Billion Electric Company BiGuard 50G User Manual

BiGuard 50G

802.11g Dual WAN Security
Gateway

User’s Manual

Version Release 1.03 (FW:1.xx)

BiGuard 50G User’s Manual

(Updated September, 2007)
Copyright Information

© 2007 Billion Electric Corporation, Ltd.

The contents of this publication may not be reproduced in whole or in part,

transcribed, stored, translated, or transmitted in any form or any means, without

the prior written consent of Billion Electric Corporation.

Published by Billion Electric Corporation. All rights reserved.

Disclaimer

Billion does not assume any liability arising out of the application of use of any

products or software described herein. Neither does it convey any license under its

patent rights nor the patent rights of others. Billion reserves the right to make

changes in any products described herein without notice. This publication is subject

to change without notice.

Trademarks

Mac OS is a registered trademark of Apple Computer, Inc.

Windows 98, Windows NT, Windows 2000, Windows Me and Windows XP are

registered trademarks of Microsoft Corporation.

2

Safety Warnings

Your BiGuard 50G is built for reliability and long service life. For your

safety, be sure to read and follow the following safety warnings.

• Read this installation guide thoroughly before attempting to set up your BiGuard

50G.

• Your BiGuard 50G is a complex electronic device. DO NOT open or attempt to

repair it yourself. Opening or removing the covers can expose you to high

voltage and other risks. In the case of malfunction, turn off the power

immediately and have it repaired at a qualified service center. Contact your

vendor for details.

• Connect the power cord to the correct supply voltage.

• Carefully place connecting cables to avoid people from stepping or tripping on

them. DO NOT allow anything to rest on the power cord and DO NOT place the

power cord in an area where it can be stepped on.

• DO NOT use BiGuard 50G in environments with high humidity or high

temperatures.

• DO NOT use the same power source for BiGuard 50G as other equipment.

• DO NOT use your BiGuard 50G and any accessories outdoors.

• If you wall mount your BiGuard 50G, make sure that no electrical, water or gas

pipes will be damaged during installation.

• DO NOT install or use your BiGuard 50G during a thunderstorm.

• DO NOT expose your BiGuard 50G to dampness, dust, or corrosive liquids.

• DO NOT use your BiGuard 50G near water.

• Be sure to connect the cables to the correct ports.

• DO NOT obstruct the ventilation slots on your BiGuard 50G or expose it to direct

sunlight or other heat sources. Excessive temperatures may damage your

device.

• DO NOT store anything on top of your BiGuard 50G.

• Only connect suitable accessories to your BiGuard 50G.

• Keep packaging out of the reach of children.

• If disposing of the device, please follow your local regulations for the safe

disposal of electronic products to protect the environment.

3

Table of Contents

Chapter 1: Introduction

1.1 Overview

1.2 Product Highlights

1.2.1 Increased Bandwidth, Scalability and Resilience

1.2.2 Virtual Private Network Support

1.2.3 Advanced Firewall Security

1.2.4 Intelligent Bandwidth Management

1.3 Package Contents

1.3.1 Front Panel

1.3.2 Rear Panel

1.3.3 Cabling

Chapter 2: Router Applications

2.1 Overview

2.2 Bandwidth Management with QoS

2.2.1 QoS Technology

2.2.2 QoS Policies for Different Applications

2.2.3 Guaranteed / Maximum Bandwidth

2.2.4 Policy Based Traffic Shaping

2.2.5 Priority Bandwidth Utilization

2.2.6 Management by IP or MAC address

2.2.7 DiffServ (DSCP Marking)

2.2.7 DSCP (Matching)

2.3 Outbound Traffic

2.3.1 Outbound Fail Over

2.3.2 Outbound Load Balancing

2.4 Inbound Traffic

2.4.1 Inbound Fail Over

2.4.2 Inbound Load Balancing

2.5 DNS Inbound

2.5.1 DNS Inbound Fail Over

2.5.2 DNS Inbound Load Balancing

2.6 Virtual Private Networking

2.6.1 General VPN Setup

4

2.6.2 VPN Planning - Fail Over

2.6.3 Concentrator

Chapter 3: Getting Started

3.1 Overview

3.2 Before You Begin

3.3 Connecting Your Router

3.4 Configuring PCs for TCP/IP Networking

3.4.1 Overview

3.4.2 Windows XP

3.4.2.1 Configuring

3.4.2.2 Verifying Settings

3.4.3 Windows 2000

3.4.3.1 Configuring

3.4.3.2 Verifying Settings

3.4.4 Windows 98 / ME

3.4.4.1 Installing Components

3.4.4.2 Configuring

3.4.4.3 Verifying Settings

3.5 Factory Default Settings

3.5.1 Username and Password

3.5.2 LAN and WAN Port Addresses

3.6 Information From Your ISP

3.6.1 Protocols

3.6.2 Configuration Information

3.6.2.1 Windows

3.7 Web Configuration Interface

Chapter 4: Router Configuration

4.1 Overview

4.2 Status

4.2.1 ARP Table

4.2.2 Wireless Association

5

4.2.3 Routing Table

4.2.4 Session Table

4.2.5 DHCP Table

4.2.6 IPSec Status

4.2.7 PPTP Status

4.2.8 Traffic Statistics

4.2.9 CPU Statistics

4.2.10 System Log

4.3 Quick Start

4.3.1 DHCP

4.3.2 Static IP

4.3.3 PPPoE

4.3.4 PPTP

4.3.5 Big Pond

4.4 Configuration

4.4.1 LAN

4.4.1.1 Ethernet

4.4.1.2 Wireless Security

4.4.1.3 WEP

4.4.1.4 DHCP Server

4.4.1.5 LAN Address Mapping

4.4.2 WAN

4.4.2.1 ISP Settings

4.4.2.1.1 DHCP

4.4.2.1.2 Static IP

4.4.2.1.3 PPPoE

4.4.2.1.4 PPTP

4.4.2.1.5 Big Pond

4.4.2.2 Bandwidth Settings

4.4.2.3 WAN IP Alias

4.4.3 Dual WAN

4.4.3.1 General Settings

4.4.3.2 Outbound Load Balance

4.4.3.3 Inbound Load Balance

4.4.3.4 Protocol Binding

4.4.4 System

4.4.4.1 Time Zone

4.4.4.2 Remote Access

6

4.4.4.3 Firmware Upgrade

4.4.4.4 Backup / Restore

4.4.4.5 Restart

4.4.4.6 Password

4.4.5 Firewall

4.4.5.1 Packet Filter

4.4.5.2 URL Filter

4.4.5.3 Ethernet MAC Filter

4.4.5.4 Wireless MAC Filter

4.4.5.5 Block WAN Request

4.4.5.6 Intrusion Detection

4.4.6 VPN

4.4.6.1 IPSec

4.4.6.1.1 IPSec Wizard

4.4.6.1.2 IPSec Policy

4.4.6.2 PPTP

4.4.7 QoS

4.4.8 Virtual Server

4.4.8.1 DMZ

4.4.8.2 Port Forwarding Table

4.4.9 Advanced

4.4.9.1 Static Route

4.4.9.2 Dynamic DNS

4.4.9.3 Device Management
5 Log & Email Alert

5.1 Log Configuration

5.2 System Log Server

5.3 E-Mail Alert
6 Language

6.1 English

6.2 Simplified Chinese

6.3 Traditional Chinese
7 Save Configuration To Flash
8 Logout

Chapter 5: Troubleshooting

5.1 Basic Functionality

7

5.1.1 Router Won’t Turn On

5.1.2 LEDs Never Turn Off

5.1.3 LAN or Internet Port Not On

5.1.4 Forgot My Password

5.2 LAN Interface

5.2.1 Can’t Access Router from the LAN

5.2.2 Can’t Ping Any PC on the LAN

5.2.3 Can’t Access Web Configuration Interface

5.2.3.1 Pop-up Windows

5.2.3.2 Javascripts

5.2.3.3 Java Permissions

5.3 WAN Interface

5.3.1 Can’t Get WAN IP Address from the ISP

5.4 ISP Connection

5.5 Problems with Date and Time

5.6 Restoring Factory Defaults

Appendix A: Product Specifications

Appendix B: Customer Support

Appendix C: FCC Interference Statement

8

Appendix D: Network, Routing, and Firewall Basics

D.1 Network Basics
D.1.1 IP Addresses
D.1.1.1 Netmask
D.1.1.2 Subnet Addressing
D.1.1.3 Private IP Addresses
D.1.2 Network Address Translation (NAT)
D.1.3 Dynamic Host Configuration Protocol (DHCP)
D.2 Router Basics
D.2.1 Why use a Router?
D.2.2 What is a Router?
D.2.3 Routing Information Protocol (RIP)
D.3 Firewall Basics
D.3.1 What is a Firewall?
D.3.2.1 Stateful Packet Inspection
D.3.2.2 Denial of Service (DoS) Attack

D.3.2 Why Use a Firewall?

9

Appendix E: Virtual Private Networking

E.1 What is a VPN?
E.1.1 VPN Applications
E.2 What is IPSec?
E.2.1 IPSec Security Components
E.2.1.1 Authentication Header (AH)
E.2.1.2 Encapsulating Security Payload (ESP)
E.2.1.3 Security Associations (SA)

10

E.2.2 IPSec Mod
E.2.3 Tunnel Mode AH
E.2.4 Tunnel Mode ESP
E.2.5 Internet Key Exchange (IKE)

Appendix F: IPSec Logs and Events

F.1 IPSec Log Event Categories
F.2 IPSec Log Event Table

Appendix G: Bandwidth Management with QoS

G.1 Overview
G.2 What is Quality of Service?
G.3 How Does QoS Work?
G.4 Who Needs QoS?
G.4.1 Home Users
G.4.2 Office Users

Appendix H: Router Setup Examples

H.1 Outbound Fail Over
H.2 Outbound Load Balancing
H.3 Inbound Fail Over
H.4 DNS Inbound Fail Over
H.5 DNS Inbound Load Balancing
H.6 Dynamic DNS Inbound Load Balancing
H.7 VPN Configuration
H.7.1 LAN to LAN
H.7.2 Host to LAN
H.8 IPSec Fail Over (Gateway to Gateway)
H.9 VPN Concentrator
H.10 Protocol Binding
H.11 Intrusion Detection
H.12 PPTP Remote Access by Windows XP
H.13 PPTP Remote Access by BiGuard

11

Chapter 1: Introduction

1.1 Overview

Congratulations on purchasing BiGuard 50G Router from Billion. Combining a router

with an Ethernet network switch, BiGuard 50G is a state-of-the-art device that

provides everything you need to get your network connected to the Internet over

your Cable or DSL connection quickly and easily. The Quick Start Wizard and DHCP

Server will get first-time users up and running with minimal fuss and configuration,

while sophisticated Quality of Service (QoS) and Load Balancing features grant

advanced users total control over their network and Internet connection.

This manual illustrates the many features and functions of BiGuard 50G, and even

takes you through the various ways you can apply this versatile device to your home

or office. Take the time now to familiarize yourself with BiGuard 50G.

1.2 Product Highlights

1.2.1 Increased Bandwidth, Scalability and Resilience

With integrated Dual WAN ports, BiGuard 50G combines two broadband lines such

as DSL or Cable into one Internet connection, providing optimal bandwidth sharing

for multiple PCs on your network, or allowing maximum reliability with network

redundancy. Load Balancing enables BiGuard 50G to efficiently balance network

traffic across two connections, ideal for small-to-medium businesses that require

increased bandwidth, network scalability, and resilience for mission-critical network

and Internet applications. Auto failover can also be configured to ensure smooth,

continuous service should one connection fail, providing maximum business uptime

and productivity, plus uninterrupted service for you and your customers.

1.2.2 Virtual Private Network Support

BiGuard 50G supports comprehensive IPSec & PPTP VPN protocols for businesses to

establish private encrypted tunnels over the Internet to ensure data transmission

security among multiple sites, such as a branch office or dial-up connection. IPSec

VPN is up to 30 simultaneous IPSec VPN connections are possible on BiGuard 50G,

with performance of up to 30Mbps. PPTP VPN is up to 4 simultaneous PPTP VPN

12

connections are possible on BiGuard 50G, with performance of up to 10Mbps.

1.2.3 Advanced Firewall Security

Aside from intelligent broadband sharing, BiGuard 50G offers integrated firewall

protection with advanced features to secure your network from outside attacks.

Stateful Packet Inspection (SPI) determines if a data packet is permitted to enter

the private LAN. Denial of Service (DoS) prevents hackers from interrupting

network services via malicious attacks. In addition, BiGuard 50G firewall can be

configured to alert you via email should your network come under fire, offering both

tight network security and peace of mind.

1.2.4 Intelligent Bandwidth Management

BiGuard 50G utilizes Quality of Service (QoS) to give you full control over the

priority of both incoming and outgoing data, ensuring that critical data such as

customer information moves through your network, even while under a heavy load.

Transmission speeds can be throttled to make sure users are not saturating

bandwidth required for mission-critical data transfers. Priority types of upload data

can also be changed, allowing BiGuard 50G to automatically sort out actual speeds

for unmatched convenience.

1.3 Package Contents

BiGuard 50G iBusiness Security Gateway SMB

Getting Started CD-ROM

Quick Start Guide

AC-DC Power Adapter (12VDC, 1A)

1.3.1 Front Panel

13

LED Function

Power A solid light indicates a steady connection to a power

source.

Status A blinking light indicates the device is writing to flash

memory.

LAN
1 – 4

Lit when connected to an Ethernet device.

10/100M : Lit green when connected at 100Mbps.

Not lit when connected at 10Mbps.

Link/ACT: Lit when device is connected.
Blinking when data is transmitting/receiving.

WAN1 Lit when connected to an Ethernet device.

10/100M : Lit green when connected at 100Mbps.

Not lit when connected at 10Mbps.

Link/ACT: Lit when device is connected.

Blinking when data is transmitting/receiving.

WAN2 Lit when connected to an Ethernet device.

10/100M : Lit green when connected at 100Mbps.

Not lit when connected at 10Mbps.

Link/ACT: Lit when device is connected.

Blinking when data is transmitting/receiving.

14

1.3.2 Rear Panel

Port Function

1

Wireless
Antenna

2 WAN2

3 WAN1

LAN

4

1 — 4

5 RESET

One detachable 2.4GHz 5dbi SMA antenna

WAN2 10/100M Ethernet port (with auto
crossover support); connect xDSL/Cable
modem here.

WAN1 10/100M Ethernet port (with auto
crossover support); connect xDSL/Cable
modem here.

Connect a UTP Ethernet cable (Cat-5 or
Cat-5e) to one of the eight LAN ports when
connecting a PC to the network.

To reset the device and restore factory
default settings, after the device is fully
booted, press and hold RESET until the
Status LED begins to blink.

6 DC12V Connect DC Power Adapter here. (12VDC)

15

1.3.4 Cabling

Most Ethernet networks currently use unshielded twisted pair (UTP) cabling. The

UTP cable contains eight conductors, arranged in four twisted pairs, and terminated

with an RJ45 type connector.

One of the most common causes of networking problems is bad cabling. Make sure

that all connected devices are turned on. On the front panel of BiGuard 50G, verify

that the LAN link and WAN line LEDs are lit. If they are not, check to see that you are

using the proper cabling.

16

Chapter 2: Router Applications

2.1 Overview

Your BiGuard 50G router is a versatile device that can be configured to not only

protect your network from malicious attackers, but also ensure optimal usage of

available bandwidth with Quality of Service (QoS) and both Inbound and Outbound

Load Balancing. Alternatively, BiGuard 50G can also be set to redirect incoming and

outgoing network traffic with the Fail Over capability, ensuring minimal downtime

and increased reliability.

The following chapter describes how BiGuard 50G can work for you.

2.2 Bandwidth Management with QoS

Quality of Service (QoS) gives you full control over which types of outgoing data

traffic should be given priority by the router. By doing so, the router can ensure that

latency-sensitive applications like voice, bandwidth-consuming data like gaming

packets, or even mission critical files efficiently move through the router even under

a heavy load. You can throttle the speed at which different types of outgoing data

pass through the router. In addition, you can simply change the priority of different

types of upload data and let the router sort out the actual speeds.

2.2.1 QoS Technology

QoS generally involves the prioritization of network traffic. QoS is comprised of

three major components: Classifier, Met er, a n d Sc h e d ul e r. E ac h o f th e s e

components has a distinct role in ensuring that incoming and outgoing data is

managed according to user specifications.

The Classifier analyses incoming packets and marks each one according to

configured parameters. The Meter communicates the drop priority to the Scheduler

and measures the temporal priorities of the output stream against configured

parameters. Finally, the Scheduler schedules each packet for transmission based on

information from both the Classifier and the Meter.

17

2.2.2 QoS Policies for Different Applications

By setting different QoS policies according to the applications you are running, you

can use BiGuard 50G to optimize the bandwidth that is being used on your network.

VoIP

Normal PCs

Restricted PC

As illustrated in the diagram above, applications such as Voiceover IP (VoIP) require

low network latencies to function properly. If bandwidth is being used by other

18

applications such as an FTP server, users using VoIP will experience network lag

and/or service interruptions during use. To avoid this scenario, this network has

assigned VoIP with a guaranteed bandwidth and higher priority to ensure smooth

communications. The FTP server, on the other hand, has been given a maximum

bandwidth cap to make sure that regular service to both VoIP and normal Internet

applications is uninterrupted.

2.2.3 Guaranteed / Maximum Bandwidth

Setting a Guaranteed Bandwidth ensures that a particular service receives a

minimum percentage of bandwidth. For example, you can configure BiGuard 50G to

reserve 10% of the available bandwidth for a particular computer on the network to

transfer files.

Alternatively you can set a Maximum Bandwidth to restrict a particular application

to a fixed percentage of the total throughput. Setting a Maximum Bandwidth of 20%

for a file sharing program will ensure that no more than 20% of the available

bandwidth will be used for file sharing.

2.2.4 Policy Based Traffic Shaping

Policy Based Traffic Shaping allows you to apply specific traffic policies across a

range of IP addresses or ports. This is particularly useful for assigning different

policies for different PCs on the network. Policy based traffic shaping lets you better

19

manage your bandwidth, providing reliable Internet and network service to your

organization.

2.2.5 Priority Bandwidth Utilization

Assigning priority to a certain service allows BiGuard 50G to give either a higher or

lower priority to traffic from this particular service. Assigning a higher priority to an

application ensures that it is processed ahead of applications with a lower priority

and vice versa.

20

2.2.6 Management by IP or MAC address

BiGuard 50G can also be configured to apply traffic policies based on a particular IP

or MAC address. This allows you to quickly assign different traffic policies to a

specific computer on the network.

DiffServ (DSCP Marking)

DiffServ (a.k.a. DSCP Marking) allows you to classify traffic based on IP DSCP values.

21

Other interfaces can match traffic based on the DSCP markings. DSCP markings are

used to decide how packets should be treated, and is a useful tool to give

precedence to varying types of data.

2.2.8 DSCP (Matching)

Just like the DSCP Marking, DSCP is used on traffics (Both inbound rules and

outbound rules have DSCP matching). DSCP matching is used to identify traffic for

the rule. (It is just like what source IP and destination IP do). When this option of the

QoS rule is selected, the QoS rule will only be applied to the packets whose DSCP

field’s IP header matches the criteria selected. These markings can be used to

identify traffic within the network.

2.3 Outbound Traffic

This section outlines some of the ways you can use BiGuard 50G to manage

outbound traffic.

2.3.1 Outbound Fail Over

Configuring BiGuard 50G for Outbound Fail Over allows you to ensure that outgoing

traffic is uninterrupted by having BiGuard 50G default to WAN2 should WAN1 fail.

22

In the above example, PC 1 (IP_192.168.2.2) and PC 2 (IP_192.168.2.3) are

connected to the Internet via WAN1 (IP_230.100.100.1) on BiGuard 50G. Should

WAN1 fail, Outbound Fail Over tells BiGuard 50G to reroute outgoing traffic to WAN2

(IP_213.10.10.2). Configuring your BiGuard 50G for Outbound Fail Over provides a

more reliable connection for your outgoing traffic.

Please refer to appendix H for example settings.

2.3.2 Outbound Load Balancing

Outbound Load Balancing allows BiGuard 50G to intelligently manage outbound

traffic based on the amount of load of each WAN connection.

In the above example, PC 1 (IP_192.168.2.2) and PC 2 (IP_192.168.2.3) are

23

connected to the Internet via WAN1 (IP_230.100.100.1) and WAN2

(IP_213.10.10.2) on BiGuard 50G. You can configure BiGuard 50G to balance the

load of each WAN port with one of two mechanisms:

1. Session (by session/by traffic/weight of link capability)

2. IP Hash (by traffic/weight of link capability)

The IP Hash mechanism will ensure that the traffic from the same source IP address

and destination IP address will go through the same WAN port. This is useful for

some server applications that need to identify the source IP address of the client.

By balancing the load between WAN1 and WAN2, your BiGuard 50G can ensure that

outbound traffic is efficiently handled by making sure that both ports are equally

sharing the load, preventing situations where one port is completely saturated by

outbound traffic.

Please refer to appendix H for example settings.

2.4 Inbound Traffic

Learn how BiGuard 50G can handle inbound traffic in the following section.

24

2.4.1 Inbound Fail Over

Configuring BiGuard 50G for Inbound Fail Over allows you to ensure that incoming

traffic is uninterrupted by having BiGuard 50G default to WAN2 should WAN1 fail.

In the above example, an FTP Server (IP_192.168.2.2) and an HTTP Server

(IP_192.168.2.3) are connected to the Internet via WAN1 (ftp.billion.dyndns.org)

on BiGuard 50G. A remote computer is trying to access these servers via the

Internet. Under normal circumstances, the remote computer will gain access to the

network via WAN1. Should WAN1 fail, Inbound Fail Over tells BiGuard 50G to

reroute incoming traffic to WAN2 by using the Dynamic DNS mechanism.

Configuring your BiGuard 50G for Inbound Fail Over provides a more reliable

connection for your incoming traffic.

Please refer to appendix H for example settings.

25

2.4.2 Inbound Load Balancing

Inbound Load Balancing allows BiGuard 50G to intelligently manage inbound traffic

based on the amount of load of each WAN connection.

In the above example, an FTP server (IP_192.168.2.2) and an HTTP server

(IP_192.168.2.3) are connected to the Internet via WAN1

(www.billion2.dyndns.org) and WAN2 (www.billion3.dyndns.org) on BiGuard 50G.

Remote PCs are attempting to access the servers via the Internet. Using Inbound

Load Balancing, BiGuard 50G can direct incoming requests to the correct WAN port

based on group assignment. For example, a sales force can be directed to

www.billion2.dyndns.org, while the R&D group can access www.billion3.dyndns.org.

By balancing the load between WAN1 and WAN2, your BiGuard 50G can ensure that

inbound traffic is efficiently handled with both ports equally sharing the load,

preventing situations where service is slow because one port is completely

saturated by inbound traffic.

Please refer to appendix H for example settings.

26

2.5 DNS Inbound

Using DNS Inbound is a great way to intelligently direct network traffic.

DNS Inbound is a three step process. First, a DNS request is made to the router via

a remote PC. BiGuard 50G, based on settings specified by the user, will direct the

requesting PC to the correct WAN port by replying the selected WAN IP address

through the built-in DNS server. The remote PC then accesses the network via the

specified WAN port. How BiGuard 50G directs this traffic through the built-in DNS

server depends on whether it is configured for Fail Over or Load Balancing.

Learn how to make DNS Inbound on BiGuard 50G work for you in the following

section.

27

2.5.1 DNS Inbound Fail Over

BiGuard 50G can be configured to reply the WAN2 IP address for the DNS domain

name request should WAN1 fail.

In the above example, an FTP Server (IP_192.168.2.2) and an HTTP Server

(IP_192.168.2.3) are connected to the Internet via WAN1 (IP_200.200.200.1) on

BiGuard 50G. A remote computer is trying to access these servers via the Internet,

and makes a DNS request. The DNS request (www.mydomain.com

through WAN1 (200.200.200.1) to the built-in DNS server. The DNS server will reply

200.200.200.1 because this is the only active WAN port. Should WAN1 fail, BiGuard

50G will instead reply with WAN2’s IP address (100.100.100.1), and the remote PC

will gain access to the network via WAN2. By configuring BiGuard 50G for DNS

Inbound Fail Over, incoming requests will enjoy increased reliability when accessing

your network.

Please refer to appendix H for example settings.

) will be sent

28

2.5.2 DNS Inbound Load Balancing

DNS Inbound Load Balancing allows BiGuard 50G to intelligently manage inbound

traffic based on the amount of load of each WAN connection by assigning the IP

address with the lowest traffic load to incoming requests.

In the above example, an FTP server (IP_192.168.2.2) and an HTTP server

(IP_192.168.2.3) are connected to the Internet via WAN1 (IP_200.200.200.1) and

WAN2 (IP_100.100.100.1) on BiGuard 50G. Remote PCs are attempting to access

the servers via the Internet by making a DNS request, entering a URL

(www.mydomain.com). Using a load balancing algorithm, BiGuard 50G can direct

incoming requests to either WAN port based on the amount of load each WAN port

is currently experiencing. If WAN2 is experiencing a heavy load, BiGuard 50G

responds to incoming DNS requests with WAN1. By balancing the load between

WAN1 and WAN2, your BiGuard 50G can ensure that inbound traffic is efficiently

handled, making sure that both ports are equally sharing the load and preventing

situations where service is slow because one port is completely saturated by

inbound traffic.

Please refer to appendix H for example settings.

A typical scenario of how traffic is directed with DNS Inbound Load Balancing is

illustrated below:

29

y

r

11

HTTP Repl

HTTP Request

6

WAN 1

10

7

URL Host Map

9

8

1

DNS Request

2

DNS Server

3

Bandwidth Monitor

DNS Reply

5

WAN 2

4

HTTP Serve

In the example above, the client is making a DNS request. The request is sent to the

DNS server of BiGuard 50G through WAN2 (1). WAN2 will route this request to the

embedded DNS server of BiGuard 50G (2). BiGuard 50G will analyze the bandwidth

of both WAN1 and WAN2 and decide which WAN IP to reply to the request (3). After

the decision is made, BiGuard 50G will route the DNS reply to the user through

WAN2 (4). The user will receive the DNS reply with the IP address of WAN1 (5). The

browser will initiate an HTTP request to the WAN1 IP address (6). The HTTP request

will be send to BiGuard 50G’s URL Host Map (7). The Host Map will then redirect the

HTTP request to the HTTP server (8). The HTTP server will reply (9). The URL Host

Map will route the packet through WAN1 to the user (10). Finally, the client will

receive an HTTP reply packet (11).

30