How it Works
Multi-Tech Systems
Loading...
RF600
User Manual
189 pgs2.7 Mb0

Multi-Tech Systems RF600, RF760, RF660 User Manual

RF760/660/600VPN
Internet Security Appliance
User Guide
User Guide
RouteFinder RF760/660/600VPN S000323D Revision D
This publication may not be reproduced, in whole or in part, without prior expressed written permission from Multi-Tech Systems, Inc. All rights reserved.
Copyright © 2005 by Multi-Tech Systems, Inc. Multi-Tech Systems, Inc. makes no representations or warranty with respect to the contents hereof and specifically disclaims any implied warranties of merchantability or fitness for any particular purpose. Furthermore, Multi-Tech Systems, Inc. reserves the right to revise this publication and to make changes from time to time in the content hereof without obligation of Multi-Tech Systems, Inc. to notify any person or organization of such revisions or changes.
The links we have provided in this manual to other company Web sites cannot be not guaranteed. They are active at the time of publication, but cannot be guaranteed for any extended period of time.
Record of Revisions
Revision Date Description
A 01/30/04 First release for the RF760VPN. The guide combines the RF600VPN and the
RF660VPN user information.
B 11/01/04 & New software – version 3.20 and
01/25/05 New software – version 3.21. POP3 Proxy new. New Rescue Kernel section.
C 04/19/05 New software – Version 3.23 (one new field on the SMTP SPAM screen and one new
field on the Packet Filters > Advanced screen).
D 11/22/05 New software – Version 3.25. A System Scheduler was added to Administration. A User
Authentication section was added to the Proxy > HTTP Proxy screen. A Remote SMTP Virus Quarantine section was added to Proxy > SMTP Proxy. Maximum Mail Size Allowed and Message Filtering added to Proxy >SMTP Proxy > SMTP SPAM Filtering. Remote POP3 Virus Protection section was added to Proxy > POP3 Proxy. A Message Filtering section was added to Proxy > POP3 Proxy > POP3SPAM Filtering. Adaptive Message Database Backup was added to the Tracking > Backup screen. The screen for Statistics & Logs > HTTP Access has been enhanced.
Hardware change: new compact flash.
Patents
This device is covered by one or more of the following U.S. Patent Numbers: 6,219,708; 5,301,274; 5,309,562; 5,355,365; 5,355,653; 5,452,289; 5,453.986. The modem is covered by one or more of the following U.S. Patent Numbers: 6,031,867; 6,012,113; 6,009,082; 5,905,794; 5,864,560; 5,815,567; 5,815,503; 5,812,534; 5,809,068; 5,790,532; 5,764,628; 5,764,627; 5,754,589; D394,250; 5,724,356; 5,673,268; 5,673,257; 5,644,594; 5,628,030; 5,619,508; 5,617,423; 5,600,649; 5,592,586; 5,577,041; 5,574,725; D374,222; 5,559,793; 5,546,448; 5,546,395; 5,535,204; 5,500,859; 5,471,470; 5,463,616; 5,453,986; 5,452,289; 5,450,425; D361,764; D355,658; D355,653; D353,598; D353,144; 5,355,365; 5,309,562; 5,301,274 Other Patents Pending
Trademarks
Trademarks of Multi-Tech Systems, Inc.: Multi-Tech, the Multi-Tech logo, and RouteFinder. Windows is a registered trademark of Microsoft Corporation in the United States and other countries. Kaspersky Anti-Virus engine copyright by Kaspersky Labs. Surfcontrol is the registered product of Surfcontrol PLC. All products or technologies are the trademarks or registered trademarks of their respective holders.
Technical Support
Country By Email By Phone France: support@multitech.fr (33) 1-64 61 09 81 India: support@multitechindia.com 91 (124) 6340778 U.K.: support@multitech.co.uk (44) 118 959 7774 U.S. and Canada: support@multitech.com (800) 972-2439 Rest of the World: support@multitech.com (763) 717-5863
World Headquarters
Multi-Tech Systems, Inc. 2205 Woodale Drive Mounds View, Minnesota 55112 (763) 785-3500 or (800) 328-9717 Fax 763-785-9874 Internet Address: http://www.multitech.com
Table of Contents
Contents
Chapter 1 – Product Description, Features, and Overview............................................................................... 7
Product Description ........................................................................................................................................................... 7
Features ............................................................................................................................................................................ 7
Feature Highlights.............................................................................................................................................................. 8
Ship Kit Contents............................................................................................................................................................... 9
License Keys ................................................................................................................................................................... 10
Additional RouteFinder Documentation ........................................................................................................................... 10
Safety Warnings .............................................................................................................................................................. 11
Safety Recommendations for Rack Installations ............................................................................................................. 11
RouteFinder Front Panels................................................................................................................................................ 12
RF760/660VPN Front Panel ...................................................................................................................................12
RF600VPN .............................................................................................................................................................13
RouteFinder Back Panels ................................................................................................................................................ 14
RF760VPN Back Panel ..........................................................................................................................................14
RF660VPN Back Panel ..........................................................................................................................................14
RF600VPN Back Panel ..........................................................................................................................................14
Specifications .................................................................................................................................................................. 15
Overview of RouteFinder VPN Technology ..................................................................................................................... 17
Networks.................................................................................................................................................................17
The Firewall ............................................................................................................................................................17
Network Components That Work with the Firewall .................................................................................................17
Typical Applications ......................................................................................................................................................... 20
Chapter 2 – Installation....................................................................................................................................... 21
Pre-Installation Planning.................................................................................................................................................. 21
Planning and Establishing the Corporate Security Policy .......................................................................................21
Planning the Network..............................................................................................................................................22
Establishing an Address Table ...............................................................................................................................22
System Administrator Required Planning ........................................................................................................................ 22
Installation Overview........................................................................................................................................................ 23
Hardware Installation Procedure.............................................................................................................................23
Cabling Overview....................................................................................................................................................23
Setting up a Workstation and Starting the RouteFinder VPN .......................................................................................... 24
Navigating Through the Screens ..................................................................................................................................... 26
Menus and Sub-Menus...........................................................................................................................................27
Chapter 3 – Configuration .................................................................................................................................. 28
Initial Configuration Step.................................................................................................................................................. 28
Second Configuration Step.............................................................................................................................................. 29
The Wizard Setup Screen................................................................................................................................................ 30
Chapter 4 – Configuration Examples ................................................................................................................ 31
Example 1 – LAN-to-LAN VPN (Branch Office) ............................................................................................................... 31
Example 2 – Remote Client-to-LAN VPN Configuration .................................................................................................. 36
Example 3 – Remote Client-to-LAN Configuration Using DNAT and Aliasing ................................................................. 37
Example 4 – Client-to-LAN Configuration Using PPTP Tunneling ................................................................................... 38
Chapter 5 – URL Categorization ........................................................................................................................ 39
Table of Contents
Chapter 6 – RouteFinder Software .................................................................................................................... 42
Menu Bar ......................................................................................................................................................................... 42
Administration.................................................................................................................................................................. 43
Administration > System Setup...............................................................................................................................43
Adminstration > SSH ..............................................................................................................................................45
Administration > SNTP Client ................................................................................................................................46
Administration > Administrative Access..................................................................................................................47
Administration > Site Certificate..............................................................................................................................49
Administration > License Key .................................................................................................................................50
Administration > Intrusion Detection .......................................................................................................................51
Administration > Tools ............................................................................................................................................52
Administration > System Scheduler........................................................................................................................54
Administration > Factory Defaults...........................................................................................................................54
Administration > User Authentication > Local Users...............................................................................................55
Administration > User Authentication > RADIUS & SAM ........................................................................................56
Administration > Restart .........................................................................................................................................58
Administration > Shutdown .....................................................................................................................................58
Networks & Services........................................................................................................................................................ 59
Networks & Services > Networks............................................................................................................................59
Networks & Services > Services.............................................................................................................................61
Networks & Services > Network Groups.................................................................................................................63
Networks & Services > Service Groups..................................................................................................................64
Proxy ............................................................................................................................................................................... 65
General Information About Proxies.........................................................................................................................65
Proxy > HTTP Proxy...............................................................................................................................................66
Proxy > HTTP Proxy > Custom Filters..................................................................................................................69
Proxy > SMTP Proxy ..............................................................................................................................................71
Proxy > SMTP Proxy > SMTP SPAM Filtering .......................................................................................................74
Proxy > POP3 Proxy...............................................................................................................................................77
Proxy > POP3 Proxy > POP3 SPAM Filtering ........................................................................................................78
Proxy > SOCKS Proxy............................................................................................................................................80
Proxy > DNS Proxy.................................................................................................................................................82
Network Setup ................................................................................................................................................................. 83
Network Setup > Interface ......................................................................................................................................84
Network Setup > PPP.............................................................................................................................................86
Change Your Country/Region Code .......................................................................................................................86
Network Setup > PPPoE ........................................................................................................................................87
Network Setup > DHCP Client................................................................................................................................88
Network Setup > Dynamic DNS..............................................................................................................................89
Network Setup > Routes.........................................................................................................................................90
Network Setup > Masquerading .............................................................................................................................91
Network Setup > SNAT ..........................................................................................................................................92
Network Setup > DNAT ..........................................................................................................................................93
DHCP Server................................................................................................................................................................... 94
DHCP Server > Subnet Settings.............................................................................................................................94
DHCP Server > Fixed Addresses ...........................................................................................................................94
Tracking........................................................................................................................................................................... 95
Tracking > Accounting ............................................................................................................................................95
Tracking > Update Services....................................................................................................................................96
Tracking > Backup..................................................................................................................................................98
Tracking > Version Control ...................................................................................................................................100
Table of Contents
Packet Filters................................................................................................................................................................. 101
Packet Filters > Packet Filter Rules......................................................................................................................101
Packet Filters > ICMP...........................................................................................................................................103
Packet Filters > Advanced....................................................................................................................................104
Packet Filters > Enable/Disable Log.....................................................................................................................105
VPN (Virtual Private Networks)...................................................................................................................................... 106
VPN > IPSec.........................................................................................................................................................106
Introduction to Virtual Private Networks................................................................................................................106
VPN > x.509 Certificates.......................................................................................................................................111
VPN > IPSec Bridging ..........................................................................................................................................111
VPN > PPTP.........................................................................................................................................................112
Wizard Setup ................................................................................................................................................................. 114
Statistics & Logs ............................................................................................................................................................ 116
Statistics & Logs > Uptime....................................................................................................................................117
Statistics and Logs > Hardware ............................................................................................................................117
Statistics and Logs > Networks.............................................................................................................................118
Statistics & Logs > Interfaces ...............................................................................................................................120
Statistics & Logs > SMTP Proxy...........................................................................................................................121
Statistics & Logs > Accounting .............................................................................................................................122
Statistics & Logs > Self Monitor ............................................................................................................................123
Statistics & Logs > IPSec......................................................................................................................................124
Statistics & Logs > PPTP......................................................................................................................................124
Statistics & Logs > Packet Filter ...........................................................................................................................125
Statistics & Logs > Port Scans..............................................................................................................................126
Statistics & Logs > View Logs...............................................................................................................................126
Statistics & Logs > HTTP Access .........................................................................................................................127
Statistics & Logs > DHCP.....................................................................................................................................128
Statistics & Logs > SMTP & POP3 Virus Quarantines..........................................................................................129
Statistics & Logs > SMTP SPAM Quarantines......................................................................................................129
Statistics & Logs > Administrative Authentication Log ..........................................................................................129
Chapter 7 – User Authentication Methods...................................................................................................... 130
Proxy Services and Authentication Methods ........................................................................................................130
Which Method Should You Choose? ....................................................................................................................130
Authentication Setup...................................................................................................................................................... 131
Setting Up RADIUS Authentication.......................................................................................................................131
Setting Up A Microsoft IAS RADIUS Server .........................................................................................................131
Setting Up NT/2000 SAM (SMB) Authentication...................................................................................................132
Chapter 8 – Frequently Asked Questions (FAQs).......................................................................................... 133
Chapter 9 – Troubleshooting ........................................................................................................................... 139
Appendix A – Disposition of Events for the RouteFinder v3.2x................................................................... 141
1. Abstract ..................................................................................................................................................................... 142
II. Inbound Access Log .................................................................................................................................................. 143
III. Outbound Access Log .............................................................................................................................................. 145
IV. Access Requests through Firewall Dropped ............................................................................................................ 146
V. Access Requests to Firewall Dropped....................................................................................................................... 146
VI. Administrative Authentication Logs .......................................................................................................................... 147
VII. Admin Port Access Log ........................................................................................................................................... 147
VIII. Startup History Log................................................................................................................................................. 147
IX. User Log................................................................................................................................................................... 147
Table of Contents
X. Fragmented Dropped Log ......................................................................................................................................... 147
XI. ICMP Information ..................................................................................................................................................... 148
Appendix B – The RouteFinder Rescue Kernel.............................................................................................. 149
Method 1 – How to Perform the Install Using No External Server ................................................................................. 150
Method 2 – How to Perform the Install Using an External FTP Server .......................................................................... 151
Method 3 – How to Perform the Install If the Other Methods Fail or If the File Systems Are Corrupted ........................ 152
Appendix C – Board Components, Hardware Upgrades & Add-ons, Software Add-ons, Overnight
Replacement ...................................................................................................................................................... 153
Board Components........................................................................................................................................................ 153
Hardware Upgrades and Add-ons ................................................................................................................................. 154
Software Add-ons .......................................................................................................................................................... 156
Overnight Replacement Service .................................................................................................................................... 156
Appendix D – CD-ROM Drive Adapter and Pin Out ....................................................................................... 157
CD-ROM Drive Adapter Pin Out ...........................................................................................................................157
Appendix E – RouteFinder Maintenance ........................................................................................................158
Appendix F – Ordering Accessories ............................................................................................................... 160
SupplyNet Online Ordering Instructions................................................................................................................160
Appendix G – Technical Support..................................................................................................................... 161
Technical Support Contacts........................................................................................................................................... 161
Recording RouteFinder Information............................................................................................................................... 161
Appendix H – Multi-Tech Systems, Inc. Warranty and Repairs Policies .....................................................162
Appendix I – Regulatory Compliance.............................................................................................................. 164
Appendix J – License Agreements.................................................................................................................. 166
Multi-Tech Systems, Inc. End User License Agreement (EULA) ..........................................................................166
GNU GENERAL PUBLIC LICENSE .....................................................................................................................168
SurfControl URL Filtering End-User Terms ..........................................................................................................170
Kaspersky Standard End User License Agreement..............................................................................................173
Appendix K – Waste Electrical and Electronic Equipment Directive (WEEE)............................................. 175
Glossary ............................................................................................................................................................. 176
Index ................................................................................................................................................................... 186
Chapter 1 – Product Description, Features, and Overview
Chapter 1 – Product Description, Features, and Overview
Your Multi-Tech Systems, Inc. RouteFinder Internet security appliance is an integrated VPN gateway/firewall designed to maximize network security without compromising network performance. It uses data encryption, user authentication, and the Internet to securely connect telecommuters, remote offices, customers, and suppliers to the corporate office while avoiding the cost of private leased lines or dial-up charges.
Product Description
All three RouteFinder models provide advanced network firewall (Stateful Packet Inspection and NAT), application firewall (DMZ, proxies, filter, optional email anti-virus protection), VPN gateway (IPSec, PPTP, 3DES, authentication), and full router capabilities. Their Ethernet ports provide connectivity to your network, to the Internet access via router, DSL, cable or dedicated line, and to the DMZ.
The RouteFinder’s DMZ port permits connecting of Voice over IP gateways, like MultiVOIPs, and public servers such as email and Web to be safely connected. And its full-featured router hardware allows the entire network to share an Internet link by connecting to an existing cable modem, DSL modem, or router.
An optional email anti-virus update product offered by Multi-Tech with your RouteFinder purchase includes protection against new virus types and security gaps with automatically transferred updates.
The browser-based interface eases VPN configuration and management. The VPN functionality is based on the IPSec and PPTP protocols and uses Triple DES 168-bit encryption to ensure that your information remains private. In addition, the RF760/660VPN includes firewall security utilizing Stateful Packet Inspection and optional email anti-virus protection.
The RouteFinder VPNs can be used on the desktop or mounted in racks.
Features
Supports IPSec and PPTP VPN tunneling
Utilizes 168-bit Triple Data Encryption Standard (3DES)
Built-in Stateful Packet Inspection firewall with Network Address Translation (NAT)
Encapsulating Security Protocol (ESP)
Authentication Header (AH)
Internet Key Exchange (IKE), with support of Diffie-Hellman Group 2
Authentication Algorithm: HMAC-MD5 and HMAC-SHA1
Authentication using shared secrets, RSA digital signatures, and X.509 certificates
Perfect Forward Secrecy
Key exchanges using Internet PKIs (Public Key Infrastructure)
Free one-year content filtering subscription
Automatic dial-backup with built-in modem (RF760VPN and RF660VPN)
Automatic system updates to protect your network against the latest threats
Application layer security using SMTP, POP3, HTTP, DNS and SOCKS proxies
Secure local or remote management using HTTP, HTTPS or SSH
Reporting function provides valuable troubleshooting information
Three built-in 10/100 Ethernet ports (LAN, WAN, DMZ) for the RF600VPN and the RF660VPN.
Three built-in 10/100/1000 Ethernet ports (LAN, WAN, DMZ) for the RF760VPN
Shared broadband or dedicated Internet access for LAN users with one IP address
Internet access Control Tools provide client and site filtering and traffic monitoring and reporting
IP address mapping/port forwarding and DMZ port
Two-year warranty
Chapter 1 – Product Description, Features, and Overview
Feature Highlights
RouteFinder Applications. The RouteFinder combines Virtual Private Networking (VPN), firewall, e-mail anti-virus
protection, and content filtering in one box. It is a cost-effective, easy to manage solution that is ideal for the small to medium business looking to add one or all of the following applications to their network:
Remote User VPN. The client-to-LAN VPN application replaces traditional dial-in remote access by allowing a remote user
to connect to the corporate LAN through a secure tunnel over the Internet. The advantage is that a remote user can make a local call to an Internet Service Provider, without sacrificing the company’s security, as opposed to a long distance call to the corporate remote access server.
Branch Office VPN. The LAN-to-LAN VPN application sends network traffic over the branch office Internet connection
instead of relying on dedicated leased line connections. This can save thousands of dollars in line costs and reduce overall hardware and management expenses.
Firewall Security. As businesses move toward always-on broadband Internet connections, the network becomes more
vulnerable to Internet hackers. The RouteFinder provides a full-featured Stateful Packet Inspection firewall to provide security from intruders attempting to access the office LAN.
Email Anti-Virus Protection. An optional email virus protection subscription ensures the network is protected against the
latest virus outbreaks.
Content Filtering. A free, one-year URL content filtering subscription allows you to automatically manage what Web content
is available.
Plug-and-Play Security Appliance. The RouteFinder plugs in at the Internet connection of each office. It provides three
independent network interfaces (LAN, WAN and DMZ) that separate the protected office network from the Internet while offering an optional public network for hosting Web, e-mail, or ftp servers. Each network interface is independently monitored and visually displayed on the front of the RouteFinder.
Secure VPN Connections. The RouteFinder uses IPSec and PPTP industry standard protocols, data encryption, user
authentication, and the Internet to provide high-performance, secure VPN connections. For LAN-to-LAN connectivity, the RouteFinder utilizes the IPSec protocol with strong 168-bit 3DES encryption using IKE and PSK key management. In addition, it provides very high performance with 15M bps (RF660VPN) of 3DES encryption throughput. The RF600VPN = 3M bps and the RF760VPN = 50M bps. For client-to-LAN connectivity, Multi-Tech provides optional IPSec client software. The RouteFinder also supports remote users that want to use the PPTP VPN client built into the Windows operating system. This provides 40-bit or 128-bit encryption, user name and password authentication.
State-of-the-Art Firewall Security. The RouteFinder provides network layer security utilizing Stateful Packet Inspection, the
sophisticated firewall technology found in large enterprise firewalls, to protect the network against intruders and Denial of Service (DoS) attacks. It also uses Network Address Translation (NAT) to hide internal, non-routable IP addresses and allows internal hosts with unregistered IP addresses to function as Internet-reachable servers. In addition to network layer security, it provides application level security using SMTP, HTTP, DNS, and SOCKS proxies. The RouteFinder also utilizes filters to block specific Internet content to protect against viruses, dangerous ActiveX controls, Java, Javascript, and Cookies. An automatic update feature provides the highest level of security by automatically downloading and installing the latest system software and security patches protecting against any newly discovered hacker attacks with a single click.
Content Filtering. The RouteFinder includes a one-year URL content filtering subscription. It utilizes SurfControl® content
categorization list, the world's largest database of Internet content, which includes 5 million Web sites covering over 900 million Web pages. Daily updates of categorized sites are available for download. In addition, it includes URL Access and Deny Reporting. The subscription can easily be renewed on an annual basis.
Automatic Dial Backup. The RouteFinder provides a serial port that, when connected to a dial-up modem or ISDN terminal
adapter, can serve as a backup resource for Internet access and VPN tunneling if your cable or DSL service goes down. In addition to the serial port, the RouteFinder RF660VPN and RF760VPN models include a built-in modem.
Optional VPN Client Software. Multi-Tech provides an easy-to-use IPSec VPN client software that transparently secures
Internet communications anytime, anywhere. VPN client software is ideal for business users who travel frequently or work from home. It provides secure remote access through the RouteFinder VPN gateway for applications such as remote access, file transfer, e-mail, Web browsing, messaging or IP telephony. Encryption and authentication operations are completely transparent to the end user. In general, IPSec provides stronger encryption than PPTP resulting in better overall security.
Comprehensive Service and Support. The Multi-Tech commitment to service means we provide a two-year product
warranty and service that includes telephone technical support, 24-hour web site and FTP support.
Chapter 1 – Product Description, Features, and Overview
E-mail Anti-Virus Protection. Computer viruses are one of the leading security threats to Internet-connected networks.
Users can unknowingly download and launch dangerous viruses that can damage data or cause computer crashes. Viruses can also be used as delivery mechanisms for hacking tools, compromising the security of the network, even if a firewall is installed. An optional e-mail virus protection subscription utilizes a high-performance, ICSA-tested, anti-virus engine which checks both incoming and outgoing e-mail for viruses in real-time. Automatic anti-virus updates are downloaded at user­defined intervals to ensure protection is current. The e-mail anti-virus protection can be easily renewed on an annual basis. Ask about our free 30-day evaluation.
User Authentication. To increase the level of security, user identity can be verified before access to Internet services is
permitted. The RouteFinder supports authentication at a local user database as well as at external user databases, like Windows 2000 or Radius server.
Robust, Easy-to-Use Management. The RouteFinder includes robust management support allowing a network
administrator to securely manage the devices either through a web browser or at the command line. The browser-based option uses the HTTP or HTTPS protocol, also known as SSL (Secure Sockets Layer) to provide 128-bit encryption to secure the management session. The command line interface is accessible via SSH (Secure Shell) and supports SCP (Secure Copy).
Reporting. The RouteFinder also includes a suite of integrated monitoring and reporting tools that help administrators
troubleshoot the Internet security system and report to management the usage of the Internet. This includes reporting on system uptime, hardware, and network utilization. HTTP and SMTP proxy reports provide information about any actions needed to handle virus-infected e-mails. The RouteFinder also disables and logs attempted port scans. In addition, it provides accounting reports and a self-monitor that sends an e-mail notification of system-level issues.
Ship Kit Contents
The RouteFinder VPN is shipped with the following:
One Multi-Tech Systems, Inc. RouteFinder VPN
One Power Cord
One printed Quick Start Guide
One external power supply for the RF600VPN
Note: The power supply for the RF660VPN and RF760VPN is internal
Two Rack Mounting Brackets and four mounting screws
One RouteFinder VPN documentation CD which contains documentation, license agreements, Adobe Acrobat
Reader, and License keys
One RouteFinder VPN Software Recovery CD
Note
If any of these items are missing, contact Multi-Tech Systems or your dealer or distributor. Inspect the contents for signs of any shipping damage. If damage is observed, do not power up the RouteFinder VPN; contact Technical Support at Multi­Tech Systems, Inc. for advice.
Software Recovery CD Warning
Do not use the Software Recovery CD for any purpose except for re-installing software onto the RouteFinder VPN hard drive.
Chapter 1 – Product Description, Features, and Overview
License Keys
System License Key
Each RouteFinder VPN ships with a unique individual system License Key, a 20-digit alphanumeric number. You can enter and view License Key information from the RouteFinder's Web Management software at Administration > License Key > Open System License Key. This screen shows the entered License Key number and indicates whether it is a valid License Key number.
The License Key number is tied to and tracked with your RouteFinder's serial number. Whenever you require additional licenses, you must first provide Multi-Tech with your current License Key and serial number information in order for us to update your RouteFinder. With a valid License Key, you are entitled to use Multi-Tech’s Update service and support.
What to Do if a Trial License Key Expires
If the license key is a trial key, after expiry of the license period, the WAN interface of the RouteFinder will shut down. If the DHCP client or PPPoE is enabled, they will be disabled. The user can connect to the RouteFinder through the LAN interface and enter another valid license key to proceed further. The user has to manually enable the DHCP client / PPPoE after entering another valid license key.
URL Categorization License Key
An 11-digit numeric key Universal Resource Locator (URL) Categorization License Key is also shipped with your RouteFinder. This Key allows you to set up a URL database that limits clients’ access to places on the Internet by blocking sites you do not want accessed. In other words, you can deny users access to various categories of Web sites you select.
AntiVirus License Key
AntiVirus software with its corresponding License Key is available as a special purchase from Multi-Tech.
Where to Find the License Key Number Label
License Key numbers are printed on labels and are located:
On the bottom of the RouteFinder chassis
On the hard drive inside the chassis
On the front cover of the Quick Start Guide.
Additional RouteFinder Documentation
These additional RouteFinder reference documents are included on the system CD and are also posted on the Multi-Tech Web site.
1. The RouteFinder configured with DNAT and aliases.
2. Setting up a PPTP server and a PPTP remote client.
3. The VPN tunnel configured for manual mode example and IPSec pass-through in manual mode example.
4. A quick start guide for the add-on product IPSec SSH client.
5. Hard-Disk Drive Recovery.
Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 10
Chapter 1 – Product Description, Features, and Overview
Safety Warnings
Lithium Battery Caution
Danger of explosion if battery is incorrectly replaced. A lithium battery on the RouteFinder VPN PC board provides backup power for the time-keeping capability. The battery has an estimated life expectancy of ten years. When it starts to weaken, the date and time may be incorrect. If the battery fails, send the board back to Multi-Tech for battery replacement.
Ethernet Ports Caution
The Ethernet ports are not designed to be connected to a Public Telecommunication Network.
Software Recovery CD Warning
Do not use the Software Recovery CD for any purpose except for re-installing software onto the RouteFinder VPN hard drive.
Telecom Warnings for Modem
Never install telephone wiring during a lightning storm.
Never install telephone jacks in a wet location unless the jack is specifically designed for wet locations.
This product is to be used with UL and cUL listed computers.
Never touch uninsulated telephone wires or terminals unless the telephone line has been disconnected at the
network interface.
Avoid using a telephone during an electrical storm. There may be a remote risk of electrical shock from
lightening.
Do not use the telephone to report a gas leak in the vicinity of the leak.
To reduce the risk of fire, use only No. 26 AWG or larger Telecommunications line cord.
Safety Recommendations for Rack Installations
Ensure proper installation of the ROUTEFINDER in a closed or multi-unit enclosure by following the recommended installation as defined by the enclosure manufacturer. Do not place the ROUTEFINDER directly on top of other equipment or place other equipment directly on top of the ROUTEFINDER.
If installing the ROUTEFINDER in a closed or multi-unit enclosure, ensure adequate airflow within the rack so that the maximum recommended ambient temperature is not exceeded.
Ensure that the ROUTEFINDER is properly connected to earth ground via a grounded power cord. If a power strip is used, ensure that the power strip provides adequate grounding of the attached apparatus.
Ensure that the main supply circuit is capable of handling the load of the ROUTEFINDER. Refer to the power label on the equipment for load requirements.
Maximum ambient temperature for the ROUTEFINDER is 50 degrees Celsius (120° F). This equipment should only be installed by properly qualified service personnel.
Connect like circuits. In other words, connect SELV (Secondary Extra Low Voltage) circuits to SELV circuits and TN (Telecommunications Network) circuits to TN circuits.
Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 11
Chapter 1 – Product Description, Features, and Overview
RouteFinder Front Panels
RF760/660VPN Front Panel
The R760VPN and the RF660VPN have 16 LEDs that show device and network operating status.
For the RF760VPN, these LEDs are labeled 10/100/1G.
When 10, the LED is Off.
When 100, the LED is Green.
When 1G, the LED is Orange.
RF760 / 660VPN LED Descriptions
LAN LEDs Description
LINK
ACT
100MB or 10/100/1G
WAN LEDs Description
LINK
ACT
100MB or 10/100/1G
DMZ LEDs Description
LINK
ACT
100MB or 10/100/1G
Modem Description of Modem LEDs
DCD
RD DTR TD
System Description of System LEDs
HDD ACT ALERT
POWER
LAN LINK LED - Indicates link integrity for the LAN Ethernet port. If the Ethernet link is valid at 10 Mbps, 100 Mbps, or 1G (RF760VPN) the LINK LED is lit. If the Ethernet link is invalid, the LINK LED is off. ACT (Activity) LED - Indicates transmit and receive activity on the LAN Ethernet port. When activity is present on the LAN Ethernet port, the ACT LED is lit. When no activity is present on the LAN Ethernet port, the ACT LED is off. For the RF760VPN: If the Ethernet link is valid at 10 Mbps, the LAN LED is off. If the Ethernet link is valid at 100 Mbps, the LED is green. If the Ethernet link is valid at 1G, the LED is orange. For the RF660VPN: The LAN 100MB LED is lit if the LAN Ethernet port is linked at 100 Mbps. The LAN 100 MB LED is off at 10 Mbps.
WAN LINK LED - Indicates link integrity for the WAN Ethernet port. If the link is valid in either 10 Mbps, 100 Mbps, or 1G (760VPN), the LINK LED is on; if the WAN Ethernet link is invalid, the LINK LED is off. WAN ACT (Activity) LED - Indicates either transmit or receive activity on the WAN Ethernet port. When activity is present, the ACT LED is on; when no activity is present, the ACT LED is off. For the RF760VPN: If the Ethernet link is valid at 10 Mbps, the LED is off. If the Ethernet link is valid at 100 Mbps, the LED is green. If the Ethernet link is valid at 1G, the LED is orange. For the RF660VPN: The 100MB LED is lit if the LAN Ethernet port is linked at 100 Mbps. The 100 MB LED is off at 10 Mbps.
DMZ LINK LED - Indicates link integrity for the DMZ Ethernet port. If the link is valid in either 10 Mbps, 100 Mbps, or 1G (760VPN) the LINK LED is on; if the DMZ Ethernet link is invalid, the LINK LED is off. ACT (Activity) LED - Indicates either transmit or receive activity on the DMZ Ethernet port. When activity is present, the ACT LED is lit. When no DMZ Ethernet port activity is present, the ACT LED is off. For the RF760VPN: If the Ethernet link is valid at 10 Mbps, the LED is off. If the Ethernet link is valid at 100 Mbps, the LED is green. If the Ethernet link is valid at 1G, the LED is orange. For the RF660VPN: The 100MB LED is lit if the LAN Ethernet port is linked at 100 Mbps. The 100 MB LED is off at 10 Mbps.
DCD (Data Carrier Detect) LED - Lights when the modem detects a valid carrier signal from another modem; on when the modem is communicating with the other modem and off when the link is broken. RD (Read Data) LED - Flashes when the modem is receiving data from another modem. DTR (Data Terminal Ready) LED - Lights when the operating system detects and initializes the modem. TD (Transmit Data) LED - Flashes when the modem is transmitting data to another modem.
HDD ACT (Hard Disk Drive Activity) LED - Lights when the hard disk drive is accessed. ALERT LED - Not used. POWER LED - Off when the RouteFinder is in a reset state. When lit, the RouteFinder is not in a reset state.
Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 12
Chapter 1 – Product Description, Features, and Overview
RF600VPN
The RF600VPN has 12 front panel LEDs that show the network operating status.
General LED Descriptions
POWER
STATUS HDD ACT
LAN, WAN, DMZ LED Descriptions
10MB ACT
100MB
POWER LED - Off when the RF600VPN is in a reset state. When the POWER LED is lit, the RF600VPN is not in a reset state. STATUS LED - Off when the RF600VPN is booting up. HDD ACT (Hard Disk Drive Activity) LED - Lights when the RF600VPN hard disk drive is accessed.
10MB LED - Lights when the LAN client has a valid link at 10MB. ACT (Activity) LED - Indicates either transmit or receive activity on the LAN Ethernet port. When activity is present on the LAN Ethernet port, the ACT LED is lit. When no activity is present on the LAN Ethernet port, the ACT LED is off. 100MB LED - Lights when the LAN client has a valid link at 100MB.
Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 13
Chapter 1 – Product Description, Features, and Overview
RouteFinder Back Panels
RF760VPN Back Panel
The RF760VPN back panel has three fans, a power plug, a POWER Switch (| / O), an RJ-11 LINE jack, a DB-9 COM1 jack, a DB-15 High-density DSUB (VIDEO) jack, a keyboard jack, an Ethernet 10/100/1000 DMZ Port, and an Ethernet 10/100/1000 WAN Port, and an Ethernet 10/100/1000 LAN Port.
RF660VPN Back Panel
The RF660VPN back panel has a fan, a power plug, the POWER Switch (| / O), an RJ-11 LINE jack, a DB-9 COM1 jack, a DB-15 High-density DSUB (VIDEO) jack, two USB (Revision 1.1 compliant) jacks, an RJ-45 DMZ jack, an RJ-45 (WAN) jack, and an RJ-45 (LAN) jack.
RF600VPN Back Panel
The RF600VPN back panel has a DB-9 COM1 jack, a DB-15 High-density DSUB (VIDEO) jack, a keyboard jack, an RJ-45 DMZ jack, an RJ-45 WAN jack, an RJ-45 LAN jack, and a POWER jack.
Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 14
Chapter 1 – Product Description, Features, and Overview
Specifications
Appliance Features RF760VPN RF660VPN RF600VPN
Ethernet Ports
Number of Network Users Rackmount or Standalone
VPN Features RF760VPN RF660VPN RF600VPN
Remote User (Client-to-LAN) Branch Office (LAN-to-LAN) 3DES Encryption 3DES Throughput Protocols Security: IPSec, IKE, NAT,
Recommended Number of Tunnels (IPSec) Recommended Number of Tunnels (PPTP)
Firewall Features RF760VPN RF660VPN RF600VPN
Throughput Anti-Virus Option Content Filtering Application Proxies Port and IP Filtering Denial of Service Protection (DoS) Stateful Packet Inspection Network Address Translation (NAT) Virtual Server Port Scan Intrusion Detection/Notification H.323 Pass Through
Management Features RF760VPN RF660VPN RF600VPN
Email Alert Local & Remote Management Logging Reporting Web Based (HTTP, HTTPS/SSL) Secure Shell (SSH) Syslog
Other Features RF760VPN RF660VPN RF600VPN
Shared Internet Access Automatic Dial-Backup Integrated Modem PPPoE DHCP Client/Server User Authentication Automatic Firmware Downloads Warranty
3x10/100/1000BaseT (LAN,WAN, DMZ) Unlimited Unlimited Unlimited Both Both Both
Yes Yes Yes Yes Yes Yes Yes Yes Yes 50M bps 15M bps 3M bps
PPTP, HTTPS, SSH, SCP Authentication: Shared secret and built-in authentication server
Network: TCP/IP, DNS Filtering: Protocol, port
number, and IP address Proxies: HTTP, SMTP, DNS, SOCKS 100 50 25
100 50 25
300M bps 80M bps 20M bps Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
Yes Yes Yes Yes Yes Yes
Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
Yes Yes Yes Yes Yes Yes Yes Yes No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes 2 Years 2 Years 2 Years
3x10/100BaseT (LAN,WAN, DMZ)
Security: IPSec, IKE, NAT, PPTP, HTTPS, SSH, SCP Authentication: Shared secret and built-in authentication server
Network: TCP/IP, DNS Filtering: Protocol, port
number, and IP address Proxies: HTTP, SMTP, DNS, SOCKS
3x10/100BaseT (LAN,WAN, DMZ)
Security: IPSec, IKE, NAT, PPTP, HTTPS, SSH, SCP Authentication: Shared secret and built-in authentication server
Network: TCP/IP, DNS Filtering: Protocol, port
number, and IP address Proxies: HTTP, SMTP, DNS, SOCKS
Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 15
Chapter 1 – Product Description, Features, and Overview
Power & Physical
RF760VPN RF660VPN RF600VPN
Description
Power - Voltage & Frequency Power Consumption Physical Description Dimensions:
Operating Environment Temperature Range:
Approvals
100-240v AC, 50-60 Hz 100-240v AC, 50-60 Hz 100-240v AC, 50-60 Hz 50 Watts 30 Watts 15 Watts
17" w × 1.75" h × 10.5" d; (43.18cm × 4.45cm ×
26.67cm) Weight: 10 lbs. (4.54 kg)
32° to 120° F (0-50°C) Humidity: 25-85% noncondensing FCC Part 68 FCC Part 15 (Class A) CE Mark UL60950 ICSA Firewall Certified
Dimensions:
17" w × 1.75" h × 10.5" d; (43.18cm × 4.45cm ×
26.67cm)
Weight: 10 lbs. (4.54 kg) Temperature Range:
32° to 120° F (0-50°C) Humidity: 25-85% noncondensing FCC Part 68 FCC Part 15 (Class A) CE Mark UL60950 ICSA Firewall Certified
Dimensions:
12" w × 1.7" h × 8" d; (30.4cm × 4.4cm ×
20.3cm)
Weight: 5.8 lbs. (2.6 kg) Temperature Range:
32° to 120° F (0-50°C) Humidity: 25-85% noncondensing FCC Part 68 FCC Part 15 (Class A) CE Mark UL60950 ICSA Firewall Certified
Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 16
Chapter 1 – Product Description, Features, and Overview
Overview of RouteFinder VPN Technology
Before we look at how the RouteFinder works and how to use it, we will illustrate why the RouteFinder is necessary for the protection of networks, as well as show which problems and risks exist without an appropriate security system.
Networks
The systems in the global network communicate via the Internet Protocol Family (IP), including TCP, UDP, or ICMP. The IP addresses are the basis of this communication. They identify all available units within the network.
The Internet itself is actually just a collection of computer networks around the world of varying shape, size, and speed. Where two or more networks join, a whole host of tasks arise, which are dealt with by routers, bridges, or gateways. A special type of connection between two networks is called a firewall.
Generally speaking, three types of networks meet at the firewall:
1. External network/Wide Area Network (WAN)
2. Internal Network/Local Area Network (LAN)
3. De-Militarized Zone (DMZ)
The Firewall
The characteristic tasks of a firewall as a connection between WAN, LAN and DMZ are:
Protection from unauthorized access
Access control
Ensure information integrity
Perform analysis of protocols
Alert the administrator of relevant network events
Conceal internal network structure
Decoupling of servers and clients via proxies
Ensure confidentiality
There are several generic network components that, brought together under the heading Firewall, are responsible for these tasks. The following sections provide a brief look at some of the forms and their derivatives.
Network Components That Work with the Firewall
Network Layer Firewalls: Packet Filter
As the name suggests, the Packet Filter is where IP packets (consisting of address information, some flags, and the payload) are filtered. With this kind of firewall you can grant or deny access to services, according to different variables. Some of these variables are:
The source address
The target address
The protocol (e.g. TCP, UDP, ICMP)
The port number
Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 17
Chapter 1 – Product Description, Features, and Overview
The great advantage of a network layer firewall is its independence of both the operating system and the applications running on the machine.
In more complex network layer firewall implementations, the packet filtering process includes the interpretation of the packet payload. The status of every current connection is analyzed and recorded. This process is called stateful inspection.
The packet filter records the state of every connection and lets only those packets pass that meet the current connection criteria. This is especially useful for establishing connections from a protected network to an unprotected network.
If a system establishes a connection to a protected network, the Stateful Inspection Packet Filter lets a host’s answer packet pass back into the protected network. If the original connection is closed, no system from the unprotected network can send packets into the protected network any longer – unless you explicitly allow it.
Well Known Ports are controlled and assigned by the IANA, and on most systems, can only be used by system (or root) processes or by programs run by privileged users. Ports are used in TCP (RFC793) to name the ends of logical connections which carry long term conversations; and, typically, these same port assignments are used with UDP (RFC768). The assigned ports are in the range 0-1023. IETF RFC 1700 provides a list of the well-known port number assignments. IETF RFCs are available on the Internet from a number of sources.
Application Layer Gateways: Proxies
A second significant type of firewall is the application layer gateway. It is responsible for buffering connections between exterior systems and your system. Here, the packets aren’t directly passed on, but a sort of translation takes place, with the gateway acting as an intermediary stop and translator.
The application gateway buffering processes are called proxy servers, or, for short‚ proxies. Every proxy can offer further security features for its designed task. Proxies generally offer a wide range of security and protocol options.
Each proxy serves only one or a few application protocols, allowing high-level security and extensive logging and analysis of the protocol’s usage.
Examples of existing proxies are:
The SMTP proxy - Responsible for email distribution and virus checking.
The HTTP proxy - Supporting Java, JavaScript, ActiveX-Filter, and ad banner filtering.
The SOCKS proxy (the generic circuit-level proxy) - Supporting applications such as FTP clients, ICQ,
IRC, or streaming media.
Application level gateways offer the advantage of physical and logical separation of the protected and unprotected networks. They make sure that no packet is allowed to flow directly between networks, resulting in higher security.
Protection Mechanisms
Further mechanisms ensure added security. Specifically, the use of private IP addresses in combination with Network Address Translation (NAT) in the form of:
Masquerading
Source NAT (SNAT)
Destination NAT (DNAT)
These allow a whole network to hide behind one or a few IP addresses, preventing the identification of your network topology from the outside.
With these protection mechanisms in place, Internet connectivity remains available, but it is no longer possible to identify individual machines from the outside.
By using Destination NAT (DNAT), it is still possible to place servers within the protected network/DMZ and make them available for an assigned service.
In the sample graphic above, a user with the IP 5.4.3.2, port 1111 sends a request to the Web server in the DMZ. Of course, the user knows only the external IP (1.1.1.1, port 80). Using DNAT, the RouteFinder now changes the external IP address to 10.10.10.99, port 80 and sends the request to the Web server. The Web server then sends the answer with its IP address (10.10.10.99, port 80) and the user’s IP. The RouteFinder recognizes the packet by the user address, and it then changes the internal IP (10.10.10.99, port 80) into the external IP address (1.1.1.1, port 80).
Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 18
Chapter 1 – Product Description, Features, and Overview
To satisfy today’s business world needs, the IT infrastructure must offer real-time communication and co-operate closely with business partners, consultants, and branches. Increasingly, the demand for real-time capability is leading to the creation of extranets that operate either:
via dedicated lines, or
unencrypted lines via the Internet
Each of these methods has advantages and disadvantages, as there is a conflict between the resulting costs and the security requirements.
Virtual Private Networking (VPN) establishes secure (i.e., encrypted) connections via the Internet, an important function especially if your organization operates at several locations that have Internet connections. These secure connections use the IPSec standard derived from the IP protocol IPv6.
ISO Layers and TCP/IP
Once set up, this encrypted connection is used automatically (i.e., without extra configurations or passwords at the client systems) regardless of the type of data that is to be transferred. This protects the content during the transport. At the other end of the connection, the transferred data is transparently decoded and is available for the recipient in its original form.
The RouteFinder VPN uses a hybrid of the above listed basic forms of firewalls and combines the advantages of both variations: the stateful inspection packet. Stateful inspection packet filter functionality offers platform-independent flexibility, and the ability to define, enable or disable all necessary services. Existing proxies make the RouteFinder an application gateway that secures vital client system services, such as HTTP, Mail, and DNS by using a proxy. The ROUTEFINDER also enables generic circuit-level proxy via SOCKS.
VPN, Source NAT, Destination NAT, masquerading, and the ability to define static routes make the dedicated firewall an efficient distribution and checkpoint in your network.
Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 19
Typical Applications
Remote User VPN
The client-to-LAN VPN application replaces traditional dial-in remote access by allowing a remote user to connect to the corporate LAN through a secure tunnel over the Internet. The advantage is that a remote user can make a local call to an Internet Service Provider, without sacrificing the company’s security, as opposed to a long distance call to the corporate remote access server.
Branch Office VPN
The LAN-to-LAN VPN application sends network traffic over the branch office Internet connection instead of relying on dedicated leased line connections. This can save thousands of dollars in line costs and reduce overall hardware and management expenses.
Chapter 1 – Product Description, Features, and Overview
Firewall Security
As businesses shift from dial-up or leased line connections to always-on broadband Internet connections, the network becomes more vulnerable to Internet hackers.
The RouteFinder VPN provides a full-featured firewall based on Stateful Packet Inspection technology and NAT protocol to provide security from intruders attempting to access the office LAN.
Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 20
Chapter 2 – Installation
Pre-Installation Planning
Chapter 2 – Installation
Planning and Establishing the Corporate Security Policy
Having an organization-wide security policy is the first, and perhaps most, important step in general security planning. Organizations without a well-devised top-level security policy will not have ready answers to questions such as:
Who is allowed access to which servers?
Where are the backups stored?
What is the recovery procedure for a security breach?
These questions must be answered in terms of security costs, usability, compatibility with internal "culture", and alignment with your site's legal requirements.
Putting a security policy in place and keeping abreast of new security issues as they arise are paramount to securing your network.
Contents of a Corporate Internet Security Policy
The policy statements should be clear, easy to understand, and supported by management. All enterprises should have a carefully planned security policy that protects their network. Your security policy should define both what should be protected as well as how it should be protected. A comprehensive, clear, and well-communicated security policy is an important first step in protecting any network from the many threats associated with the power of the Internet.
A corporate Internet security policy should cover at least 6 major areas, including:
1. Acceptable Use – Define the appropriate use of the network and other computing resources by any and all
users. This should include policy statements like: “password sharing is not permitted"; "users may not share accounts"; and "users may not make copies of copyrighted software.”
2. Remote Access – Outline acceptable (and unacceptable) means of remotely connecting to the internal
network. Cover all DSL, cable modem, Telnet, and others. Specify who may obtain remote access. The security policy must also address who is allowed high-speed remote access and any extra requirements associated with that privilege (e.g., all remote access via DSL requires that a firewall be installed). You will also want to define users' email security here (e.g., in MS Outlook at Tools >
Options > Security > Zone Settings > Security Settings).
3. Information Protection – Provide guidelines to users that define the use and transmission of sensitive
information to ensure the protection of your enterprise’s key elements of information (e.g., set a standard for encryption level (such as 3DES) for information sent over the Internet).
4. Firewall Management – Define how firewall hardware and software are managed. This includes change
requests and approval, periodic review of firewall configurations, and firewall access privilege settings.
5. Special Access – Provide guidelines for any special, non-standard needs for access to specialized networks
or systems.
6. Network Connection – Establish policies for adding new devices and new users to the network, with an
approval process, along with the associated security requirements.
of the possible ways that users remotely access the internal network, such as dial-in, ISDN,
is allowed to have remote access as well as how users
Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 21
Chapter 2 – Installation
Planning the Network
Before installing, you should plan your network and decide which computer is to have access to which services. This simplifies configuration and saves you a lot of time that you would otherwise need for corrections and adjustments.
Establishing an Address Table
Enter the configuration information (e.g., the IP addresses used, Net Mask addresses, and the Default Gateway) into the appropriate field of the Address Table below. Please print this page and use it to fill in your specific ROUTEFINDER and network information (e.g., the IP address used, email lists, etc.), and keep it for future reference.
Network Card connected to the internal network (LAN on eth0) Network Card connected to the external network (WAN on eth1) Network Card connected to the DMZ (eth2)
IP Address Net Mask Default Gateway
___.___.___.___
___.___.___.___
___.___.___.___
___.___.___.___
___.___.___.___
___.___.___.___
___.___.___.___
System Administrator Required Planning
The system administrator must complete these setup requirements before installing the ROUTEFINDER software:
Set the correct configuration of the Default Gateway
Install an HTTPS-capable browser (e.g., the latest version of Microsoft Internet Explorer or Netscape
Navigator)
Activate JavaScript and Cascading Style Sheets
Make sure that no proxies are entered in the browser
If Secure Shell (SSH) is to be used, you must install an SSH client program (e.g., PuTTY in Windows 2000
or the bundled SSH client in most Linux packages).
Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 22
Chapter 2 – Installation
Installation Overview
RouteFinder VPN installation is divided into four steps:
1. Hardware installation
2. Cabling
3. Software initial configuration
4. RouteFinder configuration
Hardware Installation Procedure
The RouteFinder VPN is designed to install either on a desktop or in a standard EIA 19" rack and is shipped with the mounting hardware to install the RouteFinder VPN in the standard EIA 19" rack. If installing in a rack, use the provided mounting hardware and follow the rack enclosure manufacturer’s instructions to safely and securely mount the RouteFinder the rack enclosure. Proceed to the cabling procedure.
Cabling Overview
Cabling your RouteFinder VPN involves making the proper Power, DMZ, WAN and LAN connections as illustrated and described below.
RF760VPN
RF660VPN
RF600VPN
1. Using an RJ-45 Ethernet cable, connect the DMZ RJ-45 jack to the DMZ device or network (Optional – for example,
a Voice over IP gateway).
2. Using an RJ-45 Ethernet cable, connect the WAN RJ-45 jack to the device for the external network.
3. Using an RJ-45 Ethernet cable, connect the LAN RJ-45 jack to the internal network switch or hub. Note: Use a cross-over Ethernet cable if connecting to a single device.
4. With the RF760 or RF660 RouteFinder VPN Power switch in the off (Ο) position and using the supplied power cord,
plug one end into the RouteFinder VPN connect power plug and the other end into a live power outlet.
Note: The status LED blinks continuously after power-up.
5. Wait for the RouteFinder VPN to beep five times, indicating that it is ready to be configured with a Web browser.
Shutdown Caution: Never switch off the RouteFinder VPN Power until after you have performed the Shutdown
process. If the RouteFinder VPN is not properly shut down before switching off Power, the next startup may take a little longer, or in the worst case, data could be lost.
Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 23
Chapter 2 – Installation
Setting up a Workstation and Starting the RouteFinder VPN
This section of the Quick Start Guide covers the steps for setting up a workstation that is connected to the RouteFinder VPN, starting up the RouteFinder VPN, opening the RouteFinder VPN Web Management program, performing the time zone setup, and using the Menu bar to navigate through the Web Management software screens.
Connections
1. Connect a workstation to the RouteFinder's LAN port via Ethernet. Connections are described on the previous
page.
Note: If not using a hub, use a cross-over cable to connect a PC NIC to the RouteFinder's Ethernet 10/100
LAN Port.
2. Set the workstation IP address to 192.168.2.x subnet.
3. Obtain an Internet Public IP address so it can be assigned to the WAN port.
4. Connect to the Internet at the RouteFinder WAN port.
Power Up
5. Turn on power to the RouteFinder VPN. After several minutes, you will hear 5 beeps signifying the software
has fully booted.
Note: If you hear a continuous beep or no beep, cycle RouteFinder VPN power, connect an external monitor
and check the hard drive.
Open a Web Browser
6. Bring up a Web browser on the workstation. Type the default Gateway address: https://192.168.2.1 and press
the Enter key.
IMPORTANT: Be sure to type https (http will not work).
Note: Make sure your PC’s IP address is in the same network as the router’s IP address. WINIPCFG and
IPCONFIG are tools for finding a computer’s default gateway and MAC addresses. In Windows 98/ME you can type WINIPCFG. In Windows 2000/NT/ME/XP, you can type IPCONFIG.
7. In some environments, one or more Security Alert screen(s) may display. At the initial Security Alert screen,
click Yes and follow any additional on-screen prompts.
Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 24
Chapter 2 – Installation
Login
8. The Login screen is displayed.
Type the default User name: admin (all lower-case).
Tab to the Password field and type the default password: admin (all lower-case).
Click the Login button.
Note: The User name and Password entries are case-sensitive (both must be
typed in lower-case). The password can be up to 12 characters. Later, you will want to change the password from the default (admin) to something else. If Windows displays the AutoComplete screen, you may want to click No to tell Windows OS to not remember the password for security reasons.
Password Caution: Use a safe password! Your first name spelled backwards is
not a sufficiently safe password; a password such as xfT35$4 is better. It is recommended that you change the default password. Do not keep this default
password; create your own password.
9. If someone else is already logged onto the RouteFinder VPN or you were logged in recently, the following
message displays.
Do you want to log the user out?
Click Yes. If you click No, you are returned to the Login screen.
Web Management Software Opens
The Web Management Home screen is displayed. Web Management software is factory-installed on your RouteFinder. (This is a view of the top part of the Home screen.)
(This is a view of the Multi-Tech Systems, Inc. informational part of the Home screen.)
Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 25
Chapter 2 – Installation
t
Navigating Through the Screens
Before using the software, you may find the following information about navigating the screens and the structuring of the menus helpful.
The Web Management Screen
Menu Bar
Sub Menu
Screen Buttons
Screen Name
Work/Inpu Area
RouteFinder Menu Bar
Menu Selections
Administration Set up system parameters, Administrative Access, User Authentication; enter licenses
Networks & Services Define networks, services, and groups to make them available to be used by other
Proxy Set up proxies. Network Setup Set up the LAN, WAN, and DMZ Ethernet ports; PPP modem link, etc. DHCP Server Configure the DHCP server settings. Tracking Set up tracking of all packets through the network ports in the RouteFinder VPN, set up
Packet Filters Define filter rules and ICMP rules. VPN Virtual Private Network. Set up a secure communication tunnel to specific Internet
Statistics & Logs View and download all the statistics and log files maintained by your system.
and certificates, etc. See entire list of functions on next page.
functions such as allowed networks, packet filters, VPN, and proxies.
automatic download and upgrade of packages from a specified Update server, set up import/export backup configurations.
systems.
Screen Buttons
Home The main screen.
Wizard Setup Change passwords and quickly set up your RouteFinder VPN with the basic
configuration that will set it up as a firewall.
Help Describes what to do on each screen. Logout Logout and return to the login screen.
Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 26
Chapter 2 – Installation
Sub-Menu
Each item on the Menu Bar has its own sub-menu which displays on the left side of the screen. When you click one of the Menu Bar buttons, the screen that displays is the first sub-menu option. You can choose
other sub-menu screens by clicking the screen name in the sub-menu. This is an example of the Administration sub-menu. It displays when Administration is clicked on the Menu Bar.
Menus and Sub-Menus
Administration
System Setup SSH SNTP Client Administrative Access Site Certificate License Key Intrusion Detection Tools System Scheduler Factory Defaults User Authentication
Local Users
Radius & SAM Restart Shutdown
Tracking Packet Filters VPN Statistics & Logs
Accounting Update Services Backup Version Control
Networks & Services Proxy Network Setup DHCP Server
Network Services Network Groups Service Groups
Packet Filter Rules ICMP Advanced Enable/Disable Log
HTTP Proxy
Custom Filters
SMTP Proxy
SMTP SPAM Filtering
POP3 Proxy
POP3 SPAM Filtering SOCKS Proxy DNS Proxy
IPSec X.509 Certificates IPSec Bridging PPTP
Interface PPP PPPoE DHCP Client Dynamic DNS Routes Masquerading SNAT DNAT
Uptime Hardware Networks Interfaces SMTP Proxy Accounting Self Monitor IPSec PPTP Packet Filter Port Scans View Logs HTTP Access DHCP SMTP Virus Quarantine POP3 Virus Quarantine SMTP SPAM Quarantine Administrative Authentication Log
Subnet Settings Fixed Addresses
Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 27
Chapter 3 – Configuration
Initial Configuration Step
Set Up Your Time Zone
Click Administration on the menu bar. The System Setup screen displays.
Set the following:
Set System Time by selecting your Time Zone
Set the current Day, Month, Year, Hour, and Minute
Administration
System Setup
Chapter 3 – Configuration
System Time
Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 28
Chapter 3 – Configuration
Second Configuration Step
Using the Wizard Setup is a quick way to enter the basic configuration parameters to allow communication between the LAN’s workstation(s) and the Internet as shown in the example below.
Important Note: An initial configuration must be completed for each type of RouteFinder functions: firewall configuration,
LAN-to-LAN configuration, a LAN-to-Remote Client configuration.
Note About License Agreements: It is suggested that you read the legal information and license agreement before
beginning the configuration. This information can be found in the Appendix.
RouteFinder VPN Initial Configuration
The addresses used in this example are entered through the Wizard Setup. See the screen example on the next page.
Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 29
The Wizard Setup Screen
Click on the Wizard Setup button. The following screen displays.
Chapter 3 – Configuration
1. Enter your Administrator Email Address (can be anything).
Example: admin@yourdomain.com
2. Enter your Hostname for the RouteFinder (can be anything).
Example: routefinder.domainname.com
3. LAN IP Address and Subnet Mask default into the fields. This should be acceptable for your site.
4. Enter the WAN IP Address. This is the PUBLIC STATIC IP address.
Set this option based on information provided by your ISP. Example: 204.26.122.103
5. Change the Gateway IP address; this is the IP address of the router that connects to the Internet.
Example: 204.26.122.1
6. Place a checkmark in the Packet Filter Rule LAN-ANY-ANY-ALLOW box. This will enable the rule.
7. Change Password Settings as appropriate for your network. It is highly recommended that you change all default
passwords. Do not leave them at the defaults.
8. Click Save to save the settings you just entered.
9. The following message displays. Click OK to close the message box and save your changes.
Click OK to save the changes. Please be patient. Wizard Setup will take a few minutes to implement the changes. Do not close the Browser.
10. One more message displays. Note that saving your settings will take 1-2 minutes.
Please do not close the browser. Server is saving the values. After a few minutes you will be redirected to the new IP address. If you are not redirected, change the address in the location bar to 192.168.2.1.
11. Test your workstation to see that it can access the Internet. If a connection is established, then the settings have
been entered correctly.
Your Basic Configuration Is Now Complete
Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 30
Loading...
+ 159 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use