QNO 2WAN 3LAN User Manual

English User’s Manual

2222WAN

WANWAN

WAN 3

3 3

3LAN

LANLAN

LAN

VPN

VPN VPN

VPN QoS Security Router

QoS Security RouterQoS Security Router

QoS Security Router

Load Balance, Bandwidth Management, VPN, and Network Security

2WAN 3LAN VPN QoS Security Router

I

Product Manual Using Permit Agreement

[Product Manual (hereafter the "Manual") Using Permit Agreement] hereafter the "Agreement" is

the using permit of the Manual, and the relevant rights and obligations between the users and

Qno Technology Inc (hereafter "Qno"), and is the exclusion to remit or limit the liability of Qno.

The users who obtain the file of this manual directly or indirectly, and users who use the relevant

services, must obey this Agreement.

Important Notice: Qno would like to remind the users to read the clauses of the "Agreement"

before downloading and reading this Manual. Unless you accept the clauses of this "Agreement",

please return this Manual and relevant services. The downloading or reading of this Manual is

regarded as accepting this "Agreement" and the restriction of clauses in this "Agreement".

【1】Statement of Intellectual Property

Any text and corresponding combination, diagram, interface design, printing materials or

electronic file are protected by copyright of our country, clauses of international copyright and

other regulations of intellectual property. When the user copies the "Manual", this statement of

intellectual property must also be copied and indicated. Otherwise, Qno regards it as tort and

relevant duty will be prosecuted as well.

【2】Scope of Authority of "Manual"

The user may install, use, display and read this "Manual on the complete set of computer.

【3】User Notice

If users obey the law and this Agreement, they may use this "Manual" in accordance with

"Agreement". If the users violate the "Agreement", Qno will terminate the using authority and

destroy the copy of this "Manual". The "hardcopy or softcopy" of this Manual is restricted using for

information, non-commercial and personal purpose. Besides, it is not allowed to copy or

announce on any network computer. Furthermore, it is not allowed to disseminate on any media.

It is not allowed to modify any part of the "file". Using for other purposes is prohibited by law and

it may cause serious civil and criminal punishment. The transgressor will receive the accusation

possibly.

【4】Legal Liability and Exclusion

2WAN 3LAN VPN QoS Security Router

II

【4-1】Qno will check the mistake of the texts and diagrams with all strength. However, Qno,

distributors, and resellers do not bear any liability for direct or indirect economic loss, data loss or

other corresponding commercial loss to the user or relevant personnel due to the possible

omission.

【4-2】In order to protect the autonomy of the business development and adjustment of Qno, Qno

reserves the right to adjust or terminate the software / Manual any time without informing the

users. There will be no further notice regarding the product upgrade or change of technical

specification. If it is necessary, the change or termination will be announced in the relevant block

of the Qno website.

【4-3】All the set parameters are examples and they are for reference only. You may also purpose

your opinion or suggestion. We will take it as reference and they may be amended in the next

version.

【4-4】This Manual explains the configuration of all functions for the products of the same series.

The actual functions of the product may vary with the model. Therefore, some functions may not

be found on the product you purchased.

【4-5】Qno reserves the right to change the file content of this Manual and the Manual content

may not be updated instantly. To know more about the updated information of the product, please

visit Qno official website.

【4-6】Qno (and / or) distributors hereby declares that no liability will be born for any guarantee

and condition of the corresponding information. The guarantee and condition include tacit

guarantee and condition about marketability, suitability for special purposes, ownership, and

non-infringement. The name of the companies and products mentioned may be the trademark of

the owners. Qno (and/or) the distributors do not provide the product or software of any third

party company. Under any circumstance, Qno and / or distributors bear no liability for special,

indirect, derivative loss or any type of loss in the lawsuit caused by usage or information on the

file, no matter the lawsuit is related to agreement, omission, or other tort.

【5】Other Clauses

【5-1】The potency of this Agreement is over any other verbal or written record. The invalidation

of part or whole of any clause does not affect the potency of other clauses.

【5-2】The power of interpretation, potency and dispute are applicable for the law of Taiwan. If

there is any dissension or dispute between the users and Qno, it should be attempted to solve by

consultation first. If it is not solved by consultation, user agrees that the dissension or dispute is

brought to trial in the jurisdiction of the court in the location of Qno. In Mainland China, the "China

International Economic and Trade Arbitration Commission" is the arbitration organization.

2WAN 3LAN VPN QoS Security Router

III

Content

I. Introduction.................................................................................................................................................1

II. Hardware Installation...............................................................................................................................2

2.1 VPN QoS Router LED Signal ................................................................................................................... 2

2.2 VPN QoS Router Network Connection ................................................................................................ 3

III. Quick Configuration................................................................................................................................5

3.1 Login and Set Up ........................................................................................................................................ 5

3.2 Home Page.................................................................................................................................................... 5

3.2.1 System Information......................................................................................................................... 5

3.2.2 Port Statistics..................................................................................................................................... 6

3.2.3 General Setting Status ................................................................................................................... 7

3.2.4 Advanced Setting Status ...............................................................................................................8

3.2.5 Firewall Setting Status ................................................................................................................... 8

3.2.6 VPN Setting Status ..........................................................................................................................9

3.3 General Setting ........................................................................................................................................... 9

3.3.1 Configure .............................................................................................................................................9

3.3.2 Dual WAN ..........................................................................................................................................14

3.3.3 QoS ......................................................................................................................................................21

3.3.4 Password............................................................................................................................................29

3.3.5 Time..................................................................................................................................................... 30

IV. Advanced Configuration........................................................................................................................33

4.1 DMZ Host-(Demilitarized Zone).......................................................................................................... 33

4.2 Forwarding .................................................................................................................................................. 34

4.3 UPnP- (Universal Plug and Play)......................................................................................................... 37

4.4 Routing......................................................................................................................................................... 39

4.5 One-to-One NAT ....................................................................................................................................... 40

4.6 DDNS- Dynamic Domain Name Service .......................................................................................... 42

4.7 MAC Clone................................................................................................................................................... 44

4.8 DHCP IP Issuing Server ......................................................................................................................... 45

4.8.1 Dynamic IP........................................................................................................................................45

4.8.2 IP & MAC Binding............................................................................................................................ 46

4.8.3 DNS & WINS Server ......................................................................................................................49

4.8.4 DHCP Status .....................................................................................................................................49

V. Tool Configuration...................................................................................................................................51

5.1 Diagnostic ................................................................................................................................................... 51

2WAN 3LAN VPN QoS Security Router

IV

5.2 Restart.......................................................................................................................................................... 52

5.3 Return to Factory Default Setting ...................................................................................................... 52

5.4 Firmware Upgrade.................................................................................................................................... 53

5.5 Setting Backup .......................................................................................................................................... 54

VI. Firewall Configuration..........................................................................................................................56

6.1 General Settings ....................................................................................................................................... 56

6.2 Access Rule................................................................................................................................................. 58

6.2.1 Add a new Rule ...............................................................................................................................61

VII. VPN Configuration.....................................................................................................................63

7.1 Display All VPN Summary ..................................................................................................................... 63

7.2 Gateway to Gateway VPN ..................................................................................................................... 66

7.2.1 Tunnel Setup ....................................................................................................................................67

7.2.2 IPSec Setup ...................................................................................................................................... 75

7.2.3 VPN Advanced..................................................................................................................................78

7.3 Client to Gateway & Group VPN ......................................................................................................... 79

7.4 PPTP Setting ............................................................................................................................................... 81

7.5 VPN Pass Through .................................................................................................................................... 83

VIII. QVM VPN Function Setup.................................................................................................................85

IX. Log Configuration..................................................................................................................................87

9.1 System Log................................................................................................................................................. 87

9.2 System Statistics...................................................................................................................................... 89

9.3 Traffic Statistic........................................................................................................................................... 90

9.4 Specific IP/ Port Status .......................................................................................................................... 92

X. Logout.......................................................................................................................................................96

Appendix I: VPN setting Sample.................................................................................................................97

Appendix II：：：：Qno Technical Support Information................................................................................101

2WAN 3LAN VPN QoS Security Router

1

I. Introduction

2 WAN 3 LAN VPN QoS Router (referred as VPN QoS Router hereby) is a small business,
local branch, and government and school department level router that high efficiently
integrates full function VPN QoS Router with well worth it's value. This VPN QoS Router has
two WAN ports and also provides high proformance dual-line Intelligent Load Balancing which
supports exteral connections of WAN prot. Besides, Internet connection capacity is satisfied
with the spec. of most bandwidth marketing. Moreover, the second WAN port can be a
configurable hardware DMZ port. In addition, VPN QoS Router has 3 10/100 Bazs-T/TX
Ethernet (RJ45) Switch ports, each of which can connect extra switches to connect more
Internet devices.

To fulfill the requirement for self defense of most enterprise against from the Internet
network attack, our VPN QoS Router has firewall system embedded. In addition to include
NAT, it has DoS (Denial of Service), and SPI (Stateful Packet Inspection). Also it could use the
default setting to automatically detect the Internet network attack.

And, Qno is a supporter of the IPSec Protocol. IPSec VPN provides DES(56bit),
3DES(168bit), MD5 & SHA certification. VPN QoS Router also has unique QVM VPN­SmartLink IPSec VPN. Just input VPN server IP, user name, and password, and IPSec VPN will
be automatically set up. Through VPN QoS Router exclusive QVM function, users can set up
QVM to work as a server, and have it accept other QVM series products from client ports.

VPN QoS Router also has unique QVM VPN- SmartLink IPSec VPN. Just input VPN server
IP, user name, and password, and IPSec VPN will be automatically set up. Through VPN QoS
Router exclusive QVM function, users can set up QVM to work as a server, and have it accept
other QVM series products from client ports. QVM offers easy VPN allocation for users; users
can do it even without a network administrator. VPN QoS Router enables enterprises to
benefit from VPN without being troubled with technical and network management problems.
The central control function enables the host to log in remote client computers at any time.
Security and secrecy are guaranteed to meet the IPSec standard, so as to ensure the
continuity of VPN service.

NAT (Network Address Translation) can do Private IP and Public IP exchange, which you
can only need one Public IP but many people could go to the Internet at the same time.
Besides, it includes virtual NAT application function, which makes the network environment
more flexible and easier to manage.

Through web- based UI, VPN QoS Router enables enterprises to have their own network
access rules . To control web access, users can build and edit filter lists. It also enables users
to ban or monitor websites according to their needs. By the filter setting and complete OS
management, school and business internet management will be clearly improved. VPN QoS
Router offers various on-line SysLog records. It supports on-line management setup tools; it
makes setting up networks easy to understand. It also reinforces the management of
network access rules, VPN, and all other network services.

2WAN 3LAN VPN QoS Security Router

2

II. Hardware Installation

In this chapter we are going to introduce hardware interface as well as physical
installation.

2.1 VPN QoS Router LED Signal

LED Signal Description

LED Color Description

Power

Green Green LED on: Power ON

DIAG

Amber Amber LED on: System self-test is running.

Amber LED off: System self-test is completed
successfully.

Link/Act

（Green light at the

right of the port）

Green Green LED on: Ethernet connection is fine.

Green LED blinking: Packets are transmitting through
Ethernet port.

100M- Speed

（Amber light at the

left of the port）

Amber Green LED on: Ethernet is running at 100Mbps.

Green LED off: Ethernet is running at 10Mbps.

Connect

Green Green LED on: WAN is connected and gets the IP address.

Reset

Action Description

Press Reset Button For 5 Secs

Warm Start
DIAG indicator: Amber LED flashing slowly.

Press Reset Button Over 10 Secs

Factory Default

DIAG indicator: Amber LED flashing quickly.

System Built-in Battery

A system timing battery is built into VPN QoS Router. The lifespan of the battery is about
1~2 years. If the battery life is over or it can not be charged, VPN QoS Router will not be able
to record time correctly, nor synchronize with internet NTP time server. Please contact your
system supplier for information on how to replace the battery.

Attention!

Do not replace the battery yourself; otherwise irreparable damage to the product may

be caused.

Installing VPN QoS Router on a Standard 19” Rack

2WAN 3LAN VPN QoS Security Router

3

We suggest to either place VPN QoS Router on a desk or install it in a rack with attached
brackets. Do not place other heavy objects together with VPN QoS Router on a rack.
Overloading may cause the rack to fail, thus causing damage or danger.

Each VPN QoS Router comes with a set of rack installation accessories, including 2 L­shaped brackets and 8 screws. Users can rack- mount the device onto the chassis. Please
refer to the figure below for the installation onto a 19” rack:

Attention!

In order for the device to run smoothly, wherever users install it, be sure not to obstruct

the vent on each side of the device. Keep at least 10cm space in front of both the vents for

air convection.

2.2 VPN QoS Router Network Connection

WAN connection ： A WAN port can be connected with xDSL Modem, Fiber Modem,
Switching Hub, or through an external router to connect to the Internet.

LAN Connection: The LAN port can be connected to a Switching Hub or directly to a PC.

2WAN 3LAN VPN QoS Security Router

4

Users can use servers for monitoring or filtering through the port after “Physical Port
Mangement” configuration is done.

DMZ : The DMZ port can be connected to servers that have legal IP addresses, such as Web
servers, mail servers, etc.

2WAN 3LAN VPN QoS Security Router

5

III. Quick Configuration

In this chapter we are going to introduce software setting interface, explaining the
message of home page as well as basic connection setting.

3.1 Login and Set Up

VPN QoS Router default username and password are both “admin”. Users can change the

login password in the setting later.

Attention!

For security, we strongly suggest that users must change password after login. Please

keep the password safe, or you can not login to VPN QoS Router. Press Reset button for
more than 10 sec, all the setting will return to default.

3.2 Home Page

In the Home page, all the device parameters and status are listed for users’ reference. For

detailed settings, click each parameter or status hyperlink below: the relevant set-up tab will be

loaded for users to choose their management options.

3.2.1 System Information

2WAN 3LAN VPN QoS Security Router

6

Serial No.

This number is the device serial number.

Firmware version

Information about the device present software version.

CPU (Central Processing Unit)

Indicates the device CPU model No.: Intel IXP425-533MHz

System active time:

Indicates how long the device has been running.

Current Time:

Indicates the device present time, but you have to pay attention to set the synchronous
time with that of the romote NTP server, and then the time will be shown correctly.

3.2.2 Port Statistics

2WAN 3LAN VPN QoS Security Router

7

The current port setting status information will be shown in the Port Status Table. Examples:

Network connection, port (on or off), priority (high or normal), connection speed (10Mbps or

100Mbps), duplex status (half-duplex or full duplex), and auto negotiation (Enabled or Disabled).

3.2.3 General Setting Status

LAN IP:

Indicates the LAN port current IP configuration. The default IP is 192.168.1.1. Click the
hyperlink to enter and manage the configuration.

WAN 1 IP:

Indicates the WAN1 current IP configuration. Click the hyperlink to enter and manage the
configuration. When “Obtain an IP automatically” is selected, two buttons (Release and
Renew) will appear on the right of the page. Click “Release” to release the IP that is issued by
the ISP, and click “Renew” to refresh the IP that is issued by the ISP. If a WAN connection,
such as PPPoE or PPTP, is selected, “Disconnect” and “Connect” will appear on the page.

WAN 2/DMZ IP:

Indicates the WAN2 or DMZ current IP configuration. Click the hyperlink to enter and
manage the configuration.

Default Gateway:

Indicates the current Gateway IP configuration. Click the hyperlink to enter and manage
the configuration.

DNS:

Indicates the current DNS IP configuration. Click the hyperlink to enter and manage the

2WAN 3LAN VPN QoS Security Router

8

configuration.

3.2.4 Advanced Setting Status

DMZ Host:

Indicates if DMZ is activated. Click the hyperlink to enter and manage the configuration.
The default configuration is “Disabled”.

Working Mode:

Indicates the the device current operation mode (either Gateway mode or Router mode).
Click the hyperlink to enter and manage the configuration. The default operation mode is
Gateway mode.

DDNS (Dynamic Domain Name Service):

Indicates if Dynamic Domain Name is activated. Click the hyperlink to enter and manage
the configuration. The default configuration is “Off”.

3.2.5 Firewall Setting Status

SPI (Stateful Packet Inspection):

Indicates whether SPI (Stateful Packet Inspection) is on or off. Click the hyperlink to
enter and manage the configuration. The default configuration is “Off”.

DoS (Denial of Service):

Indicates if DoS attack prevention is activated. Click the hyperlink to enter and manage

the

configuration. The default configuration is “Off”.

Block WAN Request:

Indicates that denying the connection from Internet is activated. Click the hyperlink to

2WAN 3LAN VPN QoS Security Router

9

enter and manage the configuration. The default configuration is “Off”.

Remote Management:

Indicates if remote management is activated (on or off). Click the hyperlink to enter and
manage the configuration. The default configuration is “Off”.

3.2.6 VPN Setting Status

VPN Summary:

Indicates VPN configuration status. Click the hyperlink to enter and manage the

configuration.

Tunnel(s) Used:

Indicates number of tunnels that have been configured in VPN (Virtual Private

Network).

Tunnel(s) Available:

Indicates number of tunnels that are available for VPN (Virtual Private Network).

3.3 General Setting

General Setting provides basic VPN QoS Router Internet connection setting. For most users,

it’s enough to go to Internet after making basic setting without doing any changes. However, to

connect Internet still needs some ISPs to provide advanced detail information. Therefore, please

refer to the following explaination of the detail setting.

3.3.1 Configure

2WAN 3LAN VPN QoS Security Router

10

Host Name and Domain Name

Device name and domain name can be input in the two boxes. Though this configuration

is not necessary in most environments, some ISPs in some countries may require it.

LAN Setting

This is configuration information for the device current LAN IP address. The default

configuration is 192.168.1.1 and the default Subnet Mask is 255.255.255.0. Now it can

support to the IP Class C network and also it can be changed according to the actual network

structure.

Dual-WAN / DMZ Setting

It provides a configurable WAN 2 or DMZ port. First, choose this port as the second WAN

port or define it as DMZ mode, and then keep doing the following setting.

DMZ Setting

For some network environments, an independent DMZ port may be required to set up

externally connected servers such as WEB and Mail servers. Therefore, the device supports

a set of independent DMZ ports for users to set up connections for servers with real IPs. The

2WAN 3LAN VPN QoS Security Router

11

DMZ ports act as bridges between the Internet and LANs.

Subnet：

The DMZ and WAN located in different Subnets

For example: If the ISP issued 16 real IP addresses: 220.243.230.1-16 with Mask

255.255.255.240, users have to separate the 16 IP addresses into two groups: 220.243.230.1-8

with Mask 255.255.255.248, and 220.243.230.9-16 with Mask 255.255.255.248 and then set the

device and the gateway in the same group with the other group in the DMZ.

Range：

DMZ and WAN within same Subnet

IP Range for DMZ port: Put IP range in DMZ port.

After the changes are completed, click “Apply” to save the configuration, or click “Cancel"

to leave without making any changes.

2WAN 3LAN VPN QoS Security Router

12

WAN Connection Type

Obtain an IP automatically

This mode is often used in the connection mode to obtain an automatic DHCP IP. This is the

device system default connection mode. It is a connection mode in which DHCP clients obtain an

IP address automatically, which is often applied in Cable Modem or DHCP Client connection mode,

etc. If having a different connection mode, please refer to the following introduction for selection

of appropriate configurations. Users can also set up their own DNS IP address (Use the Following

DNS Server Address). Check the options and input the user-defined DNS IP addresses.

Static IP

If ISP issue a static IP (such as one IP or eight IPs, etc.), please select this connection mode

and follow the steps below to input the IP numbers issued by ISP into the relevant boxes.

Attention: Even if ISP offers a static IP address, it might be an automatic mode to

obtain a DHCP IP or to obtain a PPPoE dial-up IP. Although the IP address obtained will be

the same each time, users still must select the correct connecting mode!

2WAN 3LAN VPN QoS Security Router

13

Specify WAN

IP address:

Input the available static IP address issued by ISP.

Subnet Mask: Input the subnet

mask of the static IP address issued by ISP, such

as:

Issued eight static IP addresses: 255.255.255.248

Issued 16 static IP addresses: 255.255.255.240

Default

Gateway

Address:

Input the default gateway issued by ISP. For ADSL users, it is

usually an ATU-

R IP address. As for optical fiber users, please input

the optical fiber switching IP.

Domain Name

Server (DNS)：：：：

Input the DNS IP address issued by ISP. At least one IP group

should be input. The maximum acceptable is two IP groups.

Point-to-Point Protocol over Ethernet

This option is for an ADSL virtual dial-up connection (suitable for ADSL PPPoE). Input the user

connection name and password issued by ISP. Then use the PPP Over-Ethernet software built into

the device to connect with the Internet. If the PC has been installed with the PPPoE dialing

software provided by ISP, remove it. This software will no longer be used for network connection.

2WAN 3LAN VPN QoS Security Router

14

User Name: Input the user name issued by ISP.

Password Input the password issued by ISP.

Connect on

Demand:

This function enables the auto-

dialing function to be used in a

PPPoE dial connection. When the client port attempts to

connect with the Internet, the device will automatically make a

dial connection. If the line has been idle for a period of time,

the system will break the connection automatically. (The

default time for automatic break-

off resulting from no packet

transmissions is five minutes).

Keep Alive: This function enables the PPPoE dial connection to keep

connected, and to automatically redial if the line is

interrupted. It also enables a user to set up a time for

redialing. The default is 30 seconds.

After the changes are completed, click “Apply” to save the configuration, or click

“Cancel" to leave without making any change.

3.3.2 Dual WAN

If you have chosen the second WAN, then you can employment this setting.

Network Service Detection

2WAN 3LAN VPN QoS Security Router

15

Network Service Detection System:

This is a detection system for network external services. If this option is selected,

information such “Retry Count” or “Retry Timeout” will be displayed. If two WANs

are used for external connection, be sure to activate the NSD system, so as to avoid

any unwanted break caused by the device misjudgment of the overload traffic for the

WAN.

Retry Count: This selects the retry times for network service detection. The

default is five times. If there is no feedback from the Internet in

the configured “Retry Times", it will be judged as “External

Connection Interrupted”.

Retry Timeout: Delay time for external connection detection latency. The default

is 30 seconds. After the retry timeout, external service detection

will restart.

When Fail: (1) Generate the Error Condition in the System Log: If an ISP

connection failure is detected, an error message will be

recorded in the System Log. This line will not be removed;

therefore, the some of the users on this line will not have

normal connections.

This option is suitable under the condition that one of the WAN

2WAN 3LAN VPN QoS Security Router

16

connections has failed; the traffic going through this WAN to

the destination IP cannot shift to another WAN to reach the

destination. For example, if users want the traffic to 10.0.0.1

~ 10.254.254.254 to go only through WAN1, while WAN2 is

not to support these destinations, users should select this

option. When the WAN1 connection is interrupted, packets for

10.0.0.1~10.254.254.254 cannot be transmitted through

WAN 2, and there is no need to remove the connection when

WAN 1 is interrupted.

(2) Remove the Connection: If an ISP connection failure is

detected, no error message will be recorded in the System

Log. The packet transmitted through this WAN will be shifted

to the other WAN automatically, and be shifted back again

when the connection for the original WAN is repaired and

reconnected.

This option is suitable when one of the WAN connections fails

and the traffic going through this WAN to the destination IP

should go through the other WAN to reach the destination. In

this way, when any of the WAN connections is broken, other

WANs can serve as a backup; traffic can be shifted to a WAN

that is still connected.

Detecting Feedback Servers:

Default

Gateway:

The local default communication gateway location, such as the

IP address of an ADSL router, will be input automatically by the

device. Therefore, users just need to check the option if this

function is needed. Attention! Some gateways of an ADSL

network will not affect packet detection. If users have an optical

fiber box, or the IP issued by ISP is a public IP and the gateway

is located at the port of the net café rather than at the IP

provider’s port, do not activate this option.

ISP Server: This is the detected location for the ISP port, such as the DNS IP

address of ISP. When configuring an IP address for this function,

make sure this IP is capable of receiving feedback stably and

speedily. (Please input the DNS IP of the ISP port)

2WAN 3LAN VPN QoS Security Router

17

Remote Server: This is the detected location for the remote Network Segment.

This Remote Host IP should better be capable of receiving

feedback stably and speedily. (Please input the DNS IP of the ISP

port).

Use DNS server

for Domain

Name Service:

This is the detect location for DNS. (Only a web address such as

www.hinet.net is acceptable here. Do not input an IP address.)

In addition, do not input the same web address in this box for

two different WANs.

Apply: After the changes are completed, click “Apply” to save the

network configuration modification.

Cancel: Click “Cancel" to leave without making any change, but only it

works before you click apply button.

Bandwidth

Automatic load balance ratio will be made according to the upstream bandwidth users input for

the two WAN ports. For instance, if the upstream bandwidth for both WANs is 512Kbit/sec, the

automatic balance ratio will be 1:1. If one WAN upstream bandwidth is 1024Kbit/sec while the

other is 512Kbit/sec, the automatic balance ratio will be 2:1. Therefore, to ensure the load can

be really balanced, please input the actual upstream and downstream bandwidth. In addition,

the data users input will also affect the QoS configuration. Please refer to QoS Configuration.

Protocol Binding

Users can define specific IP addresses or specific application service ports to go through a

user-assigned WAN for external connections. For any other unassigned IP addresses and

services, WAN load balancing will still be carried out.

2WAN 3LAN VPN QoS Security Router

18

Service: This is to select the Binding Service Port to be activated. The

default (such as ALL-TCP&UDP 0~65535, WWW 80~80, FTP 21 to

21, etc.) can be selected from the pull-down option list. The default

Service is All 0~65535.

Option List for Service Management: Click the button to enter the

Service Port configuration page to add or remove default Service

Ports on the option list.

Source IP: Users can assign packets of specific Intranet virtual IP to go

through a specific WAN port for external connection. In the boxes

here, input the Intranet virtual IP address range; for example, if

192.168.1.100~150 is input, the binding range will be 100~150. If

only specific Service Ports need to be designated, while specific IP

designation is not necessary, input “0” in the IP boxes.

Destination

IP:

In the boxes, input an external static IP address. For example, if

connections to destination IP address 210.11.1.1 are to be

2WAN 3LAN VPN QoS Security Router

19

restricted to WAN1, the external static IP address 210.1.1.1 ~

210.1.1.1 should be input. If a range of destinations is to be

assigned, input the range such as 210.11.1.1 ~ 210.11.255.254.

This means the Class B Network Segment of 210.11.x.x will be

restricted to a specific WAN. If only specific Service Ports need to

be designated, while a specific IP destination assignment is not

required, input “0” into the IP boxes.

Interface: Select the WAN for which users want to set up the binding rule.

Enable: To activate the rule.

Add To List: To add this rule to the list.

Delete

selected

application:

To remove the rules selected from the Service List.

Apply: Click “Apply” to save the modification.

Cancel: Click “Cancel" to leave without making any change, but only it

works before you click apply button.

Add or Remove Service Ports

If the Service Port users want to activate is not in the list, users can click “Add or Remove Service

Ports from “Service Management” to arrange the list, as described in the following:

2WAN 3LAN VPN QoS Security Router

20

Service Name: In this box, input the name of the Service Port which

users want to activate, such as BT, etc.

Protocol: This option list is for selecting a packet format such as

TCP or UDP for the Service Ports users want to activate.

Port range: In the boxes, input the range of Service Ports users

want to add.

Add To List: Click the button to add the configuration into the

Services List. Users can add up to 100 services into the

list.

Delete selected

service:

To remove the selected activated Services.

Apply: Click the “Apply” button to save the modification.

Cancel: Click the “Cancel” button to cancel the modification.

This only works before “Apply” is clicked.

Exit: To quit this configuration window.

2WAN 3LAN VPN QoS Security Router

21

3.3.3 QoS

QoS is an abbreviation for Quality of Service. The main function is to restrict bandwidth

usage for some services and IPs to save bandwidth or provide priority to specific

applications or services, and also to enable other users to share bandwidth, as well as to

ensure stable and reliable network transmission. To maximize the bandwidth efficiency,

network administrators should take account of the practical requirements of a company, a

community, a building, or a café etc, and modify bandwidth management according to the

network environment, application processes or services.

QoS Setting

In the boxes for WAN1 and WAN2 bandwidth, input the upstream and downstream

bandwidth which users applied for from bandwidth supplier. The bandwidth QoS will make

calculations according to the data users input. In other words, it will guarantee a minimum

rate of upstream and downstream for each IP and Service Port based on the total actual

bandwidth of WAN1 and WAN2. For example, if the upstream bandwidths of both WAN1 and

WAN2 are 512Kbit/Sec, the total upstream bandwidth will be: WAN1 + WAN2 =

1024Kbit/Sec. Therefore, if there are 50 IPs in the Intranet, the minimum guaranteed

upstream bandwidth for each IP would be 1024Kbit/50=20Kbit/Sec. Thus, 20Kbit/Sec can

be input for “Mini. Rate” Downstream bandwidth can be calculated in the same way.

Session Control

Session management controls the acceptable maximum simultaneous connections of

Intranet PCs. This function is very useful for managing connection quantity when P2P

software such as BT, Thunder, or emule is used in the Intranet causing large numbers of

connections. Setting up proper limitations on connections can effectively control the

connections created by P2P software. It will also have a limiting effect on bandwidth usage.

2WAN 3LAN VPN QoS Security Router

22

In addition, if any Intranet PC is attacked by a virus like Worm.Blaster and sends a huge

number of connection requests, session control will restrict that as well.

2WAN 3LAN VPN QoS Security Router

23

Disable: To disable Session Control function.

Single IP cannot

exceed ___ Session

This option enables the restriction of

maximum external

connections to each Intranet PC. When the number of

external connections reaches the limit, to allow new

connections to be built, some of the existing connections

must be closed. For example, when BT or P2P is being

used to download information and the connections

exceed the limit, the user will be unable to connect with

other services until either BT or P2P is closed.

Network Service

Detection:

(When single IP

exceed limit)

If this function is selected, when the user’s port

connection reach the limit, this user will not be able to

make a new connection for five minutes. Even if the

previous connection has been closed, new connections

cannot be made until the setting time ends.

If this function is selected, when the user’s port

connections reach the limit, all the lines that this user is

connected with will be removed, and the user will not be

able to connect with the Internet for five minutes. New

connections cannot be made until the delay time ends.

Scheduling If “Always

” is selected, the rule will be executed around

the clock. If “From…” is selected, the rule will be

executed according to the configured time range. For

example, if the time control is from Monday to Friday,

8:00am to 6:00pm, users can refer to the following

figure to set up the rule.

Days Management: If “Everyday” is selected, the rule will be activated for

the control time range every day. Users can choose to

activate the rule during certain days of the week.

2WAN 3LAN VPN QoS Security Router

24

Exempted Port or IP

Service:

The important services or IPs in a company or business

can be configured to be free of the Connection

Restriction Rule.

Service: To select a Service Port to be free of the connection rule.

Service Management: To add or remove a Service Port.

Source IP/Group: To add IP addresses/Groups that are free from

restriction.

Enable: To activate the added rule.

Add To List: To add the rule into the list.

Apply: Click the “Apply” button to save the modification.

Cancel: Click the “Cancel” button to cancel the modification.

This only works before “Apply” is clicked.

QoS Configuration

There are two options for bandwidth management: one is Rate Control, the other is

Priority Control. The two kinds of management cannot be used at the same time. Network

administrators must choose one or the other based on the Intranet needs.

Rate Control：

The network administrator can set up bandwidth or usage limitations for each IP or IP

range according to the actual bandwidth. The network administrator can also set bandwidth

control for certain Service Ports. A guarantee bandwidth control for external connections

can also be configured if there is an internal server.

2WAN 3LAN VPN QoS Security Router

25

Interface: To select on which WAN the QoS rule should be executed. It can be

a single selection or multiple selections.

Service: To select what bandwidth control is to be configured in the QoS

rule. If the bandwidth for all services of each IP is to be controlled,

select “All (TCP&UDP) 1~65535”. If only FTP uploads or downloads

need to be controlled, select “FTP Port 21~21”. Refer to the Default

Service Port Number List.

IP: This is to select which user is to be controlled. If only a single IP is

to be restricted, input this IP address, such as “192.168.1.100 to

100”. The rule will control only the IP 192.168.1.100. If an IP range

is to be controlled, input the range, such as “192.168.1.100 ~

150”. The rule will control IPs from 192.168.1.100 to 150. If all