User manual HAWKING H2BR4

1 Trademarks & Copyright Windows 95/98/ME and Windows NT/2000/XP are registered trademarks of Microsoft Corp. All other brands and product names are trademarks of their respective companies. No part of this publication may be reproduced in any form or by any means or used to make any derivative (such as translation, transformation or adaptation) without the express written consent of the manufacturer as stipulated by the United States Copyright Act of 1976. FCC Certifications This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures: · Reorient or relocate the receiving antenna. · Increase the separation between the equipment and receiver. · Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. · Consult the dealer or an experienced radio/TV technician for help. Shielded interface cables must be used in order to comply with emission limits. You are cautioned that changes or modifications not expressly approved by the party responsible for compliance could void your authority to operate the equipment. This device complies with Part 15 of the FCC rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) This device must accept any interference received, including interference that may cause undesired operation. CE Mark Warning This is a Class B product. In a domestic environment, this product may cause radio interference, in which case the user may be required to take adequate measures. All trademarks and brand names are the property of their respective proprietors. Specifications are subject to change without prior notification. HAWKING LIMITED WARRANTY Hawking Technology guarantees that every H-BR49 Broadband Router is free from physical defects in material and workmanship under normal use for two (2) years from the date of purchase. If the product proves defective during this twoyear warranty period, call Hawking Customer Service in order to obtain a Return Authorization number. Warranty is for repair or replacement only. Hawking Technology does not issue any refunds. BE SURE TO HAVE YOUR PROOF OF PURCHASE. RETURN REQUESTS CAN NOT BE PROCESSED WITHOUT PROOF OF PURCHASE. When returning a product, mark the Return Authorization number clearly on the outside of the package and include your original proof of purchase. IN NO EVENT SHALL HAWKING TECHNOLOGY'S LIABILTY EXCEED THE PRICE PAID FOR THE PRODUCT FROM DIRECT, INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES RESULTING FROM THE USE OF THE PRODUCT, ITS ACCOMPANYING SOFTWARE OR ITS DOCUMENTATION. Hawking Technology makes no warranty or representation, expressed, implied or statutory, with respect to its products or the contents or use of this documentation and all accompanying software, and specifically disclaims its quality, performance, merchantability, or fitness for any particular purpose. Hawking Technology reserves the right to revise or update its products, software, or documentation without obligation to notify any individual or entity. Please direct all inquiries to: techsupport@hawkingtech.com. 2 Package Contents Introduction Features Minimum Requirements Get to Know the Broadband Router Back Panel Front Panel Setup Diagram Getting Started Chapter 1: Quick Setup (via web UI) About Quick Setup Step 1: Time Zone Step 2: Broadband Type 1.1 Cable Modem 1.2 Fixed IP xDSL 1.3 PPPoE 1.4 PPTP Chapter 2: General Setup General Settings 2.1 System 2.1.1 Time Zone 2.1.2 Password Settings 2.1.3 Remote Management 2.2 WAN 2.2.1 Dynamic IP Address 2.2.2 Static IP Address 2.2.3 PPPoE 2.2.4 PPTP 2.2.5 L2TP 2.2.6 Telstra Big Pond 2.2.7 WAN Policy 2.2.8 DNS 2.2.9 DDNS 2.3 LAN 2.4 NAT 2.4.1 Port Forwarding 2.4.2 Virtual Server 2.4.3 Special Applications 2.4.4 UPnP 2.4.5 Protocol and Port Binding 5 6 7 7 8 9 9 18 18 19 20 21 22 24 26 27 28 29 30 31 33 33 33 33 33 36 37 38 39 41 43 44 46 48 51 52 3 2.4.6 ALG Settings 2.4.7 Static Routing 2.5 Firewall 2.5.1 Access Control 2.5.2 URL Blocking 2.5.3 DoS (Denial of Service) 2.5.4 DMZ Chapter 3: Status Status 3.1 Status and Information 3.2 Internet Connection 3.3 Device Status 3.4 System Log 3.5 Security Log 3.6 Active DHCP Client 3.7 Statistics Chapter 4: Tools Tools 4.1 Configuration Tools 4.2 Firmware Upgrade 4.3 Reset Appendix A Glossary 54 55 56 58 62 63 65 67 68 69 70 71 72 73 74 75 76 77 78 79 80 4 The complete H2BR4 package consists of: · · · · · One H2BR4 Dual WAN 4-Port Firewall Router One Quick Installation Guide One CD with User's Manual One Power Adapter Accessories Check to make sure that the unit was not damaged during shipping and that no items are missing. If you encounter a problem, please contact your dealer. Please read this manual thoroughly, and follow the installation and operation procedures detailed in this user's manual. 5 The high performance Hawking H2BR4 Dual WAN Firewall Router with built-in 4-port 10/100M Ethernet Switch provides an easy-to-use, cost-effective means of sharing two broadband Internet connections with your LAN (Local Area Network). With the H2BR4's two WAN ports, users experience significantly faster data rates as a result of increased and more efficient use of bandwidth. The dual WAN ports also provide: an easy way to utilize two different types of broadband Internet connections on the same network (i.e., DSL, Cable, T1, etc.), a method for selectively managing traffic between Internet connections (i.e., by port or IP address), and a back-up method that activates the second WAN if the first WAN should get disconnected. The H2BR4 features high-level security and is equipped with true, hardware-based firewall protection. The firewall utilizes Stateful Packet Inspection (SPI) technology, Network Address Translation, and prevents against Denial of Service (DoS) attacks from outside intruders. In addition, the VPN (Virtual Private Network) pass-through feature allows for fast, reliable, and secure access to your corporate network via a public Internet network. The H2BR4 includes a full set of powerful features. It utilizes Network Address Translation (NAT) to expand your existing network without affecting existing IP based account schemes. The router supports DSL, Cable, and other broadband modem connections that connect to an RJ-45 Ethernet port. The H2BR4 also features Virtual Server and DMZ functions, which allow the user to protect clients on the network behind the router while permitting specified traffic to be opened up outside the network. The router has a built-in DHCP server, which eliminates the need to configure each IP address manually. The user-friendly web management interface provides the user with an easy way to configure the router from anywhere in the world using a web browser. The H2BR4 can easily be firmware upgraded and is compatible with all standard Internet applications. It provides a complete solution for small/medium business and small office/home office users. Features · Superb throughput of up to 50Mbps · Allows multiple users to share a single Internet line or two Internet lines · Supports up to 253 users · Internet Access via Cable or xDSL modem · Can Access Private LAN Servers from the Public Network · Equipped with two WAN ports (10/100M) and four LAN ports (10/100M) · Supports DHCP (Server/Client) for easy setup · Supports advanced features such as: o Special Applications (i.e., Port Triggers, etc.) o DMZ o Virtual Servers o Network Access Control o Firewall o Bridge mode o DDNS (DynDNS/TZO) o Content Filtering · Allows you to monitor the router's status via: DHCP Client Log, Security Log and Device/Connection Status · Easy-to-use Web-based user interface for configuration and management purposes · Remote management allows configuration and upgrades from a remote site (over the Internet) 6 Minimum Requirements · One External xDSL (ADSL) or Cable modem with an Ethernet port (RJ-45) · Network Interface Card (NIC) for each Personal Computer (PC) · PCs with a Web-Browser (Internet Explorer 4.0 or higher, or Netscape Navigator 4.7 or higher) Note The WAN "idle timeout" auto-disconnect function may not work due to abnormal activities of some network application software, computer viruses or hacker attacks from the Internet. For example, some types of software send network packets to the Internet in the background, even when you are not using the Internet. This function also may not work with some ISPs. Please make sure this function works properly when you use this function for the first time, especially if your ISP charges you according to time used. Due to such issues, we cannot guarantee that the WAN "idle timeout" autodisconnect function will work in all situations. In order to prevent an extra fee from being charged by the ISP, if your ISP uses such a fee structure, please turn off the router when you are finished using the Internet. Get to Know the Broadband Router Back Panel The diagram below (Figure 1.0) shows the router's back panel. The router's back panel is divided into three sections, LAN, WAN and Reset: LAN WAN Figure 0.0 7 1) Local Area Network (LAN) The router's four LAN ports are what you will use to connect your PCs, print servers, switches, etc. 2) Wide Area Network (WAN) The WAN ports are the segments that connect to your xDSL or Cable modems and are linked to the Internet. 3) Reset The Reset button allows you to do one of two things: i. ii. If problems occur with your router, press the router's reset button with a narrow pen tip (for less than four seconds) and the router will re-boot itself, keeping your original configurations. If problems persist or become serious, or if you forget your password, press the reset button for longer than four seconds and the router will reset itself to the factory default settings. Warning: Your original configurations will be replaced with the factory default settings. Front Panel The LED lights located on the router's front/top panel provide you with information on the device's status at any given time. Below is a detailed description of the LEDs. Figure 0.1 LED PWR WAN 10/100M (Port 1-2) WAN LNK/ACT (Port 1-2) Light Status ON ON Off ON Off Flashing ON Off ON Off Flashing Description Router's power supply is on 100Mbps connection 10Mbps connection WAN is connected No WAN connection WAN port has Activity (ACT); data being sent 100Mbps connection 10Mbps connection LAN is connected No LAN connection LAN port has Activity (ACT); data being sent 8 LAN 10/100M (Port 1-4) LAN LNK/ACT (Port 1-4) Setup Diagram Figure 1.2 below shows a typical setup for a Local Area Network (LAN). Figure 0.2 Getting started The following are step-by-step instructions on how to start using the router and get connected to the Internet. 1) 2) Set up your network as shown in the setup diagram above (Figure 1.2). You then need to set your LAN PC clients so that they can obtain an IP address automatically. All LAN clients require an IP address. Just like a street address, it allows LAN clients to find one another. (If you have already configured your PC to obtain an IP address automatically then proceed to step 3, page 11.) Configure your PC to obtain an IP address automatically By default, the router's DHCP is on (enabled). This means that you can obtain an IP address automatically once you've configured your PC to obtain an IP address automatically. This section will show you how to configure your PC so that it can obtain an IP address automatically for either Windows 95/98/Me, 2000 or NT operating 9 systems. For other operating systems (Macintosh, Sun, etc.), follow the manufacturer's instructions. The following is a step-by-step illustration on how to configure your PC to obtain an IP address automatically for: 2a) Windows 95/98/Me, 2b) Windows 2000 and 2c) Windows NT. 2a) Windows 95/98/Me i: Click the Start button and select Settings, then click Control Panel. The Control Panel window will appear. ii: Double-click Network icon. The Network window will appear. iii: Check your list of Network Components. If TCP/IP is not installed, click the Add button to install it now. If TCP/IP is installed, go to step 6. iv: In the Network Component Type dialog box, select Protocol and click Add button. v: In the Select Network Protocol dialog box, select Microsoft and TCP/IP and then click the OK button to start installing the TCP/IP protocol. You may need your Windows CD to complete the installation. vi: After installing TCP/IP, go back to the Network dialog box. Select TCP/IP from the list of Network Components and then click the Properties button. vii: Check each of the tabs and verify the following settings: · · · · · Bindings: Check Client for Microsoft Networks and File and printer sharing for Microsoft Networks. Gateway: All fields are blank. DNS Configuration: Select Disable DNS. WINS Configuration: Select Disable WINS Resolution. IP Address: Select Obtain IP address automatically. 10 Figure 0.3 viii: Reboot the PC. Your PC will now obtain an IP address automatically from your router's DHCP server. Note: Please make sure that the router's DHCP server is the only DHCP server available on your LAN. Once you've configured your PC to obtain an IP address automatically, please proceed to Step 3. 2b) Windows 2000 i: Click the Start button and select Settings, then click Control Panel. The Control Panel window will appear. ii: Double-click the Network and Dial-up Connections icon. In the Network and Dial-up Connection window, double-click the Local Area Connection icon. The Local Area Connection window will appear. iii: In the Local Area Connection window, click the Properties button. iv: Check your list of Network Components. You should see Internet Protocol [TCP/IP] on your list. Select it and click the Properties button. v: In the Internet Protocol (TCP/IP) Properties window, select Obtain an IP address automatically and Obtain DNS server address automatically as shown on the following screen. 11 Figure 0.4 vi: Click OK to confirm the settings. Your PC will now obtain an IP address automatically from your router's DHCP server. Note: Please make sure that the router's DHCP server is the only DHCP server available on your LAN. Once you've configured your PC to obtain an IP address automatically, please proceed to Step 3. 2c) Windows NT i: Click the Start button and select Settings, then click Control Panel. The Control Panel window will appear. ii: Double-click the Network icon. The Network window will appear. Select the Protocol tab from the Network window. 12 iii: Check if the TCP/IP Protocol is on your list of Network Protocols. If TCP/IP is not installed, click the Add button to install it now. If TCP/IP is installed, go to step 5. iv: In the Select Network Protocol window, select the TCP/IP Protocol and click the Ok button to start installing the TCP/IP protocol. You may need your Windows CD to complete the installation. v: After you install TCP/IP, go back to the Network window. Select TCP/IP from the list of Network Protocols and then click the Properties button. vi: Check each of the tabs and verify the following settings: · · · · IP Address: Select Obtain an IP address from a DHCP server. DNS: all fields are blank. WINS: all fields are blank. Routing: all fields are blank. Figure 0.4 13 vii: Click OK to confirm the settings. Your PC will now obtain an IP address automatically from your router's DHCP server. Note: Please make sure that the router's DHCP server is the only DHCP server available on your LAN. Once you've configured your PC to obtain an IP address automatically, please proceed to Step 3. 3) Once you have configured your PCs to obtain an IP address automatically, the router's DHCP server will automatically give your LAN clients IP addresses. By default, the router's DHCP server is enabled so that you can obtain an IP address automatically. To see if you have obtained an IP address, see Appendix A. Note: Please make sure that the router's DHCP server is the only DHCP server available on your LAN. If there is another DHCP server on your network, then you'll need to switch one of the DHCP servers off. (To disable the router's DHCP server, see Chapter 2: LAN Port.) 4) Once your PC has obtained an IP address from your router, enter the router's default IP address of "192.168.2.1" into your PC's web browser and press Enter. Figure 0.5 5) The login screen below will appear. Enter the "User Name" and "Password" and then click to login. Note: By default the user name is "admin" and the password is "1234". For security reasons it is recommended that you change the password as soon as possible (in General setup/system/password, see chapter 2) Figure 0.6 14 6) The HOME page screen below will appear. The Home Page is divided into four sections, Quick Setup Wizard, General Setup, Status Information and Tools. Quick Setup Wizard (Chapter 1) If you only want to start using the router as an Internet Access device then you ONLY need to configure the screens in the Quick Setup Wizard section. General Setup (Chapter 2) If you want to use more advanced features that the router has to offer, then you will need to configure the Quick Setup Wizard and the General Setup section. Alternatively, you can just configure the General Setup section, since the General Setup/WAN and the Quick Setup Wizard contain the same configurations. Status Information (Chapter 3) The Status Information section is for you to monitor the router's status information at any point in time. Tools (Chapter 4) If you want to Reset the router (because of problems) or save your configurations or upgrade the firmware then you will need to go to the Tools section. Figure 0.7 15 Menu Quick Setup Wizard (Chapter 1) General Setup (Chapter 2) Description Select your Internet connection type and then input the configurations needed to connect to your Internet Service Provider (ISP). This section contains configurations for the Broadband router's advanced functions such as: Bridge, Address Mapping, Virtual Server, Access Control, Hacker Attack Prevention, DMZ, Special applications and other functions to meet your LAN requirements. In this section you can see the Broadband router's system information, Internet Connection, Device Status, Security Log and DHCP client Log information. This section contains the router's Tools - Tools include Configuration tools, Firmware upgrade and Reset. Configuration tools allow you to Backup (save), Restore, or Restore to Factory Default configuration for your Broadband router. The Firmware upgrade tool allows you to upgrade your router's firmware. The RESET tool allows you to reset your Broadband router. Selecting logout will return you to the LOGIN page Status Information (Chapter 3) Tools (Chapter 4) Logout 7) Click on Quick Setup Wizard (see Chapter 1) to start configuring settings required by your ISP so that you can start accessing the Internet. The other sections (General Setup, Status Information and Tools) do not need to be configured unless you wish to implement/monitor more advanced features/information. Select the section (Quick Setup Wizard, General Setup, Status Information and Tools) you wish to configure and proceed to the corresponding chapter. Use the selections on the web management's top right hand page (see below) to navigate around the web-based management User Interface. 16 Figure 0.8 17 About Quick Setup The Quick Setup section is designed to let you set up the router as quickly as possible. In the Quick Setup, you are required to fill in only the information necessary to access the Internet. Once you click on the Quick Setup Wizard in the homepage, you will see the screen below. Step 1) Time Zone The Time Zone allows your router to base its time on the settings configured here, this will affect functions such as Log entries and Firewall settings. Figure 1.1 Parameter Set Time Zone Time Server Address Enable Daylight Savings Description Select the time zone of the country you are currently in. The router will set its time based on your selection. You can manually assign the time server address if the default time server does not work. The router can also take Daylight savings into account. If you wish to use this function, you must check the "Enable Daylight Savings" box to enable your daylight savings configuration (below). Select the period in which you wish to start daylight Savings Time Select the period in which you wish to end daylight Savings Time 18 Start Daylight Savings Time End Daylight Savings Time Click on NEXT to proceed to the next page (step 2). Step 2) Broadband Type In this section, you have to select one of four types of connections that you will be using to connect your router's WAN port to your ISP (see screen below). Note: Different ISP's require different methods of connecting to the Internet. Please check with your ISP as to the type of connection it requires. Figure 1.2 19 Menu 1.1 Cable Modem 1.2 Fixed-IP xDSL 1.3 PPPoE 1.4 PPTP Description Your ISP will automatically give you an IP address Your ISP has given you an IP address already Your ISP requires you to use a Point-to-Point Protocol over Ethernet (PPPoE) connection. Your ISP requires you to use a Point-to-Point Tunneling Protocol (PPTP) connection. Click on one of the WAN types and then proceed to the manual's relevant sub-section (1.1, 1.2, 1.3 or 1.4). Click on Back to return to the previous screen. 1.1 Cable Modem Choose Cable Modem if your ISP will automatically give you an IP address. Some ISP's may also require that you fill in additional information such as Host Name and MAC address (see screen below). Note: The Host Name and MAC address section is optional and you can skip this section if your ISP does not require these settings for you to connect to the Internet. Figure 1.3 20 Parameters Host Name MAC Address Description If your ISP requires a Host Name, type in the host name provided by your ISP; otherwise leave it blank if your ISP does not require a Host Name. Your ISP may require a particular MAC address in order for you to connect to the Internet. This MAC address is the PC's MAC address that your ISP had originally connected your Internet connection to. Type in this MAC address in this section or use the "Clone MAC Address" button to replace the WAN MAC address with the MAC address of that PC (you have to be using that PC for the Clone MAC Address button to work). To find out the PC's MAC address see Appendix A. (See Glossary for an explanation on MAC addresses.) Click OK when you have finished the configuration above. You have now completed the configuration for the Cable Modem connection. You can start using the router now. If you wish to use some of the advanced features supported by this router, see Chapters 2, 3, 4. 1.2 Fixed-IP xDSL Select "Fixed-IP xDSL" if your ISP has given you a specific IP address for you to use. Your ISP should provide all the information required in this section. Figure 1.4 21 Parameters IP Gateway IP DNS Subnet Mask Description This is the IP address that your ISP has given you. This is the ISP's IP address gateway This is the ISP's DNS server IP address Enter the Subnet Mask provided by your ISP (e.g. 255.255.255.0) Click OK when you have finished the configuration above. You have now completed the configuration for the Fixed-IP xDSL connection. You can start using the router now. If you wish to use some of the advanced features supported by this router, see Chapters 2, 3, 4. 1.3 PPPoE Select PPPoE if your ISP requires the PPPoE protocol to connect you to the Internet. Your ISP should provide all the information required in this section. Figure 1.5 22 Parameter User Name Password Service Name MTU Connection Type Description Enter the User Name provided by your ISP for the PPPoE connection Enter the Password provided by your ISP for the PPPoE connection This is optional. Enter the Service name should your ISP require it. Otherwise, leave it blank. This is optional. You can specify the maximum size of your transmission packet to the Internet. Leave it as it is if you do not wish to set a maximum packet size. If you select "Continuous", the router will always be connected to the ISP/Internet. If the WAN line breaks down and links again, the router will auto-reconnect to the ISP. If you select "Connect On Demand", the router will auto-connect to the ISP when someone wants to use the Internet and keep connected until the WAN idle timeout. The router will close the WAN connection if the time period during which no one has been using the Internet exceeds the "Idle Time". If you select "Manual", the router will connect to the ISP only when you click "Connect" manually from the Web user interface. The WAN connection will not get disconnected due to the idle timeout. If the WAN line breaks down and later links again, the router will not auto-connect to the ISP. You can specify an idle time threshold (in minutes) for the WAN port. This means if no packets have been sent (no one is using the Internet) during this specified period, the router will automatically disconnect the connection to the ISP/Internet. Note: The WAN "idle timeout" auto-disconnect function may not work due to abnormal activities of some network application software, computer viruses or hacker attacks from the Internet. For example, some software sends network packets to the Internet in the background, even when you are not using the Internet. This function also may not work with some ISPs. Please make sure this function can work properly when you use this function the first time, especially if your ISP charges you by time used. Due to various uncontrollable issues, we cannot guarantee the WAN "idle timeout" auto-disconnect function will always work. In order to prevent an extra fee from being charged by your ISP, please turn off the router when you are finished using the Internet. Idle Time Click OK when you have finished the configuration above. You have now completed the configuration for the PPPoE connection. You can start using the router now. If you wish to use some of the advanced features supported by this router, see Chapters 2, 3, 4. 23 1.4 PPTP Select PPTP if your ISP requires the PPTP protocol to connect you to the Internet. Your ISP should provide all the information required in this section. Figure 1.6 Parameter Obtain an IP address Use the following IP address IP Address Subnet Mask Default Gateway Description The ISP requires you to obtain an IP address by DHCP automatically before connecting to the PPTP server. The ISP gives you a static IP to be used to connect to the PPTP server. This is the IP address that your ISP has given you to establish a PPTP connection. Enter the Subnet Mask provided by your ISP (e.g. 255.255.255.0) Enter the IP address of the ISP Gateway 24 User ID Password PPTP Gateway Connection ID MTU BEZEQ-ISRAEL Connection Type Enter the User Name provided by your ISP for the PPTP connection (sometimes called a Connection ID). Enter the Password provided by your ISP for the PPTP connection. If your LAN has a PPTP gateway, then enter that PPTP gateway IP address here. If you do not have a PPTP gateway then enter the ISP's Gateway IP address above. This is the ID given by ISP. This is optional. This is optional. You can specify the maximum size of your transmission packet to the Internet. Leave it as it is if you do not wish to set a maximum packet size. Select this item if you are using the service provided by BEZEQ in Israel. If you select "Continuous", the router will always be connected to the ISP/Internet. If the WAN line breaks down and links again, the router will auto-reconnect to the ISP. If you select "Connect On Demand", the router will auto-connect to the ISP when someone wants to use the Internet and keep connected until the WAN idle timeout. The router will close the WAN connection if the time period during which no one has been using the Internet exceeds the "Idle Time". If you select "Manual", the router will connect to the ISP only when you click "Connect" manually from the Web user interface. The WAN connection will not get disconnected due to the idle timeout. If the WAN line breaks down and later links again, the router will not auto-connect to the ISP. You can specify an idle time threshold (in minutes) for the WAN port. This means if no packets have been sent (no one is using the Internet) during this specified period, the router will automatically disconnect the connection to the ISP/Internet. Note: The WAN "idle timeout" auto-disconnect function may not work due to abnormal activities of some network application software, computer viruses or hacker attacks from the Internet. For example, some software sends network packets to the Internet in the background, even when you are not using the Internet. This function also may not work with some ISPs. Please make sure this function can work properly when you use this function the first time, especially if your ISP charges you by time used. Due to various uncontrollable issues, we cannot guarantee the WAN "idle timeout" auto-disconnect function will always work. In order to prevent an extra fee from being charged by your ISP, please turn off the router when you are finished using the Internet. Idle Time Click OK when you have finished the configuration above. You have now completed the configuration for the PPTP connection. You can start using the router now. If you wish to use some of the advanced features supported by this router, see Chapters 2, 3, 4. 25 General Settings Once you click on the General Setup button on the homepage, you will see the screen below. If you have already configured the Quick Setup Wizard, you do NOT need to configure anything in the General Setup screen in order to start using the Internet. The General Setup contains advanced features that allow you to configure the router to meet your network's needs such as: Address Mapping, Virtual Server, Access Control, Hacker Attack Prevention, Special Applications, DMZ and other functions. Figure 2.1 26 Below is a general description of what advanced functions are available for this broadband router. Menu 2.1 System 2.2 WAN 2.3 LAN 2.4 NAT Description This section allows you to set the Broadband router's system Time Zone, Password and Remote Management Administrator. This section allows you to select the connection method in order to establish a connection with your ISP (same as the Quick Setup Wizard section) You can specify the LAN segment's IP address, subnet Mask, enable/disable DHCP and select an IP range for your LAN You can configure the Address Mapping, Virtual Server and Special Applications functions in this section. This allows you to specify what user/packet can pass your router's NAT. The Firewall section allows you to configure Access Control, Hacker Prevention and DMZ. 2.5 Firewall Select one of the General Setup selections from above and proceed to the manual's relevant sub-sections. 2.1 System The system screen allows you to specify a time zone, to change the system password and to specify a remote management user for the broadband router. Figure 2.2 27 Parameters System Settings 2.1.1 Time Zone 2.1.2 Password Settings 2.1.3 Remote Management Description Select the time zone of the country you are currently in. The router will set its time based on your selection. Allows you to select a password in order to access the web-based management website. You can specify a Host IP address that can perform remote management functions. Select one of the above three system settings selections and proceed to the manual's relevant sub-sections. 2.1.1 Time Zone The Time Zone allows your router to reference or base its time on the settings configured here, which will affect functions such as Log entries and Firewall settings. Figure 2.3 28 Parameter Set Time Zone Time Server Address Enable Daylight Savings Description Select the time zone of the country you are currently in. The router will set its time based on your selection. You can manually assign time server address if the default time server dose not work. The router can also take Daylight savings into account. If you wish to use this function, you must check/tick the enable box to enable your daylight saving configuration (below). Select the period in which you wish to start daylight Savings Time Select the period in which you wish to end daylight Savings Time Start Daylight Savings Time End Daylight Savings Time Click Apply at the bottom of the screen to save the above configurations. You can now configure other advance sections or start using the router (with the advance settings in place) 2.1.2 Password Settings You can change the password required to log into the broadband router's system web-based management. By default, the password is "1234". So please assign a password to the Administrator as soon as possible, and store it in a safe place. Passwords can contain 0 to 12 alphanumeric characters, and are case sensitive. \ Figure 2.4 29 Parameters Current Password Description Enter your current password for the remote management administrator to log in to your router. Note: By default, the password is "1234" Enter your new password Enter your new password again for verification purposes Note: If you forget your password, you will have to reset the router to the factory default (password is "1234") with the reset button (see router's back panel). New Password Re-Enter Password for Verification Click Apply at the bottom of the screen to save the above configurations. You can now configure other advanced sections or start using the router (with the advanced settings in place). 2.1.3 Remote Management The remote management function allows you to provide a host on the Internet with the ability to configure the router from a remote site. Enter the designated host IP Address in the Host IP Address field. Figure 2.5 30 Parameters Host Address Description This is the IP address of the host on the Internet that will have management/configuration access to the Broadband router from a remote site. This means if you are at home and your home IP address has been designated the Remote Management host IP address for this router (located in your company office), then you are able to configure this router from your home. If the Host Address is left 0.0.0.0 this means anyone can access the router's web-based configuration from a remote location, provided that they know the password. Click the Enabled box to enable the Remote Management function. Note: When you want to access the web-based management from a remote site, you must enter the router's WAN IP address (e.g. 10.0.0.1) into your web-browser followed by port number 8080, e.g. 10.0.0.1:8080 (see below). You'll also need to know the password set in the Password Setting screen in order to access the router's web-based management. Click Apply at the bottom of the screen to save the above configurations. You can now configure other advanced sections or start using the router (with the advanced settings in place). 2.2 WAN Use the WAN Settings screen if you have already configured the router via the Quick Setup Wizard section and you would like to change your Internet connection type. The WAN Settings screen allows you to specify the type of WAN port connection you want to establish with your ISP. In the WAN Settings screen, you can also configure the router to act as a bridge. The WAN settings offer the following selections for the router's WAN port: Dynamic IP, Static IP, PPPoE, PPTP, L2TP, Telstra Big Pond, Policy, DNS and DDNS. You will need to select one of the two WAN ports first and configure one WAN port at a time. 31 Figure 2.6 Parameters 2.2.1 Dynamic IP address 2.2.2 Static IP address 2.2.3 PPPoE 2.2.4 PPTP 2.2.5 L2TP 2.2.6 Telstra Big Pond 2.2.7 Policy 2.2.8 DNS 2.2.9 DDNS Description Your ISP will automatically give you an IP address Your ISP has given you an IP address already Your ISP requires PPPoE connection. Your ISP requires you to use a Point-to-Point Tunneling Protocol (PPTP) connection. Your ISP requires L2TP connection. Your ISP requires Telstra Big Pond connection. You can configure WAN policy. You can specify a DNS server that you wish to use You can specify a DDNS server that you wish to use and configure the user name and password provided by your DDNS service provider. Once you have made a selection, click More Configuration at the bottom of the screen and proceed to the manual's relevant sub-sections. 32 2.2.1 Dynamic IP Address Choose the Dynamic IP selection if your ISP will give you an IP address automatically. Some ISP's may also require that you fill in additional information such as Host Name, Domain Name and MAC address. (See Chapter 1: "Cable Modem" for more details.) 2.2.2 Static IP Address Choose the Static IP selection if your ISP has given you a specific IP address for you to use. Your ISP should provide all the information required in this section. (See Chapter 1: "Fixed IP" for more details.) 2.2.3 PPPoE (PPP over Ethernet) Select PPPoE if your ISP requires the PPPoE protocol to connect you to the Internet. Your ISP should provide all the information required in this section. (See chapter 1 "PPPoE" for more details.) 2.2.4 PPTP Select PPTP if your ISP requires the PPTP protocol to connect you to the Internet. Your ISP should provide all the information required in this section. (See chapter 1: "PPTP" for more details.) 2.2.5 L2TP Select L2TP if your ISP requires the L2TP protocol to connect you to the Internet. Your ISP should provide all the information required in this section. 33 Figure 2.7 34 Parameter Obtain an IP address MAC Address Description The ISP requires you to obtain an IP address by DHCP automatically before connecting to the L2TP server. Your ISP may require a particular MAC address in order for you to connect to the Internet. This MAC address is the PC's MAC address that your ISP had originally connected your Internet connection to. Type in this MAC address in this section or use the "Clone MAC Address" button to replace the WAN MAC address with the MAC address of that PC (you have to be using that PC for the Clone MAC Address button to work). To find out the PC's MAC address see Appendix A. (see Glossary for an explanation on MAC address) The ISP gives you a static IP address to be used to connect to the L2TP server. This is the IP address that your ISP has given you to establish an L2TP connection. Enter the Subnet Mask provided by your ISP (e.g. 255.255.255.0) Enter the IP address of the ISP Gateway Enter the User Name provided by your ISP for the PPTP connection. Sometimes called a Connection ID Enter the Password provided by your ISP for the PPTP connection If your LAN has an L2TP gateway, then enter that L2TP gateway IP address here. If you do not have an L2TP gateway, then enter the ISP's Gateway IP address above. This is optional. You can specify the maximum size of your transmission packet to the Internet. Leave it as it is if you do not wish to set a maximum packet size. If you select "Continuous", the router will always connect to the ISP. If the WAN line breaks down and links again, the router will auto-reconnect to the ISP. If you select "Connect On Demand", the router will auto-connect to the ISP when someone want to use the Internet and keep connected until the WAN idle timeout. The router will close the WAN connection if the time period that no one is using the Internet exceeds the "Idle Time". If you select "Manual", the router will connect to ISP only when you click "Connect" manually from the Web user interface. The WAN connection will not disconnected due to the idle timeout. If the WAN line breaks down and latter links again, the router will not auto-connect to the ISP. Use the following IP address IP Address Subnet Mask Gateway User ID Password L2TP Gateway MTU Connection Type 35 Idle Time Out Note: The WAN "idle timeout" auto-disconnect function may not work due to abnormal activities of some network application software, computer viruses or hacker attacks from the Internet. For example, some software sends network packets to the Internet in the background, even when you are not using the Internet. This function also may not work with some ISPs. Please make sure this function can work properly when you use this function the first time, especially if your ISP charges you by time used. Due to various uncontrollable issues, we cannot guarantee the WAN "idle timeout" auto-disconnect function will always work. In order to prevent an extra fee from being charged by your ISP, please turn off the router when you are finished using the Internet. Click OK when you have finished the configuration above. You have now completed the configuration for the L2TP connection. You can start using the router now. If you wish to use some of the advanced features supported by this router, see Chapters 2, 3, 4. 2.2.6 Telstra Big Pond Select Telstra Big Pond if your ISP requires the Telstra Big Pond protocol to connect you to the Internet. Your ISP should provide all the information required in this section. Telstra Big Pond protocol is used by ISPs in Australia. Figure 2.8 36 Parameter User Name Password User decide login server server manually Login Server Description Enter the User Name provided by your ISP for the Telstra Big Pond connection Enter the Password provided by your ISP for the Telstra Big Pond connection Select if you want to assign the IP of Telstra Big Pond's login server manually. The IP of the Login Server. Click OK when you have finished the configuration above. You have now completed the configuration for the Telstra Big Pond connection. You can start using the router now. If you wish to use some of the advanced features supported by this router, see Chapters 2, 3, 4. 2.2.7 WAN Policy The WAN policy for multi-homing can be setup here. You can set up policy for each WAN separately. The router will balance the load between all active WAN ports according to the Send/Receive rate of the WAN ports. You can setup an IP address for the router to detect if the WAN line is connected. If the router fails to ping the IP, it would recognize the WAN line as not connected, and will stop directing the Internet traffic to this WAN port. The traffic will be redirected to the other active WAN port. The Intranet users will not become aware of this change and keep surfing the Internet smoothly. You also can setup a WAN port as a backup WAN port. A backup WAN port would not be activated when the router starts up. When the other active WAN port fails to connect to the Internet, the backup WAN port will be activated and take over all the traffic. 37 Figure 2.9 Parameter Speed Connectivity check Description The send/upstream and receive/downstream speed of the WAN line the WAN port is connected to. You can key in an IP. The router will ping that IP to verify if the WAN line can access the Internet. You also can select "Ping Default Gateway", and the router will check if the WAN line is ok by ping the default gateway of the WAN port. If you select "Enable", the WAN port will be activated when the system boot up. If you select "Backup", the WAN port is disabled on start up. But when other enabled WAN ports fail, the backup WAN port will be activated and take over all the traffic. Operation 2.2.8 DNS A Domain Name System (DNS) server is like an index of IP addresses and Web addresses. If you type a Web address into your browser, such as www.router.com, a DNS server will find that name in its index and the matching IP address. Most ISPs provide a DNS server for speed and convenience. If your Service Provider connects you to the Internet with 38 dynamic IP settings, it is likely that the DNS server IP address is provided automatically. However, if there is a DNS server that you would rather use, you need to specify the IP address of that DNS server here. Figure 2.10 Parameters Domain Name Server (DNS) Server Secondary DNS Address (optional) Description This is the ISP's DNS server IP address that they gave you; or you can specify your own preferred DNS server IP address This is optional. You can enter another DNS server's IP address as a backup. The secondary DNS will be used should the above DNS fail. Click Apply at the bottom of the screen to save the above configurations. You can now configure other advanced sections or start using the router (with the advanced settings in place). 2.2.9 DDNS DDNS allows you to map the static domain name to a dynamic IP address. You must get an account, password and your static domain name from the DDNS service providers. You can assign a DDNS server for each WAN port. This router supports some DDNS service providers, for example DynDNS and TZO. 39 Figure 2.11 Parameters WAN Port Enable/Disable Provider Domain name Account/E-mail Password/Key Default Description Select the WAN port that you want to configure the DDNS for Disable DynDNS Enable/Disable the DDNS function of this router Select a DDNS service provider Your static domain name that use DDNS The account that your DDNS service provider assigned to you The password you set for the DDNS service account above Click Apply at the bottom of the screen to save the above configurations. You can now configure other advanced sections or start using the router (with the advanced settings in place). 40 2.3 LAN The LAN Port screen below allows you to specify a private IP address for your router's LAN ports as well as a subnet mask for your LAN segment. Figure 2.12 41 Parameters LAN IP address IP Subnet Mask 802.1d Spanning Tree DHCP Server Default 192.168.2.1 255.255.255.0 Disabled Description This is the router's LAN port (private) IP address (Your LAN clients' default gateway IP address) Specifies a Subnet Mask for your LAN segment If the 802.1d Spanning Tree function is enabled, this router will use the spanning tree protocol to prevent network loops from occurring among the LAN ports. You can enable or disable the DHCP server. By enabling the DHCP server, the router will automatically give your LAN clients an IP address. If the DHCP is not enabled then you'll have to manually set your LAN clients' IP addresses; make sure the LAN Client is in the same subnet as the router if you want the router to be your LAN clients' default gateway When DHCP is enabled, it will temporarily give your LAN clients an IP address. In the Lease Time setting you can specify the time period that the DHCP lends an IP address to your LAN clients. The DHCP will change your LAN client's IP address when this time threshold period is reached You can select a particular IP address range for your DHCP server to issue IP addresses to your LAN Clients. Note: By default the IP range is from: Start IP 192.168.2.100 to End IP 192.168.2.199. If you want your PC to have a static/fixed IP address then you'll have to choose an IP address outside this IP address Pool Enabled Lease Time IP Address Pool Domain Name You can specify a Domain Name for your LAN Click Apply at the bottom of the screen to save the above configurations. You can now configure other advanced sections or start using the router (with the advanced settings in place). 42 2.4 NAT Network Address Translation (NAT) allows multiple users at your local site to access the Internet through a single Public IP Address or multiple Public IP Addresses. NAT provides Firewall protection from hacker attacks and has the flexibility to allow you to map Private IP Addresses to Public IP Addresses for key services such as Websites and FTP. You also can disable NAT function and use the static route. Figure 2.13 Parameter Enable or Disable NAT Description You can enable NAT to let the router provide the IP sharing function or disable NAT to use the static routing function. Click Apply at the bottom of the screen to save the above configurations. You can now configure other advanced sections or start using the router (with the advanced settings in place). 43 2.4.1 Port Forwarding The Port Forwarding allows you to re-direct a particular range of service port numbers (from the Internet/WAN Ports) to a particular LAN IP address. It helps you to host some servers behind the router NAT firewall. Figure 2.14 44 Parameter Enable Port Forwarding Private IP Description Enable Port Forwarding This is the private IP of the server behind the NAT firewall. Note: You need to give your LAN PC clients a fixed/static IP address for Port Forwarding to work properly. This is the protocol type to be forwarded. You can choose to forward "TCP" or "UDP" packets only or select "both" to forward both "TCP" and "UDP" packets. The range of ports to be forward to the private IP. Assign the WAN port that requires port forwarding. All the packets sent from this WAN port with the assigned port range will be directed to the assigned private IP addresses. The description of this setting. Fill in the "Private IP", "Type", "Port Range", "WAN Port" and "Comment" of the settings to be added and then click "Add". Then this Port Forwarding setting will be added into the "Current Port Forwarding Table" below. If you find any errors before adding it and want to type it in again, just click "Clear" and the fields will be cleared. If you want to remove some Port Forwarding settings from the " Current Port Forwarding Table", select the Port Forwarding settings you want to remove in the table and then click "Delete Selected". If you want to remove all Port Forwarding settings from the table, just click the "Delete All" button. Clicking "Reset" will clear your current selections. Type Port Range WAN Port Comment Add Port Forwarding into the table Remove Port Forwarding into the table Click Apply at the bottom of the screen to save the above configurations. You can now configure other advanced sections or start using the router (with the advanced settings in place). 45 2.4.2 Virtual Server Use the Virtual Server function when you want different servers/clients in your LAN to handle different service/Internet application type (e.g. Email, FTP, Web server etc.) from the Internet. Computers use numbers called port numbers to recognize a particular service/Internet application type. The Virtual Server allows you to re-direct a particular service port number (from the Internet/WAN Port) to a particular LAN private IP address and its service port number. (See Glossary for an explanation on Port number) Figure 2.15 46 Parameters Enable Virtual Server Private IP Description Enable Virtual Server. This is the LAN client/host IP address that the Public Port number packet will be sent to. Note: You need to give your LAN PC clients a fixed/static IP address for the Virtual Server function to work properly. This is the port number (of the above Private IP host) that the below Public Port number will be changed to when the packet enters your LAN (to the LAN Server/Client IP) Select the port number protocol type (TCP, UDP or both). If you are unsure, then leave it to the default "Both" protocol. Enter the service (service/Internet application) port number from the Internet that will be re-directed to the above Private IP address host in your LAN Note: Virtual Server function will have priority over the DMZ function if there is a conflict between the Virtual Server and the DMZ settings. Assign the WAN port that you want to bind to the virtual server. All the packets sending from this WAN port with the assigned public port will be directed to the assigned private IP and private port. The description of this setting. Fill in the "Private IP", "Private Port", "Type", "Public Port", "WAN Port" and "Comment" of the setting to be added and then click "Add". Then this Virtual Server setting will be added into the "Current Virtual Server Table" below. If you find any errors before adding it and want to retype again, just click "Clear" and the fields will be cleared. If you want to remove some Virtual Server settings from the "Current Virtual Server Table", select the Virtual Server settings you want to remove in the table and then click "Delete Selected". If you want remove all Virtual Server settings from the table, just click the "Delete All" button. Clicking "Reset" will clear your current selections. Private Port Type Public Port WAN Port Comment Add Virtual Server Remove Virtual Server Click Apply at the bottom of the screen to save the above configurations. You can now configure other advanced sections or start using the router (with the advanced settings in place). Example: Virtual Server The diagram below demonstrates one of the ways you can use the Virtual Server function. Use Virtual Server when you want the web server located in your private LAN to be accessible to Internet users from WAN 2. The configuration below means that any request coming form the Internet to access your web server will be translated to your LAN's web server (192.168.2.2). Note: For the virtual server to work properly Internet/remote users must know your global IP 47 address for WAN 2. (For websites, you will need to have a fixed/static global/public IP address or use DDNS with dynamic IP and domain name mapping.) Figure 2.16 2.4.3 Special Applications Some applications require multiple connections, such as Internet games, video conferencing, Internet telephony and others. In this section you can configure the router to support multiple connections for these types of applications. 48 Figure 2.17 Parameters Enable Trigger Port Trigger Port Trigger Type Public Port Description Enables the Special Application function. This is the outgoing (Outbound) range of port numbers for this particular application Select whether the outbound port protocol is "TCP", "UDP" or both. Enter the In-coming (Inbound) port or port range for this type of application (e.g. 23002400, 47624) Note: Individual port numbers are separated by a comma (e.g. 47624, 5775, 6541 etc.). To input a port range use a "dash" to separate the two port number range (e.g. 2300-2400) Public Type Comment Select the Inbound port protocol type: "TCP", "UDP" or both The description of this setting. 49 Popular applications This section lists the more popular applications that require multiple connections. Select an application from the Popular Applications selection. Once you have selected an application, select a location (1-10) in the Copy to selection box and then click the Copy to button. This will automatically list the Public Ports required for this popular application in the location (1-10) you had specified. Fill in the "Trigger Port", "Trigger Type", "Public Port", "Public Type", and "Comment" of the setting to be added and then click "Add". This Special Application setting will then be added into the "Current Trigger-Port Table" below. If you find any errors before adding it and want to retype it again, just click "Clear" and the fields will be cleared. If you want to add a popular application, select one "Popular Application" and then click "Add". If you want to remove some Special Application settings from the "Current Trigger-Port Table", select the Special Application settings you want to remove in the table and then click "Delete Selected". If you want to remove all Special Application settings from the table, just click the "Delete All" button. Clicking "Reset" will clear your current selections. Add Special Application Remove Special Application Click Apply at the bottom of the screen to save the above configurations. You can now configure other advanced sections or start using the router (with the advanced settings in place). Example: Special Applications If you need to run applications that require multiple connections, then specify the port (outbound) normally associated with that application in the "Trigger Port" field. Then select the protocol type (TCP or UDP) and enter the public ports associated with the trigger port to open them up for inbound traffic. Example: ID Trigger Port 1 2 28800 6112 Trigger Type UDP UDP Public Port 2300-2400, 47624 6112 Public Type TCP UDP Comment MSN Game Zone Battle.net In the example above, when a user triggers port 28800 (outbound) for MSN Game Zone then the router will allow incoming packets for ports 2300-2400 and 47624 to be directed to that user. Note: Only one LAN client can use a particular special application at a time. 50