004 8 02 AM iS OS Outbox Penny Sherman spam Sobs Need software Click here 9 20 2004 8 43 AM A BX HamMail Shelby Lundy spam Paying too much for your Insurance 9 20 2004 2 31 PM SB SpamMail 14 Rubin Corbin spam Online ordering is the greatest 9 20 2004 2 11 PM SA Sent Items E Sonja Hathaway spam new info 9 20 2004 12 22 PM 3 Deleted Items 296 Wonderful Daily Savin spam Multiple ways to get home loans 9 20 2004 10 56 AM SE Drafts Dick Rucker spam Hiya 9 20 2004 9 30 AM i ea Virus Rene Clement spam Hi there 9 20 2004 1 17 PM No cost Laptop spam Find out how to get a Free IBM Thinkpad 2004 2 36 PM Eric Cline spam Carole why can t you call me back nigel lutao spam Relief From pa iin event 9 17 2004 7 23 PM Bob Allen i spam i Right out of the TY studio audience nase alexa ramirez RE You can become a legally ordained minister Print Reply to Sender Reply to il Forward Forward As Attachment Co Tea x Mark as Read A Rayearth Mark as Unread CA sender mydomain com Move to Folder Copy to Folder Add Sender to Address z Properties Deletes the selected messages Figure17 41 Delete a
83. action of pass drop and log in each type The RS 3000 can display all the attack signature attribute of Name Risk Action and Log Total IDP Signatures Number 717 EaBackdoor 75 Modify EaDoS 19 CIExploit 76 CINetBIOS 201 eISpyware 313 Figure19 3 The Pre defined setting Custom m Except Anomaly and Pre defined settings the RS 3000 also provides a feature to allow user modifying the custom signature in order to block the specific intruder system Name The MIS engineer can define the signature name Protocol The detection and prevention protocol setting includes TCP UDP ICMP and IP Source Port To set the attack PC port Range 0 65535 Destination Port To set the attacked victim PC port Range 0 65535 Risk To define the threats of attack packets Action The action of attack packets 0 OO o Content To set the attack packets content 217 To detect the anomaly flow and packets with the custom and predefined settings in order to detect and prevent the intrusion STEP 7 In Configure gt Setting add the following settings Figure 19 4 The latest update time 07 05 02 03 53 16 Update signature definitions every 120 minutes The newest version 0 0 8 Signature definitions updated at 06 11 30 10 00 00 Update signature definitions immediately Use TCP port 80 and UDP port 53 f Update NOW Test w Enable Ant Virus for HTTP FTP P2P IM NetBios i Ca
84. ail address and the mail server of the recipient To receive the MTA that sent from the external master After the user writing e mail by MUA and use the sending function of MUA it will deliver the mail to the MTA you appoint to When MTA receive the mail from itself it will hand over to MDA to deliver the mail to the mailbox of the user s account In the received mail if the destination is Mail Server it means MTA itself Meanwhile MTA will transfer the mail to MDA and put the mail in the recipients mailbox Fe MTA will transfer the mail again if the recipient of the mail is not the internal account then the mail will be transferred again This function is called Relay m Remote MIA receive the mail that sent by local MTA Remote MTA will receive the mail that sent by local MTA and transfer the mail to its MDA Meanwhile the mail will be saved in remote MTA and applied for the user to download And the action of user to receive mail is as follows The PC that used by remote user will connect to his her MTA directly to ask MTA to check if its mailbox has mails or not After MTA check by MDA it will transfer the mail to the users MUA Meanwhile according to MUA setting MTA will choose to delete the Mailbox or to preserve it For the next time when user receive the mail again the preserved mail will be downloaded again w The protocol of send receive e mail is as follows 1 Sending e mail It is a function of t
85. ain an IP address automati Hostname coantane Ooo Use the following IP address IP Address ST URRME ARE St ki 22 LER ERAT Netmask 139 175 252 14 Max Downstream Bandwidth Kbps Range 1 57200 Max Upstream Bandwidth Kbps Range 1 51200 C BEZEQ ISRAEL Service On Demand Auto Disconnect if idle for minutes Range 1 99999 0 means always connected Enable System Management Ping HTTP Figure 5 11 PPTP Connection Balance Mode Auto Saturated AETA AEE configure Priority Conne cthorns Figure 5 12 Complete PPTP Connection Setting 43 5 3 DMZ Setting DMZ Interface Address NAT Mode STEP 1 Click DMZ Interface STEP 2 Select NAT Mode in DMZ Interface E Select NAT in DMZ Interface mE Enter IP Address and Netmask STEP 3 Select Ping and HTTP STEP 4 Click OK Figure 5 13 DMZ Interface IP Address Netmask 255 255 0 0 MAC Address 00 47 66 00 1 04 Enable System Management Ping HTTP Figure 5 13 Setting DMZ Interface Address NAT Mode WebUIl Setting DMZ Interface Address Transparent Mode STEP 1 Select DMZ Interface STEP 2 Select Transparent Mode in DMZ Interface E Select DMZ_Transparent in DMZ Interface STEP 3 Select Ping and HTTP STEP 4 Click OK Figure 5 14 Reece Ol TRANSPARENT IP Address Netnask MAC Address Enable System Management Ping HTTP Figure 5 14 Setting DMZ Interface Address Transparent Mode WebUI In WAN the connec
86. an redistribute and change under these terms To do so attach the following notices to the program It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty and each file should have at least the copyright line and a pointer to where the full notice is found one line to give the program s name and an idea of what it does Copyright C yyyy name of author This program is free software you can redistribute it and or modify it under the terms of the GNU General Public License as published by the Free Software Foundation either version 2 of the License or at your option any later version This program is distributed in the hope that it will be useful but WITHOUT ANY WARRANTY without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE See the GNU General Public License for more details You should have received a copy of the GNU General Public License along with this program if not write to the Free Software Foundation Inc 51 Franklin Street Fifth Floor Boston MA 02110 1301 USA Also add information on how to contact you by electronic and paper mail If the program is interactive make it output a short notice like this when it starts in an interactive mode Gnomovision version 69 Copyright C year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY for details type show w This is free software and you are welcome to redistri
87. ange the Client Port and set the Server Port as 1720 1720 E Protocol 2 select TCP need not to change the Client Port and set the Server Port as 15328 15333 E Protocol 3 select UDP need not to change the Client Port and set the Server Port as 15328 15333 mM Click OK Figure 7 4 54 Add User Defined Service Protocol Range T 255 Client Forti Range 0 65535 Serer Forti Range 0 65535 O Tce LDP Other mz TCR UDP other a tcp O LDP other Service MAME tcp ule othe oo tcp Lop O other M tcp ur O other ER tcp UDP othe ooo tcp uor O other M Figure 7 3 Add User Define Service configure Figure 7 4 Complete the Setting of User Define Service of VolP G Under general circumstances the range of port number of client is 0 65535 Change the client range in Custom of is not suggested G If the port numbers that enter in the two spaces are different port number then enable the port number under the range between the two different port numbers for example 15328 15333 And if the port number that enters in the two spaces are the same port number then enable the port number as one for example 1720 1720 55 STEP 3 Compare Service to Virtual Server Figure 7 5 Virtual Server Real lP 815223652 _ WAN Fort From Servico custom Figure 7 5 Compare Service to Virtual Server STEP 4 Compare Virtual Server to Incoming Policy Figure 7 6 Source D
88. ata 15 58 13 Remove a wire aaa pao 16 01 18 oaea feta 00 00 02 Remove E Preah i i 29 10 5 oe Total Traffic Figure22 9 Inbound Services Statistics Report 243 Service Distribution gt Downstream Figure22 10 The Pizza chart of Inbound Accounting report published base on Service Accounting Report function will occupy lots of hardware resource so users must take care to choose the necessary items in order to avoid slowing down the total performance 244 Chapter 23 Statistic WAN Statistics The statistics of Downstream Upstream packets and Downstream Upstream traffic record that pass WAN Interface Policy Statistics The statistics of Downstream Upstream packets and Downstream Upstream traffic record that pass Policy In this chapter the Administrator can inquire the RS 3000 for statistics of packets and data that passes across the RS 3000 The statistics provides the Administrator with information about network traffics and network loads Define the required fields of Statistics Statistics Chart E Y Coordinate Network Traffic Kbytes Sec m X Coordinate Time Hour Minute Source IP Destination IP Service and Action m These fields record the original data of Policy From the information above the Administrator can know which Policy is the Policy Statistics belonged to Time To detect the statistics by minutes hours days months or years Bits sec Byt
89. between the sending of each aliwe packet Range 0 99 0 do not check PPPoE ADSL User O Dynamic IP Address Cable Modem User Static IP Address PPTP European User Only IP Address Netmask MAC Address O0 4F 66 00 1F 04 Default Gateway Max Downstream Bandwidth e Kbps Range 1 51200 Max Upstream Bandwidth __ kbps Range 1 51200 Enable System Management Ping HTTP Figure 5 2 Disable WAN2 Interface 3l STEP 2 Setting the Connection Service ICMP or DNS way m ICMP Enter an Alive Indicator Site IP can select from Assist Figure 5 3 E DNS Enter two different DNS Server IP Address and Domain Name can select from Assist Figure 5 4 Setting time of seconds between sending alive packet WAN Interface Service ICMP Alve Indicator Site IP 166 95 1 1 Wait seconds between the sending of each aliwe packet Range 0 99 0 do not check PPPoE ADSL User Dynamic IP Address Cable Modem User Static IP Address PPTP European User Onhy Figure 5 3 ICMP Connection WAN Interface Senin DNS Server IP Address 168 95 1 1 i Domain name www google com Assist Max 55 characters Wait seconds between the sending of each alive packet Range 0 99 0 do not check PPPoE ADSL User Dynamic IP Address Cable Modem User Static IP Address D PPTP European User Only Figure 5 4 DNS Service Connection test is used for
90. bute it under certain conditions type show c for details The hypothetical commands show w and show c should show the appropriate parts of the General Public License Of course the commands you use may be called something other than show w and show c they could even be mouse clicks or menu items whatever suits your program You should also get your employer if you work as a programmer or your school if any to sign a copyright disclaimer for the program if necessary Here is a sample alter the names Yoyodyne Inc hereby disclaims all copyright interest in the program Gnomovision which makes passes at compilers written by James Hacker signature of Ty Coon 1 April 1989 Ty Coon President of Vice This General Public License does not permit incorporating your program into proprietary programs If your program is a subroutine library you may consider it more useful to permit linking proprietary applications with the library If this is what you want to do use the GNU Lesser General Public License instead of this License Copyright The contents of this publication may not be reproduced in any part or as a whole stored transcribed in an information retrieval system translated into any language or transmitted in any form or by any means mechanical magnetic electronic optical photocopying manual or otherwise without the prior written permission Trademarks All products company brand name
91. can check the relevant chart in Virus Mail function 212 STEP 9When the external yahoo mail account sends mail to the recipient account of mail server of broadband com tw in RS 3000 josh broadband com tw m lf the mails are from the sender account share2k01 yahoo com tw which include virus in the attached file m f it comes from other yahoo sender account share2kOO3 yahoo com tw which attached file is safe includes no virus m After RS 3000 had scanned the mails above it will bring the chart as follows in the Virus Mail function of Anti Virus Figure18 15 Top Total Virus 1 1 Besant E a Dwraton Views O 1 ee ae ee soo E E A Clear Data josh broadband com tw Figure18 15 Report Chart When clicking on Remove button in Total Virus Mail the record of the chart will be deleted and the record cannot be checked in Virus Mail function 213 Chapter 19 IDP The RS 3000 can detect the anomaly flow packets and notice the MIS engineer to handle the situation in order to prevent any suspicious program to invade the destination PC In other words the RS 3000 can provide the instant network security protection as detects any internal or external attacks to enhance the enterprises network stability 19 1 Setting The RS 3000 can update signature definitions every 30 minutes or the MIS engineer can select to use manual update It also shows the latest update time and version The MIS engineer can enable anti
92. ccounttor Training POPS Server k Wax BO characters ex my_domain com 4 User name k Max 50 characters 6x spam Passvvord a bax BS characters ex Sd2 k Spam account test Ham Accounttor Training POPS Server k Wax 80 characters ex my_domain com 4 User name k Max BO characters ex ham 3 Passvvord k Wax BS characters ex Sd2 k Ham account test Training time Figure17 40 Paste the File Address that SpamMail File Save to make RS 3000 to be Trained G The training file that uploads to RS 3000 can be any data file and not restricted in its sub name but the file must be ACS11 form H When the training file of RS 3000 is Microsoft Office Outlook exporting file pst it has to close Microsoft Office Outlook first to start Importing 190 STEP 6 Remove all of the mails in SpamMail File in Outlook Express so that new mails can be compressed and upload to RS 3000 to training directly next time E Select all of the mails in SpamMail File and press the right key of the mouse to select Delete function Figure1 7 41 m Make sure that all of the mails in SoamMail file had been deleted completely Figure1 7 42 il SpamMail Outlook Express i e x File Edit View Tools Message Help Bo e Fy x New Mail SendjRecv Reply Reply 4 Forward Print Delete SpamMail G amp Addresses Find Folders x lole eo Suet Re OE Outlook Express Rosett
93. ce Destination service Action Coantigure Move Figure15 27 Complete the Policy to access Mail Service by WAN to DMZ 146 STEP 6 Add the following setting in LAN to DMZ Policy Click New Entry E Destination Address Select Mail_ Server m Service Select E mail Click OK Figure15 28 comment O Max 32 characters Ad dd E Ei F olicy Insicde_Any MailServer Schedule wE T attic Log H Enable MAX Concurrent Sessions Fer IF Figure15 28 Setting a Policy to access Mail Service by LAN to DMZ STEP 7 Complete the policy to access mail service by LAN to DMZ Figure15 29 SOUrFCE Destination SENICE j Configure howe Inside Any MailServer Figure15 29 Complete the Policy to access Mail Service by LAN to DMZ 147 STEP 8 Add the following setting in DMZ to WAN Policy Click New Entry E Source Address Select Mail_ Server m Service Select E mail Click OK Figure15 30 comment O OO Max 32 characters Add Mew Policy Source Addre MailServer Destination Address Outside Any Action WAN Port Trattic Log Statistics W Enable Content Blacking Enable Ive PSP Blocking t Banchvidth Per Source IP MAS Concurrent Sessions Per lP hie Conga ten Sessions Figure15 30 Setting the Policy of Mail Service by DMZ to WAN STEP 9 Complete the policy access to mail service by DMZ to WAN Figure15 31 Source Destination Service configure howe Mail Server Outside Ary
94. ce name Client Port Server Port Configure Figure13 10 Add Custom Service STEP 4 Enter the following setting in Server1 of Virtual Server function Click the button next to Virtual Server Real IP click here to configure in Server1 E Virtual Server Real IP Enter 61 11 11 12 click Assist for assistance Use WAN Click OK Figure13 11 Add Mew Virtual Server IF virtual Server Real IP 614141412 WANT 4 Assist Figure13 11 Virtual Server Real IP Setting WebUI Click New Entry Service Select Custom Service VoIP_Service External Service Port From Service Custom Load Balance Server1 Enter 192 168 1 100 Click OK Complete the setting of Virtual Server Figure13 12 96 Virtual Server Configuration Virtual Server Real IP Bt 114112 Custom ServiceyyolP_ Service a Server Virtual IF Figure13 12 Virtual Server Configuration WebUI gt When the custom service only has one port number then the external network port of Virtual Server is changeable On the contrary if the custom service has more than one port network number then the external network port of Virtual Server cannot be changed STEP 5 Add a new Incoming Policy which includes the virtual server that set by STEP4 Figure13 13 Source Destination SENICE Action Option Configure More Outside Any Virtual Server ELT ITAJ VoIP Servicet r agi E nA Figure13 13 Complete the Policy includes Virtual Server Setting S
95. cipient or Forward to another mail account After setup the relevant settings in Mail Relay function of Configure add the following settings in this function 1 Virus Scanner Select Clam The Mail Server is placed in Internal LAN or DMZ Add the message to the subject line virus Select Remove virus mail and the attached file Select Deliver to the recipient Click OK Figure18 1 SO e Se Anti virus Setting Virus Scan Engine Clam The Mail Server is placed in M internal LAN or DMZ External WAN Add the virus string to the subject line v irus Max 255 characters The latest update time 07 05 02 03 21 52 Update virus definitions every ten minutes The newest version 43 3190 Clam definitions updated at 07 05 02 02 00 04 Update virus definitions immediately Use TCP port 80 and UDP port 53 to connect virus definition server Action of Infected Mail Internal Mail Server T Delete the virus mail MV Deliver to the recipient Deliver a notification mail instead of the original virus mail Deliver the original virus mail Forward to Max 128 characters ex uzerimydomain com External Mail Serwer D Deliver to the recipient Always enable 5 Deliver a notification mail instead of the original wirus mail Deliver the original virus mail Figure18 1 Anti Virus Settings WebUI 204 Add the message virus in the subject line of infected mail Figure18 2 gf Inbox
96. cket Duration from the WAN Server to pass the RS 3000 Figure22 3 m TOP Select the data you want to view it presents 10 results in one page mE Destination IP To display the report sorted by Destination IP the IP address used by WAN service server connecting to RS 3000 Downstream The percentage of downstream and the value of each WAN service server which passes through RS 3000 to LAN user E Upstream The percentage of upstream and the value of each LAN user who passes through RS 3000 to WAN service server m First Packet When the first packet is sent from WAN service server to LAN users the sent time will be recorded by the RS 3000 m Last Packet When the last packet from LAN user is sent to WAN service server the sent time will be recorded by the RS 3000 m Duration The period of time between the first packet and the last packet Total Traffic The RS 3000 will record and display the amount of Downstream and Upstream packets passing from WAN Server to LAN user E Reset Counter Click Reset Counter button to refresh Accounting Report 231 STEP 4 203 54 496 07 203 84 4197 232 192 469 0404 66 95 44 202 43 195 52 202 43 109 196 203 64 187 490 2036410 A 205 64 e 242 BS 16S 1022203 First Packet mag T4478 0329 he Deo ASS ae Daaa tyga Dyo kga miae 1447416 gaa 44722 042a 1447 06 miepes Tee Starting Time Thu Mar 29 14 37 11 2007 Last Packet O39 14 40 56 O
97. count send mail to the recipient account of mail server of broadband com tw in RS 3000 josh broadband com tw and steve broadband com tw m If the sender account is share2k01 yahoo com tw then these two recipient accounts both will receive the mail that sent by this sender account m fit comes from other yahoo sender account share2kO03 yahoo com tw and then there will only be josh broadband com tw can receive the mail that sent from this sender account the mail that sent to steve broadband com tw will be considered as spam mail m After RS 3000 had filtered the mail above it will bring the chart as follows in the Spam Mail function of Anti Spam Figure1 7 31 Top Total Spam 1 1 ep e CS BC e S See broadband com tw pt 0 0 2 josh broadband com tw SE SSS ee ee ee ee ee ee Total a E A L Clear Data Figure17 31 Chart of Report Function 181 Use Training function of the RS 3000 to make the mail be determined as Spam mail or Ham mail after Training Take Outlook Express for example To make the spam mail that had not detected as soam mail be considered as spam mail after training STEP 1 Create a new folder SoamMail in Outlook Express m Press the right key of the mouse and select New Folder Figure1 7 32 E In Create Folder WebUI and enter the Folder s Name as SpamMail and then click on OK Figure1 7 33 k Inbox Outlook Express i g x File Edit View Tools Message Help U Be ese X a
98. cp domain_name 192 168 1 1 192 165 1 2 i 192 168 1 254 wo Co hours Range 0 99999 Figure 4 12 DHCP WebUI When selecting Automatically Get DNS the DNS Server will be locked as LAN Interface IP Using Occasion When the system Administrator starts Authentication the users first DNS Server must be the same as LAN Interface IP in order to enter Authentication WebUI 29 4 6 Dynamic DNS STEP 1 Select Dynamic DNS in System function Figure 4 13 Click New Entry button Service providers Select service providers Automatically fill in the WAN 1 2 IP Check to automatically fill in the WAN 1 2 IP User Name Enter the registered user name Password Enter the password Domain name Enter Your host domain name Click OK to add Dynamic DNS Figure 4 14 Add New Dynamic DNS User Name Password Domain Name Domain Name WAN IP Configure airlivel S dyndns org 60 250 156 66 Figure 4 14 Complete DDNS Setting Update Incorrect username Connecting to Unknown error successfully or password server If System Administrator had not registered a DDNS account click on Sign up then can enter the ite of the provider If you do not select Automatically fill in the WAN IP and then you can enter a specific IP in WAN IP DDNS corresponds to that specific IP address 30 4 7 Host Table Host Name lt can be set by System Manager to allow internal user accessing the information
99. cs WebUI find the network you want to check and click Minute on the right side and then you will be able to check the Statistics chart every minute click Hour to check the Statistics chart every hour click Day to check the Statistics chart every day click Week to check the Statistics figure every week click Month to check the Statistics figure every month click Year to check the Statistics figure every year 248 STEP 3 Statistics Chart Figure23 4 Y Coordinate Network Traffic Kbytes Sec E X Coordinate Time Hour Minute Day Service ANY Inside Any to Outside Any Action PERMIT Minute Hour _Day _ Week Month _Year Real time Down 148 4 KBits sec Up 0 0 Kbits sec Downstream 212 2 K Max 2151 29K 159 1 kK p Z mm mw mu oy i 106 1 k DL i a a 13 0 K Aversa K OLD k i A k r i Pi P 3 F i i i 16 56 16 46 16 56 1 06 17 16 17 26 17 36 Minute MW Traffic stream Wi Maximum stream Mi Average stream Upstream 9 2 4 Hasi 9K T Z m L iLi oy L iL DL i E Ave il dk aes k e i z r k i i 2 e r u F F 16 36 16 46 16 56 17 06 17 16 1726 17 36 Minutes Mi Traffic stream E Maximum stream E Average stream Figure23 4 To Detect Policy Statistics 249 Chapter 24 Diagnostic User can realize RS 3000 WAN connecting status by using Ping or Traceroute tool 24 1 Ping STEP 1 In Diagnostic gt Ping function user can configure RS 3000
100. d Receive packets Downstream Upstream First packet Last packet Duration and the service from the WAN Server to pass the RS 3000 Figure22 9 TOP Select the data you want to view It presents 10 results in one page According to the downstream upstream report of the selected TOP numbering to draw the Protocol Distribution chart Figure22 10 mM Service The report of Communication Service when WAN users use the RS 3000 to connect to LAN service server Downstream The percentage of downstream and the value of each WAN user who uses RS 3000 to LAN service server E Upstream The percentage of upstream and the value of each LAN service server who uses RS 3000 to WAN user E First Packet When the first packet is sent to the LAN Service Server the sent time will be recorded by the RS 3000 m Last Packet When the last packet is sent from the LAN Service Server the sent time will be recorded by the RS 3000 m Duration The period of time starts from the first packet to the last packet to be recorded Total Traffic The RS 3000 will record the sum of time and show the percentage of each Communication Service s upstream downstream to LAN service server Reset Counter Click the Reset Counter button to refresh the Accounting Report amp Starting Time Thu Mar 29 15 36 09 2007 First Packet Last Packet Action Gale ise 0329 18 01 30 0329 18 52 21 Remove ra FTP DATA 20 asia 1658 13 p
101. d connect to Internet by NAT 2i 4 5 DHCP Subnet The domain name of LAN NetMask The LAN Netmask Gateway The default Gateway IP address of LAN Broadcast IP The Broadcast IP of LAN STEP 1 select DHCP in System and enter the following settings Domain Name Enter the Domain Name DNS Server 1 Enter the distributed IP address of DNS Server DNS Server 2 Enter the distributed IP address of DNS Server2 WINS Server 1 Enter the distributed IP address of WINS Server 1 WINS Server 2 Enter the distributed IP address of WINS Server2 LAN Interface Client IP Address Range 1 Enter the starting and the ending IP address dynamically assigning to DHCP clients The default value is 192 168 1 2 to 192 168 1 254 it must be in the same subnet Client IP Address Range 2 Enter the starting and the ending IP address dynamically assigning to DHCP clients But it must be within the same subnet as Client IP Address Range 1 and the range cannot be repeated DMZ Interface the same as LAN Interface DMZ works only if to enable DMZ Interface Leased Time Enter the leased time for Dynamic IP The default time is 24 hours Click OK and DHCP setting is completed Figure 4 12 28 Dynamic IF Address 192 165 1 0 205 255 295 0 192 168 1 1 Aroad cas 192 166 1255 gt Disable DHCP Support gt Enable DHCP Relay Support DHCP Relay Interface DHCP Server IP 0 0 0 0 Enable DHCP Server Support Max 40 characters ex dh
102. d display the amount of Downstream and Upstream packets passing from LAN users to WAN service server Reset Counter Click the Reset Counter button to refresh the Accounting Report 238 Top E 10 5 Starting Time Thu Mar 29 15 38 16 2007 Service Downstream Figure22 4 Outbound Services Statistics Report Semice Distribution agr i i itp te iE E E E Eal Ei Figure22 5 The Pizza chart of Accounting report published base on Service 239 wpe Ly H Press 3 to return to List Table of Accounting Report window G Accounting Report function will occupy lots of hardware resource so users must take care to choose the necessary items in order to avoid slowing down the total performance 240 Inbound STEP 1 Select to enable the items for Inbound Accounting Report in Setting of Accounting Report function Figure22 6 Accounting Report Setting Outbound Accounting Report Source IP Destination IP C Service Inbound Accounting Report M Source IP I Destination IP M Service Figure22 6 Accounting Report Setting STEP 2 Enter Inbound in Accounting Report and select Top Users to inquire the statistics of Send Receive packets Downstream Upstream First packet Last packet Duration from the WAN user to pass the RS 3000 Figure22 7 E TOP Select the data you want to view It presents 10 pages in one page Source IP To display the report sorted by Source IP th
103. dd a policy that includes settings of STEP3 4 in Incoming Policy Figure13 4 Source Destination Action Option Configure hove Outside Any Mapped IPIR1 441 44 12 Main Service 4 FHR fadity Remow J Paus To BE Figure13 4 Complete the Incoming Policy STEP 6 Add a policy that includes STEP2 4 in Outgoing Policy It makes the server to send e mail to external mail server by mail service Figure13 5 Source Destination Action Option Configure hWove Nain _ Server Outside Any Main Service Figure13 5 Complete the Outgoing Policy STEP 7 Complete the setting of providing several services by mapped IP Strong suggests not to choose ANY when setting Mapped IP and choosing service Otherwise the Mapped IP will be exposed to Internet easily and may be attacked by Hacker 93 13 2 Virtual Server 1 2 3 4 Make several servers that provide a single service to provide service through policy by Virtual Server Take Web service for example STEP 1 Setting several servers that provide Web service in LAN network which IP Address is 192 168 1 101 192 168 1 102 192 168 1 103 and 192 168 1 104 STEP 2 Enter the following data in Server 1 of Virtual Server function Click the button next to Virtual Server Real IP click here to configure in Server1 Virtual Server Real IP Enter 211 22 22 23 click Assist for assistance Click OK Figure13 6 Add Mew Virtual Server IF Virtual Server Real IP 211 22 2
104. der this License will not have their licenses terminated so long as such parties remain in full compliance 5 You are not required to accept this License since you have not signed it However nothing else grants you permission to modify or distribute the Program or its derivative works These actions are prohibited by law if you do not accept this License Therefore by modifying or distributing the Program or any work based on the Program you indicate your acceptance of this License to do so and all its terms and conditions for copying distributing or modifying the Program or works based on it 6 Each time you redistribute the Program or any work based on the Program the recipient automatically receives a license from the original licensor to copy distribute or modify the Program subject to these terms and conditions You may not impose any further restrictions on the recipients exercise of the rights granted herein You are not responsible for enforcing compliance by third parties to this License 7 lf as a consequence of a court judgment or allegation of patent infringement or for any other reason not limited to patent issues conditions are imposed on you whether by court order agreement or otherwise that contradict the conditions of this License they do not excuse you from the conditions of this License If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligati
105. dvwicth 200 Kegs MM Bandwidth 400 Kops h Bandwidth 400 EHHE Policy Gos hwhelclle G Bandwidth S00 Kbps 3 Bandwidth Si Kbps MM Bancyvicthy 400 Kbps hi Bandwidth 64 Kbps Figure9 4 Complete the QoS Setting 64 STEP 2 Use the QoS that set by STEP1 in Outgoing Policy Figure9 5 9 6 Air Live Policy gt Outgoing F Policy Object Ada New Folicy incoming nn O LAN To DMZ Authentication User DMZ To LAN Anomaly Flow IP F Monitor Source Destination Serice Action Option Configure hove Inside Ari Outside Any AN a piii eim To Figure9 6 Complete Policy Setting When the administrator are setting QoS the bandwidth range that can be set is the value that system administrator set in the WAN of Interface So when the System Administrator sets the downstream and upstream bandwidth in WAN of Interface he she must set up precisely 65 Chapter 10 Authentication By configuring the Authentication you can control the user s connection authority The user has to pass the authentication to access to Internet The RS 3000 configures the authentication of LAN s user by setting account and password to identify the privilege Define the required fields of Authentication Authentication Management Provide the Administrator the port number and valid time to setup RS 3000 authentication Have to setup the Authentication first Authentication Port Th
106. e Figure18 4 Group name Service Configure Mail Service DNS POPS SMTP Maity Figure18 4 Service Group that includes POP3 SMTP or DNS STEP 4 Add the following setting in Outgoing Policy Figure18 5 Source Destination Service Cutside Any Mail Service Configure Figure18 5 Outgoing Policy Setting 207 STEP 5 Add the following setting in Setting of Anti Virus function Figure1 8 6 Virus Scanner Select Clam The Mail Server is placed in External WAN Add the message to the subject line virus Select Deliver a notification mail instead of the original virus mail Anti virus Setting Virus Scan Engine The Mail Server is placed in E Internal LAN or DM External ANAM Add the virus string to the subject line irus Max 256 characters The latest Update time OF 405201 00 04 00 Update virus definitions every ten minutes The newest version 43 3184 Clam definitions updated at OF 04 30 14 08 59 Update virus definitions immediately Use TCP port 50 and UDP port 53 to connect virus definition server l date Action of Infected tail Internal Mail Server Delete the virus mail Deliver to the recipient Deliver a notification mail instead of the original virus mail Deliver the original virus mail Forward to Max 120 characters ex useriimydomain coam j External Mail Server Deliver to the recipient Always enable Deliver a notification mail instead of the o
107. e Time Hour Minute Minute Hour _Day_j Week Month Year Real time Down 164 0 KBittsisec Up 7 8 KBits sec WAN 1 Downstream Bits per Second 25 0 M 15 5 M 12 5 M Max 2 9M o 0 M i k i i Aug 9 080 16 29 16 39 16 49 16 59 17 09 17 19 17 29 CMinutes E WANL stream BE Naximum stream Mi Average stream WAN 1 Upstream Bits per Second 25 0 M Se ro pee eo eee 12 5 M mepenbred PPE peepee Ssi peepee STE peepi PPE Penfeed PEE peepee Bi peepee sae peepee P peepee HPE peep o 0 M Hasip poah 16 29 16 39 16 49 16 59 17 09 17 19 17 29 cHinutei E WANT stream ME Maximum stream Mi Average stream WAN 1 Receive Packets Packets per Second 320 0 Max i2rd io 240 0 160 0 16 29 16 39 16 49 16 59 17 09 17 19 17 29 CMinutes GS WAHL packets E Maximum packets E Averase packets WAN 1 Transmit Packets Packets per Second 165 0 Max 2161 0 141 0 Ave TSO 16 59 17 09 47 19 17 29 CAinutes E WAHL packets ME Maximum packets MP Averase packets 16 29 16 39 16 49 Figure23 2 To Detect WAN Statistics 247 Policy Statistics STEP 1 If you had select Statistics in Policy it will start to record the chart of that policy in Policy Statistics Figure23 3 Figure23 3 Policy Statistics Function co If you are going to use Policy Statistics function the System Manager has to enable the Statistics in Policy first STEP 2 In the Statisti
108. e Adress EA o Outgoing Destination Aaaress EEA lt 2 incoming ee s DMZ To WAN DMZ To LAN MAX Bandwidth Per Source IP Downstream ol Kbps Upstream ol Kbps Teee MMM TEE MMMM OK Cancel F Policy Object Figure10 8 Auth User Policy Setting Source Destination service Acton Cation Configure hove Inside Any Outside Ary Figure10 9 Complete the Policy Setting of Auth User 71 STEP 6 When user is going to access to Internet through browser the authentication UI will appear in Browser After entering the correct user name and password click OK to access to Internet Figure10 10 User Login User Authentication ser Name Figure10 10 Access to Internet through Authentication WebUI STEP 7 f the user does not need to access to Internet anymore and is going to logout he she can click LOGOUT Auth User to logout the system Or enter the Logout Authentication WebUI http LAN Interface Authentication port number logout html to logout Figure10 11 Please click on this button to logout or enter this url http 194 168 1 1 8Alogout html to logout of your currently authenticated session Internet Figure10 11 Logout Auth User WebUI 72 Chapter 11 Content Blocking Content Filtering includes URL Script Download Upload URL Blocking The administrator can set up to Allow or Restrict entering the specific website by complete domain name key wo
109. e Destination Outside Any Mail Service 02 Action Option Configure Figure17 25 DMZ to WAN Policy Setting STEP 6 Add the following setting in Mail Relay in Configure Figure1 7 26 Domain Name of Internal Mail Server OF Configure Allowed External IP of Mail Relay broadband com tw 17216113 Figure17 26 Mail Relay Setting of External Mail to Internal Mail Server 178 STEP 7 Enter the following setting in Rule of Anti Spam function Enter New Entry Rule Name Enter HamMail Comments Enter Ham Mail Combination Select Or Classification Select Ham Non Spam Enable Auto Training In the first field Item Select From Condition Select Contains Pattern share2k01 Click Next Row In the second Item field Select To Condition Select Contains Pattern josh Figure 7 27 m Press OK Figure1 7 28 Rule Name Hambtail Max 16 characters Comments Ham Mail Max 20 characters Combination or Classification Ham Non Spam Auto Training Disable Action E Max 128 characters Condition Pattern Max 30 characters Configure Delete spam mail Figure17 27 The First Rule Item Setting Rule Name Classification Comments Figure17 28 Complete First Rule Setting In Rule Setting when Classification select as Ham Non Spam the Action function is disabled Because the mail that considered as Ham mail will send to the recipient directly 179 STEP 8 Ent
110. e IP address used by WAN user connecting to RS 3000 Downstream The percentage of Downstream and the value of each WAN user which passes through RS 3000 to LAN service server E Upstream The percentage of Upstream and the value of each LAN service server which passes through RS 3000 to WAN users m First Packet When the first packet is sent from WAN users to LAN service server the sent time will be recorded by the RS 3000 m Last Packet When the last packet is sent from LAN service server to WAN users the sent time will be recorded by the RS 3000 m Duration The period of time starts from the first packet to the last packet to be recorded Total Traffic The RS 3000 will record and display the amount of Downstream and Upstream packets passing from WAN users to LAN service server m Reset Counter Click the Reset Counter button to refresh the Accounting Report 241 starting Time Thu Mar 29 15 36 14 2007 Mo Upstream Downstream First Packet Last Packet Action 192 168 0 101 1209 KB 190 0 7 2 106 100 0 0329 16 0318 Total Traffic ee ae Reporting time Thu biar 29 16 03 07 2007 Figure22 7 Inbound Top Users Statistics Report STEP 3 Enter Inbound in Accounting Report and select Top Sites to inquire the statistics website of Send Receive packets Downstream Upstream First packet Last packet Duration from the WAN user to pass the RS 3000 Figure22 8 E TOP Select the data you want to
111. e OvisLink Corp declara pt OvisLink Corp declara que este RS 3000esta que el RS 3000cumple con los requisitos Portugu s conforme com os requisitos essenciais e outras esenciales y cualesquiera otras disposiciones Portuguese disposi es da Directiva 1999 5 CE aplicables o exigibles de la Directiva 1999 5 CE ME THN MAPOY2A OvisLink Corp AHAQNE sl OvisLink Corp izjavlja da je ta RS 3000 v skladu z OTI RS 3000 SYMMOPO ONETAI NPOZ TI Slovensko bistvenimi zahtevami in ostalimi relevantnimi dolo ili OYZIOAEI2 ANAITHZEIZ KAI TI AOINE Slovenian direktive 1999 5 ES 2XETIKE AIATA EI2 TH OAHTIA 1999 5 EK Par la pr sente OvisLink Corp d clare que sk OvisLink Corp t mto vyhlasuje e RS 3000 sp a Slovensky Slovak z kladn po iadavky a v etky pr slu n ustanovenia essentielles et aux autres dispositions Smernice 1999 5 ES pertinentes de la directive 1999 5 CE Con la presente OvisLink Corp dichiara che fi OvisLink Corp vakuuttaa t ten ett RS 3000 questo RS 3000 conforme ai requisiti Suomi Finnish tyyppinen laite on direktiivin 1999 5 EY oleellisten essenziali ed alle altre disposizioni pertinenti vaatimusten ja sit koskevien direktiivin muiden stabilite dalla direttiva 1999 5 CE ehtojen mukainen Ar o OvisLink Corp deklar ka RS 3000 atbilst H r me l sir OvisLink Corp yfir v a RS 3000 er Direkt vas 1999 5 EK b tiskaj m pras b m un slenska Icelandic samreemi vi g
112. e RS 3000 has detected any abnormal situation the alarm message will appear in Virus infected IP And if the system manager starts the E mail Alert Notification in Settings the device will send e mail to alarm the system manager automatically 222 RS 3000 Alarm and to prevent the computer which being attacked to send DDoS packets to LAN network STEP 2 Select Anomaly Flow IP setting and enter as the following E Enter The threshold sessions of anomaly flow per Source IP the default value is 100 Sessions Sec E Select Enable Anomaly Flow IP Blocking and enter the Blocking Time the default time is 600 seconds Select Enable E Mail Alert Notification Select Enable NetBIOS Alert Notification IP Address of Administrator Enter 192 168 1 10 Click OK Anomaly Flow IP Setting is completed Figure20 1 virus infected IP Setting The threshold sessions of virus infected per source IP is 100 Sessions f Sec Range 1 9999 Enable Virus intected IP Blocking Blocking Time 600 seconds Range 1 999 Enable E Mail Slert Notification Enable NWetBlo gt Alert Notification P Address of Administrator f 927 165 7110 Figure20 1 Anomaly Flow IP Setting lt a After complete the Internal Alert Settings if the device had detected the internal computer sending large DDoS attack packets and then the alarm message will appear in the Virus infected IP or send NetBIOS Alert notification to the infected PC Administrator
113. e port number to allow internal users to connect to the authentication page The port number is allowed to be changed Re Login if Idle The function works to force internal user to login again when the idle time is exceeded after passing the authentication The default value is 30 minutes Re Login after user login successfully The function works to permit user to re login within a period of time The default value is 0 means unlimited URL to redirect when authentication succeed The function works to redirect the homepage to the specific website after the user had passes Authentication The default value is blank Messages to display when user login It will display the login message in the authentication WebUI Support HTML The default value is blank display no message in authentication WebUI 66 Add the following setting in this function Figure10 1 Policy Object gt Authentication Auth Setting Authentication Management Authentication Port Range 1 65535 Re Login if Idle Minutes Range 1 1000 Re Login after user login successfully bo Hours Range 0 24 0 means unlimited fears 711s ene eee ee eee eee ee eee eee ee EEE EEE EE O Disallow Re Login if the auth user has login URL to redirect when authentication succeed Max 60 characters Auth Setting Auth User Auth Group RADIUS POP3 Content Blocking IMs P2P Blocking Virtual Server Messages to display wh
114. echi airlive com Figure21 11 Log Mail Configuration WebUI After Enable Log Mail Support every time when LOG is up to 300Kbytes and it will accumulate the log records instantly And the device will e mail to the Administrator and clear logs automatically 232 STEP 3 Enter Log Backup in Log enter the following settings in Syslog Settings Select Enable Syslog Messages Enter the IP in Syslog Host IP Address that can receive Syslog Enter the receive port in Syslog Host Port Click OK Complete the setting Figure21 12 Syslog Setting Enable Syslog Messages Syslog Host IP Address 140 135 21 3 exc 192 168 1 61 3 Syslog Host Port 51 4 le Range 0 65535 ex 514 o UP aS eee Pr L PL Ti Figure21 12 Syslog Messages Setting WebUI 233 Chapter 22 Accounting Report Administrator can use this Accounting Report to inquire the LAN IP users and WAN IP users and to gather the statistics of Downstream Upstream First packet Last packet Duration and the Service for the entire user s IPs that pass the RS 3000 Define the required fields of Accounting Report Accounting Report Setting m By accounting report function can record the sending information about Intranet and the external PC via RS 3000 Accounting Report can be divided into two parts Outbound Accounting Report and Inbound Accounting Report Outbound Accounting Report LAN User External mal Security Gateway Server DMZ User
115. ed Authentication User gt Auth Setting Radius User POPS User s Auth User Remove Auth Group RADIUS Add POP3 Cantent Blocking Virtual Server IMs P2P Blocking Figure10 5 Setting Auth Group WebUI STEP 3 User also can select to authenticate user with RADIUS server Just need to enter the Server IP Port number password and enable the function Enable RADIUS Server Authentication Enter RADIUS Server IP Enter RADIUS Server Port Enter password in Shared Secret Complete the setting of RADIUS Server Figure10 6 RADIUS Serer Enable RADIUS Server Authentication RADIUS Server IF 202 74 16 21 Wax 60 characters RADIUS Server Port 1812 Range 1025 65535 Shared Secret Max 50 characters Enable 602 1 RADIUS Server Authentication Figure10 6 Setting RADIUS WebUI STEP 4 The third method of Authentication is to check the account with POP3 Server 70 Enable POP3 Server Authentication Enter POPS Server IP Enter POP3 Server Port Complete the setting of POP3 Server Figure10 7 POP Server Enable POPS Server Authentication POPS Server IP or Domain Mame 3 205 36 94 56 Max 80 characters POPS Server Port Range 110 or 1025 65535 Figure10 7 Setting POP3 WebUI STEP 5 Add a policy in Outgoing Policy and input the Address and Authentication of STEP 2 Figure10 8 10 9 Air Live Ve Policy Outgoing Systen Add New Policy Sourc
116. en user login You must pass the authentication first before to access the Internet F Anomaly Flow IP Figure10 1 Authentication Setting WebUI When the user connect to external network by Authentication the following page will be displayed Figure 0 2 Authentication Microsoft Internet Explorer File Edit View Favorites Tools ne ay pO search P Favorites E 2 ee a LJ K rel User Login User Authentication You must pass the authentication first before to access the Internet Figure10 2 Authentication Login WebUI 67 It will connect to the appointed website after passing Authentication Figure10 3 Powered bysOvisEink Corp Please click on this button to logout or enter this url Atte4 192 166 1 1 82logout html to logout of your currently authenticated session D Internet Sa bad wista Driver Download 4 Air Live sii ie Pe e Multi Function Print Server m Li x Share Printing Scanning we and Card Reader eee Turbo G ADSL22 Router i 125Mbps Wireless ADSL22 2 M Router a Ci a Air Live ADSLZ2 Router Wired ADSL2 2 2 M Router Air Live Pocket AP Now Available AirLive s popular Pocket sized Access Point is now avaliable again 993 2007 OvisLink Corporation All Rights Reserved Figure10 3 Connecting to the Appointed Website After Authentication If user asks for authentication positively he she can ente
117. ent Ping HTTP Figure 2 2 WAN interface setting page STEP 3 Click on the Policy tab from the main function menu and then click on Outgoing from the sub function list STEP 4 Click on New Entry button STEP 5 When the New Entry option appears enter the following configuration Source Address select Inside_Any Destination Address select Outside_Any Service select ANY Action select Permit ALL Click on OK to apply the changes Comment Max 32 characters FITHeMAaLe Modify Policy 7 Outside_Any Outgoing ad ANY E Incoming Sched None v WAN To DMZ LAN To DMZ None vi None E Enable Statistics E Enable E Enable E Enable None None DMZ To WAN Trunk DMZ To LAN Action WAN Port Mail Security 2 a O rc m t2 Anomaly Flow IF Zz T oe anl D 2 g in S O Si a Oo ra S 5 a T rf 3 o Kbps Upstream zz Kbps MAX Concurrent Sessions Per IP MAX Concurrent Sessions PSE lS A gt 2 bia D a18 a ss njal e Figure 2 3 Policy setting page STEP 6 The configuration is successful when the screen below is displayed Make sure that all the computers that are connected to the LAN port have their Default Gateway IP Address set to the Security Gateway s LAN IP Address i e 192 168 1 1 At this point all the computers on the LAN network should gain access to the Internet immediately Source Destination Acti
118. eply to All Forward Forward As Attachment Mark as Read Mark as Unread Copy to Folder Delete Add Sender to Address Book Contacts SA x There are no contacts to display Click on Contacts to create a new contact Properties Moves selected messages to a folder Figure17 45 Move the Needed Spam Mail WebUI 195 PEG Outlook Express EQ Local Folders E a S Sent a 7 Fl al Del eted Items o Drafts Figure17 46 Select the Folder for Needed Spam Mail to Move to 196 STEP 3 Compact the HamMail folder in Outlook Express to shorten the data and upload to RS 3000 for training E Select HamMail File Figure1 7 47 E Select Compact function in selection of File Figure1 7 48 a HamMail Outlook Express File Edit View Tools Message Help A amp amp g New Mail Reply Reply All Forward SA X Addresses Find X Print Delete Send Recv HamMail Folders x lole rom lt sbe OOOO OOO Ree gl Outlook Express Zachery Lane score 4 spam Nominate yourself fo 9 16 2004 4 16 AM EE Local Folders ito Galvan score 4 spam Certify EU Guidelines 9 16 2004 1 30 AM Fa Inbox 7 BA Karla Doss score 3 spam Re ildhd IkjIt s abou 9 15 2004 11 50 PM Outbox BA jospeh pumphrey score 4 spam your presc ription 9 17 2004 4 24 AM S Sent Items BA Jayne Baca score 4 spam Win dows XP shipped 9 16 2004 10 24 AM
119. er the following setting in Rule of Anti Spam function Enter New Entry Rule Name Enter SoamMail Comments Enter Spam Mail Combination Select And Classification Select Soam Action Select Deliver to the recipient Enable Auto Training Item Select From Condition Select Contains Pattern yahoo Figure1 7 29 Press OK Figure1 7 30 Max 16 characters Comments Max 20 characters pa Max 128 characters Pattern Max 30 characters Configure Classification 5pam Figure17 29 The Second Rule Setting Rule Name Classification Action Comments emai hm OO o e OO o Spambtail O Spam Deliver to the recipient Spam Mai Figure17 30 Complete the Second Rule Setting In Rule Setting when the Classification select as Spam then the Action only can select Delete the spam mail Forward to or Deliver to the recipient 180 The privilege of Rule is greater than Whitelist and Blacklist And in Rule function the former rule has the greater privilege So when the RS 3000 is filtering the soam mail it will take Rule as filter standard first and then is Whitelist Blacklist is the last one be taken Select one of the mails in Outlook Express Press the right key of the mouse and select Content and select Details in the pop up page It will show all of the headers for the message to be taken as the reference value of Condition and Item of the Rule STEP 9When the external yahoo mail ac
120. ernal No Recipients Total Spam Total Mail EN js1720 ms 1 pchome com tw a ae a ee a E T E S S _ Clear Data Figure17 9 Report Function Chart To setup the relevant settings in Mail Relay function of Configure so that can choose to display the scanned mails that sent to Internal Mail Server 169 Take RS 3000 as Gateway and use Whitelist and Blacklist to filter the mail Mail Server is in DMZ and use Transparent Mode STEP 1 Set up a mail server in DMZ and set its network card IP as 61 11 11 12 The DNS setting is external DNS server and the Master name is broadband com tw STEP 2 Enter the following setting in DMZ of Address function Figure 7 10 Name IP Netmask WAL Address Configure 0 0 0 0 0 0 0 0 61 11 11 12 7255 255 255 255 Figure17 10 Mapped Name Setting in Address of Mail Server STEP 3 Enter the following setting in Group in Service function Figure1 7 11 Group name Service Configure Mail Service _0i POPS S Mall Service 02 DNS POPS SMTP Figure17 11 Setting Service Group that include POP3 SMTP or DNS STEP 4 Enter the following setting in WAN to DMZ Policy Figure1 7 12 Destination Service Actio Option Configure Outzide_Any Mail Server Routing Mal Service 01 4 AAI Figure17 12 WAN to DMZ Policy Setting 170 STEP 5 Enter the following setting in DMZ to WAN Policy Figure1 7 13 Source Destination Service Option Configure ouso aseve 1 TT TT
121. ersion Figure 4 18 Language Setting WebUI 33 Chapter 5 Interface In this section the Administrator can set up the IP addresses for the office network The Administrator may configure the IP addresses of the LAN network the WAN 1 2 network and the DMZ network The Netmask and gateway IP addresses are also configured in this section Define the required fields of Interface LAN Using the LAN Interface the Administrator can set up the LAN network of RS 3000 Ping Select this function to allow the LAN users to ping the Interface IP Address HTTP Select to enable the user to enter the WebUI of RS 3000 from Interface IP WAN The System Administrator can set up the WAN network of RS 3000 Balance Mode Auto The RS 3000 will adjust the WAN 1 2 utility rate automatically according to the downsitream upstream of WAN For users who are using various download bandwidth Round Robin The RS 3000 distributes the WAN 1 2 download bandwidth 1 1 in other words it selects the agent by order For users who are using same download bandwidths By Traffic The RS 3000 distributes the WAN 1 2 download bandwidth by accumulative traffic By Session The RS 3000 distributes the WAN 1 2 download bandwidth by saturated connections By Packet The RS 3000 distributes the WAN 1 2 download bandwidth by accumulated packets and saturated connection By Source IP The RS 3000 distributes the WAN 1 2 connection by source IP address once the connecti
122. es sec Utilization Total m The unit that used by Y Coordinate which the Administrator can change the unit of the Statistics Chart here Utilization The percentage of the traffic of the Max Bandwidth that System Manager set in Interface function Total To consider the accumulative total traffic during a unit time as Y Coordinate 245 WAN Statistics STEP 1 Enter WAN in Statistics function it will display all the statistics of Downstream Upstream packets and Downstream Upstream record that pass WAN Interface Figure23 1 WAM 1 Minute Hour Day Week Month Year Ad WAN Interface Minute Hour Day Week Month Year Figure23 1 WAN Statistics function m Time To detect the statistics by minutes hours days week months or years w WAN Statistics is the additional function of WAN Interface When enable WAN Interface it will enable WAN Statistics too STEP 2 In the Statistics window find the network you want to check and click Minute on the right side and then you will be able to check the Statistics figure every minute click Hour to check the Statistics figure every hour click Day to check the Statistics figure every day click Week to check the Statistics figure every week click Month to check the Statistics figure every month click Year to check the Statistics figure every year 246 STEP 3 Statistics Chart Figure23 2 Y Coordinate Network Traffic Kbytes Sec m X Coordinat
123. es the Program under this License may add an explicit geographical distribution limitation excluding those countries so that distribution is permitted only in or among countries not thus excluded In such case this License incorporates the limitation as if written in the body of this License 9 The Free Software Foundation may publish revised and or new versions of the General Public License from time to time Such new versions will be similar in spirit to the present version but may differ in detail to address new problems or concerns Each version is given a distinguishing version number If the Program specifies a version number of this License which applies to it and any later version you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation If the Program does not specify a version number of this License you may choose any version ever published by the Free Software Foundation 10 If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different write to the author to ask for permission For software which is copyrighted by the Free Software Foundation write to the Free Software Foundation we sometimes make exceptions for this Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally
124. estination Configure hove Outside Any Virtual Server 1061 62 236 53 Figure 7 6 Complete the Policy for External VoIP to Connect with Internal VoIP STEP 5 in Outgoing Policy complete the setting of internal users using VoIP to connect with external network VoIP Figure 7 7 Source Destination Action Option Contiqure hove WolP_iSroup Outside Ary Figure 7 7 Complete the Policy for Internal VoIP to Connect with External VoIP G Service must cooperate with Policy and Virtual Server that the function can take effect 56 7 3 Group Setting service group and restrict the specific users only can access to service resource that provided by this group through policy Group HTTP POP3 SMTP DNS STEP 1 Enter the following setting in Group of Service Click New Entry Figure 7 8 Name Enter Main Service Select HTTP POP3 SMTP DNS in Available Service and click Add Click OK Figure 7 9 Add Service Group Available service gt Selected service gt AMY AFPoverTCP Remove Add InterLocator IRC Figure 7 8 Add Service Group Group name Service Configure Main Service BMS HTTP POPS Figure 7 9 Complete the setting of Adding Service Group If you want to remove the service you choose from Selected Service choose the service you want to delete and click Remove 57 STEP 2 in LAN Group of Address function set up an Address Group that can include the serv
125. g of the RS 3000 In this chapter the definition is Setting Date Time Multiple Subnet Route Table DHCP Dynamic DNS Hosts Table SNMP and Language settings 4 1 Setting AirLive RS 3000 Configuration m The Administrator can import or export the system settings Click OK to import the file into the RS 3000 or click Cancel to cancel importing You also can revive to default value here m Select Reset Factory Setting will reset RS 3000 as factory default setting Email Settings E Select Enable E mail Alert Notification under E mail Settings This function will enable the RS 3000 to send e mail alerts to the System Administrator when the network is being attacked by hackers or when emergency conditions occur It can be set from Anomaly Flow IP Setting to detect Hacker Attacks Web Management WAN Interface m The System Manager can change the port number used by HTTP port anytime Remote WebUI management After HTTP port has changed if the administrator wants to enter WebUI from WAN will have to change the port number of browser For example http 61 62 108 172 8080 MTU Setting m It provides the Administrator to modify the networking package length anytime Its default value is 1500 Bytes Link Speed Duplex Mode By this function can set the transmission speed and mode of WAN Port when connecting other device Dynamic Routing RIPv2 E Select to enable the function of AirLive RS 3000 LAN WAN1 WAN2
126. he IP address that Multiple Subnet corresponds to WAN Forwarding Mode m To display the mode that Multiple Subnet use NAT mode or Routing Mode Preparation RS 3000 WAN1 60 250 158 66 connect to the ISP Router 60 250 158 254 and the subnet that provided by ISP is 162 172 50 0 24 To connect to Internet WANZ2 IP 211 22 22 22 connects with ATUR 25 Adding Multiple Subnet Add the following settings in Multiple Subnet of System function Click on New Entry Alias IP of LAN Interface Enter 162 172 50 1 Netmask Enter 255 255 255 0 WAN1 Choose Routing in Forwarding Mode and press Assist to select Interface IP 60 250 158 66 WAN2 Enter Interface IP 211 22 22 22 and choose NAT in Forwarding Mode Click OK Complete Adding Multiple Subnet Figure 4 8 Modify Multiple Subnet IF Interface Alias IP of Interface Forwarding Mode WANA 60 250 155 66 Ass nwaT O Routing Figure 4 8 Add Multiple Subnet WebUI S WANI and WANZ2 Interface can use Assist to enter the data A After setting there will be two subnets in LAN 192 168 1 0 24 default LAN subnet and 162 172 50 0 24 So if LAN IP is 192 168 1 x it must use NAT Mode to access to the Internet In Policy it only can setup to access to Internet by WANZ If by WAN1 Routing mode then it cannot access to Internet by its virtual IP 162 172 50 x it uses Routing mode through WAN1 The Internet Server can see your IP 162 172 50 x direc
127. he process of sending the mail from MUA to MTA and transfer mail from MTA to the next MTA At present most of the mail server uses SMTP Protocol Simple Mail Transfer Protocol and the Port Number is 25 164 2 Receiving e mail MUA connect to MTA user s Mailbox by POP Post Office Protocol in order to read or download the mail in user s mailbox At present common POP Protocol is POP3 Post Office Protocol version 3 and the Port Number is 110 G Generally a MTA that provides sending receiving mail function needs two protocols at least They are SMTP and POPS And as long as your MUA and MTA support SMPT and POPS then they can connect with each other G After MTA analyzing the received mail and if the recipient is not in the master account then MTA will transfer the mail to the next MTA This function is called Relay G If anyone can deliver the mail by one of the mail server we called this Open Relay mail server To avoid this question most of the mail server s default value will not open up Relay function It only will open up Relay function according to Localhost Therefore MTA can receive the mail that indicative of the recipient is the internal account of MTA mail server So there is no problem in receiving the mail However it causes some problems because MTA only setup some standard IP and Subnet to open their Relay function So in the range of this setting the Client can send receive mail very free As for the
128. ice and Custom Service The common use services like TCP and UDP are defined in the Pre defined Service and cannot be modified or removed In the custom menu users can define other TCP port and UDP port numbers that are not in the pre defined menu according to their needs When defining custom services the client port ranges from 1024 to 65535 and the server port ranges from 0 to 65535 In this chapter network services are defined and new network services can be added There are three sub menus under Service which are Pre defined Custom and Group The Administrator can simply follow the instructions below to define the protocols and port numbers for network communication applications Users then can connect to servers and other computers through these available network services i T O How to use Service The Administrator can add new service group names in the Group option under Service menu and assign desired services into that new group Using service group the Administrator can simplify the processes of setting up control policies For example there are 10 different computers that want to access 5 different services on a server such as HTTP FTP SMTP POP3 and TELNET Without the help of service groups the Administrator needs to set up 50 10x5 control policies but by applying all 5 services to a single group name in the Service field it takes only one control policy to achieve the same effect as the 50 control policies 52
129. ice of access to Internet Figure 7 10 Configure Figure 7 10 Setting Address Book Group STEP 3 Compare Service Group to Outgoing Policy Figure 7 11 Source Destination Action Option Configure howe Inside Any Outside Any Main Service Ee iia Figure 7 11 Setting Policy 58 Chapter 8 Schedule In this chapter the RS 3000 provides the Administrator to configure a schedule for policy to take effect and allow the policies to be used at those designated times And then the Administrator can set the start time and stop time or VPN connection in Policy or VPN By using the Schedule function the Administrator can save a lot of management time and make the network system most effective T O How to use the Schedule The system Administrator can use schedule to set up the device to carry out the connection of Policy or VPN during several different time division automatically 59 To configure the valid time periods for LAN users to access to Internet in a day STEP 1 Enter the following in Schedule Click New Entry Figure 8 1 Enter Schedule Name Set up the working time of Schedule for each day Click OK Figure 8 2 Add New Schedule Schedule Name Day a a Tuesday oe on fev EE Saturday Sunday Figure 8 1 Setting Schedule WebUI Name Configure Working_Time Figure 8 2 Complete the Setting of Schedule 60 STEP 2 Compare Schedule with Outgoing Policy Figure 8 3
130. ide Any Real time Down 0 0 KBits sec Up 0 0 KBits sec Downstream Bits per Seconds id K 10 6 K Max il Jk 7 1 E 3 2 kK CMinutes WM Traffic stream E Maximum stream MW Average stream Upstream Bits per Seconds i7 0 E 12 5 K Maxiig 6k 5 1K 4 3 K e aee Ave 0 312K 15 42 15 52 16 02 16 12 16 22 16 32 16 42 CMinute WM Traffic stream Mi Maximum stream Mi Average stream Figure15 4 Statistics WebUI 134 Forbid the users to access to specific network Take specific WAN IP Content Blocking and IM P2P Blocking for example STEP 1 Enter the following setting in URL Blocking Script Blocking and Download Blocking in Content Blocking function and IM P2P Blocking Function Figure15 5 15 6 15 7 15 8 URL String Configure googie Figure15 5 URL Blocking Setting Script Blocking Popup Blocking Activex Blocking Java Blocking Cookie Blocking Figure15 6 Script Blocking Setting Download Blocking All Types Blocking Audio and Video Types Blocking Extension Blocking xe Zip ar iso bin pin doc xl E ppt pdf tgz az at ll hta cr wh WpS pif msi com Fey MES mpeg Mpa Figure15 7 Download Blocking Setting 135 Add lh fP2P Blocking IM_P2P_Blocking Max 16 characters Instant Messaging MSN Yahoo No Skype Peer to Peer Application Ea Edonkey Bit Torrent Vinh all Fisy KUGOO al APE JHCE E sudiosalacy E CirectConnect
131. ing Login Instant Messaging File Transfer d H nen lf Yahoo d Google Talk E cadu Gadu Peer to Peer Application d Edonkey Bit Torrent Winx d Foxy E kucoo d AppleJuice d AudioGalaxy E DirectConnect H iMesh E MUTE E Thunders W VN Client E PPLive H Uitra Surf E PPstream H cocobBox H Tor H vvSee E o0LlivenQGame E 2QDownload ETS MW Hamachi B Teamviewer E GLWorld Figure12 9 P2P Blocking WebUI IMs P2P Signature Definitions Last updated on OOV02 04 14 36 27 Update signature definitions every one hour Current version 3 1 4 Signature definitions updated at 06 01 31 16 04 29 Update signature definitions immediately Use TCP port 80 and UDP port 53 Update NOW IM P2P Blocking Figure12 10 Complete P2P Blocking setting 88 STEP 2 Add anew Outgoing Policy and use in IM P2P Blocking function Figure12 11 Ti Live Policy gt Outgoing System Add New Policy olicy Object Incoming n ooo DMZ To LAN ETA ZEEN MAX Bandwidth Per SourceIP Downstream o Kbps Upstream o o kbps TEE MME TEE f OK jf Cancel Figure12 11 Add New Policy of P2P Blocking STEP 3 Complete the policy of restricting the internal users to access to the file on Internet by P2P in Outgoing Policy Figure12 12 Source Destination Semice Action Option Contigure hove Inside Any Sutside Any Figure12 12 Complete P2P Blocking Policy Setting Boop Transfer will occupy large bandwidth so that
132. it may influence other users And P2P Transfer can change the service port free so it is invalid to restrict P2P Transfer by Service Therefore the system manager must use IM P2P Blocking to restrict users to use P2P Transfer efficiently 89 Chapter 13 Virtual Server The real IP address provided from ISP is always not enough for all the users when the system manager applies the network connection from ISP Generally speaking in order to allocate enough IP addresses for all computers an enterprise assigns each computer a private IP address and converts it into a real IP address through RS 3000 s NAT Network Address Translation function If a server that provides service to WAN network is located in LAN networks external users cannot directly connect to the server by using the server s private IP address The RS 3000 s Virtual Server function can solve this problem A Virtual Server has set the real IP address of the RS 3000 s WAN network interface to be the Virtual Server IP Through the Virtual Server function the RS 3000 translates the Virtual Server s IP address into the private IP address in the LAN network Virtual Server owns another feature know as one to many mapping This is when one real server IP address on the WAN interface can be mapped into four LAN network servers provide the same service private IP addresses This option is useful for Load Balancing which causes the Virtual Server to distribute data packets t
133. l above it will bring the chart as follows in the Spam Mail function of Anti Spam Figure1 7 21 Top Total Spam 1 1 Clear Data Figure17 21 Chart of Report Function When clicking on Remove button in Total Spam Mail the record of the chart will be deleted and the record cannot be checked in Spam Mail function 176 Place RS 3000 between the original Gateway and Mail Server to set up the Rule to filter the mail Mail Server is in DMZ Transparent Mode The LAN Subnet of enterprise s original Gateway 172 16 1 0 16 The WAN IP of RS 3000 172 16 1 12 STEP 1 Setup a Mail Server in DMZ and its network card IP is 172 16 1 13 The DNS setting is external DNS Server Its host name is broadband com tw STEP 2 Enter the following setting in DMZ Address Figure1 7 22 Name IP Netmask WAC Address Configure F276 45255 255 255 255 Figure17 22 Mapped IP Setting of Mail Server in Address Book STEP 3 Enter the following setting in Service Group Figure1 7 23 Group name Configure Mall Serice _01 POP SMTP Mall Service_02 DNS POP SMTP Figure17 23 Setting Service Group includes POP3 SMTP or DNS 177 STEP 4 Enter the following setting in WAN to DMZ Policy Figure1 7 24 Destination Option Configure Outside Any Mail Server Routing Mail Service 01 One Ss a Figure17 24 WAN to DMZ Policy Setting STEP 5 Enter the following setting in DMZ to WAN Policy Figure1 7 25 Sourc
134. ll of the mails in SpamMail File 191 a SpamMail Outlook Express New Mail Reply Reply All Forward Print gt a SpamMail al Outlook Express ERE Local Folkers There are no items in this view f Inbox 5 S Deleted Items 123 ig SpamMail Drafts There are no contacts to display Click on Contacts to create a new contact Figure17 42 Confirm that All of the Mail in SpamMail File had been Deleted 192 To make the mail that is judged as spam mail can be received by recipient after training STEP 1 Add anew HamMail folder in Outlook Express m Press the right key of the mouse in Local Folders and select New Folder Figure 7 43 mE Enter HamMail in Folder Name in Create Folder WebUl and click OK Figure 7 44 Local Folders Outlook Express File Edt View Tools Message Help em SK E Gl aibacses NewMail Reply Reply All Forward Print Delete Send Recy amp Local Folders pes oo TT Outlook Express Use local folders for POP accounts andito archive messages From other accounts p Int Open BS Out Find A Ser Remove Account E G Del Setas Dersu Account 20 Eo x New Folder 0 0 SD Dra i s A Spe Reset USE i eleted Items 123 132 dd ta Outlook Bar i 0 0 Properties 0 0 Contacts X X There are no contacts to display Click on Contacts to create a new contact Figure17 43 Select Create New Folder Function WebUI 193 Create
135. lock m Synchronizing the RS 3000 with the System Clock The administrator can configure the RS 3000 s date and time by either syncing to an Internet Network Time Server NTP or by syncing to your computer s clock STEP 1 Select Enable synchronize with an Internet time Server Figure 4 7 STEP 2 Click the down arrow to select the offset time from GMT STEP 3 If necessary select Enable daylight saving time setting STEP 4 Enter the Server IP Name with which you want to synchronize STEP 5 Set the interval time to synchronize with outside servers System time Wed Dec 17 16 56 04 2008 synchronize system clock Synchronize system clock with an Internet time Server Set offset hours from GMT Assist C Enable daylight saving time setting From fy To 1 fy Server P Name 220 130 158 52 Assist Update system clock every minutes Range 1 99999 0 system clock updates at boot up Synchronize system clock with this client yG Figure 4 7 System Time Setting Click on the Sync button and then the RS 3000 s date and time will be synchronized to the Administrator s PC The value of Set Offset From GMT and Server IP Name can be looking for from Assist a2 4 3 Multiple Subnet Connect to the Internet through Multiple Subnet NAT or Routing Mode by the IP address that set by the LAN user s network card Alias IP of Interface Netmask m The Multiple Subnet range WAN Interface IP m T
136. luded Anomaly Pre defined and Custom according to different attack types The Anomaly can detect and prevent the anomaly flow and packets via the signature updating The Pre defined can also detect and prevent the intrusion through the signature updating Both the anomaly and pre defined signatures can not be deleted or modified The Custom can detect the other internet attacks anomaly flow packets except the original Anomaly and Pre defined detection according to the user demand Anomaly It includes the syn flood udp flood icmp flood syn fin tcp no flag fin no ack tcp land larg icmp ip record route ip strict src record route ip loose src record route invalid url winnuke bad ip protocol portscan and http inspect such Anomaly detection signatures Figure 19 2 User can enable the anomaly packets signature to detect depends on the user demand User can manage the specific anomaly flow packets User can modify the action of pass drop and log The RS 3000 can display all the anomaly detection signature attribute of Name Enable Risk Action and Log Figure19 2 The anomaly signature setting 216 Pre defined m Pre defined signature contains 5 general classifications includes Backdoor DDoS Dos Exploit NetBIOS and Spyware Each type also includes its attack signatures and user can select to enable the specific signature defense system based on the request Figure 19 3 User can modify the signature
137. mail from the IP source without standard will be blocked completely In this case there comes Simple Mail Transfer Protocol to solve the problem G Simple Mail Transfer Protocol is when MUA send mail to MTA the master will ask to detect the account and password of MUA sender And then MTA can provide the Relay function after authentication without setup Relay function according to some trusting domain or IP By Authentication MTA will analyze the relevant authentication information of the sender After passing the authentication that will accept mail and send the mail otherwise MTA will not receive the mail 165 To detect if the mail from External Mail Server is spam mail or not STEP 1 in LAN Address to permit a PC receiving the mail from external mail server Its network card is set as 192 168 139 12 and the DNS setting is DNS server STEP 2 in LAN of Address function add the following settings Figure1 7 4 IP 4 Netmask MAC Addres S Figure17 4 Mapped IP of Internal User s PC in Address Book STEP 3 Add the following setting in Group of Service Figure17 5 Group name Semice Configure gt 5 Si Figure14 5 Service Group that includes POP3 SMTP or DNS STEP 4 Add the following setting in Outgoing Policy Figure1 7 6 Source Destination Service Option Configure ea Figure17 6 Outgoing Policy Setting 166 STEP 5 Add the following setting in Setting of Anti Spam function Figure1 7 7
138. ministrator WebUI Figure 3 1 and enter the following setting E Sub Admin Name sub admin m Password 12345 E Confirm Password 12345 STEP 3 Click OK to add the user or click Cancel to cancel it Add Mew Sub Admin SUB Admin name Sub admin Passyvord Contirm Pasevyord Figure 3 1 Add New Sub Admin Modify the Administrator s Password STEP 1 Inthe Admin WebUI locate the Administrator name you want to edit and click on Modify in the Configure field STEP 2 The Modify Administrator Password WebUI will appear Enter the following information m Password admin m New Password 52364 Confirm Password 52364 Figure 3 2 STEP 3 Click OK to confirm password change Modify Admin Password Admin Mame admin Figure 3 2 Modify Admin Password 3 2 Permitted IP Add Permitted IPs STEP 1 Add the following setting in Permitted IPs of Administration Figure 3 3 Name Enter master IP Address Enter 163 173 56 11 Netmask Enter 255 255 255 255 Service Select Ping and HTTP Click OK Complete add new permitted IPs Figure 3 4 Add New Permitted IPs master 163 173 56 11 255 255 255 255 Ping EA HTTP Figure 3 3 Setting Permitted IPs WebUI Mame IP Address Netmask Seale master TES Sel ees aia es Figure 3 4 Complete Add New Permitted Ips 7 To make Permitted IPs be effective it must cancel the Ping and WebUI selection in the WebUI of RS 3000 that Administrator enter LAN WAN o
139. mmand to check if your computer has successfully connected to this product The following example shows the ping procedure for Windows platforms First execute the ping command ping 192 168 1 1 If the following messages appear Pinging 192 168 1 1 with 32 bytes of data Reply from 192 168 1 1 bytes 32 time 2ms TTL 64 A communication link between your computer and this product has been successfully established Otherwise if you get the following messages Pinging 192 168 1 254 with 32 bytes of data Request timed out There must be something wrong in your installation procedure You have to check the following items in sequence 1 Is the Ethernet cable correctly connected between this product and your computer Tip The LAN LED of this product and the link LED of network card on your computer must be lighted 2 Is the TCP IP environment of your computers properly configured Tip If the IP address of this product is 192 168 1 1 the IP address of your computer must be 192 168 1 X and default gateway must be 192 168 1 1 2 2 Example for configure RS 3000 Web UI STEP 1 1 Connect the Admin s PC and the LAN port of the Security Gateway 2 Open an Internet web browser and type the default IP address of the Security Gateway as 192 168 1 1 in the address bar 3 A pop up screen will appear and prompt for a username and password Enter the default login username admin and password airlive of Administrator F about blank
140. mp Gel New Mail Reply Reply 4ll Forward Print Delete Send Recy Addresses Find Inbox Folders xi t OB From Subject Receved ita Outlook Express M Luciano Mcmanus score 3 spam Find out if Lavonne i 9 17 2004 10 25 AM Local Folders Q3 Outt aad i Sent ze Q o M LE Draf Renag Delete Add to Outlook Bar Properties Contacts x There are no contacts to display Click on Contacts to create a new contact Figure17 32 Select New Folder Function WebUI 182 I Create Folder Spambail f al Outlook Express B 49 Local Folders Ga Inbox al Deleted Items AB Drafts Figure17 33 Create Folder WebUI 183 STEP 2n Inbox Outlook Express move spam mail to SpamMail Folder E In Inbox select all of the spam mails that do not judge correctly and press the right key of the mouse and move to the folder Figure1 7 34 E In Move WebUl select SoamMail Folder and click OK Figure1 7 35 a Inbox Outlook Express a 2 A ela x oo amp New Mail Reply Reply 4 Forward Print Delete Send Recy Addresses Find X Folders x lele rom o aie o e O jl Outlook Express Zachery Lane score 4 spam Nominate yourself fo 9 16 2004 4 16 4M S L Local Folders ito Galvan score 4 spam Certify EU Guidelines 9 16 2004 1 30 AM i fA Inbox 9 M root WAN1
141. mviewer E Gord Figure12 5 Instant Messaging File Transfer Blocking WebUI IM P2P Signature Definitions Last updated on 09 02 04 14 36 27 Update signature definitions every one hour Current version 3 1 4 Signature definitions updated at 06 01 31 16 04 29 Update signature definitions immediately Use TCP port 80 and UDP port 53 f Update NOW IM P2P Blocking Name IM Login IM File Transfer 2 Configure IM_File_ Blocking ee MSN Yahoo ICQ Figure12 6 Complete Instant Messaging File Transfer Blocking setting 86 STEP 2 Add anew Outgoing Policy and use in IM P2P Blocking function Figire12 7 outs any Vs rok oee O Action WAN Port IM P2P Blocking IM_File_Blocking Modify Policy Figure12 7 Add New IM Blocking Policy STEP 3 Complete the policy of restricting the internal users to send file by instant messaging in Outgoing Policy but users still can use IM to transfer message Figure12 8 Destination S Opio O configure Inaide_Any Outside_Any Figure12 8 Complete IM Blocking Policy Setting 87 12 3 P2P Blocking Restrict the Internal Users to access to the file on Internet by P2P STEP 1 Select the following data in P2P of IM P2P Blocking function Enter the rule name as P2P_Blocking Select eDonkey BitTorrent WinMX Blocking Figure12 9 Click OK Complete the setting of P2P Blocking Figure1 2 10 Modify IM P2P Blocking Max 16 characters Instant Messag
142. n be Internal IP Address External IP Address and DMZ IP Address Netmask m When correspond to a specific IP it should be set as 255 255 255 255 m When correspond to several IP of a specific Domain Take 192 168 100 1 C Class subnet as an example it should be set as 255 255 255 0 MAC Address E Correspond a specific PC s MAC Address to its IP it can prevent users changing IP and accessing to the net service through policy without authorizing Get Static IP address from DHCP Server m When enable this function and then the IP obtain from DHCP Server automatically under LAN or DMZ will be distributed to the IP that correspond to the MAC Address 46 6 1 LAN Under DHCP situation assign the specific IP to static users and restrict them to access FTP net service only through policy STEP 7 Select LAN in Address and enter the following settings Click New Entry button Figure 6 1 Name Enter Jacky IP Address Enter 192 168 3 2 Netmask Enter 255 255 255 255 MAC Address Enter the user s MAC Address 00 18 F3 F5 D3 54 Select Get static IP address from DHCP Server Click OK Figure 6 2 Add New Address IP Address 192 168 3 2 mzaa Figure 6 2 Complete the Setting of LAN 47 STEP 2 Adding the following setting in Outgoing Policy Figure 6 3 Add New Poli cy Source Address Destination Address SEICE Schedule Authentication User Action WAN Port seis Time Figure 6 3 Add a
143. na teense tata Sons A E E a sgt ttasean EO T O 54 TD AE OUD geese ashes r EE E AAG A BIA a 57 Chapter g SOMO GUC sisisi e a e E 59 Chapter 9n QOS asrina a ears are er einen a a aa eee eee 62 Chapter 10 Authentication ssicessisiceccsascevesesececreessvassaseasncutsesvvcenedseswessuenedesvesencenseceacecsvesewes 66 Ch pter 11 C ntent BIOCKING wisviscccwatecnstcstnsinciodeincersasntdusacersetennsewadatadiiedetinlavantatecuemsinnelas 73 TETAI g sotto tm ac euteemcarec teeters ic atlots sa ncots aeruatatia temas tease uct ncattesaaiegtaatavaut cadena ee lant Sarente ta none oumeatts 75 EERS o Ran oman er nt OE reat E NRF oto REE MOREA EIEE A ee MRE E A REINO ony EE OE 1 11 9 DOWNIOA G ensnare dearest sinsdaesonmaesashonshes dracyasheasacnsnomeheanaahentnat dune tstannsieaememaassatants 79 Til es IO a Cidsaiacaresnateasctiere nen saat tandise E A E E E 81 Chapter 12 IM P2P Blocking seicvsccessciticdini cus icticienccarteti wari vuctatisveusueduducanenvevecuetswendvanmnton 83 a F228 3 BIOCKINO een a OO a a renee 84 12 2 Instant Messaging File Transfer cc ecccssccssseccesseecessseeeesssseeeessssecesesseecseeeeeeseseeeeseeeeeses 86 T2 4 gal 6 lt 4 tesa nn ner certain eer A R MN Gee ee eee eee ee ee eee 88 Chapter 13 Virtual S rver sicicic ceritev tec ratenteudusee a aa a 90 TOLNA E a E RE nO Cee nr oe eee nO 92 13 2 Virtual Server 1 2 34 veseri aaa EiT condensers atner aaa AE 94 Chapter Ta VPN ccce E EE a E nae eee 101 P
144. nt spam Hithere 6 20 2004 1 15 Open No cost Laptop spam Find out how to get a Free IBM Thinkpad 9 20 2004 Z 3t Find E Ericdire spam Carole why cant you cal me bads 3 2 2004 12 27 ae nigel lukac spam Relief From paijin event 9 17 2004 7 22 New Folder Bob Allen spam _ _ Right out of the TY studio audience 9 20 2004 2 3 Rename Ed olcso ramirce RE You can becuwne o leyally ordaircd minister 9 20 2004 9 06 Delete Add te Sutlool far Contacts v x There are no contacts to display Click on Contacts to create a new contact 1 message s O unread E Working Onine Figure17 38 Select SpamMail File Properties Function 188 SpamMiail Properties Figure17 39 Copy the File Address that SpamMail File Store 189 STEP 5 Paste the route of copied from SpamMail file to the Spam Mail for Training field in Training function of Anti Spam And press OK to deliver this file to RS 3000 instantly and to learn the uploaded mail file as spam mail in the appointed time Figure 17 40 Free space for training 376 KBytes The amount of spam mail 1155 The amount of ham mail 31 Bayesian filtering does not work until database has at least 200 spams and 200 hams Training Database Export Training Database Download Reset Training Database el P Spam hail for Training Import spam Mail trom Client mail_backup Spambail c Ham flail for Training Spam A
145. o Range 1 99999 0 means unlimited lo Range 1 99999 0 means unlimited Figure15 11 Setting Blocking Policy STEP 4 Complete the setting of forbidding the users to access to specific network Figure15 12 Figure15 12 Complete Policy Setting tw Deny in Policy can block the packets that correspond to the policy rule The System Administrator can put the policy rule in the front to prevent the user connecting with specific IP 138 Only allow the users who pass Authentication to access to Internet in particular time STEP 1 Enter the following in Schedule function Figure15 13 Working Time Figure15 13 Add New Schedule STEP 2 Enter the following in Auth User and Auth User Group in Authentication function Figure15 14 Mame Member laboratory steven jack evelyn Figure15 14 Setting Auth User Group tw The Administrator can use group function the Authentication and Service It is more convenient when setting policy 139 STEP 3 Enter the following setting in Outgoing Policy Click New Entry Authentication User Select laboratory E Schedule Select Working Time Click OK Figure15 15 commet OO OOO O ax 32 caracters Add Mew Folicy Inside_Any Outside _Any eo ANY Action WAN Fort PERMIT ALL Traffic Lag E Enable Statistics Content Blocking IV ASP Blocking Figure15 15 Setting a Policy of Authentication and Schedule STEP 4
146. o Kbps Action WAM Port PERMIT ALL v Figure11 11 Add New Upload Blocking Policy Setting STEP 3 Complete the Outgoing Policy of restricting the internal users to upload some specific sub name file by http protocol directly Figure11 12 Source Destination Configure howe inside Any Outside Any fodit Remove Pause Figure11 12 Complete Upload Blocking Policy Setting 82 Chapter 12 IM P2P Blocking IM Blocking To restrict the authority of receiving video file and message from MSN Yahoo Messenger ICQ QQ TM2008 Skype Google Talk Gadu Gadu P2P Blocking The authority of sending files connection by eDonkey Bit Torrent WinMX Foxy KuGoo AppleJuice AudioGalaxy DirectConnect iMesh MUTE Thunder5 VNN Client PPLive Ultra Surf PPStream GoGoBox Tor UUSee QQLive QQGame QQDownload ARES Hamachi TeamViewer GLWorld Define the required fields of IM P2P Blocking IM P2P Signature Definitions RS 3000 supports to check the signature regularly or manually the function works to update IM P2P Blocking function and provide the capacity to block new version IM P2P software IM Blocking m Prevent users to login MSN Yahoo Messenger ICQ QQ TM2008 Skype Google Talk and Gadu Gadu Instant Messaging File Transfer m Prevent users to transfer file via IM such as MSN Yahoo Messenger ICQ QQ Google Talk and Gadu Gadu P2P Blocking m Prevent users to deliver files by eDonke
147. o each private IP addresses which are the real servers by session Therefore it can reduce the loading of a single server and lower the crash risk And can improve the work efficiency In this chapter we will have detailed introduction and instruction of Mapped IP and Server 1 2 3 4 Mapped IP Because the Intranet is transferring the private IP by NAT Mode Network Address Translation And if the server is in LAN its IP Address is belonging to Private IP Address Then the external users cannot connect to its private IP Address directly The user must connect to the RS 3000 s WAN subnet s Real IP and then map Real IP to Private IP of LAN by the RS 3000 It is a one to one mapping That is to map all the service of one WAN Real IP Address to one LAN Private IP Address Server 1 2 3 4 Its function resembles Mapped IP s But the Virtual Server maps one to many That is to map a Real IP Address to 1 4 LAN Private IP Address and provide the service item in Service 90 Define the required fields of Virtual Server WAN IP m WAN IP Address Real IP Address Map to Virtual IP m Map the WAN Real IP Address into the LAN Private IP Address Virtual Server Real IP m The WAN IP address which mapped by the Virtual Server Service name Port Number m The service name that provided by the Virtual Server External Service Port m The WAN Service Port that provided by the virtual server If the service you choose only have
148. oftware Installation ccccssssseesssseeeesseeseneeseenees 6 2 1 Make Correct Network Settings of Your COMPUTED cece cccccccessecesssecesseecesseecesssesesseeeenseeees 6 2 2 Example for configure RS 3000 Web Ul cccccccscccessecceeseeceseeeesseeeesseecesseeeesseeeesseeeesseeens 7 Chapter3 Administration oirionn aaa a aaa aiaa aaa 10 3 TACMI N ernea A A EE 10 SL OE OE ra a T a E 12 3 OO CN eaaeo a R R E N 13 SG He rm 1 2 E 018 an aa Da a AE T O A 14 Chapter a Congue scieneo aE a a E E Sa 15 Aa o n E a E EN T Loe 15 Aa DOIMO ea cs eh A ak ed eed aa aa ee ac 22 4G NUNDEN ent nc a an NTT in AO oS re OR cen ma 23 AA ROUE VARIG iein T TA E 26 7S DS Seen ere eee nee ene E A ee eee eee ee 28 46 Dynami DND ee eerie pie ne ene Re Ore er ee ee eee a 30 AT HOS ADO asaasiriancreaaunie van onsen namatetanonaneeaeaasnomnge en eigen ames ae eee een 31 oN atest cee shatea Acct hele A A ian dancads askaddend 32 AS PANG UAC Sse E AIEE TE nt te ec Aten A et asi dette tates tas eto tele ane ae as 33 Chapters NVC aAC Se anran a e EN 34 SALAN aae A E a S 36 SZ WAN sopran E N A 37 TS DMZ a a eee eer ee eee 44 Chapter G AddT SS aoni a a a a aO a Aaaa aaa a 45 O ELAN Peper ee oN tra E ee a a ee mm tee 47 P2 LAN GOUD irn n E E IA Ora Ue aT 49 Chapter 7 SETVICE anaa E a aaa EE N EE 52 Tel FCSN CC ceon tematareut in asc bl eres Saant iat meso ues aad oa aeeueaan ateatane canes ach 53 TZ GUNS OU asta spent O T E Te
149. ogy 103 Define the required fields of IPSec Function To display the VPN connection status via icon oe amp Name m The VPN name to identify the IPSec Autokey definition The name must be the only one and cannot be repeated Gateway IP m The WAN interface IP address of the remote Gateway IPSec Algorithm To display the Algorithm way Configure m Click Modify to change the argument of IPSec click Remove to remote the setting Figure1 4 1 A Mame Gateway IF IPSec Algorithm Configure Figure14 1 IPSec Autokey WebUI 104 14 2 PPTP Server Define the required fields of PPTP Server Function PPTP Server ia To select Enable or Disable Client IP Range m Setting the IP addresses range for PPTP Client connection m To display the VPN connection status via icon oon User Name m Displays the PPTP Client user s name when connecting to PPTP Server Client IP m Displays the PPTP Client s IP address when connecting to PPTP Server Uptime m Displays the connection time between PPTP Server and Client Configure Click Modify to modify the PPTP Server Settings or click Remove to remove the setting Figure14 2 PPTP Server Disable Client IP Range 192 113 19 1 254 Madify imo liser Name Client IF Configure Figure14 2 PPTP Server WebUI 105 14 3 PPTP Client Define the required fields of PPTP Client Function m To display the
150. on configure hove Inside Any Outside Any Figure 2 4 Complete Policy setting page Chapter 3 Administration System is the managing of settings such as the privileges of packets that pass through the RS 3000 and monitoring controls The System Administrators can manage monitor and configure RS 3000 settings But all configurations are read only for all users other than the System Administrator those users are not able to change any setting of the RS 3000 3 1 Admin Administrator Name E The username of Administrators and Sub Administrator for the RS 3000 The admin user name cannot be removed and the sub admin user can be removed or modified se The default Account admin Password airlive Privilege m The privileges of Administrators Admin or Sub Admin The username of the main Administrator is Administrator with reading writing privilege Administrator also can change the system setting log system status and to increase or delete sub administrator Sub Admin may be created by the Admin by clicking New Sub Admin Sub Admin have only read and monitor privilege and cannot change any system setting value Configure m Click Modify to change the Sub Administrator s password or click Remove to delete a Sub Administrator 10 Adding a new Sub Administrator STEP 1 Inthe Admin WebuUI click the New Sub Admin button to create a new Sub Administrator STEP 2 In the Add New Sub Ad
151. on is built up all the packets from the same source IP will pass through the same WAN interface By Destination IP The RS 3000 will allocate the WAN connection corresponding to the destination IP once the connection is built up all the packets to the same destination IP will pass through the same WAN interface The connection will be re assigned with WAN interface when the connections are stopped 34 Connect Mode m Display the current connection mode PPPoE ADSL user Dynamic IP Address Cable Modem User Static IP Address PPTP European User Only Saturated Connections E Set the number for saturation whenever session numbers reach it the RS 3000 switches to the next agent on the list Priority Set priority of WAN for Internet Access Connection Test The function works to identify WAN port s connection status The testing ways are as following ICMP User can define the IP address and RS 3000 will ping the address to verify WAN port s connection status DNS Another way to verify the connection status by checking the DNS server and Domain Name configured by user Upstream Downstream Bandwidth m The System Administrator can set up the correct Bandwidth of WAN network Interface here Auto Disconnect m The PPPoE connection will automatically disconnect after a length of idle time no activities Enter O means the PPPoE connection will not disconnect at all DMZ m The Administrato
152. on user IP Auth User Name The account of the auth user to login mE Login Time The login time of the user Year Month Day Hour Minute Second IPF Address Authentication User Mame Login Time Configure 192160612 steve S007 S 30 16 54 54 Remove Figure 26 2 Authentication Status WebUI 256 ARP Table STEP 1 Enter ARP Table in Status function it will display a table about IP Address MAC Address and the Interface information which is connecting to the RS 3000 Figure26 3 Anti ARP virus software Works to rewrite LAN ARP table as default E IP Address The IP Address of the network E MAC Address The identified number of the network card E Interface The Interface of the computer Anti ARP virus software Download Comment Please download the client software and execute it on PC then finish the client static MAC setting Or you can download again and copy this client software to the directory of C Documents and Settings 4ll Users Star Menu iProgram Startup and OS will automatically execute the client software everytime when you starting up the PC for Windows P2000 or above Total MACs 12 192168075 192 1 68 0254 192165033 19246812 00 00 59 59 79 20 O0 4F 4E 7 23 32 VAAL 192 168 0404 Oo a sD 192166 0 96 NO 00 64 152 768 0239 UAT 4 65 3E 404 4 192 165 049 5 i Be er ee 192 168 050 00 08 7 F92 99 132 165 057 D0 20 F 46 BE Oe 192 166 0059 DUS S0 1 B41 E9306 Figure 26 3 ARP Table Web
153. one port and then you can change the port number here If change the port number to 8080 and then when the external users going to browse the Website he she must change the port number first to enter the Website Server Virtual IP E The virtual IP which mapped by the Virtual Server 91 13 1 Mapped IP Make a single server that provides several services such as FTP Web and Mail to provide service by policy STEP 1 Setting a server that provide several services in LAN and set up the network card s IP as 192 168 1 100 DNS is External DNS Server STEP 2 Enter the following setting in LAN of Address function Figure13 1 Add Mew Address IF Adcress E Set static ip address trom DACe Server Figure13 1 Mapped IP Settings of Server in Address STEP 3 Enter the following data in Mapped IP of Virtual Server function Click New Entry WAN IP Enter 61 11 11 12 click Assist for assistance Map to Virtual IP Enter 192 168 1 100 Click OK Complete the setting of adding new mapped IP Figure13 2 Add Mew Mapped IP AN IP 61 11 11 12 Map To Virtual IP 192 166 1100 Figure13 2 Mapped IP Setting WebUI 92 STEP 4 Group the services DNS FTP HTTP POP3 SMTP that provided and used by server in Service function And add a new service group for server to send mails at the same time Figure13 3 Group name Service Configure Main Service BNS FTP HTTP Figure13 3 Service Setting STEP 5 A
154. ons then as a consequence you may not distribute the Program at all For example if a patent license would not permit royalty free redistribution of the Program by all those who receive copies directly or indirectly through you then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program If any portion of this section is held invalid or unenforceable under any particular circumstance the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system it is up to the author donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License 8 If the distribution and or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces the original copyright holder who plac
155. ons for other licensees extend to the entire whole and thus to each and every part regardless of who wrote it Thus it is not the intent of this section to claim rights or contest your rights to work written entirely by you rather the intent is to exercise the right to control the distribution of derivative or collective works based on the Program In addition mere aggregation of another work not based on the Program with the Program or with a work based on the Program on a volume of a storage or distribution medium does not bring the other work under the scope of this License 3 You may copy and distribute the Program or a work based on it under Section 2 in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following a Accompany it with the complete corresponding machine readable source code which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange or b Accompany it with a written offer valid for at least three years to give any third party for a charge no more than your cost of physically performing source distribution a complete machine readable copy of the corresponding source code to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange or c Accompany it with the information you received as to the offer to distribute corresponding source code
156. or DMZ Port to send receive RIPv2 packets and communication between Internal Router or External Router to update Dynamic Routing 15 SIP protocol pass through Select to enable the function of RS 3000 of passing SIP protocol It is also possible that the SIP protocol can pass through RS 3000 without enabling this function depends on the SIP device s type you have Administration Packet Logging m After enable this function the RS 3000 will record packet which source IP or destination address is RS 3000 And record in Traffic Log for System Manager to inquire about System Reboot m Once this function is enabled the Office UTM Gateway will be rebooted 16 System Settings Exporting button next to Export System Settings to STEP 1 In System Setting WebUI click on Client STEP 2 When the File Download pop up window appears choose the destination place where to save the exported file and click on Save The setting value of RS 3000 will copy to the appointed site instantly Figure 4 1 e gt Air Live System Configure Setting Office UTM File Download Administration Configure Do you want to save this file Setting Date Time Name OU_Gateway conf Multiple Subnet ae ee 2 00 MB Route Table Gusta NG ie pein DHCP brs ex Office UTM Gatewa gt Dynamic DNS Sae Host Table SNMP While files from the Internet can be useful some files can
157. ource IP and Destination IP is according to the RS 3000 s point of view The active side is the source passive side is destination Service m It is the service item that controlled by Policy The user can choose default value or the custom services that the system manager set in Service function Action WAN Port Control actions to permit or reject packets that delivered between LAN network and WAN network when pass through RS 3000 See the chart and illustration below Chart Name Illustration ty Permit all WAN network Allow the packets that correspond with policy to be Interface transferred by WAN1 2 Port Allow the packets that correspond with policy to be Permit WAN1 transferred by WAN1 Port Allow the packets that correspond with policy to be Permit WAN2 transferred by WAN2 Port JENY Reject the packets that correspond with policy to be transferred by WAN Port Allow the VPN packets that correspond with policy to WPN Permit VPN be transferred 129 Option m To display if every function of Policy is enabled or not If the function is enabled and then the chart of the function will appear See the chart and illustration below Chart AET Illustration Enable the policy to automatically execute the function Schedule In aaa O certain time Authentication User Enable Authentication User Authentication User Traffic Log Enable traffic log DP Enable OP Schedule H Setting the
158. pass the RS 3000 Figure22 2 TOP Select the data you want to review it presents 10 results in one page Source IP To display the report sorted by Source IP the LAN users who access WAN service server via RS 3000 Downstream The percentage of downstream and the value of each WAN service server which passes through RS 3000 to LAN user m Upstream The percentage of upstream and the value of each LAN user who passes through RS 3000 to WAN service server E First Packet When the first packet is sent to WAN service server from LAN user the sent time will be recorded by the RS 3000 m Last Packet When the last packet sent from WAN service server is received by the LAN user the sent time will be recorded by the RS 3000 E Duration The period of time between the first packet and the last packet Total Traffic The RS 3000 will record and display the amount of Downstream and Upstream packets passing from LAN user to WAN Server 236 m Reset Counter Click Reset Counter button to refresh Accounting Report Top 1 1 Starting Time Thu Mar 29 14 37 13 2007 No Last Packet Action w2tee12 sake 100 Seeetsoaes coz Total Traffic 5183K Reporting time Thu biar 29 15 04 25 2007 Figure22 2 Outbound Source IP Statistics Report STEP 3 Enter Outbound in Accounting Report and select Destination IP to inquire the statistics of Send Receive packets Downstream Upstream First packet Last pa
159. plex Mode Setting olicy Object WANI Auto Mode WAN2 Auto Mode i Dynamic Routing RIPY2 Enable Lan O want O wane C omz Routing information update timer Seconds Range 5 99999 Routing information timeout 180 Seconds Range 5 99999 Figure 4 5 Enable E mail Alert Notification Click on Mail Test to test if E mail Address 1 and E mail Address 2 can receive the Alert Notification correctly 20 Reboot RS 3000 STEP 1 Reboot RS 3000 Click Reboot button next to Reboot RS 3000 Appliance STEP 2 A confirmation pop up page will appear STEP 3 Follow the confirmation pop up page click OK to restart RS 3000 Figure 4 6 D 2 g Live system Configure Setting Web Management ONAN Interface HTTP Port MTU Setting Setting Date Time Multiple Subnet Link Speed Duplex Mode Se Route Table DHCP Dynamic DNS Host Table Dynamic Routing RIPv2 SNMP Enable C Lan C want Language Routing information update timer 30 Seconds Range 5 99999 m Routing information timeout Seconds Range 5 99999 nterface Policy Object SIP protocol pass through F Enable SIP protocol pass through FMail Security Administration Packet Logging C Enable Administration Packet Logging FAnomaly Flow IP System Reboot F Monitor Reboot the Office UTM Gateway Device Reboot Figure 4 6 Reboot RS 3000 21 4 2 Date Time Synchronize system c
160. r DMZ Interface Before canceling the WebUI selection of Interface must set up the Permitted IPs first otherwise it would cause the situation of cannot enter WebUI by appointed Interface 12 3 3 Logout STEP 1 Click Logout in System to protect the system while Administrator is away Figure 3 5 Microsoft Internet Explorer Ed Y re vou sure vou want to logout Figure 3 5 Confirm Logout WebUI STEP 2 Click OK and the logout message will appear in WebUI Figure 3 6 Office UTM Gateway Web Server Information SR enekgase eaten Figure 3 6 Logout WebUI Message 13 3 4 Software Update STEP 1 Select Software Update in System and follow the steps below E To obtain the version number from Version Number and obtain the latest version from Internet And save the latest version in the hardware of the PC which manage the RS 3000 Click Browse and choose the latest software version file Click OK and the system will update automatically Figure 3 7 Sofware Update Version Humber v 4 12 00 ex Ovislink_FS 3000_041 200 img Figure 3 7 Software Update It takes 3 minutes to update software The system will reboot after update During the updating time please don t turn off the PC or leave the WebUI It may cause some unexpected mistakes Strong suggests updating the software from LAN to avoid unexpected mistakes 14 Chapter 4 Configure The Configure is according to the basic settin
161. r the LAN IP with the Authentication port number And then the Authentication WebUI will be displayed Authentication User Name m The user account for Authentication you want to set Password m The password when setting up Authentication Confirm Password Enter the password that correspond to Password 68 Configure specific users to connect with external network only when they pass the authentication of policy Adopt the built in Auth User and Auth Group RADIUS or POP3 Function STEP 1 Setup several Auth User in Authentication Figire10 4 olicy Object Authentication Auth User Authentication User Name Schedule Auth Setting Auth User Auth Group RADIUS POP3 Content Blocking IMs P2P Blocking Virtual Server Figure10 4 Setting Several Auth Users WebUI G To use Authentication the DNS Server of the user s network card must be the same as the LAN Interface Address of RS 3000 69 STEP 2 Add Auth User Group Setting in Authentication function and enter the following settings Click New Entry Name Enter Product_dept Select the Auth User you want and Add to Selected Auth User Click OK Complete the setting of Auth User Group Figure10 5 A oe gt 2 gr amp We Policy Object Authentication Auth Group F System F Interface New Authentication Group Address Service 008 Schedule Available Authentication User gt z Select
162. r uses the DMZ Interface to set up the DMZ network m The DMZ includes NAT Mode In this mode the DMZ is an independent virtual subnet This virtual subnet can be set by the Administrator but cannot be the same as LAN Interface Transparent Mode In this mode the DMZ and WAN Interface are in the same subnet 35 5 1 LAN Modify LAN Interface Settings STEP 1 Select LAN in Interface and enter the following setting a Enter the new IP Address and Netmask E Select Ping and HTTP E Click OK Figure 5 1 LAN Interface IP Address 192 163 1 1 MAC Address 00 47 68 00 1f 03 Enable System Management Ping HTTP Figure 5 1 Setting LAN Interface WebUI The default LAN IP Address is 192 168 1 1 After the Administrator setting the new LAN IP Address on the computer he she have to restart the System to make the new IP address effective when the computer obtain IP by DHCP Do not cancel WebUI selection before not setting Permitted IPs yet It will cause the Administrator cannot be allowed to enter the RS 3000 WebUI from LAN 36 5 2 WAN Setting WAN Interface Address STEP 1 Select WAN in Interface and click Modify in WAN1 Interface G The setting of WANZ2 Interface is almost the same as WAN1 The difference is that WAN2 has a selection of Disable The System Administrator can close WAN2 Interface by this selection Figure 5 2 Se O Ja Domain name OoOo Assist Max 55 characters Wait seconds
163. rce code And you must show them these terms so they know their rights We protect your rights with two steps 1 copyright the software and 2 offer you this license which gives you legal permission to copy distribute and or modify the software Also for each author s protection and ours we want to make certain that everyone understands that there is no warranty for this free software If the software is modified by someone else and passed on we want its recipients to know that what they have is not the original so that any problems introduced by others will not reflect on the original authors reputations Finally any free program is threatened constantly by software patents We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses in effect making the program proprietary To prevent this we have made it clear that any patent must be licensed for everyone s free use or not licensed at all The precise terms and conditions for copying distribution and modification follow TERMS AND CONDITIONS FOR COPYING DISTRIBUTION AND MODIFICATION 0 This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License The Program below refers to any such program or work and a work based on the Program means either the Program or any derivative work under copyright law that is to say
164. rds and meta character and Script Blocking To restrict the access authority of Popup ActiveX Java or Cookie Download Blocking To restrict the authority of download specific sub name file audio and some common video by hitp protocol directly Upload Blocking To restrict the authority of upload specific sub name file or restrict all types of the files 73 Define the required fields of Content Blocking URL String m The domain name that restricts to enter or only allow entering Popup Blocking m Prevent the pop up WebUI appearing ActiveX Blocking m Prevent ActiveX packets Java Blocking E Prevent Java packets Cookie Blocking m Prevent Cookies packets Audio and Video Types m Prevent users to transfer sounds and video file by http Extension Blocking m Prevent users to deliver specific sub name file by http All Type m Prevent users to send the Audio Video types and sub name file etc by http protocol 74 11 1 URL Restrict the Internal Users only can access to some specific Website URL Blocking Symbol means open up means meta character Restrict to block specific website Type the complete domainname or key word of the website you want to restrict in URL String For example www kcg gov tw or gov Restrict to access specific website 6 7J N 1 Type the symbol in front of the complete domain name or key word that represents
165. ress DMZ_Any Destination Addresa Outside Any Saredule Authentication User Acton WARN Port Trattic Log Statistics Content Blocking IM PSP Blocking Mas Concurrent Sessions Per Ip M amp A Concurrent Sessions Figure21 1 Logging Policy Setting STEP 2 Complete the Logging Setting in DMZ to WAN Policy Figrue21 2 Source Destination Semice Configure hove Outside Ani Figure21 2 Complete the Logging Setting of DMZ to WAN 223 STEP 3 Click Traffic Log It will show up the packets records that pass this policy Figure21 3 Mar 2913 38 01 Time JCE Destin ation P roto col Fort Disposition Nat 24 14301 ii on 192 168 7 1 f peo r bara Tas Sr bs it a fo Be 152 165 7 1 O 1871681 l t62 lt gt 80 192 166 T Wear a2 TERA raz 165 TA aeien Tee 182 166 11 192 THE T ar 2 H32 nts pe ee 32 166 11 TGI e770 gt 50 F S46 ae 19216617 82 166 7 Vo 168 1 ror st gt 30 192 166 11 Mar 29 q3 25a 192 168 12 rt 1853 50 har 29131506 12 182 166 7 7 l 550 50 har 29 131459 Bs aba at i Vo 168 1 for 43 gt 30 Figure21 3 Traffic Log WebUI 226 STEP 4 Click on a specific IP of Source IP or Destination IP in Figure20 3 it will prompt out a WebUI about Protocol and Port of the IP Figure21 4 http 192 168 1 1 Traffic Log Filtered Source 19 168 1 2 Microsoft Internet E E har 291 aaa Mar a 13 3620 Mar 29 Tasca har 28 1S S
166. riginal virus mail O Deliver the original virus mail Figure18 6 Action of Infected Mail and Anti Virus Settings Anti Virus function is enabled in default status So the System Manager does not need to set up the additional setting and then the RS 3000 will scan the mails automatically which sent to the internal mail server or received from external mail server 208 STEP 6 When the internal users are receiving the mail from external mail account js1720 ms21 pchome com tw the RS 3000 will scan the mail at the same time and the chart will be in the Virus Mail in Anti Virus function At this time choose External to see the mail account chart Figure18 7 Top Total Virus 1 1 wo Recipient Totalvinus Total Duration vis 1 js1720 ms21 pchome com tw O 1 ee _ oon ooo aO oo o o o Clear Data Figure18 7 Report Function Chart To setup the relevant settings in Mail Relay function of Configure so that can choose to display the scanned mail that sent to Internal Mail Server 209 To detect the mail that send to Internal Mail Server have virus or not Mail Server is in LAN NAT Mode WAN IP of RS 3000 61 11 11 12 LAN Subnet of RS 3000 192 168 2 0 24 STEP 1 Set up a mail server in LAN and set its network card IP as 192 168 2 12 The DNS setting is external DNS server and the Master name is broadband com tw STEP 2 Enter the following setting in LAN of Address function Figure18
167. runnkr fur og a rar kr fur sem ger ar citiem ar to saist tajiem noteikumiem eru i tilskipun 1999 5 EC H rmed intygar OvisLink Corp att denna RS OvisLink Corp erkl rer herved at utstyret RS 3000 3000 star verensst mmelse med de v sentliga Norsk Norwegian er i samsvar med de grunnleggende krav og vrige egenskapskrav och vriga relevanta relevante krav i direktiv 1999 5 EF best mmelser som framg r av direktiv 1999 5 EG A copy of the full CE report can be obtained from the following address OvisLink Corp 5F No 6 Lane 130 Min Chuan Rd Hsin Tien City Taipei Taiwan R O C This equipment may be used in AT BE CY CZ DK EE FI FR DE GR HU IE IT LV LT LU MT NL PL PT SK SI ES SE GB IS LI NO CH BG RO TR This device uses software which is partly or completely licensed under the terms of the GNU General Public License The author of the software does not provide any warranty This does not affect the warranty for the product itself To get source codes please contact OvisLink Corp 5F No 96 Min Chuan Rd Hsin Tien City Taipei Taiwan R O C A fee will be charged for production and shipment for each copy of the source code GNU GENERAL PUBLIC LICENSE Version 2 June 1991 Copyright C 1989 1991 Free Software Foundation Inc 51 Franklin Street Fifth Floor Boston MA 02110 1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document bu
168. s are trademarks or registered trademarks of their respective companies They are used for identification purpose only Specifications are subject to be changed without prior notice FCC Interference Statement The RS 3000 has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against radio interference in a commercial environment This equipment can generate use and radiate radio frequency energy and if not installed and used in accordance with the instructions in this manual may cause harmful interference to radio communications Operation of this equipment in a residential area is likely to cause interference in which case the user at his own expense will be required to take whatever measures are necessary to correct the interference CE Declaration of Conformity This equipment complies with the requirements relating to electromagnetic compatibility EN 55022 A1 A2 EN 61000 3 2 EN 61000 3 3 A1 EN 55024 A1 A2 Class B The specification is subject to change without notice Table of Contents Chapter TIMUOGUCUON soninun aaa a e a a a aaaea 3 Aid UIC HONS and FEAOG oiii A lane abesancnsasteedieniusiioiadt add laamiwiondaede 3 Ta OMAN siesta alata toasts E E lest tania cand ahtaiad ie teudcn otal NANE 5 S PACKI LIS feta ame ee er VT 2 CPI DES NTS CSE HOON SX PE ENE RENT ONT 5 Chapter 2 Network Settings and S
169. t changing it is not allowed Preamble The licenses for most software are designed to take away your freedom to share and change it By contrast the GNU General Public License is intended to guarantee your freedom to share and change free software to make sure the software is free for all its users This General Public License applies to most of the Free Software Foundation s software and to any other program whose authors commit to using it Some other Free Software Foundation software is covered by the GNU Lesser General Public License instead You can apply it to your programs too When we speak of free software we are referring to freedom not price Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software and charge for this service if you wish that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs and that you know you can do these things To protect your rights we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights These restrictions translate to certain responsibilities for you if you distribute copies of the software or if you modify it For example if you distribute copies of such a program whether gratis or for a fee you must give the recipients all the rights that you have You must make sure that they too receive or can get the sou
170. t receive and send In Top Total Spam report you can choose to display the scanned mails that sent to Internal Mail Server or received from External Mail Server In Top Total Spam report it can sort the mail according to Recipient Total Soam and Scanned 161 Advance Instruction When talking to Mail Server it is the medium of sending or receiving all the e mail in Internet The indicative way of the e mail is acoount server name In front of the means the account behinds the mean the Master s name When you send e mail to josh yahoo com tw your sending software will go to DNS Server to find the mail Master name mapped IP and MX record first If there is a mapped MX record and then the e mail will be delivered to the MX Master first and then be delivered to the destination yahoo com tw by MX Master means the Master of yahoo co tw If it maps to several MX records and then the e mail will be deliver to the first priority Master And if there is no MX record the e mail will deliver to your mail master only after searching for mapped IP And then your mail master can deliver it to the mail master of yahoo com tw The master of yahoo com tw will deliver the mail to every recipient according to the account in front of the 162 The flow of delivering e mail The three key element of sending e mail are MUA MTA MDA m MUA Mail User Agent The PC of client cannot send mail directly It must deliver mail by MUA
171. t the PPPoE when the idle time is up and save the network expense mE Dynamic IP Address Cable Modem User Figure 5 7 1 Select Dynamic IP Address Cable Modem User 2 Click Renew in the right side of IP Address and then can obtain IP automatically 3 If the MAC Address is required for ISP then click on Clone MAC Address to obtain MAC IP automatically Hostname Enter the hostname provided by ISP Domain Name Enter the domain name provided by ISP 6 User Name and Password are the IP distribution method according to Authentication way of DHCP protocol 7 Enter Max Downstream Bandwidth and Max Upstream Bandwidth According to the flow applied by user Select Ping and HTTP 9 Click OK Figure 5 8 WAN Interface Service ICMP Alive Indicator Site IP 168 95 1 1 Wait seconds between the sending of each aliwe packet Range 0 99 0 do not check PPPoE ADSL User O Dynamic IP Address Cable hodem User Static IP Address O PPTP European User Only P Address 0 0 0 0 MAC Address bione MAL Hostname OoOo Max 50 characters Domain Name fs Max 80 characters User Name Required by DHCP protocol Max 427 characters Password Required by DHCP protocol Max 127 characters Max Downstream Bandwidth Kbps Range 1 51200 Max Upstream Bandwidth Kbps Range 1 51200 Enable System Management Ping HTTP Figure 5 7 Dynamic IP Address Connection Balance Mode
172. tas 1999 5 ES da Undertegnede OvisLink Corp erkl rer herved jnl Hierbij verklaart OvisLink Corp dat het toestel RS Dansk Danish lat f lgende udstyr RS 3000overholder de Nederlands Dutch 3000 in overeenstemming is met de essenti le eisen v sentlige krav og vrige relevante krav i en de andere relevante bepalingen van richtlijn direktiv 1999 5 EF 1999 5 EG Hiermit erkl rt OvisLink Corp dass sich das mt Hawnhekk OvisLink Corp jiddikjara li dan RS 3000 Ger t RS 3000in bereinstimmung mit den Malti Maltese jikkonforma mal ti ijiet essenzjali u ma grundlegenden Anforderungen und den brigen provvedimenti o rajn relevanti li hemm fid Dirrettiva einschl gigen Bestimmungen der Richtlinie 1999 5 EC 1999 5 EG befindet K esolevaga kinnitab OvisLink Corp seadme hu Alul rott OvisLink Corp nyilatkozom hogy a RS 3000 Eesti Estonian RS 3000 vastavust direktiivi 1999 5 EU Magyar megfelel a vonatkoz alapvet k vetelm nyeknek s pohinduetele ja nimetatud direktiivist tulenevatele Hungarian az 1999 5 EC ir nyelv egy b eldirasainak teistele asjakohastele s tetele Hereby OvisLink Corp declares that this RS pl Niniejszym OvisLink Corp o wiadcza e RS 3000 3000 is in compliance with the essential Polski Polish jest zgodny z zasadniczymi wymogami oraz requirements and other relevant provisions of pozosta ymi stosownymi postanowieniami Dyrektywy Directive 1999 5 EC 1999 5 EC Por medio de la present
173. that connect to the RS 3000 DHCP Clients Display the table of DHCP clients that are connected to the RS 3000 254 Interface STEP 1 Enter Interface in Status function it will list the setting for each Interface Figure 26 1 Forwarding Mode The connection mode of the Interface WAN Connection To display the connection status of WAN Max Downstream Upstream Kbps To display the Maximum Downstream Upstream Bandwidth of that WAN set from Interface Downstream Alloca The distribution percentage of Downstream according to WAN traffic Upstream Alloca The distribution percentage of Upstream according to WAN traffic PPPoE Con Time The last time of the RS 3000 to be enabled MAC Address The MAC Address of the Interface IP Address Netmask The IP Address and its Netmask of the Interface Default Gateway To display the Gateway of WAN DNS1 2 The DNS1 2 Server Address provided by ISP Rx Tx Pkts Error Pkts To display the received sending packets and error packets of the Interface Ping HTTP To display whether the users can Ping to the RS 3000 from the Interface or not or enter its WebUl Active Sessions Mumber 22 System Uptime 0 Day O Hour 18 Min 17 Sec es ee ee ee ee ee ee ae Forwarding Mode Dynamic F static IF HTTP Figure 26 1 Interface Status 255 Authentication STEP 1 Enter Authentication in Status function it will display the record of login status Figure 26 2 m IP Address The authenticati
174. the booting process Green Blinking Packets is sending receiving WAN 1 2 Orange On Gable speedis 100 Mbps D _Gieen_ Bing Pases i sendrgecving Orange On Cable speedis 100 Mbps Pon er oS WZ ___ Comecton tothe mermet FTP SNMP HTT ONSI 9 pin serial port connector for checking setting and restore to the Console Port factory setting 1 3 Packing List RS 3000 Office UTM Gateway Installation CD ROM Quick Installation Guide CAT 5 UTP Fast Ethernet cable CAT 5 UTP Fast Ethernet cross over cable RS 232 cable Power code Accessories Chapter 2 Network Settings and Software Installation To use this product correctly you have to properly configure the network settings of your computers and install the attached setup program into your MS Windows platform Windows 95 98 NT 2000 XP 2 1 Make Correct Network Settings of Your Computer The default IP address of this product is 192 168 1 1 and the default subnet mask is 255 255 255 0 These addresses can be changed on your need but the default values are used in this manual If the TCP IP environment of your computer has not yet been configured you can refer to the example 1 Configure IP as 192 168 1 2 subnet mask as 255 255 255 0 and gateway as 192 168 1 1 or more easier 2 Configure your computers to load TCP IP setting automatically that is via DHCP server of this product After installing the TCP IP communication protocol you can use the ping co
175. the users only can browse the website that includes yahoo and google in domain name by the above policy 76 11 2 Script Restrict the Internal Users to access to Script file of Website STEP 1 Select the following data in Script of Content Blocking function Select Popup Blocking Select ActiveX Blocking Select Java Blocking Select Cookie Blocking Click OK Complete the setting of Script Blocking Figure11 4 Pa D 4 Er Li Ve Policy Object Content Blocking Script slidable Policy Object Popup Blocking M ActiveX Blocking Address Java Blocking M Cookie Blocking Service Schedule OK 4f Cancer 008 S Content Blocking URL Script Download Upload IMiP2P Blocking VPN F Anomaly Flow IP Monitor Figure11 4 Script Blocking WebUI 77 STEP 2 Add anew Outgoing Policy and use in Content Blocking function Figure11 5 Live lt a Air Live Policy gt Outgoing A P gt i F interre Comment O O Max 32 characters Add New Policy F Policy Ob ject Incoming a DMZ To LAN ral 7 Anomaly Flow IP MAX Bandwidth Per SourceIP Downstream Ooo o Kbps Upstream oO Kbps Te erage ensue Dn e Omens f OK 4 Cancel Figure11 5 New Policy of Script Blocking Setting STEP 3 Complete the policy of restricting the internal users to access to Script file of Website in Outgoing Policy Figure11 6 Source Destination Semice Action config
176. tiating Main Modemar 29 13 47 31 2007 Firewall pluto 95 0 23 2007 Firewall pluto 955 VPN_A 26 initiating Main Modemar 29 13 50 34 2007 Firewal Connection ar 29 13 53 24 2007 Firewall pluto 955 VPN_A 28 initiating Main Modemar 29 13 53 34 20 Log Backup Accounting Report Statistics Wake on Lan Status Figure21 9 Download Connection Log Records WebUI lf the content of notepad file is not in order user can read the file with WordPad or MS Word Excel program the logs will be displayed with good order 231 To save or receive the records that sent by the RS 3000 STEP 1 Enter Setting in System select Enable E mail Alert Notification function and set up the settings Figrue21 10 E mail Setting Enable E mail Slert Motification Sender Address sender airlive com Wax 60 characters ex senderaimydamain com 4 SMTP Server mail airlive com t Max 50 characters ex mailimydomain com E mail Address 1 Max 50 characters ex user a mydomain cam 3 E mail Address 2 techi airlive com Wax 60 characters ex user2amydomain com Mail Test Figure21 10 E mail Setting WebUI STEP 2 Enter Log Backup in Log select Enable Log Mail Support and click OK Figure21 11 Log Mail Configuration Enable Log Mail Support When Log Full 00Kbytes Dual WAN Security Gateway Appliance sends Lag From SMTP Server mail airlive com To E mail Address 1 adminigairlive com E mail Address 2 t
177. ting way must be Static IP Address and can choose Transparent Mode in 44 Chapter 6 Address The RS 3000 allows the Administrator to set Interface addresses of the LAN network LAN network group WAN network WAN network group DMZ and DMZ group An IP address in the Address Table can be an address of a computer or a sub network The Administrator can assign an easily recognized name to an IP address Based on the network it belongs to an IP address can be an LAN IP address WAN IP address or DMZ IP address If the Administrator needs to create a control policy for packets of different IP addresses he can first add a new group in the LAN Group or the WAN Group and assign those IP addresses into the newly created group Using group addresses can greatly simplify the process of building control policies 7 With easily recognized names of IP addresses and names of address groups shown in the address table the Administrator can use these names as the source address or destination address of control policies The address table should be setup before creating control policies so that the Administrator can pick the names of correct IP addresses from the address table when setting up control policies 45 Define the required fields of Address Name m The System Administrator set up a name as IP Address that is easily recognized IP Address a It can be a PC s IP Address or several IP Address of Subnet Different network area ca
178. tistics and flow control Based on its source addresses a packet can be categorized into 1 Outgoing The source IP is in LAN network the destination is in WAN network The system manager can set all the policy rules of Outgoing packets in this function 2 Incoming The source IP is in WAN network the destination is in LAN network For example N Mapped IP Virtual Server The system manager can set all the policy rules of Incoming packets in this function 3 WAN to DMZ The source IP is in WAN network the destination is in DMZ network For example Mapped IP Virtual Server The system manager can set all the policy rules of WAN to DMZ packets in this function 4 LAN to DMZ The source IP is in LAN network the destination is in DMZ network The system manager can set all the policy rules of LAN to DMZ packets in this function 5 DMZ to LAN The source IP is in DMZ network the destination is in LAN network The system manager can set all the policy rules of DMZ to LAN packets in this function 6 DMZ to WAN The source IP is in DMZ network the destination is in WAN network The system manager can set all the policy rules of DMZ to WAN packets in this function All the packets that go through RS 3000 must pass the policy permission Therefore the LAN WAN and DMZ network have to set the applicable policy when establish network connection 128 Define the required fields of Policy Source and Destination S
179. tly And uses NAT mode through WAN2 The Internet Server can see your IP as WAN2 IP 24 NAT Mode m t allows Internal Network to set multiple subnet address and connect with the Internet through different WAN IP Addresses For example The lease line of a company applies several real IP Addresses 168 85 88 0 24 and the company is divided into Service Sales Procurement and Accounting department the company can distinguish each department by different subnet for the purpose of managing conveniently The settings are as the following 1 R amp D department subnet 192 168 1 1 24 LAN gt 168 85 88 253 WAN 2 Service department subnet 192 168 2 1 24 LAN gt 168 85 88 252 WAN 3 Sales department subnet 192 168 3 1 24 LAN gt 168 85 88 251 WAN 4 Procurement department subnet 192 168 4 1 24 LAN gt 168 85 88 250 WAN 5 Accounting department subnet 192 168 5 1 24 LAN gt 168 85 88 249 WAN The first department R amp D department had set while setting interface IP the other four ones have to be added in Multiple Subnet After completing the settings each department uses the different WAN IP Address to connect to the Internet The settings of each department are as following Fierce Jes Procurement Accounting IP Address 192 168 2 2 254 192 168 3 2 254 192 168 4 2 254 192 168 5 2 254 Subnet Netmask 255 255 255 0 255 255 255 0 255 255 255 0 299 255 255 0 Gateway 192 168 2 1 192 168 3
180. to access the specific website only For example www kcg gov tw or gov 2 After setting up the website you want to access user needs to input an order to forbid all in the last URL String just type in in URL String Warning The order to forbid all must be placed at the last If you want to open a new website you must delete the order of forbidding all and then input the new domain name At last re type in the forbid all order again STEP 1 Enter the following in URL of Content Filtering function Click New Entry URL String Enter yahoo and click OK Click New Entry URL String Enter google and click OK Click New Entry URL String Enter and click OK Complete setting a URL Blocking policy Figure11 1 URL String configure yahoo New Entry Figure11 1 Content Filtering Table STEP 2 Add a Outgoing Policy and use in Content Blocking function Figure11 2 Age LAWS oo cose Add New Policy DMZ To LAN F Anomaly Flow IP F Policy Object F Monitor MAX Bandwidth Per Source IP Downstream ol Kbps Upstream o Kbps Se ie aooo w O f OK jf Cancel Figure11 2 URL Blocking Policy Setting STEP 3 Complete the policy of permitting the internal users only can access to some specific website in Outgoing Policy function Figure11 3 Source Destination Service Option configure hove Inside Any Outside Any Figure11 3 Complete Policy Settings Afterwards
181. to ping specific IP address and confirm RS 3000 WAN connecting status Figure24 1 Type in available Internet IP address or domain name Choose the Ping Packets size 32 Bytes by default Type in the Count value the default setting is 4 Type in the Wait Time the default setting is 1 second Choose the source interface to send out the Ping packets Press OK to ping the IP address or domain name Figure24 2 Ping Setting Destination IP Domain name Max 30 characters eee 32 _ Bytes Range 1 9999 4 Range 0 9999 0 means unlimited 1 Seconds Range 1 9999 ijs Figure 24 1 Ping Diagnostic Ping Result Result PING 168 95 1 1 168 985 1 1 from 61 229 44 173 32 bytes of data Reply from 168 95 1 1 bytes 32 icmp_seg 0 tt448 time 49 msec Reply from 168 95 1 1 bytes 32 icmp_seg 1 tt H248 time 42 msec Reply from 168 95 1 1 bytes 32 icmp_seg 2 ttH248 time 41 msec Reply from 168 95 1 1 bytes 32 icmp_seg 3 tt248 time 54 msec 4 packets transmitted 4 packets received 0 packet loss round trip minfavg max mdev 41 264 47 074 54 575 5 444 ms Figure 24 2 Ping Result 250 H If Interface is selected VPN it must be typed in with RS 3000 LAN IP address and type in remote VPN site of LAN IP address in Destination IP Domain name Figure 24 3 Ping Setting estination IP Domain r 192 168 10 1 Max 30 characters Packet size Bytes Range 1 9999 Count 4
182. tring to the subject line Ppam Max 256 characters m Check spam fingerprint Use TCP port 2703 and UDP port 53 to connect database server Test Ml Enable Bayesian filtering Bayesian filtering not work until database has at least 200 spams and 200 hams M Enable epeiiene push Use TCP 1153 and UDP 1153 to update signature Test Ci Verify sender account is valid Check sender IP address in RBL Use UDP port 53 to connect ONS server Test Add score tag to the subject line D Action of Spam Mail Internal Mail Server Delete the spam mail M Deliver to the recipient C Forward to Max 128 characters ex user mydomain com M Deliver to the recipient Always enable Figure17 8 Default Value of Spam Setting G When only filter the mail that internal users received from external server 1 In Action of Spam Mail no matter choose Delete mail Deliver to the recipient or Forward to it will add the message on the subject line of spam mail and send it to the recipient 2 Also can use Rule Whitelist Blacklist or Training function to filter the soam mail 168 STEP6 When the internal users are receiving the mail from external mail account js1720 ms21 pchome com tw the RS 3000 will filter the mail at the same time and the chart will be in the Spam Mail in Anti Spam function At this time choose External to see the mail account chart Figure1 7 9 Top Total Spam 1 1 ntermial f Ext
183. ts Aggressive mode This is the first phase of the Oakley protocol in establishing a security association using three data packets AH Authentication Header m One of the IPSec standards that allows for data integrity of data packets ESP Encapsulating Security Payload m One of the IPSec standards that provides for the confidentiality of data packets DES Data Encryption Standard m The Data Encryption Standard developed by IBM in 1977 is a 64 bit block encryption block cipher using a 56 bit key Triple DES 3DES m The DES function performed three times with either two or three cryptographic keys AES Advanced Encryption Standard m An encryption algorithm yet to be decided that will be used to replace the aging DES encryption algorithm and that the NIST hopes will last for the next 20 to 30 years NULL Algorithm 102 m Itis a fast and convenient connecting mode to make sure its privacy and authentication without encryption NULL Algorithm doesn t provide any other safety services but a way to substitute ESP Encryption SHA 1 Secure Hash Algorithm 1 E Amessage digest hash algorithm that takes a message less than 264 bits and produces a 160 bit digest MD5 m MD5 is a common message digests algorithm that produces a 128 bit message digest from an arbitrary length input developed by Ron Rivest GRE IPSec m The device Select GRE IPSec Generic Routing Encapsulation packet seal technol
184. tting Places Files of type All Files a A MTU Figure 4 2 Enter the File Name and Destination of the Imported File Microsoft Internet Explorer 2 Click OK bo confirm system update Please wait 3 minutes while software is updated during this time do not power the unit off or leave this page Figure 4 3 Upload the Setting File WebUI 18 Restoring Factory Default Settings STEP 1 Select Reset Factory Settings in RS 3000 Configuration WebUI STEP 2 Click OK at the bottom right of the page to restore the factory settings Figure 4 4 is 3 Office UTM Gateway Configuration i Setting Import System Setting from Client gt Date Time ex OU_Gateway conf Multiple Subnet M Reset System to Factory Setting Route Table System Name Setting DHCP Device Name amama Max 40 characters ex Office UTM Gateway Dynamic DNS Host Table E mail Setting SNMP Enable E mail Alert Notification Lariguage Sender Address Required by some ISPs A Max 60 characters ex sender mydomain com Logout SMTP Server E Max 80 characters ex mail mydomain com Interface E mail Address 1 kk Max 60 characters ex useri mydomain com E mail Address 2 R Max 60 characters ex user2 mydomain com Policy Object Mail Security Mail Test Web Management NAN Interface Anomaly Flow IP HTTP Port Range 1 65535 MTU Setting
185. tting of Anti Virus function Virus Scanner Select Clam The Mail Server is placed in Internal LAN or DMZ Add the message to the subject line virus Action of Infected Mail Select Deliver to the recipient Figure18 1 4 Anti Virus Setting Virus Scan Engine Clam The Mail Server is placed in I internal LAN or DMZ External WAN Add the virus string to the subject line virus Max 256 characters The latest update time 07 05 02 04 13 37 Update virus definitions every ten minutes The newest version 43 3190 Clam definitions updated at 07 05 02 02 00 04 Update virus definitions immediately Use TCP port 80 and UDP port 53 to connect virus definition server Action of Infected Mail Internal Hail Server C Delete the virus mail I Deliver to the recipient Deliver a notifi cation mail instead of the original virus mail Deliver the original virus mail Forward to Max 128 characters ex uw2er mydomain com External Mail Server Deliver to the recipient Always enable Deliver a notifi cation mail instead of the original virus mail Deliver the original virus mail Figure18 14 Infected Mail Definition and Action of Infected Mail H When select Delete mail in Action of Infected Mail and then the other functions Deliver to the recipient or Forward to cannot be selected So when RS 3000 had scanned mail that have virus it will delete it directly But still
186. ure howe Re ee Eee es ee ed eed SE Figure11 6 Complete Script Blocking Policy Setting The users may not use the specific function like JAVA cookie etc to browse the website through this policy It can forbid the user browsing stock exchange website etc 78 11 3 Download Restrict the Internal Users to download video audio and some specific sub name file from http or ftp protocol directly STEP 1 Enter the following settings in Download of Content Blocking function E Select All Types Blocking m Click OK Complete the setting of Download Blocking Figure11 7 Download Blocking Policy Object lt a tone Audio and Video Types Blocking Extension Blocking exe L Zip rar Liso L bin L rpm S Content Blocking L pelf gz L_ gz URL bat ta Script ser vb WpS Download _ pit msi com Upload reg mp3 mpeg F Anomaly Flow IP Monitor Figure11 7 Download Blocking WebUI STEP 2 Add a new Outgoing Policy and use in Content Blocking function Figure11 8 E VTA T Interface F Policy Object Outgoing Incoming WAN To DMZ LAN To DMZ DMZ To WAN DMZ To LAN Comment ee Max 32 characters Add New Policy Tunnel v PERMIT ALL v ontent Blocking None ee prn co enaa foom ooo F a 3 5 Oe te hn el ae gt gt moe 2 8 k i Paj S al a le uy uy amp e a F a to i Fig
187. ure11 8 Add New Download Blocking Policy Setting STEP 3 Complete the Outgoing Policy of restricting the internal users to download video audio and some specific sub name file by http protocol directly Figure11 9 Source Destination Action configure hove maide Any Outside Any ANY Modify Remove Pause Figure11 9 Complete Download Blocking Policy Setting 80 11 4 Upload Restrict the Internal Users to upload some specific sub name file from http or ftp protocol directly STEP 1 Enter the following settings in Upload of Content Blocking function E Select All Types Blocking m Click OK Complete the setting of Upload Blocking Figure11 10 Ea i gt 2 Er Ve Policy Object gt Content Blocking Upload r Upload Blocking interface M All Types Blocking iso bin j pm dos O x BE AContentBlocking ane nP C hta URL C scr wh O WpS Script pit msi com Download _ reg mp3 mpeg Upload mpg atc VPN F Anomaly Flow IP Figure11 10 Upload Blocking WebUI STEP 2 Add a new Outgoing Policy and use in Content Blocking function Figure11 11 e gt 2 4 We Policy Outgoing Add New Policy Source Address Inside_Any W Outgoing Destination Address Outside_Any F Policy Object s WAN To DMZ Schedule DMZ To VAN DMZ To LAN F Anomaly Flow IP Este 2 Enable MAX Bandwidth Per SourcelP Downstream o Kbps Upstream l
188. ust cause the modified files to carry prominent notices stating that you changed the files and the date of any change b You must cause any work that you distribute or publish that in whole or in part contains or is derived from the Program or any part thereof to be licensed as a whole at no charge to all third parties under the terms of this License c If the modified program normally reads commands interactively when run you must cause it when started running for such interactive use in the most ordinary way to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty or else saying that you provide a warranty and that users may redistribute the program under these conditions and telling the user how to view a copy of this License Exception if the Program itself is interactive but does not normally print such an announcement your work based on the Program is not required to print an announcement These requirements apply to the modified work as a whole If identifiable sections of that work are not derived from the Program and can be reasonably considered independent and separate works in themselves then this License and its terms do not apply to those sections when you distribute them as separate works But when you distribute the same sections as part of a whole which is a work based on the Program the distribution of the whole must be on the terms of this License whose permissi
189. ver Leer Name Password cient F assigned by 4p Rang Fixed IP E anial Disconnect Figure 14 34 PPTP VPN Server Setting PPTP Server Enable Encryption OM Client IP Range 192113194 254 Modify UserName Client IF Lotime configure PPT P_Gonnection 000 0 Figure 14 35 Complete PPTP VPN Server Setting 120 STEP 3 Enter the following setting in Trunk of VPN function Figure14 36 Enter a specific Tunnel Name From Source Select LAN From Source Subnet Mask Enter 192 168 10 0 255 255 255 0 To Destination Select To Destination Subnet Mask To Destination Subnet Mask Enter 192 168 20 0 255 255 255 0 IPSec PPTP Setting Select PPTP_Server_PPTP_Connection Select Show remote Network Neighborhood Click OK Figure14 37 New Entry Trunk ns IMELE From Source Subnet hask To Destination O To Destination Subnet Mask Remote Client lt Selected Tunnel PPTP Server PPTP Cor Remove Add Keep alive IF Show remote Network Neighbornggd Figure14 36 New Entry Tunnel Setting a Name O Source Subnet Destination Subnet Configure PPTP_VPN 12 766 TEQ TIA TGEA PPTP Ser Figure14 37 Complete New Entry Tunnel Setting 121 STEP 4 Enter the following setting in Outgoing Policy Figure1 4 38 m Trunk Select PPTP_VPN_ Tunnel m Click OK Figure1 4 39 Comment Max 32 characters inside_Any Outside Any ANY T None
190. view It presents 10 pages in one page E Destination IP To display the report sorted by Destination IP the IP address used by LAN service server passing through RS 3000 to WAN users Downstream The percentage of Downstream and the value of each WAN user who passes through RS 3000 to LAN service server E Upstream The percentage of Upstream and the value of each LAN service server who passes through RS 3000 to WAN users m First Packet When the first packet is sent from WAN users to LAN service server the sent time will be recorded by the RS 3000 m Last Packet When the last packet is sent from LAN service server to WAN users the sent time will be recorded by the RS 3000 mE Duration The period of time starts from the first packet to the last packet to be recorded Total Traffic The RS 3000 will record the sum of time and show the percentage of each WAN user s upstream downstream to LAN service server Reset Counter Click the Reset Counter button to refresh the Accounting Report Starting Time Thu Mar 29 15 35 10 2007 TE vestination e Upstream Downstream First Packet Last Packet Action fez4e842 1a82KB 100 0 TZW ssmatsses8 03 29 18 4048 Remove Total Traffic Reporting time Thu hlar 20 16 48 18 2007 Figure 22 8 Outbound Destination IP Statistics Report 242 STEP 4 Enter Inbound in Accounting Report and select Top Services to inquire the statistics website of Sen
191. y Bit Torrent WinMX Foxy KuGoo AppleJuice AudioGalaxy DirectConnect iMesh MUTE Thunder5 VNN Client PPLive Ultra Surf PPStream GoGoBox Tor UUSee QQLive QQGame QQDownload ARES Hamachi TeamViewer GLWorld 83 12 1 IM Blocking Restrict the Internal Users to send message files video and audio by Instant Messaging STEP 1 Enter as following in IM P2P Blocking function Enter the rule name as IM_Blocking select MSN Yahoo Messenger ICQ QQ TM2008 Skype Google Talk and Gadu Gadu Figure12 1 Click OK Complete the setting of IM Blocking Figure12 2 Add IM P2P Blocking Max 16 characters Instant Messaging Login d MSN Skype Yahoo ca aaTM2008 Google Talk Gadu Gadu Instant Messaging File Transfer d EE d Google Talk W vahoo ica E Gadu Gadu Peer to Peer Application d d Edonkey E KuGoo E iMesh E PPLive H Tor H Ares E Et Torrent E vinx d Foxy d AppleJuice d AudioGalaxy W DirectConnect E MUTE W Thunders E VNN Client W Uitra Surf E pPStream I GoGoBox H UUSee E OOLive QOGame E QODownload W Hamachi W Teamviewer E Gord Figure12 1 IM Blocking WebUI IM P2P Signature Definitions Last updated on OOV02 04 14 36 27 Update signature definitions every one hour Current version 3 1 4 Signature definitions updated at 06 01 31 16 04 29 Update signature definitions immediately Use TCP port 80 and UDP port 53 f Update NOW IM P2P Blocking Figure12
192. ystem in order to integrate the remote network and PC of the enterprise Also provide the enterprise and remote users a safe encryption way to have best efficiency and encryption when delivering data Therefore it can save lots of problem for manager IPSec Autokey The system manager can create a VPN connection using Autokey IKE Autokey IKE Internet Key Exchange provides a standard method to negotiate keys between two security gateways Also set up IPSec Lifetime and Preshared Key of the RS 3000 PPTP Server The System Manager can set up VPN PPTP Server functions in this chapter PPTP Client The System Manager can set up VPN PPTP Client functions in this chapter a T How to use VPN To set up a Virtual Private Network VPN you need to configure an Access Policy include IPSec Autokey PPTP Server or PPTP Client settings of Tunnel to make a VPN connection 101 14 1 IPSec Autokey Define the required fields of VPN Preshare Key m The IKE VPN must be defined with a Preshared Key The Key may be up to 128 bytes long ISAKMP Internet Security Association Key Management Protocol m An extensible protocol encoding scheme that complies to the Internet Key Exchange IKE framework for establishment of Security Associations SAs Main Mode m This is another first phase of the Oakley protocol in establishing a security association but instead of using three packets like in aggressive mode it uses six packe
Download Pdf Manuals
Related Search