PLANET Technology does not warrant that the hardware will work properly in all environments and
applications, and makes no warranty and representation, either implied or expressed, with respect to the
quality, performance, merchantability, or fitness for a particular purpose.
PLANET has made every effort to ensure that this User’s Manual is accurate; PLANET disclaims liability
for any inaccuracies or omissions that may have occurred.
Information in this User’s Manual is subject to change without notice and does not represent a commitment
on the part of PLANET. PLANET assumes no responsibility for any inaccuracies that may be contained in
this User’s Manual. PLANET makes no commitment to update or keep current the information in this User’s
Manual, and reserves the right to make improvements to this User’s Manual and/or to the products described
in this User’s Manual, at any time without notice.
If you find information in this manual that is incorrect, misleading, or incomplete, we would appreciate your
comments and suggestions.
Trademarks
The PLANET logo is a trademark of PLANET Technology.
This documentation may refer to numerous hardware and software products by their trade names. In most, if
not all cases, these designations are claimed as trademarks or registered trademarks by their respective
companies.
CE mark Warning
This is a class B device. In a domestic environment, this product may cause radio interference, in which case
the user may be required to take adequate measures.
Federal Communication Commission Interference Statement
This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to
Part 15 of FCC Rules. These limits are designed to provide reasonable protection against harmful
interference in a residential installation. This equipment generates, uses, and can radiate radio frequency
energy and, if not installed and used in accordance with the instructions, may cause harmful interference to
radio communications. However, there is no guarantee that interference will not occur in a particular
installation. If this equipment does cause harmful interference to radio or television reception, which can
be determined by turning the equipment off and on, the user is encouraged to try to correct the interference
by one or more of the following measures:
1. Reorient or relocate the receiving antenna.
2. Increase the separation between the equipment and receiver.
3. Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
4. Consult the dealer or an experienced radio technician for help.
SG-500 VPN Security Gateway User’s Manual
FCC Caution:
To assure continued compliance (example-use only shielded interface cables when connecting to computer or
peripheral devices). Any changes or modifications not expressly approved by the party responsible for
compliance could void the user’s authority to operate the equipment.
This device complies with Part 15 of the FCC Rules. Operation is subject to the Following two conditions: (1)
This device may not cause harmful interference, and (2) this Device must accept any interference received,
including interference that may cause undesired operation.
R&TTE Compliance Statement
This equipment complies with all the requirements of DIRECTIVE 1999/5/EC OF THE EUROPEAN
PARLIAMENT AND THE COUNCIL OF 9 March 1999 on radio equipment and telecommunication
terminal Equipment and the mutual recognition of their conformity (R&TTE)
The R&TTE Directive repeals and replaces in the directive 98/13/EEC (Telecommunications Terminal
Equipment and Satellite Earth Station Equipment) As of April 8, 2000.
WEEE
To avoid the potential effects on the environment and human health as a result of the presence of
hazardous substances in electrical and electronic equipment, end users of electrical and electronic
equipment should understand the meaning of the crossed-out wheeled bin symbol. Do not dispose
of WEEE as unsorted municipal waste and have to collect such WEEE separately.
Safety
This equipment is designed with the utmost care for the safety of those who install and use it. However,
special attention must be paid to the dangers of electric shock and static electricity when working with
electrical equipment. All guidelines of this and of the computer manufacture must therefore be allowed at all
times to ensure the safe use of the equipment.
The innovation of the Internet has created a tremendous worldwide venue for E-business and
information sharing, but it also creates network security issues. New model of Planet’s VPN
Security Gateway SG-500, a special designed of VPN security gateway, provides SSL and IPSec
VPN. The SSL VPN function supports up to 5 SSL VPN connection tunnels. The IPSec VPN
feature provides IKE, SHA-1, and MD5 Authentication. It is specifically designed for SOHO
networks.
The SG-500 provides Content Blocking feature to block specific URL, Script, IM, P2P, and
download file. Also, it is built-in Anomaly Flow IP function. This function supports Hacker and
Blaster Alert. An administrator could use this function to watch and track an attacker. Also, the QoS
function provides Guaranteed Bandwidth and Priority Bandwidth Utilization.
Both the NAT mode and DMZ mode are supported, and therefore can maintain the existing network
infrastructure without reconfiguring. The SG-500 provides policy-based firewall protection and
several hacker protections to prevent hackers’ attack. Besides, the comprehensive alarm and log
function allow the network manager to easily enhance the security of local network.
1.1 Features
z One 10/100Mbps LAN, DMZ, and WAN port
z NAT mode and DMZ mode
z DMZ mode requires no changing for the original network structure
z The VPN security gateway supports SSL VPN and IPSec VPN. The SSL VPN function
supports up to 5 SSL VPN connection tunnels. The IPSec VPN has DES, 3DES, and AES
encryption and SHA-1 / MD5 authentication. The network traffic over public Internet is
secured.
z Traffic classification based on IP, IP range/subnet, and TCP/UDP port range
z Guaranteed and maximum bandwidth with three levels of priorities
z Policy-based bandwidth management
z Assign daily and weekly access schedule to each individual policy
z Professional Monitor function includes Log, Accounting Report, Statistics, and Status
z MRTG-like Traffic Statistics, easy to trace and analyze
z Multi-Servers Load Balancing
z Dynamic DNS and DHCP server functions
z Content Filter includes URL, Script, P2P, IM, and Download blocking
z Hacker Alert and Anomaly Flow Detection
z Virtual Server and IP mapping (Multi-DMZ Host)
z Multi-language Web UI and easy to manage
z User authentication based on user name and password
If any of the contents are missing or damaged, please contact your dealer or distributor immediately.
1.3 VPN Security Gateway Top View
LED Description
PWR Power is supplied to this device.
WAN Steady on indicates the port is connected to other network
device.
Blink to indicates there is traffic on the port
LAN Steady on indicates the port is connected to other network
device.
Blink to indicates there is traffic on the port
DMZ Steady on indicates the port is connected to other network
device.
Blink to indicates there is traffic on the port
1.4 VPN Security Gateway Rear Panel
Port or button Description
Power 12V DC, 1.5A
- 2 -
SG-500 VPN Security Gateway User’s Manual
RESET
WAN
Press this button to restore to factory default settings.
Connect to your xDSL/Cable modem or other Internet
connection device
LAN
Connect to your local PC, switch, or other local network
device
DMZ
Connect to your local PC, switch, or other local network
device
1.5 Specification
Product VPN Security Gateway
Model SG-500
Hardware
WAN 1 x 10/100Base-TX Connections
LAN
DMZ
Button Reset button for hardware reset / factory default
System LED PWR, WAN, LAN, DMZ
Software
Maximum Controlled
Concurrent Session
New Session / Second 1,000
SSL VPN Tunnels Up to 5 tunnels
Management Web (English, Traditional Chinese, Simplified Chinese)
Operation Mode DMZ_NAT, DMZ_Transparent, NAT
WAN connection type in
NAT mode
Traffic Classification IP, IP subnet, and TCP/UDP port
Bandwidth Allocation Policy rules with Inbound/Outbound traffic management
Log Traffic Log, Event Log, Connection Log, Log backup by mail or
Statistics WAN port statistics and policy statistics with graph display
Firewall Security Policy-based access control
Hacker Alert and
Anomaly Flow Detection
Alarm Traffic alarm for user-defined traffic level
Other Functions Firmware Upgradeable through Web
1 x 10/100Base-TX, Auto-MDI/MDI-X
1 x 10/100Base-TX, Auto-MDI/MDI-X
20,000
PPPoE, DHCP, and Fixed IP
Guaranteed and maximum bandwidth
Scheduled in unit of 30 minutes
3 Priorities
syslog server
Stateful Packet Inspection (SPI)
Scheduled in unit of 30 minutes
Detect SYN Attack, Detect ICMP Flood, Detect UDP Flood,
Detect Ping of Death Attack, Detect Tear Drop Attack, Detect IP
Spoofing Attack, Filter IP Route Option, Detect Port Scan Attack,
Detect Land Attack, Virus-Infected Blocking, E-Mail Alert
Notification, NetBIOS Notification
Event alarm for hacker attack
The alarm message can sent to administrator by e-mail
NTP support
Configuration Backup and Restore through Web
Dynamic DNS support
Multiple NAT and multiple DMZ (mapped IP) support
Multiple server load balancing
- 3 -
SG-500 VPN Security Gateway User’s Manual
Chapter 2: System
2.1 Administration
“System” is the managing of settings such as the privileges of packets that pass through the SG-500
and monitoring controls. The System Administrators can manage, monitor, and configure SG-500
settings. But all configurations are “read-only” for all users other than the System Administrator;
those users are not able to change any setting of the SG-500.
- 4 -
SG-500 VPN Security Gateway User’s Manual
2.2 Admin
Define the required fields of Administrator
Administrator Name:
The user name of Administrators and Sub Administrator for the SG-500. The admin user name
cannot be removed; and the sub-admin user can be removed or configure.
The default Account: admin; Password: admin
Privilege:
The privileges of Administrators (Admin or Sub Admin). The user name of the main
Administrator is Administrator with reading / writing privilege. Administrator also can
change the system setting, log system status, and to increase or delete sub-administrator.
Sub-Admin may be created by the Admin by clicking
New Sub Admin
. Sub Admin have
only read and monitor privilege and cannot change any system setting value.
Configure:
Click Modify to change the “Sub-Administrator’s” password or click Remove to delete a “Sub
Administrator.”
- 5 -
SG-500 VPN Security Gateway User’s Manual
Adding a new Sub Administrator
STEP 1﹒In the Admin Web UI, click the New Sub Admin button to create a new Sub
Administrator.
STEP 2﹒In the Add New Sub Administrator Web UI and enter the following setting: