PLANET CS-1000 User Manual

Multi-Homing Security Gateway User’s Manual
Multi-Homing Security
Gateway
CS-1000
User’s Manual
Multi-Homing Security Gateway User’s Manual
Copyright
Copyright (C) 2006 PLANET Technology Corp. All rights reserved. The products and programs described in this User’s Manual are licensed products of PLANET Technology, This User’s Manual contains proprietary information protected by copyright, and this User’s Manual and all accompanying hardware, software, and documentation are copyrighted. No part of this User’s Manual may be copied, photocopied, reproduced, translated, or reduced to any electronic medium or machine-readable form by any means by electronic or mechanical. Including photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal use, and without the prior express written permission of PLANET Technology.
Disclaimer
PLANET Technology does not warrant that the hardware will work properly in all environments and applications, and makes no warranty and representation, either implied or expressed, with respect to the quality, performance, merchantability, or fitness for a particular purpose. PLANET has made every effort to ensure that this User’s Manual is accurate; PLANET disclaims liability for any inaccuracies or omissions that may have occurred. Information in this User’s Manual is subject to change without notice and does not represent a commitment on the part of PLANET. PLANET assumes no responsibility for any inaccuracies that may be contained in this User’s Manual. PLANET makes no commitment to update or keep current the information in this User’s Manual, and reserves the right to make improvements to this User’s Manual and/or to the products described in this User’s Manual, at any time without notice. If you find information in this manual that is incorrect, misleading, or incomplete, we would appreciate your comments and suggestions.
CE mark Warning
This is a class B device, in a domestic environment, this product may cause radio interference, in which case the user may be required to take adequate measures.
Trademarks
The PLANET logo is a trademark of PLANET Technology. This documentation may refer to numerous hardware and software products by their trade names. In most, if not all cases, these designations are claimed as trademarks or registered trademarks by their respective companies.
To avoid the potential effects on the environment and human health as a result of the presence of hazardous substances in electrical and electronic equipment, end users of electrical and electronic equipment should understand the meaning of the crossed-out wheeled bin symbol. Do not dispose of WEEE as unsorted municipal waste and have to collect such WEEE separately.
Customer Service
For information on customer service and support for the Multi-Homing Security Gateway, please refer to the following Website URL:
http://
www.planet.com.tw
Before contacting customer service, please take a moment to gather the following information:
Multi-Homing Security Gateway serial number and MAC address Any error messages that displayed when the problem occurred Any software running when the problem occurred Steps you took to resolve the problem on your own
Revision
User’s Manual for PLANET Multi-Homing Security Gateway
Model: CS-1000
Rev: 1.0 (April, 2006)
Multi-Homing Security Gateway User’s Manual
Part No. EM-CS1000v1
Multi-Homing Security Gateway User’s Manual
Table of Contents
CHAPTER 1: INTRODUCTION ........................................................................................................................ 1
1.1 FEATURES...........................................................................................................................................................1
1.2 PACKAGE CONTENTS ..........................................................................................................................................2
1.3 MULTI-HOMING SECURITY GATEW AY FRONT VIEW ...........................................................................................3
1.4 MULTI-HOMING SECURITY GATEW AY REAR PANEL ...........................................................................................3
1.5 SPECIFICATION....................................................................................................................................................3
CHAPTER 2: GETTING STARTED .................................................................................................................. 5
2.1 WEB CONFIGURATION ........................................................................................................................................5
2.2 CONFIGURE WAN1 INTERFACE..........................................................................................................................6
2.3 CONFIGURE WAN2 INTERFACE..........................................................................................................................7
2.4 CONFIGURE DMZ INTERFACE ............................................................................................................................7
2.5 CONFIGURE POLICY............................................................................................................................................8
CHAPTER 3: WEB CONFIGURATION .......................................................................................................... 10
3.1 SYSTEM.............................................................................................................................................................10
3.1.1 Admin....................................................................................................................................................... 11
3.1.2 Permitted IPs..........................................................................................................................................13
3.1.3 Software Update....................................................................................................................................15
3.1.4 Setting .....................................................................................................................................................15
3.1.5 Date/Time................................................................................................................................................20
3.1.6 Multiple Subnet ......................................................................................................................................21
3.1.7 Route Table.............................................................................................................................................26
3.1.8 DHCP.......................................................................................................................................................27
3.1.9 Dynamic DNS.........................................................................................................................................29
3.1.10 Host Table.............................................................................................................................................31
3.1.11 Language ..............................................................................................................................................33
3.1.12 Logout ...................................................................................................................................................34
3.2 INTERFACE ........................................................................................................................................................34
3.2.1 LAN..........................................................................................................................................................34
3.2.2 WAN.........................................................................................................................................................35
3.2.3 DMZ.........................................................................................................................................................39
3.3 POLICY OBJECT ................................................................................................................................................40
3.3.1 Address...................................................................................................................................................40
3.3.1.1 LAN.................................................................................................................................................40
3.3.1.2 LAN Group.....................................................................................................................................42
Multi-Homing Security Gateway User’s Manual
3.3.1.3 WAN............................................................................................................................................... 45
3.3.1.4 WAN Group...................................................................................................................................47
3.3.1.5 DMZ................................................................................................................................................50
3.3.1.6 DMZ Group.................................................................................................................................... 52
3.3.2 Service.....................................................................................................................................................54
3.3.2.1 Pre-defined....................................................................................................................................55
3.3.2.2 Custom...........................................................................................................................................56
3.3.2.3 Group..............................................................................................................................................58
3.3.3 Schedule.................................................................................................................................................60
3.3.4 QoS..........................................................................................................................................................62
3.3.5 Authentication......................................................................................................................................... 66
3.3.5.1 Auth Setting...................................................................................................................................66
3.3.5.2 Auth User.......................................................................................................................................67
3.3.5.3 Auth Group ....................................................................................................................................70
3.3.5.4 Radius Serve.................................................................................................................................73
3.3.5.5 POP3..............................................................................................................................................74
3.3.6 Content Blocking.................................................................................................................................... 75
3.3.6.1 URL Blocking.................................................................................................................................75
3.3.6.2 Scripts ............................................................................................................................................77
3.3.6.3 P2P.................................................................................................................................................78
3.3.6.4 IM....................................................................................................................................................79
3.3.6.5 Download.......................................................................................................................................79
3.3.6.6 Upload............................................................................................................................................80
3.3.7 Virtual Server.......................................................................................................................................... 81
3.3.7.1 Mapped IP.....................................................................................................................................82
3.3.7.2 Virtual Server.................................................................................................................................84
3.3.8 VPN..........................................................................................................................................................89
3.3.8.1 IPSec Autokey...............................................................................................................................89
3.3.8.2 PPTP Server..................................................................................................................................92
3.3.8.3 PPTP Client...................................................................................................................................95
3.3.8.4 T runk...............................................................................................................................................97
3.4 POLICY ............................................................................................................................................................158
3.4.1 Outgoing................................................................................................................................................158
3.4.2 Incoming................................................................................................................................................162
3.4.3 WAN To DMZ & LAN To DMZ............................................................................................................166
3.4.4 DMZ To WAN & DMZ To LAN............................................................................................................169
3.5 MAIL SECURITY...............................................................................................................................................173
3.5.1 Configure...............................................................................................................................................174
3.5.2 Anti-Spam .............................................................................................................................................177
Multi-Homing Security Gateway User’s Manual
3.5.2.1 Setting..........................................................................................................................................178
3.5.2.2 Rule..............................................................................................................................................179
3.5.2.3 Whitelist........................................................................................................................................182
3.5.2.4 Blacklist........................................................................................................................................184
3.5.2.5 T raining.........................................................................................................................................187
3.5.2.6 Spam Mail....................................................................................................................................193
3.5.3 Anti-Virus............................................................................................................................................... 193
3.5.3.1 Setting..........................................................................................................................................193
3.5.3.2 Virus Mail.....................................................................................................................................194
3.6 IDP..................................................................................................................................................................195
3.6.1 Setting ...................................................................................................................................................195
3.6.2 Signature...............................................................................................................................................196
3.6.3 IDP Report............................................................................................................................................199
3.7 ANOMALY FLOW IP .........................................................................................................................................200
3.8 MONITOR.........................................................................................................................................................201
3.8.1 Log.........................................................................................................................................................201
3.8.1.1 T raf fic............................................................................................................................................ 201
3.8.1.2 Event ............................................................................................................................................203
3.8.1.3 Connection ..................................................................................................................................205
3.8.1.4 Log Backup..................................................................................................................................206
3.8.2 Accounting Report...............................................................................................................................208
3.8.2.1 Setting..........................................................................................................................................208
3.8.2.2 Outbound.....................................................................................................................................209
3.8.2.3 Inbound........................................................................................................................................212
3.8.3 Statistic..................................................................................................................................................214
3.8.3.1 WAN Statistics.............................................................................................................................215
3.8.3.2 Policy Statistics...........................................................................................................................216
3.8.4 Status.....................................................................................................................................................217
3.8.4.1 Interface Status.................................................................................................................................217
3.8.4.2 Authentication..............................................................................................................................218
3.8.4.3 ARP Table....................................................................................................................................219
3.8.4.4 DHCP Clients..............................................................................................................................219
Multi-Homing Security Gateway User’s Manual

Chapter 1: Introduction

Thank you for purchasing new model of Planet’s Security Gateway CS-1000, a special designed of security
gateway, adopts Heuristics Analysis to filter spam and virus mail, auto-training system can raise identify rate
of spam, and built-in Clam virus scan engine can detect viruses, worms and other threats from email transfer.
CS-1000 does not just provide the same feature as the previous generation product CS-500, such as Content
Blocking to block specific URL, Scripts, IM/P2P program, IPSec and PPTP VPN server, QoS, Authentication
etc. Built-in two WAN interfaces allow CS-1000 to support outbound load balance and wan fail-over feature.
Furthermore, the VPN Trunk provides VPN fail-over and load balance features, that can offer a VPN
redundant mechanism to keep your VPN connection being on line.
CS-1000 not only can filter spam and virus mail, but also is a high performance VPN firewall. Moreover,
built-in IDP and firewall function can defense hacker and blaster attack from Internet or Intranet. The
completely function in one device can provide you an excellent security solution and the secure environment
than ever.

1.1 Features

Anti-Spam Filtering: Multiple defense layers (Head Analysis, Text Analysis, Blacklist & Whitelist,
Bayesian Filtering, Spam Fingerprint, Checking sender account and IP address), and Heuristics Analysis
to block over 95% spam mail. Customizable notification options and spam mail report are provided for
administrator. Varied actions toward spam mail include: Delete, Deliver, and Forward. Built-in
auto-training system to rise identify rate of spam mail substantially.
Anti-Virus Protection: Built-in Clam virus scan engine can detect viruses, worms, and other threats
from email transfer. Scan mission-critical content protocols-SMTP, POP3 in real time as traffic enters the
network to provide maximum protection. Customizable notification options and virus mail report are
provided for administrator. Varied actions toward spam mail include: Delete, Deliver, and Forward.
VPN Connectivity: The security gateway support PPTP server/client and IPSec VPN. With DES, 3DES
and AES encryption and SHA-1 / MD5 authentication, the network traffic over public Internet is secured.
VPN Trunk: VPN trunk function provides VPN load balance and VPN fail-over feature to keep the VPN
connection more reliable.
Content Filtering: The security gateway can block network connection based on URLs, Scripts (The
Pop-up, Java Applet, cookies and Active X), P2P (eDonkey, Bit Torrent and WinMX), Instant Messaging (MSN, Yahoo Messenger, ICQ, QQ and Skype) and Download. If there are new updated
version of P2P or IM software in client side, CS-1000 will detect the difference and update the Content
Filtering pattern to renew the filtering mechanism.
- 1 -
Multi-Homing Security Gateway User’s Manual
IDP: CS-1000 provides three kinds of the Signature to complete the intrusion detection system, user can
select to configure “Anomaly”, “Pre-defined” and “Custom” according to the current environment’s request.
Anti-Virus for HTTP, FTP, P2P, IM, NetBIOS: The CS-1000 not only can provide Anti-virus feature for
mail, it also can filter the virus from varied protocol. The virus pattern can be updated automatically or
manually.
Policy-based Firewall: The built-in policy-based firewall prevent many known hacker attack including
SYN attack, ICMP flood, UDP flood, Ping of Death, etc. The access control function allowed only
specified WAN or LAN users to use only allowed network services on specified time.
QoS: You can control the outbound and inbound Upstream/Downstream Bandwidth by configuring the
QoS based on the WAN bandwidth.
Authentication: Web-based authentication allows users to be authenticated by web browser. User
database can be configured on the devices or through external RADIUS server.
WAN Backup: The CS-1000 can monitor each WAN link status and automatically activate backup links
when a failure is detected. The detection is based on the configurable target Internet addresses.
Outbound Load Balancing: The network sessions are assigned based on the user configurable load
balancing mode, including “Auto”, “Round-Robin”, “By Traffic”, “By Session” and “By Packet”. User can
also configure which IP or TCP/UDP type of traffic use which WAN port to connect.
Multiple NAT: Multiple NAT allows local port to set multiple subnet works and connect to the Internet
through different WAN IP addresses.

1.2 Package Contents

The following items should be included:
CS-1000
CS-1000 x 1
Power Adapter x 1
Quick Installation Guide x 1
User’s Manual CD x 1
Console cable x 1
RJ-45 cable
Rack-mount ear
If any of the contents are missing or damaged, please contact your dealer or distributor immediately.
- 2 -

1.3 Multi-Homing Security Gateway Front View

CS-1000 Front Panel
LED Description
PWR Power is supplied to this device.
STATUS Blinks to indicate this devise is being turned on and
booting. After one minute, this LED indicator will stop
blinking, it means this device is now ready to use.
Multi-Homing Security Gateway User’s Manual
WAN1,
WAN2, LAN,
DMZ
Green Steady on indicates the port is connected
to other network device.
Blink to indicates there is traffic on the port
Orange Steady on indicates the port is connected
at 100Mbps speed

1.4 Multi-Homing Security Gateway Rear Panel

CS-1000 Rear Panel

1.5 Specification

Product Multi-Homing Security Gateway Model CS-1000 Hardware Ethernet
Power 100~250 VAC, 50~60 Hz, 0.6A Operating Environment Temperature: 0~60°C
Dimension W x D x H, mm 237 x 440 x 43 Regulatory FCC, CE Mark Software Management Web
LAN 1 x 10/100 Based-TX RJ-45 WAN 2 x 10/100 Based-TX RJ-45 DMZ 1 x 10/100 Based-TX RJ-45
Relative Humidity: 5%~95%
- 3 -
Multi-Homing Security Gateway User’s Manual
Network Connection Transparent mode (WAN to DMZ), NAT, Multi-NAT Routing Mode Static Route, RIPv2 Concurrent Sessions 110,000 New session / second 10,000 Email Capacity per Day 120,000 Firewall Throughout 100Mbps 3DES Throughput 17Mbps Firewall Policy-based firewall rule with schedule, NAT/NAPT, SPI firewall VPN Tunnels 100/200 VPN Function PPTP server and client, IPSec
DES, 3DES and AES encrypting SHA-1 / MD5 authentication algorithm Remote access VPN (Client-to-Site) and Site to Site VPN VPN Trunk
Content Filtering URL Blocking
Blocks Popup, Java Applet, cookies and Active X P2P Application Blocking Instant Message Blocking Download Blocking
IDP Anti-Virus for HTTP, FTP, P2P, IM, NetBIOS
Automatic or manual update virus and signature database Anomaly: Syn Flood, UDP Flood, ICMP Flood and more. Pre-defined : Backdoor, DDoS, DoS, Exploit, NetBIOS and Spyware.
Custom: User defined based on TCP, UDP, ICMP or IP protocol. Scanning Mail Settings The allowed size of scanned mail: 10 ~ 512Kbytes Anti-Virus Email attachment virus scanning by SMTP, POP3
Inbound scanning for internal and external Mail Server
Action of infected mail: Delete, Deliver to the recipient, forward to an account
Automatic or manual update virus database Anti-Spam Inbound scanning for external and internal Mail Server
Support Spam Fingerprint, Bayesian filtering, checking sender account and IP
to filter the spam mail
Black list and white list support auto training system
Action of spam mail : Delete, Deliver to the recipient, forward to an account QoS Policy-based bandwidth management
Guarantee and maximum bandwidth with 3 priority levels
Classify traffics based on IP, IP subnet, TCP/UDP port User Authentication Built-in user database with up to 200 entries
Support local database, RADIUS and POP3 authentication Logs Log and alarm for event and traffic
Log can be saved from web, sent by e-mail or sent to syslog server Accounting Report Record inbound and outbound traffic’s utilization by Source IP, Destination IP
and Service Statistics Traffic statistics for WAN interface and policies
Graphic display Others Dynamic DNS, NTP, DHCP server, Virtual server,
- 4 -
Multi-Homing Security Gateway User’s Manual

Chapter 2: Getting Started

2.1 Web Configuration

STEP 1:
Connect both the Administrator’s PC and the LAN port of the Multi-Homing Security Gateway to a hub or
switch. Make sure there is a link light on the hub/switch for both connections. The Multi-Homing Security
Gateway has an embedded web server used for management and configuration. Use a web browser to
display the configurations of the Multi-Homing Security Gateway (such as Internet Explorer 4(or above) or
Netscape 4.0(or above) with full java script support). The default IP address of the Multi-Homing Security
Gateway is 192.168.1.1 with a subnet mask of 255.255.255.0. Therefore, the IP address of the Administrator
PC must be in the range between 192.168.1.2– 192.168.1.254
If the company’s LAN IP Address is not subnet of 192.168.1.0, (i.e. LAN IP Address is 172.16.0.1), then the
Administrator must change his/her PC IP address to be within the same range of the LAN subnet (i.e.
172.16.0.2). Reboot the PC if necessary.
By default, the Multi-Homing Security Gateway is shipped with its DHCP Server function enabled. This means
the client computers on the LAN network including the Administrator PC can set their TCP/IP settings to
automatically obtain an IP address from the Multi-Homing Security Gateway.
STEP 2:
Once the Administrator PC has an IP address as the same network as the Multi-Homing Security Gateway,
open up an Internet web browser and type in
A pop-up screen will appear and prompt for a username and password. A username and password is required
to connect to the Multi-Homing Security Gateway. Enter the default login username and password of
Administrator (see below).
Username: admin Password: admin
Click OK.
http://192.168.1.1 in the address bar.
- 5 -
Multi-Homing Security Gateway User’s Manual

2.2 Configure WAN1 interface

After entering the username and password, the Multi-Homing Security Gateway WEB UI screen will display.
Select the Interface tab on the left menu then click on WAN below it.
Click on Modify button of WAN NO.1. The following page is shown.
Alive Indicator Site IP: This feature is used to ping an address for detecting WAN connection status. Service: ICMP You can select an IP address by Assist, or type an IP address manually. Service: DNS You can select a DNS IP and Domain name by Assist, or type the related data manually.
PPPoE (ADSL User): This option is for PPPoE users who are required to enter a username and password in
order to connect.
Username: Enter the PPPoE username provided by the ISP. Password: Enter the PPPoE password provided by the ISP. IP Address provided by ISP:
Dynamic: Select this if the IP address is automatically assigned by the ISP. Fixed: Select this if you were given a static IP address. Enter the IP address that is given to you by
your ISP.
Max. Upstream/Downstream Bandwidth: The bandwidth provided by ISP. Service-On-Demand:
The PPPoE connection will automatically disconnect after a length of idle time (no activities). Enter in
the amount of idle minutes before disconnection. Enter ‘0’ if you do not want the PPPoE connection to
disconnect at all.
- 6 -
Multi-Homing Security Gateway User’s Manual
For Dynamic IP Address (Cable Modem User): This option is for users who are automatically assigned an
IP address by their ISP, such as cable modem users. The following fields apply:
MAC Address: This is the MAC Address of the device. Some ISPs require specified MAC address. If the required MAC address is your PC’s, click Clone MAC Address. Hostname: This will be the name assign to the device. Some cable modem ISP assign a specific
hostname in order to connect to their network. Please enter the hostname here. If not required by your
ISP, you do not have to enter a hostname.
Domain Name: You can specify your own domain name or leave it blank. User Name: The user name is provided by ISP. Password: The password is provided by ISP. Max. Upstream/Downstream Bandwidth: The bandwidth provided by ISP.
For Static IP Address: This option is for users who are assigned a static IP Address from their ISP. Your ISP
will provide all the information needed for this section such as IP Address, Netmask, Gateway, and DNS. Use
this option also if you have more than one public IP Address assigned to you.
IP Address: Enter the static IP address assigned to you by your ISP. This will be the public IP address of
the WAN port of the device.
Netmask: This will be the Netmask of the WAN network. (i.e. 255.255.255.0) Default Gateway: This will be the Gateway IP address. Domain Name Server (DNS): This is the IP Address of the DNS server. Max. Upstream/Downstream Bandwidth: The bandwidth provided by ISP.
Ping: Select this to allow the WAN network to ping the IP Address of the Multi-Homing Security Gateway. This
will allow people from the Internet to be able to ping the Multi-Homing Security Gateway. If set to enable, the
device will respond to echo request packets from the WAN network.
HTTP: Select this will allow the WebUI to be configured from a user on the Internet. Keep in mind that the
device always requires a username and password to enter the WebUI.

2.3 Configure WAN2 interface

If you want to connect WAN 2 to another ISP connection, click Modify button of WAN No. 2 then repeat above
procedures to setup.

2.4 Configure DMZ interface

Depends on your network requirement, you can disable the DMZ port, make DMZ port transparent to WAN or
enable NAT function on it.
To configure the DMZ port, select the Interface tab on the left menu, then click on DMZ, the following page is
shown.
- 7 -
Multi-Homing Security Gateway User’s Manual

2.5 Configure Policy

STEP 1:
Click on the Policy tab from the main function menu, and then click on Outgoing (LAN to WAN) from the
sub-function list.
STEP 2:
Click on New Entry button.
STEP 3:
When the New Entry option appears, enter the following configuration:
Source Address – select “Inside_Any” Destination Address – select “Outside_Any” Service - select “ANY” Action - select “Permit, ALL”
Click on OK to apply the changes.
- 8 -
Multi-Homing Security Gateway User’s Manual
STEP 4:
The configuration is successful when the screen below is displayed.
Please make sure that all the computers connected to LAN port must set their Default Gateway IP Address to
the Multi-Homing Security Gateway’s LAN IP Address (i.e. 192.168.1.1). At this point, all the computers on the
LAN network should gain access to the Internet immediately. If a Multi-Homing Security Gateway filter
function is required, please refer to the Policy section in chapter 3.
- 9 -
Multi-Homing Security Gateway User’s Manual

Chapter 3: Web Configuration

3.1 System

The Multi-Homing Security Gateway Administration and monitoring configuration is set by the System
Administrator. The System Administrator can add or modify System settings and monitoring mode. The sub
Administrators can only read System settings but not modify them. In System, the System Administrator can:
1. Add and change the sub Administrator’s names and passwords;
2. Back up all Multi-Homing Security Gateway settings into local files;
“System” is the managing of settings such as the privileges of packets that pass through the Multi-Homing
Security Gateway and monitoring controls. Administrators may manage, monitor, and configure Multi-Homing
Security Gateway settings. All configurations are “read-only” for all users other than the Administrator; those
users are not able to change any settings for the Multi-Homing Security Gateway.
System setting can divide into two parts: Administration, Configure and Logout.
Administration:
Admin: controls user access right to the Multi-Homing Security Gateway. User can add/remove users and
change passwords.
Permitted IPs: Enables the Administrator to authorize specific internal/external IP address(es) for gateway
managing.
Software Update: The administrator can update the device’s software with the latest version downloaded
from Planet’s website, in order to optimize the performance and keep up with the latest fixes for intruding
attacks.
Configure:
Setting: The Administrator may use this function to backup Multi-Homing Security Gateway configurations
and export (save) them to a computer; or restore a configuration file to the device; or reset the Multi-Homing
Security Gateway back to default factory settings. Under Setting, the Administrator may enable e-mail alert
notification. This will alert Administrator(s) automatically whenever the Multi-Homing Security Gateway has
experienced unauthorized access or a network hit (hacking or flooding). Once enabled, an IP address of a
SMTP (Simple Mail Transfer protocol) Server is required. Up to two e-mail addresses can be entered for the
alert notifications.
Date/Time: This function enables the Multi-Homing Security Gateway to be synchronized based on an
Internet Time Server or with the client computer’s clock.
Multiple Subnet: This function allows local port to be set with multiple IP subnet, and allow all clients
connecting to the internet via WAN IP Address.
Route Table: Use this function to configure static route for the networks when the dynamic route is not efficient enough.
- 10 -
Multi-Homing Security Gateway User’s Manual
DHCP: Administrator can configure DHCP (Dynamic Host Configuration Protocol) settings for the LAN (LAN)
network.
Dynamic DNS: The Dynamic DNS (require Dynamic DNS Service) allows you to alias a dynamic IP address
to a static hostname, allowing your device to be more easily accessed by specific name. When this function is
enabled, the IP address in Dynamic DNS Server will be automatically updated with the new IP address
provided by ISP. Host Table: The Multi-Homing Security Gateway Administrator may use the Host Table function to make the
Multi-Homing Security Gateway act as a DNS Server for the LAN and DMZ network. All DNS requests to a
specific Domain Name will be routed to the Multi-Homing Security Gateway’s IP address. For example, let’s
say an organization has their mail server (i.e., mail.planet.com.tw) in the DMZ network (i.e. 192.168.10.10).
The outside Internet world may access the mail server of the organization easily by its domain name,
providing that the Administrator has set up Virtual Server or Mapped IP settings correctly. However, for the
users in the LAN network, their WAN DNS server will assign them a public IP address for the mail server. So
for the LAN network to access the mail server (mail.planet.com.tw), they would have to go out to the Internet,
then to come back through the Multi-Homing Security Gateway to access the mail server. Essentially, the LAN
network is accessing the mail server by a real public IP address, while the mail server serves their request by
a NAT address and not a real one. This odd situation occurs when there are servers in the DMZ network and
they are bound to real IP addresses. To avoid this, set up Host Table so all the LAN network computers will
use the Multi-Homing Security Gateway as a DNS server, which acts as the DNS Proxy.
Language: Both Chinese and English are supported in the Multi-Homing Security Gateway.
Logout:
Logout: Administrator logs out the Multi-Homing Security Gateway. This function protects your system while
you are away.

3.1.1 Admin

On the left hand menu, click on Administration, and then select Admin below it. The current list of
Administrator(s) shows up.
ÍÍ
- 11 -
Multi-Homing Security Gateway User’s Manual
Settings of the Administration table Admin Name: The username of Administrators for the Multi-Homing Security Gateway. The user admin
cannot be removed.
Privilege: The privileges of Administrators (Admin or Sub Admin) The username of the main Administrator is Admin with read / wri te privilege.
Sub Admin may be created by clicking
New Sub Admin
. Sub Admin have read only privilege.
Configure: Click Modify to change the “Sub Admin” password and click Remove to delete a “Sub Admin”.
Changing the Main/Sub-Admin’s Password
Step 1. The Modify Admin Password window will appear. Enter in the required information:
Password: enter original password. New Password: enter new password Confirm Password: enter the new password again.
Step 2. Click OK to confirm password change or click Cancel to cancel it.
Adding a new Sub Admin
Step 1. In the Add New Sub Admin window:
Sub Admin Name: enter the username of new Sub Admin.
Password: enter a password for the new Sub Admin.
Confirm Password: enter the password again.
Step 2. Click OK to add the user or click Cancel to cancel the addition.
- 12 -
Multi-Homing Security Gateway User’s Manual
Removing a Sub Admin
Step 1. In the Administration table, locate the Admin name you want to edit, and click on the Remove
option in the Configure field.
Step 2. The Remove confirmation pop-up box will appear. Click OK to remove that Sub Admin or click
Cancel to cancel.

3.1.2 Permitted IPs

Only the authorized IP address is permitted to manage the Multi-Homing Security Gateway.
ÍÍ
Add Permitted IPs Address
Step 1. Click New Entry button.
- 13 -
Multi-Homing Security Gateway User’s Manual
Step 2. In IP Address field, enter the LAN IP address or WAN IP address.
Name: Enter the host name for the authorized IP address.  IP Address: Enter the LAN IP address or WAN IP address.  Netmask: Enter the netmask of LAN/WAN.  Ping: Select this to allow the external network to ping the IP Address of the Firewall.  HTTP: Check this item, Web User can use HTTP to connect to the Setting window of
Multi-Homing Security Gateway.
Step 3. Click OK to add Permitted IP or click Cancel to discard changes.
Modify Permitted IPs Address
Step 1. In the table of Permitted IPs, highlight the IP you want to modify, and then click Modify.
Step 2. In Modify Permitted IPs, enter new IP address.
Step 3. Click OK to modify or click Cancel to discard changes.
Remove Permitted IPs Addresses
Step 1. In the table of Permitted IPs, highlight the IP you want to remove, and then click Remove.
Step 2. In the confirm window, click OK to remove or click Cancel to discard changes.
- 14 -

3.1.3 Software Update

Multi-Homing Security Gateway User’s Manual
Under Software Update, the admin may update the device’s software with newer software. You may acquire the current version number of software in Version Number. Administrators may visit Planet’s website to
download the latest version and save it in server’s hard disk.
Step 1. Click Browse to select the latest version of Software.
Step 2. Click OK to update software.
ÍÍ
NOTE: It takes three minutes to update the software. The system will restart automatically after updating the
software.

3.1.4 Setting

The Administrator may use this function to backup Multi-Homing Security Gateway configurations and export
(save) them to the “Administrator” computer or anywhere on the network; or restore a configuration file to
the device; or restore the Multi-Homing Security Gateway back to default factory settings.
Entering the Settings window
Click Setting in the Configure menu to enter the Settings window. The Setting will be shown on the screen.
- 15 -
Multi-Homing Security Gateway User’s Manual
Exporting Multi-Homing Security Gateway settings
Step 1. Under Backup/Restore Configuration, click on the Download button next to Export System
Settings to Client.
Step 2. When the File Download pop-up window appears, choose the destination place to save the
exported file. The Administrator may choose to rename the file if preferred.
- 16 -
Importing Multi-Homing Security Gateway settings
Multi-Homing Security Gateway User’s Manual
Under Backup/Restore Configuration, click on the Browse button next to Import System Settings from Client. When the Choose File pop-up window appears, select the file which contains the saved Multi-Homing Security Gateway Settings, then click OK. Click OK to import the file into the Multi-Homing Security Gateway or click Cancel to cancel importing.
Restoring Factory Default Settings
Step 1. Select Reset Factory Settings under Backup/Restore Configuration.
Step 2. Click OK at the bottom-right of the screen to restore the factory settings.
System Name Setting
Input the name you want into Device Name column to be the device name.
- 17 -
Multi-Homing Security Gateway User’s Manual
Email Setting
Step 1. Select Enable E-mail Alert Notification under E-Mail Setting. This function will enable the
Multi-Homing Security Gateway to send e-mail alerts to the System Administrator when the
network is being attacked by hackers or when emergency conditions occur.
Step 2. SMTP Server IP: Enter SMTP server’s IP address.
Step 3. E-Mail Address 1: Enter the first e-mail address to receive the alarm notification.
Step 4. E-Mail Address 2: Enter the second e-mail address to receive the alarm notification. (Optional)
Click OK on the bottom-right of the screen to enable E-mail alert notification.
Web Management (WAN Interface)
The administrator can change the port number used by HTTP port anytime. (Remote UI Management)
Step 1. Set Web Management (WAN Interface). The administrator can change the port number used
by HTTP port anytime.
MTU (set networking packet length)
The administrator can modify the networking packet length.
Step 1. MTU Setting. Modify the networking packet length.
Link Speed / Duplex Mode Setting
This function allows administrator to set the transmission speed and mode of WAN Port.
- 18 -
Multi-Homing Security Gateway User’s Manual
Dynamic Routing (RIPv2)
Enable Dynamic Routing (RIPv2), CS-1000 will advertise an IP address pool to the specific network so that
the address pool can be provided to the network. You can choose to enable LAN, WAN or DMZ interface to
allow RIP protocol supporting.
Routing information update timer: CS-1000 will send out the RIP protocol in a period of time to update the
routing table, the default timer is 30 seconds.
Routing information timeout: If CS-1000 does not receive the RIP protocol from the other router in a period
of time, it will cut off the routing automatically until it receives RIP protocol again. The default timer is 180
seconds.
To-Appliance Packet Logging
When the function is selected, the CS-1000 will record the packets that contain the IP address of CS-1000 in
source or destination, the records will display in Traffic Log for administrator to inquire about.
System Reboot
Once this function is enabled, the Multi-Homing Security Gateway will be rebooted. Reboot Appliance: Click Reboot. A confirmation pop-up box will appear. Follow the confirmation pop-up box, click OK to restart Multi-Homing Security Gateway or click Cancel to discard changes.
- 19 -
Multi-Homing Security Gateway User’s Manual

3.1.5 Date/Time

Synchronizing the Multi-Homing Security Gateway with the System Clock
Administrator can configure the Multi-Homing Security Gateway’s date and time by either syncing to an
Internet Network Time Server (NTP) or by syncing to your computer’s clock.
Follow these steps to sync to an Internet Ti me Server Step 1. Enable synchronization by checking the box. Step 2. Click the down arrow to select the offset time from GMT. Step 3. Enter the Server IP Address or Server name with which you want to synchronize. Step 4. Update system clock every minutes You can set the interval time to synchronize with
outside servers. If you set it to 0, it means the device will not synchronize automatically.
Follow this step to sync to your computer’s clock. Step 1. Click on the Sync button.
Click OK to apply the setting or click Cancel to discard changes.
- 20 -
Multi-Homing Security Gateway User’s Manual
ÍÍ

3.1.6 Multiple Subnet

NA T mode
Multiple Subnet allows local port to set multiple subnet works and connect with the Internet through WAN IP
Addresses.
For instance, the lease line of a company applies several real IP Addresses 168.85.88.0/24, and the company
is divided into R&D department, service, sales department, procurement department, accounting department,
the company can distinguish each department by different subnet works for the purpose of convenient
management. The settings are as the following:
1. R&D department sub-network: 192.168.1.11/24 (LAN) ÅÆ 168.85.88.253 (WAN)
2. Service department sub-network: 192.168.2.11/24 (LAN) ÅÆ 168.85.88.252 (WAN)
3. Sales department sub-network: 192.168.3.11/24 (LAN) ÅÆ 168.85.88.251 (WAN)
4. Procurement department sub-network: 192.168.4.11/24 (LAN) ÅÆ 168.85.88.250(WAN)
5. Accounting department sub-network: 192.168.5.11/24 (LAN) ÅÆ 168.85.88.249 (WAN)
The first department (R&D department) was set while setting interface IP, the other four ones have to be
added in Multiple Subnet, after completing the settings, each department use the different WAN IP address to
connect to the internet. The settings of LAN computers on Service department are as the following:
Service IP Address: 192.168.2.1
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.2.11
The other departments are also set by groups, this is the function of Multiple Subnet.
Multiple Subnet settings
Click System on the left side menu bar, select Configure then click Multiple Subnet to enter Multiple Subnet
window.
- 21 -
Multi-Homing Security Gateway User’s Manual
ÍÍ
Multiple Subnet functions
WAN Interface IP / Forwarding Mode: Display WAN Port IP address and Forwarding Mode. Interface: Indicate the multiple subnet location in LAN or DMZ site. Alias IP of Interface / Netmask: Local port IP address and subnet Mask. Configure: Modify the settings of Multiple Subnet. Click Modify to modify the parameters of Multiple Subnet
or click Delete to delete settings.
Add a Multiple Subnet NAT Mode. Step 1: Click the New Entry button below to add Multiple Subnet. Step 2: Enter the IP address in the website name column of the new window.
Alias IP of Interface: Enter Local port IP address.
Netmask: Enter Local port subnet Mask.
WAN Interface IP: Add WAN IP.
Forwarding Mode: Click the NAT button below to setup.
Step 3: Click OK to add Multiple Subnet or click Cancel to discard changes.
Modify a Multiple Subnet Step 1: Find the IP address you want to modify and click Modify. Step 2: Enter the new IP address in Modify Multiple Subnet window. Step 3: Click the OK button below to change the setting or click Cancel to discard changes.
- 22 -
Multi-Homing Security Gateway User’s Manual
Removing a Multiple Subnet Step 1: Find the IP address you want to delete and click Delete. Step 2: A confirmation pop-up box will appear, click OK to delete the setting or click Cancel to discard
changes.
Routing Mode
Multiple Subnet allows local port to set Multiple Subnet Routing Mode and connect with the Internet through
WAN IP address.
For example, the leased line of a company applies several real IP Addresses 168.85.88.0/24 and the
company is divided into R&D, Customer Service, Sales, Procurement, and Accounting Department. The
company can distinguish each department by different sub-network for the purpose of convenient
management.
The settings are as the following:
R&D: Alias IP of LAN interface - 168.85.88.1, Netmask: 255.255.255.192
Sales: Alias IP of LAN interface - 168.85.88.65, Netmask: 255.255.255.192
Procurement: Alias IP of LAN interface - 168.85.88.129, Netmask: 255.255.255.192
Accounting: Alias IP of LAN interface - 168.85.88.193, Netmask: 255.255.255.192
- 23 -
Multi-Homing Security Gateway User’s Manual
Click System on the left side menu bar, then click Multiple Subnet below Configure menu. Enter Multiple
Subnet window.
Multiple Subnet functions WAN Interface IP / Forwarding Mode: Display WAN Port IP address and Forwarding Mode which is NAT
Mode or Routing Mode.
Interface: Indicate the multiple subnet location in LAN or DMZ site. Alias IP of Interface / Netmask: Local port IP address and subnet Mask. Configure: Modify the settings of Multiple Subnet. Click Modify to modify the parameters of Multiple Subnet
or click Delete to delete settings.
Adding a Multiple Subnet Routing Mode Step 1: Click the Add button below to add Multiple Subnet. Step 2: Enter the IP address in Add Multiple Subnet window.
Alias IP of Interface: Enter Local port IP Address. Netmask: Enter Local port subnet Mask. WAN Interface IP: Add WAN IP Forwarding Mode: Click the Routing button below to setup.
Step 3: Click OK to add Multiple Subnet or click Cancel to discard changes.
Step 4: Adding a new WAN to LAN Policy. In the Incoming window, click the New Entry button.
- 24 -
Loading...
+ 196 hidden pages