ALL-VPN10 VPN/Firewall WLAN-N WAN Router User´s Manual
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Content I. Introduction...........................................................................................................................5 II. Multi- WAN VPN Router Installation .......................................................................................7 2.1 Systematic Setting Process .............................................................................................................................. 7 2.2 Setting Flow Chart ....
ALL-VPN10 9.1.2 X. VPN/Firewall WLAN-N WAN Router QoS ...................................................................................................................................................... 74 9.2 Session control .............................................................................................................................................. 80 9.3 Smart QoS ....................................................................................................................
ALL-VPN10 VPN/Firewall WLAN-N WAN Router 13.3 Traffic Statistic ............................................................................................................................................... 168 13.4 IP/ Port Statistic............................................................................................................................................. 168 XVI. Log out ..................................................................................................................
ALL-VPN10 I. VPN/Firewall WLAN-N WAN Router Introduction IPSec VPN QoS Router (referred as VPN Router hereby) is a business level security router that efficiently integrates new generation multiple WAN-port devices. It meets the needs of medium enterprises, internet cafés, campus, dorm and communities, etc. VPN Router has 1~2 10/100 Base-T/TX Ethernets (RJ45) WAN ports.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router It helps to free enterprises from increasing hacker intrusion. With an exclusive independent operation platform, users are able to set up and use a firewall without professional network knowledge. VPN Router setting up and management can be carried out through web browsers, such as IE, Netscape, etc.
ALL-VPN10 II. VPN/Firewall WLAN-N WAN Router Multi- WAN VPN Router Installation In this chapter we are going to introduce hardware installation. Through the understanding of multi-WAN setting process, users can easily setup and manage the network,making VPN Router functioning and having best performance. 2.1 Systematic Setting Process Users can set up and enable the network by utilizing bandwidth efficiently.
ALL-VPN10 # 1 2 Setting Hardware installation Login VPN/Firewall WLAN-N WAN Router Content Purpose Configure the network Install the device hardware based on user physical to meet user’s demand. requirements. Login the device with Login the device web- based UI. Web Browser. 3 4 Verify device Verify Firmware version Verify the device specification, Firmware version specification and working status. and working status.
ALL-VPN10 9 VPN Virtual Private Configure VPN tunnels Logout Configure different types of VPN to meet different application environment. Network 10 VPN/Firewall WLAN-N WAN Router Close configuration Logout VPN Router web- based UI. window. We will follow the process flow to complete the network setting in the following chapters.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router III. Hardware Installation In this chapter we are going to introduce hardware interface as well as physical installation. 3.1 LED Signal LED Signal Description LED Power DIAG Color Green Amber Link/Act Green 100M- Speed Amber WLAN Green WPS Green Description Green LED on: Power ON Amber LED on: System self-test is running. Amber LED blinking: System not ready Amber LED off: System self-test is completed successfully.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Specifications Model Name ALL-VPN10 CPU MTK 6856-700MHz Flash/DRAM 16M/128M WAN Port 1~2 (10/100) LAN Port 3~4 (10/100) USB Port 2 Wireless Antenna 5dBi *2 Operating Frequency 2.4GHz Frequency Band 2400-2483.5MHz Operating Channels 11 for 802.11b, 802.11g, 802.11n (H20) 7 for 802.11n(HT40) 802.11b: 19.8dBm 802.11g: 22.3dBm Output Power 802.11n (HT20): 24.51dbm 802.11n (HT40) 22.07 dbm Operating Temp. 0ºC to 40ºC (32ºF to 104ºF) Storage Temp.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router 3.2 VPN Router Network Connection WAN connection:A WAN port can be connected with xDSL Modem, Fiber Modem, Switching Hub, or through an external router to connect to the Internet. LAN Connection: The LAN port can be connected to a Switching Hub or directly to a PC. Users can use servers for monitoring or filtering through the port after “Physical Port Mangement” configuration is done.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router IV. Login This chapter is mainly introducing Web- based UI after conneting the device. First, check up the device’s IP address by connecting to DOS through the LAN PC under the device. Go to Start → Run, enter cmd to commend DOS, and enter ipconfig for getting Default Gateway address, as the graphic below, 192.168.1.1. Make sure Default Gateway is also the default IP address of the router.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Then, open webpage browser, IE for example, and key in 192.168.1.1 in the website column. The login window will appear as below: The device’s default username and password are both “admin”. Users can change the login password in the setting later. Attention! For security, we strongly suggest that users must change password after login. Please keep the password safe, or you can not login to the device.
ALL-VPN10 V. VPN/Firewall WLAN-N WAN Router V. Device Spec Verification, Status Display and Login Password and Time Setting This chapter introduces the device specification and status after login as well as change password and system time settings for security. 5.1 Home Page In the Home page, all the device’s parameters and status are listed for users’ reference. 5.1.1 WAN Status IP Address: Indicates the current IP configuration for WAN port.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router 5.1.2 Physical Port Status The status of all system ports, including each connected and enabled port, will be shown on this Home page (see above table). Click the respective status button and a separate window will appeare to show detailed data (including setting status summary and statisitcs) of the selected port. The current port setting status information will be shown in the Port Information Table.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router 5.1.3 System Information LAN IP/Subnet Mask: Identifies the current device IP address. The default is 192.168.1.1. Working Mode: Indicates the current working mode. Can be NAT Gateway or Router mode. The default is “NAT Gateway” mode. System Active Time:Indicates how long the Serial Number:This number is the Router has been running. Router serial number. Firmware Version: Information about the Router present software version.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Remote Management: Indicates if remote management is activated (on or off). Click the hyperlink to enter and manage the configuration. The default configuration is “Off”. Access Rule:Indicates the number of access rule applied in the device.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router 5.2 Change and Set Login Password and Time 5.2.1 Password Setting When you login the device setting window every time, you must enter the password. The default value for the device username and password are both “admin”. For security reasons, we strongly recommend that you must change your password after first login. Please keep the password safe, or you might not login to the device.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router 5.2.2 Time The device can adjust time setting. Users can know the exact time of event occurrences that are recorded in the System Log, and the time of closing or opening access for Internet resources. You can either select the embedded NTP Server synchronization function or set up a time reference. Synchronize with external NTP server:The device has embedded NTP server, which will update the time spontaneously.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router After the changes are completed, click “Apply” to save the configuration. Click “Cancel" to leave without making any change. This action will be effective before ”Apply” to save the configuration.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router VI. Network This Network page contains the basic settings. For most users, completing this general setting is enough for connecting with the Internet. However, some users need advanced information from their ISP. Please refer to the following descriptions for specific configurations. 6.1 Network Connection 6.1.1 Host Name and Domain Name Device name and domain name can be input in the two boxes.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router most environments, some ISPs in some countries may require it. 6.1.2 LAN Setting This is configuration information for the device current LAN IP address. The default configuration is 192.168.1.1 and the default Subnet Mask is 255.255.255.0. It can be changed according to the actual network structure. Multiple-Subnet Setting: Click “Unified IP Management” to enter the configuration page, as shown in the following figure.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router segment configuration; the Internet will then be directly accessible. In other words, if there are already different IP segment groups in the Intranet, the Internet is still accessible without making any changes to internal PCs. Users can make changes according to their actual network structure. 6.1.3 WAN Settings WAN Setting: Interface: An indication of which port is connected.
ALL-VPN10 Use the following DNS Server VPN/Firewall WLAN-N WAN Router Select a user-defined DNS server IP address. Addresses: DNS Server: Input the DNS IP address set by ISP. At least one IP group should be input. The maximum acceptable groups is two IP groups. Enable Line-Dropped Scheduling: The WAN disconnection schedule will be activated by checking this option. In some areas, there is a time limitation for WAN connection service.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Static IP If an ISP issues a static IP (such as one IP or eight IP addresses, etc.), please select this connection mode and follow the steps below to input the IP numbers issued by an ISP into the relevant boxes. WAN IP address Subnet Mask Input the available static IP address issued by ISP. Input the subnet mask of the static IP address issued by ISP, such as: Issued eight static IP addresses: 255.255.255.248 Issued 16 static IP addresses: 255.255.255.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Enable Line-Dropped The WAN disconnection schedule will be activated by checking this option. In some Scheduling areas, there is a time limitation for WAN connection service. For example: the optical fiber service will be disconnected from 0:00 am to 6:00 am. Although there is a standby system in the device, at the moment of WAN disconnection, all the external connections that go through this WAN will be disconnected too.
ALL-VPN10 User Name Input the user name issued by ISP. Password Input the password issued by ISP. Connect on Demand VPN/Firewall WLAN-N WAN Router This function enables the auto-dialing function to be used in a PPPoE dial connection. When the client port attempts to connect with the Internet, the device will automatically make a dial connection. If the line has been idle for a period of time, the system will break the connection automatically.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Enable Line-Dropped The WAN disconnection schedule will be activated by checking this option. In Scheduling some areas, there is a time limitation for WAN connection service. For example: the optical fiber service will be disconnected from 0:00 am to 6:00 am. Although there is a standby system in the device, at the moment of WAN disconnection, all the external connections that go through this WAN will be disconnected too.
ALL-VPN10 WAN IP Address VPN/Firewall WLAN-N WAN Router This option is to configure a static IP address. The IP address to be configured could be one issued by ISP. (The IP address is usually provided by the ISP when the PC is installed. Contact ISP for relevant information). Subnet Mask Input the subnet mask of the static IP address issued by ISP, such as: Issued eight static IP addresses: 255.255.255.248 Issued 16 static IP addresses: 255.255.255.
ALL-VPN10 Connect on Demand VPN/Firewall WLAN-N WAN Router This function enables the auto-dialing function to be used for a PPTP dial connection. When the client port attempts to connect with the Internet, the device will automatically connect with the default ISP auto dial connection; when the network has been idle for a period of time, the system will break the connection automatically. (The default time for automatic break off when no packets have been transmitted is five minutes).
ALL-VPN10 VPN/Firewall WLAN-N WAN Router If there are two WANs configured, users still can select Transparent Bridge mode for WAN connection mode, and load balancing will be achieved as usual. WAN IP Address Subnet Mask Input one of the static IP addresses issued by ISP. Input the subnet mask of the static IP address issued by ISP, such as: Issued eight static IP addresses: 255.255.255.248 Issued 16 static IP addresses: 255.255.255.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Enable Line-Dropped The WAN disconnection schedule will be activated by checking this option. Scheduling In some areas, there is a time limitation for WAN connection service. For example: the optical fiber service will be disconnected from 0:00 am to 6:00 am. Although there is a standby system in the device, at the moment of WAN disconnection, all the external connections that go through this WAN will be disconnected too.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router 6.2 Multi- WAN Setting When you have multiple WAN gateways, you can use Traffic Management and Protocol Binding function to fulfill WAN road balancing, so that we can have highest network bandwidth efficiency.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router 6.2.1 Load Balance Mode Auto Load Balance Mode When Auto Load Balance mode is selected, the device will use sessions or IP and the WAN bandwidth automatically allocate connections to achieve load balancing for external connections. The network bandwidth is set by what users input for it.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Please refer to the explanations in 6.2.3 Configuring Protocol Binding for setting up Protocol Binding and for examples of collocating router modes with Protocol Binding. Specify WAN Binding Mode This mode enables users to assign specific intranet IP addresses, destination application service ports or destination IP addresses to go through an assigned WAN for external connection.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Set WAN Grouping: If more than one WAN is connected with Netcom, to apply a similar division of traffic policy to these WANs, a combination for the WANs must be made. Click “Set WAN Grouping”; an interactive window as shown in the figure below will be displayed. Name: To define a name for the WAN grouping in the box, such as “Education” etc. The name is for recognizing different WAN groups.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router will be displayed accordingly. A policy document is an editable text document. It may contain a destination IP users designated. After the path for document importation has been selected, click “Import”, and then at the bottom of the configuration window click “Apply”. The device will then dispatch the traffic to the assigned destination IP through the WAN (ex. WAN 1) or WAN grouping users designated to the Internet.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router (or WAN group) under China Netcom strategy. 6.2.2 Network Service Detection This is a detection system for network external services. If this option is selected, information such “Retry” or “Retry Timeout” will be displayed. If two WANs are used for external connection, be sure to activate the NSD system, so as to avoid any unwanted break caused by the device misjudgment of the overload traffic for the WAN.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router WAN2 is not to support these destinations, users should select this option. When the WAN1 connection is disconnected, packets for 10.0.0.1~10.254.254.254 cannot be transmitted through WAN 2, and there is no need to remove the connection when WAN 1 is disconnected. (2) Keep System Log and Remove the Connection: If an ISP connection failure is detected, no error message will be recorded in the System Log.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router In the load balance mode for Assigned Routing, the first WAN port (WAN1) will be saved for the traffic of the IP addresses or the application service ports that are not assigned to other WANs (WAN2). Therefore, in this mode, we recommend assigning one of the connections to the first WAN.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router connections. In other words, the first WAN (WAN1) cannot be configured with the Protocol Binding rule. This is to avoid a condition where all WANs are assigned to specific Intranet IP or Service Ports and destination IP, no more WAN ports will be available for other IP addresses and Service Ports. Service: This is to select the Binding Service Port to be activated. The default (such as ALL-TCP&UDP 0~65535, WWW 80~80, FTP 21 to 21, etc.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Class B Network Segment of 210.11.x.x will be restricted to a specific WAN. If only specific Service Ports need to be designated, while a specific IP destination assignment is not required, input “0” into the IP boxes. Interface: Select the WAN for which users want to set up the binding rule. Enable: To activate the rule. Add To List: To add this rule to the list. Delete selected To remove the rules selected from the Service List.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Show Priority: Click the “Show Table” button. A dialogue box as shown in the following figure will be displayed. Users can choose to sort the list by priorities or by interface. Click “Refresh” and the page will be refreshed; click “Close” and the dialogue box will be closed.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Apply: Click the “Apply” button to save the modification. Cancel: Click the “Cancel” button to cancel the modification. This only works before “Apply” is clicked. Exit: To quit this configuration window. Auto Load Balancing mode when enabled: The collocation of the Auto Load Balance Mode and the Auto Load Mode will enable more flexible use of bandwidth.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Example 2:How do I set up Auto Load Balance Mode to keep Intranet IP 192.168.1.150 ~ 200 from going through WAN2 when the destination port is Port 80? As in the figure below, select “HTTP [TCP/80~80]” from the pull-down option list “Service”, and then in the boxes for “Source IP” input “192.168.1.150” to “200”. Retain the original numbers “0.0.0.0” in the boxes of “Destination IP” (which means to include all Internet IP addresses).
ALL-VPN10 VPN/Firewall WLAN-N WAN Router all Internet IP addresses). Select WAN1 from the pull-down option list “Interface”, and then click “Enable”. Finally, click “Add New” and the rule will be added to the mode. The device will transmit packets that are not going to Port 80 to the Internet through WAN1.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Configuring “Assigned Routing Mode” for load Balance: IP Group: This function allows users to assign packets from specific Intranet IP addresses or to specific destination Service Ports and to specific destination IP addresses through an assigned WAN to the Internet. After being assigned, the specific WAN will only support those assigned Intranet IP addresses, destination Service Ports, or destination IP addresses.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Example 2:How do I configure Protocol Binding to keep traffic from all Intranet IP addresses from going through WAN2 when the destinations are IP 211.1.1.1 ~ 211.254.254.254 as well as the whole Class A group of 60.1.1.1 ~ 60.254.254.254, while traffic to other destinations goes through WAN1? As in the following figure, there are two rules to be configured.
ALL-VPN10 © ALLNET GmbH München 2013 - VPN/Firewall WLAN-N WAN Router All rights reserved 50
ALL-VPN10 VPN/Firewall WLAN-N WAN Router VII. Intranet Configuration This chapter introduces how to configure ports and understand how to configure intranet IP addresses. 7.1 Port Management Summary: There are Network Connection Type, Interface, Link Status (Up/Down), Port Activity (Port Enabled), Priority Setting (High or Normal), Speed Status (10Mbps or 100Mbps), Duplex Status (half duplex or full duplex), Auto Neg. (Enabled/Disabled).
ALL-VPN10 VPN/Firewall WLAN-N WAN Router 7.2 IP/ DHCP With an embedded DHCP server, it supports automatic IP assignation for LAN computers. (This function is similar to the DHCP service in NT servers.) It benefits users by freeing them from the inconvenience of recording and configuring IP addresses for each PC respectively. When a computer is turned on, it will acquire an IP address from the device automatically. This function is to make management easier.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Dynamic IP: Client lease Time: Check the option to activate the DHCP server automatic IP lease function. If the function is activated, all PCs will be able to acquire IP automatically. Otherwise, users should configure static virtual IP for each PC individually. Range Start: This is to set up a lease time for the IP address which is acquired by a PC. The default is 1440 minutes (a day). Users can change it according to their needs. The time unit is minute.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router 7.3 DHCP Status This is an indication list of the current status and setup record of the DHCP server. The indications are for the administrator’s reference when a network modification is needed. DHCP Server: This is the current DHCP IP. Dynamic IP Used: The amount of dynamic IP leased by DHCP. Static IP Used: The amount of static IP assigned by DHCP. DHCP Available: The amount of IP still available in the DHCP server.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router IP Address: The IP address acquired by the current computer. MAC Address: The actual MAC network location of the current computer. Client Lease Time: The lease time of the IP released by DHCP. Delete: Remove a record of an IP lease.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router 7.4 IP & MAC Binding Administrators can apply IP & MAC Binding function to make sure that users can not add extra PCs for Internet access or change private IP addresses.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router There are two methods for setting up this function: (1)、Block MAC address not on the list This method only allows MAC addresses on the list to receive IP addresses from DHCP and have Internet access. When this method is applied, please fill out Static IP with 0.0.0.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router (2)、IP & MAC Binding Static IP: There are two ways to input static IP: 1. If users want to set up a MAC address to acquire IP from DHCP, but the IP need not be a specific assigned IP, input 0.0.0.0 in the boxes. The boxes cannot be left empty. 2. If users want DHCP to assign a static IP for a PC every single time, users should input the IP address users want to assign to this computer in the boxes.
ALL-VPN10 Add: VPN/Firewall WLAN-N WAN Router Add new binding. Block MAC address on the list with wrong IP address: When this option is activated, MAC addresses which are not included in the list will not be able to connect with the Internet. Show New IP user: This function can reduce administrator’s effort on checking MAC addresses one by one for the binding. Furthermore, it is easy to make mistakes to fill out MAC addresses on the list manually.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router VIII. Wireless Network Wireless function is enabled by default. The WLAN LED will be on after system booting. Client device can find SSID as _AP_1. Please refer to following illustrations to change configuration.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router 8.1 Basic Configuration Enable Wireless Netwrk Check the box to enable wireless function. Network Mode The default value is “11bgn Mixed Mode”. “11bgn Mixed Mode”, “11b Only”, “11g only” and “11n Only” also can be chosen. The default value is recommended. Country Code Choose the country where you are. Freqeuncy Channel Means the channel of frequency of the wireless LAN.Please choose the channel which is still available to avoid interference.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router This function will greatly improve the data transfer rate between WMM-enabled wireless devices. WMM AP Parameter Setting Tx Power The default value is 100%. To narrow down covering range, users can input a smaller value. Channel Bandwidth 20- the router will use 20Mhz for data transmission and receiving between the AP and the stations. 20/40 – the router will use 20Mhz or 40Mhz for data transmission and receiving according to the station capability.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router 8.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router 8.2.1 Select SSID No. The number of this SSID. Status Indicate if this SSID is enabled. SSID The name of wireless network. SSID is also called ESSID, which is for recognizing and establishing a wireless network. BSSID Indicates the MAC of this SSID. Broadcast SSID Check “Enabled” box to reveal SSID in the wireless network. If “Disabled”is checked, wireless client device will not find this SSID. Users have to input SSID manually to connect to this device.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router If “WEP auto” is checked, client users can choose any security mode. Default Key Select one of following 4 sets to be security key. 64-bit (10 hex digits) Input 10 hex digits (0~9, a~f, A~F) as WEP key. 128-bit (26 hex digits) Input 26 hex digits (0~9, a~f, A~F) as WEP key. 64-bit (5 ASCII) Input 5 ASCII code (English letter or number) as key. 128-bit (13ASCII) Input 13 ASCII code (English letter or number) as key. 2.
ALL-VPN10 WPA Algorithms VPN/Firewall WLAN-N WAN Router There are TKIP, AES and Auto can be chosen. Attention! Only AES can achieve 802.11n rate. ReKey Interval WPA/WPA2-PSK will rekey in a fixed interval. The interval can be configured. PMK Cache Period When a wireless client moves from one AP’s coverage area to another, it performs an authentication procedure (exchanging security information) with the new AP.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router RADIUS Port Input RADIUS service port. Shared Secret Input initial shared key. Session Timeout Input a maximum idle time. If the link idles over time, the connection will be terminated. 8.2.3 WPS Config Users can enable WPS function when using WPA Personal, WPA2 Personal and WPA/WPA2 Personal Mixed Mode. When WPS is enabled, the mode will continue for 2 minutes. If there is no connection established in two minutes, this connection wil be stopped. 1.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Two devices should be set in the same subnet as figure above. Configurations of two devices should be the same. Basic Setting ※Under WDS mode, channel bandwidth should be “20”. Security Mode WDS should be enabled on both devices. MACs of each other should be inputed on both sides. There could be variation on the quanity of AP supported on different devices. (1) Input AP MAC into blank.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router ※ If WEP mode is enabled, system will arrange 4 sets of key for those MACs. Make sure the order is correct. (2) Or check “Scanning”to select existing AP and then click “Submit”.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router 8.2.5 Access Filter For additional security of wireless access, the Access Control facility allows you to restrict the network access right by controlling the wireless LAN MAC address of client. Only the valid MAC address that has been configured can access the wireless LAN interface. Policy Deny: Connection from the disabled MAC list will be denied. Allow: Only MAC listed in “Enabled”list can establish connection.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router 8.3 Station List Station List provides the knowledge of connecting wireless clients. MAC Address The MAC address of client device. DHCP IP The IP address allocated from system. Host Name The host name of client device. SSID SSID of client device. Rate The quality of Wifi signal (%).
ALL-VPN10 VPN/Firewall WLAN-N WAN Router IX. QoS (Quality of Service) QoS is an abbreviation for Quality of Service. The main function is to restrict bandwidth usage for some services and IP addresses to save bandwidth or provide priority to specific applications or services, and also to enable other users to share bandwidth, as well as to ensure stable and reliable network transmission.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router 9.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router 9.1.1 The Maximum Bandwidth provided by ISP In the boxes for WAN1 and WAN2 bandwidth, input the upstream and downstream bandwidth which users applied for from bandwidth supplier. The bandwidth QoS will make calculations according to the data users input. In other words, it will guarantee a minimum rate of upstream and downstream for each IP and Service Port based on the total actual bandwidth of WAN1 and WAN2.
ALL-VPN10 Interface: VPN/Firewall WLAN-N WAN Router Select on which WAN the QoS rule should be executed. It can be a single selection or multiple selections. Service Port: Select what bandwidth control is to be configured in the QoS rule. If the bandwidth for all services of each IP is to be controlled, select “All (TCP&UDP) 1~65535”. If only FTP uploads or downloads need to be controlled, select “FTP Port 21~21”. Refer to the Default Service Port Number List.
ALL-VPN10 Direction: VPN/Firewall WLAN-N WAN Router Upstream: Means the upload bandwidth for Intranet IP. Downstream: Means the download bandwidth for Intranet IP. Server in LAN, Upstream: If a Server for external connection has been built in the device, this option is to control the bandwidth for the traffic coming from outside to this Server.
ALL-VPN10 Move up & Move down: VPN/Firewall WLAN-N WAN Router QoS rules will be executed from the bottom of the list to the top of the list. In other words, the lower down the list, the higher the priority of execution. Users can arrange the sequence according to their priorities. Usually the service ports which need to be restricted, such as BT, e-mule, etc., will be moved to the bottom of the list. The rules for certain IP addresses would then be moved upward.
ALL-VPN10 © ALLNET GmbH München 2013 - VPN/Firewall WLAN-N WAN Router All rights reserved 78
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Example 2. How to set up the maximum download speed of each WAN to 512Kbit/Sec for each LAN user? One by one IP to set up? No need to set up one by one. Below is the example. Click both WAN1 and WAN2; then choose “No Check Port[TCP&UDP /0~0” in Service; for IP Address, put your LAN IP range (e.g.192.168.1.1~254); in "Direction" part, open the dropdown box and choose Downstream. Import 2Kbit/Sec in Mini. Rate, which guarantees the minimum bandwidth.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router 9.2 Session control Session management controls the acceptable maximum simultaneous sessions of Intranet PCs. This function is very useful for managing connection quantity when P2P software such as BT, Thunder, or emule is used in the Intranet causing large numbers of sessions. Setting up proper limitations on sessions can effectively control the sessions created by P2P software. It will also have a limiting effect on bandwidth usage.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router When single IP exceed __: If this function is selected, when the user’s port session reach the limit, this user will not be able to make a new session for five minutes. Even if the previous session has been closed, new sessions cannot be made until the setting time ends.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Source IP: Input the IP address range or IP group. Enabled: Activate the rule. Add to list: Add this rule to the list. Delete seleted item: Remove the rules selected from the Service List. Apply: Click “Apply” to save the configuration. Cancel: Click “Cancel" to leave without making any change.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router 9.3 Smart QoS The smart QoS function enables the administrators to constrain the bandwidth occupied automatically without any configuring. Enabled QoS: Choose to apply QoS function. When the usage of any WAN’s bandwidth is Input the required rate value into the column. over than___%, Enable Smart QoS is 60%. Each IP’s upstream bandwidth threshold (for all Input the max. upstream rate for intranet IPs.
ALL-VPN10 Scheduling: VPN/Firewall WLAN-N WAN Router If “Always” is selected, the rule will be executed around the clock. If “From…” is selected, the rule will be executed according to the configured time range. For example, if the time control is from Monday to Friday, 8:00am to 6:00pm, users can refer to the following figure to set up the rule.
ALL-VPN10 X. VPN/Firewall WLAN-N WAN Router Firewall This chapter introduces firewall general policy, access rule, and content filter settings to ensure network security. 10.1 General Policy The firewall is enabled by default. If the firewall is set as disabled, features such as SPI, DoS, and outbound packet responses will be turned off automatically. Meanwhile, the remote management feature will be activated. The network access rules and content filter will be turned off.
ALL-VPN10 Remote Management: VPN/Firewall WLAN-N WAN Router To enter the device web- based UI by connecting to the remote Internet, this feature must be activated. In the field of remote browser IP, a valid external IP address (WAN IP) for the device should be filled in and the modifiable default control port should be adjusted (the default is set to 80, modifiable). Multicast Pass Through: There are many audio and visual streaming media on the network.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router 10.2 Access Rule Users may turn on/off the setting to permit or forbid any packet to access internet. Users may select to set different network access rules: from internal to external or from external to internal. Users may set different packets for IP address and communication port numbers to filter Internet access rules.
ALL-VPN10 Delete: VPN/Firewall WLAN-N WAN Router Remove the item. Add New Rule: Create a new network access rule Restore to Default Restore all settings to the default values and delete all the self-defined settings. Rule: 10.2.1 Add New Access Rule Action: Allow: Permits the pass of packets compliant with this control rule Deny: Prevents the pass of packets not compliant with this control rule Service: From the drop-down menu, select the service that users grant or do not give permission.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router address within a session. Dest. IP: Select the destination IP range (such as Any, Single, Range, or preset IP group name) If Single or Range is selected; please enter a single IP address or an IP address within a session. Scheduling: Select “Always” to apply the rule on a round-the-clock basis. Select “from”, and the operation will run according to the defined time. Apply this rule: Select "Always" to apply the rule on a round-the-clock basis.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Example 2.:How to forbid intranet IP range from 192.168.1.200 to 230 to access service port 80? Action:Forbid Service Port:TCP 80 Source Interface:LAN (Meaning to service port 80 which blocks the traffic from intranet to internet.) Source IP:192.168.1.200~192.168.1.230 Dest. IP:ANY (Meaning to any service port 80 which blocks the traffic from intranet to internet among 192.168.1.200~230.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router 10.3 Content Filter The device supports two webpage restriction modes: one is to block certain forbidden domains, and the other is to give access to certain web pages. Only one of these two modes can be selected. Block Forbidden Domain Fill in the complete website such as www.sex.com to have it blocked.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Add: Enter the websites to be controlled such as www.playboy.com Add to list: Click ”Add to list” to create a new website to be controlled. Delete selected item: Click to select one or more controlled websites and click this option to delete. Website Blocking by Keywords: Enabled: Click to activate this feature. The default setting is disabled. For example: If users enter the string ”sex”, any websites containing ”sex” will be blocked.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Accept Allowed Domains In some companies or schools, employees and students are only allowed to access some specific websites. This is the purpose of the function. Enabled: Activate the function. The default setting is “Disabled.” Add: Input the allowed domain name, etc. www.google.com Add to list: Add the rule to list. Delete selected item: Users can select one or more rules and click to delete.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Exception IP Here IP/IP ranges are exempted from “Accept Allowed Domain” through this method. Exception IP address Input unrestricted IP/IP Range Add to list: Click this button to add new unrestricted IPs Delete selected item: Select out one/more unrestricted IPs, click this button to delete them Content Filter Scheduling Select “Always” to apply the rule on a round-the-clock basis. Select “from”, and the operation will run according to the defined time.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router XI. L7 Management 11.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router (2) Add new rule: click © ALLNET GmbH München 2013 - All rights reserved 96
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Below are the steps for rule setting with an exmple in the enterprise: Step 1: Name the rule The name of the rule will be shown on the list, so administrator could name the rule by users or usages. Step 2: Choose the application ※Figures are used for reference. Please visit the official website for the actual application support list. (1) After choosing [Category], the [Item] column will show the crosponding list.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Step 4: Set exceptaional users (IP or QQ number) Administrator can set IP address or QQ numbers (if QQ is blocked) in the exceptional user setting. Please note that the exceptional user setting will be applied to all the rules in the application. For example, if there is a Google Talk rule with no exceptional IP, when adding a new Google Talk rule with the exceptional IP 192.168.1.100, 192.168.1.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router 11.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Step1: Basic Setting The name of the rule will be shown on the list, so administrator could name the rule by users or usages. Select one WAN as VIP. For example, only the traffic of president room on WAN1 and WAN2 is VIP, traffic on other WAN ports is not VIP. Hint: If users want traffic only run on VIP WAN, users can also configure “L7 Application Binding”.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Step2: Set Application or IP as VIP Set application as VIP. For instance, [Webpage] is selected. When the system recognizes the IP is using webpage service, the system will give VIP priority. Set source IP/Group as VIP. For instance, if [General Manager Room] IP group is chosen, they will have VIP priority no matter what application is used. Set VIP application and source IP/Group at the same time.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Take a community for an example: The community will ensure VIP authority when internal users browse webpage, the administrator should check [VIP Application] and [webpage] at Item column. ※Figures are used for reference. Please visit the official website for the actual application support list. After choosing [Category], the [Item] column will show the crosponding list. Hint: Directly click on the applications to put them effective.
ALL-VPN10 Step 4: Click VPN/Firewall WLAN-N WAN Router to save the rules.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router 11.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router The Maximum Bandwidth provided by ISP: This table is relative to general QoS function. Filling WAN Upstream/Downstream bandwidth with realistic broadband network bandwidth which user applying by ISP, QoS Bandwidth control is according to the bandwidth number that user filling to calculate. Click to save the set-up. Bandwidth unit is kbit, some of the software applications display by KB, 1KB=8kbit.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router (2) Add New Rule:Click Step 1: Name the rule The name of the rule will be shown on the list, so administrator could name the rule by users or usages.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router ※Figures are used for reference. Please visit the official website for the actual application support list. After choosing [Category], the [Item] column will show the crosponding list. Hints: Directly click on the applications to put them effective. Cancel the application by double clicks. Click [Choose All] to put all applications into effective, and click unnecessary items for cancel. Items could be chosen in multiple categories.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Step 3: QoS Configuration Interface Select on which WAN the QoS rule should be executed. It can be a single selection or multiple selections. Source IP/Group This is to select which user is to be controlled. If only a single IP is to be restricted, input this IP address, such as “192.168.1.100 to 100”. The rule will control only the IP 192.168.1.100. If an IP range is to be controlled, input the range, such as “192.168.1.100 ~ 149”.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Step 4: Make sure the time setting is correct to make the rule in effective only during the set time. All time is set as the default. Step 5: Click The time frame could be modified in the following settings. to save the rule setting.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router 11.4 Application Define When you set up the L7 Management rules, not only you can select the application that is defined by , but also you can add your own L7 applications by the URL, destination IP address or the port number. You can see the Application Define feature on the Application Status Table or on the APP List of all L7 Management features. ※Application Status ※Figures are used for reference.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Application Define-Add New Rule Step 1:Name the Application Step 2:Define the application by the URL, destination or the port number. The definable parameter as below: Dest. IP If only a single IP is to be restricted, input this IP address, such as “100.100.100.105”. The rule will control only the IP 100.100.100.105. If an IP range is to be controlled, input the range, such as “100.100.100.105~ 200”. Dest. IP Group Apply the Dest.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router The Administrator can check the whole applied applications from the Application Status function, including the ID of the policies. ※Figures are used for reference. Please visit the official website for the actual application support list. 1 Sorting and ordering the Sorting the applications or ordering the applications by the name. applications 2 Jump to the specific page. 3 Identify the lines in one page.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router XII. VPN (Virtual Private Network) 10.1.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router 10.1.1. Add a New VPN Tunnel The device supports Gateway to Gateway tunnel or Client to Gateway tunnel. The VPN tunnel connections are done by 2 VPN devices via the Internet. When a new tunnel is added, the setting page for Gateway to Gateway or Client to Gateway will be displayed. Gateway to Gateway: Click “Add” to enter the setting page of Gateway to Gateway. Client to Gateway: Click “Add” to enter the setting page of Client to Gateway.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router 10.1.1.1. Gateway to Gateway Setting The following instructions will guide users to set a VPN tunnel between two devices. Tunnel No.: Set the embedded VPN feature, please select the Tunnel number. Tunnel Name: Displays the current VPN tunnel connection name, such as XXX Office. Users are well-advised to give them different names to avoid confusion.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router IP + E-mail Addr. (USER FQDN) Authentication Dynamic IP + Domain Name (FQDN) Authentication Dynamic IP + E-mail Addr. (USER FQDN) Authentication. Dynamic IP address + Email address name (1) IP only: If users decide to use IP only, entering the IP address is the only way to gain access to this tunnel. The WAN IP address will be automatically filled into this space. Users don't need to do further settings.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router respond to this VPN tunnel connection; if users select this option to link to VPN, please enter the domain name. (5) Dynamic IP + E-mail Addr. (USER FQDN) Authentication. If users use dynamic IP address to connect to the device, users may select this option to connect to VPN without entering IP address.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Remote Group Setup: This remote gateway authentication type (Remote Security Gateway Type) must be identical to the remotely-connected local security gateway authentication type (Local Security Gateway Type). Remote Security Gateway Type: This remote gateway authentication type comes with five operation modes, which are: IP only-Authentication by use of IP only IP + Domain Name (FQDN) Authentication, -IP + Domain name IP + E-mail Addr.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router name to be verified. FQDN refers to the combination of host name and domain name. Users may enter any name that corresponds to the domain name of FQDN. This IP address and domain name must be identical to those of the remote VPN security gateway setting type to establish successful connection. If the remote IP address is unknown, choose IP by DNS Resolved, allowing DNS to translate the IP address. This domain name must be available on the Internet.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router name. (5) Dynamic IP + E-mail Addr. (USER FQDN) Authentication. If users use dynamic IP address to connect with the device, users may select this type to link to VPN. When the remote VPN gateway requires connection to facilitate VPN connection, the device will start authentication and respond to the VPN tunnel connection; Please enter the E-Mail to the empty space. Remote Security Group Type: This option allows users to set the remote VPN connection access type.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router IPSec Setup If there is any encryption mechanism, the encryption mechanism of these two VPN tunnels must be identical in order to create connection. And the transmission data must be encrypted with IPSec key, which is known as the encryption "key". The device provides the IKE automatic encryption mode- IKE with Preshared Key (automatic). By using the drop down menu, select the desired encryption mode as illustrated below.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Phase 1/ Phase 2 Encryption: This option allows users to set this VPN tunnel to use any encryption mode. Note that this parameter must be identical to that of the remote encryption parameter: DES (64-bit encryption mode), 3DES (128-bit encryption mode), AES (the standard of using security code to encrypt information). It supports 128-bit, 192-bit, and 256-bit encryption keys.
ALL-VPN10 ● VPN/Firewall WLAN-N WAN Router Aggressive Mode: This mode is mostly adopted by remote devices. The IP connection is designed to enhance the security control if dynamic IP is used for connection. ● Use IP Header Compression Protocol: If this option is selected, in the connected VPN tunnel, the device supports IP Payload Compression Protocol. ● Keep Alive: If this option is selected, VPN tunnel will keep this VPN connection.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Heart Beat is still failure over the retry default. The VPN Heart Beat detection and DPD features are both used to provide a stabile VPN solution for customers. The difference between them is that we can use the Heart Beat detection in a non IPSec protocol. With the Heart Beat detection, we can monitor the VPN tunnel and make sure whether the tunnel exists and smooth or not. However, with the DPD feature, it is only available under the IPSec protocol.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router 10.1.1.2. Client to Gateway Setting The following describes how an administrator builds a VPN tunnel between devices. Users can set this VPN tunnel to be used by one client at the client end. If it is used by a group of clients, the individual setting for remote clients can be reduced. Only one tunnel will be set and used by a group of clients, which allows easy setting. Situation in Tunnel: Tunnel No.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Local Group Setup This local gateway authentication type (Local Security Gateway Type) must be identical with that of the remote type (Remote Security Gateway Type). Local Security Gateway Type: This local gateway authentication type comes with five operation modes, which are: IP only - Authentication by the use of IP only IP + Domain Name (FQDN) Authentication, -IP + Domain name IP + E-mail Addr.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router settings. (4) Dynamic IP + Domain Name(FQDN) Authentication: If users use dynamic IP address to connect to the device, users may select this option to link to VPN. If the remote VPN gateway requires connection to the device for VPN connection, this device will start authentication and respond to this VPN tunnel connection; if users select this option to link to VPN, please enter the domain name. (5) Dynamic IP + E-mail Addr. (USER FQDN) Authentication.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router address of 192.168.1.0 can establish connection. 2. Subnet This option allows local computers in this subnet to be connected to the VPN tunnel. Reference: When this VPN tunnel is connected, only computers with the session of 192.168.1.0 and with subnet mask as 255.255.255.0 can connect with remote VPN.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Remote Group Setup: This remote gateway authentication type (Remote Security Gateway Type) must be identical to the remotely-connected local security gateway authentication type (Local Security Gateway Type). Remote Security Gateway Type: This local gateway authentication type comes with five operation modes, which are: IP only IP + Domain Name (FQDN) Authentication IP + E-mail Addr.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router (3) IP + E-mail Addr. (USER FQDN) Authentication. If users select IP address and E-mail, enter the IP address and E-mail address to gain access to this tunnel and the WAN IP address will be automatically filled into this space. Users don't need to do further settings. (4) Dynamic IP + Domain Name(FQDN) Authentication: If users use dynamic IP address to connect to the device, users may select this option to link to VPN.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router IPSec Setup If there is any encryption mechanism, the encryption mechanism of these two VPN tunnels must be identical in order to create connection. And the transmission data must be encrypted with IPSec key, which is known as the encryption "key". The device provides the IKE automatic encryption mode- IKE with Preshared Key (automatic). By using the drop down menu, select the desired encryption mode as illustrated below.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Phase 1/ Phase 2 DH Group: This option allows users to select Diffie-Hellman groups: Group 1/ Group 2/ Group 5. Phase 1/ Phase 2 Encryption: This option allows users to set this VPN tunnel to use any encryption mode. Note that this parameter must be identical to that of the remote encryption parameter: DES (64-bit encryption mode), 3DES (128-bit encryption mode), AES (the standard of using security code to encrypt information).
ALL-VPN10 VPN/Firewall WLAN-N WAN Router The advanced settings include Main Mode and Aggressive mode. For the Main mode, the default setting is set to VPN operation mode. The connection is the same to most of the VPN devices. ● Aggressive Mode: This mode is mostly adopted by remote devices. The IP connection is designed to enhance the security control if dynamic IP is used for connection.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router established. Retry The default retry times are 5. The system will terminate the VPN tunnel if the Heart Beat is still failure over the retry default. The VPN Heart Beat detection and DPD features are both used to provide a stabile VPN solution for customers. The difference between them is that we can use the Heart Beat detection in a non IPSec protocol.
ALL-VPN10 Enabled PPTP Server: VPN/Firewall WLAN-N WAN Router When this option is selected, the point-to-point tunnel protocol PPTP server can be enabled. PPTP IP Address Range: Please enter PPTP IP address range so as to provide the remote users with an entrance IP into the local network. Enter Range Start: Enter the value into the last field. Enter Range End: Enter the value into the last field. User name: Please enter the name of the remote user.
ALL-VPN10 Password: VPN/Firewall WLAN-N WAN Router Enter the password and confirm again by entering the new password. Confirm Password: Add to list: Add a new account and password. Delete selected item: Delete Selected Item. Connection List All PPTP Status:Displays all successfully connected users, including username, remote IP address, and PPTP address. 10.1.3.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router 10.2. QVM VPN Function Setup The QVM-series device provides three major convenient functions: 1. Smart Link IPSec VPN: Easy VPN setup replaces the conventional complicated VPN setup process by entering Server IP, User Name, and Password. 2. Central Control Feature: Displays a clear VPN connection status of all remote ends and branches. Its central control screen allows setup from remote into external client ends. 3.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Account ID: Must be identical to that of the server account ID. Password: Must be identical to that of the server password. Confirm Password: Please enter the password and confirm again. QVM VPN(IP Address or Dynamic Input QVM VPN Server IP address or domain name. Domain Name) : Status: Displays QVN connection status. This function is to set re- connect duration if QVM contention drops. Keep Alive: Redial Period The range is 1~60 mins.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router XIII. Advanced Function 11.1 DMZ Host/ Port Range Forwarding 11.1.1 DMZ Host When the NAT mode is activated, sometimes users may need to use applications that do not support virtual IP addresses such as network games. We recommend that users map the device actual WAN IP addresses directly to the Intranet virtual IP addresses, as follows: If the “DMZ Host” function is selected, to cancel this function, users must input "0” in the following “DMZ Private IP”.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router with Port 80 (the service port of WWW is Port 80) to access the internal server directly. In the configuration page, if a web server address such as 192.168.1.50 and the Port 80 has been set up in the configuration, this web page will be accessible from the Internet by keying in the device actual IP address such as, http://211.243.220.43. At this moment, the device actual IP will be converted into “192.168.1.50” by Port 80 to access the web page.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router is not in the list, we recommend that users use “Service Port Management” to add or remove ports, as follows: Service Name: Input the name of the service port users want to activate on the list, such as E-donkey, etc. Protocol: To select whether a service port is TCP or UDP. Port Range: To activate this function, input the range of the service port locations users want to activate such as 500~500 or 2300~2310, etc.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router 11.2 UPnP UPnP (Universal Plug and Play) is a protocol set by Microsoft. If the virtual host supports UPnP system (such as Windows XP), users could also activate the PC UPnP function to work with the device. Service Port: Select the UPnP service number default list here; for example, WWW is 80~80, FTP is 21~21. Please refer to the default service number list. Host Name or IP Address: Input the Intranet virtual IP address or name that maps with UPnP such as 192.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router 11.3 Routing In this chapter we introduce the Dynamic Routing Information Protocol and Static Routing Information Protocol. When there are more than one router and IP subnets, the routing mode for the device should be configured as static routing. Static routing enables different network nodes to seek necessary paths automatically. It also enables different network nodes to access each other.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Dest. IP: Input the remote network IP locations and subnet that is to be routed. For Subnet Mask: example, the IP/subnet is 192.168.2.0/255.255.255.0. Gateway: The default gateway location of the network node which is to be routed. Hop Count: This is the router layer count for the IP. If there are two routers under the device, users should input “2” for the router layer; the default is “1”. (Max. is 15.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router 11.4 One to One NAT As both the device and ATU-R need only one actual IP, if ISP issued more than one actual IP (such as eight ADSL static IP addresses or more), users can map the remaining real IP addresses to the intranet PC virtual IP addresses. These PCs use private IP addresses in the Intranet, but after having One to One NAT mapping, these PCs will have their own public IP addresses.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Enabled One to One NAT: To activate or close the One-to-One NAT function. (Check to activate the function). Private IP Range Begin: Input the Private IP address for the Intranet One-to-One NAT function. Public IP Range Begin: Input the Public IP address for the Internet One-to-One NAT function. Range Length: The numbers of final IP addresses of actual Internet IP addresses. (Please do not include IP addresses in use by WANs.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router described Firewall. 10.5 DDNS- Dynamic Domain Name Service DDNS supports the dynamic web address transfer for NOIP DDNS、DynDNS. This is for VPN connections to a website that is built with dynamic IP addresses, and for dynamic IP remote control. For example, the actual IP address of an ADSL PPPoE time-based system or the actual IP of a cable modem will be changed from time to time.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router * The UI might vary from model to model, depending on different product lines. Interface This is an indication of the WAN port the user has selected. DDNS Check either of the boxes before DynDNS and NOIPD DNS to select one of the four DDNS website address transfer functions. Username The name which is set up for DDNS. Input a complete website address such as abc.ddns.org.cn as a user name for DDNS.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router 11.6 MAC Clone Some ISP will request for a fixed MAC address (network card physical address) for distributing IP address, which is mostly suitable for cable mode users. Users can input the network card physical address (MAC address: 00-xx-xx-xx-xx-xx) here. The device will adopt this MAC address when requesting IP address from ISP. Select the WAN port to which the configuration is to be edited; click the hyperlink to enter and edit its configuration.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router 11.7 USB Storage By using FTP Client software or SAMBA, users are able to access the files stored in the USB Storage device (FAT32/NTFS) after being inserted to the USB port on the router. The USB LED notification will light up after the storage device has been inserted into the USB port. The status of the USB Storage settings can be seen after logging in to the router.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router User name:User name of the account for both FTP and SAMBA Services. Password: Password of the account for both FTP and SAMBA Services. Must contain at least 5 characters. Access Policy: read only:User can only read the files in the USB Storge device. read-write:User can add, read, or delete the files stored in the device. Enabled: Check this box to enable the rule.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router (3) Advanced Settings Simultaneous FTP Connection:Total number of client connections the FTP Server can accept at the same time. FTP Service Charset:FTP Server Character set, the selections are UFT8, GB2312 and BIG5.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router 11-7-2 SAMBA SAMBA Service functionality is enabled by default, only the setup of an user account is required to use the service. (1) User Account Setup User name:User name of the account for both FTP and SAMBA Services. Password:Password of the account for both FTP and SAMBA Services. Must contain at least 5 characters. Access Policy: read only:Users can only read from the storage device.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router read only:Users can only read from the storage device. read-write:Users can add, read, or delete the files stored in the device. (3) Advanced Settings Host Name:The name for the router. Work Group:The name of the workgroup to join or show in the network.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router XIV. System Tool This chapter introduces the management tool for controlling the device and testing network connection. For security consideration, we strongly suggest to change the password. Password and Time setting is in Chapter 5.2. 12.1 Diagnostic The device provides a simple online network diagnostic tool to help users troubleshoot network-related problems.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Ping This item informs users of the status quo of the outbound session and allows the user to know the existence of computers online. On this test screen, please enter the host IP that users want to test such as 192.168.5.20. Press "Go" to start the test. The result will be displayed on this screen.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router 12.2 Firmware Upgrade Users may directly upgrade the device firmware on the Firmware Upgrade page. Please confirm all information about the software version in advance. Select and browse the software file, click "Firmware Upgrade Right Now" to complete the upgrade of the designated file. Note! Please read the warning before firmware upgrade. Users must not exit this screen during upgrade. Otherwise, the upgrade may fail.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router 12.3 Configuration Backup Import Configuration File: This feature allows users to integrate all backup content of parameter settings into the device. Before upgrade, confirm all information about the software version. Select and browse the backup parameter file: "config.exp." Select the file and click "Import" to import the file. Export Configuration File: This feature allows users to backup all parameter settings.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router 12.4 SNMP Simple Network Management Protocol (SNMP) refers to network management communications protocol and it is also an important network management item. Through this SNMP communications protocol, programs with network management (i.e. SNMP Tools-HP Open View) can help communications of real-time management.
ALL-VPN10 Enabled: VPN/Firewall WLAN-N WAN Router Activate SNMP feature. The default is activated. System Name: Set the name of the device such as . System Contact: Set the name of the person who manages the device (i.e. John). System Location: Define the location of the device (i.e. Taipei). Get Community Name: Set the name of the group or community that can view the device SNMP data. The default setting is "Public".
ALL-VPN10 VPN/Firewall WLAN-N WAN Router 12.5 System Recover Users can restart the device with System Recover button. System Recover As the figure below, if clicking “Restart Router” button, the dialog block will pop out, confirming if users would like to restart the device.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Return to Factory Default Setting If clicking “Return to Factory Default Setting, the dialog block will pop out, if the device will return to factory default.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router XV. Log From the log management and look up, we can see the relevant operation status, which is convenient for us to facilitate the setup and operation. 13.1 System Log Its system log offers three options: system log, E-mail alert, and log setting.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router System Log Enable: If this option is selected, the System Log feature will be enabled. Syslog Server: The device provides external system log servers with log collection feature. System log is an industrial standard communications protocol. It is designed to dynamically capture related system message from the network. The system log provides the source and the destination IP addresses during the connection, service number, and type.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router General Log The device provides the following warning message. Click to activate the feature. System error message, blocked regulations, regulation of passage permission, system configuration change and registration verification. System Error Message: Provides the system log with all kinds of error messages. For example, wrong settings, occurrence of abnormal functions, system reactivation, disconnection of PPPoE and so on.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router 13.2 System Statistic The device has the real-time surveillance management feature that provides system current operation information such as port location, device name, current WAN link status, IP address, MAC address, subnet mask, default gateway, DNS, number of received/ sent/ Received and total packets , number of received/ sent/ total Bytes, Sent Bytes/Sec.
ALL-VPN10 © ALLNET GmbH München 2013 - VPN/Firewall WLAN-N WAN Router All rights reserved 167
ALL-VPN10 VPN/Firewall WLAN-N WAN Router 13.3 Traffic Statistic Six messages will be displayed on the Traffic Statistic page to provide better traffic management and control. 13.4 IP/ Port Statistic The device allows administrators to inquire a specific IP (or from a specific port) about the addresses that this IP had visited, or the users (source IP) who used this service port. This facilitates the identification of websites that needs authentication but allows a single WAN port rather than Multi-WANs.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Specific IP Status: Enter the IP address that users want to inquire, and then the entire destination IP connected to remote devices as well as the number of ports will be displayed. Specific Port Status: Enter the service port number in the field and IP that are currently used by this port will be displayed.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router XVI. Log out On the top right corner of the web- based UI, there is a Logout button. Click on it to log out of the webbased UI. To enter next time, open the Web browser and enter the IP address, user name and password to log in.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Appendix I: Technical Support Information Official Website http://www.allnet.de Support: E- mail:support@allnet.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router Appendix II Federal Communication Commission Interference Statement This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router This device complies with the essential requirements of the R&TTE Directive 1999/5/EC. The following test methods have been applied in order to prove presumption of conformity with the essential requirements of the R&TTE Directive 1999/5/EC: EN 60950-1: 2006+A11: 2009+A1: 2010+A12: 2011 Safety of Information Technology Equipment EN 300 328 V1.7.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router ALLNET GPL Code Statement This ALLNET product includes software code developed by third parties, including software code subject to the GNU General Public License ("GPL") or GNU Lesser General Public License ("LGPL"). As applicable, the terms of the GPL and LGPL, and information on obtaining access to the GPL code and LGPL code used in this product, are available to you at: http://www.allnet.de/gpl.
ALL-VPN10 VPN/Firewall WLAN-N WAN Router CE-Declaration of Conformity For the following equipment: Germering, 11th of October, 2013 VPN/Firewall WLAN-N WAN Router ALL-VPN10 The safety advice in the documentation accompanying the products shall be obeyed. The conformity to the above directive is indicated by the CE sign on the device. The Allnet ALL-VPN10 conforms to the Council Directives of 2004/108/EC. This equipment meets the following conformance standards: EN301489-1 V1.9.
