NEXXT SOLUTIONS 350U1 User Manual

Nexxt Solutions - NetGate Wireless Access Point

•

Protocol - The protocol used for this application, either TCP, UDP, or All (all protocols
supported by the router).

•

Status - This field displays either Enabled or Disabled, as the current status for the device.

•

Modify - Click the Modify button next to in the entry you want to change. If you want to erase
that entry, click on Delete.

To setup a virtual server entry, follow the steps described below:

1.

Click the Add New… button on the virtual servers page. (Figure 4-29)

2.

Select the service you want to use from the Common Service Port list. If the Common
Service Port list does not have the service that you want to use, type the number of the
service port or service port range in the Service Port field.

3.

Type the IP Address of the computer in the Server IP Address field.

4.

Select the protocol used for this application.

5.

Select the Enable option to activate the virtual server.

6.

Click the Save button.

Figure 4-29 Add or Modify a Virtual Server Entry

•

Common Service Port - Some common services are already available from the pull-down list.

Note:

If your computer or server has more than one type of service available, please select
a different service, and enter the same IP Address for that computer or server.
To modify or delete an existing entry:

1.

Click the Modify button next to the entry you want to modify. If you want to erase this entry,
click on the Delete button.

2.

Proceed with the changes you want to make.

3.

Click the Save button when you are done.

Click the Enable All button to activate all entries.
Click the Disabled All button to cancel all entries.
Click the Delete All button to erase all entries.
Click the Next button to go to the following page. Click the Previous button to return to the last page.

Note:

If you set the virtual server of service port as 80, you must configure the Web management port
on System Tools –> Remote Management page to be any value other than 80, such as 8080.
Otherwise, there will be a conflict to disable the virtual server.

41

Nexxt Solutions - NetGate Wireless Access Point

4.9.2 Port triggering

Go to Forwarding > Port Triggering in order to configure the Port Triggering parameters on
this menu, as shown in Figure 4-30.

Figure 4-30 Port triggering

Once configured, the operation is as follows:

A local host makes an outgoing connection to an external host using a destination port

1.
number defined in the Trigger Port field.
The router records this connection, opens the incoming port or ports associated with this

2.
entry in the Port Triggering table, and associates them with the local host.
When necessary, the external host will be able to connect to the local host using one of the

3.
ports defined in the Incoming Ports field.

•

Trigger Port - The port for outgoing traffic. An outgoing connection using this port will
“Trigger” this rule.

•

Trigger Protocol - The protocol used for Trigger Ports, either TCP, UDP, or All (all protocols
supported by the router).

•

Incoming Ports Range - The port or port range used by the remote system when it responds
to the outgoing request. A response using one of these ports will be forwarded to the PC that
triggered this rule. You can input at most 5 groups of ports (or port section). Every group
of ports must be separated by commas “,”. For example, 2000-2038, 2050-2051, 2085,
3010-3030.

•

Incoming Protocol - The protocol used for Incoming Ports Range, either TCP , UDP, or ALL
(all protocols supported by the router).

•

Status - This field displays either Enabled or Disabled, as the current status for the device.

To add a new rule, follow the steps below:

1.

Click the Add New… button o the Port Triggering page. (Figure 4-31)

2.

Select a common application from the Common Applications drop-down list, then the port
parameters will be automatically filled in the corresponding field. If the Common Applications
list does not have the application you want, enter the port parameters manually.

3.

Select the protocol used for Trigger Port and Incoming Ports from the corresponding
pull-down list.

4.

Click on Enable on the Status field.

5.

Click the Save button to save the new rule.

42

Nexxt Solutions - NetGate Wireless Access Point

Figure 4-31 Add or Modify a Triggering Entry

To modify or delete an existing entry, please complete the steps below:

1.

Click the Modify button next to the entry you want to change. If you want to delete that entry,
click the Delete in this stage.

2.

Proceed with the changes you want to make.

3.

Click the Save button when you are done.

Click the Enable All button to activate all entries.
Click the Disabled All button to cancel all entries.
Click the Delete All button to erase all entries.

Note:

When the trigger connection is released, will cause the closing of the corresponding opened

1.
ports.
Each rule can only be used by one host on the LAN at a time. The trigger connection of other

2.
hosts on the LAN will be refused.
Incoming Port Range enabled cannot overlap each other at the same time.

3.

4.9.3 DMZ (Demilitarized Zone)

Go to Forwarding > DMZ in order to set up an DMZ host on this page, as shown in
Figure 4-32.

Figure 4-32 DMZ

43

Nexxt Solutions - NetGate Wireless Access Point

To assign a computer or server to be a DMZ server:

1.

Click the Enable radio button.

2.

Enter the IP address in the DMZ Host IP Address field of the local PC that you want to set as
the DMZ host.

3.

Click the Save button when done.

Note:

Once you set the DMZ host, the firewall protection for that host will be disabled.

4.9.4 UPnP

Go to Forwarding > UPnP in order to configure the UPnP function on this page, as shown in
Figure 4-33:

Figure 4-33 UPnP Settings

•

Current UPnP Status - UPnP can be enabled or disabled by clicking the corresponding
button. As enabling UPnP may present a risk to security, this feature is disabled by default.

•

Current UPnP Settings List - This table displays the current UPnP information.

•

App Description - The description provided by the application in the UPnP request.

•

External Port - The external port that the router opened for the application.

•

Protocol - Shows which type of protocol is opened.

•

Internal Port – The Internal port that the router opened as a local host.

•

IP Address - The IP address of the local host that initiates the UPnP request.

•

Status - The port status is displayed in this field. “Enabled” means that the port is still active.
Otherwise, the port will be inactive.

Click Enable to activate the UPnP feature.
Click Disable to cancel the UPnP feature.
Click Refresh to update the Current UPnP Settings List.

44

Nexxt Solutions - NetGate Wireless Access Point

4.10 Security

This menu offers an enhanced level of protection for your network. IP address Filtering allows
you to control the Internet Access of specific users on your LAN based on their IP addresses.
Domain Filtering allows you to control access to certain websites on the Internet by specifying
their domains or key words. Like IP Address Filtering, MAC Address Filtering allows you to control
access to the Internet of users on your local network based on their MAC Addresses. Advanced
Security helps to protect the router from cyber attacks. Remote Management allows you to
manage your Router from a remote location via the Internet.
There are six submenus under the Security menu (shown in Figure 4-34): Firewall, IP Address

Filtering, Domain Filtering, MAC Address Filtering, Remote Management and Advanced
Security. Click any of them in order to configure the corresponding function. A detailed

description of each submenu is provided below.

!

Figure 4-34 The Security menu

45

Nexxt Solutions - NetGate Wireless Access Point

4.10.1 Firewall

Go to Security > Firewall in order to enable the main firewall screen, as shown in Figure 4-35.

The default setting for the switch is off. Turning the general firewall switch to off will disable IP
Filtering, Domain Filtering and MAC Filtering even if their individual settings are enabled.

Figure 4-35 Firewall Settings

•

Enable Firewall - Check this box to activate the Firewall.

•

Enable IP Address Filtering - Check this box to activate IP Address Filtering on the AP. There are
two default filtering rules for IP Address Filtering: Allow or Deny the packets specified to pass
through the router.

•

Enable Domain Filtering - Check this box to enable Domain Filtering.

•

Enable MAC Filtering - Check this box to activate MAC Address Filtering on the AP. There are
two default filtering rules for MAC Address Filtering: Allow or Deny the packets specified to pass
through the router.

46

Nexxt Solutions - NetGate Wireless Access Point

!

4.10.2 IP address filtering

Go to Security > IP Address Filtering in order to configure the IP address filtering entry on the

current page, as shown in Figure 4-36.

Figure 4-36 IP address Filtering

Do not change the default setting if you want to keep the IP Address Filtering feature disabled.
To set up an IP Address Filtering entry, you should first enable the Firewall, followed by the
IP Address Filtering on the Firewall page, as shown in Figure 4-35, and then click the Add New…
button, as illustrated in Figure 4-36. This will cause the page Add or Modify an IP Address
Filtering entry to be displayed, just like the one shown in Figure 4-37 below.

Figure 4-37 Add or Modify an IP Address Filtering Entry

To create or modify an IP Address Filtering entry, follow these instructions below:

1.

Effective Time - Enter a time range using the HHMM format. It represents the period within
which the entry shall remain active. For example 0803 - 1705, means that the command will
be effective from 08:03 to 17:05.

2.

LAN IP Address - Enter a LAN IP Address or a range of LAN IP addresses in this field, in
dotted-decimal notation format. For example, 192.168.0.20 192.168.0.30. Leave the field
blank if you want all LAN IP Addresses to be used.

47

Nexxt Solutions - NetGate Wireless Access Point

3.

LAN Port - Enter a LAN Port or a range of LAN ports in this field. For example, 1030 2000.
Leave the field blank if you want all LAN ports to be used.

4.

WAN IP Address - Enter a WAN IP Address or a range of WAN IP Addresses in this field, in
dotted-decimal notation format. For example, 61.145.238.6 - 61.145.238.47. Leave the
field blank if you want all WAN IP Addresses to be used.

5.

WAN Port - Enter a WAN Port or a range of WAN Ports in this field. For example, 25 110.
Leave the field blank if you want all WAN to be used.

6.

Protocol - Select the protocol to be used, either TCP, UDP, or All (all protocols supported by
the router).

7.

Action - Select either Allow or Deny through the router.

8.

Status - Select Enabled or Disabled for this entry from the Status pull-down list.

Click the Save button to confirm this entry.
To add another entry, repeat steps 1-9.
When finished, click the Back button.

To modify or delete an existing entry:

1.

Click the Modify next the entry you want to change. If you want to erase the entry, click the
Delete button.

2.

Proceed with the changes you want to make.

3.

Click the Save button.

Click the Enable All button to activate all entries.
Click the Disabled All button to cancel all entries.
Click the Delete All button to erase all entries.
You can change the entry’s order as desired. Fore entries are before hind entries. Enter the
ID number in the first box you want to move and another ID number in second box you want to
move to, and then click the Move button to change the entry’s order.
Click the Next button to move to the following page and click the Previous button to return to
the last page.
For example: If you wish to block e-mail received and sent by the IP Address 192.168.0.7
on your local network, and to make the PC with IP Address 192.168.0.8 unable to visit the
website of IP Address 202.96.134.12, while imposing no limitations on other PC(s), you should
specify the following IP address filtering list:

48

Nexxt Solutions - NetGate Wireless Access Point

4.10.3 Domain Filtering

Go to Security > Domain Filtering in order to configure the domain filtering feature, as shown
in Figure 4-38.

Figure 4-38 Domain Filtering

Before adding a Domain Filtering entry, you must ensure that Enable Firewall and Enable Domain
Filtering have been selected on the Firewall page, as shown in Figure 4-35. To Add a Domain
filtering entry, click the Add New… button, as it appears in Figure 4-38. This will open the Add or
Modify a Domain Filtering entry page, as in Figure 4-39.

Figure 4-39 Add or Modify a Domain Filtering entry

To add or modify a Domain Filtering entry, follow these instructions:

1.

Effective Time - Enter a time range using the HHMM format. It represents the period within
which the entry shall remain active. For example 0803 - 1705, means that the command will
be effective from 08:03 to 17:05.

2.

Domain Name - Type the domain or key word as desired in the field. Leave the field blank if
you want all websites on the Internet to be used. For example: www.xxyy.com.cn, .net.

3.

Status - Select Enabled or Disabled for this entry on the Status pull-down list.

4.

Click the Save button to confirm this entry.

To add or modify a Domain Filtering entry, follow these instructions:

49

Nexxt Solutions - NetGate Wireless Access Point

1.

Click the Modify button next the entry you want to change. If you want to erase the entry,
click the Delete button.

2.

Proceed with the changes you want to make.

3.

Click the Save button when done.

Click the Enabled All button to activate all entries .
Click the Disabled All button to cancel all entries.
Click the Delete All button to erase all entries
Click the Next button to go to the following page and the Previous button to return to the last
page.
For example, if you want to block the PC(s) on your LAN to access websites www.xxyy.com.cn,
www.aabbcc.com and websites ending in .net on the Internet, while imposing no limitations
on other websites, you should specify the following Domain filtering list.

4.10.4 MAC address filtering

Go to Security > Domain Filtering in order to configure the MAC address filtering feature on the
current page, as shown in Figure 4-40.

Figure 4-40 MAC address Filtering

Before setting up MAC Filtering entries, you must first ensure that Enable Firewall and Enable
MAC Filtering have been selected on the Firewall page, as shown in Figure 4-35. To Add a MAC
Address filtering entry, click the Add New… button in Figure 4-40. Then the Add or Modify a
MAC Address Filtering entry page will be displayed, as shown in Figure 4-41:

50

Nexxt Solutions - NetGate Wireless Access Point

Figure 4-41 Add or Modify a MAC Address Filtering entry

To add or modify a MAC Address Filtering entry, follow these instructions:

Enter the appropriate MAC Address into the MAC Address field. The format of the MAC

1.
Address is XX-XX-XX-XX-XX-XX (X represents any hexadecimal digit).
For example: 00-0E-AE-B0-00-0B.
Enter a short description of the PC in the Description field. Fox example: John’s PC.

2.
Status - Select Enabled or Disabled for this entry, from the Status pull-down list.

3.
Click the Save button to confirm this entry.

4.

To add additional entries, repeat steps 1-4.
When finished, click the Return button to go back to the MAC Address Filtering page.
To modify or delete an existing entry:

1.

Click the Modify button next to the entry you want to change. If you want to erase the
entry, click the Delete button.

2.

Proceed with the changes you want to make.

3.

Click the Save button once you are done.

Click the Enabled All button to activate all entries .
Click the Disabled All button to cancel all entries.
Click the Delete All button to erase all entries
Click the Next button to go to the following page and click the Previous button to return to the
last page.
Fox example: If you want to block the PC with MAC addresses 00-0A-EB-00-07-BE and
00-0A-EB-00-07-5F from accessing the Internet, first, enable the Firewall and MAC Address
Filtering on the Firewall page. Then, you should specify the Default MAC Address Filtering Rule
Deny these PC(s) with effective rules to access the Internet on the Firewall page, and include
the following MAC address filtering list on this page:

51

Nexxt Solutions - NetGate Wireless Access Point

4.10.5 Remote management

Go to Security > Remote Management in order to configure the Remote Management function
on this screen, as shown in Figure 4-42. This feature allows you to manage your Router from a
remote location via the Internet.

Figure 4-42 Remote Management

•

Web Management Port – The web browser normally uses the standard HTTP service port 80
for access.. This Router’s default remote management web port number is 80. For greater
security, you can change the remote management web port to a custom port by entering that
number in the box provided. Choose a number between 1 and 65534 but do not use the number
of any common service port.

•

Remote Management IP Address - This is the current address you will use when accessing
your Router from the Internet. This function is disabled when the IP address is set to the
default value of 0.0.0.0. To enable this function, change 0.0.0.0 to a valid IP address. If set to

255.255.255.255, then all the hosts will be able to access the Router from the internet.

Note:

To access the Router, you should type your Router’s WAN IP address into your browser’s

1.
address (in IE) or Location (in Navigator) box, followed by a colon and the custom port
number. For example, if your Router’s WAN address is 202.96.12.8, and the port number
used is 8080, please enter http://202.96.12.8:8080 in your browser. Later, you may be
asked for the Router’s password. After successfully entering the username and password,
you will be able to access the Router’s web-based utility.
Be sure to change the Router’s default password to a more secure password.

2.

52