Planet Technology MH-2001 User Manual

MH-2001 Multi-Homing Security Gateway User’s Manual
Multi-Homing Security
Gateway
MH-2001
User’s Manual
MH-2001 Multi-Homing Security Gateway User’s Manual
Copyright© 2007 by PLANET Technology Corp. All rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language or computer language, in any form or by any means, electronic, mechanical, magnetic, optical, chemical, manual or otherwise, without the prior written permission of PLANET. PLANET makes no representations or warranties, either expressed or implied, with respect to the contents hereof and specifically disclaims any warranties, merchantability or fitness for any particular purpose. Any software described in this manual is sold or licensed "as is". Should the programs prove defective following their purchase, the buyer (and not this company, its distributor, or its dealer) assumes the entire cost of all necessary servicing, repair, and any incidental or consequential damages resulting from any defect in the software. Further, this company reserves the right to revise this publication and to make changes from time to time in the contents hereof without obligation to notify any person of such revision or changes. All brand and product names mentioned in this manual are trademarks and/or registered trademarks of their respective holders.
Disclaimer
PLANET Technology does not warrant that the hardware will work properly in all enviro nments and applications, and makes no warranty and representation, either implied or expressed, with respect to the quality, performance, merchantability, or fitness for a particular purpose. PLANET has made every effort to ensure that this User’s Manual is accurate; PLANET disclaims liability for any inaccuracies or omissions that may have occurred. Information in this User’s Manual is subject to change without notice and does not represent a commitment on the part of PLANET. PLANET assumes no responsibility for any inaccuracies that may be contained in this User’s Manual. PLANET makes no commitment to update or keep current the information in this User’s Manual, and reserves the right to make improvements to this User’s Manual and/or to the products described in this User’s Manual, at any time without notice. If you find information in this manual that is incorrect, misleading, or incomplete, we would appreciate your comments and suggestions.
Trademarks
The PLANET logo is a trademark of PLANET Technology. This documentation may refer to numerous hardware and software products by their trade names. In most, if not all cases, these designations are claimed as trademarks or registered trademarks by their respective companies.
CE mark Warning
This is a class B device, in a domestic environment; this product may cause radio interference, in which case the user may be required to take adequate measures.
Federal Communication Commission Interference Statement
This equipment has been tested and found to comply with the limits for a Class B digital device, pursu ant to Part 15 of FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses, and can radiate radio frequ ency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:
1. Reorient or relocate the receiving antenna.
2. Increase the separation between the equipment and receiver.
3. Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
4. Consult the dealer or an experienced radio technician for help.
MH-2001 Multi-Homing Security Gateway User’s Manual
FCC Caution:
To assure continued compliance (example-use only shielded interface cables when conne cting to computer or peripheral devices). Any changes or modifications not expressly approved by the party responsible for compliance could void the user’s authority to operate the equipment. This device complies with Part 15 of the FCC Rules. Operation is subject to the Following two conditions: (1) This device may not cause harmful interference, and (2) this Device must accept any interference received, including interference that may cause undesired operation.
R&TTE Compliance Statement
This equipment complies with all the requirements of DIRECTIVE 1999/5/EC OF THE EUROPEAN PARLIAMENT AND THE COUNCIL OF 9 March 1999 on radio equipment and telecommunication terminal Equipment and the mutual recognition of their conformity (R&TTE) The R&TTE Directive repeals and replaces in the directive 98/13/EEC (Telecommunications Terminal Equipment and Satellite Earth Station Equipment) As of April 8, 2000.
WEEE Caution
To avoid the potential effects on the environment and human health as a result of the presence of hazardous substances in electrical and electronic equipment, end users of electrical and electronic e quipment should understand the meaning of the crossed-out wheeled bin symbol. Do not dispose of WEEE as unsorted municipal waste and have to collect such WEEE separately.
Safety
This equipment is designed with the utmost care for the safety of those who install and use it. However, special attention must be paid to the dangers of electric shock and static electricity when working with electrical equipment. All guidelines of this and of the computer manufacture must therefore be allowed at all times to ensure the safe use of the equipment.
Customer Service
For information on customer service and support for the Multi-Homing Security Gateway, please refer to the following Website URL:
http://www.planet.com.tw
Before contacting customer service, please take a moment to gather the following information:
Multi-Homing Security Gateway serial number and MAC address Any error messages that displayed when the problem occurred Any software running when the problem occurred Steps you took to resolve the problem on your own
Revision
User’s Manual for PLANET Multi-Homing Security Gateway Model: MH-2001 Rev: 1.0 (April, 2007)
MH-2001 Multi-Homing Security Gateway User’s Manual
Table of Contents
CHAPTER 1: INTRODUCTION ........................................................................................................................ 1
1.1 FEATURES................................................................................................................................................................1
1.2 PACKAGE CONTENTS ..............................................................................................................................................2
1.3 MH-2001 FRONT VIEW........................................................................................................................................... 2
1.4 MH-2001 REAR PANEL...........................................................................................................................................3
1.5 SPECIFICATION........................................................................................................................................................4
CHAPTER 2: HARDWARE INSTALLA TION.................................................................................................... 5
2.1 INSTALLATION REQUIREMENTS ...............................................................................................................................5
2.2 OPERATION MODE...................................................................................................................................................6
2.2.1 Transparent Mode Connection Example...................................................................................................6
2.2.2 NAT Mode Connecting Example................................................................................................................ 7
CHAPTER 3: GETTING STARTED .................................................................................................................. 8
3.1 WEB CONFIGURATION.............................................................................................................................................8
3.2 CONFIGURE WAN 1 INTERFACE .............................................................................................................................9
3.3 CONFIGURE WAN 2 INTERFACE ...........................................................................................................................11
3.4 CONFIGURE DMZ INTERFACE...............................................................................................................................11
3.5 CONFIGURE POLICY .............................................................................................................................................. 11
CHAPTER 4: SYSTEM ................................................................................................................................... 13
4.1 ADMINISTRATION.................................................................................................................................................... 13
4.1.1 Admin ...........................................................................................................................................................13
4.1.2 Permitted IPs...............................................................................................................................................16
4.1.3 Software Update.........................................................................................................................................17
4.2 CONFIGURE ...........................................................................................................................................................18
4.2.1 Setting..........................................................................................................................................................18
4.2.2 Date/Time.................................................................................................................................................... 24
4.2.3 Multiple Subnet...........................................................................................................................................25
4.2.4 Route Table .................................................................................................................................................28
4.2.5 DHCP........................................................................................................................................................... 29
4.2.6 Dynamic DNS..............................................................................................................................................30
4.2.7 Host Table....................................................................................................................................................32
4.2.8 Language.....................................................................................................................................................32
4.3 LOGOUT.................................................................................................................................................................33
CHAPTER 5: INTERFACE.............................................................................................................................. 34
MH-2001 Multi-Homing Security Gateway User’s Manual
5.1 LAN.......................................................................................................................................................................34
5.2 WAN......................................................................................................................................................................35
5.3 DMZ...................................................................................................................................................................... 40
CHAPTER 6: POLICY OBJECT..................................................................................................................... 42
6.1 ADDRESS...............................................................................................................................................................42
6.1.1 LAN...............................................................................................................................................................42
6.1.2 LAN Group...................................................................................................................................................44
6.1.3 WAN............................................................................................................................................................. 45
6.1.4 WAN Group.................................................................................................................................................46
6.1.5 DMZ..............................................................................................................................................................47
6.1.6 DMZ Group..................................................................................................................................................49
6.1.7 Example1.....................................................................................................................................................51
6.1.8 Example2.....................................................................................................................................................53
6.2 SERVICE ................................................................................................................................................................56
6.2.1 Pre-defined..................................................................................................................................................56
6.2.2 Custom.........................................................................................................................................................57
6.2.3 Group............................................................................................................................................................58
6.3 SCHEDULE.............................................................................................................................................................60
6.4 QOS.......................................................................................................................................................................61
6.5 AUTHENTICATION...................................................................................................................................................63
6.5.1 Auth Setting.................................................................................................................................................63
6.5.2 Auth User.....................................................................................................................................................64
6.5.3 Auth User Group......................................................................................................................................... 67
6.5.4 Radius Server.............................................................................................................................................70
6.5.5 POP3............................................................................................................................................................90
6.6 CONTENT BLOCKING .............................................................................................................................................92
6.6.1 URL Blocking...............................................................................................................................................92
6.6.2 Script Blocking............................................................................................................................................ 94
6.6.3 Download Blocking..................................................................................................................................... 95
6.6.4 Upload Blocking..........................................................................................................................................96
6.7 IM/P2P BLOCKING................................................................................................................................................97
6.8 VIRTUAL SERVER...................................................................................................................................................98
6.8.1 Mapped IP ...................................................................................................................................................99
6.8.2 Virtual Server 1- 4.....................................................................................................................................102
6.9 VPN..................................................................................................................................................................... 104
6.9.1 Example.1...................................................................................................................................................111
6.9.2 Example.2.................................................................................................................................................. 124
6.9.3 Example.3.................................................................................................................................................. 182
6.9.4 Example.4.................................................................................................................................................. 195
MH-2001 Multi-Homing Security Gateway User’s Manual
6.9.5 Example.5.................................................................................................................................................. 208
6.9.6 Example.6.................................................................................................................................................. 218
CHAPTER 7: POLICY................................................................................................................................... 235
7.1 OUTGOING...........................................................................................................................................................238
7.2 INCOMING ............................................................................................................................................................242
7.3 WAN TO DMZ & LAN TO DMZ.........................................................................................................................244
7.4 DMZ TO WAN & DMZ TO LAN.........................................................................................................................247
CHAPTER 8: ANOMALY FLOW IP .............................................................................................................. 253
CHAPTER 9: MONITOR............................................................................................................................... 261
9.1 LOG...................................................................................................................................................................... 261
9.1.1 T raf fic Log..................................................................................................................................................262
9.1.2 Event ..........................................................................................................................................................264
9.1.3 Connection Log......................................................................................................................................... 266
9.1.4 Log Backup................................................................................................................................................268
9.2 ACCOUNTING REPORT.........................................................................................................................................270
9.2.1 Setting........................................................................................................................................................270
9.2.2 Outbound...................................................................................................................................................... 273
9.2.3 Inbound ........................................................................................................................................................ 277
9.3 STATISTICS ..........................................................................................................................................................280
9.3.1 WAN Statistics...........................................................................................................................................281
9.3.2 Policy Statistics.........................................................................................................................................284
9.4 WAKE ON LAN......................................................................................................................................................286
9.5 STATUS ................................................................................................................................................................287
9.5.1 Interface Status......................................................................................................................................... 287
9.5.2 Authentication............................................................................................................................................289
9.5.3 ARP Table..................................................................................................................................................290
9.5.4 DHCP Clients............................................................................................................................................291
MH-2001 Multi-Homing Security Gateway User’s Manual

Chapter 1: Introduction

As Internet become essential for your business, the only way to prevent your Internet connection from failure is to have more than one connection. PLANET’s Multi-Homing Security Gateway MH-2001 reduces the risk of potential shutdown if one of the Internet connections should fail. In addition, they allow you to perform load-balancing by distributing the traffic through two WAN connections.
Not only is a multi-homing device, PLANET’s MH-2001 also provides a complete security solution in a box. The policy-based firewall, Intrusion detection and prevention, content filtering function and VPN connectivity with 3DES and AES encryption make it become a perfect product for your network security. No more complex connection and settings for integrating different security produ cts on the network is required.
Bandwidth management function is also supported on MH-2001 to offers network administrators an easy and powerful means to allocate network resources based on business priorities, and to shape and control bandwidth usage.

1.1 Features

WAN Backup: The MH-2001 can monitor each WAN link status and automatically activate backup links
when a failure is detected. The detection is based on the configurable targ et Internet addresses.
Outbound Load Balancing: The network sessions are assigned based on the user configurable load
balancing mode, including “Auto”, “Round-Robin”, “By Traffic”, “By Session”, “By Packet”, “By Source IP” and “By Destination IP”. User can also configure which IP or TCP/UDP type of traffic use which WAN port to connect.
Policy-based Firewall: The built-in policy-based firewall prevent many known hacker attack including
SYN attack, ICMP flood, UDP flood, Ping of Death, etc. The access control function allowed only specified WAN or LAN use rs to use only allowed network services on specified time.
VPN Connectivity: The security gateway support PPTP and IPSec VPN. With DES, 3DES and AES
encryption and SHA-1 / MD5 authentication, the network traffic over public Internet is secured.
Content Filtering: The security gateway can block network connection based on URLs, Scripts (The
Pop-up, Java Applet, cookies and Active X), P2P (eDonkey, Bit Torrent and WinMX), Instant Messaging (MSN, Yahoo Messenger, ICQ, QQ and Skype) and Download/ Upload blocking.
Dynamic Host Control Protocol (DHCP) server: DHCP server can allocate up to 253 client IP
addresses and distribute them including IP address, subnet mask as well as DNS IP address to local computers. It provides an easy way to manage the local IP network.
Web based GUI: MH-2001 support s web based GUI for configuration and m anagement. It also support s
multiple language including English, Traditional Chinese and Simplified Chinese.
User Authentication: User database can be configured on the devices, MH-2001 also supports the
authenticated database through external RADIUS and POP3 server.
Bandwidth Management: Network packets can be classified based on IP address, IP subnet and
- 1 -
MH-2001 Multi-Homing Security Gateway User’s Manual
TCP/UDP port number and give guarantee and burst bandwidth with three level s of priority
Dynamic Domain Name System (DDNS): The Dynamic DNS service allows users to alias a dynamic
IP address to a static hostname.
Multiple NAT: Multiple NAT allows local port to set multiple subnet and connect to the Internet through
different WAN IP addresses.
Server Load Balancing: Up to 4 group virtual servers support server load balancing Accounting Report: Accounting report function can monitor the information about the Intranet and
External network traffic via MH-2001.

1.2 Package Contents

The following items should be included:
MH-2001
Multi-Homing Security Gateway x 1 User’s Manual CD-ROM x 1 Quick Installation Guide x 1 Power Adapter x 1 Cat5 Cable x 1 Mat x 4
If any of the contents are missing or damaged, please contact your deale r or distributor immediately.

1.3 MH-2001 Front View

MH-2001 Front Panel
LED / Button Definition
LED / Button Description Reset Button Press this button to restore factory default setting. PWR Power is supplied to this device. STATUS Blinks to indicate this devise is being turned on and
booting. Af ter four minutes, this LED indicator will stop blinking, it means this device is now ready to use.
WAN1, WAN2, LAN, DMZ
Steady on indicates the port is conn ected to other network device.
Blink to indicates there is traffic on the port
- 2 -
MH-2001 Multi-Homing Security Gateway User’s Manual
- Port definition
Port Description WAN1, WAN2 Connect to your xDSL/Cable modem or other Internet
connection devices
LAN Connect to your local PC, switch or other local network
device
DMZ Connect to your server or other network device

1.4 MH-2001 Rear Panel

MH-2001 Rear Panel
DC Power: connect one end of the power supply to this port, the other end to the electrical wall outlet.
- 3 -
MH-2001 Multi-Homing Security Gateway User’s Manual

1.5 Specification

Product Multi-Homing Security Gateway Model MH-2001 Hardware Ethernet
Button Reset button for reset to factory default setting Software
Management Network Connection Routing Protocol Outbound Load Balancing
Firewall
VPN Tunnels
LAN WAN DMZ
1 x 10/100Mbps RJ-45 2 x 10/100Mbps RJ-45 1 x 10/100Mbps RJ-45
Web DMZ_NAT, DMZ_Transparent, NAT Static Route, RIPv2 Policy-based routing
Load-balancing by Round-Robin, traffic, session, packet, Source IP and Destination IP Policy-based firewall rule with schedule NAT/ NAPT SPI firewall Prevention of SYN attack, ICMP Flood, UDP flood, Ping of Death, Tear Drop, IP Spoofing, IP route, Port Scan and Land attack 200/100
(Configure/Connection) VPN Functions
Content Filtering
Bandwidth Management
User authentication
Accounting Report
Log and Alarm
Statistics
Others
PPTP, IPSec DES, 3DES and AES encrypting SHA-1 / MD5 authentication algorithm Remote access VPN (Client-to-Site) and Site to Site VPN URL blocking, Script blocking (Pop up, Java Applet, cookies and Active X) IM blocking (MSN, Yahoo Messenger, ICQ, QQ and Skype) P2P blocking (eDonkey, Bit Torrent and WinMX) Download and Upload blocking Policy-based bandwidth management Guarantee and maximum bandwidth with 3 priority levels Classify traffics based on IP, IP subnet, TCP/UDP port Built-in user database with up to 200 entries Radius, POP3 authentication support Outbound/Inbound accounting report statistics by Source IP, Destination IP and Service Log and alarm for event and traffic Log can be saved from web, sent by e-mail or sent to syslog server Traffic statistic for interface (WAN 1/2) and policies Graphic display Record up to 30 days Firmware Upgradeable through Web Configuration Backup and Restore through Web Dynamic DNS NTP support DHCP server Multiple NAT and multiple DMZ (mapped IP) support Server load balancing
- 4 -
MH-2001 Multi-Homing Security Gateway User’s Manual

Chapter 2: Hardware Installation

2.1 Installation Requirements

Before installing MH-2001, make sure your network meets the following requirements.
- Mechanical Requirements
MH-2001 is installed between your Internet connection and local area network. You can place it on the table or rack, and locate the unit near the power outlet.
- Electrical Requirements
MH-2001 is a power-required device, which means, it will not work until it is powered. If your network PCs will need to transmit data all the time, please consider use an UPS (Uninterrupted Power Supply) for your MH-2001. It will prevent you from network data loss. In some area, installing a surge suppression device may also help to protect your device from being damaged by unregulated surge or current to the MH-2001.
- Network Requirements
In order for MH-2001 to secure your network traffic, the traffic must pass through the device at a useful point in a network. In most situations, MH-2001 should be placed behind the Internet connection device.
- 5 -
MH-2001 Multi-Homing Security Gateway User’s Manual

2.2 Operation Mode

MH-2001 DMZ port supports three operation modes, Disable, NAT and Transparent. In Disable mode, the DMZ port is not active. In transparent mode, MH-2001 works as proxy with forward DMZ packet to WAN and forward WAN packet to DMZ. The DMZ and WAN side IP addresses are in the same subnet. In NAT mode, DMZ side user will share one public IP address of WAN port to make Internet connection. Please find the following two pictures for example.

2.2.1 Transparent Mode Connection Example

Internet
ADSL / Cable
LAN
192.168.1.1
255.255.255.0
LAN PC1
192.168.1.2
ISP1
Modem
WAN1
61.11.11.11
LAN PC2
192.168.1.3
WAN2
62.22.22.22
MH-2001
DMZ PC1
61.11.11.12
ISP2
ADSL / Cable
Modem
DMZ Transparent
DMZ PC2
61.11.11.13
To WAN1
The WAN1 and DMZ side IP addresses are on the same subnet. This application is suitable if you have a subnet of IP addresses and you do not want to change any IP configuration on the subnet.
- 6 -

2.2.2 NAT Mode Connecting Example

MH-2001 Multi-Homing Security Gateway User’s Manual
DMZ and WAN1 IP addresses are on the different subnet. This provides higher security level then transparent mode.
- 7 -
MH-2001 Multi-Homing Security Gateway User’s Manual

Chapter 3: Getting Started

3.1 Web Configuration

STEP 1:
Connect the Administrator’s PC and the LAN port of MH-2001 to a hub or switch. Make sure there is a link light on the hub/switch for both connections. MH-2001 has an embedded web server used for management and configuration. Use a web browser to display the configurations of MH-2001 (such as Internet Explorer 4(or above) or Netscape 4.0(or above) with full java script support). The default IP address of MH-2001 is
192.168.1.1 with a subnet mask of 255.255.255.0. Therefore, the IP address of the Administrator PC must be in the range between 192.168.1.2– 192.168.1.254
If the company’s LAN IP Address is not subnet of 192.168.1.0, (i.e. LAN IP Address is 172.16.0.1), then the Administrator must change his/her PC IP address to be within the same range of the LAN subnet. Reboot the PC if necessary.
By default, MH-2001 is shipped with its DHCP Server function enabled. This means the client computers on the LAN network including the Administrator PC can set their TCP/IP settings to automatically obtain an IP address from the device.
The following table is a list of private IP addresses. These addresses may not be used as a WAN IP address.
10.0.0.0 ~ 10.255.255.255
172.16.0.0 ~ 172.31.255.255
192.168.0.0 ~ 192.168.255.255
STEP 2:
Once the Administrator PC has an IP address on the same network as the Multi-Homing Security Gateway, open up an Internet web browser and type in http://192.168.1.1
A pop-up screen will appea r and prompt for a username and p assword. A username and password is required to connect to MH-2001. Enter the default login username and password of Administrator (see below).
Username: admin Password: admin
in the address bar.
Click OK.
- 8 -
MH-2001 Multi-Homing Security Gateway User’s Manual

3.2 Configure WAN 1 interface

After entering the username and password, MH-2001 WebUI screen will display. Select the Interface tab on the left menu. Click on WAN from the sub-fun ction list, and a sub-function list will be displayed.
Click Modify button to configure WAN NO. 1 and the following page will be displayed.
Alive Indicator Site IP:
Service: ICMP You can select an IP address by Assist, or type an IP address manually.
This feature is used to ping an address for detecting WAN connection status.
- 9 -
MH-2001 Multi-Homing Security Gateway User’s Manual
Service: DNS You can select a DNS IP and Domain name by Assist, or type the related data manually.
PPPoE (ADSL User):
This option is for PPPoE users who are required to enter a username and password in
order to connect.
Username: Enter the PPPoE username provided by the ISP. Password: Enter the PPPoE password provided by the ISP. IP Address provided by ISP:
Dynamic: Select this if the IP address is automatically assigned by the ISP. Fixed: Select this if you were given a static IP address. Enter the IP address that is given to you by
your ISP.
Max. Upstream/Downstream Bandwidth: The bandwidth provided by ISP. Service-On-Demand:
The PPPoE connection will automatically disconnect after a length of idle time (no activities). Enter in the amount of idle minutes before disconnection. Enter ‘0’ if you do not want the PPPoE connection to disconnect at all.
For Dynamic IP Address (Cable Modem User):
This option is for users who are automatically assigned an
IP address by their ISP, such as cable modem users. The following fields apply:
MAC Address: This is the MAC Address of the device. Some ISPs require specified MAC add ress. If the
required MAC address is your PC’s, click Clone MAC Address.
Hostname: This will be the name assign to the device. Some cable modem ISP assigns a specific
hostname in order to connect to their network, please enter the hostname here. If not required by your ISP, you do not have to enter a hostname.
Domain Name: You can specify your own domain name or leave it blank. User Name: The user name is provided by ISP. Password: The password is provided by ISP. Max. Upstream/Downstream Bandwidth: The bandwidth provided by ISP.
For Static IP Address:
This option is for users who are assigned a static IP Address from their ISP. Your ISP
will provide all the information needed for this section such as IP Address, Netmask, Gateway, and DNS.
IP Address: Enter the static IP address assign ed to you by your ISP. This will be the public IP address of
the WAN 1 port of the device.
Netmask: This will be the Netmask of the WAN 1 network. (i.e. 255.255.255.0) Default Gateway: This will be the Gateway IP address. Domain Name Server (DNS): This is the IP Address of the DNS server.
Max. Upstream/Downstream Bandwidth: The bandwidth provided by ISP.
Ping:
Select this to allow the WAN network to ping the IP Address of MH-2001 This will allow people from the Internet to be able to ping MH-2001 WAN IP. If set to enable, the device will respond to echo request packets from the WAN network.
- 10 -
MH-2001 Multi-Homing Security Gateway User’s Manual
HTTP: Select this to allow the device WebUI to be accessed from the W AN network. This will allow the W ebUI to be configured from a user on the Internet. Keep in mind that the device always requires a username and password to enter the WebUI.

3.3 Configure WAN 2 interface

If you want to connect WAN 2 to another ISP connection, click Modify button of W AN No. 2 then repeat abov e procedures to setup.

3.4 Configure DMZ interface

Depends on your network requirement, you can disable the DMZ port, make DMZ port transparent to WAN 1 or enable NAT function on it. To configure the DMZ port, select the Interface tab on the left menu, then click on DMZ, the following page is shown.
Please refer to Section 2.2 for select the mode you need and configure relative IP parameters.

3.5 Configure Policy

STEP 1:
Click on the Policy tab from the main function menu, and then click on Outgoing (LAN to WAN) from the sub-function list.
STEP 2:
Click on New Entry button.
STEP 3:
When the New Entry option appears, enter the following configuration:
Source Address – select “Inside_Any” Destination Address – select “Outside_Any” Service - select “ANY” Action - select “Permit, ALL”
Click on OK to apply the changes.
- 11 -
MH-2001 Multi-Homing Security Gateway User’s Manual
STEP 4:
The configuration is successful when the screen below is displayed.
Please make sure that all the computers that are connected to the LAN port have their Default Gateway IP Address set to MH-2001’s LAN IP Address (i.e. 192.168.1.1). At this point, all the computers on the LAN network should gain access to the Internet immediately. If MH-2001 filter function is required, please refe r to the Policy section in chapter 7.
- 12 -
MH-2001 Multi-Homing Security Gateway User’s Manual

Chapter 4: System

MH-2001 Administration and monitoring configuration is set by the System Administrator. The System Administrator can add or modify System settings and monitoring mode. The sub Administrators can only read System settings but not modify them. In System, the System Administrator can:
1. Add and change the sub Administrator’s names and passwords;
2. Back up all MH-2001 settings into local files;
3. Set up alerts for Hackers invasion.
“System” is the managing of settings such as the privileges of packets that pass through MH-2001 and monitoring controls. Administrators may manage, monitor, and configure MH-2001 settings. All configurations are “read-only” for all users other than the Administrator; those users are not able to change any settings for MH-2001.

4.1 Administration

4.1.1 Admin

Click the System/Administration/Admin on the left menu, and the list of Administrato rs will display as bel ow.
Define the required fields of Administrator
Admin Name:
The username of Administrators and Sub Administrator for the MH-2001. The admin user name cannot
be removed; and the sub-admin user can be removed or configure.
The default Account: admin; Password: admin
Privilege:
The privileges of Administrators (Admin or Sub Admin). The username of the main Administrator is
Administrator with reading / writing privilege. Administrator also can change the system setting, log system status, and to increase or delete sub-administrator . Sub-Admin may be created by the Admin by
- 13 -
MH-2001 Multi-Homing Security Gateway User’s Manual
clicking system setting value.
Configure:
Click Modify to change the “Sub-Administrator’s” password or click Remove to delete a “Sub
Administrator.”
New Sub Admin
. Sub Admin have only read and monitor privilege and cannot change any
Changing the Main/Sub-Administrator’s Password
Step 1. The Modify Administrator Password window will appear. Enter in the required information:
Password: enter original password. New Password: enter new password Confirm Password: enter the new password again.
Step 2. Click OK to confirm password change or click Cancel to cancel it.
Adding a new Sub Administrator
Step 1. In the Add New Sub Administrator window:
Sub Admin Name: enter the username of new Sub Admin.Password: enter a password for the new Sub Admin.Confirm Password: enter the password again.
Step 2. Click OK to add the user or click Cancel to cancel the addition.
- 14 -
MH-2001 Multi-Homing Security Gateway User’s Manual
Removing a Sub Administrator
Step 1. In the Administration table, locate the Administrator name you want to edit, and click on the
Remove option in the Configure field.
Step 2. The Remove confirmation pop-up box will appear. Click OK to remove that Sub Admin or click
Cancel to cancel.
- 15 -
MH-2001 Multi-Homing Security Gateway User’s Manual

4.1.2 Permitted IPs

Add Permitted IPs
STEP 1Add the following setting in Permitted IPs of Administration:
Name: Enter a new name  IP Address: Enter a IP address you want to permitted  Netmask: Enter the Netmask( 255.255.255.255 mean s a host)  Service: Select Ping and HTTP  Click OK Complete add new permitted IPs
To make Permitted IPs be effective, it must cancel the Ping and HTTP selection in the WebUI of
MH-2001 that Administrator enter. (LAN, WAN, or DMZ Interface) Before canceling the HTTP selection of Interface, must set up t he Permitted IPs first, otherwise, it would cause the situation of cannot enter WebUI by appointed Interface.
- 16 -
MH-2001 Multi-Homing Security Gateway User’s Manual

4.1.3 Software Update

Under Software Update, the admin may update the device’s software with newer software. You may acquire the current version number of software in Version Number. Administrators may visit distributor’s web site to download the latest version and save it in server’s hard disc.
Step 1. Click Browse to select the latest version of Software. Step 2. Click OK to update software.
NOTE: It takes three minutes to update the software. The system will restart automatically after updating the software.
- 17 -
MH-2001 Multi-Homing Security Gateway User’s Manual

4.2 Configure

The Configure is according to the basic setting of theMH-2001. In this chapter the definition is Setting, Date/Time, Multiple Subnet, Route Table, DHCP, Dynamic DNS, Hosts Table, and Language settings.

4.2.1 Setting

The Administrator may use this function to backup, restore MH-2001 configurations or restore MH-2001 back to default factory settings. You can also set general setting like device’s name, E-mail setting and HTTP port on it.
Entering the Settings window
Click Setting in the System/configure menu to enter the Settings window. MH-2001 Configuration settings will be shown on the screen.
Exporting MH-2001 settings
Step 1. Under Backup/Restore Configuration, click on the Download button next to Export System
Settings to Client.
Step 2. When the File Download pop-up window appears, choose the destination place to save the
exported file.
- 18 -
MH-2001 Multi-Homing Security Gateway User’s Manual
Importing MH-2001 settings
Under Backup/Restore Configuration, click on the Browse button next to Import System Settings. When the Choose File pop-up window appears, select the file which contains the saved MH-2001 Settings, then click OK. Click OK to import the file into MH-2001 or click Cancel to cancel importing.
- 19 -
Restoring Factory Default Settings
Step 1. Select Reset Factory Settings.
Click OK at the bottom-right of the screen to restore the factory settings.
MH-2001 Multi-Homing Security Gateway User’s Manual
System Name Setting
Step 1. You can modify your device name. Enter the new name in the field. Step 2. Click OK at the bottom-right of the screen.
Enabling E-mail Alert Notification
Step 1. Select Enable E-mail Alert Notification under E-Mail Settings. This function will enable the
MH-2001 to send e-mail alerts to the System Administrator when the network is being attacked by hackers or when emergency conditions occur.
Step 2. SMTP Server IP: Enter SMTP server’s IP address. Step 3. E-Mail Address 1: Enter the first e-mail address to receive the alarm notification. Step 4. E-Mail Address 2: Enter the second e-mail address to receive the alarm notification. (Optional) Step 5. Click OK on the bottom-right of the screen to enable E-mail alert notification.
- 20 -
MH-2001 Multi-Homing Security Gateway User’s Manual
Click on Mail T est to test if E-mail Address 1 and E-mail Address 2 can receive the Alert Notification
correctly.
Web Management (WAN Interface)
The administrator can change the port number used by HTTP port anytime. (Remote WebUI management)
After HTTP port has changed, if the administrator want to enter WebUI from WAN, will have to change
the port number of browser. (For example: http://61.62.108.172:8080)
Step 1. Set Web Management (WAN Interface). Enter the new port number used by HTTP port.
( Range 1 – 65535 )
Step 2. Click OK at the bottom-right of the screen.
- 21 -
MH-2001 Multi-Homing Security Gateway User’s Manual
MTU (set networking packet length)
The administrator can modify the networking packet length.
Step 1. MTU Setting. Modify the networking packet length. ( Range 40 – 1500 ) Step 2. Click OK at the bottom-right of the screen.
Dynamic Routing (RIPv2)
Enable Dynamic Routing (RIPv2), MH-2001 will switch the routing information of RIP. The routers which support RIP can connect automatically. You can choose to enable LAN, WAN1, WAN2 or DMZ interface to allow RIP protocol supporting. Routing information update timer: MH-2001 will send out the RIP protocol in a period of time to update the routing table, the default timer is 30 seconds. Routing information timeout: If MH-2001 does not receive the RIP protocol fro m the other router in a peri od of time, MH-2001 will cut off the routing automatically until it receives RIP protocol again. The default timer is 180 seconds.
- 22 -
MH-2001 Multi-Homing Security Gateway User’s Manual
SIP protocol pass-through
Select this option to the device’s SIP protocol pass-through. Once this function is enabled, the SIP packets will be allowed to pass-throug h via MH-2001.
To-Appliance Packets Log
Select this option to the device’s To-Appliance Packets Log. Once this function is enabled, every packet to this appliance will be recorded for system administrator to trace.
- 23 -
MH-2001 Multi-Homing Security Gateway User’s Manual
System Reboot
Once this function is enabled, MH-2001 will be rebooted. Click Reboot. The confirmation pop-up box will appear. Click OK to restart MH-2001 or click Cancel to discard changes

4.2.2 Date/Time

Synchronizing the MH-2001 with the System Clock
Administrator can configure MH-2001’s date and time by either syncing to an Internet Network Time Server (NTP) or by syncing to your computer’s clock.
Follow these steps to sync to an Internet T i me Server Step 1. Enable synchronization by checking the box. Step 2. Click the down arrow to select the offset time from GMT. Step 3. Enter the Server IP Address or Server name with which you want to synchronize. Step 4. Update system clock every 120 minutes You can set the interval time to synchronize with
outside servers. If you set it to 0, it means the device will not synchronize automatically.
Follow this step to sync to your computer’s clock. Step 1. Click on the Sync button. Click OK to apply the setting or click Cancel to disca rd changes.
- 24 -
Loading...
+ 267 hidden pages