Page 1
AirLive RS-1000
Security Bandwidth Management
User’s Manual
Page 2
Contents
System
Admin
Setting
Date/Time
Language
Permitted IP
Multiple NAT
Hack Alert
Route Table
1
3
7
16
18
19
23
28
31
DHCP
Host Table
Dynamic DNS
Logout
35
36
37
42
Page 3
Software Update
Interface
Address
LAN
LAN Group
WAN
WAN Group
Service
Pre-defined
43
44
54
55
59
63
67
71
72
Custom
Group
Schedule
QoS
Authentication
Policy
73
78
82
87
92
97
Page 4
Outgoing
Incoming
Content Filtering
URL Blocking
General Blocking
Virtual Server
Mapped IP
Virtual Server
98
105
113
114
119
120
122
126
LOG
Traffic Log
Event Log
Connection Log
Log Backup
Alarm
Traffic Alarm
134
135
138
141
144
147
148
Page 5
Event Alarm
Accounting Report
Outbound
Inbound
Statistics
WAN Statistics
Policy Statistics
Status
Interface Status
151
154
156
162
168
170
171
173
174
ARP Table
DHCP Clients
Setup Examples
176
177
178
Page 6
System
The Security Bandwidth Manager Administration and monitoring control is set by the System
Administrator. The System Administrator can add or modify System settings and monitoring
mode. The sub Administrators can only read System settings but not modify them. In System,
the System Administrator can:
1. Add and change the sub Administrator’s names and passwords;
2. Back up all Security Bandwidth Manager settings into local files;
3. Set up alerts for Hackers invasion.
What is System?
“System” is the managing of settings such as the privileges of packets that pass through the
Security Bandwidth Manager and monitoring controls. Administrators may manage, monitor,
and configure Security Bandwidth Manager settings. All configurations are “read-only” for all
users other than the Administrator; those users are not able to change any settings for the
Security Bandwidth Manager.
Admin: has control of user access to the Security Bandwidth Manager. He/she can
add/remove users and change passwords.
Setting: The Administrator may use this function to backup Security Bandwidth Manager
configurations and export (save) them to an “Administrator” computer or anywhere on the
network; or restore a configuration file to the device; or restore the Security Bandwidth
Manager back to default factory settings. Under Setting, the Administrator may enable
e-mail alert notification. This will alert Administrator(s) automatically whenever the Security
Bandwidth Manager has experienced unauthorized access or a network hit (hacking or
flooding). Once enabled, an IP address of a SMTP (Simple Mail Transfer protocol) Server is
required. Up to two e-mail addresses can be entered for the alert notifications.
Date/Time: This function enables the Security Bandwidth Manager to be synchronized either
with an Internet Server time or with the client computer’s clock.
Language: Both Chinese and English are supported in the Security Bandwidth Manager.
1
Page 7
Multiple NAT Multiple NAT allows local port to set multiple subnet works and connect with
the Internet through different WAN IP Addresses.
Address:Enables the Administrator to authorize specific internal/external IP address(s for
Manager.
Hack Alert When abnormal conditions occur, the Security Bandwidth Manager will send an
e-mail alert to notify the Administrator, and also display warning messages in the Event
window of Alarm.
Route Table Use this function to enable the Administrator to add static routes for the
networks when the dynamic route is not efficient enough.
DHCP Administrator can configure DHCP (Dynamic Host Configuration Protocol) settings
for the LAN (LAN) network.
Dynamic DNS The Dynamic DNS (require Dynamic DNS Service) allows you to alias a
dynamic IP address to a static hostname, allowing your device to be more easily accessed by
specific name. When this function is enabled, the IP address in Dynamic DNS Server will be
automatically updated with the new IP address provided by ISP
Logout Administrator logs out the Security Bandwidth Manager. This function protects
your system while you are away.
Software Update The administrator can update the device’s software with the latest version.
Administrators may visit distributor’s web site to download the latest firmware.
Administrators may update the device firmware to optimize its performance and keep up with
the latest fixes for intruding attacks.
2
Page 8
Admin
On the left hand menu, click on Setup, and then select Admin below it. The current list of
Administrator(s) shows up.
!!
Figure1-1
Settings of the Administration table
Administrator Name: The username of Administrators for the Security Bandwidth Manager.
The user admin cannot be removed.
Privilege: The privileges of Administrators (Admin or Sub Admin)
The username of the main Administrator is Administrator with read / write privilege.
Sub Admins may be created by the Admin by clicking
New Sub Admin
have read only privilege.
Configure: Click Modify to change the “Sub Administrator’s” password and click Remove
to delete a “Sub Administrator.”
3
. Sub Admins
Page 9
Changing the Main/Sub-Administrator’s Password
Step 1. The Modify Administrator Password window will appear. Enter in the required
information:
" Password: enter original password.
" New Password: enter new password
" Confirm Password: enter the new password again.
Step 2. Click OK to confirm password change or click Cancel to cancel it.
Figure1-2
4
Page 10
Adding a new Sub Administrator
Step 1. In the Add New Sub Administrator window:
" Sub Admin Name: enter the username of new Sub Admin.
" Password: enter a password for the new Sub Admin.
" Confirm Password: enter the password again.
Step 2. Click OK to add the user or click Cancel to cancel the addition.
Figure 1-3
5
Page 11
Removing a Sub Administrator
Step 1. In the Administration table, locate the Administrator name you want to edit, and
click on the Remove option in the Configure field.
Step 2. The Remove confirmation pop-up box will appear. Click OK to remove that Sub
Admin or click Cancel to cancel.
Figure1-4 Remove Sub Admin
6
Page 12
Settings
The Administrator may use this function to backup Security Bandwidth Manager
configurations and export (save) them to an “Administrator” computer or anywhere on the
network; or restore a configuration file to the device; or restore the Security Bandwidth
Manager back to default factory settings.
Entering the Settings window
Click Setting in the System menu to enter the Settings window. The Bandwidth Manager
Configuration settings will be shown on the screen.
!!
Figure1-5 Setting
7
Page 13
Exporting Security Bandwidth Manager settings
Step 1. Under Bandwidth Manager Configuration, click on the Download button next
to Export System Settings to Client.
Step 2. When the File Download pop-up window appears, choose the destination place
to save the exported file. The Administrator may choose to rename the file if
preferred.
Figure1-6 Select the location where the exported files to be saved
8
Page 14
Importing Security Bandwidth Manager settings
Under Bandwidth Manager Configuration, click on the Browse button next to Import
System Settings. When the Choose File pop-up window appears, select the file which
contains the saved Security Bandwidth Manager Settings, then click OK.
Click OK to import the file into the Security Bandwidth Manager or click Cancel to cancel
importing.
Figure1-7 Location and filename for saving imported file
9
Page 15
Restoring Factory Default Settings
Step 1. Select Reset Factory Settings under Bandwidth Manager Configuration.
Click OK at the bottom-right of the screen to restore the factory settings.
Figure1-8 Select Reset Factory Settings
10
Page 16
Enabling E-mail Alert Notification
Step 1. Select Enable E-mail Alert Notification under E-Mail Settings. This function
will enable the Security Bandwidth Manager to send e-mail alerts to the System
Administrator when the network is being attacked by hackers or when emergency
conditions occur.
Step 2. SMTP Server IP: Enter SMTP server’s IP address.
Step 3. E-Mail Address 1: Enter the first e-mail address to receive the alarm notification.
Step 4. E-Mail Address 2: Enter the second e-mail address to receive the alarm
notification. (Optional)
Click OK on the bottom-right of the screen to enable E-mail alert notification.
Figure1-9 Enable E-mail Alert Notification
11
Page 17
Web Manager (WAN Interface) (Remote UI Manager)
The administrator can change the port number used by HTTP port anytime.
(Remote UI Manager)
Step 1. Set Web Manager (WAN Interface). The administrator can change the port
number used by HTTP port anytime.
Figure1-10 Web Manager
12
Page 18
MTU (set networking packet length)
The administrator can modify the networking packet length.
Step 1. MTU Setting. Modify the networking packet length.
Figure1-11 MTU
13
Page 19
To-Bandwidth Manager Packets Log
Once this function is enabled, every packet passing through the Firewall will
be recorded for the administrator to trace.
Step 1. Select this option to the device’s To-Bandwidth Manager Packets Log. Once
this function is enabled, every packet to this appliance will be recorded for system
manager to trace.
Figure1-12 Enable To Bandwidth Manager Packets Log
14
Page 20
Security Bandwidth Manager Reboot
Once this function is enabled, the Security Bandwidth Manager will be rebooted.
Reboot Security
Bandwidth Manager: Click Reboot.
A confirmation pop-up box will appear. Follow the confirmation pop-up box, click OK to restart
Security
Bandwidth Manager or click Cancel to discard changes
Figure1-13 Reboot Security Bandwidth Manager
15
Page 21
Date/Time
Synchronizing the Bandwidth Manager with the System Clock
Admins can configure the Security Bandwidth Manager.s date and time by either
syncing to an Internet Network Time Server (NTP) or by syncing to your computer.s
clock.
Follow these steps to sync to an Internet Time Server
Step 1. Enable synchronization by checking the box.
Step 2. Click the down arrow to select the offset time from GMT.
Step 3. Enter the Server IP Address or Server name with which you want to
synchronize.
Step 4. Update system clock every 5 minutes You can set the interval
time to synchronize with outside servers. If you set it to 0, it means
the device will not synchronize automatically.
Follow this step to sync to your computer’s clock.
Step 1. Click on the Sync button.
Click OK to apply the setting or click Cancel to discard changes.
Figure1-14 System Time
16
Page 22
Language
Admins can configure the Security Bandwidth Manager Select the Language version
Step 1. Select the Language version (English Version/Traditional Chinese
Version or Simplified Chinese Version).
Step 2. Click 【OK】to set the Language version or click Cancel to discard
changes.
!!
Figure1-15 Language Setting
17
Page 23
Permitted IPs
Only the authorized IP address is permitted to manage the Security Bandwidth
Manager.
!!
Figure1-16 Permitted IP Address
18
Page 24
Add Permitted IP Address
Step 1. Click New Entry button.
Step 2. In IP Address field, enter the LAN IP address or WAN IP address.
" IP address:Enter the LAN IP address or WAN IP address.
" Netmask:Enter the netmask of LAN/WAN.
" Ping:Select this to allow the external network to ping the IP Address of the
Firewall.
" WebUI:Check this item, Web User can use HTTP to connect to the Setting
window of Security
BandWidth Manager.
Step 3. Click OK to add Permitted IP or click Cancel to discard changes.
Figure1-17 Add New Permitted IPs
19
Page 25
Modify Permitted IP Address
Step 1.
In the table of Permitted IPs, highlight the IP you want to modify, and then click
Modify.
Step 2. In Modify Permitted IP, enter new IP address.
Step 3. Click OK to modify or click Cancel to discard changes.
Figure1-18 Modify Permitted IPs
20
Page 26
Remove Permitted IP addresses
Step 1. In the table of Permitted IPs, highlight the IP you want to remove, and then click
Remove.
Step 2. In Remove Permitted IP, enter new IP address.
Step 3. In the confirm window, click OK to remove or click Cancel to discard changes.
Figure1-19 Remove Permitted IPs
21
Page 27
Multiple NAT
Multiple NAT allows local port to set multiple subnetworks and connect with the Internet
through different WAN IP Addresses.
For instance:The lease line of a company applies several real IP Addresses 168.85.88.0/24,and
the company is divided into R&D department, service, sales department, procurement
department, accounting department, the company can distinguish each department by
different subnetworks for the purpose of convenient Manager. The settings are as the
following:
1.R&D department subnetwork:192.168.1.11/24(Internal) #$ 168.85.88.253(WAN)
2. Service department subnetwork:192.168.2.11/24(Internal) #$ 168.85.88.252(WAN)
3.Sales department subnetwork: 192.168.3.11/24(Internal) #$ 168.85.88.251(WAN)
4.Procurement department subnetwork 192.168.4.11/24(Internal) #$ 168.85.88.250(WAN)
5.Accounting department subnetwork 192.168.5.11/24(Internal) #$ 168.85.88.249(WAN)
The first department(R&D department) was set while setting interface IP, the other four ones
have to be added in Multiple NAT,after completing the settings, each department use the
different WAN IP Address to connect to the Internet. The settings of each department are as
the following
Service IP Address:192.168.2.1
Subnet Mask:255.255.255.0
Default Gateway:192.168.2.11
The other departments are also set by groups, this is the function of Multiple NAT.
22
Page 28
Multiple NAT settings
Step 1. Click Multiple NAT in the System menu to enter Multiple NAT window.
!!
Figure1-20 Multiple NAT
Global port interface IP Address:Global port IP Address.
Local port interface IP Address:Local port IP Address and subnet Mask.
Modify: Modify the settings of Multiple NAT. Click Modify to modify the parameters of Multiple
NAT or click Delete to delete settings.
23
Page 29
Add Multiple NAT
Step 1. Click the Add button below to add Multiple NAT.
Step 2. Enter the IP Address in the website name column of the new window.
" Global port interface IP Address: Select Global port IP Address.
" Local port interface IP Address: Enter Local port IP Address.
" Subnet Mask:Enter Local port subnet Mask.
Step 3. Click OK to add Multiple NAT or click Cancel to discard changes.
Figure1-21 Add Multiple NAT
24
Page 30
Modify Multiple NAT
Step 1. Find the IP Address you want to modify and click Modify
Step 2. Enter the new IP Address in Modify Multiple NAT window.
Step 3. Click the OK button below to change the setting or click Cancel to discard
changes.
Figure1-22 Modify Multiple NAT
25
Page 31
Delete Multiple NAT
Step 1. Find the IP Address you want to delete and click Delete.
Step 2. A confirmation pop-up box will appear, click OK to delete the setting or click
Cancel to discard changes.
Figure1-23 Remove Multiple NAT
26
Page 32
Hacker Alarm
The Administrator can enable the device’s auto detect functions in this section. When
abnormal conditions occur, the Security
the Administrator, and also display warning messages in the Event window of Alarm.
Bandwidth Manager will send an e-mail alert to notify
!!
Figure1-24 Hacker Alert
Auto Detect functions
" Detect SYN Attack: Select this option to detect TCP SYN attacks that
hackers send to server computers continuously to block or cut down all the
connections of the servers. These attacks will prevent valid users from
connecting to the servers. After enabling this function, the System
Administrator can enter the number of SYN packets per second that is
allowed to enter the network/ Security Bandwidth Manager. Once the SYN
packets exceed this limit, the activity will be logged in Alarm and an email alert
is sent to the Administrator. The default SYN flood threshold is set to 200
Pkts/Sec .
27
Page 33
" Detect ICMP Flood: Select this option to detect ICMP flood attacks. When
hackers continuously send PING packets to all the machines of the LAN
networks or to the Security Bandwidth Manager, your network is experiencing
an ICMP flood attack. This can cause traffic congestion on the network and
slows the network down. After enabling this function, the System
Administrator can enter the number of ICMP packets per second that is
allowed to enter the network/ Security Bandwidth Manager. Once the ICMP
packets exceed this limit, the activity will be logged in Alarm and an email alert
is sent to the Administrator. The default ICMP flood threshold is set to 1000
Pkts/Sec.
" Detect UDP Flood: Select this option to detect UDP flood attacks. A UDP
flood attack is similar to an ICMP flood attack. After enabling this function,
the System Administrator can enter the number of UDP packets per second
that is allow to enter the network/Bandwidth Manager. Once the UDP
packets exceed this limit, the activity will be logged in Alarm and an email alert
is sent to the Administrator. The default UDP flood threshold is set to 1000
Pkts/Sec .
" Detect Ping of Death Attack: Select this option to detect the attacks of
tremendous trash data in PING packets that hackers send to cause System
malfunction This attack can cause network speed to slow down, or even make
it necessary to restart the computer to get a normal operation.
" Detect Tear Drop Attack: Select this option to detect tear drop attacks.
These are packets that are segmented to small packets with negative length.
Some Systems treat the negative value as a very large number, and copy
enormous data into the System to cause System damage, such as a shut
down or a restart.
" Detect IP Spoofing Attack: Select this option to detect spoof attacks.
Hackers disguise themselves as trusted users of the network in Spoof attacks.
They use a fake identity to try to pass through the Security Bandwidth
Manager System and invade the network.
28
Page 34
" Filter IP Source Route Option: Each IP packet can carry an optional field
that specifies the replying address that can be different from the source
address specified in packet’s header. Hackers can use this address field on
disguised packets to invade LAN networks and send LAN networks’ data back
to them.
" Detect Port Scan Attack: Select this option to detect the port scans hackers
use to continuously scan networks on the Internet to detect computers and
vulnerable ports that are opened by those computers.
" Detect Land Attack: Some Systems may shut down when receiving packets
with the same source and destination addresses, the same source port and
destination port, and when SYN on the TCP header is marked.
Enable this function to detect such abnormal packets.
After enabling the needed detect functions, click OK to activate the changes.
29
Page 35
Route Table
In this section, the Administrator can add static routes for the networks.
Entering the Route Table screen
Step 1. Click System on the left side menu bar, then click Route Table below it. The
Route Table window appears, in which current route settings are shown.
!!
Figure1-25 Route Table
Route Table functions
" Interface: Destination network , LAN or WAN 1 networks.
" Destination IP: IP address of destination network.
" NetMask: Netmask of destination network.
" Gateway: Gateway IP address for connecting to destination network.
" Configure: Change settings in the route table.
30
Page 36
Adding a new Static Route
Step 1. In the Route Table window, click the New Entry button.
Step 2. In the Add New Static Route window, enter new static route information.
Step 3. In the Interface field’s pull-down menu, choose the network to connect (LAN,
WAN).
Step 4. Click OK to add the new static route or click Cancel to cancel.
Figure1-26 Add New Static Route
31
Page 37
Modifying a Static Route:
Step 1. In the Route Table menu, find the route to edit and click the corresponding Modify
option in the Configure field.
Step 2. In the Modify Static Route window, modify the necessary routing addresses.
Step 3. Click OK to apply changes or click Cancel to cancel it.
Figure1-27 Modify Static Route
32
Page 38
Removing a Static Route
Step 1. In the Route Table window, find the route to remove and click the corresponding
Remove option in the Configure field.
Step 2. In the Remove confirmation pop-up box, click OK to confirm removing or click
Cancel to cancel it.
Figure1-28 Remove a Static Route
33
Page 39
DHCP
In the section, the Administrator can configure DHCP (Dynamic Host Configuration Protocol)
settings for the LAN (LAN) network.
Entering the DHCP window
Click System on the left hand side menu bar, then click DHCP below it. The DHCP window
appears in which current DHCP settings are shown on the screen.
!!
Figure1-29 Dynamic IP address
Dynamic IP Address functions
" Subnet : LAN network’s subnet
" NetMask : LAN network’s netmask
" Gateway: LAN network’s gateway IP address
" Broadcast: LAN network’s broadcast IP address
34
Page 40
Enabling DHCP Support
Step 1. In the Dynamic IP Address window, click Enable DHCP Support.
Domain Name: The Administrator may enter the name of the LAN network domain if
preferred.
DNS Server 1 : Enter the distributed IP address of DNS Server1.
DNS Server 2 : Enter the distributed IP address of DNS Server2.
WINS Server 1 : Enter the distributed IP address of WINS Server1.
WINS Server 2 : Enter the distributed IP address of WINS Server2.
Client IP Address Range 1: Enter the starting and the ending IP address
dynamically assigning to DHCP clients.
Client IP Address Range 2: Enter the starting and the ending IP address
dynamically assigning to DHCP clients. (Optional)
Step 2. Click OK to enable DHCP support.
Figure1-30 Enable DHCP Support
35
Page 41
Adding a new Host Table
STEP 1﹒Select Host Table in Settings function and enter the following setting:
" Click on New Entry
" Host Name: The domain name of the server
" Virtual IP Address: The virtual IP address that Host Table mapped to
" Click OK and complete adding Host Table. (Figure1-31)
Figure1-31 Add New Host Table WebUI
To use Host Table, the user PC’s first DNS Server must be the same as the LAN Port or
DMZ Port IP of Bandwidth Manager. That is, the default gateway.
36
Page 42
Dynamic DNS
The Dynamic DNS (require Dynamic DNS Service) allows you to alias a dynamic IP address
to a static hostname, allowing your device to be more easily accessed by specific name.
When this function is enabled, the IP address in Dynamic DNS Server will be automatically
updated with the new IP address provided by ISP.
!!
Figure1-31 Dynamic DNS
Click Dynamic DNS in the System menu to enter Dynamic DNS window.
The nouns in Dynamic DNS window:
!:Update Status【
Domain name:Enter the password provided by ISP.
WAN IP Address:IP Address of the WAN port.
Modify: Modify dynamic DNS settings. Click Modify to change the DNS parameters; click
Delete to delete the settings.
How to use dynamic DNS:
The Security
use this function. For the usage regulations, see the providers’ websites.
Bandwidth Manager provides 3 service providers, users have to register prior to
Connecting; Update succeed; Update fail; Unidentified error】
37
Page 43
How to register:Firstly, Click Dynamic DNS in the System menu to enter Dynamic DNS
window, then click Add button,on the right side of the service providers, click Register, the
service providers’ website will appear, please refer to the website for the way of registration.
Click to link to the website selected on the left.
Figure1-32 Setting up DDNS
38
Page 44
Add Dynamic DNS settings
Step 1. Click Add button.
Step 2. Click the information in the column of the new window.
Service providers:Select service providers.
Register:to the service providers’ website.
WAN IP Address:IP Address of the WAN port.
% automatically fill in the WAN IP:Check to automatically fill in the WAN IP.。
User Name:Enter the registered user name.
Password:Enter the password provided by ISP(Internet Service Provider).
Domain name:Your host domain name provided by ISP.
Click OK to add dynamic DNS or click Cancel to discard changes.
Figure1-33 Add New Dynamic DNS
39
Page 45
Modify dynamic DNS
Step 1. Find the item you want to change and click Modify.
Step 2. Enter the new information in the Modify Dynamic DNS window.
Click OK to change the settings or click Cancel to discard changes.。
Figure1-34 Modify Dynamic DNS
40
Page 46
Delete Dynamic DNS
Step 1. Find the item you want to change and click Delete.
Step 2. A confirmation pop-up box will appear, click OK to delete the settings or click
Cancel to discard changes.
Figure1-35 Remove Dynamic DNS
41
Page 47
Logout
Step 1. Select this option to the device’s Logout the Security Bandwidth Manager. This
function protects your system while you are away.
Step 2. Click Logout the Bandwidth Manager.
Step 3. Click OK to logout or click Cancel to discard the change.
!!
Figure1-36 Logout
42
Page 48
Software Update
Under Software Update, the admin may update the device’s software with a newer software.
You may acquire the current version number of software in Version Number. Administrators
may visit distributor’s web site to download the latest version and save it in server’s hard disc.
Step 1. Click Browse to select the latest version of Software.
Step 2. Click OK to update software.
!!
Figure1-37 Software Update
It takes three minutes to update the software. The system will restart automatically after
updating the software.
43
Page 49
Interface
In this section, the Administrator can set up the IP addresses for the office network. The
Administrator may configure the IP addresses of the Internal (LAN) network, and the External
(WAN) network. The netmask and gateway IP addresses are also configured in this section.
In Interface section, the administrator can configure IP address, Netmask, and Gateway of
the LAN network/ WAN network inside the office network, depending on the ISP selected.
44
Page 50
Entering the Interface menu:
Step 1. Click on Configuration in the left menu bar.
Step 2. Then click on Interface below it. The current settings of the interface addresses
will appear on the screen.
Internal Interface
Using the Internal Interface, the Administrator sets up the Internal (LAN) network. The
Internal network will use a private IP scheme. The private IP network will not be routable on
the Internet.
Transparent Mode:All the IP internetwork uses real IP.
NAT Mode:All the IP Internetwork uses NAT (Network Address Translation), which allows the
private IP internetworks use non-registered IP addresses to connect to the Internet.
IP Address: The private IP address of the Firewall’s internal network is the IP address of the
Internal (LAN) port of the Security
192.168.1.1.
Note:The IP Address of Internal Interface and the DMZ Interface is a private IP address only.
If the new Internal IP Address is not 192.168.1.1, the Administrator needs to set the IP
Address on the computer to be on the same subnet as the Firewall and restart the System to
make the new IP address effective. For example, if the Firewall’s new Internal IP Address is
172.16.0.1, then enter the new Internal IP Address 172.16.0.1 in the URL field of browser to
connect to Firewall.
NetMask: This is the netmask of the internal network. The default netmask of the Security
Bandwidth Manager is 255.255.255.0.
Ping: Select this to allow the internal network to ping the IP Address of the Firewall. If set to
enable, the Security
network.
WebUI: Select this to allow the Security
Internal (LAN) network.
Bandwidth Manager will respond to ping packets from the internal
Bandwidth Manager. The default IP address is
Bandwidth Manager WEBUI to be accessed from the
45
Page 51
!!
46
Page 52
ADSL user Interface setting
PPPoE(External Interface)
Step 1. Select Interface function in the menu bar.
Step 2. Check the item PPPoE (ADSL User) below WAN Interface.
Step 3. Enter each parameter of WAN Interface.
!!
Figure2-2 PPPoE ADSL User Interface
For PPPoE (ADSL User): This option is for PPPoE users who are required to enter a
username and password in order to connect, such as ADSL users.
Current Status: Displays the current line status of the PPPoE connection.
IP Address: Displays the IP Address of the PPPoE connection
Username: Enter the PPPoE username provided by the ISP.
Password: Enter the PPPoE password provided by the ISP.
IP Address provided by ISP:
Dynamic: Select this if the IP address is automatically assigned by the ISP.
47
Page 53
Fixed: Select this if you were given a static IP address. Enter the IP address that is given to
you by your ISP.
Upload/Download Bandwidth:The bandwidth your ISP provided. (Maximum bandwidth for
Upload/Download Bandwidth is 10Mbps)
Service-On-Demand:
Auto Disconnect: The PPPoE connection will automatically disconnect after a length of idle
time (no activities). Enter in the amount of idle minutes before disconnection. Enter ‘0’ if
you do not want the PPPoE connection to disconnect at all.
Ping: Select this to allow the external network to ping the IP Address of the Firewall. This
will allow people from the Internet to be able to ping the Firewall. If set to enable, the Security
Bandwidth Manager will respond to echo request packets from the external network.
WebUI: Select this to allow the Security
External (WAN) network. This will allow the WebUI to be configured from a user on the
Internet. Keep in mind that the Security
and password to enter the WebUI.
After completing the setting, click OK.
Bandwidth Manager WEBUI to be accessed from the
Bandwidth Manager always requires a username
48
Page 54
For Dynamic IP Address (Cable Modem User): This option is for users who are
automatically assigned an IP address by their ISP, such as cable modem users. The
following fields apply:
IP Address: The dynamic IP address obtained by the Firewall from the ISP will be displayed
here. This is the IP address of the External (WAN) port of the Security
MAC Address: This is the MAC Address of the Security
User Name (Some ISPs may require):This is provided by your ISP.
Hostname: This will be the name assign to the Security
modem ISP assign a specific hostname in order to connect to their network. Please enter
the hostname here. If not required by your ISP, you do not have to enter a hostname.
Max. Upstream/Downstream Bandwidth: The bandwidth provided by ISP.
(Upstream/Downstream can be up to 10Mbps)
Renew: Requests for receiving the new WAN IP address.
Release: Requests for releasing the obtained WAN IP address.
Ping: Select this to allow the external network to ping the IP Address of the Firewall. This
will allow people from the Internet to be able to ping the Firewall. If set to enable, the
Security
WebUI: Select this to allow the Security
External (WAN) network. This will allow the WebUI to be configured from a user on the
Internet. Keep in mind that the Security
Bandwidth Manager will respond to echo request packets from the external network.
Bandwidth Manager WEBUI to be accessed from the
Bandwidth Manager always requires a username
Bandwidth Manager.
Bandwidth Manager. Some cable
Bandwidth Manager.
and password to enter the WebUI.
49
Page 55
After setting all of the parameters, click OK button.
!!
Figure2-3 Dynamic IP Address (Cable Modem User)
50
Page 56
For Static IP Address: This option is for users who are assigned a static IP Address from
their ISP. Your ISP will provide all the information needed for this section such as IP Address,
Netmask, Gateway, and DNS. Use this option if you have more than one public IP Address
assigned to you.
IP Address: Enter the static IP address assigned to you by your ISP. This will be the public
IP address of the External (WAN) port of the Security
Netmask: This will be the Netmask of the external (WAN) network. (i.e. 255.255.255.0)
Default Gateway: This will be the Gateway IP address.
DNS Server 1/2: Enter the DNS 1/2 server provided by ISP. (See Note.)
Max. Upstream Bandwidth/Max. Downstream Bandwidth: The bandwidth provided by ISP.
(Upstream/Downstream can be up to 10Mbps)
Ping: Select this to allow the external network to ping the IP Address of the Firewall. This
will allow people from the Internet to be able to ping the Firewall. If set to enable, the
Security
WebUI: Select this to allow the Security
External (WAN) network. This will allow the WebUI to be configured from a user on the
Internet. Keep in mind that the Security
and password to enter the WebUI.
After setting all of the interface address, click OK button.
Bandwidth Manager will respond to echo request packets from the external network.
Bandwidth Manager WEBUI to be accessed from the
Bandwidth Manager always requires a username
Bandwidth Manager.
!!
Figure2-4 WAN interface setup for Static IP Address
51
Page 57
If you want to set up DNS Server, you have to go to Virtual Server function to map the real IP
address from DNS server to the corresponding private IP address of internal DNS server.
Enter the mapped IP address of internal server in DNS server address field.
52
Page 58
For PPTP (European User Only): This option is for PPTP users who are required to enter a
username and password in order to connect, especially for European Users.
Current Status: Displays the current line status of the PPTP connection.
IP Address: Displays the IP Address of the PPTP connection
Username: Enter the PPTP username provided by the ISP.
Password: Enter the PPTP password provided by the ISP.
Local IP: Select To obtain an IP address automatically or Use the following IP address.
MAC Address: This is the MAC Address of the Bandwidth Manager.
Hostname: This will be the name assign to the Bandwidth Manager. Please enter the
hostname here. If not required by your ISP, you do not have to enter a hostname.
Domain Name: This will be the domain name assign to the Bandwidth Manager.
IP Address: Enter the IP address assigned to you by your ISP. This will be the public IP
address of the External (WAN) port of the Bandwidth Manager.
Netmask: This will be the Netmask of the external (WAN) network. (i.e. 255.255.255.0)
Default Gateway: This will be the Gateway IP address.
PPTP Gateway: This will be the PPTP Server IP address.
Connect ID: Enter the phone number that provided and asked by some ISP. (Optional)
Max. Upstream/Downstream Bandwidth: The bandwidth provided by ISP.
(Upstream/Downstream can be up to 10Mbps)
BEZEQ-ISRAEL: The selection especially for the user who wants to connect to Bezeq (the
Israeli phone company which doesn’t conform to the RFC protocol).
Service-On-Demand:
Auto Disconnect: The PPTP connection will automatically disconnect after a length of idle
time (no activities). Enter in the amount of idle minutes before disconnection. Enter ‘0’ if
you do not want the PPTP connection to disconnect at all.
53
Page 59
Address
The Security Bandwidth Manager allows the Administrator to set Interface addresses of the
LAN network, LAN network group, WAN network, WAN group.
What is the Address Table?
An IP address in the Address Table can be an address of a computer or a sub network. The
Administrator can assign an easily recognized name to an IP address. Based on the network
it belongs to, an IP address can be an LAN IP address, WAN IP address . If the Administrator
needs to create a control policy for packets of different IP addresses, he can first add a new
group in the LAN Network Group or the WAN Network Group and assign those IP
addresses into the newly created group. Using group addresses can greatly simplify the
process of building control policies.
With easily recognized names of IP addresses and names of address groups shown in the
address table, the Administrator can use these names as the source address or destination
address of control policies. The address table should be built before creating control policies,
so that the Administrator can pick the names of correct IP addresses from the address table
when setting up control policies.
How to use Address Table
With easily recognized names of IP addresses and names of address groups shown in the
address table, the Administrator can use these names as the source address or destination
address of control policies. The address table should be built before creating control policies,
so that the Administrator can pick the names of correct IP addresses from the address table
when setting up control policies.
54
Page 60
LAN
Entering the LAN window
Step 1. Click LAN under the Address menu to enter the LAN window. The current setting
information such as the name of the LAN network, IP and Netmask addresses will
show on the screen.
!!
Figure3-1 LAN
Definition
Name: Name of LAN network address.
IP:IP address of LAN network
Netmask: Netmask of LAN network.
MAC Address: MAC address corresponded with LAN IP address.
Configure: You can configure the settings in LAN network. Click Modify to change the
parameters in LAN network. Click Remove to delete the settings.
In the LAN window, if one of the members has been added to Policy or LAN Group, the
Configure column will show the message – In Use. In this case, you are not allowed to
modify or remove the setting.
55
Page 61
Adding a new LAN Address
Step 1. In the LAN window, click the New Entry button.
Step 2. In the Add New Address window, enter the settings of a new LAN network
address.
Step 3. Click OK to add the specified LAN network or click Cancel to cancel the changes.
Figure3-2 Add New IP Address in LAN
If you want to enable Add in Static DHCP function, enter the MAC Address then check the
Add in Static DHCP.
56
Page 62
Modifying an LAN Address
Step 1. In the LAN window, locate the name of the network to be modified. Click the
Modify option in its corresponding Configure field. The Modify Address window
appears on the screen immediately.
Step 2. In the Modify Address window, fill in the new addresses.
Step 3. Click OK to save changes or click Cancel to discard changes.
Figure3-3 Modify LAN IP Address
57
Page 63
Removing a LAN Address
Step 1. In the LAN window, locate the name of the network to be removed. Click the
Remove option in its corresponding Configure field.
Step 2. In the Remove confirmation pop-up box, click OK to remove the address or click
Cancel to discard changes.
Figure3-4 Remove LAN IP Addresses
58
Page 64
LAN Group
Entering the LAN Group window
The LAN Addresses may be combined together to become a group.
Step 1. Click LAN Group under the Address menu to enter the LAN Group window. The
current setting information for the LAN network group appears on the screen.
!!
Figure3-5 LAN Group
Definitions (LAN group):
Name: Name of the LAN group.
Member: Members of the group.
Configure: Configure the settings of LAN group. Click Modify to change the settings of LAN
group. Click Remove to delete the group.
In the LAN Group window, if one of the LAN Group has been added to Policy, the Configure
column will show the message – In Use. In this case, you are not allowed to modify or remove
the LAN group. You have to delete the Group in Policy window, and then you are allowed to
configure the LAN Group.
59
Page 65
Adding a LAN Group
Step 1. In the LAN Group window, click the New Entry button to enter the Add New
Address Group window.
Step 2. In the Add New Address Group window:
" Available Address: list the names of all the members of the LAN network.
" Selected Address: list the names to be assigned to the new group.
" Name: enter the name of the new group in the open field.
Step 3. Add members: Select names to be added in Available Address list, and click the
Add>> button to add them to the Selected Address list.
Step 4. Remove members: Select names to be removed in the Selected Address list,
and click the <<Remove button to remove these members from Selected
Address list.
Step 5. Click OK to add the new group or click Cancel to discard changes.
Figure3-6 Add New LAN Group
60
Page 66
Modifying a LAN Group
Step 1. In the LAN Group window, locate the network group desired to be modified and
click its corresponding Modify option in the Configure field.
Step 2. A window displaying the information of the selected group appears:
" Available Address: list names of all members of the LAN network.
" Selected Address: list names of members which have been assigned to this
group.
Step 3. Add members: Select names in Available Address list, and click the Add>>
button to add them to the Selected Address list.
Step 4. Remove members: Select names in the Selected Address list, and click the
<<Remove button to remove these members from the Selected Address list.
Click OK to save changes or click Cancel to discard changes.
Figure3-7 Modify LAN Group
61
Page 67
Removing a LAN Group
Step 1. In the LAN Group window, locate the group to be removed and click its
corresponding Remove option in the Configure field.
Step 2. In the Remove confirmation pop-up box, click OK to remove the group or click
Cancel to discard changes.
Figure 3-8 Remove LAN Group
62
Page 68
WAN
Entering the WAN window
Step 1. Click WAN under the Address menu to enter the WAN window. The current
setting information, such as the name of the WAN network, IP and Netmask
addresses will show on the screen.
!!
Figure3-9 WAN
Definitions
Name: Name of WAN network address.
IP/Netmask: IP address/Netmask of WAN network.
Configure: Configure the settings of WAN network. Click Modify to change the settings of
WAN network. Click Remove to delete the setting of WAN network.
In the WAN Network window, if one of the members has been added to Policy or LAN
Group, the Configure column will show the message – In Use. In this case you are not
allowed to modify or remove the settings.
63
Page 69
Adding a new WAN Address
Step 1. In the WAN window, click the New Entry button.
Step 2. In the Add New Address window, enter the settings for a new WAN network
address.
Step 3. Click OK to add the specified WAN network or click Cancel to discard changes.
Figure3-10 Add WAN IP Address
64
Page 70
Modifying an WAN Address
Step 1. In the WAN table, locate the name of the network to be modified and click the
Modify option in its corresponding Configure field.
Step 2. The Modify Address window will appear on the screen immediately. In the
Modify Address window, fill in new addresses.
Step 3. Click OK to save changes or click Cancel to discard changes.
Figure3-11 Modify WAN IP Address
65
Page 71
Removing an WAN Address
Step 1. In the WAN table, locate the name of the network to be removed and click the
Remove option in its corresponding Configure field.
Step 2. In the Remove confirmation pop-up box, click OK to remove the address or click
Cancel to discard changes.
Figure3-12 Remove a WAN IP address
66
Page 72
WAN Group
Entering the WAN Group window
Step 1. Click the WAN Group under the Address menu bar to enter the WAN window.
The current settings for the WAN network group(s) will appear on the screen.
!!
Figure3-13 WAN Group
Definitions:
Name: Name of the WAN group.
Member: Members of the group.
Configure: Configure the settings of WAN group. Click Modify to change the parameters of
WAN group Click Remove to delete the selected group
.
In the WAN Group window, if one of the members has been added to the Policy, “In
Use” message will appear in the Configure column. You are not allowed to modify or remove
the settings. Go to the Policy window to remove the setting, and then you can configure.
67
Page 73
Adding an WAN Group
Step 1. In the WAN Group window, click the New Entry button and the Add New
Address Group window will appear.
Step 2. In the Add New Address Group window the following fields will appear:
" Name: enter the name of the new group.
" Available Address: List the names of all the members of the WAN network.
" Selected Address: List the names to assign to the new group.
" Add members: Select the names to be added in the Available Address list,
and click the Add>> button to add them to the Selected Address list.
" Remove members: Select the names to be removed in the Selected
Address list, and click the <<Remove button to remove them from the
Selected Address list.
Step 3. Click OK to add the new group or click Cancel to discard changes.
3-14 Add a new WAN Group
68
Page 74
Modifying a WAN Group
Step 1. In the WAN Group window, locate the network group to be modified and click its
corresponding Modify button in the Configure field.
Step 2. A window displaying the information of the selected group appears:
" Available Address: list the names of all the members of the WAN network.
" Selected Address: list the names of the members that have been assigned to
this group.
Step 3. Add members: Select the names to be added in the Available Address list, and
click the Add>> button to add them to the Selected Address list.
Step 4. Remove members: Select the names to be removed in the Selected Address
list, and click the <<Remove button to remove them from the Selected Address
list.
Step 5. Click OK to save changes or click Cancel to discard changes.
3-15 Modify a WAN Group
69
Page 75
Removing a WAN Group
Step 1. In the WAN Group window, locate the group to be removed and click its
corresponding Modify option in the Configure field.
Step 2. In the Remove confirmation pop-up box, click OK to remove the group or click
Cancel to discard changes.
Figure 3-16 Remove WAN Group
70
Page 76
Service
In this section, network services are defined and new network services can be added.
There are three sub menus under Service which are: Pre-defined, Custom, and Group.
The Administrator can simply follow the instructions below to define the protocols and port
numbers for network communication applications. Users then can connect to servers and
other computers through these available network services.
What is Service?
TCP and UDP protocols support varieties of services, and each service consists of a TCP
Port or UDP port number, such as TELNET(23), SMTP(21), POP3(110),etc. The Security
Bandwidth Manager defines two services: pre-defined service and custom service. The
common-use services like TCP and UDP are defined in the pre-defined service and cannot
be modified or removed. In the custom menu, users can define other TCP port and UDP
port numbers that are not in the pre-defined menu according to their needs. When defining
custom services, the client port ranges from 1024 to 65535 and the server port ranges from 0
to 1023.
How do I use Service?
The Administrator can add new service group names in the Group option under Service
menu, and assign desired services into that new group. Using service group the
Administrator can simplify the processes of setting up control policies. For example, there are
10 different computers that want to access 5 different services on a server, such as HTTP,
FTP, SMTP, POP3, and TELNET. Without the help of service groups, the Administrator
needs to set up 50 (10x5) control policies, but by applying all 5 services to a single group
name in the service field, it takes only one control policy to achieve the same effect as the 50
control policies.
71
Page 77
Pre-defined
Entering a Pre-defined window
Step 1. Click Pre-defined under it. A window will appear with a list of services and their
associated IP addresses. This list cannot be modified.
!!
Figure4-1 Pre-defined Service
Icons and Descriptions
Figu
Description
TCP services, i.g. FTP、FINGER、HTTP、、HTTPS 、IMAP、SMTP、
POP3、ANY、AOL、BGP、GOPHER、InterLocator、IRC、L2TP、
LDAP、NetMeeting、NNTP、PPTPReal、 Media、RLOGIN、SSH、
TCP ANY、TELNET、VDO Live、WA IS 、WINFRAME、
UDP services, i.g. IKE、DNS、NTP、IRC、RIP、SNMP、SYSLOG、
TALK、TFTP、UDP-ANY、UUC, etc.
ICMP services, i.g. PING、TRACEROUTE, etc.
72
Page 78
Custom
Entering the Custom window
Step 1. Click Custom under it. A window will appear with a table showing all services
currently defined by the Administrator.
!!
Figure4-2 Custom Service
Definitions:
Service name: The defined service name.
Protocol: Network protocol used in the basic setting. Such as TCP、UDP or others.
Client port: The range of Client port in defined service.
If the number of ports entered in the two fields of Client port is different, it means that the port
numbers between these two numbers are opened. If the number of ports entered in the two
fields of Client port is identical, it means that the entered port number is opened.
Service port: The range of Service port in defined service.
If the number of ports entered in the two fields of Service port is different, it means that the
port numbers between these two numbers are opened. If the number of ports entered in the
two fields of Service port is identical, it means that the entered port number is opened.
Configure: Configure the settings in Service table. Click Modify to change the parameters in
Service table. Click Remove to delete the selected setting.
Note: In the Custom window, if one of the services has been added to Policy or Group, ”In
73
Page 79
Use” message will appear in the Configure column. In this case you are not allowed to
modify or remove the settings. Go to the Policy or Group window to delete the setting, and
then you can configure the settings.
74
Page 80
Adding a new Service
In the Custom window, click the New Entry button and a new service table appears.
In the new service table:
" New Service Name: This will be the name referencing the new service.
" Protocol: Enter the network protocol type to be used, such as TCP, UDP, or
Other (please enter the number for the protocol type).
" Client Port: enter the range of port number of new clients.
" Server Port: enter the range of port number of new servers.
The client port ranges from 1024 to 65535 and the server port ranges from 0 to 1023.
Step 1. Click OK to add new services, or click Cancel to cancel.
Step 2. Click OK to accept editing; or click Cancel.
Figure4-3 Add New Custom Service
75
Page 81
Modifying Custom Services
Step 1. A table showing the current settings of the selected service appears on the
screen
Step 2. Enter the new values.
Step 3. Click OK to accept editing; or click Cancel.
Figure4-4 Modify Custom Service
76
Page 82
Removing Custom Services
Step 1. Click its corresponding Remove option in the Configure field.
Step 2. In the Remove confirmation pop-up box, click OK to remove the selected service
or click Cancel to cancel action.
Figure4-5 Remove Custom Service
77
Page 83
Group
Accessing the Group window
Step 1. Click Group under it. A window will appear with a table displaying current
service group settings set by the Administrator.
!!
Figure4-6 Service Group
Definitions:
Group name: The Group name of the defined Service.
Service: The Service item of the Group.
Configure: Configure the settings of Group. Click Modify to change the parameters of the
Group. Click Remove to delete the Group.
In the Group window, if one of the Service Groups has been added to Policy. “In Use”
message will appear in the Configure column. You are not allowed to modify or remove the
settings. Go to the Policy window, remove the Service group first, and then you are allowed to
configure the setting.
78
Page 84
Adding Service Groups
Step 1. In the Group window, click the New Entry button.
Step 2. In the Add Service Group window, the following fields will appear:
" Available Services: list all the available services.
" Selected Services: list services to be assigned to the new group.
Step 3. Enter the new group name in the group Name field. This will be the name
referencing the created group.
Step 4. To add new services: Select the services desired to be added in the Available
Services list and then click the Add>> button to add them to the group.
Step 5. To remove services: Select services desired to be removed in the Available
Services, and then click the <<Remove button to remove them from the group.
Step 6. Click OK to add the new group.
Figure4-7 Add New Group
79
Page 85
Modifying Service Groups
Step 1. In the Mod (modify) group window the following fields are displayed:
" Available Services: lists all the available services.
" Selected Services: list services that have been assigned to the selected
group.
Step 2. Add new services: Select services in the Available Services list, and then click
the Add>> button to add them to the group.
Step 3. Remove services: Select services to be removed in the Selected Services list,
and then click the <<Remove button to remove theses services from the group.
Step 4. Click OK to save editing changes.
Figure4-8 Modify Group
80
Page 86
Removing Service Groups
In the Remove confirmation pop-up box, click OK to remove the selected service group or
click Cancel to cancel removing.
Figure4-9 Remove Group
81
Page 87
Schedule
The Security Bandwidth Manager allows the Administrator to configure a schedule for policies
to take affect. By creating a schedule, the Administrator is allowing the Security Bandwidth
Manager policies to be used at those designated times only. Any activities outside of the
scheduled time slot will not follow the Security Bandwidth Manager policies therefore will likely
not be permitted to pass through the Security Bandwidth Manager. The Administrator can
configure the start time and stop time, as well as creating 2 different time periods in a day.
For example, an organization may only want the Security Bandwidth Manager to allow the
LAN network users to access the Internet during work hours. Therefore, the Administrator
may create a schedule to allow the Security Bandwidth Manager to work Monday-Friday,
8AM-5PM only. During the non-work hours, the Security Bandwidth Manager will not allow
Internet access.
82
Page 88
Accessing the Schedule window
Step 1. Click on Schedule on the menu bar and the schedule window will appear
displaying the active schedules.
!!
Figure5-1 Schedule
The following items are displayed in this window:
Name: the name assigned to the schedule
Comment: a short comment describing the schedule
Configure: modify or remove
83
Page 89
Adding a new Schedule
Step 1. Click on the New Entry button and the Add New Schedule window will appear.
" Schedule Name: Fill in a name for the new schedule.
" Period 1: Configure the start and stop time for the days of the week that the
schedule will be active.
Step 2. Click OK to save the new schedule or click Cancel to cancel adding the new
schedule.
Figure5-2 Add New Schedule
In setting a Schedule, the value in Start time must be less than the value in Stop Time,
or you cannot add or configure the setting.
84
Page 90
Modifying a Schedule
Step 1. In the Schedule window, find the policy to be modified and click the
corresponding Modify option in the Configure field. Make needed changes.
Step 2. Click OK to save changes.
Figure5-3 Modify Schedule
85
Page 91
Removing a Schedule
Step 1. In the Schedule window, find the policy to be removed and click the
corresponding Remove option in the Configure field.
Step 2. A confirmation pop-up box will appear, click on OK to remove the schedule.
Figure5-4 Remove Schedule
86
Page 92
QoS
By configuring the QoS, you can control the outbound Upstream/downstream Bandwidth.
The administrator can configure the bandwidth according to the WAN bandwidth.
Downstream Bandwidth: To configure the Guaranteed Bandwidth and Maximum
Bandwidth.
Upstream Bandwidth: To configure the Guaranteed Bandwidth and Maximum Bandwidth.
QoS Priority:To configure the priority of distributing Upstream/Downstream and unused
bandwidth.
The Security
suitable QoS through Policy to control and efficiently distribute bandwidth. The Security
Bandwidth Manager also makes it convenient for the administrator to use the Security
Bandwidth Manager with the best Utility.
Bandwidth Manager configures the bandwidth by different QoS , and selects the
87
Page 93
Configuration of QoS
Click QoS in the menu bar on the left hand side.
!!
Definitions:
Name:The name of the QoS you want to configure.
Downstream Bandwidth:To configure the Guarateed Bandwidth and Maximum Bandwidth.
Upstream Bandwidth:To configure the Guarateed Bandwidth and Maximum Bandwidth.
QoS Priority:To configure the priority of distrubuting Upstream/Downstream and unused
bandwidth.
88
Page 94
Add New QoS
Step 1. Click QoS in the menu bar on the left hand side.
Step 2. Click the New Entry button to add new QoS.
Definition
Name:The name of the QoS you want to configure.
Downstream Bandwidth:To configure the Guarateed Bandwidth and Maximum
Bandwidth.
Upstream Bandwidth:To configure the Guarateed Bandwidth and Maximum
Bandwidth.
QoS Priority:To configure the priority of distrubuting Upstream/Downstream and
unused bandwidth.
Click the OK button to add new QoS.
89
Page 95
Modify QoS
Step 1. Click QoS in the menu bar on the left hand side.
Click the Modify button to modify QoS.
Definition:
Name:The name of the QoS you want to configure.
Downstream Bandwidth:To configure the Guarateed Bandwidth and Maximum
Bandwidth.
Upstream Bandwidth:To configure the Guarateed Bandwidth and Maximum
Bandwidth.
QoS Priority:To configure the priority of distrubuting Upstream/Downstream and
unused bandwidth.
Click the OK button to modify QoS.
90
Page 96
Delete QoS
Step 1. In the QoS window, find the QoS you want to change, and click Delete in the
Configure column.
Step 2. In the Delete QoS window, click OK to delete the QoS or click Cancel to discard
the change.
91
Page 97
Authentication
By configuring the Authentication, you can control the user’s (Internal user or remote user
who connect by VPN and IPSec) connection authority. The user has to pass the
authentication to access to Internet.
92
Page 98
Add New User
STEP 1﹒Setting the user’s Address in LAN of Address function.
93
Page 99
STEP 2﹒Enter the following setting in Authentication function:
" Click New User
" Auth-User Name: Enter guest
" Password: Enter 1234
" Confirm Password: Enter 1234
" Click OK
" Complete Authentication Setting
"
94
Page 100
STEP 3﹒Add a policy in Outgoing Policy and input the Address and
Authentication of STEP1, 2
95
Loading...