HP OfficeConnect Firewall User Manual
3Com® OfficeConnect
®
Gigabit VPN Firewall (3CREVF100-73)
User Guide
ii
OfficeConnect VPN Firewall User’s Manual
Introduction
Table of Contents
1 Introduction .......................... 12
1.1 OfficeConnect Gigabit VPN Firewall ............................ 12
1.2 System Requirements ................................................... 12
1.3 Using this Document ..................................................... 12
1.3.1 Notational conventions ....................................... 12
1.3.2 Typographical conventions .................................. 2
1.3.3 Special messages ................................................. 2
2 Getting to Know the
OfficeConnect Gigabit VPN
Firewall .................................. 3
2.1 Parts List ........................................................................... 3
2.2 Front Panel ....................................................................... 3
2.3 Rear Panel ....................................................................... 3
2.4 Major Features ................................................................. 4
2.4.1 Firewall Features ................................................... 4
2.4.1.1 Address Sharing and Management ........ 4
2.4.1.1 ACL (Access Control List) ........................ 4
2.4.1.2 Stateful Packet Inspection ....................... 5
2.4.1.3 Defense against DoS Attacks.................. 5
2.4.1.4 Application Command Filtering ............... 5
2.4.1.5 Application Level Gateway (ALG) ........... 6
2.4.1.6 Local Content Filtering ............................. 6
2.4.1.7 Log and Alerts........................................... 6
2.4.2 VPN ........................................................................ 6
2.4.3 WAN Failover & Load Balancing ......................... 7
2.4.4 QoS and Bandwidth Management ...................... 7
2.4.5 Virtual LAN Interfaces (VLAN) ............................. 7
3 Quick Start Guide .................. 9
3.1 Part 1 — Connecting the Hardware ............................... 9
3.1.1 Step 1. Connect an ADSL or a cable
modem. .................................................................. 9
3.1.2 Step 2. Connect computers or a LAN.................. 9
3.1.3 Step 3. Attach the power adapter. ....................... 9
3.1.4 Step 4. Turn on the OfficeConnect Gigabit
VPN Firewall, the ADSL or cable modem
and power up your computers. .......................... 10
3.2 Part 2 — Rack Mounting Instructions........................... 10
3.3 Part 3 — Configuring Your Computers ........................ 11
3.3.1 Before you begin ................................................. 12
3.3.2 Windows® XP PCs: ............................................ 12
Chapter 1.Introduction OfficeConnect VPN Firewall User’s Manual
2
3.3.3 Windows® 2000 PCs: ........................................ 12
3.3.4 Windows® 95, 98, and Me PCs ......................... 13
3.3.5 Windows® NT 4.0 workstations: ........................ 13
3.3.6 Assigning static IP addresses to your PCs ....... 14
3.4 Part 4 — Quick Configuration of the
OfficeConnect Gigabit VPN Firewall ............................ 14
3.4.1 Setting Up the OfficeConnect Gigabit VPN
Firewall ................................................................. 14
3.4.2 Testing Your Setup ............................................. 18
3.4.3 Default Router Settings....................................... 18
4 Getting Started with the
Configuration Manager ........ 21
4.1 Log into Configuration Manager ................................... 21
4.2 Functional Layout .......................................................... 21
4.2.1 Commonly Used Buttons and Icons .................. 22
4.3 Overview of System Configuration ............................... 22
5 Configuring LAN Settings .... 25
5.1 LAN IP Address ............................................................. 25
5.1.1 LAN IP Configuration Parameters ..................... 25
5.1.2 Configuring the LAN IP Address ........................ 25
5.2 DHCP (Dynamic Host Control Protocol) ...................... 26
5.2.1 What is DHCP? ................................................... 26
5.2.2 Why use DHCP? ................................................. 27
5.2.3 Configuring DHCP Server .................................. 27
5.2.4 Viewing Current DHCP Address
Assignments ........................................................ 29
5.3 Configuring Fixed DHCP Leases ................................. 29
5.3.1 Manually add a Fixed DHCP Lease. ................. 29
5.3.2 Import Discovered LAN Hosts as Fixed
DHCP Entries ...................................................... 29
5.4 DNS ................................................................................ 30
5.4.1 About DNS ........................................................... 30
5.4.2 Assigning DNS Addresses ................................. 30
5.4.3 Configuring DNS Relay ...................................... 30
5.5 Configuring the Port Settings ........................................ 31
5.6 Viewing LAN Statistics .................................................. 32
6 Configuring VLAN Settings .. 33
6.1 VLAN Overview ............................................................. 33
6.2 VLAN Configuration Parameters .................................. 33
6.3 Configuring the VLAN settings ..................................... 33
OfficeConnect VPN Firewall User’s Manual Chapter 1. Introduction
3
7 Configuring Spanning Tree
Settings ................................ 35
7.1 Spanning Tree Overview .............................................. 35
7.2 Spanning Tree Configuration Parameters ................... 35
7.3 Configuring the Spanning Tree settings....................... 36
7.4 Viewing the Spanning Tree Status ............................... 37
8 Configuring WAN Settings ... 39
8.1 WAN Connection Mode ................................................ 39
8.2 PPPoE ............................................................................ 39
8.2.1 WAN PPPoE Configuration Parameters ........... 39
8.2.2 Configuring PPPoE for WAN ............................. 40
8.3 PPTP .............................................................................. 40
8.3.1 WAN PPTP Configuration Parameters ............. 40
8.3.2 Configuring PPTP for WAN ................................ 40
8.4 Dynamic IP ..................................................................... 41
8.4.1 WAN Dynamic IP Configuration
Parameters .......................................................... 41
8.4.2 Configuring Dynamic IP for WAN ...................... 41
8.5 Static IP .......................................................................... 42
8.5.1 WAN Static IP Configuration Parameters ......... 42
8.5.2 Configuring Static IP for WAN ............................ 42
8.6 Viewing WAN Statistics ................................................. 43
9 Configuring Routes .............. 45
9.1 Overview of IP Routes................................................... 45
9.1.1 Do I need to define IP routes? ........................... 45
9.2 Dynamic Routing using RIP (Routing Information
Protocol) ......................................................................... 45
9.2.1 Enabling/Disabling RIP ....................................... 46
9.3 Static Routing ................................................................. 46
9.3.1 Static Route Configuration Parameters ............. 46
9.3.2 Adding Static Routes .......................................... 47
9.3.3 Deleting Static Routes ........................................ 47
9.3.4 Viewing the Static Routing Table ....................... 47
10 Configuring DDNS ............... 49
10.1 DDNS Configuration Parameters ................................. 49
10.2 Access DDNS Configuration Page............................... 50
10.3 Configuring HTTP DDNS Client ................................... 50
11 Configuring Firewall/NAT
Settings ................................ 51
Chapter 1.Introduction OfficeConnect VPN Firewall User’s Manual
4
11.1 Firewall Overview .......................................................... 51
11.1.1 Stateful Packet Inspection .................................. 51
11.1.2 DoS (Denial of Service) Protection .................... 51
11.1.3 Firewall and Access Control List (ACL) ............. 51
11.1.3.1 Priority Order of ACL Rule ..................... 51
11.1.3.2 Tracking Connection State .................... 52
11.1.4 Default ACL Rules .............................................. 52
11.2 NAT Overview ................................................................ 52
11.2.1 Static (or One-to-One) NAT ............................... 52
11.2.2 NAPT (or One-to -Many NAT)............................. 53
11.2.3 Reverse Static NAT ............................................ 53
11.2.4 Virtual Server (or Reverse NAPT) ..................... 53
11.3 Configuring Inbound ACL Rules ................................... 53
11.3.1 Inbound ACL Rule Configuration
Parameters .......................................................... 54
11.3.2 Access Inbound ACL Rule Configuration
Page ..................................................................... 55
11.3.3 Add Inbound ACL Rules ..................................... 56
11.3.4 Modify Inbound ACL Rules ................................ 57
11.3.5 Delete Inbound ACL Rules ................................. 57
11.3.6 Display Inbound ACL Rules ............................... 57
11.4 Configuring Outbound ACL Rules ................................ 57
11.4.1 Outbound ACL Rule Configuration
Parameters .......................................................... 57
11.4.2 Access Outbound ACL Rule Configuration
Page ..................................................................... 59
11.4.3 Modify Outbound ACL Rules ............................. 59
11.4.4 Delete Outbound ACL Rules .............................. 60
11.4.5 Display Outbound ACL Rules ............................ 60
11.5 Configuring Content Filter ............................................. 60
11.5.1 Content Filter Configuration Parameters ........... 60
11.5.2 Access Content Filter Configuration Page ........ 60
11.5.3 Add an Content Filter Rule ................................. 61
11.5.4 Modify an Content Filter Rule ............................. 61
11.5.5 Delete an Content Filter Rule ............................. 61
11.5.6 View Configured Content Filter Rules ............... 61
11.5.7 Content Filter Rule Example .............................. 61
11.6 Configuring Advanced Firewall Features ..................... 62
11.6.1 Configuring Self Access Rules ........................... 62
11.6.1.1 Self Access Configuration
Parameters ............................................. 62
11.6.1.2 Access Self Access Rule Table ............ 64
11.6.1.3 Add a Self Access Rule ......................... 64
11.6.1.4 Modify a Self Access Rule ..................... 64
11.6.1.5 Delete a Self Access Rule ..................... 64
OfficeConnect VPN Firewall User’s Manual Chapter 1. Introduction
5
11.6.1.6 View Configured Self Access
Rules ....................................................... 64
11.6.2 Configuring Service List ...................................... 65
11.6.2.1 Service List Configuration
Parameters ............................................. 65
11.6.2.2 Access Service List Configuration
Page ........................................................ 65
11.6.2.3 Add a Service ......................................... 65
11.6.2.4 Modify a Service ..................................... 66
11.6.2.5 Delete a Service ..................................... 66
11.6.2.6 View Configured Services ..................... 66
11.6.3 Configuring DoS Settings ................................... 66
11.6.3.1 DoS Protection Configuration
Parameters ............................................. 66
11.6.3.2 Access DoS Configuration Page ........... 68
11.6.3.3 Configuring DoS Settings ...................... 68
11.6.4 Configuring Schedule ......................................... 68
11.6.4.1 Schedule Configuration
Parameters ............................................. 69
11.6.4.2 Access Schedule Configuration
Page ........................................................ 69
11.6.4.3 Add a Schedule ...................................... 69
11.6.4.4 Schedule Example ................................. 70
11.6.5 Configuring IP/MAC Binding .............................. 70
11.6.5.1 Adding an IP/MAC binding rule ............. 70
11.6.5.2 Editing an IP/MAC binding rule ............. 71
11.6.5.3 Removing an existing IP/MAC
binding rule ............................................. 71
11.6.6 Configuring Port-Triggering ................................ 71
11.6.6.1 Configuration parameters for the
Port-Triggering feature ........................... 71
11.6.6.2 Adding an Port-Triggering Rule ............. 72
11.6.6.3 Editing an Port-Triggering Rule ............. 72
11.6.6.4 Removing Port-Triggering Rules ........... 73
11.6.7 Configuring P2P Service Prevention ................. 73
11.6.7.1 Adding a P2P Service Prevention
Rule ......................................................... 73
11.6.7.2 Editing a P2P Service Prevention
Rule ......................................................... 73
11.6.7.3 Removing a P2P Service
Prevention Rule ...................................... 73
11.6.8 Configuring Session Limit ................................... 74
12 Configuring Quality of Service75
12.1 Overview ........................................................................ 75
12.2 Define the Maximum Bandwidth................................... 75
Chapter 1.Introduction OfficeConnect VPN Firewall User’s Manual
6
12.3 Defining the QoS Class Object ..................................... 76
12.4 Traffic Classification ....................................................... 77
13 Configuring WAN Load-
Balancing & Failover ............ 79
13.1 Introduction..................................................................... 79
13.2 Configuring WAN Failover ............................................ 79
13.3 Configuring WAN Load-Balancing ............................... 81
14 Configuring IPSec VPN ....... 83
14.1 VPN Tunnel Configuration Parameters ....................... 83
14.2 Establish VPN Connection Using Automatic
Keying ............................................................................. 85
14.2.1 Add a Rule for VPN Connection Using
Pre-shared Key ................................................... 86
14.2.2 Modify VPN Rules ............................................... 87
14.2.3 Delete VPN Rules ............................................... 87
14.2.4 Display VPN Rules.............................................. 87
14.3 Establish VPN Connection Using Manual Keys .......... 87
14.3.1 Add a Rule for VPN Connection Using
Manual Key .......................................................... 88
14.3.2 Modify VPN Rules ............................................... 88
14.3.3 Delete VPN Rules ............................................... 88
14.3.4 Display VPN Rules.............................................. 89
14.4 VPN Connection Examples .......................................... 89
14.4.1 Intranet Scenario – firewall + VPN and no
NAT for VPN traffic ............................................. 89
14.4.1.1 Configure Rules on OfficeConnect
Gigabit VPN Firewall 1 (ISR1) ............... 89
14.4.1.2 Configure Rules on OfficeConnect
Gigabit VPN Firewall 2 (ISR2) ............... 91
14.4.1.3 Establish Tunnel and Verify ................... 92
14.5 Managing VPN User Account ....................................... 92
15 Configuring L2TP Server ..... 95
15.1 Introduction..................................................................... 95
15.2 L2TP Server Configuration Parameters ....................... 95
15.3 Configuring L2TP Server .............................................. 96
15.4 Viewing Active L2TP Session ....................................... 96
16 Configuring PPTP Server .... 97
16.1 Introduction..................................................................... 97
16.2 PPTP Server Configuration Parameters ...................... 97
16.3 Configuring PPTP Server .............................................. 98
16.4 Viewing Active PPTP Session ...................................... 98
17 System Management ......... 101
OfficeConnect VPN Firewall User’s Manual Chapter 1. Introduction
7
17.1 Configure Port Mirroring .............................................. 101
17.2 Change the Login Password ...................................... 101
17.3 Configuring the Management Interface ..................... 103
17.4 Modify System Information ......................................... 103
17.5 Setup Date and Time .................................................. 104
17.5.1 View the System Date and Time ..................... 104
17.6 System Configuration Management ........................... 104
17.6.1 Reset System Configuration ............................ 104
17.6.2 Backup System Configuration .......................... 105
17.6.3 Restore System Configuration ......................... 105
17.7 Upgrade Firmware ....................................................... 105
17.8 Reset the OfficeConnect Gigabit VPN Firewall ......... 106
17.9 Logout Configuration Manager ................................... 106
17.10 Configuring Logging .................................................... 106
17.11 Configuring SNMP ....................................................... 107
18 ALG Configuration ............. 109
19 IP Addresses, Network Masks,
and Subnets ....................... 111
19.1 IP Addresses ................................................................ 111
19.1.1 Structure of an IP address ................................ 111
19.2 Network classes ........................................................... 111
19.3 Subnet masks .............................................................. 112
20 Troubleshooting ................. 115
20.1 Diagnosing Problem using IP Utilities ........................ 116
20.1.1 ping..................................................................... 116
20.1.2 nslookup ............................................................ 117
21 SAFETY INFORMATION .. 119
Important Safety Information .................................................... 119
Wichtige Sicherheitshinweise................................................... 119
Consignes importantes de sécurité ......................................... 120
22 OBTAINING SUPPORT FOR
YOUR PRODUCT ............. 121
Register Your Product to Gain Service Benefits ..................... 121
Troubleshoot Online ................................................................. 121
Purchase Extended Warranty and Professional Services ..... 121
Access Software Downloads ................................................... 121
Contact Us ................................................................................. 122
Telephone Technical Support and Repair .............................. 122
Chapter 1.Introduction OfficeConnect VPN Firewall User’s Manual
8
23 END USER SOFTWARE
LICENCE AGREEMENT ... 129
24 Regulatory Notices ............ 130
24.1.1.1 FCC STATEMENT ............................... 130
24.1.1.2 INFORMATION TO THE USER ......... 130
24.1.1.3 ICES STATEMENT .............................. 130
24.1.1.4 CE STATEMENT (EUROPE).............. 130
25 Glossary ............................. 131
26 Index .................................. 137
List of Figures
Figure 2.1 Front Panel LEDs ................................................................................. 3
Figure 2.2 Rear Panel Connections ...................................................................... 4
Figure 3.1 Overview of Hardware Connections ................................................. 10
Figure 3.2 Assembling the rack mount kit .......................................................... 11
Figure 3.3 Rack Mounting .................................................................................... 11
Figure 3.4 Login Screen ....................................................................................... 15
Figure 3.5 System Access Configuration Page ................................................. 15
Figure 3.6 System Time Configuration Page ..................................................... 16
Figure 3.7 IP Setup Configuration Page ............................................................. 16
Figure 3.8 DHCP Server Configuration Page .................................................... 16
Figure 3.9 WAN PPPoE Configuration Page ..................................................... 17
Figure 3.10 WAN Dynamic IP Configuration Page ............................................ 17
Figure 3.11 WAN Static IP Configuration Page ................................................. 18
Figure 4.1 Configuration Manager Login Screen ............................................... 21
Figure 4.2 Typical Configuration Manager Page ............................................... 22
Figure 4.3 Device Summary Page ...................................................................... 23
Figure 5.1 Interface List........................................................................................ 26
Figure 5.2 IP Setup Configuration Page ............................................................. 26
Figure 5.3 DHCP Configuration Page ................................................................. 27
Figure 5.4 Host Discovery Configuration Page .................................................. 30
Figure 5.5 Port Setup Configuration Page .......................................................... 31
Figure 5.6 Port Selection...................................................................................... 32
Figure 5.7 LAN Statistics Page ............................................................................ 32
Figure 6.1 VLAN Configuration Summary Page ................................................ 34
Figure 6.2 VLAN Configuration Page.................................................................. 34
Figure 6.3 Select a VLAN Membership Type ..................................................... 34
Figure 6.4 VLAN Membership assignment ........................................................ 34
Figure 7.1 Spanning Tree Configuration Page ................................................... 36
Figure 7.2 RSTP/STP Status Page ..................................................................... 37
OfficeConnect VPN Firewall User’s Manual Chapter 1. Introduction
9
Figure 8.1 WAN Connection Type Configuration ............................................... 39
Figure 8.2 WAN Dynamic IP (DHCP client) Configuration Page ...................... 42
Figure 8.3 WAN Static IP Configuration Page ................................................... 42
Figure 8.4 WAN Statistics Page .......................................................................... 43
Figure 9.1 Routing Configuration Page ............................................................. 45
Figure 9.2 RIP Configuration Page ..................................................................... 46
Figure 9.3 Viewing Routing Table ...................................................................... 47
Figure 10.1 Network Diagram for HTTP DDNS ................................................. 49
Figure 10.2 HTTP DDNS Configuration Page ................................................... 50
Figure 11.1 One-to-One NAT and One-to-Many NAT ....................................... 53
Figure 11.2. Inbound ACL Configuration Page .................................................. 54
Figure 11.3 ACL Rule List Table ......................................................................... 56
Figure 11.4 Tab Buttons for Different Traffic Types ........................................... 56
Figure 11.5. Inbound ACL Configuration Example ............................................ 56
Figure 11.6. Outbound ACL Configuration Page ............................................... 57
Figure 11.7 Outbound ACL Configuration Example .......................................... 59
Figure 11.8. Content Filter Configuration Page .................................................. 61
Figure 11.9. Content filter Rule Example ............................................................ 62
Figure 11.10. Self Access Rule Table Page ....................................................... 62
Figure 11.11. Service List Configuration Page ................................................... 65
Figure 11.12. DoS Configuration Page ............................................................... 68
Figure 11.13. Schedule Configuration Page ...................................................... 69
Figure 11.14. Schedule Example – Create a Schedule .................................... 70
Figure 11.15. Schedule Example – Deny FTP Access for MISgroup1 During
OfficeHours ................................................................................................... 70
Figure 11.16 IP/MAC Binding Configuration Page ............................................ 71
Figure 11.17 Port-Triggering Configuration Page .............................................. 72
Figure 12.1 Interface Settings List Table ............................................................ 75
Figure 12.2 Maximum Interface Bandwidth Configuration Page ...................... 76
Figure 12.3 QoS Configuration Page .................................................................. 76
Figure 12.4 QoS Class Definition Page .............................................................. 76
Figure 12.5 Add a new QoS Class Object .......................................................... 77
Figure 12.6 QoS Policy Configuration Page ....................................................... 78
Figure 13.1 WAN Link Mgmt Configuration Page .............................................. 80
Figure 13.2 Enable the WAN Failover ................................................................ 80
Figure 14.1. IPSec VPN Policy List Table .......................................................... 86
Figure 14.2. VPN Tunnel Configuration Page – Pre-shared Key Mode........... 87
Figure 14.3. VPN Tunnel Configuration Page – Manual Key Mode ................. 88
Figure 14.4. Typical Intranet Network Diagram .................................................. 89
Figure 14.5. Intranet VPN Policy Configuration on ISR1 ................................... 90
Figure 14.6. Intranet VPN Policy Configuration on ISR2 ................................... 91
Figure 14.7 VPN User Account Configuration Page .......................................... 93
Figure 14.8 Configuring VPN User Account ....................................................... 93
Figure 14.9 Editing an existing VPN User .......................................................... 93
Chapter 1.Introduction OfficeConnect VPN Firewall User’s Manual
10
Figure 14.10 VPN User Group Configuration Page ........................................... 94
Figure 14.11 Configuring a User Group .............................................................. 94
Figure 15.1. L2TP Server Configuration Page ................................................... 96
Figure 15.2. Viewing Active L2TP Sessions ....................................................... 96
Figure 16.1. PPTP Server Configuration Page .................................................. 97
Figure 16.2. Viewing Active PPTP Sessions ...................................................... 98
Figure 17.1 Port Mirroring Configuration Page................................................. 101
Figure 17.2. System Access Account Configuration Page.............................. 102
Figure 17.3 Management Interface Configuration Page ................................. 103
Figure 17.4. System Information Configuration Page ...................................... 103
Figure 17.5. Date and Time Configuration Page ............................................. 104
Figure 17.6. Default Setting Configuration Page .............................................. 105
Figure 17.7. Windows File Browser .................................................................. 105
Figure 17.8. Firmware Upgrade Page .............................................................. 106
Figure 17.9. Confirmation for Closing Browser (IE) ......................................... 106
Figure 17.10 Logging Configuration Page ........................................................ 107
Figure 17.11 SNMP Community Configuration Page ...................................... 108
Figure 17.12 SNMP Trap Configuration Page ................................................. 108
Figure 20.1. Using the ping Utility ...................................................................... 117
Figure 20.2. Using the nslookup Utility ............................................................. 118
List of Tables
Table 2.1 Front Panel Label and LEDs ................................................................. 3
Table 2.2 Rear Panel Labels and LEDs ............................................................... 4
Table 2.3 DoS Attacks ........................................................................................... 5
Table 2.4 VPN Features of the OfficeConnect Gigabit VPN Firewall ................. 6
Table 3.1 LED Indicators ..................................................................................... 10
Table 3.2 Default Settings Summary .................................................................. 19
Table 4.1 Description of Commonly Used Buttons and Icons .......................... 22
Table 5.1 LAN IP Configuration Parameters ...................................................... 25
Table 5.2 DHCP Configuration Parameters ....................................................... 27
Table 5.3 DHCP Address Assignment ............................................................... 29
Table 6.1 VLAN Configuration Parameters ........................................................ 33
Table 7.1 Spanning Tree Configuration Parameters ......................................... 35
Table 8.1 WAN PPPoE Configuration Parameters ............................................ 39
Table 8.2 WAN PPTP Configuration Parameters .............................................. 40
Table 8.3 WAN Dynamic IP Configuration Parameters .................................... 41
Table 8.4 WAN Static IP Configuration Parameters .......................................... 42
Table 9.1 Static Route Configuration Parameters ............................................. 46
Table 10.1 DDNS Configuration Parameters ..................................................... 49
Table 11.1. Inbound ACL Rule Configuration Parameters ................................ 54
Table 11.2. Outbound ACL Rule Configuration Parameters ............................. 57
OfficeConnect VPN Firewall User’s Manual Chapter 1. Introduction
11
Table 11.3. Content Filter Configuration Parameters ........................................ 60
Table 11.4. Self Access Configuration Parameters ........................................... 62
Table 11.5. Service List configuration parameters ............................................. 65
Table 11.6. DoS Protection Configuration Parameters ..................................... 66
Table 11.7. Schedule Configuration Parameters ............................................... 69
Table 11.8 Port-Triggering Configuration Parameters ....................................... 71
Table 11.9 P2P Service Prevention Configuration Parameters ........................ 73
Table 11.10 Session Limit Configuration Parameters ....................................... 74
Table 13.1 WAN Failover Configuration Parameters ........................................ 79
Table 14.1. VPNTtunnel Configuration Parameter ............................................ 83
Table 14.2. Outbound Un-translated Firewall Rule for VPN Packets on ISR1 90
Table 14.3. Inbound Un-translated Firewall Rule for VPN Packets on ISR1 ... 90
Table 14.4. Outbound Un-translated Firewall Rule for VPN Packets on ISR1 92
Table 14.5. Inbound Un-translated Firewall Rule for VPN Packets on ISR1 ... 92
Table 15.1. L2TP Server Configuration Parameters.......................................... 95
Table 16.1. PPTP Server Configuration Parameters ......................................... 97
Table 17.1 System Access Account Configuration Parameters ..................... 102
Table 18.1. Supported ALG ............................................................................... 109
Table 19.1. IP Address structure ....................................................................... 111
Chapter 1.Introduction OfficeConnect VPN Firewall User’s Manual
12
1 Introduction
Welcome to the world of networking with 3Com. In the modern business
environment, communication and sharing information is crucial. Computer
networks have proved to be one of the fastest modes of communication but, until
recently, only large businesses could afford the networking advantage. The
OfficeConnect product range from 3Com has changed all this, bringing networks
to the small office.
The products that compose the OfficeConnect line give you, the small office
user, the same power, flexibility, and protection that has been available only to
large corporations. Now, you can network the computers in your office, connect
them all to a single Internet outlet, and harness the combined power of all of your
computers.
This User Manual will show you how to set up the OfficeConnect Gigabit VPN
Firewall, and how to customize its configuration to get the most out of this
product.
1.1 OfficeConnect Gigabit VPN Firewall
The OfficeConnect Gigabit VPN Firewall is designed to provide a robust, secure
solution for multi-site small businesses. This completely equipped, broadbandcapable Virtual Private Network (VPN) firewall prevents unauthorised external
access to your network — and by creating Virtual Private Networks (VPNs) —
encrypted links to other private networks. The OfficeConnect Gigabit VPN
Firewall also provides Denial of Service (DoS) protection and intrusion detection
using Stateful Packet Inspection (SPI), web content filtering, logging and
reporting.
1.2 System Requirements
In order to use the OfficeConnect Gigabit VPN Firewall for Internet access, you
must have the following:
ADSL or cable modem and the corresponding service up and running, with
at least one public Internet address assigned to your WAN
One or more computers each containing an Ethernet 10Base-T/100Base-
T/1000Base-T network interface card (NIC)
(Optional) An Ethernet switch, if you are connecting the device to more
than four computers on an Ethernet network.
For system configuration using the supplied web-based program: a web
browser such as Internet Explorer v5.5 or later.
1.3 Using this Document
1.3.1 Notational conventions
Acronyms are defined the first time they appear in text and in the glossary
(Appendix 25).
For brevity, the OfficeConnect Gigabit VPN Firewall is sometimes referred
to as ―the router.‖
The terms LAN and network are used interchangeably to refer to a group
of Ethernet-connected computers at one site.
Chapter 1.Introduction OfficeConnect VPN Firewall User’s Manual
2
1.3.2 Typographical conventions
Italics are used to identify terms that are defined in the glossary (Chapter
25).
Boldface type text is used for items you select from menus and drop-down
lists, and text strings you type when prompted by the program.
1.3.3 Special messages
This document uses the following icons to call your attention to specific
instructions or explanations.
Note
Provides clarification or non-essential information on the current
topic.
Definition
Explains terms or acronyms that may be unfamiliar to many
readers. These terms are also included in the Glossary.
WARNING
Provides messages of high importance, including messages
relating to personal safety or system integrity.
OfficeConnect VPN Firewall User’s Manual Chapter 2. Getting to Know the OfficeConnect Gigabit VPN Firewall
3
2 Getting to Know the
OfficeConnect Gigabit VPN
Firewall
2.1 Parts List
In addition to this document, your OfficeConnect Gigabit VPN Firewall should
come with the following:
The OfficeConnect Gigabit VPN Firewall
Power cord
RJ45-to-DB9 console port cable
Four rubber feet
Rack mount kit
One CD-ROM containing: The 3Com detect program and this user guide.
One Warranty Flyer
Release note
2.2 Front Panel
The front panel contains LED indicators that show the status of the unit and the
ports for the data connections.
WAN1 WAN2
LAN1/DMZ1 LAN2/DMZ2
POWER
TEST LED
LAN3 ~ LAN6 CONSOLE
Reset
DMZ2 LEDDMZ1 LED
Figure 2.1 Front Panel LEDs
Table 2.1 Front Panel Label and LEDs
Label
Color
Function
POWER
Green
On: Unit is powered on
Off: Unit is powered off
STATUS
Amber
(For factory testing only)
Link/Act
Green
Green: Link is established
Flashing: Data is transmitted
Off: No Link
1000
Green/Amber
Green: Gigabit link
Amber: 100M link
Off: 10M link or no link
DMZ
Green
Green: This port is used as DMZ port
Off: This port is used as LAN port
CONSOLE
RJ-45 serial port for console management
Reset
Resets the device
2.3 Rear Panel
The rear panel contains the AC inlet and power switch. See Figure 2.2 Rear
Panel Connections.
Chapter 2. Getting to Know the OfficeConnect Gigabit VPN Firewall OfficeConnect VPN Firewall User’s Manual
4
Power Switch
AC Inlet
Figure 2.2 Rear Panel Connections
Table 2.2 Rear Panel Labels and LEDs
Label
Function
Switches the unit on and off
POWER
Connects to the supplied power adapter
2.4 Major Features
2.4.1 Firewall Features
The Firewall as implemented in the OfficeConnect Gigabit VPN Firewall provides
the following features to protect your network from being attacked and to prevent
your network from being used as the springboard for attacks.
Address Sharing and Management
Packet Filtering
Stateful Packet Inspection
Defense against Denial of Service Attacks
Application Content Filtering
Log and Alert
Remote Access
Keyword based Content filtering
WAN Failover & Load Balancing
2.4.1.1 Address Sharing and Management
The OfficeConnect Gigabit VPN Firewall provides NAT to share a single highspeed Internet connection and to save the cost of multiple connections required
for the hosts on the LAN segments connected to the OfficeConnect Gigabit VPN
Firewall. This feature conceals network address and prevents them from
becoming public. It maps unregistered IP addresses of hosts connected to the
LAN with valid ones for Internet access. The OfficeConnect Gigabit VPN Firewall
also provides reverse NAT capability, which enables SOHO users to host
various services such as e-mail servers, web servers, etc. The NAT rules drive
the translation mechanism at the NAT router.
2.4.1.1 ACL (Access Control List)
ACL rule is one of the basic building blocks for network security. Firewall
monitors each individual packet, decodes the header information of inbound and
outbound traffic and then either blocks the packet from passing or allows it to
pass based on the contents of the source address, destination address, source
port, destination port, protocol and other criterion, e.g. application filter,
Schedules, defined in the ACL rules.
ACL is a very appropriate measure for providing isolation of one subnet from
another. It can be used as the first line of defense in the network to block
inbound packets of specific types from ever reaching the protected network.
The OfficeConnect Gigabit VPN Firewall’s ACL methodology supports:
Filtering based on destination and source IP address, port number and
protocol
Filter Rule priorities
Time based filters
OfficeConnect VPN Firewall User’s Manual Chapter 2 Getting to Know the OfficeConnect Gigabit VPN Firewall
5
Application specific filters
2.4.1.2 Stateful Packet Inspection
The OfficeConnect Gigabit VPN Firewall uses ―stateful packet inspection‖ that
extracts state-related information required for the security decision from the
packet and maintains this information for evaluating subsequent connection
attempts. It has awareness of application and creates dynamic sessions that
allow dynamic connections so that no ports need to be opened other than the
required ones. This provides a solution which is highly secure and that offers
scalability and extensibility.
2.4.1.3 Defense against DoS Attacks
The OfficeConnect Gigabit VPN Firewall has an Attack Defense Engine that
protects internal networks from known types of Internet attacks. It provides
automatic protection from Denial of Service (DoS) attacks such as SYN flooding,
IP smurfing, LAND, Ping of Death and all re-assembly attacks. It can drop ICMP
redirects and IP loose/strict source routing packets. For example, the
OfficeConnect Gigabit VPN Firewall provides protection from ―WinNuke‖, a
widely used program to remotely crash unprotected Windows systems in the
Internet. The OfficeConnect Gigabit VPN Firewall also provides protection from a
variety of common Internet attacks such as IP Spoofing, Ping of Death, Land
Attack, Reassembly and SYN flooding.
The type of attack protections provided by the OfficeConnect Gigabit VPN
Firewall are listed in Table 2.3.
Table 2.3 DoS Attacks
Type of Attack
Name of Attacks
Re-assembly attacks
Bonk, Boink, Teardrop (New Tear),
Overdrop, Opentear, Syndrop, Jolt
ICMP Attacks
Ping of Death, Smurf, Twinge
Flooders
ICMP Flooder, UDP Flooder, SYN
Flooder
Port Scans
TCP XMAS Scan, TCP Null Scan
TCP SYN Scan, TCP Stealth Scan
TCP Attacks
TCP sequence number prediction, TCP
out-of sequence attacks
Protection with PF Rules
Echo-Chargen, Ascend Kill
Miscellaneous Attacks
IP Spoofing, LAND, Targa, Tentacle
MIME Flood, Winnuke, FTP Bounce, IP
unaligned time stamp attack
2.4.1.4 Application Command Filtering
The OfficeConnect Gigabit VPN Firewall allows network administrators to block,
monitor, and report on network users access to non-business and objectionable
content. This high-performance content access control results in increased
productivity, lower bandwidth usage and reduced legal liability.
The OfficeConnect Gigabit VPN Firewall has the ability to handle active content
filtering on certain application protocols such as HTTP, FTP, SMTP and RPC.
HTTP – You can define HTTP extension based filtering schemes for
blocking
ActiveX
Java Archive
Java Applets
URLs based on file extensions.
Chapter 2. Getting to Know the OfficeConnect Gigabit VPN Firewall OfficeConnect VPN Firewall User’s Manual
6
2.4.1.5 Application Level Gateway (ALG)
Applications such as FTP, games etc., open connections dynamically based on
the respective application parameter. To go through the firewall on the
OfficeConnect Gigabit VPN Firewall, packets pertaining to an application, require
a corresponding allow rule. In the absence of such rules, the packets will be
dropped by the OfficeConnect Gigabit VPN Firewall. As it is not feasible to
create policies for numerous applications dynamically (at the same time without
compromising security), intelligence in the form of Application Level Gateways
(ALG), is built to parse packets for applications and open dynamic associations.
The OfficeConnect Gigabit VPN Firewall provides a number of ALGs for popular
applications such as FTP, H.323, RTSP, SIP, etc.
2.4.1.6 Local Content Filtering
A set of keywords that should not appear in the URL (Uniform Resource Locator,
e.g. www.yahoo.com) can be defined. Any URL containing one or more of these
keywords will be blocked. This is a policy independent feature i.e. it cannot be
associated to ACL rules. This feature can be independently enabled or disabled,
but works only if firewall is enabled.
2.4.1.7 Log and Alerts
Events in the network, that could be attempts to affect its security, are recorded
in the OfficeConnect Gigabit VPN Firewall System log file. Event details are
recorded in WELF (WebTrends Enhanced Log Format ) format so that statistical
tools can be used to generate custom reports. The OfficeConnect Gigabit VPN
Firewall can also forward Syslog information to a Syslog server on a private
network.
The OfficeConnect Gigabit VPN Firewall supports:
Alerts sent to the administrator via e-mail.
Maintains at a minimum, log details such as, time of packet arrival,
description of action taken by Firewall and reason for action.
Supports the UNIX Syslog format.
Sends log report e-mails as scheduled by the network administrator or by
default when the log file is full.
All the messages are sent in the WELF format.
ICMP logging to show code and type.
2.4.2 VPN
The introduction of broadband Internet access at an affordable price has
attracted a large number of users to use the Internet for business. Large-scale
use of a very open public network such as, the Internet comes with a lot of
advantages and associated risks. These risks include the lack of confidentiality
of data being sent and the authenticity of the identities of the parties involved in
the exchange of data. The VPN supported in the OfficeConnect Gigabit VPN
Firewall is intended to resolve these issues at an affordable price.
The VPN supported by the OfficeConnect Gigabit VPN Firewall is IPSec
compliant. Packets sent via VPN are encrypted to maintain privacy. The
encrypted packets are then tunneled through a public network. As a result,
tunnel participants enjoy the same security features and facilities that are
available only to members of private networks at a reduced cost.
The following table lists the VPN features supported by the OfficeConnect
Gigabit VPN Firewall:
Table 2.4 VPN Features of the OfficeConnect Gigabit VPN Firewall
Features
Transport Mode for Client-Client Connectivity
OfficeConnect VPN Firewall User’s Manual Chapter 2 Getting to Know the OfficeConnect Gigabit VPN Firewall
7
Tunnel Mode for Network-Network Connectivity
IP Fragmentation and Reassembly
IPSec
Support
Hardware Encryption Algorithm
DES, 3DES, AES
Hardware Authentication Algorithm
MD5, SHA-1
Transforms
ESP, AH
Key Management
IKE , IKEv2
Mode configuration for IKE
Main Mode, Aggressive Mode, Quick
Mode
Site-to-Site VPN connection – Site-to-Site VPN connection is an alternative
WAN infrastructure that is used to connect branch offices, home offices, or
business partners’ sites to all or portions of a company’s network.
Remote Access VPN – Corporations use VPN to establish secure, end-to -
end private network connections over a public networking infrastructure.
VPN have become the logical solution for remote access connectivity.
Deploying a remote access VPN enables corporations to reduce
communications expenses by leveraging the local dial-up infrastructure of
Internet Service Providers. At the same time, VPNs allow mobile workers,
telecommuters and day extenders to take advantage of broadband
connectivity.
2.4.3 WAN Failover & Load Balancing
WAN Failover and Load Balancing allows you to designate the one of the
assigned interfaces as a backup WAN port. If the primary WAN port is down
and/or unavailable, traffic is only routed through the backup WAN port. This
allows OfficeConnect Gigabit VPN Firewall to maintain a persistent connection
for WAN port traffic by failing over to the backup WAN port.
The primary and secondary WAN ports can also be used in a more dynamic
setup, where the administrator can choose a method of dividing outbound traffic
flows between the two WAN ports. This feature is referred to as load balancing.
2.4.4 QoS and Bandwidth Management
QoS and Bandwidth Management function allows voice and data traffic to flow
through where voice traffic is transmitted in the highest priority. With DiffServ
QoS enabled, it guarantees voice packets to have first priority to pass through a
DiffServ QoS enabled devices such as router or switch.
2.4.5 Virtual LAN Interfaces (VLAN)
The Virtual Local Area Network (VLAN) feature allows OfficeConnect Gigabit
VPN Firewall to be partitioned into non-interacting network domains.
OfficeConnect VPN Firewall User’s Manual Chapter 3. Quick Start Guide
9
3 Quick Start Guide
This Quick Start Guide provides basic instructions for connecting the
OfficeConnect Gigabit VPN Firewall to a computer or a LAN and to the Internet.
Part 1 provides instructions to set up the hardware.
Part 2 describes how to configure Internet properties on your computer(s).
Part 3 shows you how to configure basic settings on the OfficeConnect
Gigabit VPN Firewall to get your LAN connected to the Internet.
After setting up and configuring the device, you can follow the instructions on
page 18 to verify that it is working properly.
This Quick Start Guide assumes that you have already established ADSL or
cable modem service with your Internet service provider (ISP). These
instructions provide a basic configuration that should be compatible with your
home or small office network setup. Refer to the subsequent chapters for
additional configuration instructions.
3.1 Part 1 — Connecting the Hardware
In Part 1, you connect the device to an ADSL or a cable modem (which in turn is
connected to a phone jack or a cable outlet), the power outlet, and your
computer or network.
WARNING
Before you begin, turn the power off for all devices. These
include your computer(s), your LAN hub/switch (if applicable),
and the OfficeConnect Gigabit VPN Firewall.
WARNING
RISK OF EXPLOSION IF BATTERY IS REPLACED BY AN
INCORRECT TYPE. DISPOSE OF USED BATTERIES
ACCORDING TO THE INSTRUCTIONS
Figure 3.1 illustrates the hardware connections. Please follow the steps that
follow for specific instructions.
3.1.1 Step 1. Connect an ADSL or a cable modem.
For the OfficeConnect Gigabit VPN Firewall: Connect one end of the Ethernet
cable to the port labeled WAN on the front panel of the device. Connect the other
end to the Ethernet port on the ADSL or cable modem.
3.1.2 Step 2. Connect computers or a LAN.
If your LAN has no more than 6 computers, you can use an Ethernet cable to
connect computers directly to the built-in switch on the device. Note that you
should attach one end of the Ethernet cable to any of the port labeled LAN1 –
LAN6 on the front panel of the device and connect the other end to the Ethernet
port of a computer.
If your LAN has more than 6 computers, you can attach one end of an Ethernet
cable to a hub or a switch (probably an uplink port; please refer to the hub or
switch documentations for instructions) and the other to the Ethernet switch port
(labeled LAN1 – LAN6) on the OfficeConnect Gigabit VPN Firewall.
Note that either the crossover or straight-through Ethernet cable can be used to
connect the built-in switch and computers, hubs or switches as the built-in switch
is smart enough to make connections with either type of cables.
3.1.3 Step 3. Attach the power adapter.
Connect the AC power adapter to the POWER connector on the back of the
device and plug in the adapter to a wall outlet or a power strip.
Chapter 3. Quick Start Guide OfficeConnect Gigabit VPN Firewall User’s Manual
10
3.1.4 Step 4. Turn on the OfficeConnect Gigabit VPN
Firewall, the ADSL or cable modem and power up
your computers.
Press the Power switch on the rear panel of the OfficeConnect Gigabit VPN
Firewall to the ON position. Turn on your ADSL or cable modem. Turn on and
boot up your computer(s) and any LAN devices such as hubs or switches.
Figure 3.1 Overview of Hardware Connections
You should verify that th e LEDs are illuminated as indicated in Table 3.1.
Table 3.1 LED Indicators
This LED:
...should be:
POWER
Solid green to indicate that the device is turned on. If this light
is not on, check if the power adapter is attached to the
OfficeConnect Gigabit VPN Firewall and if it is plugged into a
power source.
LAN1 –
LAN6
Solid green to indicate that the device can communicate with
your LAN or flashing when the device is sending or receiving
data from your LAN computer.
WAN1 –
WAN2
Solid green to indicate that the device has successfully
established a connection with your ISP or flashing when the
device is sending or receiving data from the Internet.
If the LEDs illuminate as expected, the OfficeConnect Gigabit VPN Firewall
hardware is working properly.
3.2 Part 2 — Rack Mounting Instructions
The OfficeConnect Gigabit VPN Firewall is 1U high and will fit a 19-inch rack if
the rack mount kit is properly installed.
WARNING
Elevated Operating Ambient - If installed in a closed or multiunit rack assembly, the operating ambient temperature of the
rack environment may be greater than room ambient. Therefore,
consideration should be given to installing the equipment in an
environment compatible with the maximum ambient temperature
(Tma) specified by the manufacturer.
WARNING
Reduced Air Flow - Installation of the equipment in a rack
should be such that the amount of air flow required for safe
operation of the equipment is not compromised.
OfficeConnect Gigabit VPN Firewall User’s Manual Chapter 3. Quick Start Guide
11
WARNING
Mechanical Loading - Mounting of the equipment in the rack
should be such that a hazardous condition is not achieved due to
uneven mechanical loading.
WARNING
Circuit Overloading - Consideration should be given to the
connection of the equipment to the supply circuit and the effect
that overloading of the circuits might have on overcurrent
protection and supply wiring. Appropriate consideration of
equipment nameplate ratings should be used when addressing
this concern.
WARNING
Reliable Earthing - Reliable earthing of rack-mounted equipment
should be maintained. Particular attention should be given to
supply connections other than direct connections to the branch
circuit (e.g. use of power strips).
Follow these instructions to install OfficeConnect Gigabit VPN Firewall to your
19-inch rack:
1. Place the unit the right way up on a hard, flat surface with the front
facing towards you.
2. Locate a mounting bracket over the mounting holes on one side of
the unit, as shown in Figure 3.2 below.
3. Insert the two screws and fully tighten with a suitable screwdriver.
4. Repeat the two previous steps for the other side of the unit.
5. Insert the unit into the 19-inch rack and secure with suitable screws
(not provided).
6. Reconnect all cables.
Figure 3.2 Assembling the rack mount kit
Figure 3.3 Rack Mounting
3.3 Part 3 — Configuring Your Computers
Part 3 of the Quick Start Guide provides instructions for configuring the Internet
settings on your computers to work with the OfficeConnect Gigabit VPN Firewall.
Chapter 3. Quick Start Guide OfficeConnect Gigabit VPN Firewall User’s Manual
12
3.3.1 Before you begin
By default, the OfficeConnect Gigabit VPN Firewall automatically assigns all
required Internet settings to your PCs. You need only to configure the PCs to
accept the information when it is assigned.
Note
In some cases, you may want to configure network settings
manually to some or all of your computers rather than allow the
OfficeConnect Gigabit VPN Firewall to do so. See “Assigning static
IP addresses to your PCs” in page 14 for instructions.
If you have connected your PC via Ethernet to the OfficeConnect Gigabit
VPN Firewall, follow the instructions that correspond to the operating
system installed on your PC.
3.3.2 Windows® XP PCs:
1. In the Windows task bar, click the <Start> button, and then click
Control Panel.
2. Double-click the Network Connections icon.
3. In the LAN or High-Speed Internet window, right-click on icon
corresponding to your network interface card (NIC) and select
Properties. (Often this icon is labeled Local Area Connection).
The Local Area Connection dialog box displays with a list of currently
installed network items.
4. Ensure that the check box to the left of the item labeled Internet
Protocol TCP/IP is checked, and click <Properties> button.
5. In the Internet Protocol (TCP/IP) Properties dialog box, click the
radio button labeled Obtain an IP address automatically. Also click
the radio button labeled Obtain DNS server address
automatically.
6. Click <OK> button twice to confirm your changes, and close the
Control Panel.
3.3.3 Windows® 2000 PCs:
First, check for the IP protocol and, if necessary, install it:
1. In the Windows task bar, click the <Start> button, point to Settings,
and then click Control Panel.
2. Double-click the Network and Dial-up Connections icon.
3. In the Network and Dial-up Connections window, right-click the
Local Area Connection icon, and then select Properties.
The Local Area Connection Properties dialog box displays a list of
currently installed network components. If the list includes Internet
Protocol (TCP/IP), then the protocol has already been enabled. Skip
to step 10.
4. If Internet Protocol (TCP/IP) does not display as an installed
component, click <Install> button.
5. In the Select Network Component Type dialog box, select Protocol,
and then click <Add> button.
6. Select Internet Protocol (TCP/IP) in the Network Protocols list, and
then click <OK> button.
You may be prompted to install files from your Windows 2000
installation CD or other media. Follow the instructions to install the
files.
7. If prompted, click <OK> button to restart your computer with the new
settings.
Next, configure the PCs to accept IP addresses assigned by the
OfficeConnect Gigabit VPN Firewall:
8. In the Control Panel, double-click the Network and Dial-up
Connections icon.
9. In Network and Dial-up Connections window, right-click the Local
Area Connection icon, and then select Properties.
OfficeConnect Gigabit VPN Firewall User’s Manual Chapter 3. Quick Start Guide
13
10. In the Local Area Connection Properties dialog box, select Internet
Protocol (TCP/IP), and then click <Properties> button.
11. In the Internet Protocol (TCP/IP) Properties dialog box, click the
radio button labeled Obtain an IP address automatically. Also click
the radio button labeled Obtain DNS server address
automatically.
12. Click <OK> button twice to confirm and save your changes, and then
close the Control Panel.
3.3.4 Windows® 95, 98, and Me PCs
1. In the Windows task bar, click the <Start> button, point to Settings,
and then click Control Panel.
2. Double-click the Network icon.
In the Network dialog box, look for an entry started w/ ―TCP/IP ‖
and the name of your network adapter, and then click <Properties>
button. You may have to scroll down the list to find this entry. If the list
includes such an entry, then the TCP/IP protocol has already been
enabled. Skip to step 8.
3. If Internet Protocol (TCP/IP) does not display as an installed
component, click <Add> button.
4. In the Select Network Component Type dialog box, select Protocol,
and then click <Add> button.
5. Select Microsoft in the Manufacturers list box, and then click TCP/IP
in the Network Protocols list, box and then click <OK> button.
You may be prompted to install files from your Windows 95, 98 or Me
installation CD or other media. Follow the instructions to install the
files.
6. If prompted, click <OK> button to restart your computer with the new
settings.
Next, configure the PCs to accept IP information assigned by the
OfficeConnect Gigabit VPN Firewall:
7. In the Control Panel, double-click the Network icon.
8. In the Network dialog box, select an entry started with ―TCP/IP ”
and the name of your network adapter, and then click <Properties>
button.
9. In the TCP/IP Properties dialog box, click the radio button labeled
Obtain an IP address automatically.
10. In the TCP/IP Properties dialog box, click the ―Default Gateway‖ tab.
Enter 192.168.1.1 (the default LAN port IP address of the
OfficeConnect Gigabit VPN Firewall) in the ―New gateway‖ address
field and click <Add> button to add the default gateway entry.
11. Click <OK> button twice to confirm and save your changes, and then
close the Control Panel.
12. If prompted to restart your computer, click <OK> button to do so with
the new settings.
3.3.5 Windows® NT 4.0 workstations:
First, check for the IP protocol and, if necessary, install it:
1. In the Windows NT task bar, click the <Start> button, point to
Settings, and then click Control Panel.
7. In the Control Panel window, double click the Network icon.
8. In the Network dialog box, click the Protocols tab.
The Protocols tab displays a list of currently installed network
protocols. If the list includes TCP/IP Protocol, then the protocol has
already been enabled. Skip to step 14.
9. If TCP/IP does not display as an installed component, click <Add>
button.
10. In the Select Network Protocol dialog box, select TCP/IP, and then
click <OK> button.
You may be prompted to install files from your Windows NT
installation CD or other media. Follow the instructions to install the
files.
Chapter 3. Quick Start Guide OfficeConnect Gigabit VPN Firewall User’s Manual
14
After all files are installed, a window displays to inform you that a
TCP/IP service called DHCP can be set up to dynamically assign IP
information.
11. Click <Yes> button to continue, and then click <OK> button if
prompted to restart your computer.
Next, configure the PCs to accept IP addresses assigned by the
OfficeConnect Gigabit VPN Firewall:
12. Open the Control Panel window, and then double-click the Network
icon.
13. In the Network dialog box, click the Protocols tab.
14. In the Protocols tab, select TCP/IP, and then click <Properties>
button.
15. In the Microsoft TCP/IP Properties dialog box, click the radio button
labeled Obtain an IP address from a DHCP server.
16. Click <OK> button twice to confirm and save your changes, and then
close the Control Panel.
3.3.6 Assigning static IP addresses to your PCs
In some cases, you may want to assign IP addresses to some or all of your PCs
directly (often called ―statically‖), rather than allowing the OfficeConnect Gigabit
VPN Firewall to assign them. This option may be desirable (but not required) if:
You have obtained one or more public IP addresses that you want to
always associate with specific computers (for example, if you are using a
computer as a public web server).
You maintain different subnets on your LAN.
However, during the first time configuration of your OfficeConnect Gigabit VPN
Firewall, you must assign an IP address in the 192.168.1.0 network for your PC,
say 192.168.1.2, in order to establish connection between the OfficeConnect
Gigabit VPN Firewall and your PC as the default LAN IP on OfficeConnect
Gigabit VPN Firewall is pre-configured as 192.168.1.1. Enter 255.255.255.0 for
the subnet mask and 192.168.1.1 for the default gateway. These settings may
be changed later to reflect your true network environment.
On each PC to which you want to assign static information, follow the
instructions on pages 12 through 13 relating only to checking for and/or installing
the IP protocol. Once it is installed, continue to follow the instructions for
displaying each of the Internet Protocol (TCP/IP) properties. Instead of enabling
dynamic assignment of the IP addresses for the computer, DNS server, and
default gateway, click the radio buttons that enable you to enter the information
manually.
Note
Your PCs must have IP addresses that place them in the same
subnet as the OfficeConnect Gigabit VPN Firewall’s LAN port. If you
manually assign IP information to all your LAN PCs, you can follow
the instructions in Chapter 5 to change the LAN port IP address
accordingly.
3.4 Part 4 — Quick Configuration of the
OfficeConnect Gigabit VPN Firewall
In Part 4, you log into the Configuration Manager on the OfficeConnect Gigabit
VPN Firewall and configure basic settings for your Internet connection. Your ISP
should provide you with the necessary information to complete this step. Note
the intent here is to quickly get the OfficeConnect Gigabit VPN Firewall up and
running, instructions are concise. You may refer to corresponding chapters for
more details.
3.4.1 Setting Up the OfficeConnect Gigabit VPN Firewall
Follow these instructions to setup the OfficeConnect Gigabit VPN Firewall:
1. Before accessing the Configuration Manager in the OfficeConnect
Gigabit VPN Firewall, make sure that the HTTP proxy setting is
OfficeConnect Gigabit VPN Firewall User’s Manual Chapter 3. Quick Start Guide
15
disabled in your browser. In IE, click ―Tools‖ ―Internet Options…‖
―Connections‖ tab ―LAN settings…‖ and then uncheck ―Use
proxy server for your LAN …‖
2. On any PC connected to one of the four LAN ports on the
OfficeConnect Gigabit VPN Firewall, open your Web browser, and
type the following URL in the address/location box, and press
<Enter>:
http://192.168.1.1
This is the predefined IP address for the LAN port on the OfficeConnect
Gigabit VPN Firewall.
A login screen displays, as shown in Figure 3.4.
Figure 3.4 Login Screen
If you have problem connecting to the OfficeConnect Gigabit VPN
Firewall, you may want to check if your PC is configured to accept IP
address assignment from the OfficeConnect Gigabit VPN Firewall.
Another method is to set the IP address of your PC to any IP address in
the 192.168.1.0 network, such as 192.168.1.2.
3. Enter your user name and password, and then click to
enter the Configuration Manager. The first time you log into this
program, use these defaults:
Default User Name:
admin
Default Password:
password
Note
You can change the password at any time.
Figure 3.5 System Access Configuration Page
4. Click on Administration System Access menu to enter Account
configuration page as shown in Figure 3.5. Select an appropriate
account and change the password in the spaces provided if desired.
When changing passwords, make sure you enter the existing login
password in the Old Password field, enter the new password in New
Password field and confirm the new password in Retype New Password
field and click button to save the change
Chapter 3. Quick Start Guide OfficeConnect Gigabit VPN Firewall User’s Manual
16
Figure 3.6 System Time Configuration Page
5. Click on Administration System Time menu and set the time zone
for the OfficeConnect Gigabit VPN Firewall by selecting your time
zone from the Time Zone drop-down list. Click to save
the settings.
6. It is recommended that you keep the default LAN IP settings at this
point until after you have completed the rest of the configurations
and confirm that your Internet connection is working.
Figure 3.7 IP Setup Configuration Page
Figure 3.8 DHCP Server Configuration Page
Time Zone
drop-down
Loading...