Dual WAN Firewall Router VPN 800 / 2 User’s Guide HotBrick Network Solutions
HotBrick Network Solutions TABLE OF CONTENTS 1: INTRODUCTION ..............................................................................................................................1 Internet Features ..........................................................................................................................1 Other Features ..............................................................................................................................3 Package Contents ....................
HotBrick Network Solutions 9: ADVANCED LAN CONFIGURATION ………………………………………………………………...68 Overview......................................................................................................................................68 Existing DHCP Server ………………………………………………………………………………...68 Routing ........................................................................................................................................68 10: OPERATION AND STATUS ...................................................
HotBrick Network Solutions 1: Introduction Congratulations on the purchase of your new HotBrick VPN 800/2 Firewall Router. The VPN 800/2 Firewall Router provides Shared Broadband Internet Access and VPN tunnels for LAN users. Figure 1-1: VPN 800/2 Firewall Router Internet Features • Shared Broadband Internet Access All LAN users can access the Internet through the VPN 800/2 Firewall Router, by sharing one (1) or two (2) Broadband modems and connections.
HotBrick Network Solutions • PPPoE Session Management Multiple PPPoE sessions are supported and you can choose to “map” sessions to individual PCs if desired. • Multiple IP Address Support If your ISP allocates you multiple IP addresses, these are also supported and you can “map” IP addresses to individual PCs if desired. • Special Applications This feature allows you to use some non-standard applications, where the port number used for the response is different to the port number used by the sender.
HotBrick Network Solutions Other Features • 8-Port Switching Hub The VPN 800/2 Firewall Router incorporates with 8-port 10 /100BaseT switching hub, making it easy to create or extend your LAN. • DHCP Server Support Dynamic Host Configuration Protocol provides a dynamic IP address to PCs and other devices upon request. The VPN 800/2 Firewall Router acts as a DHCP Server for devices on your local LAN.
HotBrick Network Solutions Package Contents The following items should be included: • The VPN 800/2 Firewall Router Unit • Power Cord. • Quick Installation Guide • CD-ROM containing the on-line manual. If any of the above items are damaged or missing, please contact your dealer immediately. Physical Details Front Panel Figure 1-2: Front Panel VPN 800/2 Firewall Router Operation of the Front Panel LEDs is as follows: LAN LED 100M (Green) ON – The corresponding LAN port is using 100BaseT.
HotBrick Network Solutions Also, some Status and Error conditions are indicated by combinations of LEDs, as shown below LED Action Condition WAN, LAN Status LEDs flash alternatively. Firmware Download in progress. WAN & LAN LEDs flash concurrently. MAC address not assigned. Caution: To re-plug the VPN 800/2 Firewall Router,it should be apart from unplug time more than 20 seconds.
HotBrick Network Solutions Rear Panel VPN 800/2 Firewall Router Figure 1-3: Rear Panel VPN 800/2 Firewall Router AC power socket Connect the supplied power here. Default Settings When the VPN 800/2 Firewall Router has finished booting, all configuration settings will be set to the factory defaults, including: • IP Address set to its default value of 192.168.1.1, with a Network Mask of 255.255.255.
HotBrick Network Solutions Note: The supplied Windows TFTP utility also allows you to perform three (3) other operations: • Save the current configuration settings to your PC (use the "Upload" button). • Restore a previously saved configuration file to the VPN 800/2 Firewall Router (use the "Download" button). • VPN 800/2 Firewall Router to its default values (use the "Set to Default" button).
HotBrick Network Solutions 2: Basic Setup Overview Basic Setup of your HotBrick VPN 800/2 Firewall Router involves the following steps: 1. Attach the HotBrick VPN 800/2 Firewall Router to one (1) PC, and configure it for your LAN. 2. Install your HotBrick VPN 800/2 Firewall Router in your LAN, and connect the Broadband Modem or Modems. 3. Configure your HotBrick VPN 800/2 Firewall Router Internet Access. 4. Configure PCs on your LAN to use the VPN 800/2 Firewall Router.
HotBrick Network Solutions 7. Enter admin for the "User Name" and leave the "Password" blank. • The "User Name" is always admin • You can and should set a password, using the following Admin Password screen. No Response? • Is your PC using a Fixed IP address? If so, you must configure your PC to use an IP address within the range 192.168.1.2 to 192.168.1.254, with a Network Mask of 255.255.255.0. See Appendix B – Windows TCP/IP Setup for details.
HotBrick Network Solutions 9. Select LAN & DHCP from the menu. You will see a screen like the example below. Figure 2-3: LAN & DHCP 10. Ensure these settings are suitable for your LAN: • The default settings are suitable for many situations. • See the following table for details of each setting. 11. Save your data, then go to Step 2, Installing the VPN 800/2 Firewall Router in your LAN.
HotBrick Network Solutions DHCP Server Configuration DHCP IP Address Range ARP Proxy • DHCP Server Setup - If enabled, the VPN 800/2 Firewall Router will allocate IP Addresses to PCs (DHCP clients) on your LAN when they start up. The default and recommended value is "Enable". (Windows systems, by default, act as DHCP clients. This setting is called Obtain an IP address automatically.
HotBrick Network Solutions 2. Installing the HotBrick VPN 800/2 Firewall Router in your LAN 1. Ensure the HotBrick VPN 800/2 Firewall Router and the DSL/Cable modem are powered OFF. Leave the modem or modems connected to their data line. 2. Connect the Broadband modem or modems to the VPN 800/2 Firewall Router. • If using only one (1) Broadband modem, connect it to the "WAN 1" port. • Use the cable supplied with your DSL/Cable modem. If no cable was supplied, use a standard cable. 3.
HotBrick Network Solutions Figure 2-4: Primary Setup Screen VPN 800/2 Firewall Router Settings – Primary Setup Connection Mode Select the appropriate setting: • Enable – Select this if you have connected a broadband modem to this port. • Disable – Select this if there is no broadband modem connected to this port. • Backup – Use this if you have a broadband modem on each port, and wish to normally use only one. Select Enable for the primary port, and Backup for the secondary port.
HotBrick Network Solutions Connection Type Check the data supplied by your ISP, and select the appropriate option. • Static IP – Select this if your ISP has provided a Fixed or Static IP address. Then enter the data into the Address Info fields. • Dynamic IP – Select this if your ISP provides an IP address automatically, when you connect. You can ignore the Address Info fields. • PPPoE – Select this if your ISP uses this method. (Usually, your ISP will provide some PPPoE software.
HotBrick Network Solutions 4: Configure PCs on your LAN Overview For each PC, the following may need to be configured: • TCP/IP network settings • Internet Access configuration TCP/IP Settings If using the default VPN 800/2 Firewall Router settings, and the default Windows 95/98/ME/2000/XP TCP/IP settings, no changes need to be made. Just start (or restart) your PC.
HotBrick Network Solutions 7. Select "Set up my connection manually" and click Next. 8. Check "Connect using a broadband connection that is always on" and click Next. 9. Click Finish to close the New Connection Wizard. Setup is now completed. Accessing AOL To access AOL (America On Line) through the VPN 800/2 Firewall Router, the AOL for Windows software must be configured to use TCP/IP network access, rather than a dial-up connection.
HotBrick Network Solutions Fixed IP Address By default, most Unix installations use a fixed IP Address. If you wish to continue using a fixed IP Address, make the following changes to your configuration. • Set your Default Gateway to the IP Address of the VPN 800/2 Firewall Router. • Ensure your DNS (Name server) settings are correct. To act as a DHCP Client (recommended) The procedure below may vary according to your version of Linux and X -windows shell. 1. Start your X Windows client. 2.
HotBrick Network Solutions 3: Advanced Port Setup Overview • Port Options contains some options, which can be set on either or both WAN ports. For most situations, the default values are satisfactory. • Load Balance screen is only functional if you are using both WAN ports. It allows you to determine the proportion of WAN traffic sent through each port. • Advanced PPPoE setup is required if you wish to use multiple sessions on one or both of the WAN ports.
HotBrick Network Solutions Settings – Port Options Connection Validation PPPoE / PPTP Connection Options Transparent Bridge • Health Check – Disable will not do Alive Indicator Check. By default health check is enable. Health checking is performing an ICMP echo request and HTTP packets to the specific destination that could be either: 1. Name or IP Address user specified in the “Alive Indicator” input box or gateway of WAN interface if “Alive Indicator” input box is left blank.
HotBrick Network Solutions Load Balance This screen is only operational if using Internet connections on both WAN ports. Figure 3-2: Load Balance These settings are only functional if using both WAN ports. If using both WAN ports, these settings determine the proportion of traffic sent over each port.
HotBrick Network Solutions Settings – Load Balance Load Balance Configuration • Enable – Use this to enable your Load Balance settings. Unless this is checked, the other settings on this screen have no effect. • Balance Type – Select the desired option: • • Bytes rx+tx – Traffic is measured by Bytes. • Packets rx+tx – Traffic is measured by Packets. • Sessions established – Traffic is measured by Sessions. • IP Address – Traffic is measured by IP Address.
HotBrick Network Solutions Advanced PPPoE The screen is required in order to use multiple PPPoE sessions on the same WAN port. It can also be used to manually connect or disconnect a PPPoE session. Figure 3-3: Advanced PPPoE Settings – Advanced PPPoE Select WAN Port & Session Select the desired WAN Port and Session, then click the "Select" button. The data for the selected Port/Session will then be displayed in the WAN IP Account section. Session MTU - The Maximum Transfer Unit for PPPoE packets data.
HotBrick Network Solutions Action Use the "Connect" and "Disconnect" buttons to establish or terminate a connection on this session, if required. Connection Status This displays the current connection status for each session.
HotBrick Network Solutions Advanced PPTP This screen is only useful if using the PPTP connection method. Figure 3-4: Advanced PPTP Settings – Advanced PPTP Select WAN Port Select the desired Port, and then click the "Select" button. The data for the selected Port will then be displayed in the WAN IP Account section. PPTP MTU – Maximum transfer unit for PPTP. The default value is 1456. WAN IP Account • User Name – The PPTP user name (login name) assigned by your ISP.
HotBrick Network Solutions 4: Advanced Setup Overview The following advanced features are provided. • Host IP Setup • Virtual Servers • Custom Virtual Server • Special Applications • Dynamic DNS • Multi DMZ • Advanced Features • UpnP • NAT Setting This chapter contains details of the configuration and use of each of these features. Host IP Setup This feature is used in the following situations: • You have Multi-Session PPPoE, and wish to bind each session to a particular PC on your LAN.
HotBrick Network Solutions Figure 4-1: Host IP Setup Settings – Host IP Setup Host Network Identity This section identifies each Host (PC) • Host List – When adding a new Host, ignore this list. To edit an existing entry, select it from the list, and click the "Select" button. The data fields will then be updated with data for the selected entry. • Host name – Enter a suitable name. Generally, you should use the "Hostname" (computer name) defined on the Host itself.
HotBrick Network Solutions Host Network Binding • Bind WAN port/Session – Select Enable if you wish to associate this PC with a particular PPPoE Session. All traffic for that PC will then use the selected PPPoE port and session. • Binding Method – Suppose your PC is bound to WAN1 port, now you are selecting “Strict Binding”. If WAN1 port is disconnected, your packets cannot go out through WAN2 port, if WAN2 port is still alive.
HotBrick Network Solutions Virtual Servers This feature allows you to make Servers on your LAN accessible to Internet users. Normally, Internet users would not be able to access a server on your LAN because: • Your Server's IP address is only valid on your LAN, not on the Internet. • Attempts to connect to devices on your LAN are blocked by the firewall in the VPN 800/2 Firewall Router.
HotBrick Network Solutions • This address should be static, rather than dynamic, to make it easier for Internet users to connect to your Servers. However, you can use the Dynamic DNS feature (explained later in this chapter) to allow users to connect to your Virtual Servers using a URL, instead of an IP Address. e.g. HTTP://my_domain_name.dyndns.org FTP://my_domain_name.dyndns.
HotBrick Network Solutions Custom Virtual Servers This screen allows you to define your own Server types, for situations when the desired Server type is not listed on the Virtual Servers screen. Figure 4-4:Custom Virtual Servers Settings – Custom Virtual Servers Select Custom Server Name Server List If creating a new entry, ignore this list. To edit an existing entry, select it, and then click the "Select" button. The screen will update with data for the selected entry.
HotBrick Network Solutions Each PC must be running the appropriate Server software. Buttons Custom Virtual Server List • Protocol Type – Select the network protocol used by this sever type. • LAN Port Range – Enter the range of port number used for outgoing traffic from this Server. If only a single port is required, enter it in both fields. • WAN Port Range - – Enter the range of port number used for incoming traffic to this Server.
HotBrick Network Solutions Special Applications If you use Internet applications which have non-standard connections or port numbers, you may find that they do not function correctly because they are blocked by the firewall in the Load Balancer. In this case, you can define the application as a "Special Application" in order to make it work.
HotBrick Network Solutions Special Application Configuration Enable - Use this to Enable or Disable this Special Application as required. Name - Enter a descriptive name to identify this Special Application. Outgoing Protocol - Select the protocol used by this application, when sending data to the remote server or PC. Outgoing Port Range - Enter the beginning and end of the range of port numbers used by the application server, for data you send.
HotBrick Network Solutions Dynamic DNS Dynamic DNS is very useful when combined with the Virtual Server feature. It allows Internet users to connect to your Virtual Servers using a URL, rather than an IP Address. This also solves the problem of having a dynamic IP address. With a dynamic IP address, your IP address may change whenever you connect to your ISP, which makes it difficult to connect to you. You must register for the Dynamic DNS service.
HotBrick Network Solutions Figure 4-6: Dynamic DNS Settings – Dynamic DNS Dynamic DNS Service Use this to Enable/Disable the Dynamic DNS feature, and select the required service provider. • Disable – Dynamic DNS is not used. • DNS4BIZ Hotbrick Premium – It provides reliability for normal business requirement.
HotBrick Network Solutions WAN Port Binding • Select the WAN port on which the Dynamic DNS is used. • The "Force Update" button will update your record on the Dynamic DNS Server immediately. Additional Setting These options are available if using the standard client. • Enable Wildcard – If selected, traffic sent to sub-domains (of your Domain name) will also be forwarded to you. • Enable backup MX – If enabled, you must enter the Mail Exchanger address below.
HotBrick Network Solutions Multi DMZ This feature allows each WAN port IP address to be associated with one (1) computer on your LAN. All outgoing traffic from that PC will be associated with that WAN port IP address. Any traffic sent to that IP address will be forwarded to the specified PC, allowing unrestricted 2-way communication between the "DMZ PC" and other Internet users or Servers. Note: The "DMZ PC" is effectively outside the Firewall, making it more vulnerable to attacks.
HotBrick Network Solutions Settings – Multi DMZ Enable Use this to enable or disable the DMZ setting, as required. Name Enter a name to assist you to remember this setting. This name has no effect on the operation. For Static IP Public IP address Enter the WAN port (Internet) IP address you wish to associate to a PC. This IP address must have been allocated to you by your ISP. Private IP Address (LAN) Enter the IP address of the PC you wish to associate with this WAN port IP address.
HotBrick Network Solutions UPnP With UPNP (Universal Plug & Play) function, it can easily setup and configure an entire network, enable discovery and control of networked devices and services. Figure 4-8: UPnP Settings – UPnP UPnP Option If you Enable UPnP, then this two wan router will become one of the entire local network. You can find out there is an icon show up on network neighborhood on the window XP OS.
HotBrick Network Solutions NAT Setting NAT (Network Address Translation) is the technology which allows one (1) WAN (Internet) IP address to be used by many LAN users. Figure 4-9: NAT Settings – NAT NAT Configuration NAT Alias • NAT Routing – You can enable or disable NAT through the check box. If you disable NAT checkbox, it will act as a bridge or Static Router. Most features will be unavailable. • TCP Timeout – Enter the desired value to use on both WAN ports. The default is 300.
HotBrick Network Solutions Advanced Features This screen allows you to change some advanced settings: • Remote Access Configuration – This feature allows you to manage the VPN 800/2 Firewall Router via the Internet. You can restrict access to a specified IP address or address range. • External Filters Configuration – These settings determine whether or not the VPN 800/2 Firewall Router should respond to ICMP (ping) requests received from the WAN port.
HotBrick Network Solutions Settings – Advanced Features Remote Access Configuration • Remote Upgrade – If enabled, you can use the supplied Windows program to remotely upgrade the Firmware. If not enabled, upgrades must be performed by a PC on the LAN. • Remote Web-based setup - – If enabled, access to the Web-based interface is available via the Internet. (See below for details.) If not enabled, access is only available to PCs on the LAN. • Port – The port number used when connecting remotely.
HotBrick Network Solutions Interface Binding SMTP (Simple Mail Transport Protocol) Binding Unless you are using E-mail accounts from different ISPs on each port, you can ignore these settings. Some ISPs configure their E-mail Servers so they will not accept E-mail from IP addresses not allocated by themselves. If you are using accounts from different ISPs, sending E-mail over the wrong port may result in non-acceptance of the mail. In this case, you can use these settings to correct the problem.
HotBrick Network Solutions 5: Security Management Overview • Block URL It can block specific website by configure IP address, URL or Key words • Access filter You can block all Internet access or select block well-known port or block user define ports by groups. • Session Limit It can eliminate users access Internet, and send email alert to the administrator. If the device detect new sessions that is exceed the maximum sampling time.
HotBrick Network Solutions Figure 5-1: Block URL Settings – Block URL Access Group Block Internet Access This allows you have different blocking rules for different Groups of PCs. • All PCs (users) are in the Default Group unless moved to another group on the Host IP screen. • If you want the same restrictions to apply to everyone, select Default for the Group. In this case, there is no need to enter any Hosts on the Host IP screen.
HotBrick Network Solutions Access Filter The network Administrator can use the Access Filter to gain fine control over the Internet access and applications available to LAN users. • Five (5) user groups are available, and each group can have different access rights. • All PCs (users) are in the Default group, unless assigned to another group on the Host IP screen.
HotBrick Network Solutions Filter Setting Select the desired option for this Group: • No filtering – Nothing is blocked, Internet access is not restricted. • Block All Access – Everything is blocked, Internet access is not available. • Block selected items – Items selected on this screen are blocked. You can block well known services by using the checkboxes, or define your own filters. Block Well-known ports Select the services you wish to block.
HotBrick Network Solutions Session Limit This new feature allows to drop the new sessions from both WAN and LAN side. If the new sessions number are exceed the maximum sessions in a sampling time. Figure 5-3: Session Limit Session Limit Outgoing New session Session Limit Enable or disable “Session Limit” function. The default is Disable. Sampling Time The period to count the new session. Only those new sessions occurred in the most recently sampling time were be count for limit checking.
HotBrick Network Solutions System Filter Exception System Firewall Exception Rules: The rules with which any received packets is complied, the packets will not processed by Firewall or NAT module, but to be processed directly by system protocol stack. Figure 5-4: System Filter Exception Setting - System Filter Exception System Filter Exception Rules Enable - The check box can allow you enable or disable firewall exception.
HotBrick Network Solutions 6: VPN Configuration Overview Virtual Private Network (VPN), is a connection between two end points. It allows private data to be sent securely over a public network, such as Internet. VPN establishes a private network that can send data securely between two networks. We call this is by creating a “tunnel”. A VPN tunnel connects the two PCs or networks Planning the VPN When planning your VPN, you must make following choices first. 1.
HotBrick Network Solutions IPSec Global Setting Figure 6-1: IPSec Global Setting Page 51
HotBrick Network Solutions IP Global Setting Global Parameters Enable –If you enable check box either WAN1,WAN2 or both, this will start VPN global setting ISAkmp Port– Internet Security Association and Key Protocol Management (ISAkmp) is designed to negotiate, establish, modify and delete security associations and their attributes. In particular, it was assigned UDP port 500 by the IANA. Phase 1 DH Group – Use DH Group 1(768-bits),DH Group 2(1024bits), Group 5 (1536-bits) to generate IPSec SA keys.
HotBrick Network Solutions Policy Setup Policy Setup Figure 6-2: Policy Setup Page 53
HotBrick Network Solutions VPN Policy Setup IPSec Traffic Binding VPN Tunnel List– It shows the tunnels that you have entered. The router can setup up to 20 tunnels Tunnel Name– In order to distinguish the tunnel, you have to give “Tunnel” a name.. Tunnel – Only enable tunnel check box, the tunnel can be connected. WAN port – You can choose WAN1, WAN2 or Any to make the VPN connection.
HotBrick Network Solutions Key Management Key – Key Type: there are two key types (manual key and auto key) available for the key exchange management. Manual Key: If manual key is selected, no key negotiation is needed. AutoKey (IKE)- There are two types of operation modes can be used. Main mode accomplishes a phase one IKE exchange by establishing a secure channel. Aggressive Mode is another way of accomplishing a phase one exchange.
HotBrick Network Solutions IPSec Policy options Figure 6-3: IPSec Policy Options Tunnel Attribute The current tunnel attribute that you just setup Dead Peer Detection If you like to utilize one of the wan port as a backup or plan failover function, you can enable Dead Peer Detection function.
HotBrick Network Solutions Set Options NetBIOS Broadcast- This is used to forward NetBIOS broadcast across the Internet. Auto Trigger–This is help to keep up the IPSec connection tunnel. It can be re-established immediately, if a connection is dropped and detected. Anti Replay – It ensures to keep track of IP packet-level security in order. Passive mode – This means that your PC establishes the data connection. If you enable passive mode.
HotBrick Network Solutions 7: QoS Configuration Overview The VPN 800/2 Firewall Router provides QoS, which supports the high quality of network service. Because it will classify outgoing packets based on some policies defined by users, make some real-time applications to get better response or performance. QoS Setup The following web page management are guiding you how to setup QoS and make QoS work.
HotBrick Network Solutions Data – QoS Setup. Enable QoS – This will allow users enable QoS function. QoS Feature IP TOS ( Type of Service) Feature • Queuing Method – The methods that how you manage your queue.” Priority queuing”. It is one of the first queuing variations to be wildly implemented. • Process TOS Field –An 8 bits field in the IP packet header designed to contain values indicating how each packet should be handled in the network.
HotBrick Network Solutions Data – Policy Configuration. Policy Priority This section identifies each policy • Policy Name List – When adding a new Policy, ignore this list. To edit an existing entry, select it from the list, and click the "Select" button. The data fields will then be updated with data for the selected entry. • Policy Name – Enter a suitable name. Generally, you should use the "Policy Name" for the network traffic. • Source Address – Define the source address of packets here.
HotBrick Network Solutions 8: Management Assistant Overview The following advanced features are provided. • SNMP • Email Alert • SNMP • Syslog • Upgrade Firmware This chapter contains details of the configuration and use of each of these features. SNMP This section is only useful if you have SNMP (Simple Network Management Protocol) software on your PC. If you have SNMP software, you can use a standard MIB II file with the VPN 800/2 Firewall Router.
HotBrick Network Solutions Settings – SNMP System Information • Contact Person – The name of the person responsible for this device. • Device name – The name of VPN 800/2 Firewall Router. • Physical Location – The location of the VPN 800/2 Firewall Router. Community It is a relationship between a SNMP agent and a set of SNMP manager that defines authentication, access control, and proxy characteristics.
HotBrick Network Solutions Settings – Email Alert Enable/Disable Email Alert Email Alert Configuration • Enable – This will enable email alert to send a warning email when WAN port was disconnected. • Disable – This will disable email alert not to send a warning email when WAN port was disconnected. Email Sender Address- It is an email address that sends a warning email to a recipient. Inform that a recipient checks if there is any problem on WAN ports or not.
HotBrick Network Solutions Syslog This feature can send real time system information on the web page or to the specified PC. Syslog Configuration – Syslog Configuration allow you where to send system information to other machine or not. There are up to three machines you can choose to send your system log. Message Status– Messages send only keep when “keep send message” checked. Currently we keep last 100 messages in the RAM area, they will clear when reboot or power off.
HotBrick Network Solutions Syslog Configuration Syslog Delivery Sending out – Check this, if you want to send syslog messages to other machine. Keep Send messages – Check this, if you want to keep sent messages, otherwise the sent message will be delete. Syslog Server - IP address: Up to 3 syslog servers can be used.Enable: You can enable or disable each server temporarily. Port: If your syslog server does not use the default port, you can change it.
HotBrick Network Solutions Admin Password The password screen allows you to assign a password to the Firewall Router. Figure 8-4: Admin Password Screen Enter the desired password, re-enter it in the Verify Password field, then save it. When you connect to the Load Balancer with your Browser, you will be prompted for the password when you connect, as shown below. Figure 8-5: Password Dialog • Enter "Admin" for the User Name.
HotBrick Network Solutions Upgrade Firmware This Upgrade Firmware Screen allows you to upgrade firmware or backup system configuration by using HTTP upgrade. Figure 8-6: Upgrade Firmware You can backup your system configuration by press “save” button of Save System Configuration. It will save the system configuration for you.
HotBrick Network Solutions 9: Advanced LAN Configuration Overview These screens and settings are provided to deal with non-standard situations, or to provide additional options for advanced users. Existing DHCP Server If your LAN already has a DHCP Server, and you wish to continue using it, the following configuration is required. • The DHCP Server function in the Load Balancer must be disabled. This setting is on the LAN & DHCP screen.
HotBrick Network Solutions Note: If there is an entry or entries in the Routing table with an Index of zero ( 0 ), these are System entries. You cannot modify or delete these entries. Settings – Routing Dynamic Routing • RIP v2 – This acts as “master” switch. If enabled, the selected WAN or LAN will run RIPv1/v2, otherwise they don’t have RIP function. • LAN, WAN1, WAN2 – If enabled, any WAN or LAN can execute RIP function. Network Address - The network address of the remote LAN segments.
HotBrick Network Solutions For the VPN 800/2 Firewall Router Gateway's Routing Table For the LAN shown above, with 2 routers and 3 LAN segments, the VPN 800/2 Firewall Router requires 2 entries as follows. Entry 1 (Segment 1) Destination IP Address 192.168.2.0 Network Mask 255.255.255.0 Gateway IP Address 192.168.1.100 Interface LAN Metric 2 Entry 2 (Segment 2) Destination IP Address 192.168.3.0 Network Mask 255.255.255.0 (Standard Class C) Gateway IP Address 192.168.1.
HotBrick Network Solutions 10: Operation and Status Operation Once both the VPN 800/2 Firewall Router and the PCs are configured, operation is automatic. However, there are some situations where additional Internet configuration may be required: Refer to Chapter 4 - Advanced Features for further details. System Status Use the System Status link on the main menu to view this screen.
HotBrick Network Solutions Data – System Status WAN Information LAN Information Device Information Device Statistics • Connection Status – Current status – either "Connected" or "Not connected". • Connection Type – The type of connection used – DHCP, Fixed IP, PPPoE, or PPTP. • "Force Renew" button– Only available if using a dynamic IP address (DHCP). Clicking this button will perform a DHCP "Renew" transaction with the ISP's DHCP server.
HotBrick Network Solutions Buttons • Refresh – Update the data on screen. • Restart – Restart (reboot) the VPN 800/2 Firewall Router. • Restore Factory Defaults – This will delete all existing settings, and restore the factory default settings. See below for details. Restore Factory Defaults When the "Restore Factory Defaults" button on the Status screen above is clicked, the following screen is displayed.
HotBrick Network Solutions These changes may mean that the current connection is invalid, and you will have to re-connect to the VPN 800/2 Firewall Router using its default IP address (192.168.1.1). WAN Status Use the WAN Status link on the main menu to view this screen. Figure 10-3: WAN Status Data – System Status NAT Statistics Interface Statistics This section displays data for each WAN port. • Connection status – This will display either Connected or Not Connected.
HotBrick Network Solutions NAT Status This screen is displayed when you click the "Check NAT Detail" button on the WAN Status screen. Figure 10-4: NAT Status Data – NAT Status LAN IP Info Active WAN IP Info • IP Address – The LAN IP Address of the VPN 800/2 Firewall Router. • Mask Address – The Network Mask (Subnet Mask) for the IP Address above. There is one (1) row for each active connection. For each connection, the following data is shown.
HotBrick Network Solutions NAT Traffic This section displays statistics for both outgoing (LAN to Internet) and Incoming (Internet to Local) traffic. NAT Connections This displays the current number of active connections. For further details, click the "View Connection" list button. Errors Statistics are displayed for Checksum errors, number of retries, and number of bad packets. Misc. This displays the total IP packets and reserved address.
HotBrick Network Solutions Appendix A Specifications Model Hotbrick VPN 800/2 Firewall Router Dimensions 120mm (W) x 427mm (D) x 43.4mm (H) Operating Temperature 0° C to 40° C Storage Temperature -10° C to 70° C Network Protocol: TCP/IP Network Interface: 10 Ethernet: 8 * 10/100BaseT (RJ45) auto-Switching Hub ports for LAN devices 2 * 10/100BaseT (RJ45) for WAN LEDs 8 LAN 2 WAN 2 Status 1 Power Power Input AC 115V-230V @ 0.
HotBrick Network Solutions Appendix B Windows TCP/IP Setup Overview TCP/IP Settings If using the default Load Balancer settings, and the default Windows 95/98/ME/2000 TCP/IP settings, no changes need to be made. • By default, the VPN 800/2 Firewall Router will act as a DHCP Server, automatically providing a suitable IP Address (and related information) to each PC when the PC boots. • For all non-Server versions of Windows, the default TCP/IP setting is to act as a DHCP client.
HotBrick Network Solutions Figure B-2: IP Address (Win 95) Ensure your TCP/IP settings are correct, as follows: Using DHCP To use DHCP, select the radio button Obtain an IP Address automatically. This is the default Windows settings. Restart your PC to ensure it obtains an IP Address from the VPN 800/2 Firewall Router.
HotBrick Network Solutions • On the DNS Configuration tab, ensure Enable DNS is selected. If the DNS Server Search Order list is empty, enter the DNS address provided by your ISP in the fields beside the Add button, then click Add. Figure B-4: DNS Tab (Win 95/98) Checking TCP/IP Settings - Windows 2000: 1. Select Control Panel - Network and Dial-up Connection. 2. Right click the Local Area Connection icon and select Properties.
HotBrick Network Solutions Figure B-6: TCP/IP Properties (Win 2000) 5. Ensure your TCP/IP settings are correct: Using DHCP To use DHCP, select the radio button obtain an IP Address automatically. This is the default Windows settings. Restart your PC to ensure it obtains an IP Address from the VPN 800/2 Firewall Router.
HotBrick Network Solutions Checking TCP/IP Settings - Windows XP: 1. Select Control Panel - Network Connection. 2. Right click the Local Area Connection and choose Properties. You should see a screen like the following: Figure B-7: Network Configuration (Windows XP) 3. Select the TCP/IP protocol for your network card. 4. Click on the Properties button. You should then see a screen like the following.
HotBrick Network Solutions Figure B-8: TCP/IP Properties (Windows XP) 5. Ensure your TCP/IP settings are correct. Using DHCP To use DHCP, select the radio button obtain an IP Address automatically. This is the default Windows settings. Restart your PC to ensure it obtains an IP Address from the VPN 800/2 Firewall Router. Using a fixed IP Address ("Use the following IP Address") If your PC is already configured, check with your network administrator before making the following changes.
HotBrick Network Solutions Appendix C Troubleshooting Overview This chapter covers some common problems that may be encountered while using the VPN 800/2 Firewall Router and some possible solutions to them. If you follow the suggested steps and the VPN 800/2 Firewall Router still does not function properly, contact your dealer for further advice. General Problems Problem 1: Can't connect to the VPN 800/2 Firewall Router to configure it.
HotBrick Network Solutions Solution 2: The VPN 800/2 Firewall Router processes the data passing through it, so it is not transparent. Use the Special Applications feature to allow the use of Internet applications which do not function correctly. If this does solve the problem you can use the DMZ function. This should work with most applications, but: • It is a security risk, since the firewall is disabled for the DMZ PC. • Only one (1) PC can use this feature.