Gebruiksaanwijzing /service van het product BiGuard 50G van de fabrikant Billion
Ga naar pagina of 223
BiGuard 50G 802.11g Dual WAN Security Gateway User’s Manual Version Release 1.03 (FW:1.xx).
2 BiGuard 50G User’s Manual (Updated September, 2007) Copyright Information © 2007 Billion Electric Corporation, Ltd. The contents of this pu blication may no t be reproduced in whole or in part, transcribed, stored, tr anslated, or tr ansmi tted in any form or any means, withou t the prior written con sent of Billion Electric Corporation.
3 Safety Warnings Y our BiGuard 50G is built for reliability and long serv ice life. For your safety , be sure to read and follo w the following safety w arnings. • Read this installation guide thoroughly bef ore attempting to set up your BiGuard 50G.
4 Table of Contents Chapter 1: Introduction 1.1 Overview 1.2 Product Highlights 1.2.1 Increased Bandwidth, Scalability and Resilience 1.2.2 Virtual Private Network Support 1.2.3 Advanced Firewall Security 1.2.4 Intelligent Bandwidth Management 1.3 Package Contents 1.
5 2.6.2 VPN Planning - Fail Over 2.6.3 Concentrato r Chapter 3: Getting Started 3.1 Overview 3.2 Before You Begin 3.3 Connecting Your Router 3.4 Configuring PCs for TCP/IP Networking 3.4.1 Overview 3.4.2 Windows XP 3.4.2.1 Configuring 3.4.2.2 Verifying Settings 3.
6 4.2.3 Routing Table 4.2.4 Session Table 4.2.5 DHCP Table 4.2.6 IPSec Status 4.2.7 PPTP Status 4.2.8 Traffic Statistics 4.2.9 CPU Statistics 4.2.10 System Log 4.3 Quick Start 4.3.1 DHCP 4.3.2 Static IP 4.3.3 PPPoE 4.3.4 PPTP 4.3.5 Big Pond 4.4 Configuration 4.
7 4.4.4.3 Firmware Upgrade 4.4.4.4 Backup / Restore 4.4.4.5 Restart 4.4.4.6 Password 4.4.5 Firewall 4.4.5.1 Packet Filter 4.4.5.2 URL Filter 4.4.5.3 Ethernet MAC Filter 4.4.5.4 Wireless MAC Filter 4.4.5.5 Block WAN Request 4.4.5.6 Intrusion Detection 4.
8 5.1.1 Router Won’t Turn On 5.1.2 LEDs Never Turn Off 5.1.3 LAN or Internet Port Not On 5.1.4 Forgot My P assword 5.2 LAN Interface 5.2.1 Can’t Access Router from the LAN 5.2.2 Can’t Ping Any PC on the LAN 5.2.3 Can’t Access Web Configuration Interfac e 5.
9 Appendix D: Network, Routing, and Firewall Basics D.1 Network Basi cs D.1.1 IP Addresses D.1.1.1 Netmask D.1.1.2 Subnet Addressing D.1.1.3 Private IP Addresses D.1.2 Network Address Translation (NAT) D.1.3 Dynamic Host Configuration P rotocol (DHC P) D.
10 Appendix E: Virtual Private Networking E.1 What is a VPN? E.1.1 VPN Applications E.2 What is IPSec? E.2.1 IPSec Security Components E.2.1.1 Authentication Header (AH) E.
11 E.2.2 IPSec Mod E.2.3 Tunnel Mod e AH E.2.4 Tunnel Mod e ESP E.2.5 Internet Key Exchange (IKE) Appendix F: IPSec Logs and Events F.1 IPSec Log Event Categories F.2 IPSec Log Event Table Appendix G: Bandwidth Management with QoS G.1 Overview G.2 What is Quality of Service? G.
12 Chapter 1: Introduction 1.1 Overview Congratulations on purchasing BiGu ard 50G Router from Billion. Combining a router w i t h a n E t h e r n e t n e t w o r k s w itch, BiGuard 50G is a stat e-o.
13 connections are possible on BiGuard 50G, with perfor manc e of up to 10Mbps. 1.2.3 Advanced Firewall Security Aside from intelligent broadban d sharing, BiGuard 50G off ers integrated firewall protection with adv anced features to se cure your network from outside attacks.
14 LED Function Power A solid light indicates a st eady connection to a power source. Status A blinking light indicates the device is writing to flash memory. LAN 1 – 4 Lit when connected to an Ethernet device. 10/100M : Lit green when connected at 100Mbps.
15 1.3.2 Rear Panel Port Function 1 Wireless Antenna One detachable 2.4GHz 5dbi SMA antenna 2 WAN2 WAN2 10/100M Ethernet port (with auto crossover support); connect xDSL/Cable modem here. 3 WAN1 WAN1 10/100M Ethernet port (with auto crossover support); connect xDSL/Cable modem here.
16 1.3.4 Cabling Most Ethernet netw orks currently use unshielded twist ed pair (UTP) cabling. The UTP cable contains eigh t conductors, arranged in fou r twisted pairs, and terminated with an RJ45 t ype connector . One of the most common causes of networking problems is bad cabling.
17 Chapter 2: Router Applications 2.1 Overview Y our BiGuard 50G router is a vers atile device that can be configured to not only protect your network from maliciou s attackers, but also ensure optimal usage of available bandwidth with Quality of Service (QoS) and both Inbound and Outbound Load Balancing.
18 2.2.2 QoS Policies for Different Applications By setting differen t QoS policies according to the application s you are running, you can use BiGuard 50G to optimiz e the bandwidth that is being used on your network.
19 applications such as an FTP server , users using VoIP will experience network lag and/or service interruption s during use. T o avoid this scenario, this network has assigned V oIP with a guaranteed bandwidt h and higher priori ty to ensure smooth communications.
20 manage your bandwidth, providing reliable Internet and network service to your organization. 2.2.5 Priority Bandwidth Utilization Assigning priority to a certain service allows BiGuard 50G to give either a higher or lower priority to traffic from this particular servic e.
21 2.2.6 Management by IP or MAC address BiGuard 50G can also be configured to appl y traffic policies based on a particular IP or MAC address. This allows you to qu ickly assign different traffic policies to a specific computer on the network. DiffServ (DSCP Marking) DiffServ (a.
22 Other interfaces can match tr affic based on the DSC P markings. DSCP markings are u s e d t o d e c i d e h o w p a c k e t s s h o u l d b e t r e a t e d , a n d i s a u s e f u l t o o l t o g i v e precedence to varying types of data.
23 In the above example, PC 1 (IP_192.168. 2 .2) and PC 2 (IP_192.168.2.3) are connected to the Internet via W AN1 (IP_230.100.100.1) on BiGuard 50G. Should WAN1 fai l, Outbound F ail Over tells BiGuard 50G to reroute outgoing tr affic to WAN2 (IP_213.
24 connected to the Inter net via WAN1 (IP_23 0.100.100.1) and WAN2 (IP_213.10.10.2) on BiGuard 50G. Y ou can configure BiGuard 50G to balance the load of each WAN port with one of two mechanisms: 1. Session (by session/by traffic/weight of link capability) 2.
25 2.4.1 Inbound Fail Over Configuring BiGuard 50 G for Inbound F ail Over allows you to ensure that incoming traffic i s uninterrupted by having BiGuar d 50G default to W AN2 should WAN1 fail. In the above example, an FTP Server (IP_192.168.2.2) and an HT TP Server (IP_192.
26 2.4.2 Inbound Load Balancing Inbound Load Balancing allows BiGuard 50G to intelligently man age inbound traffic based on the amount of load of each W AN connection. In the above example, an FTP server (IP_192.168.2.2 ) and an HT TP server (IP_192.168.
27 2.5 DNS Inbound Using DNS Inbound is a great way to int elligently direct netw ork traffic. DNS Inbound is a three step process. First, a DNS request is made to the router via a remote PC.
28 2.5.1 DNS Inbound Fail Over BiGuard 50G can be configured to reply the WAN2 IP address for the DNS domain name request should W AN1 fail. In the above example, an FTP Server (IP_192.168.2.2) and an HT TP Server (IP_192.168.2.3) are connected to the In ternet via W AN1 (IP_200.
29 2.5.2 DNS Inbound Load Balancing DNS Inbound Load Balancin g allows BiGuard 50G to intell igently manage inbound traffic based on the am ount of load of each WAN conne ction by assigning the IP address with the lowest traffi c load to incoming request s.
30 In the example above, the client is making a DNS reques t. The request is sent to the DNS server of BiGuard 50G throu gh WAN2 (1). W AN2 will rou te this request t o the embedded DNS server of BiGuard 50G (2). BiGuard 50G will an alyze the bandwidth of both WAN1 and WAN2 and decide wh ich WAN IP to reply to the requ est (3).
31 2.6 Virtual Private Networking A Virtual Priv ate Network (VPN) enables y ou to send data between two computers across a shared or public network in a ma nner that emul ates the properties of a point-to-point private link. As such, it is perfect for connecting br anch offices to headquarters across the Intern et in a sec ure fashion.
32 VPN provides a flexible, cost-efficien t, and reliab le way for companies of all sizes to stay connected. One of the most important steps in setting up a VPN is proper planning. The followi ng sections demonstrate the various wa ys of using BiGuard 50G to setup your VPN.
33 gateway usi ng WAN1 through a secure VPN tunnel. Should W AN1 fail, outbound traffic from BiGuard 50G will automatically be redirected to WAN2. This process is completely tr ansparent to the remote gatewa y , as BiGuard 50G will automatically update the domain name (biguard.
34 2.6.3 Concentrato r The VPN Concentrator provides an easy way for br anch offices to connect to headquarter through a VPN tunnel . All branch office tr affic will be redirected to the VPN tunnel to headquarter with the ex ception of LAN-side traffi c.
35 Chapter 3: Getting Started 3.1 Overview BiGuard 50G is designed to be a powerful and flexible network device that is also easy to use. With an intuitive web-based conf iguration, BiGuard 50G allows.
36 password for security reason. 4. Prepare to physically connect BiGuar d 50G to Cable or DSL modems and a computer . Be sure to also review the Safety Warn ings located in the preface of this m anual before working with your BiGuard 50G. 3.3 Connecting Your Router Connecting BiGuard 50G is an easy three-step process: 1.
37 3.4 Configuring PCs for TCP/IP Networking Now that y our BiGuard 50G is connected properly to y our network, it’s time to configure your net worked PCs for T CP/IP networking. In order for your network ed PCs to communi cate with your router , they must have the following characteristics: 1.
38 - Windows 95/98/Me/NT/2000/XP - Mac OS 7 and later If you are using Windows 3.1, you mu st pu rchase a third-party TCP/IP application package. Any T CP/IP capable workstation can be use d to communicate with or through BiGuard 50G. T o configure other types of workstations, please consult the manufacturer’ s documentation.
39 3. Select Internet Protocol (TCP /IP) and click Properties . 4a. T o have your PC obtain an IP address automatical ly , select th e Obtain an IP.
40 address automatically and Obtain DN S server address automatically ra di o buttons. 4b. T o manually assign y our PC a fixed IP addre ss, select the Use the following IP address r adio button and enter your desired I P address, subnet mask, and default gateway in the blanks provided.
41 3.4.2.2 Verifying Settings T o verify your settings using a command prom pt: 1. Click Start > Programs > Accessories > Command Prompt . 2. In the Command Pro mpt window , type ipconfig and then press ENTER .
42 - An IP address between 192.168.1.1 and 192 .168.1.253 - A subnet mask of 255.255.255.0 T o verify your settings using the W indows XP GUI: 1. Click Start > Settings > Network Connections .
43 2. Right click one of the network connect ions listed and select Status from the pop-up menu. 3. Click the Support tab..
44 If you are usi ng BiGuard 50G’s defaul t settings, your PC should: - Have an IP address be tween 192.168.1.1 and 192.168.1.253 - Have a subnet mask of 255.255.255.0 3.4.3 Windows 2000 3.4.3.1 Configuring 1. Select Start > Settings > Cont rol Panel .
45 2. In the Control Panel window, double-click Network and Dial-up Connections . 3. In Network and Dial-up Connections, double-click Local Area Connection .
46 4. In the Local Area Connection window , click Properties . 5. Select Internet Protocol (TCP/IP) and cl ick Properties ..
47 6a. T o have your PC obtain an IP address automatically , select the Obta in an IP address automatically and Obtain DNS serve r address automatically radio buttons.
48 7. Click OK to finish the configurati on..
49 3.4.3.2 Verifying Settings 1. Click Start > Programs > Accessories > Command Prompt . 2. In the Command Pro mpt window , type ipconfig and then press ENTER . If you are using BiGuard 50G’s default settings, your PC should have: - An IP address between 192.
50 - A subnet mask of 255.255.255.0 3.4.4 Windows 98 / Me 3.4.4.1 Installing Components T o prepare Windows 98 /Me PCs for TCP /IP networking, you may need to manually install TCP/IP on each PC. T o do this, follow the steps below. Be sure to ha ve your Windows CD handy , as you may need to in sert it during the installat ion process.
51 Y ou mu st have the follow ing installed:.
52 - An Ethernet adapter - TCP/IP pr otocol - Client for Microsoft Networks If you need to in stall a new E thern et adapter , follow these steps: a. Click Add . b. Select Adapter , then Add . c. Select the manufactu rer and model of your Ethernet adapt er , then click OK .
53 If you need TCP/IP: a. Click Add ..
54 b. Select Protocol , then click Add . c. Select Microsoft . Æ TCP/IP , then OK . If you need Client for Microsoft Networks: a. Click Add ..
55 b. Select Client , then click Add . c. Select Microsoft . Æ Client for Microsoft Networks , and then click OK . 3. Restart your PC to apply your changes.
56 2. In the Cont rol Panel, double-click Network and choose the Confi guratio n tab..
57 3. Select TCP / IP > ASUSTek or the name of any Network Interface Card (N IC) in your PC and click Properties . 4. Select the IP Address tab and click the Obtain an IP address au tomatic all y radio butto n.
58 5. Select the DNS Conf igura tion tab and select the Disable DN S radio button. 6. Click OK to apply the configurati on..
59 3.4.4.3 Verifying Settings T o check the TCP/IP configuration, use the winipcfg.exe utility: 1. Select Start > Run . 2. T ype winipcfg, and then click OK.
60 The window is updated to show your settings. Using the de fault BiGuard 50G settings, your PC should have: - An IP address between 192.168.1.1 and 192 .
61 ISP setting in W AN site: Obtain an IP Address au tomatically ( DHCP Clie nt) DHCP server: DHCP server is enabled. Start IP Address: 192.168.1.100 End IP Address: 192.168.1.199 3.5.1 User Name and Password The default user name and password are "a dmin" and "admin" respectively .
62 3.6 Information From Your ISP 3.6.1 Protocols Before configuring th is device, you have to check with your ISP (Internet Service P r o v i d e r ) t o f i n d o u t w h a t k i n d o f s e r v i c e is provided such as DHCP , St atic IP , PPPoE, or PPTP .
63 3.6.2 Configuration Information If your ISP does not dynamically assign configur ation information but instead uses fixed configurations, you will need the follow ing basic information from you r I.
64 2. Double-click th e Network icon. 3. In the Network Connections window , right-click Local Area Connection and select Properties ..
65 4. Select Internet Protocol (TCP /IP) and click Properties . 5. If an IP address , subnet mask and a Default gateway are shown, write down the informat ion.
66 assigned. Click the Obtain an IP address automatically ra dio button. 6. If any DNS ser ver addresses are shown, write them down. Click the Obtain DNS server address automa ti cally radio button .
67 3.7 Web Config uration In terface BiGuard 50G includes a W eb Configuration Interface for easy administr ation via virtually any browser on your network. T o access this interface, open your web browser , enter the IP address of your ro uter , which by default is 192.
68 If the W eb Configuration I nterface appears, congratulati ons! Y ou are now ready to configure your BiGuard 50G. If y ou are having trouble accessing the interface, please refer to Chapter 5: Troubleshooting for possible resolutions.
69 Chapter 4: Router Configuration 4.1 Overview The W eb Configuration Interface mak es it ea sy for you to manage your net work via any PC connected to i t. On the W eb Co nfigur ation homepage, you will see the navigation pane l ocated on the left hand si de.
70 restricted to only one PC accessing the web configur ation interface at a time. Once a PC has logged into the web interf ace, other PCs cannot gain access until the current PC has logged out. If the previous PC forgets to logout, the second PC can access the page after a user-defined period (5 minutes by default).
71 Device Information Device Name: Displays the device name. System Up Time: System uptime enabl es a user to determine how long has the system being online or th e time that an unexpected restart or fault occurred. The system up-time is restar ted when there is a power failure or upon software or hardware reset.
72 In this menu, yo u will find the foll owing sections: - ARP Table - Wireless Association - Routing Table - Session Table - DHCP Table - IPSec Status - PPTP Status - Traffic Statistics - CPU Status .
73 4.2.1 ARP Table The Address Resolution Protocol (ARP) T a ble shows the mapping of Internet (I P) addresses to Ethernet (MAC) addresses. This is a quick way to determine the MAC address of your PC’ s network interface to use with the router’ s Firewall – MAC Address Filter function.
74 4.2.3 Routing Table The Routing T able d isplays th e current path for transmitted packets. Both sta tic and dynamic routes are displayed. No.: Number of the list. Destination: The IP address of the destination network. Netmask: The destination netmask address.
75 Sessions: Filter: when the presented field is fill ed, please click Filter button. From IP: please input the sou rce IP you would like to filter . From Port: please input the source port you would like to filt er . To IP: please input the destin ation IP you would like to filter .
76 Name: The name you assigned to the particular IPSec entry . Enable: Whether the IPSec connection is currently Enable or Disable. Status: Whether the IPSec is Active, Inactive or Disable. Local Subnet : The local IP addres s or subnet used. Remote Subnet: The subnet of the remote site.
77 WAN1: T ra nsmitted (Tx) and Received (Rx) bytes and packets for W AN1. WAN2: T ra nsmitted (Tx) and Received (Rx) bytes and packets for W AN2. Display: Allows y ou to change the units of me asurement for the traffi c graph. 4.2.9 CPU Statistics This page displays the rout er’s system information.
78 MemFree: The router’ s current free memory size. CPU status: The CPU’ s usage shown in percentage each minute. When the CPU percentage in us e is higher than 80% the lin e will turn red. When the CPU percentage in us e is lower than 80% the line w ill turn blue.
79 First directs the page number for the table to the 1 st page, previous directs the page number for the table to the one page before, the dropdown menu allows the user to specifically se lect the pa.
80 4.3.2 Static IP IP assigned by your ISP: Enter the assigned IP address from your IP . IP Subnet Mask: Enter y our IP subnet mask. ISP Gateway Address: Enter your ISP gate way address. Primary DNS: Enter your pri mary DNS. Secondary DNS: Enter your secondary DNS .
81 is a packet requesting access to the Intern et (i.e. when a program on your computer attempts to access the Internet), sel ect Trigger on Demand . Idle Time: Auto-disco nnect the router when ther e is no activity on the line for a predetermined period of time.
82 predetermined period of time. Select the id l e t i m e f r o m t h e d r o p d o w n m e n u . A c t i v e if Trigger on Demand is selected. Click Apply to save y our changes. T o reset to defaults, click Reset . 4.3.5 Big Pond Username: Enter your user name.
83 - QoS - Virtual Server - Advanced These items are described below in the fo llowing sections. 4.4.1 LAN There are three items within this section: Ethernet , Wireless, Wireless Securti y, DHCP Server and LAN Address Mapping.
84 IP Address: Enter the i nternal LAN IP addre ss for BiGuard 50G (192.168.1.254 by default). Subnet Mask: Enter the subnet mask ( 255.255.255.0 by default). RIP: RIP v2 Broadcast and RIP v2 Multicast. Check to enable RIP . Wireless WLAN Service: Default setting i s set to Disable .
85 Hide ESSID: It is function in which transmits its ESSID to the air so that when wireless client searches for a network, rout er can the n be discovered and recognized. Default setting i s Disable. Enable: Select Enable if you do not want broadcast your ESSID .
86 of the connected AP . WDS takes adva ntages of cost saving and flexibility which no extra wireless client device is required to bridge between two access points and extending an ex isting wired or wireless in frastructure network to create a l arger network.
87 Encryption Standard) utilizes a stron ger encryption method and incorporates Message Integrity Code (MIC) to pr ovide protection against hackers. WPA Shared Key: The key for network authentication. T he input format is in character st yle and key size should be in the range between 8 and 63 char acters.
88 4.4.1.3 WEP WEP Encryption: T o prevent unauthorized wirele ss stations from accessing data transmitted o ver the network, the router offers highly secure data encryption, known as WEP . If you require hi gh secu rity for transmissions, there are two alternatives to select from: WEP 64 and WEP 128 .
89 T o disable the router’ s DHCP Server , select the Disable radio button, and then click Apply . When the DHCP Server is disabled, yo u will need to manually assign a fixed IP ad dr es s t o e ac h P C on yo ur ne tw or k, and set the default gateway for each PC to the IP address of the router (192.
90 Name: Enter the name you w ant to give for the IP+Mac Address Fi xed Host account. Active: Select whether you wan t to Enable or Disable this particu lar Fixed Host account. IP Address: Enter the IP addres s that you want to reserve for the above MAC address.
91 4.4.1.5 LAN Address Mapping LAN Address Mapping is a function that can support mu ltiple subnet and also multiple NA T , you can specify a subnet and LAN Gatew ay IP Address and select associated WAN I P Address specified in WAN I P Alias in Configuration -> WAN -> WAN IP Alias.
92 4.4.2 WAN W AN refers to your W ide Area Network conne ction. In most cases, this means your router ’ s connection to the Internet thr ough your ISP . BiGuard30 features Dual W AN capability . There are thre e items within this section: The W AN menu contains two items: ISP Settings , Bandwidth Settings and WAN IP Alias .
93 Connection Method: Select how your router will connect t o the Internet. Selection s include Obtain an IP Address Automatically , Static IP Settings , PPPoE Settings , PPTP Settings , and Big Pond Settings . F or each WAN port, the factory default is DHCP .
94 MAC Address: If your ISP requires you to input a WAN Ethernet MAC, check the checkbox and enter your MA C address in the blanks below . Candidates: Y ou can also select the MAC addre ss from the list in the Candidates. DNS: If your ISP requires you to manually setup DNS settings, check the checkbox and enter your primary and secondary DNS .
95 Primary DNS: Enter the primary DNS provided by yo ur ISP . Secondary DNS: Enter the secondary DNS provided by your ISP . RIP: T o activ ate RIP , select Send , Receive , or Both from the drop down menu. T o disable RIP , select Disable from th e drop down menu.
96 select Always Connect . If you want to establish a PPPoE session only when t here is a packet requesting access to the Intern et (i.e. when a program on your computer attempts to access the Internet), sel ect Trigger on Demand . Idle Time: Auto-disconnect the router when there is no activity on the line for a predetermined period of time.
97 4.4.2.1.4 PPTP Settings Username: Enter your user name. Password: Enter your password. Retype Password: R etype your password. PPTP Client IP: Enter the PPTP Cl ient IP provided by your ISP . PPTP Client IP Netmask: Enter the PPTP Client IP Netmask prov ided by your ISP .
98 button. This will take you to anoth er page for inputting the IP address information. MAC Address: If your ISP requires you to input a WAN Ethernet MAC, check the checkbox and enter your MA C address in the blanks below . Candidates: Y ou can also select the MAC addre ss from the list in the Candidates.
99 MAC Address: If your ISP requires you to input a WAN Ethernet MAC, check the checkbox and enter your MA C address in the blanks below . Candidates: Y ou can also select the MAC addre ss from the list in the Candidates. DNS: If your ISP requires you to manually setup DNS settings, check the checkbox and enter your primary and secondary DNS .
100 WAN IP Alias WAN IP Alias allows you to input additional WAN IP addresses. WAN IP Alias can be used for Multip le NA T sett ings, includin g LAN Address Mapping settings and Virtual Server settings. Please click Create to create a LAN Address Mapping rule.
101 specific WAN port. In this menu are the following sect ions: General Settings, Outbound Load Balance, Inbo und Load Balance, and Protocol Bi nding. 4.4.3.1 General Settings Mode: Y ou can select Load Balance or F ail Over . Service Detection: Enables or disables the service detection feature.
102 4.4.3.2 Outbound Load Balance Outbound Load Balancing on BiGuard 50G can be based on one of two methods: 1. By session mechanism 2. By IP address hash mechanism Choose one by clicking the corresponding ra dio button.
103 to authenticate the sour ce IP address. Balance by weight of link c apacity: U s e s a n I P h a s h t o b a l a n c e t r a f f i c b a s e d on weight of li nk bandwidth capacity . Balance by weight: Uses an IP hash to balance traffi c based on a ratio .
104 SOA: Domain Name: The domain name of DNS Serv er 1. It is the name that you register on DNS organization. Y ou have to fill-out th e Fully Qualified D omain N a m e ( F Q D N ) w i t h a n e n d i n g c h a r a c t e r ( a d o t ) f o r t h i s t e x t field.
105 MX Record Mail Exchanger: The name of the mail s erver . IP Address: The mail server IP address. Click Apply to save your changes. T o edit the Host Mapping URL list, click Edit . This will open the Host Mapping URL table, which lists the c urrent Host Mapping URLs.
106 Name1: The Alias Host URL Name2: The Alias Host URL Click Apply to save your changes. 4.4.3.4 Protocol Binding Protocol Binding lets you direct specific tr affic to go o ut from a specific W AN port. Click the Create button to create a new policy entr y .
107 Source IP Range: All Source IP: Click it to specify all source IPs. Specified Source IP: Click to specify a specific source IP address and source IP netmask. Source IP Address: If Specified Source IP was chos en, here’ s where the IP can be entered.
108 Time Zone BiGuard does not use an onboard real time clock; instead, it uses the Network Time Protocol (NTP) to acquire the current time from an NTP server outside y our network. Simply choose your local time zone, enter N TP Server IP Address, and click Apply .
109 NOTE: When enabling remote access, please mak e sure to change the default administration passwor d for security reason. Action: Select Enable or Disabl e remote access function. HTTPS Port: Please input the remote access HT TPS port you would like to use.
11 0 Upgrading y our BiGuard 50G’s firmw are is a quick and easy way to enjoy increased functionality , better reliability , and ensu re trouble-free operation. T o upgrade your firmware, simpl y visit Billion’ s website ( http://www.billion.com ) and download the latest firmware image file for BiGu ard 50G.
111 backup file. Y o u may also change the name of th e file when saving if you w ish to keep multiple backups. Click OK to save the file . T o restore a previously saved backup file, clic k Browse . Y ou will be prompted to select a file from your PC to restore.
11 2 4.4.4.6 Password In order to prevent unauthorized access t o your router’s configuration interface, it requires the administr ator to login with a password. Y ou can change yo ur password by entering your new passw ord in both fields. Click Apply to save yo ur changes.
11 3 4.4.5.1 Packet Filter The Pack et Filter function is used to limit user access to certain sites on the Internet or LAN. The Filter T able display s all current filt er rules.
11 4 ID: This is an identify that allow s you to move the rule by before or after an ID. Rule: Enable or Disable this entry . Action When Matched: Select to Dr op or Forward the packet specified in t his filter entry .
11 5 Destination Port Range: Enter th e destination port number range. If you only want to specify one service port, then en ter the same port number in both box es. Helper: Y ou could also select the applicat ion type you would like to apply for automatic input.
11 6 URL Filtering: Y ou can choose to Enable or Di sable this feature. Keyword Filtering: Click the checkb ox to enable this featu re. T o edit the list of filtered keywords, click Details. Domain Filtering: Click the "enable" checkbox to enable f iltering by Domain Name.
11 7 Enter a domain and select w hether this domain is tru sted or forbidden w ith the pull-down menu. Next, click Apply . Y our ne w domain will be added to either the T rusted Domain or Forbidden Domain listing, depending on which you selected previously .
11 8 4.4.5.3 Ethernet MAC Filter Ethernet Mac Filt er can decide if BiGuard will f ilter those dev ices at LAN side by MAC Address and determine if they can connect to the internet or not.
11 9 4.4.5.4 Wireless MA C Filter Prevents unauthorized computers access from using the Internet through the router . Wireless MAC Filter can Default Rule: Forward or Drop all wireless re quest. (Forward by default) Click on Create to create a new rule.
120 4.4.5.5 Block WAN Request Blocking WAN requests is one w ay to pr event DDOS attacks by preventing ping requests from the Internet . Use t his menu to enable or disable functio n. 4.4.5.6 Intrusion Detection Intrusion Detectio n can prevent most co mmon DoS attacks from the Internet or from LAN users.
121 connections on per-us er basis. This is useful when controlling users who w ill use the applications which create a large n umber of connections (such as P2P softw are). No Limit: No restrictions on t he amount of sessions allowe d to connect to BiGuard30.
122 4.4.6.1 IPSec IPSec is a set of protocols that enab le Virtual Private Networks (VPN). Y ou can find two items under the IPSec section: IPSec W izard and IPSec Policy . 4.4.6.1.1 IPSec Wizard Connection Name: A user -defined name for the connection.
123 pre-shared key into both sides (router or hosts ). Connection Type : There are 5 connection types: (1)LAN to LAN: Bi Guard would like to establish an IPSec VPN tunnel with remote router using Fixed Inter net IP or domain name by using main mode. Secure Gateway Address (or Domain Nam e): The IP address o r hostname of the remote VPN gatewa y .
124 (3)LAN to Host: BiGuard would lik e to establish an IPSec VPN tunnel with remote client softwa re using Fixed Internet IP or domain name by using main mode. Secure Gateway A ddress (or Domain Name): The IP address or hostname of the remote VPN device that is connected and establishes a VPN tunnel.
125 Remote Identi fier: The Identifier of the remote gateway . According to the input value, the ID type will be auto-defi ned as IP Address, FQDN(DNS) or FQUN(E-mail).
126 After your confi guration is done, y ou will see a Configurat ion Summary . Back: Back to the Previous page. Done: Click Done to ap ply the rule. 4.
127 Connection Name: A user-defin ed name for the connection. T unnel: Select Enable to activate thi s tunnel. Select Disable to deactivate thi s tunnel.
128 interface if Aut o is selected. Local: This section configures th e local host. ID: Th is is the identity type of the local router or ho st. Choose from the following four options: W AN IP Address: Automatically use the current WAN Address as ID .
129 Any Local Address: Will enable any local address on the network . Subnet: The subnet of the remote ne twork. Selecting this option allows you to enter an IP address and netmask. IP Range: The IP R ang e of the remote n etwork. Single Address: The IP address of the remote host.
130 negotiation time. Diff ie-Hellman is a public-key cryptography protocol that allows two parties to establish a shar ed secret over the Internet. Pre-shared Key: This is for the Internet Key Ex change ( IKE) protocol. IKE is used to establish a shar ed security policy and authenticated k eys for services (such as IPSec) that require a key .
131 Local Subnet: Displays IP address a nd subnet of the local network. Remote Sub net: Displays IP address and subnet of th e remote network. Remote Gatew ay: This is the IP address or Domain Name of the remote VPN device that is connected and has an es tablished IPSec tunnel.
132 Connection Name: A user-defin ed name for the connection. T unnel: Select Enable to activate thi s tunnel. Select Disable to deactivate thi s tunnel. Username: Please input the userna me for this account. Password : Please input the password for this account.
133 The first menu screen gives you an overview of wh ich WAN ports currently have QoS active, and the bandwidth settings for each. WAN1 Outbound: QoS Function: QoS status for W AN1 outbound. Select Enabl e to activate QoS for WAN1’ s outgoing tr affic.
134 Creating a New QoS Rule T o get started using QoS, you will need to establish QoS rules. These rules tell BiGuard 50G how to handl e both incoming and outgoing tr affic. The following example shows you how to configure W AN1 Outbound QoS . Configuring the ot her traffic types follows the same process.
135 Interface: The current traffic type . This can be W AN1 (outbound, inbound) and WA N2 (outbound, inbound). Application: User defined applicati on name for the current rule. Guarantee d: The guaranteed amount of bandwidth for this rule as a percentage.
136 For MAC Address: Source MAC Addre ss: The source MAC Address of the device this rule applies to. Candidates: Y ou can also select the Candidates which are referred from the ARP table for automatic input. Source Port Range: The r ange of source ports this rule applies to.
137 configure your router t o forward these incoming connectio n attempts using specific ports to the PC on your network run ning the applicatio n. Y ou w ill also need to u se port forwarding if you want to host an onlin e game server .
138 Candidates: Y ou can also select the Candidates which are referred from the ARP table for automatic input. Select the Apply button to apply your changes.
139 Application: User defined applicati on name for the current rule. Helper: Y ou could also select the application ty pe you would like to apply for automatic input. Protocol type: please select protocol type External Port: Enter the port number of the service that will be sent to the Internal IP address.
140 4.4.9 Advanced Configurati on options within the Adv anced section are for users who wish to take advantage of the more adv anced features of BiGuard 50G. Users who do not understand the features sho uld not attemp t to reconfigure their router , unless advised to do so by support staff .
141 Rule: Select Enable to activate this rule, Di sable to deactivate this rul e. Destination: This is the destination subnet IP address. Netmask: This is the subnet mask of the destination IP addresses based on abo ve destination subnet IP . Gateway: This is the gatewa y IP address to which packets are to be forw arded.
142 please fill it in t he blank space below. Dynamic DNS: Disable: Check to disable the Dyn amic DNS function. Enable: Check to enable the Dy namic DNS function. The foll owing fields will be activated and required: Dynamic DNS Server: Select th e DDNS service you have established an account with.
143 Device Name Name: Enter a name for this device. Web Server Settings HTTP Port: This is the port number the router’ s embedded web server (for web-based configuration) will use. The default value is the standard HTTP port, 80. Users may specify an a lternative if , for example, they are running a we b server on a PC within their LAN.
144 SNMP Function: Select Enable to activate this fu nction, Disable to deactivate this function. SNMP V1 and V2 Read Community: Input the stri ng for Read communi ty to match your SNMP software. Write Community: Input the s tring for Wri te community to match your SNMP software.
145 Click Create to create a new schedule. Name: A user-define descripti on to identify this time portfolio . Day: The default is set from Monda y through Friday . Y ou may specif y the days for the schedule to be appl ied. Start Time: The default i s set at 8:00 AM.
146 Select System Log to capture to a log. Select Syslog Server to capture a nd send to a specified external server . Select Email Alert to send information log to a pre-specified E-mail accou nt. 5.2 System Log Server T h i s f un c ti o n al l o w s B iG u ar d 50 G t o s en d sy s te m l o g s t o a n ex te r na l S y s l o g S er v e r .
147 5.3 E-mail Alert The Email Alert function allow s a log of se curity-related events (suc h as System Log and IPSec Log) to be se nt to a specified email address. Email Alert: Y ou may enable or disable this f unction by selecting the appropriate radio butto n.
148 Weekly: The router will send an alert once a week. When log is full: The router will send an alert only when the log is full. 6 Language Language provides 3 di fferent type of la nguage to be displa yed on the interface (currently support ing English, Simplified C hinese and T raditional Chinese).
149 6.2 Simplified Chinese Clicking on th e Simplified Chinese l ink will chan ge all the text into Simpl ified Chinese. 6.3 Traditional Chinese Clicking on th e T raditional Chinese lin k will chan ge all the text into T raditional Chinese.
150 8 Logout T o exit the router’ s web int erface, click Logout . Please ensure that you have saved your config uration settings before y ou logout. Be aware that the router is restricted to only one PC accessing the web configuration interface at a time.
151 Chapter 5: Troubleshooting 5.1 Basic Functio nality This section deals with issues regardin g your BiGuard 50G’ s basic functions. 5.1.1 Router Won’t Turn On If the Po wer and other LEDs fail .
152 or workstation. - Make sure that power is turned on to the connected hub or workstatio n. - Be sure you are using the correct cable. When connecting the firewall’ s Internet port to a cable or DSL modem, use the cabl e that w as supplied with the cable or DSL modem.
153 5.2.2 Can’t Ping Any PC on the LAN If PCs connected to the LAN cannot be pinged: - Check the 10/100 LAN LEDs on BiGuard 50 G’ s front panel. One of these LEDs sh ou ld be on . I f t he y a re bo th of f , ch eck the cables between BiGuard 50G and the hub or PC.
154 3. Make sure that the Delete All Offline Content checkbox is checked, and click OK . 4. Click OK under Internet Options to close the dialogue. - In Windows, type arp – d at the command prompt to clear y ou computer’s ARP table.
155 5.2.3.1 Pop-up Windows T o use the W eb Configurati on Interface, yo u need to disable po p-up blocking. Y ou can either disable pop-up blocking, which is enabled by default in Windows XP Service Pack 2, or create an ex ceptio n for your BiGuard 50G’ s IP address.
156 3. Under Scripting , check to see if Active scripting is set to Enable . 4. Ensure that Scripting of J ava applets is set to Enabled . 5. Click OK to close the dialogue. 5.2.3.3 Java Perm issions The following Java Pe rmissions shou ld also be given for the W eb Configuration Interface to display properl y: 1.
157 4. Click OK to close the dialogue. NOTE: If Jav a from Sun Microsystems is inst alled, scroll down to Java (Sun) and ensure that the check box is filled. 5.3 WAN Interface If you are ha ving problems with the W AN Interface, refer to the ti ps below .
158 4. Check to see that the W AN port is properly connected to the ISP . If a Connected by (x) where (x) is your con nection method is not shown, yo ur router has not successfully obtained an IP address from your ISP . If an IP address cannot be obtained: 1.
159 If an IP address can be obtained, but yo ur PC cannot load any web pa ges from the Internet: - Y our PC may not recognize DN S server addresses. Configure your PC manua lly with DNS addresses. - Y our PC may not have the router correctl y configured as its TCP/I P gateway .
160 Appendix A: Product Specifications Availability and Resilience - Dual- WAN ports - Load balancing for increased bandwi dth o f inbound and outbound traffic - Automatic failo ver to redirect the pa ck et when one broadband connection is broken. It will keep your Internet connection always on line whenever one connection should fail.
161 - Netbios ov er VPN Firewall - Stateful P acket Inspection (SPI ) and Denial of Service (DoS) prev ention - Pack et filter un-permitted inbound (W AN)/Inbound (LAN) Internet access by IP addre ss,.
162 Physical Interface Ethernet W AN 2 ports (10/100 Base- T), support Auto- Crossover (MDI/MDIX) Ethernet LAN 8 ports (10/100 Base- T) swit ch support Auto- Crossover (MDI/MDIX) Physical Specifications Dimensions: 18.98" x 6.54" x 1 .77" (482mm x 166 mm x 45mm, with Bracke t) 9.
163 Appendix B: Customer Support Most problems can be solved by referring to the T roubleshooting section in the User’s Manual. If you cannot resolve the problem w ith the T roubleshootin g chapter , please contact the dealer wher e yo u purchased this product.
164 Appendix C: FCC Interference Statement This device complies with Part 15 of FCC rules. Operation is subject to the followin g two condition s: - This device may not c ause harmful interference. - This device must accept any interference received, including interf erence that may cause undesired operations.
165 Appendix D: Network, Routing, and Firewall Basics D.1 Network Basi cs D.1.1 IP Addresses With the number of T CP/IP networks interconnected across the globe, ensuring that transmitted data reaches the correct dest ination requires each computer on the Internet has a unique ident ifier .
166 back slash (/). F or example, a typical Class C address could be written as 192.168.234.245/24, which means th at the net mask is 24 ones followed by 8 zeros. (11111111 11111111 11111111 00000000). D.1.1.2 Subnet Addressing Subnet addressing enables th e split of one IP network address into mu ltiple physical networks.
167 from these ra nges. D.1.2 Network Address Translation (NAT) T raditionally , mult iple PCs that needed simult aneous Intern et access also required a range of IP addresses from the Internet Service Prov ider (ISP). Not only was th is method very costly , but th e number of available IP addresses for PCs is limited.
168 D.2 Router Basics D.2.1 What is a Router? A router is a device that forwards da ta packets along networks. A router is connected to at least t wo networks. Usua lly , this is a LAN an d a WAN that is connected to an ISP network. Routers ar e located at gateways, the places where two or more networks connect.
169 D.3 Firewall Basi cs D.3.1 What is a Firewall? Firewalls prevent unaut horiz ed Internet users from accessing private networks connected to the Internet. All messages en tering or leaving the in tranet pass through the f irewall, which examines each message and blocks those that do not meet the specified security criteria.
170 D.3.2 Why Use a Firewall? With a LAN connected to the Internet throug h a router , there is a chance for hackers to access or disrupt your network. A simp le NA T rou ter provides a basic level of protection by shield ing your network from the out side Internet .
171 Appendix E: Virtual Private Networking E.1 What is a VPN? A Virtual Private Network (VPN) is a shared network where private data is segmented from other traffic so that only the intended recipient has access. It allows organization s to securely transmit data over a public medium like the Internet.
172 data authentication, in tegrity , and confiden tiality as data is tr ansferred across IP networks. IPSec provides data security at the IP packet level, an d protects against possible security risks by pr otecting data. IPSec i s widely used to establish VPNs.
173 E.2.1.2 Encapsulating Security Payload (ES P ) Encapsulating Security P ayload (ESP) provid es priv acy for data through encryption. An encryption algorithm combi nes the data with a key to encry pt it. It then repackages the data using a specia l format, and transmits i t to the destination.
174 E.2.1.3 Security Associations (SA ) Security Associations are a one-way relationsh ips between sender and receiver th at specify IPSec-related parameters. They provide data protection by using the defined IPSec protocols, and allow organizati ons to control according to the security policy in effect, which resou r ces may communicate securely .
175 T ransport Mode - This mode is used to provide data se curity between two networks. It provides p r o t e c t i o n f o r t h e e n t i r e I P p a c k e t a n d i s s e n t b y a d d i n g a n o u t e r I P h e a d e r corresponding to the two tunnel end-points.
176 E.2.4 Tunnel Mod e ESP Here is an example of a packet with ESP applied: E.2.5 Internet Key Exchange (IKE) Before either AH or ESP can be used, it is necessary for the two communication devices to exchange a secret key that the security prot ocols themselves will use.
177 addresses. Aggressive mode reduces this process to three messages, but par ameter negotiation is limited, i dentity protection is lack ing except when using public key encryption, and is more vulnerable to Denial of Service attacks. Phase II, known as Quick Mode, est ablishes symmetrical IPSec Security Associations for both AH and ESP .
178 Appendix F: IPSec Logs and Events F.1 IPSec Log Event Categories There are three major categories of IPSe c Log Events for your BiGuard 50G. These include: 1.
179 Received Main mode second message of ISAKMP Received the second message of main mode. Done to exchange key values. Send Main mode second response message of ISAKMP Sending the main mode second response message. Done to exchange key val ues. Received Main mode second response message of ISAKMP Received the main mode second response message.
180 Received Aggressive mode second ISAKP Message Received the second message of aggressive mode. Done to exchange proposal and key values. Send Quick mode init ial message Sending the first message of quick mode (Phase II). Done to exchange proposal and ke y values (IPSec).
181 NO P R OP O SA L C HO S E N: I n it i a l M a i n Mo d e me s sa g e re c e iv e d on [ I P :P or t # ] bu t n o connection has been authorized INVALID ID: Require peer to have ID [ID], but peer d.
182 Appendix G: Bandwidth Management with QoS G.1 Overview In a home or office environment, users cons tantly have to transmit data to and from the Internet. When too many are accessing the Internet at the same time, service can slow to a crawl, causing service interruption s and general frustration.
183 -Prioritizat ion: Assigns diff erent priority levels for diff erent applications, prioritizing traffic. Hi gh, Normal an d Low priority settings. -Outbound and Inbou nd IP Throttling: Controls network traffic and all ows you to limit the speed of each application.
184 Application Data Ratio (%) Priority On-line games 30% High Skype 5% High Email 10% High FTP 20% Upload (High), D ownload (Normal) Other 35% G.4.2 Office Users QoS is also ideal for small businesses u sin g an office server as a web server .
185 Appendix H: Router Setup Examples H.1 Outbound Fail Over Step 1: Go to Configuration > WAN > ISP Settings . Select WAN1 and WAN2 and click Edit .
186 Step 3: Go to Configur ation > Dual W AN > General Settings. Select the Fail Over radio button. Under Connecti vity Decision, i nput the num ber of times BiGuard 50G should probe the WAN before deciding that the ISP is in service or not (3 by default).
187 WAN 1 . Step 4: Click Save Config to save all changes to flash memory . H.2 Outbound Load Balancing With Outbound Load Balanci ng, you can improve uplo ad performance by optimizing your connection via Dual WAN. T o do this, follow these steps: Step 1: Go to Configur ation > WAN > ISP Settings .
188 Step 3: Go to Configuration > Dual WAN > General Settings . Select the Load Balance radio button. Step 4: Go to Configur ation > Dual WAN > Outbound Load Balance .
189 Step 5: Complete. T o check traffi c statistics, go to Status > Traffic Statistics . Step 6: Click Save Config to save all changes to flash memory .
190 H.3 Inbound Fail Over Configurin g your BiGuard 50G for Inbound F ail Over is a great way to ensure a more reliable connection for i ncoming requ ests. T o do so, follow these steps: NOTE: Befo re you begin, ensure that both W AN1 and WAN2 ha ve been properly configured.
191 Step 3: Go to Configuration > Adva nced > Dynamic DNS . Set the WAN1 DDNS settings. Step 4: From the same menu, set the W AN2 DDNS settings. Step 5: Click Save Config to save all changes to flash memory .
192 H.4 DNS Inbound Fail Over NOTE: Befo re proceeding, please ensure t ha t b ot h WA N 1 a n d WAN 2 ar e p r op e r l y configured according to the settings provided by your ISP . If not, please refer to Chapter 4.2.2. 1 ISP Settings for details on how t o configure your WAN ports.
193 Step 2: Go to Configuration > Du al W AN > Inbound Load Balance . Select t he Enable radio button an d configure DNS Server 1 by clicking Edit .
194 Step 4: Configure your Host URL Ma pping for DNS Server 1 by clicking Edit to enter the Host URL Mappings List. Click Cre ate and input the setti ngs for Host URL Mappings and click New . Step 5: Click Save Config to save all changes to flash memory .
195 Step 1: Go to Configuration > Dual WAN > General Settings . Select the Load Balance radio button. Step 2: Go to Configura tion > Dual WAN > Inbound Load Balance > Server Settings and configur e DNS Server 1.
196 Step 3: Go to Configuration > Dual WAN > Inbound Load Balance > Host URL Mapping and configur e your FTP mapping. Step 4: Next configure your HTTP mapping.
197 Step 5: Click Save Config to save all changes to flash memory . H.6 Dynamic DNS Inbound Load Balancing Step 1: Go to Configuration > WAN > Bandwidth Settings.
198 Step 2: Go to Configuration > Dual WAN > General Settings and enable Load Balance mode. Y ou may then decide whether to enable Service D etection or not. Step 3: Go to Configur ation > Dual WAN > Outbound Load Balance . Choose your load balance policy and click Apply to apply your changes.
199 Step 4: Go to Configuration > Ad vanced > Dynamic DNS and input the dynamic DNS settings for W AN1 and W AN2. WAN 1 : WAN 2:.
200 Step 5: Go to Configuration > Virtual Se rver and set up a virtual server for both FTP a nd H T TP . Step 6: Click Save Config to save all changes to flash memory . H.7 VPN Configuration This section outlines some concrete ex amples on how yo u can configure BiGuard 50G for your VPN.
201 [ Branch Office Head Office Local ID IP Address IP Address Data 69.121.1.30 69.121.1.3 Network Any Local Address Any Local Address IP Address 192.168.0.0 192.168.1.0 Netmask 255.255.255.0 255.255.255.0 Remote Secure Gateway Address(or Hostna me) 69.
202 Proposal IKE Pre-shared Key 12345678 12345678 Securi ty Algor ithm Main Mode; ESP: MD5 3DES PFS Main ESP MD5 3DES PFS H.7.2 Host to LAN Single client Head Office Local ID IP Address IP Address Data 69.
203 IP Address 0.0.0.0 192.168.1.0 Netmask 0.0.0.0 255.255.255.0 Remote Secure Gateway Address(or Hostna me) 69.121.1.3 69.121.1.30 ID IP Address IP Address Data 69.121.1.3 69.121.1.30 Network Subnet Single Address IP Address 192.168.1.0 69.121.1.30 Netmask 255.
204 Step 1: Go to Configuration > Dual WAN > General Settings . Enable F ail Over by selecting the Fail Over radio button. Then, configure your F ail Over policy . Step 2: Go to Configura tion > Advanced > Dynami c DNS and configure your dynamic DNS settings ( Both WAN1 and WAN2).
205 Step 3: Go to Configura tion > VPN > IPSec > IPSec Policy . C lick Create to configure VPN settings. Step 4: Click Save Config to save all changes to flash memory .
206 H.9 VPN Concentrator.
207 Step 1: Go to Configura tion > VPN > IPSec > IPSec Policy and configure the link from BiGuard 50G to BiGuard 10 Branch A. 100.100.100. 1 200.200.200. 1 192.168.2.x 192.168.3.x 201.201.201. 1 192.168.4.x Local ID T ype: Subnet Local subnet: 0.
208 Step 2: Go to Configura tion > VPN > IPSec > IPSec Policy and configure the link from BiGuard 50G to BiGuard 10 Branch B ..
209 Step 3: Go to Configura tion > VPN > IPSec > IPSec Policy and configure the connection from BiGuard 10 Branch A to BiGuard 50G..
210 Step 4: Go to Configura tion > VPN > IPSec > IPSec Policy and configure the connection from BiGuard 10 Branch B to BiGuard 50G..
21 1 Step 5: Click Save Config to save all changes to flash memory . H.10 Protocol Binding Step 1: Go to Configuration > Dual WAN > General Settings.
212 Step 2: Go to Configuration > Dual WAN > Protocol Binding and configure settings for WAN1. Step 3: Go to Configuration > Dual WAN > Protocol Binding and configure settings for WAN2.
213 Step 4: Click Save Config to save all changes to flash memory . H.11 Intrusion Detection Intru sion De tectio n on Internet Internet Detected! Dropped BiGuard Safe!! Server Safe!! Hacker DoS Attack DoS Att ack Hacker Hacker DoS Attack DoS Attack Step 1: Go to Configura tion > Firewall > Intrusion Detection and Enable the settings.
214 H.12 PPTP Remote Access by Windows XP Internet Internet Windows XP PPTP Clien t Internet Internet 100. 100.10 0.1 Headquart er BiGuard &PPTP Server Busin ess Trip PPTP Tunnel Publ ic IP Local subnet: 192.168.30.0 Local mask: 255.255.255.0 Step1: Go to Configuration > VPN > PPTP and Enable th e PPTP function, Click Apply .
215 Step3: Click Apply , you can see the account is successfully created. Step4: Click Save Config to save all changes to flash me mory . Step5: In Windows XP , go Start > Settings > Network Connections .
216 Step6: In Netwo rk Ta sks , Click Create a new connection , and press Next..
217 Step7: Select Connect to the net work at my workplace and press Next . Step8: Select Virtual Private Network connection and press Next ..
218 Step9: Input the user-defined na m e for this connection and press Next . Step10: Input PPTP Server Address and press Next ..
219 Step11: Please press Finish . Step12: Double click the connect ion, and input Username and Password that defined in BiGuard PPTP Account Settings .
220 PS. Y ou can also refer the Properties > Security page as below , by default..
221 H.13 PPTP Remote Access by BiGuard Internet Internet Internet Internet 100.100.100.1 Headquarter BiGuard &PPTP Server PPTP Tunnel Branch Office 200.
222 Step3: Click Apply , you can see the account is successfully created. Step4: Click Save Config to save all changes to flash me mory . Step5: In another BiGuard as Client, Go to Configura tion > WAN > ISP Settings .
223 Step6: Click Apply , and Save CONFIG ..
Een belangrijk punt na aankoop van elk apparaat Billion BiGuard 50G (of zelfs voordat je het koopt) is om de handleiding te lezen. Dit moeten wij doen vanwege een paar simpele redenen:
Als u nog geen Billion BiGuard 50G heb gekocht dan nu is een goed moment om kennis te maken met de basisgegevens van het product. Eerst kijk dan naar de eerste pagina\'s van de handleiding, die je hierboven vindt. Je moet daar de belangrijkste technische gegevens Billion BiGuard 50G vinden. Op dit manier kan je controleren of het apparaat aan jouw behoeften voldoet. Op de volgende pagina's van de handleiding Billion BiGuard 50G leer je over alle kenmerken van het product en krijg je informatie over de werking. De informatie die je over Billion BiGuard 50G krijgt, zal je zeker helpen om een besluit over de aankoop te nemen.
In een situatie waarin je al een beziter van Billion BiGuard 50G bent, maar toch heb je de instructies niet gelezen, moet je het doen voor de hierboven beschreven redenen. Je zult dan weten of je goed de alle beschikbare functies heb gebruikt, en of je fouten heb gemaakt die het leven van de Billion BiGuard 50G kunnen verkorten.
Maar de belangrijkste taak van de handleiding is om de gebruiker bij het oplossen van problemen te helpen met Billion BiGuard 50G . Bijna altijd, zal je daar het vinden Troubleshooting met de meest voorkomende storingen en defecten #MANUAl# samen met de instructies over hun opplosinge. Zelfs als je zelf niet kan om het probleem op te lossen, zal de instructie je de weg wijzen naar verdere andere procedure, bijv. door contact met de klantenservice of het dichtstbijzijnde servicecentrum.