Copyright (C) 2004 PLANET Technology Corp. All rights reserved.
The products and programs described in this User’s Manual are licensed products of PLANET Technology, This User’s
Manual contains proprietary information protected by copyright, and this User’s Manual and all accompanying hardware,
software, and documentation are copyrighted.
No part of this User’s Manual may be copied, photocopied, reproduced, translated, or reduced to any electronic medium
or machine-readable form by any means by electronic or mechanical. Including photocopying, recording, or information
storage and retrieval systems, for any purpose other than the purchaser's personal use, and without the prior express
written permission of PLANET Technology.
Disclaimer
PLANET Technology does not warrant that the hardware will work properly in all environments and applications, and
makes no warranty and representation, either implied or expressed, with respect to the quality, performance,
merchantability, or fitness for a particular purpose.
PLANET has made every effort to ensure that this User’s Manual is accurate; PLANET disclaims liability for any
inaccuracies or omissions that may have occurred.
Information in this User’s Manual is subject to change without notice and does not represent a commitment on the part of
PLANET. PLANET assumes no responsibility for any inaccuracies that may be contained in this User’s Manual. PLANET
makes no commitment to update or keep current the information in this User’s Manual, and reserves the right to make
improvements to this User’s Manual and/or to the products described in this User’s Manual, at any time without notice.
If you find information in this manual that is incorrect, misleading, or incomplete, we would appreciate your comments and
suggestions.
CE mark Warning
This is a class B device, In a domestic environment, this product may cause radio interference, in which case the user
may be required to take adequate measures.
Trademarks
The PLANET logo is a trademark of PLANET Technology.
This documentation may refer to numerous hardware and software products by their trade names. In most, if not all cases,
these designations are claimed as trademarks or registered trademarks by their respective companies.
Customer Service
For information on customer service and support for the Bandwidth Management Gateway, please refer to the following
Website URL:
http://www.planet.com.tw
Before contacting customer service, please take a moment to gather the following information:
♦ Bandwidth Management Gateway serial number and MAC address
♦ Any error messages that displayed when the problem occurred
♦ Any software running when the problem occurred
♦ Steps you took to resolve the problem on your own
3.1 WEB CONFIGURATION.............................................................................................................................................7
3.2 SETTING UP IN TRANSPARENT MODE.....................................................................................................................8
3.3 SETTING UP IN NAT MODE...................................................................................................................................10
CHAPTER 4: WEB CONFIGURATION...........................................................................................................12
4.1.10 DNS Proxy.................................................................................................................................................39
4.3.2 LAN Group...................................................................................................................................................57
4.3.4 WAN Group.................................................................................................................................................63
4.4.3 Group ...........................................................................................................................................................72
4.9.2 General Blocking......................................................................................................................................101
4.14.1 WAN Statistics........................................................................................................................................140
BM-500 is specifically designed for SOHO networks. It has built-in 4-port 10/100Mbps Ethernet LAN ports and
NAT function. Thus, no broadband router is required for users which have only one public IP address. It also
supports virtual server, Multi-DMZ and dynamic DNS function which is very useful for users to share local
resource to Internet users.
For bandwidth management, packets can be classified based on IP address, IP subnet and TCP/UDP port
number. The device has more than 40 of the most common protocols such as H.323, Oracle, HTTP, FTP, etc.
for ease of definition; the administrator can then define policies to ensure committed and maximum bandwidth
levels for inbound / outbound traffic in each class. The administrator can also define three priority levels for
each policy to ensure that high priority packets receive the maximum available bandwidth. In addition, each
policy can have a schedule defined for when the policy is activated or inactivated in increments of 30 minutes.
Both the NAT mode and transparent mode are supported, therefore allowing the existing network structure to
remain the same without reconfiguring. The BM-500 provides policy-based firewall protection and several
hacker protections to prevent any hacker attack. Besides, the comprehensive alarm and log function allow
the network Management Gateway to easily enhance the security of local network.
1.1 Features
♦ Provides four 10/100Mbps LAN port and one 10/100Mbps WAN port
♦ Supports NAT mode and transparent mode
♦ Transparent mode requires no changing for the original network structure
♦ Traffic classification bases on IP, IP range/subnet, TCP/UDP port range
♦ Guaranteed and maximum bandwidth with 3 level of priorities
♦ Dynamic and prioritized bandwidth sharing with fairness between equal-level priority
♦ Assigns daily and weekly access schedule to each individual policy
♦ Professional Network Log and Accounting Report
♦ Supports MRTG-like Traffic Statistics, easy to trace and analyze
♦ Provides Multi-Servers Load Balancing
♦ Provides Dynamic DNS and DHCP server functions
♦ Supports Content Filter on scheduled time
♦ Supports Virtual Server and IP mapping (Multi-DMZ Host)
♦ Supports Multi-language web UI, easy to manage
♦ Support user authentication based user’s user name and password
1.2 Package Contents
The following items should be included:
♦ Bandwidth Management Gateway
♦ Power Adapter
♦ Quick Installation Guide
♦ User’s Manual CD
If any of the contents are missing or damaged, please contact your dealer or distributor immediately.
- 1 -
BM-500 Bandwidth Management Gateway User’s Manual
1.3 Bandwidth Management Gateway Front View
LED Description
PWR Power is supplied to this device.
STATUS Blinks to indicate this devise is being turned on.
After one minute, this LED indicator will stop
blinking, it means this device is now ready to
use.
WAN & LAN
100 Steady on indicates the port operate
on 100Mbps speed
LNK/ACT Steady on indicates the port is
connected to other network device.
Blink to indicates there is traffic on
the port
1.4 Bandwidth Management Gateway Rear Panel
Port or
button
RESET Press this button to restore to factory
WAN Connect to your xDSL/Cable modem
LAN 1 to 4 Connect to your local PC, switch or
Description
default settings.
or other Internet connection device
other local network device
- 2 -
BM-500 Bandwidth Management Gateway User’s Manual
1.5 Specification
Product Bandwidth Management Gateway
Model BM-500
Hardware
WAN 1 x 10/100Base-TX Connections
LAN 4 x 10/100Base-TX, Auto-MDI/MDI-X
Button Reset button fro hardware reset / factory default
System LED System: PWR, STATUS
Relative Humidity: 5%~90%
Dimension W x D x H 220 x 149 x 37 mm
Regulatory FCC, CE Mark
Software
Maximum Bandwidth Transparent: 10Mbps
NAT: 8Mbps
NAT + logging + statistics: 3Mbps
Maximum concurrent
session
Management Web (English, Traditional Chinese, Simplified Chinese )
Operation Mode Transparent, NAT
WAN connection type in NAT
mode
Traffic Classification IP, IP subnet, TCP/UDP port
Bandwidth Allocation Policy rules with Inbound/Outbound traffic management
Log Traffic Log, Event Log, Connection Log, Log backup by mail or syslog
Statistics WAN port statistics and policy statistics with graph display
Firewall Security Policy-based access control
Alarm w Traffic alarm for user-defined traffic level
Other Functions Firmware Upgradeable through Web
5000
PPPoE, DHCP and Fixed IP
Guaranteed and maximum bandwidth
Scheduled in unit of 30 minutes
3 Priorities
server
Stateful Packet Inspection (SPI)
Scheduled in unit of 30 minutes
of Death Attack, Detect Tear Drop Attack, Detect IP Spoofing Attack,
Filter IP Route Option, Detect Port Scan Attack, Detect Land Attack
w Event alarm for hacker attack
w The alarm message can sent to administrator by e-mail
NTP support
Configuration Backup and Restore through Web
Dynamic DNS support
Multiple NAT and multiple DMZ ( mapped IP) support
Multiple server load balancing
- 3 -
BM-500 Bandwidth Management Gateway User’s Manual
Chapter 2: Hardware Installation
2.1 Installation Requirements
Before installing the Bandwidth Management Gateway, make sure your network meets the following
requirements.
- Mechanical Requirements
The Bandwidth Management Gateway is to be installed between your Internet connection and local area
network. The Bandwidth Management Gateway can be placed on the table or rack. Locate the unit near
the power outlet.
- Electrical Requirements
The Bandwidth Management Gateway is a power-required device, it means, the Bandwidth Management
Gateway will not work until it is powered. If your networked PCs will need to transmit data all the time,
please consider use an UPS (Uninterrupted Power Supply) for your Bandwidth Management Gateway. It
will prevent you from network data loss. In some area, installing a surge suppression device may also help
to protect your Bandwidth Management Gateway from being damaged by unregulated surge or current to
the Bandwidth Management Gateway.
- Network Requirements
In order for Bandwidth Management Gateway to manage traffic, the traffic must pass through Bandwidth
Management Gateway at a useful point in a network. In most situations, the bandwidth Management
Gateway should be placed behind the Internet connection device.
This deployment allows the network administers to control all bandwidth based on business priorities and
give business-critical and time-sensitive applications guarantee bandwidth and higher priority.
Business-critical applications can receive maximum performance while other less urgent traffic is still
available on remaining bandwidth. Bandwidth Management Gateway also provides comprehensive
security, log and statistics functions to help monitor network and bandwidth usage and allow adjustment of
the bandwidth management policies accordingly.
2.2 Operation Mode
BM-500 supports two operation modes, Transparent and NAT. In transparent mode, BM-500 works as
proxy with forward LAN packet to WAN and forward WAN packet to LAN. The LAN and WAN side IP
addresses are in the same subnet. In NAT mode, LAN side user will share one public IP address of WAN
port to make Internet connection. Please find the following two pictures for example.
2.2.1 Transparent Mode Connection Example
- 4 -
BM-500 Bandwidth Management Gateway User’s Manual
All the WAN and LAN side IP addresses are on the same subnet.
2.2.2 NAT Mode Connecting Example
- 5 -
BM-500 Bandwidth Management Gateway User’s Manual
LAN and WAN side IP addresses are on the different subnet.
- 6 -
BM-500 Bandwidth Management Gateway User’s Manual
Chapter 3: Getting Started
3.1 Web Configuration
STEP 1:
Connect both the Administrator’s PC and the LAN port of the Bandwidth Management Gateway to a hub or
switch. Make sure there is a link light on the hub/switch for both connections. The Bandwidth Management
Gateway has an embedded web server used for management and configuration. Use a web browser to
display the configurations of the Bandwidth Management Gateway (such as Internet Explorer 4(or above) or
Netscape 4.0(or above) with full java script support). The default IP address of the Bandwidth Management
Gateway is 192.168.1.1 with a subnet mask of 255.255.255.0. Therefore, the IP address of the Administrator
PC must be in the range between 192.168.1.2– 192.168.1.254
If the company’s LAN IP Address is not subnet of 192.168.1.0, (i.e. LAN IP Address is 172.16.0.1), then the
Administrator must change his/her PC IP address to be within the same range of the LAN subnet (i.e.
172.16.0.2). Reboot the PC if necessary.
By default, the Bandwidth Management Gateway is shipped with its DHCP Server function enabled. This
means the client computers on the LAN network including the Administrator PC can set their TCP/IP settings
to automatically obtain an IP address from the Bandwidth Management Gateway.
The following table is a list of private IP addresses. These addresses may not be used as a WAN IP address.
10.0.0.0 ~ 10.255.255.255
172.16.0.0 ~ 172.31.255.255
192.168.0.0 ~ 192.168.255.255
STEP 2:
Once the Administrator PC has an IP address on the same network as the Bandwidth Management Gateway,
open up an Internet web browser and type in http://192.168.1.1 in the address bar.
A pop-up screen will appear and prompt for a username and password. A username and password is required
to connect to the Bandwidth Management Gateway. Enter the default login username and password of
Administrator (see below).
Username: admin
Password: admin
Click OK.
- 7 -
BM-500 Bandwidth Management Gateway User’s Manual
3.2 Setting Up in Transparent Mode
STEP 1:
After entering the username and password, the Bandwidth Management Gateway WEB UI screen will display.
Select the Interface tab on the left menu and a sub-function list will be displayed.
• Select Transparent Mode.
• Enter required information to their corresponding fields.
LAN interface IP Address
NetMask
Default Gateway
DNS Server
.
Note: The above figures are only examples. Please fill in the appropriate IP address information provided to
you by the ISP.
STEP 2:
Click on the Policy tab from the main function menu, and then click on Outgoing from the sub-function list.
STEP 3:
- 8 -
BM-500 Bandwidth Management Gateway User’s Manual
Click on New Entry button.
STEP 4:
When the New Entry option appears, enter the following configuration:
The configuration is successful when the screen below is displayed. Make sure that all the computers that
are connected to the LAN port have their Default Gateway IP Address set to the Bandwidth Management
Gateway’s LAN IP Address (i.e. 192.168.1.1). At this point, all the computers on the LAN network should gain
access to the Internet immediately. If a Bandwidth Management Gateway filter function is required, please
refer to the Policy section in the user’s manual.
- 9 -
BM-500 Bandwidth Management Gateway User’s Manual
3.3 Setting Up in NAT Mode
STEP 1:
After entering the Bandwidth Management Gateway WEB UI screen, select the Interface tab on the left menu
and a sub-function list will be displayed.
Select the NAT Mode.
Enter the required information to their corresponding fields.
LAN Interface IP Address 192.168.1.1
NetMask 255.255.255.0
Enter the information that your ISP provided.
STEP 2:
Click on the Policy tab from the main function menu, and then click on Outgoing from the sub-function list.
Click on the Policy tab from the main function menu, and then click on Incoming from the sub-function list.
STEP 3:
Click on New Entry button.
STEP 4:
When the New Entry option appears, enter the following configuration:
Source Address – select “Inside_Any”
Destination Address – select “Outside_Any”
Service - select “ANY”
Action - select “Permit”
Click on OK to apply the changes.
- 10 -
BM-500 Bandwidth Management Gateway User’s Manual
STEP 5:
The configuration is successful when the screen below is displayed. Make sure that all the computers that
are connected to the LAN port have their Default Gateway IP Address set to the Bandwidth Management
Gateway’s LAN IP Address (i.e. 192.168.1.1). At this point, all the computers on the LAN network should
gain access to Internet immediately. If a Bandwidth Management Gateway filter function is required,
please refer to Address and Policy sections.
- 11 -
BM-500 Bandwidth Management Gateway User’s Manual
Chapter 4: Web Configuration
4.1 System
The Bandwidth Management Gateway Administration and monitoring control is set by the System
Administrator. The System Administrator can add or modify System settings and monitoring mode. The sub
Administrators can only read System settings but not modify them. In System, the System Administrator can:
1. Add and change the sub Administrator’s names and passwords;
2. Back up all Bandwidth Management Gateway settings into local files;
3. Set up alerts for Hackers invasion.
“System” is the managing of settings such as the privileges of packets that pass through the Bandwidth
Management Gateway and monitoring controls. Administrators may manage, monitor, and configure
Bandwidth Management Gateway settings. All configurations are “read-only” for all users other than the
Administrator; those users are not able to change any settings for the Bandwidth Management Gateway.
Admin: has control of user access to the Bandwidth Management Gateway. He/she can add/remove users
and change passwords.
Setting: TheAdministrator may use this function to backup Bandwidth Management Gateway configurations
and export (save) them to an “Administrator” computer or anywhere on the network; or restore a
configuration file to the device; or restore the Bandwidth Management Gateway back to default factory
settings. Under Setting, the Administrator may enable e-mail alert notification. This will alert Administrator(s)
automatically whenever the Bandwidth Management Gateway has experienced unauthorized access or a
network hit (hacking or flooding). Once enabled, an IP address of a SMTP (Simple Mail Transfer protocol)
Server is required. Up to two e-mail addresses can be entered for the alert notifications.
Date/Time: This function enables the Bandwidth Management Gateway to be synchronized either with an
Internet Server time or with the client computer’s clock.
Language: Both Chinese and English are supported in the Bandwidth Management Gateway.
Multiple NAT Multiple NAT allows local port to set multiple subnet works and connect with the Internet
through different WAN IP Addresses.
Address: Enables the Administrator to authorize specific internal/external IP address(s for Management
Gateway.
Hack Alert When abnormal conditions occur, the Bandwidth Management Gateway will send an e-mail alert
to notify the Administrator, and also display warning messages in the Event window of Alarm.
Route Table Use this function to enable the Administrator to add static routes for the networks when the
dynamic route is not efficient enough.
DHCP Administrator can configure DHCP (Dynamic Host Configuration Protocol) settings for the LAN (LAN)
network.
Dynamic DNS The Dynamic DNS (require Dynamic DNS Service) allows you to alias a dynamic IP address
- 12 -
BM-500 Bandwidth Management Gateway User’s Manual
to a static hostname, allowing your device to be more easily accessed by specific name. When this function is
enabled, the IP address in Dynamic DNS Server will be automatically updated with the new IP address
provided by ISP
Logout Administrator logs out the Bandwidth Management Gateway. This function protects your system
while you are away.
Software Update The administrator can update the device’s software with the latest version.
Administrators may visit distributor’s web site to download the latest firmware. Administrators may update
the device firmware to optimize its performance and keep up with the latest fixes for intruding attacks.
4.1.1 Admin
On the left hand menu, click on Setup, and then select Admin below it. The current list of Administrator(s)
shows up.
çç
Settings of the Administration table
Administrator Name: The username of Administrators for the Bandwidth Management Gateway. The user
admin cannot be removed.
Privilege: The privileges of Administrators (Admin or Sub Admin)
The username of the main Administrator is Administrator with read / write privilege.
Sub Admins may be created by the Admin by clicking
privilege.
Configure: Click Modify to change the “Sub Administrator’s” password and click Remove to delete a “Sub
Administrator.”
New Sub Admin
- 13 -
. Sub Admins have read only
BM-500 Bandwidth Management Gateway User’s Manual
Changing the Main/Sub-Administrator’s Password
Step 1. The Modify Administrator Password window will appear. Enter in the required information:
n Password: enter original password.
n New Password: enter new password
n Confirm Password: enter the new password again.
Step 2. Click OK to confirm password change or click Cancel to cancel it.
Adding a new Sub Administrator
Step 1. In the Add New Sub Administrator window:
n Sub Admin Name: enter the username of new Sub Admin.
n Password: enter a password for the new Sub Admin.
n Confirm Password: enter the password again.
Step 2. Click OK to add the user or click Cancel to cancel the addition.
- 14 -
BM-500 Bandwidth Management Gateway User’s Manual
Removing a Sub Administrator
Step 1. In the Administration table, locate the Administrator name you want to edit, and click on the
Remove option in the Configure field.
Step 2. The Remove confirmation pop-up box will appear. Click OK to remove that Sub Admin or click
Cancel to cancel.
- 15 -
BM-500 Bandwidth Management Gateway User’s Manual
4.1.2 Settings
TheAdministrator may use this function to backup Bandwidth Management Gateway configurations and
export (save) them to an “Administrator” computer or anywhere on the network; or restore a configuration
file to the device; or restore the Bandwidth Management Gateway back to default factory settings.
Entering the Settings window
Click Setting in the System menu to enter the Settings window. The Bandwidth Management Gateway
Configuration settings will be shown on the screen.
- 16 -
çç
BM-500 Bandwidth Management Gateway User’s Manual
Exporting Bandwidth Management Gateway settings
Step 1. Under Bandwidth Management Configuration, click on the Download button next to Export
System Settings to Client.
Step 2. When the File Download pop-up window appears, choose the destination place to save the
exported file. The Administrator may choose to rename the file if preferred.
- 17 -
BM-500 Bandwidth Management Gateway User’s Manual
Importing Bandwidth Management Gateway settings
Under Bandwidth Management Gateway Configuration, click on the Browse button next to Import
System Settings. When the Choose File pop-up window appears, select the file which contains the saved
Bandwidth Management Gateway Settings, then click OK.
Click OK to import the file into the Bandwidth Management Gateway or click Cancel to cancel importing.
Restoring Factory Default Settings
Step 1. Select Reset Factory Settings under Bandwidth Management Configuration.
Click OK at the bottom-right of the screen to restore the factory settings.
- 18 -
BM-500 Bandwidth Management Gateway User’s Manual
Enabling E-mail Alert Notification
Step 1. Select Enable E-mail Alert Notification under E-Mail Settings. This function will enable the
Bandwidth Management Gateway to send e-mail alerts to the System Administrator when the
network is being attacked by hackers or when emergency conditions occur.
Step 2. SMTP Server IP: Enter SMTP server’s IP address.
Step 3. E-Mail Address 1: Enter the first e-mail address to receive the alarm notification.
Step 4. E-Mail Address 2: Enter the second e-mail address to receive the alarm notification. (Optional)
Click OK on the bottom-right of the screen to enable E-mail alert notification.
- 19 -
BM-500 Bandwidth Management Gateway User’s Manual
Web Management (WAN Interface) (Remote UI Management)
The administrator can change the port number used by HTTP port anytime. (Remote UI Management)
Step 1. Set Web Management (WAN Interface). The administrator can change the port number used
by HTTP port anytime.
Authentication
The administrator can specify the port number and authentication time of authentication management system
for LAN user to access WAN network. (Needs to setup authentication table in advance)
Authentication functions:
Authentication Port: The port number used for user login page. When user want to access WAN network
and the authentication (Policy -> Outgoing) is enabled, the user has to send http request with this port number.
The Bandwidth Management Gateway will send a User Login page for user to input user name and password.
For example, if the gateway IP address is 192.168.1.1 and authentication port is 82, user have to open a web
browser and input http://192.168.1.1:82 on the address file to have the user login page.
Re-Login if Idle: When the LAN user access to WAN network and do not use for a while, the connection will
be time-out. User has to re-login again. The default time is 30 minutes and you can configure this time by
“System”-> “Setting” page.
- 20 -
BM-500 Bandwidth Management Gateway User’s Manual
MTU (set networking packet length)
The administrator can modify the networking packet length.
Step 1. MTU Setting. Modify the networking packet length.
- 21 -
BM-500 Bandwidth Management Gateway User’s Manual
To-Appliance Packets Log
Once this function is enabled, every packet to this appliance will be recorded for the administrator to trace.
Step 1. Select this option to the device’s To-Appliance Packets Log. Once this function is enabled,
every packet to this appliance will be recorded for system administrator to trace.
- 22 -
BM-500 Bandwidth Management Gateway User’s Manual
System Reboot
Once this function is enabled, the Bandwidth Management Gateway will be rebooted.
Reboot Bandwidth Management Gateway: Click Reboot.
A confirmation pop-up box will appear. Follow the confirmation pop-up box, click OK to restart Bandwidth
Management Gateway or click Cancel to discard changes
4.1.3 Date/Time
Synchronizing the Bandwidth Management Gateway with the System Clock
Administrator can configure the Bandwidth Management Gateway’s date and time by either syncing to an
Internet Network Time Server (NTP) or by syncing to your computer’s clock.
Follow these steps to sync to an Internet Time Server
Step 1. Enable synchronization by checking the box.
Step 2. Click the down arrow to select the offset time from GMT.
Step 3. Enter the Server IP Address or Server name with which you want to synchronize.
Step 4. Update system clock every 5 minutes You can set the interval time to synchronize with outside
servers. If you set it to 0, it means the device will not synchronize automatically.
- 23 -
BM-500 Bandwidth Management Gateway User’s Manual
Follow this step to sync to your computer’s clock.
Step 1. Click on the Sync button.
Click OK to apply the setting or click Cancel to discard changes.
4.1.4 Language
Administrator can configure the Bandwidth Management Gateway Select the Language version
Step 1. Select the Language version (English Version, Traditional Chinese Version or Simplified
Chinese Version).
Step 2. Click 【OK】to set the Language version or click Cancel to discard changes.
- 24 -
çç
BM-500 Bandwidth Management Gateway User’s Manual
4.1.5 Permitted IPs
Only the authorized IP address is permitted to manage the Bandwidth Management Gateway.
çç
- 25 -
BM-500 Bandwidth Management Gateway User’s Manual
Add Permitted IP Address
Step 1. Click New Entry button.
Step 2. In IP Address field, enter the LAN IP address or WAN IP address.
n IP address: Enter the LAN IP address or WAN IP address.
n Netmask: Enter the netmask of LAN/WAN.
n Ping: Select this to allow the external network to ping the IP Address of the Firewall.
n WebUI: Check this item, Web User can use HTTP to connect to the Setting window of
BandWidth Management Gateway.
Step 3. Click OK to add Permitted IP or click Cancel to discard changes.
Modify Permitted IP Address
Step 1. In the table of Permitted IPs,highlight the IP you want to modify, and then click Modify.
Step 2. In Modify Permitted IP, enter new IP address.
Step 3. Click OK to modify or click Cancel to discard changes.
- 26 -
Loading...
+ 120 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.