AirLive RS-3000 User Manual
RS-3000
Office UTM Gateway
User’s Manual
1
Copyright
The contents of this publication may not be reproduced in any part or as a whole, stored, transcribed in
an information retrieval system, translated into any language, or transmitted in any form or by any
means, mechanical, magnetic, electronic, optical, photocopying, manual, or otherwise, without the prior
written permission.
Trademarks
All products, company, brand names are trademarks or registered trademarks of their respective
companies. They are used for identification purpose only. Specifications are subject to be changed
without prior notice.
FCC Interference Statement
The RS-3000 has been tested and found to comply with the limits for a Class B digital device pursuant
to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against radio
interference in a commercial environment. This equipment can generate, use and radiate radio
frequency energy and, if not installed and used in accordance with the instructions in this manual, may
cause harmful interference to radio communications. Operation of this equipment in a resi dential are a is
likely to cause interference, in which case the user, at his own expense, will be required to take
whatever measures are necessary to correct the interference.
CE Declaration of Conformity
This equipment complies with the requirements relating to electromagnetic compatibility,
EN 55022/A1/A2, EN 61000-3-2, EN 61000-3-3/A1, EN 55024/A1/A2, Class B.
The specification is subject to change without notice.
Table of Contents
Chapter 1 Introduction..........................................................................................................3
1.1 Functions and Features......................................................................................................................3
1.2 Front Panel...........................................................................................................................................5
1.3 Packing List..........................................................................................................................................5
Chapter 2 Network Settings and Software Installation.................................................... 6
2.1 Make Correct Network Settings of Your Computer.........................................................................6
2.2 Example for configure RS-3000 Web UI..........................................................................................7
Chapter 3 Administration ................................................................................................. 10
3.1 Admin...................................................................................................................................................10
3.2 Permitted IP........................................................................................................................................12
3.3 Logout .................................................................................................................................................13
3.4 Software Update................................................................................................................................14
Chapter 4 Configure ......................................................................................................... 15
4.1 Setting.................................................................................................................................................15
4.2 Date/Time...........................................................................................................................................22
4.3 Multiple Subnet..................................................................................................................................23
4.4 Route Table ........................................................................................................................................26
4.5 DHCP..................................................................................................................................................28
4.6 Dynamic DNS.....................................................................................................................................30
4.7 Host Table...........................................................................................................................................31
4.8 SNMP..................................................................................................................................................32
4.9 Language............................................................................................................................................33
Chapter 5 Interface ........................................................................................................... 34
5.1 LAN......................................................................................................................................................36
5.2 WAN....................................................................................................................................................37
5.3 DMZ.....................................................................................................................................................44
Chapter 6 Address ............................................................................................................ 45
6.1 LAN......................................................................................................................................................47
6.2 LAN Group..........................................................................................................................................49
Chapter 7 Service..............................................................................................................52
7.1 Pre-defined.........................................................................................................................................53
7.2 Custom................................................................................................................................................54
7.3 Group...................................................................................................................................................57
Chapter 8 Schedule .......................................................................................................... 59
Chapter 9 QoS ................................................................................................................... 62
Chapter 10 Authentication ............................................................................................... 66
Chapter 11 Content Blocking........................................................................................... 73
1
1
1.1 URL....................................................................................................................................................75
11.2 Script .................................................................................................................................................77
11.3 Download..........................................................................................................................................79
11.4 Upload...............................................................................................................................................81
Chapter 12 Application Blocking..................................................................................... 83
Chapter 13 Virtual Server ................................................................................................. 88
13.1 Mapped IP........................................................................................................................................90
13.2 Virtual Server 1/2/3/4......................................................................................................................92
Chapter 14 VPN.................................................................................................................99
14.1 IPSec Autokey................................................................................................................................100
14.2 PPTP Server..................................................................................................................................103
14.3 PPTP Client....................................................................................................................................104
14.4 Trunk...............................................................................................................................................105
Chapter 15 Policy............................................................................................................ 126
Chapter 16 Mail Security ................................................................................................ 147
Chapter 17 Anti-Spam .................................................................................................... 152
17.1 Setting.............................................................................................................................................152
17.2 Rule.................................................................................................................................................156
17.3 Whitelist..........................................................................................................................................158
17.4 Blacklist...........................................................................................................................................158
17.5 Training...........................................................................................................................................159
17.6 Spam M ail.......................................................................................................................................159
Chapter 18 Anti-Virus ..................................................................................................... 201
Chapter 19 IDP ................................................................................................................ 212
19.1 Setting.............................................................................................................................................212
19.2 Signature........................................................................................................................................214
19.3 IDP Report......................................................................................................................................219
Chapter 20 Anomaly Flow IP.......................................................................................... 220
Chapter 21 Log................................................................................................................ 222
Chapter 22 Accounting Report ...................................................................................... 232
Chapter 23 Statistic ........................................................................................................ 243
Chapter 24 Diagnostic.................................................................................................... 248
24.1 Ping .................................................................................................................................................248
24.2 Traceroute......................................................................................................................................250
Chapter 25 Wake on Lan ................................................................................................ 251
Chapter 26 Status ........................................................................................................... 252
Chapter 27 Specification................................................................................................ 257
Chapter 28 Network Glossary........................................................................................ 264
2
C
h
a
p
t
e
r
1
IIn
t
r
o
d
u
c
t
i
o
n
C
h
a
p
t
e
r
1
t
r
o
d
u
C
h
a
p
t
e
r
1
I
nnt
r
Congratulations on your purchase of this outstanding RS-3000 Office UTM Gateway. This product is
specifically designed for the office that has the higher security re quest. It provides an a dvanced se curity
protection to internal clients or servers from threats, such as virus, spam and hacker attack. It can also
manage user’s access right for IM and P2P, to save precious bandwidth from being exhausting. With
all-in-one security device, user can fully utilize the budget to construct the security environment and
does not need to purchase the further device.
Instructions for installing and configuring this product can be found in this manual. Before you install and
use this product, please read this manual carefully for fully exploiting the functions of this product.
1.1 Functions and Features
Mail Security
o
d
u
c
c
t
i
o
n
t
i
o
n
Anti-Virus for Inbound E-mail filter
Integrated with Clam AV virus engine can filter the attached virus of incoming mail.
Regularly or manually updated virus pattern
The virus pattern can be auto updated regularly (every 10 minutes), or manually updated. And
the license is free.
Anti-Spam for Inbound E-mail filter
Built-in with Bayesian, fingerprint, verifying sender account, and checking sender IP in RBL
system work to filter spam mail automatically.
Mail Training system
Update system with the error judged type of mail, to improve the accurate rate of Anti-Spam.
Network Security
IDP (Intrusion Detection Prevention)
The IDP system provides the function to detect and stop the hacker software’s attack from
Internet. It filters the malicious packets based on the embedded signature database; user can
select to update the database by regularly or manually.
Anti-Virus for HTTP, FTP, P2P, IM, NetBIOS
RS-3000 Anti-Virus not only can filter mail, it also supports to scan HTTP, FTP, P2P, IM and
NetBIOS packets.
Detect and block the anomaly flow IP
Anomaly flow packets usually spread out to the network as abnormal type, and administrator
can configure the function to drop them.
3
IPSec and PPTP
VPN (Virtual Private Network) uses to secure the data transferring with encrypted and private
channel, IPSec provides high level of data encrypted, and PPTP provides easily configuration.
VPN Trunk
VPN trunk function allows user to create two VPN tunnels simultaneously, and offers VPN
fail-over feature.
IM / P2P Blocking
Currently IM and P2P can be managed separately the access right. IM types include MSN,
Yahoo Messenger, ICQ, QQ, Google Talk, Gadu-Gadu and Skype, and P2P types include
eDonkey, Bit Torrent, WinMX, Foxy, KuGoo, AppleJuice, AudioGalaxy, DirectConnect, iMesh,
MUTE, Thunder5, VNN Client, PPLive, Ultra-Surf, PPStream, GoGoBox, Tor, UUSee,
QQLive/QQGame, QQDownload, Ares, Hamachi, TeamViewer, and GLWorld.
Content Blocking
Four types of Internet services can be managed the access right: URL, Scripts (Popup,
ActiveX, Java, Cookie), Download and Upload.
User Authentication
User must pass the authenticated for the Internet accessed right. The account database can
VPN
be the local database, RADIUS and POP3 server.
QoS
Divided the bandwidth per service or IP address, to guarantee a certain bandwidth for the
specific service server to be accessed.
Personal QoS
Just a simple setting to unify the bandwidth of all internal clients.
Advanced functions
Multiple WANs Load Bal ance
Supports Round-Robin, By Traffic/Session/Packet Load Balance types to fit the different kinds
of request and environment
Load Balance by Source IP / Destination IP
WAN path will be defined based on the first access packets from Source IP or Destination IP.
The function can avoid the disconnection due to the specific server only accepts a single IP
per each client, such as banking system, and Internet on-line Ga me Server.
Multiple Subnet
Multiple LAN subnets are allowable to be configured simultaneously, but only the subnet of
LAN port supports the DHCP server function.
DMZ Transparent
The function uses to simulate WAN port real IP to DMZ device.
4
1.2 Front Panel
LED Color Status Description
POWER Green On Power on the device
Status
Figure 1-1 Front Panel
Green On Device is ready to use
Blinking Device is at the booting process
WAN 1/2
LAN
DMZ
Port Description
WAN 1/2
LAN
DMZ
Console Port
Green Blinking Packets is sending/receiving
Orange On Cable speed is 100 Mbps
Green Blinking Packets is sending/receiving
Orange On Cable speed is 100 Mbps
Green Blinking Packets is sending/receiving
Orange On Cable speed is 100 Mbps
Use this port to connect to a router, DSL modem, or Cable modem
Use this port to connect to the LAN network of the office
Connection to the Internet (FTP, SNMP, HTTP, DNS)
9-pin serial port connector for checking setting and restore to the
factory setting
1.3 Packing List
RS-3000 Office UTM Gateway
Installation CD-ROM
Quick Installation Guide
CAT-5 UTP Fast Ethernet cable
CAT-5 UTP Fast Ethernet cross-over cable
RS-232 cable
Power code
Accessories
5
f
t
w
a
r
e
I
n
s
t
a
l
l
a
t
i
C
h
a
p
t
e
r
2
N
e
t
w
o
r
k
S
e
t
t
i
n
g
s
a
n
d
S
o
o
f
t
w
a
r
e
I
n
s
t
C
h
a
p
t
e
r
2
N
e
t
w
o
r
k
S
e
t
t
i
n
g
s
a
n
d
S
f
t
w
a
r
C
h
a
p
t
e
r
2
N
e
t
w
o
r
k
S
e
t
t
i
n
g
s
a
n
d
S
o
To use this product correctly, you have to properly configure the network settings of your comp uters and
install the attached setup program into your MS Windows platform (Windows 95/98/NT/2000/XP).
2.1 Make Correct Network Settings of Your Computer
The default IP address of this product is 192.168.1.1, and the default subnet mask is 255.255.255.0.
These addresses can be changed on your need, but the default values are used in this manual. If the
TCP/IP environment of your computer has not yet been configured, you can refer to the example:
1. Configure IP as 192.168.1.2, subnet mask as 255.255.255.0 and gateway as 192.168.1.1, or
more easier,
2. Configure your computers to load TCP/IP setting automatically, that is, via DHCP server of this
product.
After installing the TCP/IP communication protocol, you can use the ping command to check if your
e
a
I
n
s
t
o
n
l
l
a
a
l
l
a
t
i
o
n
t
i
o
n
computer has successfully connected to this product. The following example shows the ping procedure
for Windows platforms. First, execute the ping command
ping 192.168.1.1
If the following messages appear:
Pinging 192.168.1.1 with 32 bytes of data:
Reply from 192.168.1.1: bytes=32 time=2ms TTL=64
A communication link between your computer and this product has been successfully established.
Otherwise, if you get the following messages,
Pinging 192.168.1.254 with 32 bytes of data:
Request timed out.
There must be something wrong in your installation procedure. You have to check the following items in
sequence:
1. Is the Ethernet cable correctly connected between this product and your computer?
Tip: The LAN LED of this product and the link LED of network card on your computer must be
lighted.
2. Is the TCP/IP environment of your computers properly configured?
Tip: If the IP address of this product is 192.168.1.1, the IP address of your computer must be
192.168.1.X and default gateway must be 192.168.1.1.
6
2.2 Example for configure RS-3000 Web UI
STEP 1:
1. Connect the Admin’s PC and the LAN port of the Security Gatewa y.
2. Open an Internet web browser and type the default IP address of the Security Gateway as
192.168.1.1 in the address bar.
3. A pop-up screen will appear and prompt for a username and password. Enter the default login
username (admin) and password (airlive) of Administrator.
Figure 2-1 Login page
STEP 2:
After entering the username and password, the Security Gateway WEB UI screen will display. Select
the Interface tab on the left menu and a sub-function list will be displayed.
Click on WAN from the sub-function list, enter proper the network setup information
Click Modify to modify WAN1/2 settings (i.e. WAN1 Interface)
WAN1 interface IP Address 60.250.158.66
NetMask 255.255.255.0
Default Gateway 60.250.158.254
DNS Server1 168.95.1.1
7
Figure 2-2 WAN interface setting page
STEP 3:
Click on the Policy tab from the main function menu, and then click on Outgoing from the sub-function
list.
STEP 4:
Click on New Entry button.
STEP 5:
When the New Entry option appears, enter the following configuration:
Source Address – select Inside_Any
Destination Address – select Outside_Any
Service - select ANY
Action - select Permit ALL
Click on OK to apply the changes.
8
Figure 2-3 Policy setting page
STEP 6:
The configuration is successful when the screen below is displayed. Make sure that all the computers
that are connected to the LAN port have their Default Gateway IP Address set to the Security Gateway’ s
LAN IP Address (i.e. 192.168.1.1). At this point, all the computers on the LAN network should gain
access to the Internet immediately.
Figure 2-4 Complete Policy setting page
9
C
h
a
p
t
e
r
3
A
d
m
i
n
i
s
t
r
a
t
i
o
n
C
h
a
p
t
e
r
3
A
d
m
i
n
i
s
t
r
C
h
a
p
t
e
r
3
A
d
m
i
“System” is the managing of settings such as the privileges of packets that pass through the RS-3000
and monitoring controls. The System Administrators can manage, monitor, and configure RS-3000
settings. But all configurations are “read-only” for all users other than the System Administrator; those
users are not able to change any setting of the RS-3000.
3.1 Admin
Administrator Name:
The username of Administrators and Sub Administrator for the RS-3000. The admin user name
cannot be removed; and the sub-admin user can be removed or modified.
The default Account: admin; Password: airlive
n
a
i
s
t
r
a
t
i
o
n
t
i
o
n
Privilege:
The privileges of Administrators (Admin or Sub Admi n). The username of the mai n Administ rator is
Administrator with reading / writing privilege. Administrator al so can cha ng e the system setting,
log system status, and to increase or delete sub-administrator. Sub-Admin may be created by the
Admin by clicking
cannot change any system setting value.
Configure:
Click Modify to change the “Sub-Administrator’s” password or click Remove to delete a “Sub
Administrator.”
New Sub Admin
. Sub Admin have only read and monitor privilege and
10
Adding a new Sub Administrator
STEP 1﹒In the Admin WebUI, click the New Sub Admin button to create a new Sub Administrator .
STEP 2
STEP 3
﹒
In the Add New Sub Administrator WebUI (Figure 3-1) and enter the following setting:
Sub Admin Name: sub_admin
Password: 12345
Confirm Password: 12345
﹒
Click OK to add the user or click Cancel to cancel it.
Figure 3-1 Add New Sub Admin
Modify the Administrator’s Password
STEP 1﹒In the Admin WebUI, locate the Administrator name you want to edit, and click on Modify in
the Configure field.
STEP 2
STEP 3
﹒
The Modify Administrator Password WebUI will appear. Enter the following information:
Password: admin
New Password: 52364
Confirm Password: 52364 (Figure 3-2)
﹒
Click OK to confirm password change.
Figure 3-2 Modify Admin Password
11
3.2 Permitted IP
Add Permitted IPs
STEP 1﹒Add the following setting in Permitted IPs of Administration: (Figure 3-3)
Name: Enter master
IP Address: Enter 163.173.56.11
Netmask: Enter 255.255.255.255
Service: Select Ping and HTTP
Click OK
Complete add new permitted IPs (Figure 3-4)
Figure 3-3 Setting Permitted IPs WebUI
Figure 3-4 Complete Add New Permitted Ips
To make Permitted IPs be ef fective, it must cancel the Ping and WebUI selection in the WebUI of
RS-3000 that Administrator enter. (LAN, WAN, or DMZ Interface)
Before canceling the WebUI selection of Interface, must set up the Permitted IPs first, otherwise, it
would cause the situation of cannot enter WebUI by appointed Interface.
12
3.3 Logout
STEP 1﹒Click Logout in System to protect the system while Administrator is away. (Figure 3-5)
Figure 3-5 Confirm Logout WebUI
STEP 2﹒Click OK and the logout message will appear in WebUI. (Figure 3-6)
Figure 3-6 Logout WebUI Message
13
3.4 Software Update
STEP 1
﹒
Select Software Update in System, and follow the steps below:
To obtain the version number from Version Number and obtain the latest version from
Internet. And save the latest version in the hardware of the PC, which manage the
RS-3000
Click Browse and choose the latest software version file.
Click OK and the system will update automatically. (Figure 3-7)
Figure 3-7 Software Update
It takes 3 minutes to update software. The system will reboot after update. During the updating
time, please don’t turn off the PC or leave the WebUI. It may cause some unexp ected mi sta kes. (Strong
suggests updating the software from LAN to avoid unexpected mistakes.)
14
C
h
a
p
t
e
r
4
C
o
n
f
i
g
u
r
e
C
h
a
p
t
e
r
4
C
o
n
f
C
h
a
p
t
e
r
4
C
The Configure is according to the basic setting of the RS-3000. In this chapter the definition is Setting,
Date/Time, Multiple Subnet, Route Table, DHCP, Dynamic DNS, Hosts Table, SNMP and Language
settings.
4.1 Setting
AirLive RS-3000 Configuration:
The Administrator can import or export the system settings. Click OK to import the file into the
RS-3000 or click Cancel to cancel importing. You also can revive to default value here.
Select Reset Factory Setting will reset RS-3000 as factory default setting.
Email Settings:
Select Enable E-mail Alert Notification under E-mail Settings. This function will enable the
RS-3000 to send e-mail alerts to the System Administrator when the network is being attacked by
o
n
i
f
i
g
g
u
u
r
e
r
e
hackers or when emergency conditions occur. (It can be set from Anomaly Flow IP Setting to
detect Hacker Attacks)
Web Management (WAN Interface):
The System Manager can change the port number used by HTTP port anytime. (Remote WebUI
management)
After HTTP port has changed, if the administrator wants to enter WebUI from WAN, will have to
change the port number of browser. (For example: http://61.62.108.172:8080)
MTU Setting:
It provides the Administrator to modify the networking package length anytime. Its default value is
1500 Bytes.
Link Speed / Duplex Mode:
By this function can set the transmission speed and mode of WAN Port when connecting other
device.
Dynamic Routing (RIPv2):
Select to enable the function of AirLive RS-3000 LAN, WAN1, WAN2 or DMZ Port to send/receive
RIPv2 packets, and communication between Internal Router or External Router, to update
Dynamic Routing.
15
SIP protocol pass-through:
Select to enable the function of RS-3000 of passing SIP protocol. It is also possible that the SIP
protocol can pass through RS-3000 without enabling this function depends on the SIP device’s
type you have.
Administration Packet Logging:
After enable this function; the RS-3000 will record packet which source IP or destination address
is RS-3000. And record in Traffic Log for System Manager to inquire about.
System Reboot:
Once this function is enabled, the Office UTM Gateway will be rebooted.
16
System Settings- Exporting
STEP 1﹒In System Setting WebUI, click on button next to Export System Settings to
Client.
STEP 2
﹒
When the File Download pop-up window appears, choose the destination place where to
Sav
save the exported file and click on
appointed site instantly. (Figure 4-1)
e. The setting value of RS-3000 will copy to the
Figure 4-1 Select the Destination Place to Save the Exported File
17
System Settings- Importing
STEP 1﹒In System Setting WebUI, click on the Browse button next to Import System Settings from
Client. When the Choose File pop-up window appears, select the file to which contains the
saved RS-3000 Settings, then click OK. (Figure 4-2)
STEP 2
﹒
Click OK to import the file into the RS-3000 (Figure 4-3)
Figure 4-2 Enter the File Name and Destination of the Imported File
Figure 4-3 Upload the Setting File WebUI
18
Restoring Factory Default Settings
STEP 1﹒Select Reset Factory Settings in RS-3000 Configuration WebUI
STEP 2
﹒
Click OK at the bottom-right of the page to restore the factory settings. (Figure 4-4)
Figure 4-4 Reset Factory Settings
19
Enabling E-mail Alert Notification
STEP 1﹒Select Enable E-mail Alert Notification under E-Mail Settings.
STEP 2
STEP 3
STEP 4
STEP 5
STEP 6
STEP 7
﹒
Device Name: Enter the Device Name or use the default value.
﹒
Sender Address: Enter the Sender Address. (Required by some ISPs.)
﹒
SMTP Server IP: Enter SMTP server’s IP address
﹒
E-Mail Address 1: Enter the e-mail address of the first user to be notified.
﹒
E-Mail Address 2: Enter the e-mail address of the second user to be notified. (Optional)
﹒
Click OK on the bottom-right of the screen to enable E-mail Alert Notification. (Figure 4-5)
Figure 4-5 Enable E-mail Alert Notification
Click on Mail Test to test if E-mail Address 1 and E-mail Address 2 can receive the Alert
Notification correctly.
20
Reboot RS-3000
STEP 1
STEP 2
STEP 3
﹒
Reboot RS-3000:Click Reboot button next to Reboot RS-3000 Appliance.
﹒
A confirmatio n pop-up page will appear.
﹒
Follow the confirmation pop-up page; click OK to restart RS-3000. (Figure 4-6)
Figure 4-6 Reboot RS-3000
21
4.2 Date/Time
Synchronize system clock:
Synchronizing the RS-3000 with the System Clock. The administrator can configure the
RS-3000’s date and time by either syncing to an Internet Network Time Server (NTP) or by
syncing to your computer’s clock.
STEP 1
STEP 2
STEP 3
STEP 4
STEP 5
﹒
Select Enable synchronize with an Internet time Server (Figure 4-7)
﹒
Click the down arrow to select the offset time from GMT.
﹒
If necessary, select Enable daylight saving time setting
﹒
Enter the Server IP / Name with which you want to synchronize.
﹒
Set the interval time to synchronize with outside servers.
Figure 4-7 System Time Setting
Click on the Sync button and then the RS-3000’s date and time will be synchronized to the
Administrator’s PC
The value of Set Offset From GMT and Server IP / Name can be looking for from Assist.
22
4.3 Multiple Subnet
Connect to the Internet through Multiple Subnet NAT or Routing Mode by the IP address that set by the
LAN user’s network card.
Alias IP of Interface / Netmask:
The Multiple Subnet range
WAN Interface IP:
The IP address that Multiple Subnet corresponds to WAN.
Forwarding Mode:
To display the mode that Multiple Subnet use. (NAT mode or Routing Mode)
Preparation
RS-3000 WAN1 (60.250.158.66) connect to the ISP Router (60.250.158.254) and the subnet that
provided by ISP is 162.172.50.0/24
To connect to Internet, WAN2 IP (211.22.22.22) connects with ATUR.
23
Adding Multiple Subnet
Add the following settings in Multiple Subnet of System function:
Click on New Entry
Alias IP of LAN Interface: Enter 162.172.50.1
Netmask:Enter 255.255.255.0
WAN1: Choose Routing in Forwarding Mode, and press Assist to select Interface
IP 60.250.158.66.
WAN2:Enter Interface IP 211.22.22.22, and choose NAT in Forwarding Mode
Click OK
Complete Adding Multiple Subnet (Figure 4-8)
Figure 4-8 Add Multiple Subnet WebUI
WAN1 and WAN2 Interface can use Assist to enter the data.
After setting, there will be two subnets in LAN: 192.168.1.0/24 (default LAN subnet) and
162.172.50.0/24. So if LAN IP is:
192.168.1.x: it must use NAT Mode to access to the Internet. (In Policy it only can setup to access to
Internet by WAN2. If by WAN1 Routing mode, then it cannot access to Internet by its virtual IP)
162.172.50.x: it uses Routing mode through WAN1 (The Internet Server can see your IP 162.172.50.x
directly). And uses NAT mode through WAN2 (The Internet Server can see your IP as WAN2 IP)
24
NAT Mode:
It allows Internal Network to set multiple subnet address and connect with the Internet through
different WAN IP Addresses. For example:The lease line of a company applies several real IP
Addresses 168.85.88.0/24, and the company is divided into Service, Sales, Procurement, and
Accounting department, the company can disting uish each depart ment by dif ferent subnet for the
purpose of managing conveniently. The settings are as the following:
1. R&D department subnet:192.168.1.1/24 (LAN) 168.85.88.253 (WAN)
2. Service department subnet:192.168.2.1/24 (LAN) 168.85.88.252 (WAN)
3. Sales department subnet:192.168.3.1/24 (LAN) 168.85.88.251 (WAN)
4. Procurement department subnet:192.168.4.1/24 (LAN) 168.85.88.250 (WAN)
5. Accounting department subnet:192.168.5.1/24 (LAN) 168.85.88.249 (WAN)
The first department (R&D department) had set while setting interface IP; the other fou r ones have to be
added in Multiple Subnet. After completing the settings, each department uses the different WAN IP
Address to connect to the Internet. The settings of each department are as following:
Service Sales Procurement Accounting
IP Address 192.168.2.2~254 192.168.3.2~254 192.168.4.2~254 192.168.5.2~254
Subnet Netmask 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
Gateway 192.168.2.1 192.168.3.1 192.168.4.1 192.168.5.1
Routing Mode:
It is the same as NAT mode approximately but does not have to correspond to the real WAN IP
address, which let internal PC to access to Internet by its own IP. (External user also can use the
IP to connect with the Internet)
25
4.4 Route Table
STEP 1
﹒
Enter the following settings in Route Table in System function:
【Destination IP】: Enter 192.168.10.1
【Netmask】: Enter 255.255.255.0。
【Gateway】: Enter 192.168.1.252
【Interface】: Select LAN
Click OK (Figure 4-9)
Figure 4-9 Add New Static Route1
STEP 2﹒Enter the following settings in Route Table in System function:
【Destination IP】: Enter 192.168.20.1
【Netmask】: Enter 255.255.255.0
【Gateway】: Enter 192.168.1.252
STEP 3
【Interface】: Select LAN
Click OK (Figure 4-10)
Figure 4-10 Add New Static Route2
﹒
Enter the following setting in Route Table in System function:
【Destination IP】: Enter 10.10.10.0
【Netmask】: Enter 255.255.255.0
【Gateway】: Enter 192.168.1.252
【Interface】: Select LAN
Click OK (Figure 4-11)
26
Figure 4-11 Add New Static Route3
STEP 4﹒Adding successful. At this time the computer of 192.168.10.1/24, 192.168.20.1/24 and
192.168.1.1/24 can connect with each other and connect to Internet by NAT.
27
4.5 DHCP
Subnet: The domain name of LAN
NetMask: The LAN Netmask
Gateway: The default Gateway IP address of LAN
Broadcast IP: The Broadcast IP of LAN
STEP 1﹒Select DHCP in System and enter the following settings:
Domain Name:Enter the Domain Name
DNS Server 1: Enter the distributed IP address of DNS Server1.
DNS Server 2: Enter the distributed IP address of DNS Server2.
WINS Server 1: Enter the distributed IP address of WINS Server1.
WINS Server 2: Enter the distributed IP address of WINS Server2.
LAN Interface:
Client IP Address Range 1:
Enter the starting and the ending IP address dynamically assigning to DHCP clients.
The default value is 192.168.1.2 to 192.168.1.254 (it must be in the same subnet)
Client IP Address Range 2:
Enter the starting and the ending IP address dynamically assigning to DHCP clients.
But it must be within the same subnet as Client IP Address Range 1 and the range
cannot be repeated.
DMZ Interface: the same as LAN Interface. (DMZ works only if to enable DMZ Interface)
Leased Time: Enter the leased time for Dynamic IP. The default time is 24 hours.
Click OK and DHCP setting is completed. (Figure 4-12)
28
Loading...