PLANET CS-1000 User Manual

Download

Multi-Homing Security Gateway User’s Manual

Multi-Homing Security

Gateway

CS-1000

User’s Manual

Multi-Homing Security Gateway User’s Manual

Copyright (C) 2006 PLANET Technology Corp. All rights reserved. The products and programs described in this User’s Manual are licensed products of PLANET Technology, This User’s Manual contains proprietary information protected by copyright, and this User’s Manual and all accompanying hardware, software, and documentation are copyrighted. No part of this User’s Manual may be copied, photocopied, reproduced, translated, or reduced to any electronic medium or machine-readable form by any means by electronic or mechanical. Including photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal use, and without the prior express written permission of PLANET Technology.

Disclaimer

PLANET Technology does not warrant that the hardware will work properly in all environments and applications, and makes no warranty and representation, either implied or expressed, with respect to the quality, performance, merchantability, or fitness for a particular purpose. PLANET has made every effort to ensure that this User’s Manual is accurate; PLANET disclaims liability for any inaccuracies or omissions that may have occurred. Information in this User’s Manual is subject to change without notice and does not represent a commitment on the part of PLANET. PLANET assumes no responsibility for any inaccuracies that may be contained in this User’s Manual. PLANET makes no commitment to update or keep current the information in this User’s Manual, and reserves the right to make improvements to this User’s Manual and/or to the products described in this User’s Manual, at any time without notice. If you find information in this manual that is incorrect, misleading, or incomplete, we would appreciate your comments and suggestions.

CE mark Warning

This is a class B device, in a domestic environment, this product may cause radio interference, in which case the user may be required to take adequate measures.

Trademarks

The PLANET logo is a trademark of PLANET Technology. This documentation may refer to numerous hardware and software products by their trade names. In most, if not all cases, these designations are claimed as trademarks or registered trademarks by their respective companies.

To avoid the potential effects on the environment and human health as a result of the presence of hazardous substances in electrical and electronic equipment, end users of electrical and electronic equipment should understand the meaning of the crossed-out wheeled bin symbol. Do not dispose of WEEE as unsorted municipal waste and have to collect such WEEE separately.

Customer Service

For information on customer service and support for the Multi-Homing Security Gateway, please refer to the following Website URL:

http://

www.planet.com.tw

Before contacting customer service, please take a moment to gather the following information:

♦ Multi-Homing Security Gateway serial number and MAC address ♦ Any error messages that displayed when the problem occurred ♦ Any software running when the problem occurred ♦ Steps you took to resolve the problem on your own

Revision

User’s Manual for PLANET Multi-Homing Security Gateway

Model: CS-1000

Rev: 1.0 (April, 2006)

Multi-Homing Security Gateway User’s Manual

Part No. EM-CS1000v1

Multi-Homing Security Gateway User’s Manual

Table of Contents

CHAPTER 1: INTRODUCTION ........................................................................................................................ 1

1.1 FEATURES...........................................................................................................................................................1

1.2 PACKAGE CONTENTS ..........................................................................................................................................2

1.3 MULTI-HOMING SECURITY GATEW AY FRONT VIEW ...........................................................................................3

1.4 MULTI-HOMING SECURITY GATEW AY REAR PANEL ...........................................................................................3

1.5 SPECIFICATION....................................................................................................................................................3

CHAPTER 2: GETTING STARTED .................................................................................................................. 5

2.1 WEB CONFIGURATION ........................................................................................................................................5

2.2 CONFIGURE WAN1 INTERFACE..........................................................................................................................6

2.3 CONFIGURE WAN2 INTERFACE..........................................................................................................................7

2.4 CONFIGURE DMZ INTERFACE ............................................................................................................................7

2.5 CONFIGURE POLICY............................................................................................................................................8

CHAPTER 3: WEB CONFIGURATION .......................................................................................................... 10

3.1 SYSTEM.............................................................................................................................................................10

3.1.1 Admin....................................................................................................................................................... 11

3.1.2 Permitted IPs..........................................................................................................................................13

3.1.3 Software Update....................................................................................................................................15

3.1.4 Setting .....................................................................................................................................................15

3.1.5 Date/Time................................................................................................................................................20

3.1.6 Multiple Subnet ......................................................................................................................................21

3.1.7 Route Table.............................................................................................................................................26

3.1.8 DHCP.......................................................................................................................................................27

3.1.9 Dynamic DNS.........................................................................................................................................29

3.1.10 Host Table.............................................................................................................................................31

3.1.11 Language ..............................................................................................................................................33

3.1.12 Logout ...................................................................................................................................................34

3.2 INTERFACE ........................................................................................................................................................34

3.2.1 LAN..........................................................................................................................................................34

3.2.2 WAN.........................................................................................................................................................35

3.2.3 DMZ.........................................................................................................................................................39

3.3 POLICY OBJECT ................................................................................................................................................40

3.3.1 Address...................................................................................................................................................40

3.3.1.1 LAN.................................................................................................................................................40

3.3.1.2 LAN Group.....................................................................................................................................42

Multi-Homing Security Gateway User’s Manual

3.3.1.3 WAN............................................................................................................................................... 45

3.3.1.4 WAN Group...................................................................................................................................47

3.3.1.5 DMZ................................................................................................................................................50

3.3.1.6 DMZ Group.................................................................................................................................... 52

3.3.2 Service.....................................................................................................................................................54

3.3.2.1 Pre-defined....................................................................................................................................55

3.3.2.2 Custom...........................................................................................................................................56

3.3.2.3 Group..............................................................................................................................................58

3.3.3 Schedule.................................................................................................................................................60

3.3.4 QoS..........................................................................................................................................................62

3.3.5 Authentication......................................................................................................................................... 66

3.3.5.1 Auth Setting...................................................................................................................................66

3.3.5.2 Auth User.......................................................................................................................................67

3.3.5.3 Auth Group ....................................................................................................................................70

3.3.5.4 Radius Serve.................................................................................................................................73

3.3.5.5 POP3..............................................................................................................................................74

3.3.6 Content Blocking.................................................................................................................................... 75

3.3.6.1 URL Blocking.................................................................................................................................75

3.3.6.2 Scripts ............................................................................................................................................77

3.3.6.3 P2P.................................................................................................................................................78

3.3.6.4 IM....................................................................................................................................................79

3.3.6.5 Download.......................................................................................................................................79

3.3.6.6 Upload............................................................................................................................................80

3.3.7 Virtual Server.......................................................................................................................................... 81

3.3.7.1 Mapped IP.....................................................................................................................................82

3.3.7.2 Virtual Server.................................................................................................................................84

3.3.8 VPN..........................................................................................................................................................89

3.3.8.1 IPSec Autokey...............................................................................................................................89

3.3.8.2 PPTP Server..................................................................................................................................92

3.3.8.3 PPTP Client...................................................................................................................................95

3.3.8.4 T runk...............................................................................................................................................97

3.4 POLICY ............................................................................................................................................................158

3.4.1 Outgoing................................................................................................................................................158

3.4.2 Incoming................................................................................................................................................162

3.4.3 WAN To DMZ & LAN To DMZ............................................................................................................166

3.4.4 DMZ To WAN & DMZ To LAN............................................................................................................169

3.5 MAIL SECURITY...............................................................................................................................................173

3.5.1 Configure...............................................................................................................................................174

3.5.2 Anti-Spam .............................................................................................................................................177

Multi-Homing Security Gateway User’s Manual

3.5.2.1 Setting..........................................................................................................................................178

3.5.2.2 Rule..............................................................................................................................................179

3.5.2.3 Whitelist........................................................................................................................................182

3.5.2.4 Blacklist........................................................................................................................................184

3.5.2.5 T raining.........................................................................................................................................187

3.5.2.6 Spam Mail....................................................................................................................................193

3.5.3 Anti-Virus............................................................................................................................................... 193

3.5.3.1 Setting..........................................................................................................................................193

3.5.3.2 Virus Mail.....................................................................................................................................194

3.6 IDP..................................................................................................................................................................195

3.6.1 Setting ...................................................................................................................................................195

3.6.2 Signature...............................................................................................................................................196

3.6.3 IDP Report............................................................................................................................................199

3.7 ANOMALY FLOW IP .........................................................................................................................................200

3.8 MONITOR.........................................................................................................................................................201

3.8.1 Log.........................................................................................................................................................201

3.8.1.1 T raf fic............................................................................................................................................ 201

3.8.1.2 Event ............................................................................................................................................203

3.8.1.3 Connection ..................................................................................................................................205

3.8.1.4 Log Backup..................................................................................................................................206

3.8.2 Accounting Report...............................................................................................................................208

3.8.2.1 Setting..........................................................................................................................................208

3.8.2.2 Outbound.....................................................................................................................................209

3.8.2.3 Inbound........................................................................................................................................212

3.8.3 Statistic..................................................................................................................................................214

3.8.3.1 WAN Statistics.............................................................................................................................215

3.8.3.2 Policy Statistics...........................................................................................................................216

3.8.4 Status.....................................................................................................................................................217

3.8.4.1 Interface Status.................................................................................................................................217

3.8.4.2 Authentication..............................................................................................................................218

3.8.4.3 ARP Table....................................................................................................................................219

3.8.4.4 DHCP Clients..............................................................................................................................219

Multi-Homing Security Gateway User’s Manual

Chapter 1: Introduction

Thank you for purchasing new model of Planet’s Security Gateway CS-1000, a special designed of security

gateway, adopts Heuristics Analysis to filter spam and virus mail, auto-training system can raise identify rate

of spam, and built-in Clam virus scan engine can detect viruses, worms and other threats from email transfer.

CS-1000 does not just provide the same feature as the previous generation product CS-500, such as Content

Blocking to block specific URL, Scripts, IM/P2P program, IPSec and PPTP VPN server, QoS, Authentication

etc. Built-in two WAN interfaces allow CS-1000 to support outbound load balance and wan fail-over feature.

Furthermore, the VPN Trunk provides VPN fail-over and load balance features, that can offer a VPN

redundant mechanism to keep your VPN connection being on line.

CS-1000 not only can filter spam and virus mail, but also is a high performance VPN firewall. Moreover,

built-in IDP and firewall function can defense hacker and blaster attack from Internet or Intranet. The

completely function in one device can provide you an excellent security solution and the secure environment

than ever.

1.1 Features

♦ Anti-Spam Filtering: Multiple defense layers (Head Analysis, Text Analysis, Blacklist & Whitelist,

Bayesian Filtering, Spam Fingerprint, Checking sender account and IP address), and Heuristics Analysis

to block over 95% spam mail. Customizable notification options and spam mail report are provided for

administrator. Varied actions toward spam mail include: Delete, Deliver, and Forward. Built-in

auto-training system to rise identify rate of spam mail substantially.

♦ Anti-Virus Protection: Built-in Clam virus scan engine can detect viruses, worms, and other threats

from email transfer. Scan mission-critical content protocols-SMTP, POP3 in real time as traffic enters the

network to provide maximum protection. Customizable notification options and virus mail report are

provided for administrator. Varied actions toward spam mail include: Delete, Deliver, and Forward.

♦ VPN Connectivity: The security gateway support PPTP server/client and IPSec VPN. With DES, 3DES

and AES encryption and SHA-1 / MD5 authentication, the network traffic over public Internet is secured.

♦ VPN Trunk: VPN trunk function provides VPN load balance and VPN fail-over feature to keep the VPN

connection more reliable.

♦ Content Filtering: The security gateway can block network connection based on URLs, Scripts (The

Pop-up, Java Applet, cookies and Active X), P2P (eDonkey, Bit Torrent and WinMX), Instant Messaging (MSN, Yahoo Messenger, ICQ, QQ and Skype) and Download. If there are new updated

version of P2P or IM software in client side, CS-1000 will detect the difference and update the Content

Filtering pattern to renew the filtering mechanism.

- 1 -

Multi-Homing Security Gateway User’s Manual

♦ IDP: CS-1000 provides three kinds of the Signature to complete the intrusion detection system, user can

select to configure “Anomaly”, “Pre-defined” and “Custom” according to the current environment’s request.

♦ Anti-Virus for HTTP, FTP, P2P, IM, NetBIOS: The CS-1000 not only can provide Anti-virus feature for

mail, it also can filter the virus from varied protocol. The virus pattern can be updated automatically or

manually.

♦ Policy-based Firewall: The built-in policy-based firewall prevent many known hacker attack including

SYN attack, ICMP flood, UDP flood, Ping of Death, etc. The access control function allowed only

specified WAN or LAN users to use only allowed network services on specified time.

♦ QoS: You can control the outbound and inbound Upstream/Downstream Bandwidth by configuring the

QoS based on the WAN bandwidth.

♦ Authentication: Web-based authentication allows users to be authenticated by web browser. User

database can be configured on the devices or through external RADIUS server.

♦ WAN Backup: The CS-1000 can monitor each WAN link status and automatically activate backup links

when a failure is detected. The detection is based on the configurable target Internet addresses.

♦ Outbound Load Balancing: The network sessions are assigned based on the user configurable load

balancing mode, including “Auto”, “Round-Robin”, “By Traffic”, “By Session” and “By Packet”. User can

also configure which IP or TCP/UDP type of traffic use which WAN port to connect.

♦ Multiple NAT: Multiple NAT allows local port to set multiple subnet works and connect to the Internet

through different WAN IP addresses.

1.2 Package Contents

The following items should be included:

CS-1000

 CS-1000 x 1

 Power Adapter x 1

 Quick Installation Guide x 1

 User’s Manual CD x 1

 Console cable x 1

 RJ-45 cable

 Rack-mount ear

If any of the contents are missing or damaged, please contact your dealer or distributor immediately.

- 2 -

1.3 Multi-Homing Security Gateway Front View

CS-1000 Front Panel

LED Description

PWR Power is supplied to this device.

STATUS Blinks to indicate this devise is being turned on and

booting. After one minute, this LED indicator will stop

blinking, it means this device is now ready to use.

Multi-Homing Security Gateway User’s Manual

WAN1,

WAN2, LAN,

DMZ

Green Steady on indicates the port is connected

to other network device.

Blink to indicates there is traffic on the port

Orange Steady on indicates the port is connected

at 100Mbps speed

1.4 Multi-Homing Security Gateway Rear Panel

CS-1000 Rear Panel

1.5 Specification

Product Multi-Homing Security Gateway Model CS-1000 Hardware Ethernet

Power 100~250 VAC, 50~60 Hz, 0.6A Operating Environment Temperature: 0~60°C

Dimension W x D x H, mm 237 x 440 x 43 Regulatory FCC, CE Mark Software Management Web

LAN 1 x 10/100 Based-TX RJ-45 WAN 2 x 10/100 Based-TX RJ-45 DMZ 1 x 10/100 Based-TX RJ-45

Relative Humidity: 5%~95%

- 3 -

Multi-Homing Security Gateway User’s Manual

Network Connection Transparent mode (WAN to DMZ), NAT, Multi-NAT Routing Mode Static Route, RIPv2 Concurrent Sessions 110,000 New session / second 10,000 Email Capacity per Day 120,000 Firewall Throughout 100Mbps 3DES Throughput 17Mbps Firewall Policy-based firewall rule with schedule, NAT/NAPT, SPI firewall VPN Tunnels 100/200 VPN Function PPTP server and client, IPSec

DES, 3DES and AES encrypting SHA-1 / MD5 authentication algorithm Remote access VPN (Client-to-Site) and Site to Site VPN VPN Trunk

Content Filtering URL Blocking

Blocks Popup, Java Applet, cookies and Active X P2P Application Blocking Instant Message Blocking Download Blocking

IDP Anti-Virus for HTTP, FTP, P2P, IM, NetBIOS

Automatic or manual update virus and signature database Anomaly: Syn Flood, UDP Flood, ICMP Flood and more. Pre-defined : Backdoor, DDoS, DoS, Exploit, NetBIOS and Spyware.

Custom: User defined based on TCP, UDP, ICMP or IP protocol. Scanning Mail Settings The allowed size of scanned mail: 10 ~ 512Kbytes Anti-Virus Email attachment virus scanning by SMTP, POP3

Inbound scanning for internal and external Mail Server

Action of infected mail: Delete, Deliver to the recipient, forward to an account

Automatic or manual update virus database Anti-Spam Inbound scanning for external and internal Mail Server

Support Spam Fingerprint, Bayesian filtering, checking sender account and IP

to filter the spam mail

Black list and white list support auto training system

Action of spam mail : Delete, Deliver to the recipient, forward to an account QoS Policy-based bandwidth management

Guarantee and maximum bandwidth with 3 priority levels

Classify traffics based on IP, IP subnet, TCP/UDP port User Authentication Built-in user database with up to 200 entries

Support local database, RADIUS and POP3 authentication Logs Log and alarm for event and traffic

Log can be saved from web, sent by e-mail or sent to syslog server Accounting Report Record inbound and outbound traffic’s utilization by Source IP, Destination IP

and Service Statistics Traffic statistics for WAN interface and policies

Graphic display Others Dynamic DNS, NTP, DHCP server, Virtual server,

- 4 -

Multi-Homing Security Gateway User’s Manual

Chapter 2: Getting Started

2.1 Web Configuration

STEP 1:

Connect both the Administrator’s PC and the LAN port of the Multi-Homing Security Gateway to a hub or

switch. Make sure there is a link light on the hub/switch for both connections. The Multi-Homing Security

Gateway has an embedded web server used for management and configuration. Use a web browser to

display the configurations of the Multi-Homing Security Gateway (such as Internet Explorer 4(or above) or

Netscape 4.0(or above) with full java script support). The default IP address of the Multi-Homing Security

Gateway is 192.168.1.1 with a subnet mask of 255.255.255.0. Therefore, the IP address of the Administrator

PC must be in the range between 192.168.1.2– 192.168.1.254

If the company’s LAN IP Address is not subnet of 192.168.1.0, (i.e. LAN IP Address is 172.16.0.1), then the

Administrator must change his/her PC IP address to be within the same range of the LAN subnet (i.e.

172.16.0.2). Reboot the PC if necessary.

By default, the Multi-Homing Security Gateway is shipped with its DHCP Server function enabled. This means

the client computers on the LAN network including the Administrator PC can set their TCP/IP settings to

automatically obtain an IP address from the Multi-Homing Security Gateway.

STEP 2:

Once the Administrator PC has an IP address as the same network as the Multi-Homing Security Gateway,

open up an Internet web browser and type in

A pop-up screen will appear and prompt for a username and password. A username and password is required

to connect to the Multi-Homing Security Gateway. Enter the default login username and password of

Administrator (see below).

Username: admin Password: admin

Click OK.

http://192.168.1.1 in the address bar.

- 5 -

Multi-Homing Security Gateway User’s Manual

2.2 Configure WAN1 interface

After entering the username and password, the Multi-Homing Security Gateway WEB UI screen will display.

Select the Interface tab on the left menu then click on WAN below it.

Click on Modify button of WAN NO.1. The following page is shown.

Alive Indicator Site IP: This feature is used to ping an address for detecting WAN connection status. Service: ICMP You can select an IP address by Assist, or type an IP address manually. Service: DNS You can select a DNS IP and Domain name by Assist, or type the related data manually.

PPPoE (ADSL User): This option is for PPPoE users who are required to enter a username and password in

order to connect.

Username: Enter the PPPoE username provided by the ISP. Password: Enter the PPPoE password provided by the ISP. IP Address provided by ISP:

Dynamic: Select this if the IP address is automatically assigned by the ISP. Fixed: Select this if you were given a static IP address. Enter the IP address that is given to you by

your ISP.

Max. Upstream/Downstream Bandwidth: The bandwidth provided by ISP. Service-On-Demand:

The PPPoE connection will automatically disconnect after a length of idle time (no activities). Enter in

the amount of idle minutes before disconnection. Enter ‘0’ if you do not want the PPPoE connection to

disconnect at all.

- 6 -

Multi-Homing Security Gateway User’s Manual

For Dynamic IP Address (Cable Modem User): This option is for users who are automatically assigned an

IP address by their ISP, such as cable modem users. The following fields apply:

MAC Address: This is the MAC Address of the device. Some ISPs require specified MAC address. If the required MAC address is your PC’s, click Clone MAC Address. Hostname: This will be the name assign to the device. Some cable modem ISP assign a specific

hostname in order to connect to their network. Please enter the hostname here. If not required by your

ISP, you do not have to enter a hostname.

For Static IP Address: This option is for users who are assigned a static IP Address from their ISP. Your ISP

will provide all the information needed for this section such as IP Address, Netmask, Gateway, and DNS. Use

this option also if you have more than one public IP Address assigned to you.

IP Address: Enter the static IP address assigned to you by your ISP. This will be the public IP address of

the WAN port of the device.

Netmask: This will be the Netmask of the WAN network. (i.e. 255.255.255.0) Default Gateway: This will be the Gateway IP address. Domain Name Server (DNS): This is the IP Address of the DNS server. Max. Upstream/Downstream Bandwidth: The bandwidth provided by ISP.

Ping: Select this to allow the WAN network to ping the IP Address of the Multi-Homing Security Gateway. This

will allow people from the Internet to be able to ping the Multi-Homing Security Gateway. If set to enable, the

device will respond to echo request packets from the WAN network.

HTTP: Select this will allow the WebUI to be configured from a user on the Internet. Keep in mind that the

device always requires a username and password to enter the WebUI.

2.3 Configure WAN2 interface

If you want to connect WAN 2 to another ISP connection, click Modify button of WAN No. 2 then repeat above

procedures to setup.

2.4 Configure DMZ interface

Depends on your network requirement, you can disable the DMZ port, make DMZ port transparent to WAN or

enable NAT function on it.

To configure the DMZ port, select the Interface tab on the left menu, then click on DMZ, the following page is

shown.

- 7 -

Multi-Homing Security Gateway User’s Manual

2.5 Configure Policy

STEP 1:

Click on the Policy tab from the main function menu, and then click on Outgoing (LAN to WAN) from the

sub-function list.

STEP 2:

Click on New Entry button.

STEP 3:

When the New Entry option appears, enter the following configuration:

Source Address – select “Inside_Any” Destination Address – select “Outside_Any” Service - select “ANY” Action - select “Permit, ALL”

Click on OK to apply the changes.

- 8 -

Multi-Homing Security Gateway User’s Manual

STEP 4:

The configuration is successful when the screen below is displayed.

Please make sure that all the computers connected to LAN port must set their Default Gateway IP Address to

the Multi-Homing Security Gateway’s LAN IP Address (i.e. 192.168.1.1). At this point, all the computers on the

LAN network should gain access to the Internet immediately. If a Multi-Homing Security Gateway filter

function is required, please refer to the Policy section in chapter 3.

- 9 -

Multi-Homing Security Gateway User’s Manual

Chapter 3: Web Configuration

3.1 System

The Multi-Homing Security Gateway Administration and monitoring configuration is set by the System

Administrator. The System Administrator can add or modify System settings and monitoring mode. The sub

Administrators can only read System settings but not modify them. In System, the System Administrator can:

1. Add and change the sub Administrator’s names and passwords;

2. Back up all Multi-Homing Security Gateway settings into local files;

“System” is the managing of settings such as the privileges of packets that pass through the Multi-Homing

Security Gateway and monitoring controls. Administrators may manage, monitor, and configure Multi-Homing

Security Gateway settings. All configurations are “read-only” for all users other than the Administrator; those

users are not able to change any settings for the Multi-Homing Security Gateway.

System setting can divide into two parts: Administration, Configure and Logout.

Administration:

Admin: controls user access right to the Multi-Homing Security Gateway. User can add/remove users and

change passwords.

Permitted IPs: Enables the Administrator to authorize specific internal/external IP address(es) for gateway

managing.

Software Update: The administrator can update the device’s software with the latest version downloaded

from Planet’s website, in order to optimize the performance and keep up with the latest fixes for intruding

attacks.

Configure:

Setting: The Administrator may use this function to backup Multi-Homing Security Gateway configurations

and export (save) them to a computer; or restore a configuration file to the device; or reset the Multi-Homing

Security Gateway back to default factory settings. Under Setting, the Administrator may enable e-mail alert

notification. This will alert Administrator(s) automatically whenever the Multi-Homing Security Gateway has

experienced unauthorized access or a network hit (hacking or flooding). Once enabled, an IP address of a

SMTP (Simple Mail Transfer protocol) Server is required. Up to two e-mail addresses can be entered for the

alert notifications.

Date/Time: This function enables the Multi-Homing Security Gateway to be synchronized based on an

Internet Time Server or with the client computer’s clock.

Multiple Subnet: This function allows local port to be set with multiple IP subnet, and allow all clients

connecting to the internet via WAN IP Address.

Route Table: Use this function to configure static route for the networks when the dynamic route is not efficient enough.

- 10 -

Multi-Homing Security Gateway User’s Manual

DHCP: Administrator can configure DHCP (Dynamic Host Configuration Protocol) settings for the LAN (LAN)

network.

Dynamic DNS: The Dynamic DNS (require Dynamic DNS Service) allows you to alias a dynamic IP address

to a static hostname, allowing your device to be more easily accessed by specific name. When this function is

enabled, the IP address in Dynamic DNS Server will be automatically updated with the new IP address

provided by ISP. Host Table: The Multi-Homing Security Gateway Administrator may use the Host Table function to make the

Multi-Homing Security Gateway act as a DNS Server for the LAN and DMZ network. All DNS requests to a

specific Domain Name will be routed to the Multi-Homing Security Gateway’s IP address. For example, let’s

say an organization has their mail server (i.e., mail.planet.com.tw) in the DMZ network (i.e. 192.168.10.10).

The outside Internet world may access the mail server of the organization easily by its domain name,

providing that the Administrator has set up Virtual Server or Mapped IP settings correctly. However, for the

users in the LAN network, their WAN DNS server will assign them a public IP address for the mail server. So

for the LAN network to access the mail server (mail.planet.com.tw), they would have to go out to the Internet,

then to come back through the Multi-Homing Security Gateway to access the mail server. Essentially, the LAN

network is accessing the mail server by a real public IP address, while the mail server serves their request by

a NAT address and not a real one. This odd situation occurs when there are servers in the DMZ network and

they are bound to real IP addresses. To avoid this, set up Host Table so all the LAN network computers will

use the Multi-Homing Security Gateway as a DNS server, which acts as the DNS Proxy.

Language: Both Chinese and English are supported in the Multi-Homing Security Gateway.

Logout:

Logout: Administrator logs out the Multi-Homing Security Gateway. This function protects your system while

you are away.

3.1.1 Admin

On the left hand menu, click on Administration, and then select Admin below it. The current list of

Administrator(s) shows up.

ÍÍ

- 11 -

Multi-Homing Security Gateway User’s Manual

Settings of the Administration table Admin Name: The username of Administrators for the Multi-Homing Security Gateway. The user admin

cannot be removed.

Privilege: The privileges of Administrators (Admin or Sub Admin) The username of the main Administrator is Admin with read / wri te privilege.

Sub Admin may be created by clicking

New Sub Admin

. Sub Admin have read only privilege.

Configure: Click Modify to change the “Sub Admin” password and click Remove to delete a “Sub Admin”.

Changing the Main/Sub-Admin’s Password

Step 1. The Modify Admin Password window will appear. Enter in the required information:

 Password: enter original password.  New Password: enter new password  Confirm Password: enter the new password again.

Step 2. Click OK to confirm password change or click Cancel to cancel it.

Adding a new Sub Admin

Step 1. In the Add New Sub Admin window:

 Sub Admin Name: enter the username of new Sub Admin.

 Password: enter a password for the new Sub Admin.

 Confirm Password: enter the password again.

Step 2. Click OK to add the user or click Cancel to cancel the addition.

- 12 -

Multi-Homing Security Gateway User’s Manual

Removing a Sub Admin

Step 1. In the Administration table, locate the Admin name you want to edit, and click on the Remove

option in the Configure field.

Step 2. The Remove confirmation pop-up box will appear. Click OK to remove that Sub Admin or click

Cancel to cancel.

3.1.2 Permitted IPs

Only the authorized IP address is permitted to manage the Multi-Homing Security Gateway.

ÍÍ

Add Permitted IPs Address

Step 1. Click New Entry button.

- 13 -

Multi-Homing Security Gateway User’s Manual

Step 2. In IP Address field, enter the LAN IP address or WAN IP address.

 Name: Enter the host name for the authorized IP address.  IP Address: Enter the LAN IP address or WAN IP address.  Netmask: Enter the netmask of LAN/WAN.  Ping: Select this to allow the external network to ping the IP Address of the Firewall.  HTTP: Check this item, Web User can use HTTP to connect to the Setting window of

Multi-Homing Security Gateway.

Step 3. Click OK to add Permitted IP or click Cancel to discard changes.

Modify Permitted IPs Address

Step 1. In the table of Permitted IPs, highlight the IP you want to modify, and then click Modify.

Step 2. In Modify Permitted IPs, enter new IP address.

Step 3. Click OK to modify or click Cancel to discard changes.

Remove Permitted IPs Addresses

Step 1. In the table of Permitted IPs, highlight the IP you want to remove, and then click Remove.

Step 2. In the confirm window, click OK to remove or click Cancel to discard changes.

- 14 -

3.1.3 Software Update

Multi-Homing Security Gateway User’s Manual

Under Software Update, the admin may update the device’s software with newer software. You may acquire the current version number of software in Version Number. Administrators may visit Planet’s website to

download the latest version and save it in server’s hard disk.

Step 1. Click Browse to select the latest version of Software.

Step 2. Click OK to update software.

ÍÍ

NOTE: It takes three minutes to update the software. The system will restart automatically after updating the

software.

3.1.4 Setting

The Administrator may use this function to backup Multi-Homing Security Gateway configurations and export

(save) them to the “Administrator” computer or anywhere on the network; or restore a configuration file to

the device; or restore the Multi-Homing Security Gateway back to default factory settings.

Entering the Settings window

Click Setting in the Configure menu to enter the Settings window. The Setting will be shown on the screen.

- 15 -

Multi-Homing Security Gateway User’s Manual

Exporting Multi-Homing Security Gateway settings

Step 1. Under Backup/Restore Configuration, click on the Download button next to Export System

Settings to Client.

Step 2. When the File Download pop-up window appears, choose the destination place to save the

exported file. The Administrator may choose to rename the file if preferred.

- 16 -

Importing Multi-Homing Security Gateway settings

Multi-Homing Security Gateway User’s Manual

Under Backup/Restore Configuration, click on the Browse button next to Import System Settings from Client. When the Choose File pop-up window appears, select the file which contains the saved Multi-Homing Security Gateway Settings, then click OK. Click OK to import the file into the Multi-Homing Security Gateway or click Cancel to cancel importing.

Restoring Factory Default Settings

Step 1. Select Reset Factory Settings under Backup/Restore Configuration.

Step 2. Click OK at the bottom-right of the screen to restore the factory settings.

System Name Setting

Input the name you want into Device Name column to be the device name.

- 17 -

Multi-Homing Security Gateway User’s Manual

Email Setting

Step 1. Select Enable E-mail Alert Notification under E-Mail Setting. This function will enable the

Multi-Homing Security Gateway to send e-mail alerts to the System Administrator when the

network is being attacked by hackers or when emergency conditions occur.

Step 2. SMTP Server IP: Enter SMTP server’s IP address.

Step 3. E-Mail Address 1: Enter the first e-mail address to receive the alarm notification.

Step 4. E-Mail Address 2: Enter the second e-mail address to receive the alarm notification. (Optional)

Click OK on the bottom-right of the screen to enable E-mail alert notification.

Web Management (WAN Interface)

The administrator can change the port number used by HTTP port anytime. (Remote UI Management)

Step 1. Set Web Management (WAN Interface). The administrator can change the port number used

by HTTP port anytime.

MTU (set networking packet length)

The administrator can modify the networking packet length.

Step 1. MTU Setting. Modify the networking packet length.

Link Speed / Duplex Mode Setting

This function allows administrator to set the transmission speed and mode of WAN Port.

- 18 -

Multi-Homing Security Gateway User’s Manual

Dynamic Routing (RIPv2)

Enable Dynamic Routing (RIPv2), CS-1000 will advertise an IP address pool to the specific network so that

the address pool can be provided to the network. You can choose to enable LAN, WAN or DMZ interface to

allow RIP protocol supporting.

Routing information update timer: CS-1000 will send out the RIP protocol in a period of time to update the

routing table, the default timer is 30 seconds.

Routing information timeout: If CS-1000 does not receive the RIP protocol from the other router in a period

of time, it will cut off the routing automatically until it receives RIP protocol again. The default timer is 180

seconds.

To-Appliance Packet Logging

When the function is selected, the CS-1000 will record the packets that contain the IP address of CS-1000 in

source or destination, the records will display in Traffic Log for administrator to inquire about.

System Reboot

Once this function is enabled, the Multi-Homing Security Gateway will be rebooted. Reboot Appliance: Click Reboot. A confirmation pop-up box will appear. Follow the confirmation pop-up box, click OK to restart Multi-Homing Security Gateway or click Cancel to discard changes.

- 19 -

Multi-Homing Security Gateway User’s Manual

3.1.5 Date/Time

Synchronizing the Multi-Homing Security Gateway with the System Clock

Administrator can configure the Multi-Homing Security Gateway’s date and time by either syncing to an

Internet Network Time Server (NTP) or by syncing to your computer’s clock.

Follow these steps to sync to an Internet Ti me Server Step 1. Enable synchronization by checking the box. Step 2. Click the down arrow to select the offset time from GMT. Step 3. Enter the Server IP Address or Server name with which you want to synchronize. Step 4. Update system clock every □ minutes You can set the interval time to synchronize with

outside servers. If you set it to 0, it means the device will not synchronize automatically.

Follow this step to sync to your computer’s clock. Step 1. Click on the Sync button.

Click OK to apply the setting or click Cancel to discard changes.

- 20 -

Multi-Homing Security Gateway User’s Manual

ÍÍ

3.1.6 Multiple Subnet

NA T mode

Multiple Subnet allows local port to set multiple subnet works and connect with the Internet through WAN IP

Addresses.

For instance, the lease line of a company applies several real IP Addresses 168.85.88.0/24, and the company

is divided into R&D department, service, sales department, procurement department, accounting department,

the company can distinguish each department by different subnet works for the purpose of convenient

management. The settings are as the following:

1. R&D department sub-network: 192.168.1.11/24 (LAN) ÅÆ 168.85.88.253 (WAN)

2. Service department sub-network: 192.168.2.11/24 (LAN) ÅÆ 168.85.88.252 (WAN)

3. Sales department sub-network: 192.168.3.11/24 (LAN) ÅÆ 168.85.88.251 (WAN)

4. Procurement department sub-network: 192.168.4.11/24 (LAN) ÅÆ 168.85.88.250(WAN)

5. Accounting department sub-network: 192.168.5.11/24 (LAN) ÅÆ 168.85.88.249 (WAN)

The first department (R&D department) was set while setting interface IP, the other four ones have to be

added in Multiple Subnet, after completing the settings, each department use the different WAN IP address to

connect to the internet. The settings of LAN computers on Service department are as the following:

Service IP Address: 192.168.2.1

Subnet Mask: 255.255.255.0

Default Gateway: 192.168.2.11

The other departments are also set by groups, this is the function of Multiple Subnet.

Multiple Subnet settings

Click System on the left side menu bar, select Configure then click Multiple Subnet to enter Multiple Subnet

window.

- 21 -

Multi-Homing Security Gateway User’s Manual

ÍÍ

Multiple Subnet functions

WAN Interface IP / Forwarding Mode: Display WAN Port IP address and Forwarding Mode. Interface: Indicate the multiple subnet location in LAN or DMZ site. Alias IP of Interface / Netmask: Local port IP address and subnet Mask. Configure: Modify the settings of Multiple Subnet. Click Modify to modify the parameters of Multiple Subnet

or click Delete to delete settings.

Add a Multiple Subnet NAT Mode. Step 1: Click the New Entry button below to add Multiple Subnet. Step 2: Enter the IP address in the website name column of the new window.

Alias IP of Interface: Enter Local port IP address.

Netmask: Enter Local port subnet Mask.

WAN Interface IP: Add WAN IP.

Forwarding Mode: Click the NAT button below to setup.

Step 3: Click OK to add Multiple Subnet or click Cancel to discard changes.

Modify a Multiple Subnet Step 1: Find the IP address you want to modify and click Modify. Step 2: Enter the new IP address in Modify Multiple Subnet window. Step 3: Click the OK button below to change the setting or click Cancel to discard changes.

- 22 -

Multi-Homing Security Gateway User’s Manual

Removing a Multiple Subnet Step 1: Find the IP address you want to delete and click Delete. Step 2: A confirmation pop-up box will appear, click OK to delete the setting or click Cancel to discard

changes.

Routing Mode

Multiple Subnet allows local port to set Multiple Subnet Routing Mode and connect with the Internet through

WAN IP address.

For example, the leased line of a company applies several real IP Addresses 168.85.88.0/24 and the

company is divided into R&D, Customer Service, Sales, Procurement, and Accounting Department. The

company can distinguish each department by different sub-network for the purpose of convenient

management.

The settings are as the following:

R&D: Alias IP of LAN interface - 168.85.88.1, Netmask: 255.255.255.192

Sales: Alias IP of LAN interface - 168.85.88.65, Netmask: 255.255.255.192

Procurement: Alias IP of LAN interface - 168.85.88.129, Netmask: 255.255.255.192

Accounting: Alias IP of LAN interface - 168.85.88.193, Netmask: 255.255.255.192

- 23 -

Multi-Homing Security Gateway User’s Manual

Click System on the left side menu bar, then click Multiple Subnet below Configure menu. Enter Multiple

Subnet window.

Multiple Subnet functions WAN Interface IP / Forwarding Mode: Display WAN Port IP address and Forwarding Mode which is NAT

Mode or Routing Mode.

Interface: Indicate the multiple subnet location in LAN or DMZ site. Alias IP of Interface / Netmask: Local port IP address and subnet Mask. Configure: Modify the settings of Multiple Subnet. Click Modify to modify the parameters of Multiple Subnet

or click Delete to delete settings.

Adding a Multiple Subnet Routing Mode Step 1: Click the Add button below to add Multiple Subnet. Step 2: Enter the IP address in Add Multiple Subnet window.

Alias IP of Interface: Enter Local port IP Address. Netmask: Enter Local port subnet Mask. WAN Interface IP: Add WAN IP Forwarding Mode: Click the Routing button below to setup.

Step 3: Click OK to add Multiple Subnet or click Cancel to discard changes.

Step 4: Adding a new WAN to LAN Policy. In the Incoming window, click the New Entry button.

- 24 -

Multi-Homing Security Gateway User’s Manual

Modify a Multiple Subnet Routing Mode Step 1: Find the IP address you want to modify in Multiple Subnet menu, then click Modify button, on the right

side of the service providers, click OK.

Step 2: Enter the new IP address in Modify Multiple Subnet window. Step 3: Click the OK button below to change the setting or click Cancel to discard changes.

Removing a Multiple Subnet Routing Mode Step 1: Find the IP Address you want to delete in Multiple Subnet menu, then click Delete button, on the right

side of the service providers, click OK.

Step 2: A confirmation pop-up box will appear, click OK to delete the setting or click Cancel to discard

changes.

- 25 -

Multi-Homing Security Gateway User’s Manual

3.1.7 Route Table

In this section, the Administrator can add static routes for the networks.

Entering the Route Table screen

Step 1. Click System on the left hand side menu bar, then click Route Table below the Configure

menu. The Route Table window appears, in which current route settings are shown.

ÍÍ

Route Table functions

 Interface: Destination network, LAN or WAN networks.  Destination IP / Netmask: IP address and subnet mask of destination network.  Gateway: Gateway IP address for connecting to destination network.  Configure: Change settings in the route table.

Adding a new Static Route

Step 1. In the Route Table window, click the New Entry button.

Step 2. In the Add New Static Route window, enter new static route information.

Step 3. In the Interface field’s pull-down menu, choose the network to connect (LAN, WAN, DMZ).

Step 4. Click OK to add the new static route or click Cancel to cancel.

Modifying a Static Route:

Step 1. In the Route Table menu, find the route to edit and click the corresponding Modify option in the

- 26 -

Multi-Homing Security Gateway User’s Manual

Configure field.

Step 2. In the Modify Static Route window, modify the necessary routing addresses. Step 3. Click OK to apply changes or click Cancel to cancel it.

Removing a Static Route

Step 1. In the Route Table window, find the route to remove and click the corresponding Remove option

in the Configure field.

Step 2. In the Remove confirmation pop-up box, click OK to confirm removing or click Cancel to cancel

it.

3.1.8 DHCP

In the section, the Administrator can configure DHCP (Dynamic Host Configuration Protocol) settings for the

LAN network.

Entering the DHCP window

Click System on the left hand side menu bar, then to click DHCP below the Configure menu. The DHCP window appears in which current DHCP settings are shown on the screen.

- 27 -

ÍÍ

Multi-Homing Security Gateway User’s Manual

Dynamic IP Address functions

 Subnet: LAN network’s subnet  Netmask: LAN network’s netmask  Gateway: LAN network’s gateway IP address  Broadcast: LAN network’s broadcast IP address

Enabling DHCP Support

Step 1. In the Dynamic IP Address window, click Enable DHCP Support.

Domain Name: The Administrator may enter the name of the LAN network domain if preferred. Automatically Get DNS: Check this box to automatically detect DNS server. DNS Server 1: Enter the distributed IP address of DNS Server 1. DNS Server 2: Enter the distributed IP address of DNS Server 2. WINS Server 1: Enter the distributed IP address of WINS Server 1. WINS Server 2: Enter the distributed IP address of WINS Server 2. LAN interface:

Client IP Address Range 1: Enter the starting and the ending IP address dynamically

assigning to DHCP clients.

Client IP Address Range 2: Enter the starting and the ending IP address dynamically

assigning to DHCP clients. (Optional)

DMZ interface:

- 28 -

Multi-Homing Security Gateway User’s Manual

Client IP Address Range 1: Enter the starting and the ending IP address dynamically

assigning to DHCP clients.

Client IP Address Range 2: Enter the starting and the ending IP address dynamically assigning to DHCP clients. (Optional)

Leased Time: Enter the leased time for DHCP.

Step 2. Click OK to enable DHCP support.

3.1.9 Dynamic DNS

The Dynamic DNS (require Dynamic DNS Service) allows you to alias a dynamic IP address to a static

hostname, allowing your device to be more easily accessed by specific name. When this function is enabled,

the IP address in Dynamic DNS Server will be automatically updated with the new IP address provided by

ISP.

ÍÍ

Click Dynamic DNS in the System menu to enter Dynamic DNS window.

The icons in Dynamic DNS window:

!: Update Status, Domain name: Enter the password provided by ISP.

WAN IP Address: IP address of the WAN port. Configure: Modify dynamic DNS settings. Click Modify to change the DNS parameters; click Delete to delete

the settings.

How to use dynamic DNS:

The Multi-Homing Security Gateway provides many service providers, users have to register prior to use this

function. For the usage regulations, see the providers’ websites.

How to register:

Firstly, Click Dynamic DNS in the System menu to enter Dynamic DNS window, then click Add button on the

Connecting; Update succeed; Update fail; Unidentified error.

right side of the service providers, click Sign up, the service providers’ website will appear, please refer to the

website for the way of registration.

- 29 -

Multi-Homing Security Gateway User’s Manual

Click to link to the website selected on the left.

Add Dynamic DNS settings

Step 1. Click Add button. Step 2. Click the information in the column of the new window.

Service providers: Select service providers. Sign up: to the service providers’ website. WAN IP Address: IP Address of the WAN port.  Automatically : Check to automatically fill in the WAN IP.。 User Name: Enter the registered user name. Password: Enter the password provided by ISP (Internet Service Provider). Domain name: Your host domain name provided by ISP.

Click OK to add dynamic DNS or click Cancel to discard changes.

Modify dynamic DNS

Step 1. Find the item you want to change and click Modify. Step 2. Enter the new information in the Modify Dynamic DNS window.

Click OK to change the settings or click Cancel to discard changes.

- 30 -

Multi-Homing Security Gateway User’s Manual

Remove Dynamic DNS

Step 1. Find the item you want to change and click Remove. Step 2. A confirmation pop-up box will appear, click OK to delete the settings or click Cancel to discard

changes.

3.1.10 Host Table

The Multi-Homing Security Gateway’s Administrator may use the Host Table function to make the