PLANET SG-4800 User Manual

Download

Page 1

SG-4800

Gigabit SSL VPN Security Router User’s Manual

User’s Manual

Gigabit SSL VPN Security Router Security Router

Page 2

Gigabit SSL VPN Security Router User’s Manual

Copyright© 2012 by PLANET Technology Corp. All rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language or computer

language, in any form or by any means, electronic, mechanical, magnetic, optical, chemical, manual or

otherwise, without the prior written permission of PLANET.

PLANET makes no representations or warranties, either expressed or implied, with respect to the contents hereof and specifically disclaims any warranties, merchantability or fitness for any particular purpose. Any software described in this manual is sold or licensed "as is". Should the programs prove defective following their purchase, the buyer (and not this company, its distributor, or its dealer) assumes the entire cost of all necessary servicing, repair, and any incidental or consequential damages resulting from any defect in the software. Further, this company reserves the right to revise this publication and to make changes from time to time in the contents hereof without obligation to notify any person of such revision or changes. All brand and product names mentioned in this manual are trademarks and/or registered trademarks of their respective holders.

Disclaimer

PLANET Technology does not warrant that the hardware will work properly in all environments and applications, and makes no warranty and representation, either implied or expressed, with respect to the quality, performance, merchantability, or fitness for a particular purpose. PLANET has made every effort to ensure that this User’s Manual is accurate; PLANET disclaims liability for any inaccuracies or omissions that may have occurred. Information in this User’s Manual is subject to change without notice and does not represent a commitment on the part of PLANET. PLANET assumes no responsibility for any inaccuracies that may be contained in this User’s Manual. PLANET makes no commitment to update or keep current the information in this User’s Manual, and reserves the right to make improvements to this User’s Manual and/or to the products described in this User’s Manual, at any time without notice. If you find information in this manual that is incorrect, misleading, or incomplete, we would appreciate your comments and suggestions.

Trademarks

The PLANET logo is a trademark of PLANET Technology. This documentation may refer to numerous hardware and software products by their trade names. In most, if not all cases, these designations are claimed as trademarks or registered trademarks by their respective companies.

CE mark Warning

This is a class A device, in a domestic environment; this product may cause radio interference, in which case the user may be required to take adequate measures.

Federal Communication Commission Interference Statement

This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:

1. Reorient or relocate the receiving antenna.

2. Increase the separation between the equipment and receiver.

3. Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.

4. Consult the dealer or an experienced radio technician for help.

Page 3

Gigabit SSL VPN Security Router User’s Manual

FCC Caution:

To assure continued compliance (example-use only shielded interface cables when connecting to computer or peripheral devices). Any changes or modifications not expressly approved by the party responsible for compliance could void the user’s authority to operate the equipment. This device complies with Part 15 of the FCC Rules. Operation is subject to the Following two conditions: (1) This device may not cause harmful interference, and (2) this Device must accept any interference received, including interference that may cause undesired operation.

R&TTE Compliance Statement

This equipment complies with all the requirements of DIRECTIVE 1999/5/EC OF THE EUROPEAN PARLIAMENT AND THE COUNCIL OF 9 March 1999 on radio equipment and telecommunication terminal Equipment and the mutual recognition of their conformity (R&TTE) The R&TTE Directive repeals and replaces in the directive 98/13/EEC (Telecommunications Terminal Equipment and Satellite Earth Station Equipment) As of April 8, 2000.

WEEE Caution

To avoid the potential effects on the environment and human health as a result of the presence of hazardous substances in electrical and electronic equipment, end users of electrical and electronic equipment should understand the meaning of the crossed-out wheeled bin symbol. Do not dispose of WEEE as unsorted municipal waste and have to collect such WEEE separately.

Safety

This equipment is designed with the utmost care for the safety of those who install and use it. However, special attention must be paid to the dangers of electric shock and static electricity when working with electrical equipment. All guidelines of this and of the computer manufacture must therefore be allowed at all times to ensure the safe use of the equipment.

Customer Service

For information on customer service and support for the Gigabit SSL VPN Security Router, please refer to the following Website URL:

http://www.planet.com.tw

Before contacting customer service, please take a moment to gather the following information:

♦ Gigabit SSL VPN Security Router serial number and MAC address ♦ Any error messages that displayed when the problem occurred ♦ Any software running when the problem occurred ♦ Steps you took to resolve the problem on your own

Revision

User’s Manual for PLANET Gigabit SSL VPN Security Router

Model: SG-4800

Rev: 1.0 (June, 2012)

III

Page 4

Gigabit SSL VPN Security Router User’s Manual

Table of Contents

CHAPTER 1: INTRODUCTION ........................................................................................................................ 1

1.1 FEATURES................................................................................................................................................................1

1.2 PACKAGE CONTENTS ..............................................................................................................................................2

1.3 PHYSICAL SPECIFICATION .......................................................................................................................................2

1.4 SPECIFICATION ........................................................................................................................................................4

CHAPTER 2: INSTALLATION PROCEDURE.................................................................................................. 6

2.1 SYSTEMATIC SETTING PROCESS ............................................................................................................................6

2.2 SETTING FLOW CHART............................................................................................................................................7

CHAPTER 3: HARDWARE INSTALLATION.................................................................................................... 9

3.1 INSTALLING THE DEVICE ON A STANDA RD 19” RACK ..............................................................................................9

3.2 VPN ROUTER NETWORK CONNECTION ...............................................................................................................10

CHAPTER 4: LOGIN VPN SECURITY ROUTER............................................................................................11

CHAPTER 5: SYSTEM STATUS.................................................................................................................... 13

5.1 HOME PAGE ...........................................................................................................................................................13

5.1.1 WAN Status .................................................................................................................................................13

5.1.2 Physical Port Status ...................................................................................................................................15

5.1.3 System Information ....................................................................................................................................16

5.1.4 Firewall Status.............................................................................................................................................16

5.1.5 VPN Status ..................................................................................................................................................17

5.1.6 Log Setting Status ......................................................................................................................................17

5.2 CHANGE AND SET LOGIN PASSWORD AND TIME...................................................................................................17

5.2.1 Password Setting........................................................................................................................................17

5.2.2 Network Time ..............................................................................................................................................18

CHAPTER 6: NETWORK................................................................................................................................20

6.1 NETWORK CONNECTION .......................................................................................................................................20

6.1.1 Host Name and Domain Name.................................................................................................................20

6.1.2 IP Mode........................................................................................................................................................ 20

6.1.3 LAN Setting .................................................................................................................................................20

6.1.3.1 IPv4 Only...................................................................................................................................................................21

6.1.3.2 Dual-Stack IP (IPv4 and IPv6)...................................................................................................................................22

6.1.4 WAN & DMZ Settings.................................................................................................................................24

6.1.4.1 IPv4 Only...................................................................................................................................................................24

6.1.4.2 Dual-Stack IP (IPv4 and IPv6)...................................................................................................................................35

Page 5

Gigabit SSL VPN Security Router User’s Manual

6.2 MULTI- WAN SETTING ..........................................................................................................................................39

6.2.1 Load Balance Mode ...................................................................................................................................39

6.2.2 Network Detection Service........................................................................................................................ 46

6.2.3 Protocol Binding..........................................................................................................................................48

CHAPTER 7: PORT MANAGEMENT............................................................................................................. 57

7.1 SETUP.................................................................................................................................................................... 57

7.2 PORT STATU S ........................................................................................................................................................59

7.3 IP/ DHCP..............................................................................................................................................................60

7.4 DHCP STATUS ......................................................................................................................................................62

7.5 IP & MAC BINDING ...............................................................................................................................................63

7.6 IP GROUPING ........................................................................................................................................................66

7.7 PORT GROUP MANAGEMENT ................................................................................................................................69

CHAPTER 8: QOS (QUALITY OF SERVICE)................................................................................................ 70

8.1 BANDWIDTH MANAGEMENT...................................................................................................................................70

8.1.1 The Maximum Bandwidth provided by ISP.............................................................................................71

8.1.2 QoS...............................................................................................................................................................72

8.1.3 Smart QoS...................................................................................................................................................75

8.1.4 Exception IP address .................................................................................................................................77

8.2 SESSION CONTROL................................................................................................................................................ 78

CHAPTER 9 : FIREW ALL............................................................................................................................... 80

9.1 GENERAL POLICY ..................................................................................................................................................80

9.2 ACCESS RULE........................................................................................................................................................83

9.2.1 Default Rule.................................................................................................................................................83

9.2.2 Add New Access Rule................................................................................................................................84

9.3 URL FILTER ...........................................................................................................................................................86

CHAPTER 10 : VPN (VIRTUAL PRIVATE NETWORK)................................................................................. 91

10.1. DISPLAY ALL VPN SUMMARY ............................................................................................................................91

10.1.1. Add a New VPN Tunnel..........................................................................................................................94

10.1.1.1 Gateway to Gateway Setting....................................................................................................................................94

10.1.1.2 Client to Gateway Setting (future feature).............................................................................................................104

10.1.2. PPTP Server .......................................................................................................................................... 110

10.1.3. VPN Pass Through ............................................................................................................................... 111

CHAPTER 1 1: SSL VPN................................................................................................................................113

11.1 STAT US ..............................................................................................................................................................113

11.2 GROUP SUMMARY .............................................................................................................................................113

11.3 GROUP MANAGEMENT:......................................................................................................................................115

Page 6

Gigabit SSL VPN Security Router User’s Manual

11.4 DOMAIN MANAGEMENT .....................................................................................................................................132

11.5 USER MANAGEMENT .........................................................................................................................................133

11.6 SERVICE RESOURCE MANAGEMENT .................................................................................................................136

11.6.1 Resource Configuration ......................................................................................................................... 136

11.7 LINK TO PORTAL ................................................................................................................................................138

11.8 CERTIFICATE MANAGEMENT..............................................................................................................................138

11.9 ADVANCED SETTINGS........................................................................................................................................ 142

11.9.1 Assign IP Range for Virtual Passage.................................................................................................. 143

11.9.2 Change SSL VPN service port .............................................................................................................144

11.9.3 Banner......................................................................................................................................................144

11.9.4 Background pattern of the login page..................................................................................................144

CHAPTER 12: ADVANCED FUNCTION...................................................................................................... 145

12.1 DMZ HOST/ PORT RANGE FORWARDING.........................................................................................................145

12.1.1 DMZ Host ................................................................................................................................................145

12.1.2 Port Range Forwarding .........................................................................................................................146

12.2 UPNP ................................................................................................................................................................148

12.3 ROUTING ...........................................................................................................................................................149

12.3.1 Dynamic Routing .................................................................................................................................... 149

12.3.2 Static Routing..........................................................................................................................................150

12.4 ONE TO ONE NAT ............................................................................................................................................. 152

12.5 DDNS- DYNAMIC DOMAIN NAME SERVICE ...................................................................................................... 155

12.6 MAC CLONE .....................................................................................................................................................157

CHAPTER 13: SYSTEM TOOL.................................................................................................................... 158

13.1 DIAGNOSTIC ......................................................................................................................................................158

13.2 FIRMWARE UPGRADE........................................................................................................................................ 159

13.3 CONFIGURATION BACKUP ................................................................................................................................. 159

13.4 SNMP ...............................................................................................................................................................161

13.5 SYSTEM RECOVER............................................................................................................................................162

13.6 HIGH AVAILABILITY.............................................................................................................................................162

CHAPTER 14. LOG....................................................................................................................................... 167

14.1 SYSTEM LOG .....................................................................................................................................................167

14.2 SYSTEM STAT ISTI C ............................................................................................................................................171

14.3 TRAFFIC STATI STIC ............................................................................................................................................172

14.4 IP/ PORT STATI STIC ...........................................................................................................................................175

Page 7

Gigabit SSL VPN Security Router User’s Manual

Chapter 1: Introduction

As Internet becomes essential for your business, the only way to prevent your Internet connection from failure

is to have more than one connection. PLANET’s Gigabit SSL VPN Security Router, SG-4800, reduces the

risks of potential shutdown if one of the Internet connections fails. Moreover, it allows you to perform

load-balancing by distributing the traffic through three or four WAN connections.

In addition to a multi-homing device, PLANET’s Gigabit SSL VPN Security Router provides a complete

security solution in a box. The policy-based firewall, content filtering function and VPN connectivity provides

SSL, IPSec, and PPTP VPN. The SSL VPN function supports up to 60 SSL VPN connection tunnels. The

IPSec VPN feature provides with 3DES and AES encryption make it a perfect product for your network

security. No more complex connection and settings for integrating different security products on the network is

required.

This product is built-in bandwidth management function which also supported to offers network administrators

an easy yet powerful means to allocate network resources based on business priorities, and to shape and

control bandwidth usage.

1.1 Features

 Multi-WAN Auto Backup: The SG-4800 can monitor each WAN link status and automatically activate

backup links when a failure is detected. The detection is based on the configurable target Internet

addresses.

 Outbound Load Balancing: The network sessions are assigned based on the user configurable load

balancing mode, including “Auto Load Balance”, “Unbinding WAN Balance” and “Strategy Routing”,. User can also configure which IP or TCP/UDP type of traffic use which WAN port to connect.

 Inbound Load Balancing: The SG-4800 provides the Inbound Load Balancing for enterprise’s internal

server. The Inbound Load Balancing can reduce the server loading and system crash risks, in order to

improve the server working efficiency.

 Policy-based Firewall: The built-in policy-based firewall prevent many known hacker attack including

Ping of Death, SYN Flooding, Land attack, IP Spoofing, etc. The access rule function allowed only

specified WAN or LAN users to use only allowed network services on specified time.

 VPN Connectivity: The security gateway support PPTP, IPSec and the SSL VPN. The SSL VPN

function supports up to 60 SSL VPN connection tunnels. The IPSec VPN with DES, 3DES and AES

encryption and SHA-1 / MD5 authentication, the network traffic over public Internet is secured.

 Content Filtering: The security gateway can block network connection based on URLs, Scripts (The

Java Applet, cookies and Active X), Restrict Application (MSN, Yahoo Messenger, QQ, PPSTREAM and

PPTV) and Download/Upload blocking.

- 1 -

Page 8

Gigabit SSL VPN Security Router User’s Manual

 Multiple DHCP Server: The multi DHCP server support 4 sets of Class C IP address, each server can

allocate up to 253 client IP addresses and distribute them including IP address, subnet mask as well as

DNS IP address to local computers. It provides an easy way to manage the local IP network.

 QoS Bandwidth Management: Featured Smart QoS with dynamic bandwidth management to

automatically control P2P and video downloading and other bandwidth hogging to avoid bandwidth

insufficient. Prioritizing different person/group or applications in bandwidth using for a better reasonable

management.

 Dynamic Domain Name System (DDNS): The Dynamic DNS service allows users to alias a dynamic

IP address to a static hostname.

 Multiple NAT: Multiple NAT allows local port to set multi-subnet and connect to the Internet through

different WAN IP addresses.

 Port Range Forwarding (Virtual Server): The Port Forwarding and DMZ function can let you setup

your servers in the Intranet and still provide services to the Internet users.

 Easy Management: Embedded Mirror Port to connect with monitoring devices to monitor online

behavior. It also supporting remote management by web browser with user name and password to

realize router management from remote places.

 Log Feature: The log and traffic statistic function can helping administrators to record the

change/abnormal of the whole network status and take actions according to the log information.

1.2 Package Contents

The following items should be included:

 SG-4800 x 1

 Power Cord x 1

 Quick Installation Guide x 1

 User’s Manual CD x 1

 Cat5 Cable x 1

 Screw Packer x1

 Rack-mount ear x 2

If any of the contents are missing or damaged, please contact your dealer or distributor immediately.

1.3 Physical Specification

Front Panel

- 2 -

Page 9

Gigabit SSL VPN Security Router User’s Manual

LED definition

LED Color Status Description

Green Steady Power On

PWR

Off Off Power Off

Steady on System is crashed.

DIAG Amber

Blinking System is on self-test after power on the device.

Off System is ready.

Steady on Port has been connected & Get IP

WAN/ DMZ: Link/Act

Green

Blinking Transmit data.

Off Not get the IP address, even the port has been connected.

Steady on LAN port has been connected.

LAN: Link/Act Green

Blinking Transmit data.

Green Steady On Works on 1000M

LAN/WAN/DMZ: Speed

Amber Steady On Works on 100M.

Off Off Works on 10M.

Button definition

Button Description Reset Push 5 seconds for “Warm Start”, and push 10 seconds for Factory Default. Power Rocker switch ,Internal 12V/1.65A

- 3 -

Page 10

1.4 Specification

Product

Model SG-4800 Hardware

LAN

Gigabit SSL VPN Security Router

8x 10/100/1000 Mbps RJ-45

Gigabit SSL VPN Security Router User’s Manual

Ethernet

Button

Software

Multi-WAN Function

System Performance

Bandwidth Management

Firewall Security

Networking

Network Management

WAN

DMZ

Reset 1 x Reset button for reset to factory default setting

Power 1 x Power on/off Switch

Routing

4 x 10/100/1000 Mbps RJ-45

1 x 10/100/1000 Mbps RJ-45

z Inbound / Outbound Load Balance: by session and by IP z Protocol Binding z Network Service Detection

z Dynamic Route RIP v1/v2 z Static Route z Strategy Routing

z Concurrent session :50000 z Firewall performance :1Gbps z Corporation Size: SMB(clients 200~250) z 3DES performance:270Mbps

z Guaranteed Bandwidth z Max Bandwidth z Session Limit z Port-based QoS

z NAT z One-to-One NAT z Multiple-to-One NAT z Stateful Packet Inspection(SPI) Firewall z Denial of Service (DoS) prevention z IP & Port filtering z Block Website by Keyword, Content Filter z Firewall detection: Ping of Death, SYN Flooding, Land attack, IP Spoofing z Email Alert for Hacker Attack z IP&MAC Binding z Support DMZ to protect your network: DMZ Host z Prevent ARP Attack on LAN

z Configurable DMZ z DHCP Server (support class C), client, dynamic IP, static IP,IP Grouping

support

z Multiple DHCP Server (support 4 sets of Class C) z PPPoE / Static IP/ DHCP Client z Multiple Subnet z Protocol: TCP /IP, ARP, ICMP, FTP/TFTP, IPv4 z NAT with port forwarding(Virtual Server) z DNS Relay z DDNS: Support DynDNS,3322 z Password protected configuration or management sessions for web

access

z Port Management – Speed/Duplex/Auto Negotiation/VLAN z Transparent Bridge

z Support IPv4/IPv6

z Comprehensive web based management and policy setting z SNMP v1/v2c z Monitoring, Logging, and Alarms of system activities

- 4 -

Page 11

VPN Support

z Firmware upgrade through Web browser

PPTP VPNl z 60 PPTP VPN Tunnels

z 200 IPSec VPN Tunnels z IPSec H/W acceleration z Friendly VPN Tunnel Management z IKE: Pre-Shared keys z IPSec Encryption DES/3DES/AES128/AES192/AES256 z IPSec Authentication MD5/SHA1

IPSec VPN

SSL VPN

z Support PMTU z NAT Traversal z Connect on Demand z DPD detection z VPN Hub z IP by DNS Resolved z View Log

z 10 full set SSL VPN tunnel / 50 Virtual Passage SSL VPN Client z SSL H/W acceleration z Remote Desktop Access z HTTP and HTTPs Proxy z FTP and Windows Network File Sharing z Terminal Access: Telnet, SSH z

z Platform support Windows / Linux / MAC z SSL Encryptions: 128bit SHA1 (DES-CBC-SHA) z Encrypted cookies z Web cache cleaner z Certificate Server: RSA, PKI, Digital Certificate z Host Check: Virus Scan, Personal Firewalls, OS Patch z Role based management z Access Policy Management z Logging and monitoring: Syslog logging of SSL VPN events by user,

z Customized User Portal: Allows Portal Layout, Available Services to be

z Single sign-on: Allows Single Sign-On for accessing multiple private

z Group and Global Bookmark Support: Enables users to access resources

uthentication: Radius, LDAP, Microsoft Active Directory and NT Domain

Name

service and type of event

customized

network resources

without needing to remember hostnames or IP addresses

z Tunnel quantity upgrade mechanism

VPN Pass

through

z IPSec, PPTP ,L2TP Pass through

Gigabit SSL VPN Security Router User’s Manual

- 5 -

Page 12

Gigabit SSL VPN Security Router User’s Manual

Chapter 2: Installation Procedure

In this chapter we are going to introduce hardware installation. Through the understanding of multi-WAN

setting process, users can easily setup and manage the network, making VPN Router functioning and having

best performance.

2.1 Systematic Setting Process

Users can set up and enable the network by utilizing bandwidth efficiently. The network can achieve the ideal

efficiency, block attacks, and prevent security risks at the same time. Through the process settings, users can

install and operate VPN Router easily. This simplifies the management and maintenance, making the user

network settings be done at one time. The main process is as below:

Step 1. Hardware installation

Step 2. Login

Step 3. Verify device specification and set up password and time

Step 4. Set WAN connection

Step 5. Set LAN connection: physical port and IP address settings

Step 6. Set QoS bandwidth management: avoid bandwidth occupation

Step 7. Set Firewall: prevent attack and improper access to network resources

Step 8. Other settings: UPnP, DDNS, MAC Clone

Step 9. Management and maintenance settings: Syslog, SNMP, and configuration backup

Step 10. VPN (Virtual Private Network)function setting

Step 11. Logout

- 6 -

Page 13

Gigabit SSL VPN Security Router User’s Manual

2.2 Setting Flow Chart

Below is the description for each setting process, and the correspondent contents and purposes.

# Setting Content Purpose

1 Hardware installation user’s demand. Install VPN Router hardware based on

user physical requirements.

2 Login Login the device with

Web Browser.

Verify device

specification

Set password and time Set time and re-new

4 Set WAN connection Verify WAN connection

5 Set LAN connection:

physical port and IP

address settings

6 Set QoS bandwidth

Verify Firmware version

and working status.

password.

setting, bandwidth

allocation, and protocol

binding.

Set mirror port and

VLAN. Allocate and

manage LAN IP.

Restrict bandwidth and

Verify VPN Router specification, Firmware

version and working status.

Modify the login password considering safe

issue.

Synchronize the VPN Router time with WAN.

Connect to WAN. Configure bandwidth to

optimize data transmission.

Provide mirror port, port management and VLAN

setting functions. Support Static/DHCP IP

allocation to meet different needs. IP group will

simplize the management work.

To assure transmission of important information,

management: avoid

bandwidth occupation

7 Set Firewall: prevent

attack and improper

access to network

resources

8 Advanced

Settings:DMZ/Forwardin

g, UPnP, DDNS, MAC

Clone

9 Management and

maintenance settings:

Syslog, SNMP, and

configuration backup

session of WAN ports,

LAN IP and application.

Block attack, Set

Access rule and restrict

Web access.

DMZ/Forwarding,

UpnP, Routing Mode,

multiple WAN IP, DDNS

and MAC Clone

Monitor VPN Router

working status and

configuration backup.

manage and allocate the bandwidth further to

achieve best efficiency.

Administrators can block BT to avoid bandwidth

occupation, and enable access rules to restrict

employee accessing internet improperly or using

MSN, QQ and Skype during working time. They

can also protect network from Worm or ARP

attacking.

DMZ/Forwarding, UpnP, Routing Mode, multiple

WAN IP, DDNS and MAC Clone

Administrators can look up system log and

monitor system status and inbound/outbound

flow in real time.

10 VPN Virtual Private Configure VPN tunnels, Configure different types of VPN to meet

- 7 -

Page 14

Gigabit SSL VPN Security Router User’s Manual

Network function setting e.g. PPTP. different application environment.

11 Logout Close configuration

window.

Logout VPN Router web-based UI.

We will follow the process flow to complete the network setting in the following chapters.

- 8 -

Page 15

Gigabit SSL VPN Security Router User’s Manual

Chapter 3: Hardware Installation

In this chapter we are going to introduce hardware interface as well as physical installation.

3.1 Installing the Device on a Standard 19” Rack

We suggest to either place the device on a desk or install it in a rack with attached brackets. Do not place

other heavy objects together with the device on a rack. Overloading may cause the rack to fail, thus causing

damage or danger.

Each device comes with a set of rack installation accessories, including 2 L brackets and 8 screws. Users can

rack- mount the device onto the chassis.

Refer to the figure below for the device installation onto a 19” rack:

In order for the device to run smoothly, wherever users install it, be sure not to obstruct the vent

Attention

on each side of the device. Keep at least 10cm space in front of both the vents for air

convection.

- 9 -

Page 16

Gigabit SSL VPN Security Router User’s Manual

3.2 VPN Router Network Connection

The device has 4 WAN ports and a hardware DMZ port, therefore, users can connect the device to the

Internet, and configure a connection to a Public IP server at the same time.

WAN Connection:

A W

AN port can be connected with xDSL Modem, Fiber Modem, Switching Hub, or through an external

router to connect to the Internet. The device has 4 WAN ports. If some of the ports are not in use, WAN3

and WAN4 can be set up, through software, as LAN ports. If only some of the WAN ports are to be

used, it is suggested to select WAN1 and WAN2 as the default choices for Internet connection.

LAN Connection:

The LAN port can b

DMZ port:

The DMZ p

vers, etc

ser

ort can be connected to servers that have legal IP addresses, such as Web servers, mail

e connected to a Switching Hub or directly to a PC.

- 10 -

Page 17

Gigabit SSL VPN Security Router User’s Manual

Chapter 4: Login VPN Security Router

This chapter is mainly introducing Web-based UI after connecting VPN Router.

First, check up VPN Router IP address by connecting to DOS through the LAN PC under VPN Security

Router. Go to Start → Run, enter cmd to commend DOS, and enter ipconfig for getting Default Gateway

address, as the graphic below, 192.168.1.1. Make sure Default Gateway is also the default IP address of VPN

QoS Router.

When not getting IP address and default gateway by using “ipconfig”, or the received IP

Attention

Then, open webpage browser, IE for example, and key in 192.168.1.1 in the website column. The login

window will appear as below:

address is 0.0.0.0 and 169.X.X.X, we recommend that users should check if there is any

problem with the circuits or the computer network card is connected nicely.

- 11 -

Page 18

Gigabit SSL VPN Security Router User’s Manual

VPN Router default username and password are both “admin”. Users can change the login password in the

setting later.

For security, we strongly suggest that users must change password after login. Please keep the

Attention

After login, VPN Router web-based UI will be shown.

password safe, or you can not login to VPN Router. Press Reset button for more than 10 sec, all

the setting will return to default.

- 12 -

Page 19

Gigabit SSL VPN Security Router User’s Manual

Chapter 5: System Status

This chapter introduces the device specification and status after login as well as change password and

system time settings for security.

5.1 Home Page

In the Home page, all VPN Security Router parameters and status are listed for users’ reference.

5.1.1 WAN Status

Item Description WAN IP Address Default Gateway DNS Downstream Bandwidth

Usage(%) Upstream Bandwidth

Usage(%) DDNS Setup

Indicates the current IP configuration for WAN port.

Indicates current WAN gateway IP address from ISP.

Indicates the current DNS IP configuration.

Indicates the current downstream bandwidth usage (%) for each WAN.

Indicates the current upstream bandwidth usage (%) for each WAN.

Indicates if Dynamic Domain Name is activated. The default configuration is

- 13 -

Page 20

“Off”.

Gigabit SSL VPN Security Router User’s Manual

Quality of Service Manual Connect

DMZ IP Address

Indicates how many QoS rules are set.

When “Obtain an IP automatically” is selected, two buttons (Release and

Renew) will appear. If a WAN connection, such as PPPoE or PPTP, is

selected, “Disconnect” and “Connect” will appear.

Indicates the current DMZ IP address.

- 14 -

Page 21

Gigabit SSL VPN Security Router User’s Manual

5.1.2 Physical Port Status

The status of all system ports, including each connected and enabled port, will be shown on this Home page

(see above table). Click the respective status button and a separate window will appeare to show detailed

data (including setting status summary and statisitcs) of the selected port.

The current port setting status information will be shown in the Port Information Table. Examples: type

(10Base-T/100Base-TX/1000Base-T), iniferface (WAN/ LAN/ DMZ), link status (Up/ Down), physical port

status (Port Enabled/ Port Disabled), priority (high or normal), speed status (10Mbps or 100Mbps), duplex

status (Half/ Full), auto negotiation (Enabled or Disabled). The tabble also shows statistics of Receive/

Transmit Packets, Receive/Transmit Packets Byte Count as well as Error Packets Count.

- 15 -

Page 22

5.1.3 System Information

Item Description

Gigabit SSL VPN Security Router User’s Manual

LAN IP Address/ Subnet Mask

Working Mode

System active time: Serial Number:

Firmware Version

Current Time

5.1.4 Firewall Status

Identifies the current device IP address and subnet mask. The default is

192.168.1.1 and 255.255.255.0

Indicates the current working mode. Can be Gateway or Router mode. The

default is “Gateway” mode

Indicates how long the device has been running.

This number is the device serial number.

Information about the device present software version.

Indicates the device present time.

Note

To have the correct time, users must synchronize the device with

the remote NTP server first.

Item Description SPI (Stateful Packet

Inspection) DoS (Denial of Service) Block WAN Request

Indicates whether SPI (Stateful Packet Inspection) is on or off. The default

configuration is “On”.

Indicates if DoS attack prevention is activated.The default configuration is “On”.

Indicates that denying the connection from Internet is activated. The default

- 16 -

Page 23

configuration is “On”.

Gigabit SSL VPN Security Router User’s Manual

Prevent ARP Virus Attack

Remote Management

Access Rule

Indicates that preventing Arp virus attack is acitvated. The default configuration

is “Off”.

Indicates if remote management is activated (on or off). Click the hyperlink to

enter and manage the configuration. The default configuration is “Off”.

Indicates the number of access rule applied in VPN Security Router.

5.1.5 VPN Status

Item Description VPN Setting Status

Indicates VPN setting information in VPN Router.

Tunnel(s) Used

Tunnel(s) Available

Indicates number of tunnels that have been configured in VPN (Virtual Private

Network).

Indicates number of tunnels that are available for VPN (Virtual Private

Network).

5.1.6 Log Setting Status

Item Description Sent Log To

Indicates if Syslog Server is Enabled or Disabled.

5.2 Change and Set Login Password and Time

5.2.1 Password Setting

When you login VPN Router setting window every time, you must enter the password. The default value for

VPN Router username and password are both “admin”. For security reasons, we strongly recommend that

you must change your password after first login. Please keep the password safe, or you might not login to

VPN Router. You can press Reset button for more than 10 sec, VPN Router will return back to default.

- 17 -

Page 24

Item Description

Gigabit SSL VPN Security Router User’s Manual

User Name Password New User Name New Passwor d Confirm New Password Apply Cancel

If users have already changed username and password, they should login with current username and

password and input “admin” as new username and password if they have to return back to default.

The default is “admin”. Input the original password.（The default is “admin”.）

Input the new user name. e.x. Planet

Input the new password.

Input the new password again for verification.

Click “Apply” to save the configuration. Click “Cancel" to leave without making any change. This action will be

effective before ”Apply” to save the configuration.

5.2.2 Network Time

VPN Router can adjust time setting. Users can know the exact time of event occurrences that are recorded in

the System Log, and the time of closing or opening access for Internet resources. You can either select the

embedded NTP Server synchronization function or set up a time reference.

Set system time using a NTP server : VPN Router has embedded NTP server, which will update the time

spontaneously.

- 18 -

Page 25

Item Description

Gigabit SSL VPN Security Router User’s Manual

Time Zone Daylight Saving

NTP Server Apply Cancel

Select your location from the pull-down time zone list to show correct local time.

If there is Daylight Saving Time in your area, input the date range. The device

will adjust the time for the Daylight Saving period automatically.

If you have your own preferred time server, input the server IP address.

After the changes are completed, click “Apply” to save the configuration. Click “Cancel" to leave without making any change. This action will be

effective before ”Apply” to save the configuration.

Select System Time Manually: Input the correct time, date, and year in the boxes.

After the changes are completed, click “Apply” to save the configuration. Click “Cancel" to leave without

making any change. This action will be effective before ”Apply” to save the configuration.

- 19 -

Page 26

Gigabit SSL VPN Security Router User’s Manual

Chapter 6: Network

This Network page contains the basic settings. For most users, completing this general setting is enough for

connecting with the Internet. However, some users need advanced information from their ISP. Please refer to

the following descriptions for specific configurations.

6.1 Network Connection

6.1.1 Host Name and Domain Name

Dev

ice name and domain name can be input in the two boxes. Though this configuration is not necessary in

most environments, some ISPs in some countries may require it.

6.1.2 IP Mode

Cho

ose the type of addressing to use on your network:

IPv4 Only: Use only IPv4 addressing.

Dual-Stack IP: Use IPv4 and IPv6 addressing. So that you can configure both IPv4 and IPv6 addresses for

LAN, WAN, and DMZ settings on this page.

6.1.3 LAN Setting

- 20 -

Page 27

Gigabit SSL VPN Security Router User’s Manual

6.1.3.1 IPv4 Only

This is configuration information for SG-4800 current LAN IP address. The default configuration is

192.168.1.1 and the default Subnet Mask is 255.255.255.0. It can be changed according to the actual network

structure.

Multiple-Subnet Setting： (IPv4 Only)

Click “Unified IP Management” to enter the configuration page, as shown in the following figure. Input the

respective IP addresses and subnet masks.

This is configuration information for the device current LAN IP address. The default configuration is

192.168.1.1 and the default Subnet Mask is 255.255.255.0. It can be changed according to the actual network

structure.

- 21 -

Page 28

Gigabit SSL VPN Security Router User’s Manual

This

function enables users to input IP segments that differ from the router network segment to the multi-net

segment configuration; the Internet will then be directly accessible. In other words, if there are already

different IP segment groups in the Intranet, the Internet is still accessible without making any changes to

internal PCs. Users can make changes according to their actual network structure.

6.1.3.2 Dual-Stack IP (IPv4 and IPv6)

rs have to enable Dual-Stack IP in the IP mode section in advance to configure IPv6. Then click the IPv6

Use

tab, and then enter the IPv6 Address and the Prefix Length. The default IP address is fc00::1, and the default prefix length is 7. It can be changed according to the actual network structure.

- 22 -

Page 29

Gigabit SSL VPN Security Router User’s Manual

Click “Unified IP Management” to enter the configuration page, as shown in the following figure. Input the

respective IP addresses and subnet masks.

Note

making any change.

To configure global IPv6 prefixes for your LAN devices, go to the WAN Setting, click the IPv6 tab, and click Edit for the WAN interface. Then enter the LAN IPv6 Address.

After the changes are completed, click “Apply” to save the configuration. Click “Cancel" to leave without

- 23 -

Page 30

6.1.4 WAN & DMZ Settings

6.1.4.1 IPv4 Only

WAN Setting

Item Description

Gigabit SSL VPN Security Router User’s Manual

Interface Connection Type

Config

An indication of which port is connected.

Obtain an IP automatically, Static IP connection, PPPoE (Point-to-Point

Protocol over Ethernet), PPTP (Point-to-Point Tunneling Protocol) or

Transparent Bridge.

A modification in an advanced configuration: Click Edit to enter the advanced

configuration page.

Obtain an Automatic IP automatically

This mode is often used in the connection mode to obtain an automatic DHCP IP. This is the device

system default connection mode. It is a connection mode in which DHCP clients obtain an IP address

automatically. If having a different connection mode, please refer to the following introduction for selection of

appropriate configurations. Users can also set up their own DNS IP address. Check the options and input the

user-defined DNS IP addresses.

- 24 -

Page 31

Item Description

Gigabit SSL VPN Security Router User’s Manual

Use the following DNS Server Addresses:

DNS Server:

Enable Line-Dropped Scheduling:

Select a user-defined DNS server IP address.

Input the DNS IP address set by ISP. At least one IP group should be input.

The maximum acceptable groups is two IP groups.

The WAN disconnection schedule will be activated by checking this option. In

some areas, there is a time limitation for WAN connection service. For example:

The optical fiber service will be disconnected from 0:00 am to 6:00 am.

Although there is a standby system in the device, at the moment of WAN

disconnection, all the external connections that go through this WAN will be

disconnected too. Only after the disconnected lines are reconnected can they

go through the standby system to connect with the Internet.

Therefore, to avoid a huge number of disconnection, users can activate this

function to arrange new connections to be made through another WAN to the

Internet. In this way, the effect of any disconnection can be minimized.

Line-Dropped Period

Line-Dropped Scheduling

Link Backup Interface

Shared- Circuit WAN environment

MTU:

After the changes are completed, click “Apply” to save the configuration, or click “Cancel" to leave without

making any changes.

Input the time rule for disconnection of this WAN service.

Input how long the WAN service may be disconnected before the newly added

connections should go through another WAN to connect with the Internet.

Select another WAN port as link backup when port binding is configured. Users

should select the port that employs the same ISP.

If your WAN connects to a Switch, select “Enabled” to filter broadcast packets.

The default is “Disabled”.

MTU is abbreviation of Maximum Transmission Unit. “Auto” and “Manual” can

be chosen. The default value is 1500. Different value could be set in different

network environment. (e.g. ADSL PPPoE MTU: 1492) .The default is “Auto”.

Static IP

If an ISP issues a static IP (such as one IP or eight IP addresses, etc.), please select this connection mode

and follow the steps below to input the IP numbers issued by an ISP into the relevant boxes.

- 25 -

Page 32

Gigabit SSL VPN Security Router User’s Manual

Item Description WAN IP address Subnet Mask

Input the available static IP address issued by ISP.

Input the subnet mask of the static IP address issued by ISP, such as:

Issued eight static IP addresses: 255.255.255.248

Issued 16 static IP addresses: 255.255.255.240

Default Gateway

Input the default gateway issued by ISP. For ADSL users, it is usually an

ATU-R IP address. As for optical fiber users, please input the optical fiber

switching IP.

DNS Server

Input the DNS IP address issued by ISP. At least one IP group should be input.

The maximum acceptable is two IP groups.

Enable Line-Dropped Scheduling

The WAN disconnection schedule will be activated by checking this option. In

some areas, there is a time limitation for WAN connection service. For

example: the optical fiber service will be disconnected from 0:00 am to 6:00 am.

Although there is a standby system in the device, at the moment of WAN

disconnection, all the external connections that go through this WAN will be

disconnected too. Only after the disconnected lines are reconnected can they

go through the standby system to connect with the Internet. Therefore, to avoid

a huge number of disconnections, users can activate this function to arrange

new connections to be made through another WAN to the Internet. In this way,

the effect of any disconnection can be minimized.

- 26 -

Page 33

Gigabit SSL VPN Security Router User’s Manual

Line-Dropped Period

Line-Dropped Scheduling

Link Backup Interface

Shared- Circuit WAN environment

MTU

After the changes are completed, click “Apply” to save the configuration, or click “Cancel" to leave without

making any changes.

Input the time rule for the disconnection of this WAN service.

Input how long the WAN service may be disconnected before the newly added

connections should go through another WAN to connect with the Internet.

Select another WAN port as link backup when port binding is configured. Users

should select the port that employs the same ISP.

If your WAN connects to a Switch, select “Enabled” to filter broadcast packets.

The default is “Disabled”.

MTU is abbreviation of Maximum Transmission Unit. “Auto” and “Manual” can

be chosen. The default value is 1500. Different value could be set in different

network environment. (e.g. ADSL PPPoE MTU: 1492) The default is “Auto”.

PPPoE

This option is for an ADSL virtual dial-up connection (suitable for ADSL PPPoE). Input the user connection

name and password issued by ISP. Then use the PPP Over-Ethernet software built into the device to connect

with the Internet. If the PC has been installed with the PPPoE dialing software provided by ISP, remove it. This

software will no longer be used for network connection.

- 27 -

Page 34

Item Description

Gigabit SSL VPN Security Router User’s Manual

User Name Password Connect on Demand

Keep Alive

Enable Line-Dropped Scheduling

Input the user name issued by ISP.

Input the password issued by ISP.

This function enables the auto-dialing function to be used in a PPPoE dial

connection. When the client port attempts to connect with the Internet, the

device will automatically make a dial connection. If the line has been idle for a

period of time, the system will break the connection automatically. (The default

time for automatic break-off resulting from no packet transmissions is five

minutes).

This function enables the PPPoE dial connection to keep connected, and to

automatically redial if the line is disconnected. It also enables a user to set up a

time for redialing. The default is 30 seconds.

The WAN disconnection schedule will be activated by checking this option. In

some areas, there is a time limitation for WAN connection service. For

example: the optical fiber service will be disconnected from 0:00 am to 6:00 am.

Although there is a standby system in the device, at the moment of WAN

disconnection, all the external connections that go through this WAN will be

Line-Dropped Period

Line-Dropped Scheduling

Link Backup Interface

Shared- Circuit WAN environment

MTU

disconnected too. Only after the disconnected lines are reconnected can they

go through the standby system to connect with the Internet. Therefore, to avoid

a huge number of disconnections, users can activate this function to arrange

new connections through another WAN to the Internet. In this way, the effect of

any disconnection can be minimized.

Input the time rule for the disconnection of this WAN service.

Input how long the WAN service may be disconnected before the newly added

connections should go through another WAN to connect with the Internet.

Select another WAN port as link backup when port binding is configured. Users

should select the port that employs the same ISP.

If your WAN connects to a Switch, select “Enabled” to filter broadcast packets.

The default is “Disabled”.

MTU is abbreviation of Maximum Transmission Unit. “Auto” and “Manual” can

be chosen. The default value is 1500. Different value could be set in different

network environment. (e.g. ADSL PPPoE MTU: 1492) .The default is “Auto”.

- 28 -

Page 35

Gigabit SSL VPN Security Router User’s Manual

After the changes are completed, click “Apply” to save the configuration, or click “Cancel" to leave without

making any change.

PPTP

This option is for the PPTP time counting system. Input the user’s connection name and password issued by

ISP, and use the built-in PPTP software to connect with the Internet.

Item Description WAN IP Address

Subnet Mask

Default Gateway Address

User Name

This option is to configure a static IP address. The IP address to be configured

could be one issued by ISP. (The IP address is usually provided by the ISP

when the PC is installed. Contact ISP for relevant information).

Input the subnet mask of the static IP address issued by ISP, such as:

Issued eight static IP addresses: 255.255.255.248

Issued 16 static IP addresses: 255.255.255.240

Input the default gateway of the static IP address issued by ISP. For ADSL

users, it is usually an ATU-R IP address.

Input the user name issued by ISP.

- 29 -

Page 36

Gigabit SSL VPN Security Router User’s Manual

Password

Connect on Demand

Keep Alive

Enable Line-Dropped Scheduling

Input the password issued by ISP.

This function enables the auto-dialing function to be used for a PPTP dial

connection. When the client port attempts to connect with the Internet, the

device will automatically connect with the default ISP auto dial connection;

when the network has been idle for a period of time, the system will break the

connection automatically. (The default time for automatic break off when no

packets have been transmitted is five minutes).

This function enables the PPTP dial connection to redial automatically when

the connection has been disconnected. Users can set up the redialing time.

The default is 30 seconds.

The WAN disconnection schedule will be activated by checking this option. In

some areas, there is a time limitation for WAN connection service. For

example: the optical fiber service will be disconnected from 0:00 am to 6:00 am.

Although there is a standby system in the device, at the moment of WAN

disconnection, all the external connections that go through this WAN will be

Line-Dropped Period

Line-Dropped Scheduling

Link Backup Interface

Shared- Circuit WAN environment

MTU

disconnected too. Only after the disconnected lines are reconnected can they

go through the standby system to connect with the Internet. Therefore, to avoid

a huge number of disconnection, users can activate this function to arrange

new connections to be made through another WAN to the Internet. In this way,

the effect of any disconnection can be minimized.

Input the time rule for the disconnection of this WAN service.

Input how long the WAN service may be disconnected before the newly added

connections should go through another WAN to connect with the Internet.

Select another WAN port as link backup when port binding is configured. Users

should select the port that employs the same ISP.

If your WAN connects to a Switch, select “Enabled” to filter broadcast packets.

The default is “Disabled”.

MTU is abbreviation of Maximum Transmission Unit. “Auto” and “Manual” can

be chosen. The default value is 1500. Different value could be set in different

network environment. (e.g. ADSL PPPoE MTU: 1492)

The default is “Auto”.

After the changes are completed, click “Apply” to save the configuration, or click “Cancel" to leave without

making any changes.

- 30 -

Page 37

Gigabit SSL VPN Security Router User’s Manual

Transparent Bridge

If all Intranet IP addresses are applied as Internet IP addresses, and users don’t want to substitute private

network IP addresses for all Intranet IP addresses (ex. 192.168.1.X), this function will enable users to

integrate existing networks without changing the original structure. Select the Transparent Bridge mode for

the WAN connection mode. In this way, users will be able to connect normally with the Internet while keeping

the original Internet IP addresses in Intranet IP configuration.

If there are two WANs configured, users still can select Transparent Bridge mode for WAN connection mode,

and load balancing will be achieved as usual.

Item Description WAN IP Address Subnet Mask

Default Gateway Address

Input one of the static IP addresses issued by ISP.

Input the subnet mask of the static IP address issued by ISP, such as:

Issued eight static IP addresses: 255.255.255.248 Issued 16 static IP

addresses: 255.255.255.240

Input the default gateway of the static IP address issued by ISP. For ADSL

users, it is usually an ATU-R IP address.

- 31 -

Page 38

Gigabit SSL VPN Security Router User’s Manual

DNS Server

Internal LAN IP Range

Enable Line-Dropped Scheduling

Line-Dropped Period:

Input the DNS IP address set by ISP. At least one IP group should be input.

The maximum acceptable is two IP groups.

Input the available IP range issued by ISP. If ISP issued two discontinuous IP

address ranges, users can input them into Internal LAN IP Range 1 and

Internal LAN IP Range 2 respectively.