AirLive RS-1200 User Manual

RS-1200

Dual WAN Security Gateway

User’s Manual

System

Chapter 1

Chapter 2

Administration ……………………………………………. 5 Admin ……………………………………………………... 7 Permitted IPs …………………………………………….. 9 Logout ………………………………………………….…. 10 Software Update …………………………………………. 11

Configure ………………………………………………….. 12 Setting ………………………………………………….…. 17 Date/Time …………………………………………………. 22 Multiple Subnet … ……………………………...… … … … 23 RouteTable ………………………………………………... 26 DHCP ………………………………………………………. 30

Interface

Chapter 3

DDNS ……………………………………………...… … … .. 32 Host Table ……………………………………………….… 34 Language ……………………………………………..……... 35

Interface …………………………………………………... 36 LAN ………………………………….……………………. 41 WAN ………………………………….…………………… 42 DMZ …………………………….………………………… 50

Policy Object

Chapter 4

Chapter 5

Chapter 6

Chapter 7

Chapter 8

Chapter 9

Address ……………………………………………………. 52 Example ………………………………….………………… 54 Service ………………………………………………….…. 62 Custom ………………………………….………………… 65 Group … ……………………………….………………….. 69

Schedule …………………………………………………. 72

QoS ………………………………………………….……. 75 Example ………………………………….………………. 78

Authentication …………………………………………… 81 Example ………………………………….………………. 86

Content Filtering ………………………………………… 90 URL ………………………………….…………………… 94 Script ……………………………….……………………. 97 P2P ………………………….…………………………… 99 IM …………………………….…………………………… 101 Download …………………………….…………………... 103

Chapter 10 Virtual Server………………………………………………... 105

Example ……………………………….………………….. 109

Chapter 11 VPN ………………………………………………………. 124

Example…………………………………………………….. 132

Policy

Chapter 12 Policy……………………………………………….……….. 156

Example ………………………………….………………. 162

Anti-Attack

Chapter13 Alert Setting ………………………………………………. 180

Internal Alert ……………………………………………… 185

Chapter14 Atack Alarm … … … ………………………………………. 189

Monitor

Internal Alarm …………………………………………….. 191 External Alarm ……………………………………………… 192

Chapter15 LOG ……………………………………………….……….. 194

Chapter16 Accounting

Traffic Log ……………………….………………………… 196 Event Log ……………………….………………………… 201 Connection Log … …………………….…………………. 204 Log Backup … … … ……………….……………………… 207

210

Report …………………….………………….

Outbound ……………………….………………………… 212

Inbound ………………………….………………………… 217

Chapter17 Statistics …………………………………………….…….. 223

WAN ……………………….………………………………. 225 Policy ……………………….……………………………… 227

Chapter18 Status …………………………………………….………… 229

Interface ……………………….………………………….. 230 Authentication ……………………….…………………… 232 ARP Table ……………………….………………………... 233 DHCP Clients ……………………….……………………. 234

Chapter 1

Administration

“System” is the managing of settings such as the privileges

of packets that pass through the AirLive RS-1200 and monitoring controls. The System Administrators can manage, monitor, and configure AirLive RS-1200 settings. But all configurations are “read-only” for all users other than the System Administrator; those users are not able to change any setting of the AirLive RS-1200.

Define the required fields of Administrator

Administrator Name:

 The username of Administrators and Sub Administrator for the RS-1200. The

admin user name cannot be removed; and the sub-admin user can be removed or configure.

The default Account: admin; Password: admin

Privilege:

 The privileges of Administrators (Admin or Sub Admin). The username of the main

Administrator is Administrator with reading / writing privilege. Administrator also can change the system setting, log system status, and to increase or delete sub-administrator. Sub-Admin may be created by the Admin by clicking

Admin

system setting value.

. Sub Admin have only read and monitor privilege and cannot change any

New Sub

Configure:

 Click Modify to change the “Sub-Administrator’s” password or click Remove to

delete a “Sub Administrator.”

Adding a new Sub Administrator

STEP 1﹒In the Admin WebUI, click the New Sub Admin button to create a

new Sub Administrator.

STEP 2﹒In the Add New Sub Administrator WebUI (Figure 1-1) and enter the

following setting:

 Sub Admin Name: sub_admin  Password: 12345  Confirm Password: 12345

STEP 3﹒Click OK to add the user or click Cancel to cancel it.

Figure1-1 Add New Sub Admin

Modify the Administrator’s Password

STEP 1﹒In the Admin WebUI, locate the Administrator name you want to edit, and

click on Modify in the Configure field.

STEP 2﹒The Modify Administrator Password WebUI will appear. Enter the

following information:

 Password: admin  New Password: 52364  Confirm Password: 52364 (Figure1-2)

STEP 3﹒Click OK to confirm password change.

Figure1-2 Modify Admin Password

Add Permitted IPs

STEP 1﹒Add the following setting in Permitted IPs of Administration: (Figure1-3)

 Name: Enter master  IP Address: Enter 163.173.56.11  Netmask: Enter 255.255.255.255  Service: Select Ping and HTTP  Click OK  Complete add new permitted IPs (Figure1-4)

Figure1-3 Setting Permitted IPs WebUI

Figure1-4 Complete Add New Permitted IPs

To make Permitted IPs be effective, it must cancel the Ping and WebUI selection

in the WebUI of RS-1200 that Administrator enter. (LAN, WAN, or DMZ Interface) Before canceling the WebUI selection of Interface, must set up the Permitted IPs first, otherwise, it would cause the situation of cannot enter WebUI by appointed Interface.

Logout

STEP 1﹒Click Logout in System to protect the system while Administrator are away.

(Figure1-5)

Figure1-5 Confirm Logout WebUI

STEP 2﹒Click OK and the logout message will appear in WebUI. (Figure1-6)

Figure1-6 Logout WebUI Message

Software Update

STEP 1﹒Select Software Update in SystemÆAdministraion,

and follow the steps below:

 To obtain the version number from Version Number and obt ain the latest

version from Internet. And save the latest version in the hardware of the PC, which manage the RS-1200

 Click Browse and choose the latest software version file.  Click OK and the system will update automatically. (Figure1-7)

Figure1-7 Software Update

It takes 3 minutes to update software. The system will reboot after update. During

the updating time, please don’t turn off the PC or leave the WebUI. It may cause some unexpected mistakes. (Strong suggests updating the software from LAN to avoid unexpected mistakes.)

Chapter 2

Configure

The Configure is according to the basic setting of the AirLive RS-1200. In this chapter the definition is Setting, Date/Time, Multiple Subnet, Route Table, DHCP, Dynamic DNS, Hosts Table, and Language settings.

Define the required fields of Settings

AirLive RS-1200 Configuration:

 The Administrator can import or export the system settings. Click OK to import the

file into the RS-1200 or click Cancel to cancel importing. You also can revive to default value here.

Email Settings:

 Select Enable E-mail Alert Notification under E-mail Settings. This function will

enable the RS-1200 to send e-mail alerts to the System Administrator when the network is being attacked by hackers or when emergency conditions occur. (It can be set from Settings-Hacker Alert in System to detect Hacker Attacks)

Web Management (WAN Interface):  The System Manager can change the port number used by HTTP port

anytime. (Remote WebUI management)

After HTTP port has changed, if the administrator want to enter WebUI from WAN, will have to change the port number of browser.

(For example: http://61.62.108.172:8080)

MTU Setting:  It provides the Administrator to modify the networking package length anytime. Its

default value is 1500 Bytes

Link Speed / Duplex Mode:

 By this function can set the transmission speed and mode of WAN Port when

connecting other device

Administration Packet Logging:

 After enable this function; the RS-1200 will record packet which source IP or

destination address is RS-1200. And record in Traffic Log for System Manager to inquire about.

Define the required fields of Time Settings

Synchronize Time/Date:

 Synchronizing the RS-1200 with the System Clock. The administrator can

configure the Time Server (NTP) or by syncing to your computer’s clock.

RS-1200’s date and time by either syncing to an Internet Network

GMT:

 International Standard Time (Greenwich Mean Time)

Define the required fields of Multiple Subnet

Forwarding Mode:

 To display the mode that Multiple Subnet use. (NAT mode or Routing Mode)

WAN Interface Address:

 The IP address that Multiple Subnet corresponds to WAN.

LAN Interface Address/Subnet Netmask:

 The Multiple Subnet range

NAT Mode:

 It allows Internal Network to set multiple subnet address and connect with the

Internet through different WAN IP Addresses. For example：The lease line of a company applies several real IP Addresses 168.85.88.0/24, and the company is divided into R&D department, service, sales department, procurement department, accounting department, the company can distinguish each department by different subnet for the purpose of managing conveniently. The settings are as the following：

1. R&D department subnet：192.168.1.1/24(LAN) ÅÆ 168.85.88.253(WAN)

2. Service department subnet：192.168.2.1/24(LAN) ÅÆ 168.85.88.252(WAN)

3. Sales department subnet：192.168.3.1/24(LAN) ÅÆ 168.85.88.251(WAN)

4. Procurement department subnet

192.168.4.1/24(LAN) ÅÆ 168.85.88.250(WAN)

5. Accounting department subnet

192.168.5.1/24(LAN) ÅÆ 168.85.88.249(WAN)

The first department (R&D department) had set while setting interface IP; the other four ones have to be added in Multiple Subnet. After completing the settings, each department uses the different WAN IP Address to connect to the Internet. The settings of each department are as following:

Service Sales Procurement Accounting IP Address 192.168.2.2~254 192.168.3.2~254 192.168.4.2~254 192.168.5.2~254 Subnet Netmask 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 Gateway 192.168.2.1 192.168.3.1 192.168.4.1 192.168.5.1

Routing Mode:

 It is the same as NAT mode approximately but does not have to correspond to the

real WAN IP address, which let internal PC to access to Internet by its own IP. (External user also can use the IP to connect with the Internet)

Define the required fields of DHCP

Subnet:

 The domain name of LAN

NetMask:

 The LAN Netmask

Gateway:

 The default Gateway IP address of LAN

Broadcast IP:

 The Broadcast IP of LAN

Define the required fields of DDNS

Domain Name:

 The domain name that provided by DDNS

WAN IP Address:

 The WAN IP Address, which the domain name corresponds to.

Define the required fields of Host Table

Domain Name:

 It can be set by System Manager. To let the internal user to access to the

information that provided by the host by this domain name

Virtual IP Address:

 The virtual IP address respective to Host Table. It must be LAN or DMZ IP

address.

System Settings- Exporting

STEP 1﹒In System Setting WebUI, click on button next to

Export System Settings to Client.

STEP 2﹒When the File Download pop-up window appears, choose the destination

place where to save the exported file and click on Save. The setting value of RS-1200 will copy to the appointed site instantly. (Figure2-1)

Figure2-1 Select the Destination Place to Save the Exported File

System Settings- Importing

STEP 1﹒In System Setting WebUI, click on the Browse button next to Import

System Settings from Client. When the Choose File pop-up window

appears, select the file to which contains the saved RS-1200 Settings, then click OK. (Figure2-2)

STEP 2﹒Click OK to import the file into the RS-1200 (Figure2-3)

Figure 2-2 Enter the File Name and Destination of the Imported File

Figure 2-3 Upload the Setting File WebUI

Restoring Factory Default Settings

STEP 1﹒Select Reset Factory Settings in RS-1200 Configuration WebUI

STEP 2﹒Click OK at the bottom-right of the page to restore the factory settings.

(Figure2-4)

Figure2-4 Reset Factory Settings

Enabling E-mail Alert Notification

STEP 1﹒Select Enable E-mail Alert Notification under E-Mail Settings.

STEP 2﹒Device Name: Enter the Device Name or use the default value.

STEP 3﹒Sender Address: Enter the Sender Address. (Required by some ISPs.)

STEP 4﹒SMTP Server IP: Enter SMTP server’s IP address.

STEP 5﹒E-Mail Address 1: Enter the e-mail address of the first user to be notified.

STEP 6﹒E-Mail Address 2: Enter the e-mail address of the second user to be

notified. (Optional)

STEP 7﹒Click OK on the bottom-right of the screen to enable E-mail Alert Notification.

(Figure2-5)

Figure2-5 Enable E-mail Alert Notification

Click on Mail Test to test if E-mail Address 1 and E-mail Address 2 can receive the

Alert Notification correctly.

Reboot RS-1200

STEP 1﹒Reboot RS-1200：Click Reboot button next to Reboot

RS-1200 Appliance.

STEP 2﹒A confirmation pop-up page will appear.

STEP 3﹒Follow the confirmation pop-up page; click OK to restart RS-1200.

(Figure2-6)

Figure2-6 Reboot RS-1200

Date/Time Settings

STEP 1﹒Select Enable synchronize with an Internet time Server (Figure2-7)

STEP 2﹒Click the down arrow to select the offset time from GMT.

STEP 3﹒Enter the Server IP / Name with which you want to synchronize.

STEP 4﹒Set the interval time to synchronize with outside servers.

Figure2-7 System Time Setting

Click on the Sync button and then the RS-1200’s date and time will be

synchronized to the Administrator’s PC

The value of Set Offset From GMT and Server IP / Name can be looking for from

Assist.

Multiple Subnet

Connect to the Internet through Multiple Subnet NAT or Routing Mode by the IP address that set by the LAN user’s network card

Preparation

RS-1200 WAN1 (10.10.10.1) connect to the ISP Router (10.10.10.2) and the subnet that provided by ISP is 162.172.50.0/24 To connect to Internet, WAN2 IP (211.22.22.22) connects with ATUR.

Adding Multiple Subnet

Add the following settings in Multiple Subnet of System function:

 Click on New Entry  Alias IP of LAN Interface： Enter 162.172.50.1  Netmask：Enter 255.255.255.0  WAN1: Enter Interface IP 10.10.10.1, and choose Routing in

Forwarding Mode

 WAN2：Enter Interface IP 211.22.22.22, and choose NAT in

Forwarding Mode

 Click OK  Complete Adding Multiple Subnet (Figure2-8)

Figure 2-8 Add Multiple Subnet WebUI

WAN1 and WAN2 Interface can use Assist to enter the data.

After setting, there will be two subnet in LAN: 192.168.1.0/24 (default LAN subnet)

and 162.172.50.0/24. So if LAN IP is: ˙192.168.1.xx, it must use NAT Mode to access to the Internet. (In Policy it only can setup to access to Internet by WAN2. If by WAN1 Routing mode, then it cannot access to Internet by its virtual IP)

˙162.172.50.xx, it uses Routing mode through WAN1 (The Internet Server can see your IP 162.172.50.xx directly). And uses NAT mode through WAN2 (The Internet Server can see your IP as WAN2 IP)(Figure2-9)

Figure 2-9 Multiple Subnet Network

 The RS-1200’s Interface Status:

WAN1 IP： 10.10.10.1 WAN2 IP：211.22.22.22 LAN Port IP：192.168.1.1

LAN Port Multiple Subnet：162.172.50.1

Route Table To connect two different subnet router with the RS-1200 and

makes them to connect to Internet through RS-1200

Preparation

Company A: WAN1 (61.11.11.11) connects with ATUR to Internet WAN2 (211.22.22.22) connects with ATUR to Internet LAN subnet: 192.168.1.1/24 The Router1 which connect with LAN (10.10.10.1, support RIPv2)

its LAN subnet is 192.168.10.1/24

Company B: Router2 (10.10.10.2, support RIPv2), its LAN subnet is

192.168.20.1/24

Company A ‘s Router1 (10.10.10.1) connect directly with Company B ‘s

Router2 (10.10.10.2).

Route Table

STEP 1﹒Enter the following settings in Route Table in System function:

 【Destination IP】: Enter 192.168.10.1  【Netmask】: Enter 255.255.255.0。  【Gateway】: Enter 192.168.1.252  【Interface】: Select LAN  Click OK (Figure 2-10)

Figure2-10 Add New Static Route1

STEP 2﹒Enter the following settings in Route Table in System function:

 【Destination IP】: Enter 192.168.20.1  【Netmask】: Enter 255.255.255.0  【Gateway】: Enter 192.168.1.252  【Interface】: Select LAN  Click OK (Figure 2-11)

Figure2-11 Add New Static Route2

STEP 3﹒Enter the following setting in Route Table in System function:

 【Destination IP】: Enter 10.10.10.0  【Netmask】: Enter 255.255.255.0  【Gateway】: Enter 192.168.1.252  【Interface】: Select LAN  Click OK (Figure 2-12)

Figure2-12 Add New Static Route3

STEP 4﹒Adding successful. At this time the computer of 192.168.10.1/24,

192.168.20.1/24 and 192.168.1.1/24 can connect with each other and connect to Internet by NAT (Figure 2-13)

Figure 2-13 Route Table Setting

DHCP

STEP 1﹒Select DHCP in System and enter the following settings:

 Domain Name：Enter the Domain Name  DNS Server 1: Enter the distributed IP address of DNS Server1.  DNS Server 2: Enter the distributed IP address of DNS Server2.  WINS Server 1: Enter the distributed IP address of WINS Server1.  WINS Server 2: Enter the distributed IP address of WINS Server2.  LAN Interface:

 Client IP Address Range 1:

Enter the starting and the ending IP address dynamically assigning to DHCP clients. The default value is 192.168.1.2 to 192.168.1.254 (it must be in the same subnet)



Client IP Address Range 2:

Enter the starting and the ending IP address dynamically assigning to DHCP clients. But it must in the same subnet as Client IP Address Range 1 and the range cannot be repeated.

 DMZ Interface: the same as LAN Interface. (DMZ works only if to

enable DMZ Interface)

 Leased Time: Enter the leased time for Dynamic IP. The default time is

24 hours.

 Click OK and DHCP setting is completed. (Figure2-14)

+ 204 hidden pages