1 Trademarks & Copyright Windows 95/98/ME and Windows NT/2000/XP are registered trademarks of Microsoft Corp. All other brands and product names are trademarks of their respective companies. No part of this publication may be reproduced in any form or by any means or used to make any derivative (such as translation, transformation or adaptation) without the express written consent of the manufacturer as stipulated by the United States Copyright Act of 1976. FCC Certifications This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures: · Reorient or relocate the receiving antenna. · Increase the separation between the equipment and receiver. · Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. · Consult the dealer or an experienced radio/TV technician for help. Shielded interface cables must be used in order to comply with emission limits. You are cautioned that changes or modifications not expressly approved by the party responsible for compliance could void your authority to operate the equipment. This device complies with Part 15 of the FCC rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) This device must accept any interference received, including interference that may cause undesired operation. CE Mark Warning This is a Class B product. In a domestic environment, this product may cause radio interference, in which case the user may be required to take adequate measures. All trademarks and brand names are the property of their respective proprietors. Specifications are subject to change without prior notification. HAWKING LIMITED WARRANTY Hawking Technology guarantees that every H-BR49 Broadband Router is free from physical defects in material and workmanship under normal use for two (2) years from the date of purchase. If the product proves defective during this twoyear warranty period, call Hawking Customer Service in order to obtain a Return Authorization number. Warranty is for repair or replacement only. Hawking Technology does not issue any refunds. BE SURE TO HAVE YOUR PROOF OF PURCHASE. RETURN REQUESTS CAN NOT BE PROCESSED WITHOUT PROOF OF PURCHASE. When returning a product, mark the Return Authorization number clearly on the outside of the package and include your original proof of purchase. IN NO EVENT SHALL HAWKING TECHNOLOGY'S LIABILTY EXCEED THE PRICE PAID FOR THE PRODUCT FROM DIRECT, INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES RESULTING FROM THE USE OF THE PRODUCT, ITS ACCOMPANYING SOFTWARE OR ITS DOCUMENTATION. Hawking Technology makes no warranty or representation, expressed, implied or statutory, with respect to its products or the contents or use of this documentation and all accompanying software, and specifically disclaims its quality, performance, merchantability, or fitness for any particular purpose. Hawking Technology reserves the right to revise or update its products, software, or documentation without obligation to notify any individual or entity. Please direct all inquiries to: techsupport@hawkingtech.com. 2 Package Contents Introduction Features Minimum Requirements Get to Know the Broadband Router Back Panel Front Panel Setup Diagram Getting Started Chapter 1: Quick Setup (via web UI) About Quick Setup Step 1: Time Zone Step 2: Broadband Type 1.1 Cable Modem 1.2 Fixed IP xDSL 1.3 PPPoE 1.4 PPTP Chapter 2: General Setup General Settings 2.1 System 2.1.1 Time Zone 2.1.2 Password Settings 2.1.3 Remote Management 2.2 WAN 2.2.1 Dynamic IP Address 2.2.2 Static IP Address 2.2.3 PPPoE 2.2.4 PPTP 2.2.5 L2TP 2.2.6 Telstra Big Pond 2.2.7 WAN Policy 2.2.8 DNS 2.2.9 DDNS 2.3 LAN 2.4 NAT 2.4.1 Port Forwarding 2.4.2 Virtual Server 2.4.3 Special Applications 2.4.4 UPnP 2.4.5 Protocol and Port Binding 5 6 7 7 8 9 9 18 18 19 20 21 22 24 26 27 28 29 30 31 33 33 33 33 33 36 37 38 39 41 43 44 46 48 51 52 3 2.4.6 ALG Settings 2.4.7 Static Routing 2.5 Firewall 2.5.1 Access Control 2.5.2 URL Blocking 2.5.3 DoS (Denial of Service) 2.5.4 DMZ Chapter 3: Status Status 3.1 Status and Information 3.2 Internet Connection 3.3 Device Status 3.4 System Log 3.5 Security Log 3.6 Active DHCP Client 3.7 Statistics Chapter 4: Tools Tools 4.1 Configuration Tools 4.2 Firmware Upgrade 4.3 Reset Appendix A Glossary 54 55 56 58 62 63 65 67 68 69 70 71 72 73 74 75 76 77 78 79 80 4 The complete H2BR4 package consists of: · · · · · One H2BR4 Dual WAN 4-Port Firewall Router One Quick Installation Guide One CD with User's Manual One Power Adapter Accessories Check to make sure that the unit was not damaged during shipping and that no items are missing. If you encounter a problem, please contact your dealer. Please read this manual thoroughly, and follow the installation and operation procedures detailed in this user's manual. 5 The high performance Hawking H2BR4 Dual WAN Firewall Router with built-in 4-port 10/100M Ethernet Switch provides an easy-to-use, cost-effective means of sharing two broadband Internet connections with your LAN (Local Area Network). With the H2BR4's two WAN ports, users experience significantly faster data rates as a result of increased and more efficient use of bandwidth. The dual WAN ports also provide: an easy way to utilize two different types of broadband Internet connections on the same network (i.e., DSL, Cable, T1, etc.), a method for selectively managing traffic between Internet connections (i.e., by port or IP address), and a back-up method that activates the second WAN if the first WAN should get disconnected. The H2BR4 features high-level security and is equipped with true, hardware-based firewall protection. The firewall utilizes Stateful Packet Inspection (SPI) technology, Network Address Translation, and prevents against Denial of Service (DoS) attacks from outside intruders. In addition, the VPN (Virtual Private Network) pass-through feature allows for fast, reliable, and secure access to your corporate network via a public Internet network. The H2BR4 includes a full set of powerful features. It utilizes Network Address Translation (NAT) to expand your existing network without affecting existing IP based account schemes. The router supports DSL, Cable, and other broadband modem connections that connect to an RJ-45 Ethernet port. The H2BR4 also features Virtual Server and DMZ functions, which allow the user to protect clients on the network behind the router while permitting specified traffic to be opened up outside the network. The router has a built-in DHCP server, which eliminates the need to configure each IP address manually. The user-friendly web management interface provides the user with an easy way to configure the router from anywhere in the world using a web browser. The H2BR4 can easily be firmware upgraded and is compatible with all standard Internet applications. It provides a complete solution for small/medium business and small office/home office users. Features · Superb throughput of up to 50Mbps · Allows multiple users to share a single Internet line or two Internet lines · Supports up to 253 users · Internet Access via Cable or xDSL modem · Can Access Private LAN Servers from the Public Network · Equipped with two WAN ports (10/100M) and four LAN ports (10/100M) · Supports DHCP (Server/Client) for easy setup · Supports advanced features such as: o Special Applications (i.e., Port Triggers, etc.) o DMZ o Virtual Servers o Network Access Control o Firewall o Bridge mode o DDNS (DynDNS/TZO) o Content Filtering · Allows you to monitor the router's status via: DHCP Client Log, Security Log and Device/Connection Status · Easy-to-use Web-based user interface for configuration and management purposes · Remote management allows configuration and upgrades from a remote site (over the Internet) 6 Minimum Requirements · One External xDSL (ADSL) or Cable modem with an Ethernet port (RJ-45) · Network Interface Card (NIC) for each Personal Computer (PC) · PCs with a Web-Browser (Internet Explorer 4.0 or higher, or Netscape Navigator 4.7 or higher) Note The WAN "idle timeout" auto-disconnect function may not work due to abnormal activities of some network application software, computer viruses or hacker attacks from the Internet. For example, some types of software send network packets to the Internet in the background, even when you are not using the Internet. This function also may not work with some ISPs. Please make sure this function works properly when you use this function for the first time, especially if your ISP charges you according to time used. Due to such issues, we cannot guarantee that the WAN "idle timeout" autodisconnect function will work in all situations. In order to prevent an extra fee from being charged by the ISP, if your ISP uses such a fee structure, please turn off the router when you are finished using the Internet. Get to Know the Broadband Router Back Panel The diagram below (Figure 1.0) shows the router's back panel. The router's back panel is divided into three sections, LAN, WAN and Reset: LAN WAN Figure 0.0 7 1) Local Area Network (LAN) The router's four LAN ports are what you will use to connect your PCs, print servers, switches, etc. 2) Wide Area Network (WAN) The WAN ports are the segments that connect to your xDSL or Cable modems and are linked to the Internet. 3) Reset The Reset button allows you to do one of two things: i. ii. If problems occur with your router, press the router's reset button with a narrow pen tip (for less than four seconds) and the router will re-boot itself, keeping your original configurations. If problems persist or become serious, or if you forget your password, press the reset button for longer than four seconds and the router will reset itself to the factory default settings. Warning: Your original configurations will be replaced with the factory default settings. Front Panel The LED lights located on the router's front/top panel provide you with information on the device's status at any given time. Below is a detailed description of the LEDs. Figure 0.1 LED PWR WAN 10/100M (Port 1-2) WAN LNK/ACT (Port 1-2) Light Status ON ON Off ON Off Flashing ON Off ON Off Flashing Description Router's power supply is on 100Mbps connection 10Mbps connection WAN is connected No WAN connection WAN port has Activity (ACT); data being sent 100Mbps connection 10Mbps connection LAN is connected No LAN connection LAN port has Activity (ACT); data being sent 8 LAN 10/100M (Port 1-4) LAN LNK/ACT (Port 1-4) Setup Diagram Figure 1.2 below shows a typical setup for a Local Area Network (LAN). Figure 0.2 Getting started The following are step-by-step instructions on how to start using the router and get connected to the Internet. 1) 2) Set up your network as shown in the setup diagram above (Figure 1.2). You then need to set your LAN PC clients so that they can obtain an IP address automatically. All LAN clients require an IP address. Just like a street address, it allows LAN clients to find one another. (If you have already configured your PC to obtain an IP address automatically then proceed to step 3, page 11.) Configure your PC to obtain an IP address automatically By default, the router's DHCP is on (enabled). This means that you can obtain an IP address automatically once you've configured your PC to obtain an IP address automatically. This section will show you how to configure your PC so that it can obtain an IP address automatically for either Windows 95/98/Me, 2000 or NT operating 9 systems. For other operating systems (Macintosh, Sun, etc.), follow the manufacturer's instructions. The following is a step-by-step illustration on how to configure your PC to obtain an IP address automatically for: 2a) Windows 95/98/Me, 2b) Windows 2000 and 2c) Windows NT. 2a) Windows 95/98/Me i: Click the Start button and select Settings, then click Control Panel. The Control Panel window will appear. ii: Double-click Network icon. The Network window will appear. iii: Check your list of Network Components. If TCP/IP is not installed, click the Add button to install it now. If TCP/IP is installed, go to step 6. iv: In the Network Component Type dialog box, select Protocol and click Add button. v: In t ...