ShareTech SG-100N Administrator's Manual

Download

Conventions Used in This Book

LAN default IP and Password

IP Address

192.168.1.1

Account / Password

admin / admin

ShareTech Security Gateway

SG-100N Administrator Manual

Version 6.1.9

Conventions Used in This Book

Table of Contents

CONVENTIONS USED IN THIS BOOK .............................................................. 5

CHAPTER 0：DESCRIPTION ........................................................................... 6

0-1 HARDWARE OVERVIEW ............................................................................................................... 7

0-2 FRONT PANEL ........................................................................................................................... 8

0-3 REAR PANEL ............................................................................................................................. 9

0-4 SYSTEM SETTING ...................................................................................................................... 14

0-5 SETTING INTERNAL AND EXTERNAL NETWORK ................................................................................. 16

0-6 HOMEPAGE INFORMATION ........................................................................................................ 20

CHAPTER 1：CONFIGURATION ................................................................... 23

1-1 DATE & TIME .......................................................................................................................... 24

1-2 ADMINISTRATION ..................................................................................................................... 26

1-3 SYSTEM .................................................................................................................................. 37

1-4 PACKAGE ................................................................................................................................ 40

1-5 LANGUAGE ............................................................................................................................. 41

1-6 NOTIFICATION ......................................................................................................................... 42

1-7 BACKUP & MOUNT .................................................................................................................. 45

1-8 SIGNATURE UPDATE ................................................................................................................. 48

1-9 CMS ..................................................................................................................................... 49

1-10 AP MANAGEMENT ................................................................................................................. 52

1-11 SSL PROOF ........................................................................................................................... 57

1-12 MYCLOUD SETTING ................................................................................................................ 59

CHAPTER 2：NETWORK .............................................................................. 80

2-1 INTERFACE .............................................................................................................................. 81

2-2 INTERFACE (IPV6) .................................................................................................................... 95

2-3 ROUTING................................................................................................................................ 98

2-4 802.1Q .............................................................................................................................. 101

Conventions Used in This Book

CHAPTER 3：POLICY ................................................................................. 105

3-1 WIFI POLICY ......................................................................................................................... 106

3-2 LAN POLICY ......................................................................................................................... 106

3-3 DMZ POLICY ........................................................................................................................ 108

3-4 WAN POLICY........................................................................................................................ 108

CHAPTER 4：OBJECTS .............................................................................. 109

4-1 ADDRESS TABLE ..................................................................................................................... 110

4-2 SERVICES .............................................................................................................................. 119

4-3 SCHEDULE ............................................................................................................................ 123

4-4 QOS .................................................................................................................................... 126

4-5 APPLICATION CONTROL ........................................................................................................... 129

4-6 URL FILTER .......................................................................................................................... 133

4-7 VIRTUAL SERVER .................................................................................................................... 138

4-8 FIREWALL PROTECTION ........................................................................................................... 143

4-9 AUTHENTICATION .................................................................................................................. 146

4-10 BULLETIN BOARD ................................................................................................................. 161

CHAPTER 5：NETWORK SERVICES ........................................................... 166

5-1 DHCP ................................................................................................................................. 167

5-2 DDNS ................................................................................................................................. 170

5-3 DNS PROXY.......................................................................................................................... 172

5-4 SNMP ................................................................................................................................ 175

5-5 REMOTE SYSLOG SERVER ......................................................................................................... 177

CHAPTER 6：IDP ....................................................................................... 185

6-1 IDP SETTING ......................................................................................................................... 186

6-2 IDP LOG .............................................................................................................................. 188

CHAPTER 7：SSL VPN ............................................................................... 189

7-1 SSL VPN SETTING ................................................................................................................. 190

7-2 SSL VPN LOG ....................................................................................................................... 196

Conventions Used in This Book

7-3 VPN POLICY ......................................................................................................................... 197

7-4 SSL FROM YOUR ANDROID PHONE ............................................................................................ 199

CHAPTER 8：VPN ...................................................................................... 209

8-1 IPSEC TUNNEL ...................................................................................................................... 210

8-2 PPTP SERVER ....................................................................................................................... 216

8-3 PPTP CLIENT ........................................................................................................................ 222

8-4 VPN POLICY ......................................................................................................................... 223

CHAPTER 9：TOOLS .................................................................................. 226

9-1 CONNECTION TEST ................................................................................................................. 227

9-2 PACKET CAPTURE ................................................................................................................... 234

CHAPTER 10：LOGS .................................................................................. 241

10-1 SYSTEM OPERATION ............................................................................................................. 242

CHAPTER 11：STATUS .............................................................................. 245

11-1 PERFORMANCE .................................................................................................................... 246

11-2 CONNECTION STATUS ........................................................................................................... 249

11-3 FLOW ANALYSIS ................................................................................................................... 252

Conventions Used in This Book

The following typographical conventions are used in this book

Content Style

Menu > Submenu > Right Side Banner Selections

e.g. Configuration > Administrator > System Setup

Constant width bold

Indicates chapter and section

"Italic"

"Indicates user input examples."

This icon indicates a tip, or suggestion. I would like to tell users a special point on the

Internet.

This icon indicates a limited or caution. Pay attention to these to avoid running into system.

This icon indicates an example. Give users examples and to show how to use.

Chapter 0：Description

In this chapter, it will not only tell you how to install and connect your network system but also

configure and monitor it. Many explanations in detail functions are shown as well as the examples of the operation for interface. In the description chapter you can enable the following lists：

․ 0-1 Hardware Overview ․ 0-2 Front Panel ․ 0-3 Rear Panel ․ 0-4 System Setting ․ 0-5 Setting internal and external network ․ 0-6 Homepage Information

Chapter 0：Description

SG-100N

Dimensions(wide*long*high) :232*152*44mm

Custom Port (Fixed LAN & WAN1), 2G memory

320G HDD

SG-100N with WiFi

Dimensions(wide*long*high) : 232*152*44mm

Custom Port (Fixed LAN & WAN1), 2G memory,

320G HDD

2dBi, 3T3R, 802.11b/g/n

0-1 Hardware Overview

Integration between firewall and NAS

Unlike the traditional way building a gateway firewall and then installing shared storage space via

NAS or Network Neighborhood, ShareTech SG-100N is a gateway device integrated NAS into

firewall, protecting user’s network against threats from web activities with URL filtering. Users

can define search by keywords and sort options. Filtering conditions can be applied by time to

control over network access and usage to avoid threats from external networks. SG-100N

simplifies SMB network environments and provides IT staff a cloud-managed networking

solution.

Chapter 0：Description

LED

State

Description

POWER

Blinking

ShareTech appliance is activity

Green

ShareTech appliance in ON

Off

Take off adapter power(+12V DC)

HDD

Flashing Amber

Activity going on

Off

No activity

Ethernet Ports

Flashing Green(Right)

The port is linking and active in data transmission.

Green(Left)

Correct cable is used and power is on port

Off

Power is not on port.

0-2 Front Panel

Figure 0-2. 1 Front Panel

 Model Name：please see the Figure 0-2.1(Figure 0-2.1)

Appliance LED Behavior

Chapter 0：Description

0-3 Rear Panel

Figure 0-3. 1 Rear Panel

 Power supply: +12 DC in  Console Port: By using RJ-45 to DB-9 Female cable, you can connect to a computer terminal for

diagnostic or configuration purpose. Terminal Configuration Parameters: 115200 baud Rate, 8

data bits, 1 stop bit, no parity, XON/XOFF flow control. A console port for inspecting settings

remotely or, if needed, resetting the device to factory default.

 USB 2.0 Ports: It can connect to any USB devices, for example, a USB flash drive.  Reset Button: It is a button to reset system.  Ethernet Ports:

1. LAN: Connects to the intranet.

2. WAN: Connects to the perimeter router.

Chapter 0：Description

LED

State

Description

Ethernet Ports

Flashing Amber(Left)

The port is linking and active in data transmission.

Amber(Left)

Correct cable is used and power is on port

Off(Left)

Power is not on port.

Amber(Right)

Port is connected at the 100 Mbps

Green(Right)

Port is connected at the 1000 Mbps

Off(Right)

Power is not on port.

Appliance Ethernet Ports Behavior:

Please confirm the correct installation and connection. If power LED light does not glow,

please shut down the appliance. After several minutes had passed, please reboot the

appliance again. If LED light is still not lit, please feel free to call +886-4-27050888 / Skype:

sharetech_tc and contact with us while the appliance is still under warranty.

How to use condole cale:

The SG-100N can be configured via the "Console" port located on the SG-100N’s Rear panel using

a terminal-emulation program (e.g. HyperTerminal). (Figure 0-3.3)

Please purchase USB to RS232/DB9 Serial Cable and download its driver (Figure 0-3.2)

Here is an example,

USB to RS232/DB9 Serial Cable Driver, please note your OS before download.

http://www.tri-plc.com/USB-RS232/drivers.htm

Figure 0-3. 2 RS232/DB9

Chapter 0：Description

Figure 0-3. 3 using console

Downlaod PuTTY:

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

Use the following configuration settings for terminal-emulation programs: (Figure 0-3.4)

Figure 0-3. 4 PuTTY Configuration

Chapter 0：Description

Please check your COM and LPT(Figure 0-3.5)

Figure 0-3. 5 USB-SERIAL

Enter Information: (Figure 0-3.6)

 Choose "serial"  Serial line: COM(?), please refer to Figure 0-3.5, and enter your COM number.  Speed : 115200  Choose "Open"

Figure 0-3. 6 Serial line

Chapter 0：Description

Console Screen: (Figure 0-3.)

MY LAN IP IS 192.168.1.1: it shows current LAN IP

 admin_pw_def: reset your login User Name and Password to be default(admin/admin)  admin_ip_def: reset your IP to be 192.168.1.1  Apache_port: shows http and https port  Restart: reboot SG-100N and every setting still exist on equipment.  Poweroff: shutdown SG-100N.

Figure 0-3. 7 Console Screen

Chapter 0：Description

0-4 System Setting

Deployment

Your PC connect the device’s LAN port directly or, with the same hub / switch, and launch a web

browser (ex. Internet Explorer, Mozilla Firefox, or Chrome) to access the management interface

address which is set to http://192.168.1.1 by default. Therefore, the IP addresses of LAN PCs must

be configured within the range between 192.168.1.2 and 192.168.1.254 inclusively, and assigned

the subnet mask of 255.255.255.0. (Figure 0-4.1)

Figure 0-4. 1 Deployment

Start Browser and Enter Login User Name / Password

Open the IE browser; enter 192.168.1.1 in the address bar. (Figure 0-4.2)

Browser will pop up for authentication, please enter admin (username) / admin (password) to login.

Figure 0-4. 2 Start Browser and Enter Login User Name / Password

Chapter 0：Description

Change Language

Default management interface language is English. Select Configuration > Language > Language.

Then, there are three languages, English, Traditional Chinese, and Simplified Chinese. Select one

language which belongs to you. Click on . (Figure 0-4.4)

Figure 0-4. 3 Login completed

Figure 0-4. 4 Change Language

Chapter 0：Description

0-5 Setting internal and external network

In this section, follow two parts below, LAN setup and WAN setup, and to start machine up.

When configure a new LAN interface address accordingly. If the company’s LAN IP address is

not belong to subnet of 192.168.1.0/24 (default), and then the Administrator must

add/change PC IP address to be within the same range of the LAN subnet. (Figure 0-5.1)

For example, to add multiple IP address (192.168.1.2) in “LAN connection” you’re your

computer.

Figure 0-5. 1 Advanced TCP/IP settings

For your reference, you may configure your management address based on the available

subnet ranges below: 10.0.0.0 ~ 10.255.255.255,

172.16.0.0 ~ 172.31.255.255,

192.168.0.0 ~ 192.168.255.255

Chapter 0：Description

Setting Internal Network

Select Network > Interface > Port 1, and Interface Type is LAN. (Figure 0-5.2) Administrator clicks on Network > Interface > Port 1 (LAN) to enter internal network information. At

last, click on “save” to complete the setup.

Figure 0-5. 2 LAN Interface

Note: If the management interface is assigned with a different IP address, the management

interface will only become accessible from a web browser using the new IP address.

Setting External Network

Select Network > Interface > Port 2, and Interface Type is WAN1. (Figure 0-5.3) Administrator clicks on Network > Interface > Port 2 (WAN) to enter external network information.

At last, click on “save” to complete the setup.

Figure 0-5. 3 external Network

Chapter 0：Description

Step 1: Network > Interfaces > Port 2 (WAN) (Figure 0-5.4) (Figure 0-5.5)

Figure 0-5. 4 WAN 1 Setting

Figure 0-5. 5 WAN1 Connection Type

Step 2: Port 2 (WAN) Alive Detection(Figure 0-5.6)

Figure 0-5. 6 WAN1 Alive Detection

Chapter 0：Description

Step 3: General Setting on Port 2 (WAN) (Figure 0-5.7)

Figure 0-5. 7 General Setting on Port 2

Step 4: After finish configuring LAN and WAN, SG-100N setup is successful.

Chapter 0：Description

0-6 Homepage Information

Menu Bar

From top of the screen, menu bar, you can know different models depend on the different colors.

SG series is Blue color. (Figure 0-6.1)

Figure 0-6. 1 Menu Bar

On the other hand, from the left side of the screen, MENU, it shows difference depend on the

different models.

Figure 0-6. 2 Menu

System Time and System Resource

It shows Server 1-1 Date & Time and 11-1 Performance. In addition, it displays the CPU, Memory,

Flash, and HDD simultaneously. (Figure 0-6.3)

Figure 0-6. 3 System Time and System Resource

Chapter 0：Description

System Information and Server Service

The Server Model and Server Version of the machine (Figure 0-6.4)

: Service works.

: Service does not work.

Figure 0-6. 4 System Information and Server Service

Interface

Equipment Interface details: (Figure 0-6.5)

 Name: The system catches network contact surface name.  Connect Status: Whether the network is unimpeded

1. : Connect up.

2. : It does not connect the Internet.

 Line Status: Whether the judgment network does connect

1. : Connect up.

2. : It does not connect the Internet.

 IP Address: System binding IP address  Total Packets: Each network interface transmission, receive wrapped packets quantity. (Bytes)  Total Flow: Each network interface transmission, receive current capacity. (Bytes)

Figure 0-6. 5 Interface

Chapter 0：Description

Click (Figure 0-6.6)

Figure 0-6. 6 Interface more detailed

Chapter 1：Configuration

In this chapter, you will know how to configure your machine of Date, Time, Administrator, Backup, Notification, and Language. In the Description chapter you can enable the following lists：

․ 1-1 Data & Time ․ 1-2 Administration ․ 1-3 System ․ 1-4 Package ․ 1-5 Language ․ 1-6 Notification ․ 1-7 Backup & Mount ․ 1-8 Signature Update ․ 1-9 CMS ․ 1-10 Ap Management ․ 1-11 SSL Proof ․ 1-12 MyCloud Setting

Chapter 1：Configuration

1-1 Date & Time

Your current time zone setting can also be changed in this section. The first form in this section gives

you the possibility to manually change the system time. Second, the system time synchronized to

time server hosts on the internet by using the network time protocol (NTP1). A number of time

server hosts on the internet are preconfigured and used by the system. This makes sense if the

system clock is way off and you would like to speed up synchronization. Finally, this might be

necessary if you are running a setup that does not allow ShareTech to reach the internet. You can

add a host on User Defined Time Server field. In the Date & Time section you can enable the

following lists: (Figure 1-1.1)

Figure 1-1. 1 Date & Time

Select Configuration > Date & Time > Setting. There are three methods you are able to set up,

Timezone and time and Network Time Retrieval.

Method 1: Synchronize to the local computer.

 Time Zone: Select your country time zone.  Time: Select the local time.  Date: Select the local date.  Click on .

Method 2: The date and time settings can be configured by either synchronizing to an Internet

Network Time Server.

 Select Enabled in Network Time Retrieval.  Selected Time Server: Select your country time server.

Network Time Protocol

Chapter 1：Configuration

 Click . Click on to check time log information, and it keeps within three days log

information.

 Click on .

Method 3: This might be necessary if you are running a setup that does not allow ShareTech to

reach the internet.

 Select Enabled in Network Time Retrieval.  User Defined Time Server: Enter a time server you know.  Click on . Click on to check time log information, and it keeps within three days

log information.

 Click on .

Chapter 1：Configuration

1-2 Administration

This section mainly explains the authorization settings for accessing. It covers the subjects of

Administrator Setup, System Setup, Manage IP Address, Clear Data, and SMTP Server Setting. In this

section you can enable the following lists:

Select Configuration > Administration > Administrator.

The default account and password are both "admin." IT administrator can create several

sub-administrators with different permission and menu customization. In addition, default "admin"

is permitted using all privileges and all menus, such as the privileges of packets that pass through

the equipment and monitoring controls. "Admin"(system manager) can manage monitor and

configure setting of functions. For some sub-administrations (account) are set "Read," it is

"read-only" for that account that is not able to change any setting of the machine. (Figure 1-2.1)

 Account: Enter account name.  Password: The password for authentication.  Password Strength:

 Confirm Password: The confirmation of password  Notes: Easy to know who is it.  Privilege: Sub-administrators can be granted with Read, Write, or All Privileges to determine the

right of system. Besides, sub-administrators can be created, edited or deleted.

 User Defined Menu: IT administrator could customize MENU by selecting. (Figure 1-2.1)

Chapter 1：Configuration

Figure 1-2. 1 User Defined Menu

Select Configuration > Administration > System. This function shows view of the screen and system

default setting.

General Setting: (Figure 1-2.2)

 Login Message: Enter a name, and then click on . The name you enter will be showed when

you login. (Figure 1-2.3)

 Homepage Message: Enter a name, and then click on . The name you enter will be showed

next to the logo picture. (Figure 1-2.4)

 Browser Message: Enter a name, and then click on . The name you enter will be showed on

the top of browser. (Figure 1-2.5)

 Upload Logo: Click on to upload resolution of 150x90 gif figure file, and then click

on . The image will automatically appear in the upper left corner of the screen. (Figure 1-2.6)

 Memory Release: How often check memory when memory usage up to what you set %. System

will release memory if it has high memory. (Please see memory status in Homepage

Information.)

 Pass-Through Protocol: System supports H-323 and SIP.  Session timeout of established:  WatchDog timer: When the system is crashed, watchdog will immediately restart the system.

Chapter 1：Configuration

Figure 1-2. 2 System Setup

Figure 1-2. 3 Login Message

Figure 1-2. 4 Homepage Message

Chapter 1：Configuration

Figure 1-2. 5 Browser Message

Figure 1-2. 6 Upload Logo

Chapter 1：Configuration

 Temporarily block when login failed more than:  IP blocking period:  Unblocked IP: (Figure 1-2.9)

Figure 1-2. 7 Login failure block Settings

Here is an example: enter wrong username and password more than five times, and browser

shows the following figure. (Figure 1-2.8) (Figure 1-2.9) (Figure 1-2.10)

Figure 1-2. 8 someone login fail more than 5 times

Figure 1-2. 9 IP blocking list

Figure 1-2. 10 IP blocking list and unblock it

Chapter 1：Configuration

Reset/Reboot Setting:

 Reset to Default Setting: If you need keep LAN, WAN and DMZ IP setting or you need to format

hard disk, please select what you need. If you do not select, it means that you just want to reset

to default setting.

 Reset to MyCloud Default Setting: Delete all settings and logs to be default setting.  Reboot System: Click on for reboot system.

Figure 1-2. 11 Reset/Reboot Setting

Select Configuration > Administration > Fsck Hard Disk. (Figure 1-2.12)

As implied by its name, fsck is used to check and optionally repair one or more Linux file systems.

This tool is important for maintaining data integrity, especially after an unforeseen reboot (crash,

power-outage). At some point your system unusual crash, improperly shut-down, or be struck by

lightning, we advise you must using fsck

in order to repair of your file system. Normally,

the fsck program will try to handle file systems on different physical disk drives in parallel to reduce

the total amount of time needed to check all of the file systems.

Scheduling conditions are match, the system will reboot!

Figure 1-2. 12 Fsck Hard Disk

Chapter 1：Configuration

If don’t set up any IP address here (Figure 1-2.13), system would follow Network > Network > IP

Address > Ports what you set up. (Figure 1-2.14) (Figure 1-2.15)

Figure 1-2. 13 Administrator Management

Figure 1-2. 14 Port 1 Administrator Management

Chapter 1：Configuration

Figure 1-2. 15 Port 2 Administrator

Here is an example:

Please note Action should ne “Allow all of the Following.”

Click on to create a new IP and Netmask for Interface management. (Figure 1-2.17)

Figure 1-2. 16 IP Address

Then, others which are not among the IP range don’t have permission to access the server even

if server works fine. (Figure 1-2.18)

Figure 1-2. 17 You don’t have permission to access this server

Chapter 1：Configuration

Select Configuration > Administration > Clear Data.

There are two methods, manually or system clear it auto.

Clear Data: In order to more space for Hard Dish, delete some records & logs which are not

necessary. Click on . It is also possible to check all connections by clicking on the Select All pane. (Figure 1-2.19)

Figure 1-2. 18 Clear Data

Data Storing time: Select numbers. Otherwise, enter how many days you want to keep. Click

Change signatures if you modify numbers. (Figure 1-2.20)

Figure 1-2. 19 Data Storing Time

Select Configuration > Administration > SMTP Server. (Figure 1-2.21) (Figure 1-2.22) (Figure 1-2.23)

 Customize: Default is Admin if you don’t enable it.  Sender Name: Enter email address  Mail Server IP Address: Enter SMTP server address or domain  Account: Enter account  Password: Enter right password of account.  Authentication: Please select if your SMTP server of mail server has been enabled it.

Chapter 1：Configuration

 TLS: The TLS protocol allows client-server applications to communicate across a network in a way

designed to prevent eavesDropping and tampering.

 Delivery Domain Name: If Delivery Domain Name is the same with the domain of receiver, the

email will be sent from this SMTP setting; if not, the email will be sent from the first SMTP

setting.

Figure 1-2. 20 Add SMTP Server

Figure 1-2. 21 SMTP Server List

Figure 1-2. 22 SMTP Test Mail

Chapter 1：Configuration

If users got email as blow, your setting is correct, or else, user has to check users’ SMTP server

setting again. (Figure 1-2.24)

Figure 1-2. 23 Got SMTP TEST Email

Chapter 1：Configuration

1-3 System

In the System section you can enable the following lists:

Select Configuration > System > System Backup, you will see two parts, System Backup and System

Recovery. (Figure 1-3.1)

Clear Data: System Backup: Click on , and then please wait a minute. You will see another

window. Click on , and do not forget where you save file. System Recovery: If you feel system is stranger than last week, you are able to download backup

file on Configuration > System > Schedule Backup, and click on , and then select the file.

After you select the file, please click on .

Figure 1-3. 1 System Backup

Select Configuration > System > Schedule Backup. There are two methods. (Figure 1-3.2)

Method 1:

 Starting: Select Starting to turn machine on.  When to Backup: Set information to When to Backup  Backup Reserved Quantities: Fill out number in the Field. The number should be a positive

number in Backup Reserved Quantities field.

 Click on .

Method 2:

 Backup Right Now: Click on , the data will show below of the screen.

Chapter 1：Configuration

Figure 1-3. 2 Auto Backup

Figure 1-3. 3 Backup Logs

Chapter 1：Configuration

Figure 1-3. 4 Backup Download

Figure 1-3. 5 Firmware Message

Select Configuration > System > Firmware Upgrade, you will see two parts, Software Upgrade and

Upgrade Record. (Figure 1-3.6)

 Firmware Upgrade: You could know information about server model and current Firmware

Version. Besides, ShareTech offer Software Upgrade file constantly on the ShareTech website.

Therefore, you could follow the link below to download the most new one on the Internet.

http://www.sharetech.com.tw/web_eng/contact-download.htm. After download it, click on

to find out the file where you have just download. Then, remember to click on .

 Upgrade Log: It shows all of upgrade information you had even done before.

Figure 1-3. 6 Software Upgrade

Chapter 1：Configuration

1-4 Package

It’s an optional item. (Figure 1-4.1)

 WiFi: 802.11 b/g/n wireless. (2.4Ghz, 3T3R, 2dBi)

Figure 1-4. 1 Package

Chapter 1：Configuration

1-5 Language

Select Configuration > Language > Language. It offers three languages that you are able to select,

English, Traditional Chinese, and Simplified Chinese. Select a language which belongs to you. (Figure

1-5.1)

Figure 1-5. 1 Language

Chapter 1：Configuration

1-6 Notification

This function is in order to remind users if items are strange or happened. This advance notification

helps administrator plan for effective deployment of security problems, and includes information

about the number of security happened and information about any detection tools relevant to the

updates. In the Notification section you can enable the following lists:

Select Configuration > Notification > Notification. (Figure 1-6.1)

 Sender Account: Default selection is "Auto." Select one SMTP server which you have ever set in

Configuration > Administration > SMTP Server.

 Current Setting: After users select SMTP Setting, system will shows current SMTP server setting

automatically.

 Recipient: Enter receiver email addresses.  Click on to save setting what you selected.

Figure 1-6. 1 Notification

Chapter 1：Configuration

Users will get email as below. (Figure 1-6.2) (Figure 1-6.3)

Figure 1-6. 2 notification mail-1

Figure 1-6. 3 notification mail-2

Chapter 1：Configuration

Select Configuration > Notification > Log. (Figure 1-6.4)

 Date: Set date and time.  Event: Set information what you want to search.  Recipient: The mail receiver  Record / Page: Select how many data would be shown on the screen.  After you click on , you will see the result below of the screen.

Click on to see logs. (Figure 1-6.5)

Figure 1-6. 4 Notification Log

Figure 1-6. 5 content of Notification Log

Chapter 1：Configuration

1-7 Backup & Mount

Some of IT administrators are afraid of the hard disk which is belonging to SG-100N broken; even

through IT administrators do backup system usually or users forget where those files location are.

Otherwise, users are also afraid of the device doesn’t have enough free space to store those files.

Therefore, users would like this function because system has schedule to do data backup

automatically.

Select Configuration > Backup & Mount > Data Backup

Backup Destination

 Backup Method: Samba only  IP address: Enter an IP address.  Folder Name: Enter a Folder Name you like.

Please create this Folder Name in C: and share it before you set up this

 Username: Enter user’s computer name.  Password: The password for user own computer authentication.  Confirm Password: The confirmation of password.

Click on in order to check whether settings are right or not. (Figure 1-7.1)

Figure 1-7. 1 Backup & Mount

Chapter 1：Configuration

Backup Setting

 Scheduled Backup: Select when does the system backup data?  Send Backup Result Notification: User has to go to Configuration > Notification > Notification to

set your information first. Then, you will get mail after system backup successfully. (Figure 1-7.3)

Figure 1-7. 2 Send Backup Result Notification

Click on you will see the information as below. (Figure 1-7.4) (Figure 1-7.\53)

Figure 1-7. 3 Backup Now

Figure 1-7. 4 backup completed

Backup Item: Flow Analysis (Figure 1-7.6)

Figure 1-7. 5 Backup Item

Chapter 1：Configuration

If you want to see previous contents, but you have ever reset machine to default setting or have

ever Clear Data, for these reasons, there are no data contents in this machine hardisk. Fortunately,

you have ever use Backup & Mount application to backup contents to another server or computer.

Then, you can mount these contents to search Content Record items.

First please click on , you will see data items that you have ever backup.

(Figure 1-7.7)

Figure 1-7. 6 Data Mount

Click on (Figure 1-7.8)

User is able to click on

(Figure 1-7.9)

Figure 1-7. 8 Unmount Remote Data

Figure 1-7. 7 Mount Remote Data

if user does not these contents for searching in needed.

Chapter 1：Configuration

1-8 Signature Update

Select Configuration > Signature Update > Signature Update. (Figure 1-8.1)

Default is manual update.

 Automatic Update(Figure 1-8.1)

Please select check box, and then system automatically updates the signature version.

Figure 1-8. 1 Signature Update

 Manual Update(Figure 1-8.2)

To manually update the signature version you can click to detect signature version. There are three situation.

1. Already have a new version whether update to a newest version

2. Signature is already the newest version

3. Error→Please check your internet, or allow it through Windows Firewall by opening 80 port.

Figure 1-8. 2 check signature version

Chapter 1：Configuration

1-9 CMS

CMS is Central Management System. This application allows you to view the each ShareTech

SG-100N equipment over the network and Internet, but also allows you to backup each configure

setting or update firmware from head office. For example, you have 4 sets of SG-100N in one

building or different places, and be able to view the each SG-100N interfaces from all of them on the

same screen or monitor.

Select Configuration > CMS > CMS Setting. (Figure 1-9.1)

If Head office WAN IP is 111.252.72.198, and LAN IP is 192.168.1.163

Head office-A office WAN IP is192.168.1.161, and LAN IP is 192.168.99.161

Branch office WAN IP is 60.249.6.184, and LAN IP is 10.10.10.50

Figure 1-9. 1 CMS Network Architecture

Client site

 Branch office (Figure 1-9.2)

1. Mode: Client

2. Server: Enter head office WAN IP 111.252.72.198 or domain

3. Alias: Enter a name for recognition

4. Click

Chapter 1：Configuration

Figure 1-9. 2 Branch CMS Client setting

 Head office-A (Figure 1-9.3)

4. Mode: Client

5. Server: Head office and Head office-A at the same Internal subnet, so enter Head office LAN IP

192.168.163 or domain

6. Alias: Enter a name for recognition

7. Click

Figure 1-9. 3 Head office-A CMS Client setting

 Head office-Server site

1. Enable it (Figure 1-9.4)

2. Choose "server"

3. Click "New client requests (1) "(Figure 1-9.5)

Figure 1-9. 4 CMS server

Chapter 1：Configuration

Figure 1-9. 5 Click “New client requests (1)

4. Click "Accept. " (Figure 1-9.6)

Figure 1-9. 6 it shows CMS client(s)

5. Set up group(Figure 1-9.7)

Figure 1-9. 7 it shows CMS client site information

：Connect succeed. ：Connections fail.

Figure 1-9. 8 CMS Lists

Chapter 1：Configuration

1-10 Ap Management

The rise in popularity of smartphones and tablets, combined with enterprise Bring Your Own Device

(BYOD) programs, has sent the demand for enterprise Wi-Fi connectivity in many organizations.

Wi-Fi becomes as popular and easy to access as cellular is now. You can connect your smartphone

or laptop wirelessly at public locations (airports, hotels, coffee shops) to the establish Internet

service. The ability to manage network infrastructure from the cloud is likely to be a key technology

in coming years. (Figure 1-10.1)

Figure 1-10. 1 AP control

Select Configuration > Ap Management > AP Management Setting. (Figure 1-10.2)

 AP Management: Start

Figure 1-10. 2 AP management Setting

Chapter 1：Configuration

 HiGuard SOHO/HOME : (Figure 1-10.3) (Figure 1-10.4)

1. System > Overview

Figure 1-10. 3 HiGuard SOHO/HOME AP mode

2. Network > AP Management: enable it and enter SG-100N LAN IP

Figure 1-10. 4 HiGuard SOHO/HOME manager IP

Chapter 1：Configuration

 AP-200: (Figure 1-10.5)

Service > UTM Client: Enable it and enter SG-100N LAN IP

Figure 1-10. 5 AP-200 SG-100N Client

Before “Start” Ap management, please enable DHCP on Network Services > DHCP (Figure 1-10.6)

Figure 1-10. 6 DHCP

Chapter 1：Configuration

Select Configuration > Ap Management > Ap Management. (Figure 1-10.7)

 AP Management Requests

Figure 1-10. 7 Ap Management

Increasing adoption of Wi-Fi service fastens business’ Wi-Fi Deployment.

Although Wi-Fi and 3G can be considered complementary technologies, sometimes we choose

Wi-Fi service for either budget reasons (especially for multiple devices, can be costly), or

technological limitations. Small/medium-sized businesses can be satisfied with a wireless

router relying on IT’s help, but for larger scale of enterprises, only an integrated management

platform can reach the goal of securely connecting all wireless networks.

Easy and efficient management over multi Aps

Centralized architectures have gained popularity recently. Without a single unified controller,

it is very difficult for administrators to configure, manage, and rapidly discover which AP is

the problematic one among other 20 APs, or even more. ShareTech provides a total AP

management solution- HiGuard HOME/SOHO (2 antenna wireless 802.11N/B/G

Router supports 2.4 GHz WLAN networks) which prevent from being attacked by malicious

softwares, together with a secure, steady, and instant wireless management platform, UR

series (SG-100N, including HiGuard PRO) that highly integrate wired and wireless connections.

ShareTech SG-100N, a unified platform, is not only a comprehensive firewall solution to the

wired enterprises—all frames from WLAN clients have to pass through the WLAN switches to

the enterprise network, but also substantially reduces the cost. It centralized wireless

network management, monitor flows of each AP, and conclude AP operation details.

ShareTech SG-100N, a wireless AP management platform

ShareTech SG-100N is a single unified controller that is responsible for configuration, control,

and management of several HiGuard HOME/SOHO (wireless routers) and AP-200. With these two

elements, enterprise can expand their Wi-Fi environment without worries. Each HiGuard wireless

Chapter 1：Configuration

router integrates flows to ShareTech SG-100N which independently manages as a separate

network entity on the network. (Figure 1-10.8)

Figure 1-10. 8 ShareTech SG-100N AP Control Platform

On ShareTech SG-100N AP management interface, administrators can easily monitor and

manage operation (functioning or malfunction), upload/download flow, and concurrent users

on every AP ShareTech wireless AP management platform provides complete and efficient

Wi-Fi network security to protect Wi-Fi users from being attacked. (Figure 1-10.9)

Figure 1-10. 9 Detailed User List on Every AP

Chapter 1：Configuration

1-11 SSL Proof

If you don’t like to show kinds of SSL notification web page, please apply for your own SSL

Certification at local SSL Certification organizations. It depends on company domain, your company

WAN IP, company logo, and others. (Figure 1-11.1)

Figure 1-11. 1 Privacy error

Noted: ShareTech doesn’t suggest and guarantee any one of SSL Certification organizations,

the following are examples.

GeoTrust: https://www.geotrust.com/

Symantec: http://www.symantec.com/verisign/ssl-certificates?inid=us_ps_flyout_prdts_ssl

StartSSL PKI: http://www.startssl.com/

Chapter 1：Configuration

Select Configuration > SSL Proof > SSL Proof Set.

1. Please import three files (server.Key, server.crt, and intermediate certificate) which you

apply for your own SSL Certification from organizations. (Figure 1-11.2)

Figure 1-11. 2 import SSL Proof

2. Sometimes, organizations will ask for server.cst and server.key. Therefore, please enter

information and download files. Offer these two files to SSL Certification organization.

(Figure 1-11.3)

Figure 1-11. 3 Enter SSL Proof

It will be green browser if install SSL Certification. (Figure 1-11.4)

Figure 1-11. 4 green browser

Chapter 1：Configuration

1-12 MyCloud Setting

SG-100N comes with a slick cloud storage solution for SMB to have their own private cloud ensuring

safety, integrity and real-time availability. My Cloud satisfies users with easy access, multi-language

support, real-time file synchronization, group accounts management, priority-based control, and

online data storage of all type of files. Employees can store, share and access their important

business files anytime, anywhere using any number of compatible devices and almost any browser.

Best of all, SG-100N is a firewall with effective protection which can greatly reduce important

business data leakage. (Figure 1-12.1)

Figure 1-12. 1 My Cloud

Chapter 1：Configuration

Select Configuration > My Cloud Setting > MyCloud Setting (Figure 1-12.2)

MyCloud Setting

 Http Port Setting: allow Http when you enabled it  Https Port Setting: allow Https when you enabled it

Restart MyCloud service

 Restart MyCloud service:

Reset MyCloud admin password

 Reset MyCloud admin password: enter a password for admin

Default password is "admin"

Figure 1-12. 2 MyCloud Setting

You are able to login MyCloud as the following steps:

1. Administrator can click on to login MyCloud system. (Figure 1-12.3)

Figure 1-12. 3 Menu Bar

Chapter 1：Configuration

2. Or open the browser; enter Port 1, or Port 2 IP in the address bar. (Figure 1-12.4)

Default username / Password: admin/ admin

Figure 1-12. 4 enter IP to login My cloud

Figure 1-12. 5 MyCloud Homepage Information

Chapter 1：Configuration

Personal

 Password: set up Adminisrtator’s password (Figure 1-12.6)  Full Name: set up Adminisrtator’s username (Figure 1-12.6)  Language: Choose your native language (Figure 1-12.6)

Figure 1-12. 6 Password, Full Name, and Language

Chapter 1：Configuration

Users

Shows every group and its members

Members who are in Group (admin) have high permission to manage settings. (Figure 1-12.7)

Figure 1-12. 7 High Permission to manage settings.

Chapter 1：Configuration

 Add a New Group(Figure 1-12.8)

Figure 1-12. 8 Add a new GroupAdd a new member into the group. (Figure 1-12.8)

 Add a New member into a group (Figure 1-12.9)

Figure 1-12. 9 Add a new member

Chapter 1：Configuration

 Set up users’ Quota (Figure 1-12.10)

Default Quota: unlimited

Figure 1-12. 10 Set Up user’s Quota

 A member is able to be with more than a group (Figure 1-12.11)

Figure 1-12. 11 a member within two groups

Chapter 1：Configuration

Group Admin: group leader (Figure 1-12.11) Others are its’ members.

Figure 1-12. 12 Group admin

Admin

HDD usage: it shows total HDD usage (Figure 1-12.13)

Depend on your HDD usage. Default is 320G

Figure 1-12. 13 HDD usage

File handling (Figure 1-12.14)

maximum Upload possible: 2 GB

Figure 1-12. 14 File handling

Chapter 1：Configuration

Remote Shares

 Allow other instances to mount public links shared from this server  Allow users to mount public link shares

Upload Logo

 Login Logo (Figure 1-12.15)

 Logined Logo(Figure 1-12.16)

Figure 1-12. 15 Login Logo

Figure 1-12. 16 Logined Logo

Chapter 1：Configuration

 Share Link Logo(Figure 1-12.17)

When you copy your file link and share it with your friends, your friends will

Figure 1-12. 17 Copy Link

Your friends will open the browser; enter share link in the address bar, (Figure 1-12.18) will see this

logo which you uploaded

Figure 1-12. 18 Share Link Logo

Chapter 1：Configuration

 Page icon (Figure 1-12.19)

Figure 1-12. 19 Page icon

 Page icon(iPad, iPhone)

Background Color (Figure 1-12.20)

Figure 1-12. 20 Background Color

 Login BackGround: Default is #5ED8EE and #17A4BE

Example: #E9EE5E #BE1717(Figure 1-12.21)

Figure 1-12. 21 Login BackGround

Chapter 1：Configuration

 Logined Logo BackGround: default #31B5CD

Example: #4B31CD(Figure 1-12.22)

Figure 1-12. 22 Logined logo BackGround

Upload User Manual

 Upload User Manual: upload a file which guide user how to use their cloud files. (Figure 1-12.24)

File extension: pdf, and only one file existed (Figure 1-12.23)

Figure 1-12. 23 Uploaded User Manual

Figure 1-12. 24 I User Manual

Chapter 1：Configuration

User List (Figure 1-12.25)

 Enable User List: every users has permission to see each other

Members who are in Admin Group have high to manage settings. Default: disable

Sharing

 Allow apps to use the Share API  Allow users to share via link

Enable (Figure 1-12.26) (Figure 1-12.27) Disable (Figure 1-12.28) (Figure 1-12.29)

Figure 1-12. 26 Allow users to share via link-1

Figure 1-12. 25 User List

Chapter 1：Configuration

Figure 1-12. 27 Allow users to share via link-2

Figure 1-12. 28 disable “Allow users to share via link”-1

Figure 1-12. 29 disable “Allow users to share via link”-2

Chapter 1：Configuration

1. Enforce password protection: must enter password for protecting. (Figure 1-12.30)

Default: Disable

Figure 1-12. 30 Enforce password protection

2. Allow public uploads: users are able to decide whether others upload files or not (Figure 1-12.31)

Default: Enabled

Figure 1-12. 31 Allow public upload

Chapter 1：Configuration

3. Set default expiration date: The public link will expire no later than 7 days after it is

created(Figure 1-12.32)

Default: Disable

Figure 1-12. 32 Set default expiration date

 Allow resharing

Default: Enabled

 Restrict users to only share with users in their groups

Default: Enabled(Figure 1-12.33)

Figure 1-12. 33 Restrict users to only share with users in their groups-1

Chapter 1：Configuration

admin and lois are in the same group so that they can share files each other only. However, both

admin and lois are not able to share files to others. (Figure 1-12.34)

Figure 1-12. 34 Restrict users to only share with users in their groups-2

Here is the other example, Disable(Figure 1-12.35)

Figure 1-12. 35 Disable “Restrict users to only share with users in their groups”

Chapter 1：Configuration

admin is able to share its files with others even if different groups. (Figure 1-12.36)

Figure 1-12. 36 admin able to share its file with others

 Exclude groups from sharing: These groups will still be able to receive shares, but not to initiate

them. (Figure 1-12.37)

Default: Disable

Example: Enable it, let’s see what’s happened.

Figure 1-12. 37 Enable “Exclude groups from sharing”

Chapter 1：Configuration

So others are still share their own file with Randy, however, Engineering group members who are

not able to share their files to others. (Figure 1-12.38)

Figure 1-12. 38 Exclude groups from sharing

Security

 Enforce HTTPS: Forces the clients to connect to via an encrypted connection.

Chapter 1：Configuration

My Cloud Homepage Information:

All files (Figure 1-12.39)

Figure 1-12. 39 All files

Shared with you (Figure 1-12.40)

you are able to click on to unshare it.

Figure 1-12. 40 Shared with you

Chapter 1：Configuration

Shared with others

You have shared this documents with randy(Figure 1-12.41)

Figure 1-12. 41 Shared with others

Shared by Link

You haven’t shared any files by link yet. (Figure 1-12.42)

Figure 1-12. 42 Shared by Link

Chapter 2：Network

In this chapter, the Administrator can set the office network. There are two sections, Interfaces and

Routing. The Administrator may configure the IP address of the LAN, the WAN, and the DMZ.

Besides, not only IPv4 address setting, but also IPv6 address settings.

․ 2-1 Interface ․ 2-2 Interface (IPv6) ․ 2-3 Routing ․ 2-4 802.1Q

Chapter 2：Network

2-1 Interface

In the Interface section you can enable the following lists:

Select Network > Interface> Port 1.

LAN Interface Setting: (Figure 2-1.1)

 Name: Enter any words for recognition.  Interface Name: eth0  IP Address: Enter an IP address.  Up Speed: Define a suitable Max. Upstream bandwidth for each for them in order that the device

may use it as a basis for operating

 MAC Address: Enter a MAC Address.  Speed and Duplex Mode: Usually, it sets on Auto. You also can select another setting.  Interface Type: LAN  Enable: NAT mode only because it without bypass  Netmask: Enter a Netmask.  Down Speed: Define a suitable Max. Downstream bandwidth for each for them in order that the

device may use it as a basis for operating.

 MTU: Nearly all IP over Ethernet implementations use the Ethernet V2 frame format.

Click on .

Figure 2-1. 1 Port1 (LAN) Setting

Table of MTUs of common media

Note: the MTUs in this section are given as the maximum size of IP packet that can be

transmitted without fragmentation - including IP headers but excluding headers from lower

levels in the protocol stack. The MTU must not be confused with the minimum datagram size

Chapter 2：Network

Media

Maximum Transmission Unit

(Bytes)

Notes

Internet IPv4 Path MTU

At Least 68

Practical path MTUs are generally higher.

IPv4 links must be able to forward packets

of size up to 68 bytes. Systems may

use Path MTU Discovery to find the actual

path MTU. This should not be mistaken

with the packet size every host must be

able to handle, which is 576.

Internet IPv6 Path MTU

At least 1280

Practical path MTUs are generally higher.

Systems must use Path MTU Discovery to

find the actual path MTU.

Ethernet v2

1500

Nearly all IP over Ethernet implementations

use the Ethernet V2 frame format.

Ethernet with LLC and

SNAP, PPPoE

1492

Ethernet Jumbo Frames

1500-9000

The limit varies by vendor. For correct

interoperation, the whole Ethernet network

must have the same MTU. Jumbo frames

are usually only seen in special purpose

networks.

WLAN (802.11)

7981

Token Ring (802.5)

4464

FDDI

4352

that all hosts must be prepared to accept, which has a value of 576 for IPv4 and of 1280 for

IPv6.

Chapter 2：Network

ARP Spoofing Prevention: (Figure 2-1.1)

Figure 2-1. 2 ARP Spoofing Prevention

What Is ARP Spoofing

ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address

Resolution Protocol) messages over a local area network. This results in the linking of an

attacker’s MAC address with the IP address of a legitimate computer or server on the

network. Once the attacker’s MAC address is connected to an authentic IP address, the

attacker will begin receiving any data that is intended for that IP address. ARP spoofing can

enable malicious parties to intercept, modify or even stop data in-transit. ARP spoofing

attacks can only occur on local area networks that utilize the Address Resolution Protocol.

Administrator Management

There are three multiple-choice modes, ping, HTTP, and HTTPS.

 Ping: The network can be detected by Ping commands when ticked.  HTTP: The management interface is available for access via HTTP protocol when ticked.  HTTPS: The management interface is available for access via HTTPS protocol when ticked.

Administrator is able to login via Port 1’s HTTPS and ping Port 1’s IP. (Figure 2-1.3)

Figure 2-1. 3 Administrator Management

Multiple Subnet: (Figure 2-1.4)

 Name: Enter any word for recognition.  IP Address: The multiple Subnet range of IP addresses.  Interface: LAN only because it without bypass  Bind: it depends on your network condition.  Netmask: Enter Netmask  WAN Interface IP Address / Operation Mode Setting: The WAN IP addresses that the subnet

corresponds to WAN.

 Forwarding Mode：Allows the internal network to accommodate multiple subnets and enables

Internet access through various external IP addresses. It displays using modes of WAN interface

IP.

ARP Spoofing: http://www.veracode.com/security/arp-spoofing

Chapter 2：Network

1. NAT mode

2. Routing

For example, a company, divided into Engineering department, Marketing Department, Sales

Department, Purchasing Department and Accounting Department has a lease line with

multiple Public IP addresses; 168.85.88.0/24. In order to facilitate the network management,

the IT administrator may designate a subnet to each department respectively. The subnet

distribution is as follows: (Figure 2-1.6)

Engineering Department: 192.168.1.1/24 (Internal) > 168.85.88.253 (External) (Figure 2-1.4)

Marketing Department: 192.168.2.1/24 (Internal) > 168.85.88.252 (External) (Figure 2-1.5)

Sales Department: 192.168.3.1/24 (Internal) > 168.85.88.251 (External)

Purchasing Department: 192.168.4.1/24 (Internal) > 168.85.88.250 (External)

Accounting Department: 192.168.5.1/24 (Internal) > 168.85.88.249 (External)

Network segment is the same as LAN IP range, so please disable "Bind."

Figure 2-1. 4 set up Engineering Department multiple subnet

Network segment is not within LAN IP range, so please enable "Bind."

Figure 2-1. 5 set up Marketing Department multiple subnet

Chapter 2：Network

Completed

Figure 2-1. 6 Multiple Subnet

The IT administrator must renew his / her own PC’s IP address upon using a DHCP server. It is

to assure the access validity of the management interface after the change of LAN interface IP

address. To renew the IP address distributed by a DHCP server, you may simply follow two

steps:

Step 1. Reboot computer. Step 2. Enter "cmd" in the Run window, and enter "ipconfig /release," and then enter

"ipconfig /renew," the IP address is successfully retrieved.

There is another example to show whether should be bind or not. (Figure 2-1.7)

Figure 2-1. 7 Bind selection

Chapter 2：Network

Select Network > Interface> Port 2. (Figure 2-1.8)

 Interface Name: Enter any word for recognition.  Interface Name: eth1  IP Address: Depend on the Connection Method. DHCP and PPPoE mode do not need to set IP

address. Only Static mode needs to setup IP address.

 Default Gateway: Depend on the Connection Method. DHCP and PPPoE mode do not need to set

Default Gateway. Only Static mode needs to setup Default Gateway.

 Up Speed (Max. 1000Mbps): The IT administrator must define a proper bandwidth for each of

them in order that the device may use it as a basis for operating. The Kbps is a unit of Speed. You

can click on Custom Define link to set your speed according to ISP’s WAN Speed.

 Speed and Duplex Mode: Usually, it sets on Auto. You also can select another setting.  Load Balancing: It offers four methods.

1. Auto: Distributes the outward sessions by the usage status of each WAN port.

2. By Source IP: For services that require using the same IP address throughout the process,

such as online game and banking, ShareTech UR helps user retain the same WAN port (i.e.

IP address) over which the session was created to avoid disconnection caused by the

variation of the user’s IP address.

3. Manual: According administrator demand to share loading on the WAN.

4. By Destination IP: Once a session is created between the ShareTech SG-100N and a specific

host, then the following sessions linking to that host will be automatically distributed to the

same WAN port.

 Interface Type: WAN  Connection Method：There are three Connection methods.

1. Static: Static IP address

2. DHCP: Using DHCP to get IP address from ISP

3. PPPoE: PPPoE

 Netmask: Enter a Netmask. Default setting is 255.255.255.0  MAC address: Enter a MAC Address.  Down Speed: The IT administrator must define a proper bandwidth for each of them in order

that the device may use it as a basis for operating. The Kbps is a unit of Speed. You can click on

Custom Define link to set your speed according to ISP’s WAN Speed.

 MTU: Nearly all IP over Ethernet implementations use the Ethernet V2 frame format.  Click on .

Chapter 2：Network

Figure 2-1. 8 WAN 1 Setting

WAN Alive Detection (Figure 2-1.9)

 Detection Method: Using DNS, ICMP or NONE to check WAN is on or off. Both DNS and ICMP

need to setup IP address for test. In addition, you can click on to see more detail Logs.

1. DNS: Tests the validity of Internet connection by requesting the domain name.

2. ICMP: Uses ping command to test the validity of Internet connection.

3. NONE: Line is not detected; the connection status is always on line.

 Administrator Management: There are three multiple-choice modes, ping, HTTP, and HTTPS.

1. Ping: The network can be detected by Ping commands when ticked.

2. HTTP: The management interface is available for access via HTTP protocol when ticked.

3. HTTPS: The management interface is available for access via HTTPS protocol when ticked.

Figure 2-1. 9 WAN Alive Detection

Firewall Protection (Figure 2-1.10) (Figure 2-1.11)

 Firewall Protect Items: There are four multiple-choice, SYN, ICMP, UDP, and Port Scan. It offers

currently available protection. In addition, you can click on to see more detail Logs.

Figure 2-1. 10 Port 2 Firewall Protection

Chapter 2：Network

You are able to see attack logs which through Port2 of SG-100N machine on Objects > Firewall

Protection > Attack Log. (Figure 2-1.11)

Figure 2-1. 11 Firewall Protection Port Scan

General Setting (Figure 2-1.12)

 DNS Server 1: The IP address of the DNS server used for the bulk of DNS lookups.

For example: Google DNS are 8.8.8.8 and 8.8.4.4

 HTTP Port: HTTP port number for manage.

Default: 80

 WAN Alive Detection Period: System administrators can enter the system every interval of

time to do much testing, unit calculated in seconds.

Default: 5 second

 DNS Server 2: The IP address of the backup DNS server, used when the Primary DNS Server is

unreachable.

 HTTPS Port: HTTPS port number for manage.

Default: 443

 Idle Timeout: The device may be configured to automatically disconnect when idle for a period

of time upon using PPPoE connection.

Default: 60 minutes

Figure 2-1. 12 Port 2 General Setting

Please note that Interface Type depend on what you set up on Network > Interface > Interface

Config (Figure 2-1.13) (Figure 2-1.14)

Chapter 2：Network

Figure 2-1. 13 Interface Config

Figure 2-1. 14 Port 3 setting

Please note that Interface Type depend on what you set up on Network > Interface > Interface

Config

For example: Configure the IP address and subnet mask of your demilitarized zone (DMZ) here.

Select Network > Interface > Port4. (Figure 2-1.15)

 Name: Enter any word for recognition.  Interface Name: eth3  IP Address: Enter an IP address.  Up Speed: The IT administrator must define a proper bandwidth for each of them in order that

the device may use it as a basis for operating. The Kbps is a unit of Speed.

 MAC Address: Enter a MAC address.  Speed and Duplex Mode: Usually, it sets on Auto. You also can select another setting.  Interface Type: DMZ  Enable: It offers three modes.

1. NAT: In this mode, the DMZ acts an independent subnet from the LAN, from which the IT

administrator may configure.

2. OFF: It means Disable.

Chapter 2：Network

3. Transparent Bridging: A mode that allows a SG-100N (firewall, router, switch) to be

inserted into an existing network without the need for IP reconfiguration similar with the

Transparent Mode but providing more transparency(the firewall acts as a Layer 2 bridge)

and versatile functionality. An optional mode of L2 Bridge which prevents traffic that has

entered an L2 bridge from being forwarded to a non-Bridge-Pair interface, ensuring that

traffic which enters an L2 Bridge exits the L2 Bridge rather than taking its most logically

optimal path.

4. Transparent Routing: A mode that allows a SG-100N (firewall, router, switch) to be

inserted into an existing network without the need for IP reconfiguration by spanning a

single IP subnet across two or more interfaces.

 Netmask: Enter a Netmask.  Down Speed: The IT administrator must define a proper bandwidth for each of them in order

that the device may use it as a basis for operating. The Kbps is a unit of Speed.

 MTU: Nearly all IP over Ethernet implementations use the Ethernet V2 frame format.  Click on after you finish setting.

Figure 2-1. 15 Port 3 Setting

What’s the difference between DMZ (Transparent Routing) and DMZ (Transparent Bridge)?

In the past, most of SG-100N supports NAT and Transparent mode usually in order to satisfy

customers with different network framework requirement. DMZ is an independent virtual

(internal) network within NAT mode. If some enterprise doesn’t have enough public IP, they

would like to use Port Mapping or IP Mapping, and make DMZ Internal IP to be a WAN public

IP in order to make Internet service work fine. On the other hand, transparent mode means

routing mode, so that DMZ should be Public (real) IP.

Chapter 2：Network

Fortunately, ShareTech research and development team creates and improves multi-features

constantly. After the firmware 7.1.3, ShareTech DMZ port supports three flexible modes: NAT,

Transparent Routing, and Transparent Bridge. We better know what the difference between

NAT and Transparent mode from the first paragraph is. Therefore, that’s go on to see what’s

the difference between Transparent Routing and Transparent Bridge

1. Transparent Routing: (Figure 2-1.16)

When DMZ packets pass through ShareTech SG-100N, system follows routing table rule and

then deliver packets to their destination.

Network Environment: When enterprise has more than two WANs, and must do load

balance necessarily. System follows the WAN load balance rule and divide packets which

from DMZ among each WAN Port.

Figure 2-1. 16 Transparent Routing

Chapter 2：Network

2. Transparent Bridge: (Figure 2-1.17)

System doesn’t follow routing table rule to deliver packets to their destination, and

delivery destination based on MAC. Therefore, the operation is similar to Switch.

Network Environment: When enterprise only has one WAN or only allow DMZ packets

must go pass static WAN.

Even though Transparent Bridge cannot support load balance, however, sometimes it’s

very practical method and conscientious. Please see the following figure, if we put

gateway in front of SG-100N, and then gateway bind DMZ’s IP and MAC. So, as we know

the packets is allowed pass out if having the same IP and MAC. On the other hand, the

packets will be block if it’s with Transparent Routing mode, because gateway just analyze

DMZ IP but bind WAN port MAC. (Figure 2-1.17) (Figure 2-1.18)

Figure 2-1. 17 Transparent Bridge

Chapter 2：Network

Compare Transparent Routing with Transparent Bridge

Transparent Routing

Transparent Bridge

Load Balance

YES

Environment

More than two WANs

Only one WAN

The packets form DMZ

WAN Port MAC

Original MAC

Figure 2-1. 18 Transparent Routing / Transparent Bridge

Figure 2-1. 19 Compare Transparent Routing with Transparent Bridge

Chapter 2：Network

It’s an optional item. If you never purchase WiFi on Configuration > Package, you will not see

this (Figure 2-1.20) Please enable one of SSID.

Figure 2-1. 20 WiFi

Custom Port (Fixed LAN & WAN1) (Figure 2-1.21)

Please note systme will reboot after modify

Figure 2-1. 21 Custom Port

Chapter 2：Network

2-2 Interface (IPv6)

IPv4 is not enough anymore until 2021, and previously technical administrators are used to rely on

IPv4 with NAT mode. As for now, IPv6 which offer more flexible for distributing IP address and

routing table turn up. Compared to IPv4, the most obvious advantage of IPv6 is its larger address

space. IPv4 addresses are 32 bits long and number about 4.3 × 10 9 (4.3 billion ). IPv6 addresses are

128 bits long and number about 3.4 × 10 38 (340 Undecillion).

IPv6 Auto Configuration is a new concept with IPv6. It gives an intermediate alternative

between a purely manual configuration and stateful auto configuration.

Select Network > Interface (IPv6) > Port 1 (Figure 2-2.1)

 IPV6 LAN (eth0) IP: Enter IPv6 address.  IPv6 Auto Configuration: It’s like IPv4 DHCP. It automatically distributes IPv6 address to among

LAN internal users.

The following is LAN IPv6 figure

Figure 2-2. 1 Port 1 IPv6

Select Network > Interface (IPv6) > Port 2

 IPv6 model: you are able to choose static, Tunnel, or PPPoE IPv6 ways. (Figure 2-2.2)

The following is WAN1 IPv6 figure

Figure 2-2. 2 Port 2 IPv6

Chapter 2：Network

Select Network > Interface (IPv6) > Port 3. (Figure 2-2.3)

Please note that Interface Type depend on what you set up on Network > Interface > Interface

Config. (Figure 2-1.9)

The following is WAN2 IPv6 figure, so you are able to choose static, Tunnel, or PPPoE IPv6

ways.

Figure 2-2. 3 Port 3IPv6

Select Network > Interface (IPv6) > Port 4. (Figure 2-2.4)

Please note that Interface Type depend on what you set up on Network > Interface > Interface

Config. (Figure 2-1.9)

The following is DMZ IPv6 figure, so please enter DMZ’s IPv6 address.

Figure 2-2. 4 Port 4 IPv6

Chapter 2：Network

The current IETF recommendation is to use AAAA (Quad A) RR for forward mapping and PTR RRs for

reverse mapping when defining IPv6 networks. (Figure 2-2.5)

The Google Public DNS IPv6 addresses are as follows:

2001:4860:4860::8888

2001:4860:4860::8844

Figure 2-2. 5 DNS IPv6

Chapter 2：Network

2-3 Routing

Routing tables contain a list of IP addresses. Each IP address identifies a remote router (or other

network gateway) that the local router is configured to recognize. For each IP address, the routing

table additionally stores a network mask and other data that specifies the destination IP address

ranges that remote device will accept. In the Routing section you can enable the following lists:

Static routing is simply the process of manually entering routes into a device's routing table via a

configuration file that is loaded when the routing device starts up. As an alternative,

these routes can be entered by a network administrator who configures the routes manually. Since

these manually configured routes don't change after they are configured (unless a human changes

them) they are called 'static' routes. Select Network > Routing > Routing Table. Click on to create a new routing table. (Figure 2-3.1)

 Comment: Enter any words for recognition.  Destination IP: The IP address of the packet's final destination.  Netmask: Enter Netmask  Gateway: Enter Gateway  Interface: Select your internal interface.(The outgoing network interface the device should use

when forwarding the packet to the next hop or final destination)

Figure 2-3. 1 Routing Table

For exemple : A leased line connects Company A’s Router 1 (10.10.10.1) with Company B’s

Router 2 (10.10.10.2)

Company A : Connect WAN port 1 (61.11.11.11) to ATUR; Connect WAN port 2 (211.22.22.22) to ATUR; LAN subnet ranges 192.168.1.1/24；The LAN subnet that Router 1 (10.10.10.1, RIPv2

supported) connected to ranges from 192.168.10.1/24.

Company B: The LAN subnet that Router 2 (10.10.10.2, RIPv2 supported) connected to ranges

from 192.168.20.1/24.

Chapter 2：Network

 Setting Routing Table completed. The network subnets of 192.168.20.1/24 and 192.168.1.1/24

now not only communicate with each other, but as well use NAT mode to access the Internet. In

addition, select Mark tick box, and click on to create a new sub-content, to

modify contents, or to cancel list. (Figure 2-3.2)

Figure 2-3. 2 Routing Table List

Two hypothetical, partial routing table entries are shown below:

IP Address: 172.48.11.181 - Network Mask: 255.255.255.255

IP Address: 192.168.1.1 - Network Mask: 255.255.255.0

In this example, the first entry represents the route to the ISP's primary DNS server. Requests

made from the home network to any destination on the Internet will be sent to the IP address

172.48.11.181 for forwarding. The second entry represents the route between any computers

within the home network, where the home router has IP address 192.168.1.1.

A router using dynamic routing will 'learn' the routes to all networks that are directly connected to

the device. Next, the router will learn routes from other routers that run the same routing

protocol (RIP, RIP2, etc.). Each router will then sort through its list of routes and select one or more

'best' routes for each network destination the router knows or has learned.

Select Network > Routing > Dynamic routing. Select interface(s) and click on

Figure 2-3. 3 Dynamic routing Table

(Figure 2-3.3)

Viewing the Contents of Routing Tables, please select Tools > Connection Test > IP Route. (Figure

2-3.4)

Figure 2-3. 4 IP Route

Chapter 2：Network

On Windows and Unix/Linux computers, the netstat -r command also displays the contents of

the routing table configured on the local computer.

IPV6 Routing Table setting way is the same as Routing Table section. (Figure 2-3.5)

Figure 2-3. 5 IPV6 Routing Table

100

ShareTech SG-100N Administrator's Manual

Specifications and Main Features

Frequently Asked Questions

User Manual