User's Manual

ManualsBrandsHP ManualsNetworkingHP OfficeConnect Firewall Series

3Com

OfficeConnect

Gigabit VPN Firewall (3CREVF100-73)

User Guide

Summary of content (156 pages)

PAGE 1
3Com® OfficeConnect® Gigabit VPN Firewall (3CREVF100-73) User Guide
PAGE 2
ii
PAGE 3
OfficeConnect VPN Firewall User’s Manual Introduction Table of Contents 1 Introduction .......................... 12 2 1.1 OfficeConnect Gigabit VPN Firewall ............................ 12 1.2 System Requirements ................................................... 12 1.3 Using this Document ..................................................... 12 1.3.1 Notational conventions ....................................... 12 1.3.2 Typographical conventions .................................. 2 1.3.
PAGE 4
OfficeConnect VPN Firewall User’s Manual Chapter 1.Introduction 3.4 3.3.3 Windows® 2000 PCs: ........................................ 12 5.2 3.3.4 Windows® 95, 98, and Me PCs......................... 13 5.2.1 What is DHCP? ................................................... 26 3.3.5 Windows® NT 4.0 workstations: ........................ 13 5.2.2 Why use DHCP? ................................................. 27 3.3.6 Assigning static IP addresses to your PCs ....... 14 5.2.
PAGE 5
OfficeConnect VPN Firewall User’s Manual 7 Chapter 1. Introduction 8.5.2 Configuring Spanning Tree 8.6 Settings ................................ 35 7.1 Spanning Tree Overview .............................................. 35 7.2 Spanning Tree Configuration Parameters ................... 35 7.3 Configuring the Spanning Tree settings....................... 36 7.4 Viewing the Spanning Tree Status ............................... 37 9 Viewing WAN Statistics .........................................
PAGE 6
OfficeConnect VPN Firewall User’s Manual Chapter 1.Introduction 11.1 Firewall Overview .......................................................... 51 11.1.1 Stateful Packet Inspection .................................. 51 11.1.2 DoS (Denial of Service) Protection .................... 51 11.1.3 Firewall and Access Control List (ACL) ............. 51 11.4.1 Outbound ACL Rule Configuration Parameters .......................................................... 57 11.4.
PAGE 7
OfficeConnect VPN Firewall User’s Manual 11.6.1.6 Chapter 1. Introduction View Configured Self Access 11.6.5 Rules ....................................................... 64 11.6.2 Configuring Service List ...................................... 65 11.6.2.1 Service List Configuration Configuring IP/MAC Binding .............................. 70 11.6.5.1 Adding an IP/MAC binding rule ............. 70 11.6.5.2 Editing an IP/MAC binding rule ............. 71 11.6.5.
PAGE 8
OfficeConnect VPN Firewall User’s Manual Chapter 1.Introduction 13 12.3 Defining the QoS Class Object ..................................... 76 12.4 Traffic Classification....................................................... 77 14.3.4 14.4 VPN Connection Examples .......................................... 89 14.4.1 Configuring WAN Load- Display VPN Rules.............................................. 89 Intranet Scenario – firewall + VPN and no NAT for VPN traffic ...............................
PAGE 9
OfficeConnect VPN Firewall User’s Manual Chapter 1. Introduction 17.1 Configure Port Mirroring ..............................................101 19.2 Network classes........................................................... 111 17.2 Change the Login Password ......................................101 19.3 Subnet masks .............................................................. 112 17.3 Configuring the Management Interface ..................... 103 17.4 Modify System Information .............
PAGE 10
OfficeConnect VPN Firewall User’s Manual Chapter 1.Introduction 23 Figure 3.6 System Time Configuration Page ..................................................... 16 END USER SOFTWARE Figure 3.7 IP Setup Configuration Page ............................................................. 16 LICENCE AGREEMENT ... 129 24 25 Figure 3.8 DHCP Server Configuration Page .................................................... 16 Figure 3.9 WAN PPPoE Configuration Page ..............................................
PAGE 11
OfficeConnect VPN Firewall User’s Manual Chapter 1. Introduction Figure 8.1 WAN Connection Type Configuration ............................................... 39 Figure 11.14. Schedule Example – Create a Schedule .................................... 70 Figure 8.2 WAN Dynamic IP (DHCP client) Configuration Page ...................... 42 Figure 11.15. Schedule Example – Deny FTP Access for MISgroup1 During OfficeHours ........................................................................................
PAGE 12
OfficeConnect VPN Firewall User’s Manual Chapter 1.Introduction Figure 14.10 VPN User Group Configuration Page ........................................... 94 List of Tables Figure 14.11 Configuring a User Group.............................................................. 94 Table 2.1 Front Panel Label and LEDs................................................................. 3 Figure 15.1. L2TP Server Configuration Page ................................................... 96 Table 2.
PAGE 13
OfficeConnect VPN Firewall User’s Manual Chapter 1. Introduction Table 11.3. Content Filter Configuration Parameters ........................................ 60 Table 11.4. Self Access Configuration Parameters ........................................... 62 Table 11.5. Service List configuration parameters ............................................. 65 Table 11.6. DoS Protection Configuration Parameters ..................................... 66 Table 11.7. Schedule Configuration Parameters ...............
PAGE 14
OfficeConnect VPN Firewall User’s Manual Chapter 1.Introduction using Stateful Packet Inspection (SPI), web content filtering, logging and 1 reporting. Introduction 1.2 System Requirements Welcome to the world of networking with 3Com. In the modern business environment, communication and sharing information is crucial.
PAGE 15
OfficeConnect VPN Firewall User’s Manual Chapter 1.Introduction 1.3.2  Typographical conventions Italics are used to identify terms that are defined in the glossary (Chapter 25).  Boldface type text is used for items you select from menus and drop-down lists, and text strings you type when prompted by the program. 1.3.3 Special messages This document uses the following icons to call your attention to specific instructions or explanations.
PAGE 16
PAGE 17
OfficeConnect VPN Firewall User’s Manual Chapter 2. Getting to Know the OfficeConnect Gigabit VPN Firewall POWER 2 Getting to Know the OfficeConnect Gigabit VPN Firewall WAN1 WAN2 TEST LED LAN1/DMZ1 LAN2/DMZ2 DMZ1 LED LAN3 ~ LAN6 CONSOLE DMZ2 LED Reset Figure 2.1 Front Panel LEDs 2.1 Parts List Table 2.
PAGE 18
OfficeConnect VPN Firewall User’s Manual Chapter 2. Getting to Know the OfficeConnect Gigabit VPN Firewall  AC Inlet WAN Failover & Load Balancing 2.4.1.1 Address Sharing and Management The OfficeConnect Gigabit VPN Firewall provides NAT to share a single high- Power Switch speed Internet connection and to save the cost of multiple connections required Figure 2.2 Rear Panel Connections for the hosts on the LAN segments connected to the OfficeConnect Gigabit VPN Table 2.
PAGE 19
OfficeConnect VPN Firewall User’s Manual  Chapter 2 Getting to Know the OfficeConnect Gigabit VPN Firewall Application specific filters 2.4.1.2 ICMP Attacks Stateful Packet Inspection Flooders The OfficeConnect Gigabit VPN Firewall uses ―stateful packet inspection‖ that extracts state-related information required for the security decision from the Port Scans packet and maintains this information for evaluating subsequent connection attempts.
PAGE 20
OfficeConnect VPN Firewall User’s Manual Chapter 2. Getting to Know the OfficeConnect Gigabit VPN Firewall 2.4.1.5  Application Level Gateway (ALG) Maintains at a minimum, log details such as, time of packet arrival, description of action taken by Firewall and reason for action. Applications such as FTP, games etc., open connections dynamically based on the respective application parameter. To go through the firewall on the  Supports the UNIX Syslog format.
PAGE 21
OfficeConnect VPN Firewall User’s Manual Chapter 2 Getting to Know the OfficeConnect Gigabit VPN Firewall allows OfficeConnect Gigabit VPN Firewall to maintain a persistent connection Tunnel Mode for Network-Network Connectivity for WAN port traffic by failing over to the backup WAN port. IP Fragmentation and Reassembly The primary and secondary WAN ports can also be used in a more dynamic IPSec Support Hardware Encryption Algorithm DES, 3DES, AES flows between the two WAN ports.
PAGE 22
PAGE 23
OfficeConnect VPN Firewall User’s Manual Chapter 3. Quick Start Guide RISK OF EXPLOSION IF BATTERY IS REPLACED BY AN 3 Quick Start Guide INCORRECT TYPE. WARNING DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS This Quick Start Guide provides basic instructions for connecting the Figure 3.1 illustrates the hardware connections. Please follow the steps that OfficeConnect Gigabit VPN Firewall to a computer or a LAN and to the Internet. follow for specific instructions.
PAGE 24
OfficeConnect Gigabit VPN Firewall User’s Manual Chapter 3. Quick Start Guide 3.1.4 Step 4. Turn on the OfficeConnect Gigabit VPN Firewall, the ADSL or cable modem and power up your computers. power source. Press the Power switch on the rear panel of the OfficeConnect Gigabit VPN LAN1 – Solid green to indicate that the device can communicate with LAN6 your LAN or flashing when the device is sending or receiving data from your LAN computer. Firewall to the ON position.
PAGE 25
OfficeConnect Gigabit VPN Firewall User’s Manual Chapter 3. Quick Start Guide Mechanical Loading - Mounting of the equipment in the rack should be such that a hazardous condition is not achieved due to WARNING uneven mechanical loading. Circuit Overloading - Consideration should be given to the connection of the equipment to the supply circuit and the effect that overloading of the circuits might have on overcurrent protection and supply wiring.
PAGE 26
OfficeConnect Gigabit VPN Firewall User’s Manual Chapter 3. Quick Start Guide 3.3.1 6. Click button twice to confirm your changes, and close the Control Panel. Before you begin By default, the OfficeConnect Gigabit VPN Firewall automatically assigns all 3.3.3 required Internet settings to your PCs. You need only to configure the PCs to First, check for the IP protocol and, if necessary, install it: accept the information when it is assigned.
PAGE 27
OfficeConnect Gigabit VPN Firewall User’s Manual Chapter 3. Quick Start Guide 10. In the Local Area Connection Properties dialog box, select Internet Protocol (TCP/IP), and then click button. 7. In the Control Panel, double-click the Network icon. 8. In the Network dialog box, select an entry started with ―TCP/IP ” and the name of your network adapter, and then click button. 11.
PAGE 28
OfficeConnect Gigabit VPN Firewall User’s Manual Chapter 3. Quick Start Guide After all files are installed, a window displays to inform you that a the subnet mask and 192.168.1.1 for the default gateway. These settings may TCP/IP service called DHCP can be set up to dynamically assign IP be changed later to reflect your true network environment. information. On each PC to which you want to assign static information, follow the 11.
PAGE 29
OfficeConnect Gigabit VPN Firewall User’s Manual Chapter 3. Quick Start Guide disabled in your browser. In IE, click ―Tools‖  ―Internet Options…‖  ―Connections‖ tab  ―LAN settings…‖ and then uncheck ―Use proxy server for your LAN …‖ Default Password: 2. On any PC connected to one of the four LAN ports on the OfficeConnect Gigabit VPN Firewall, open your Web browser, and type the following URL in the address/location box, and press : password You can change the password at any time.
PAGE 30
OfficeConnect Gigabit VPN Firewall User’s Manual Chapter 3. Quick Start Guide Time Zone drop-down list Figure 3.6 System Time Configuration Page Figure 3.7 IP Setup Configuration Page 5. Click on Administration  System Time menu and set the time zone for the OfficeConnect Gigabit VPN Firewall by selecting your time zone from the Time Zone drop-down list. Click the settings. to save 6.
PAGE 31
OfficeConnect Gigabit VPN Firewall User’s Manual Chapter 3. Quick Start Guide 7. It is recommended that you keep the default settings for DHCP server until after you have completed the rest of the configurations and confirm that your Internet connection is working. 8. Click on Network  IP Setup to configure the WAN settings for the OfficeConnect Gigabit VPN Firewall. Figure 3.10 WAN Dynamic IP Configuration Page a) PPPoE Connection Mode (see Figure 3.9) Tick the Login Required checkbox.
PAGE 32
OfficeConnect Gigabit VPN Firewall User’s Manual Chapter 3. Quick Start Guide b) Dynamic IP Connection Mode (see Figure 3.10) Enter WAN IP address in the IP Address field. This information should be provided by your ISP. Select the DHCP radio button to enable the DHCP function. Enter IP Subnet Mask for the WAN. This information should be provided by your ISP. Typically, it is 255.255.255.0.
PAGE 33
OfficeConnect Gigabit VPN Firewall User’s Manual Chapter 3. Quick Start Guide Table 3.2 lists some of the most important default settings; these and other Option features are described fully in the subsequent chapters. If you are familiar with network configuration settings, review the settings in Table 3.2 to verify that they Default Setting Explanation/Instructions LAN Port IP Static IP address: This is the IP address of the Address 192.168.1.
PAGE 34
PAGE 35
OfficeConnect VPN Firewall User’s Manual 4 Chapter 4. Getting Started with the Configuration Manager Getting Started with the Configuration Manager The OfficeConnect Gigabit VPN Firewall includes a preinstalled program called the Configuration Manager, which provides an interface to the software installed on the device. It enables you to configure the device settings to meet the needs of your network. You access it through your web browser from any PC Figure 4.
PAGE 36
OfficeConnect VPN Firewall User’s Manual Chapter 4. Getting Started with the Configuration Manager Button/Icon Function Discards any changes you have made and reverts all fields back to the default value. Adds a new item into the existing configuration, e.g. a static route or a firewall ACL rule and etc. Deletes the selected item, e.g. a static route or a firewall ACL rule and etc. Selects all items from the existing configuration page. Enables a selected item. Disables a selected item.
PAGE 37
OfficeConnect VPN Firewall User’s Manual Chapter 4. Getting Started with the Configuration Manager Figure 4.
PAGE 38
PAGE 39
OfficeConnect VPN Firewall User’s Manual Chapter 5. Configuring LAN Settings 5.2.3 Configuring DHCP Server, but not for its own LAN port. 5 Configuring LAN Settings 5.1.1 LAN IP Configuration Parameters Table 5.1describes the configuration parameters available for LAN IP This chapter describes how to configure LAN properties for the LAN interface on configuration. the OfficeConnect Gigabit VPN Firewall that communicates with your LAN Table 5.1 LAN IP Configuration Parameters computers.
PAGE 40
OfficeConnect VPN Firewall User’s Manual Chapter 5. Configuring LAN Settings 3. In the IP Setup configuration page, enter a LAN IP address and subnet mask for the OfficeConnect Gigabit VPN Firewall in the space provided. 4. Click to save the LAN IP address. If you were using an Ethernet connection for the current session, and changed the IP address, the connection will be terminated. 5.
PAGE 41
OfficeConnect VPN Firewall User’s Manual Chapter 5. Configuring LAN Settings The DHCP server draws from a defined pool of IP addresses and ―leases‖ them for a specified amount of time to your computers when they request an Internet session. It monitors, collects, and redistributes the addresses as needed. On a DHCP-enabled network, the IP information is assigned dynamically rather than statically. A DHCP client can be assigned a different address from the pool each time it reconnects to the network. 5.2.
PAGE 42
OfficeConnect VPN Firewall User’s Manual Chapter 5. Configuring LAN Settings Field Description Field Description address will be used by a device connected on the LAN. Default Gateway IP Address The address of the default gateway for servers are optional. Primary/Secondary WINS The IP address of the WINS servers to Server IP Address (optional) be used by computers that receive IP computers that receive IP addresses addresses from the DHCP IP address from this pool.
PAGE 43
OfficeConnect VPN Firewall User’s Manual 5.2.4 Viewing Current DHCP Address Assignments Chapter 5. Configuring LAN Settings  Import discovered LAN hosts as fixed DHCP entries: The local When the OfficeConnect Gigabit VPN Firewall functions as a DHCP server for network is scanned using ARP requests. The ARP scan will detect your LAN, it keeps a record of any addresses it has leased to your computers. active devices that are not DHCP clients.
PAGE 44
OfficeConnect VPN Firewall User’s Manual Chapter 5. Configuring LAN Settings 5.4.2 Assigning DNS Addresses Multiple DNS addresses are useful to provide alternatives when one of the servers is down or is encountering heavy traffic. ISPs typically provide primary and secondary DNS addresses, and may provide additional addresses.
PAGE 45
OfficeConnect VPN Firewall User’s Manual Chapter 5. Configuring LAN Settings When performing DNS relay, the OfficeConnect Gigabit VPN Firewall must address. maintain the IP addresses of the DNS servers it contacts. It can learn these addresses in either or both of the following ways:  Learned through PPPoE or Dynamic IP Connection: If the OfficeConnect Gigabit VPN Firewall uses a PPPoE (see section 8.2.2 5.5 Configuring the Port Settings Configuring PPPoE for WAN) or Dynamic IP (see section 8.4.
PAGE 46
OfficeConnect VPN Firewall User’s Manual Chapter 5. Configuring LAN Settings Figure 5.6 Port Selection 2. If the selected port is Port 3 or Port 4, you should be able to change the mode of selected port to LAN port or DMZ port. Select the port type from the drop-down list. Once the DMZ port is enabled, the corresponding DMZ interface will be activated as well and you should be able to configure the DMZ interface in the IP Setup configuration page. 3.
PAGE 47
OfficeConnect VPN Firewall User’s Manual Chapter 5. Configuring LAN Settings A port can only be an untagged member of one VLAN. By default it is untagged 6 Configuring VLAN Settings member of VLAN1. The system cannot remove its untagged membership from the present VLAN directly, it has to add the port as one of the untagged membership in a new VLAN. 6.1 VLAN Overview VLANs are logical subgroups with a Local Area Network (LAN) which combine There is no restriction on tagged membership.
PAGE 48
OfficeConnect VPN Firewall User’s Manual Chapter 5. Configuring LAN Settings 7. Enter a valid ID into the specified VLAN ID field. 8. Move the mouse cursor to the desired VLAN membership type icon and click on the icon to select the membership type. Untagged VLAN Tagged VLAN Not A Member Figure 6.3 Select a VLAN Membership Type Figure 6.1 VLAN Configuration Summary Page 6. Click on the Pan icon of the desired VLAN to enter the VLAN Configuration page. 9.
PAGE 49
OfficeConnect VPN Firewall User’s Manual 7 Configuring Spanning Tree Settings 7.1 Spanning Tree Overview Chapter 5. Configuring LAN Settings 7.2 Spanning Tree Configuration Parameters Table 7.1 describes the configuration parameters available for VLAN configuration. Table 7.1 Spanning Tree Configuration Parameters This section contains information for configuring STP. The Spanning Tree Protocol (STP) provides tree topography for any arrangement of bridges.
PAGE 50
OfficeConnect VPN Firewall User’s Manual Chapter 5. Configuring LAN Settings Force Version Specifies the STP version to run on the device. The When the submenus of Network menu displays, clicks on Spanning possible values are: Tree submenu to display the Spanning Tree Configuration page as Normal – RTSP mode only shown in Figure 7.1. Compatible – STP compatible mode Per-port settings Enable Indicates that STP or RSTP is enabled on the port. Edge Indicates if Edge Port is enabled on the port.
PAGE 51
OfficeConnect VPN Firewall User’s Manual Chapter 5. Configuring LAN Settings 8. Enter the path code in the space provided to indicate the port contribute to the root path cost. 9. Click. 7.4 to save the LAN IP address. Viewing the Spanning Tree Status To display the port status of Spanning Tree, log into Configuration Manager as administrator, click on the Network menu and Spanning Tree submenu, and then click on the Status tab button (See Figure 7.2 RSTP/STP Status Page ). Figure 7.
PAGE 52
PAGE 53
OfficeConnect VPN Firewall User’s Manual Chapter 8. Configuring WAN Settings Figure 8.1 WAN Connection Type Configuration 8 Configuring WAN Settings 8.2 PPPoE This chapter describes how to configure WAN settings for the WAN interface on 8.2.1 the OfficeConnect Gigabit VPN Firewall that communicates with your ISP. You’ll WAN PPPoE Configuration Parameters Table 8.
PAGE 54
OfficeConnect VPN Firewall User’s Manual Chapter 8. Configuring WAN Settings Setting ―Use These DNS Servers‖ radio button and enter IP addresses for the primary and secondary DNS servers. Description Dial On Demand Enter the inactivity timeout period at which you want to disconnect the Internet connection when there is no traffic. The minimum value of inactivity timeout is 30 seconds. RIP and SNTP services may interfere with this function if there are activities from these two services.
PAGE 55
OfficeConnect VPN Firewall User’s Manual 1. Please make the ―Login Required‖ checkbox checked as shown in Figure 8.1. 2. If you are connecting to the Internet using PPTP, you have to enter User Name and Password in the specified fields. Chapter 8. Configuring WAN Settings Field Description Primary/ IP address of the primary and/or secondary DNS are Secondary DNS optional as DHCP client will automatically obtain the DNS 3. Enter a valid PPTP IP address in the PPTP Server IP Address field.
PAGE 56
OfficeConnect VPN Firewall User’s Manual Chapter 8. Configuring WAN Settings Setting Description Gateway IP Gateway IP address provided by your ISP. It must be in Address the same subnet as the WAN on the OfficeConnect Gigabit VPN Firewall. Primary/ You must at least enter the IP address of the primary Secondary DNS DNS server. Secondary DNS is optional 8.5.2 Configuring Static IP for WAN Figure 8.2 WAN Dynamic IP (DHCP client) Configuration Page 8.5 8.5.
PAGE 57
OfficeConnect VPN Firewall User’s Manual Chapter 8. Configuring WAN Settings 2. Enter WAN IP address in the IP Address field. This information should be provided by your ISP. 3. Enter Subnet Mask for the WAN. This information should be provided by your ISP. Typically, it is 255.255.255.0. 4. Enter gateway address provided by your ISP in the space provided. 5. Enter the IP address of the primary DNS server. This information should be provided by your ISP. Secondary DNS server is optional. 6.
PAGE 58
PAGE 59
OfficeConnect VPN Firewall User’s Manual Chapter 9. Configuring Routes default gateway is assigned automatically by your ISP whenever the 9 Configuring Routes You can use Configuration Manager to define specific routes for your Internet and network data communication. This chapter describes basic routing concepts and provides instructions for creating routes. device negotiates an Internet connection. (The process for adding a default route is described in section 9.3.2 Adding Static Routes.
PAGE 60
OfficeConnect VPN Firewall User’s Manual Chapter 9. Configuring Routes 9.3 Static Routing 9.3.1 Static Route Configuration Parameters The following table defines the available configuration parameters for static routing configuration. Table 9.1 Static Route Configuration Parameters Field Description Route Name Specifies route name for a specific static route entry. Destination Specifies the IP address of the destination computer or Address an entire destination network.
PAGE 61
OfficeConnect VPN Firewall User’s Manual Field Description Gateway IP Gateway IP address Chapter 9. Configuring Routes 9.3.4 Viewing the Static Routing Table All IP-enabled computers and routers maintain a table of IP addresses that are commonly accessed by their users. For each of these destination IP addresses, Address the table lists the IP address of the first hop the data should take. This table is known as the device’s routing table. 9.3.
PAGE 62
PAGE 63
OfficeConnect VPN Firewall User’s Manual 10 Chapter 10. Configuring DDNS Configuring DDNS Internet Dynamic DNS is a service that allows computers to use the same domain name, HTTP DDNS Server (DynDNS, TokyoDNS) even when the IP address changes from time to time (during reboot or when the ISP's DHCP server resets IP leases). OfficeConnect Gigabit VPN Firewall DynDNS sl1000.homeunix.com connects to a Dynamic DNS service whenever the WAN IP address changes.
PAGE 64
OfficeConnect VPN Firewall User’s Manual Chapter 10. Configuring DDNS Field Description Choose WAN Interface Specifies an interface to be used for the DDNS update. 10.3 Configuring HTTP DDNS Client Select DDNS Service DynDNS Please visit http://www.dyndns.org for more details. TZO.com Please visit http://www.tzo.com for more details. Oray.net Please visit http://www.oray.cn for more details. DtDNS.com 3322.org Registered Domain Please visit http://www.dtdns.com for more details.
PAGE 65
OfficeConnect VPN Firewall User’s Manual 11 Chapter 11. Configuring Firewall/NAT Settings 11.1 Firewall Overview Configuring Firewall/NAT Settings 11.1.1 Stateful Packet Inspection The stateful packet inspection engine in the OfficeConnect Gigabit VPN Firewall maintains a state table that is used to keep track of connection states of all the The OfficeConnect Gigabit VPN Firewall provides built-in firewall/NAT functions, packets passing through the firewall.
PAGE 66
OfficeConnect Gigabit VPN Firewall User’s Manual Chapter 14 Configuring IPSec VPN 11.1.3.2 Tracking Connection State 11.2 NAT Overview The stateful inspection engine in the firewall keeps track of the state, or progress, of a network connection. By storing information about each connection in a state table, OfficeConnect Gigabit VPN Firewall is able to quickly determine if a packet passing through the firewall belongs to an already established connection.
PAGE 67
OfficeConnect VPN Firewall User’s Manual Chapter 14. Configuring IPSec VPN Reverse static NAT maps a globally valid IP address to an internal host address for the inbound traffic. All packets coming to that globally valid IP address are relayed to the internal address. This is useful when hosting services in an internal machine. 11.2.4 Virtual Server (or Reverse NAPT) Reverse NAPT is also called inbound mapping, port mapping, or virtual server.
PAGE 68
OfficeConnect Gigabit VPN Firewall User’s Manual Chapter 14 Configuring IPSec VPN Field Description IP Address Subnet Specify the appropriate network address This option allows you to include all the computers that are connected in an IP subnet. When this option is selected, the following fields become available for entry: Address Mask Range Enter the appropriate IP address. Enter the corresponding subnet mask. This option allows you to include a range of IP addresses for applying this rule.
PAGE 69
OfficeConnect VPN Firewall User’s Manual Field Description Chapter 14. Configuring IPSec VPN Field Description Select this option if you don’t intend to use NAT in this None Service inbound ACL rule. This option allows you to select any of the pre-configured services (selectable from the drop-down list) instead of the destination port.
PAGE 70
Chapter 14 Configuring IPSec VPN Figure 11.3 ACL Rule List Table OfficeConnect Gigabit VPN Firewall User’s Manual Figure 11.5. Inbound ACL Configuration Example You can configure ACL rules for LAN/WAN, DMZ/WAN DMZ/LAN and Self- 11.3.3 Add Inbound ACL Rules Access traffic by clicking tab button on the top of the ACL Rule List Table (See To add an inbound ACL rule, follow the instructions below: Figure 11.4). 1. Click button in the inbound access control list table to add a new inbound ACL rule. 2.
PAGE 71
OfficeConnect VPN Firewall User’s Manual 7. Figure 11.5. Inbound ACL Configuration Example illustrates how to create a rule to allow inbound HTTP (i.e. web server) service. This rule allows inbound HTTP traffic to be directed to the host w/ IP address 192.168.1.28. 11.3.4 Modify Inbound ACL Rules To modify an inbound ACL rule, follow the instructions below: 1. Open the Outbound ACL Rule Configuration Page (see section 11.3.2 Access Inbound ACL Rule Configuration Page). 2. Click on the table.
PAGE 72
OfficeConnect Gigabit VPN Firewall User’s Manual Chapter 14 Configuring IPSec VPN Field Description Field Source Description computers in the local network. This option allows you to set the source network to which this rule should apply. Use the drop-down list to select one of the following options: Any This option allows you to apply this rule to all the computers in the source network, such as those on the Internet.
PAGE 73
OfficeConnect VPN Firewall User’s Manual Field Deny Chapter 14. Configuring IPSec VPN Description 3. Set desired action (Allow or Deny) from the ―Action‖ drop-down list. Select Deny from the drop-down list to configure rule as an 4. If you want to use NAT in this rule, select ―IP Address‖ and specify IP address for the NAT (See 11.2.4 for detailed explanation). deny rule. This rule when bound to the firewall will allow matching packets to drop. NAT 5. Click on the button to create the new ACL rule.
PAGE 74
OfficeConnect Gigabit VPN Firewall User’s Manual Chapter 14 Configuring IPSec VPN 3. Make desired changes to any or all of the following fields: action, source/destination IP, Service, Schedule, Action, NAT and Log. Please see Table 11.1 for explanation of these fields. 11.5.1 Content Filter Configuration Parameters Table 11.3 describes the configuration parameters available for a Content filter rule. 4. Click on the button to modify this ACL rule.
PAGE 75
OfficeConnect VPN Firewall User’s Manual Chapter 14. Configuring IPSec VPN 11.5.4 Modify an Content Filter Rule To modify a Content Filter rule, you must first delete the existing Content filter rule (see Section 11.5.5) and then add a new one (see Section 11.5.3 Add an Content Filter Rule). 11.5.5 Delete an Content Filter Rule To delete a Content Filter rule, just click on the in front of the rule to be deleted or follow the instructions below: 1. Open the URL Configuration page (see section 11.5.
PAGE 76
OfficeConnect Gigabit VPN Firewall User’s Manual Chapter 14 Configuring IPSec VPN 11.6.1 Configuring Self Access Rules Self Access rules control access to the OfficeConnect Gigabit VPN Firewall itself. You may use Self Access Rule Configuration page, as illustrated in Figure 11.10, to:  Add a Self Access rule, and set basic parameters for it  Modify an existing Self Access rule  Delete an existing Self Access rule  View existing Self Access rules Figure 11.9. Content filter Rule Example 11.
PAGE 77
OfficeConnect VPN Firewall User’s Manual Field Description Source Chapter 14. Configuring IPSec VPN Field Description Destination This option allows you to set the source network to which this rule This option allows you to set the destination network to which this rule should apply. Use the drop-down list to select one of the following options: should apply.
PAGE 78
OfficeConnect Gigabit VPN Firewall User’s Manual Chapter 14 Configuring IPSec VPN Field Example Description Figure 11.10 displays the screen with entries to: Action Allow Deny Select Allow from the drop-down list to configure rule  Add a new Self Access rule to: as an allow rule. This rule when bound to the firewall Allow TCP port 80 traffic (i.e. HTTP traffic) from the LAN and deny will allow matching packets to pass. the HTTP traffic from the WAN port (i.e.
PAGE 79
OfficeConnect VPN Firewall User’s Manual 11.6.2 Configuring Service List Services are a combination of Protocol and Port number. It is used in inbound Chapter 14. Configuring IPSec VPN Field Description Name Enter the name of the Service to be added. Note and outbound ACL rule configuration. You may use Service Configuration Page that only alphanumeric characters are allowed in a to: name.
PAGE 80
OfficeConnect Gigabit VPN Firewall User’s Manual Chapter 14 Configuring IPSec VPN 3. Make changes to any or all of the following fields: public port and protocol. Please see Table 11.5 for explanation of these fields. 11.6.3 Configuring DoS Settings 4. Click on the button to create the new service. The new service will then be displayed in the service list table at the bottom half of the Service Configuration page.
PAGE 81
OfficeConnect VPN Firewall User’s Manual Field Description Chapter 14. Configuring IPSec VPN Field Description Windows OS are vulnerable to this attack. If the computers in computer that involves sending a malformed or otherwise the LAN are not updated with recent versions/patches, you are malicious ping to a computer. A ping is normally 64 bytes in advised to enable this protection by checking this check box.
PAGE 82
OfficeConnect Gigabit VPN Firewall User’s Manual Chapter 14 Configuring IPSec VPN Field Description initiating the connection then responds with an ACK packet, and the connection is established. If the destination host is not waiting for a connection on the specified port, it responds with an RST packet. Most system logs do not log completed connections until the final ACK packet is received from the source.
PAGE 83
OfficeConnect VPN Firewall User’s Manual Chapter 14. Configuring IPSec VPN 11.6.4.1 Schedule Configuration Parameters Table 11.7 describes the configuration parameters available for a Schedule. Table 11.7. Schedule Configuration Parameters Field Description Active on days Check the radio button ―All Days‖ or ―Specific Days‖. If you select ―Specific Days‖, check the radio button for each day you want to schedule to be in effect. Days of Week Set the days for the schedule.
PAGE 84
OfficeConnect Gigabit VPN Firewall User’s Manual Chapter 14 Configuring IPSec VPN 11.6.4.4 Schedule Example 1. Create a Schedule – see Figure 11.14. Schedule drop-down list Figure 11.15. Schedule Example – Deny FTP Access for MISgroup1 During OfficeHours Figure 11.14. Schedule Example – Create a Schedule 2. Associate the Schedule to an outbound ACL rule by selecting an existing Schedule from the Schedule drop-down list. Figure 11.15 shows that MISgroup1 is denied FTP access during office hours. 11.6.
PAGE 85
OfficeConnect VPN Firewall User’s Manual Chapter 14. Configuring IPSec VPN 4. Click on the button to save the changes. 11.6.5.3 Removing an existing IP/MAC binding rule To removing an existing IP/MAC binding rule for the firewall, follow these steps: 1. Click on Firewall > IP/MAC Binding to enter the IP/MAC Binding configuration page. 2. Click on the check box in front of the rule to be deleted. 3. Click on the button to remove the selected rules. 11.6.
PAGE 86
OfficeConnect Gigabit VPN Firewall User’s Manual Chapter 14 Configuring IPSec VPN Field Description Outgoing Protocol Select the protocol type from the drop-down list. The 3. Click on the button to save the change. The new entry will then be displayed in the Port-Triggering Policy List Table at the buttom half of the Port-Triggering Configuration Page. available options are TCP and UDP Outgoing Port The port range this application uses when it sends Range outbound packets.
PAGE 87
OfficeConnect VPN Firewall User’s Manual Chapter 14. Configuring IPSec VPN 11.6.6.4 Removing Port-Triggering Rules To configure the P2P Service Prevention, please refer to the following sections. To removing an existing Port-Triggering rule for the firewall, follow these steps: 11.6.7.1 Adding a P2P Service Prevention Rule 1. Click on Firewall > Port Triggering menu to enter the Port Triggering configuration page. Follow these steps to add a new P2P Service Prevention Rule: 2.
PAGE 88
OfficeConnect Gigabit VPN Firewall User’s Manual Chapter 14 Configuring IPSec VPN 2. Click on the check box in front of the rule to be deleted. 1. Click on Firewall > Session Limit menu to enter the Session Limit configuration page. 3. Click on the 2. Leave the Disable checkbox unchecked if you want to enable the Session Limit feature; otherwise, tick the Disable checkbox. button to remove the selected rules. 11.6.
PAGE 89
OfficeConnect VPN Firewall User’s Manual 12 Configuring Quality of Service Chapter 14. Configuring IPSec VPN performed. If the device's bandwidth is not limited correctly, the bottleneck will be in an unknown router or modem on the network path, rendering QoS useless. 4. In the same manner, enter Max. RX to limit the gateway's bandwidth reception rate to that of the DSL modem. 12.
PAGE 90
Chapter 14 Configuring IPSec VPN Figure 12.2 Maximum Interface Bandwidth Configuration Page 12.3 Defining the QoS Class Object OfficeConnect Gigabit VPN Firewall User’s Manual Figure 12.3 QoS Configuration Page 2. Click ―Class Definition‖ tag on the top of the QoS configuration page to enter the Class Definition page. See . To define the QoS class object, follow these steps: 1. Click ―Traffic MGMP‖ menu and then click ―QoS‖ sub-menu to enter to QoS configuration page. See Figure 12.3. Figure 12.
PAGE 91
OfficeConnect VPN Firewall User’s Manual 3. Click Chapter 14. Configuring IPSec VPN button to create a new QoS Class Object. See 12.4 Traffic Classification OfficeConnect Gigabit VPN Firewall allows you to define QoS policy to classify the traffic based on the following parameters:  Source / destination IP address  Source / destination port  Protocol  DiffServ Code Point (DSCP) OfficeConnect Gigabit VPN Firewall supports two priority marking methods for packet prioritization: Figure 12.
PAGE 92
OfficeConnect Gigabit VPN Firewall User’s Manual Chapter 14 Configuring IPSec VPN Figure 12.6 QoS Policy Configuration Page 4. Select the originated network interface from the ―From‖ drop-down list. 5. Select the destination network interface from the ―To‖ drop-down list. 6. To configure the source address, select the address type from the drop down list and then fill appropriate value to the Address and Mask fields. 7.
PAGE 93
OfficeConnect VPN Firewall User’s Manual 13 Chapter 14. Configuring IPSec VPN Field Configuring WAN LoadBalancing & Failover Description Check Interval The interval that the router sends PING request packets at. The allowable value is 1 to 60 seconds. Check IP Address Enter the IP address of the specific network device that the traffic will pass through. This field is optional. 13.
PAGE 94
OfficeConnect Gigabit VPN Firewall User’s Manual Chapter 14 Configuring IPSec VPN Field Description Primary Interface Click on the desired radio button to select the Primary 2. In the Policy Configuration field, click on Rollover radio button to enable the WAN Failover. See Interface. Backup Interface Tick the check box to enable the Backup Interface.
PAGE 95
OfficeConnect VPN Firewall User’s Manual Chapter 14. Configuring IPSec VPN 6. If you want to assign another WAN port as a backup interface, please tick on the checkbox in the Backup Interfaces field. Field Description the link status. 7. Enter a number between 1 and 86400, in the Deferred Time field. Please note that the default value is 600 seconds. 8. Click on the button to save the settings. 13.3 Configuring WAN Load-Balancing Gateway IP The gateway IP address.
PAGE 96
OfficeConnect Gigabit VPN Firewall User’s Manual Chapter 14 Configuring IPSec VPN 2. Click on the Load Balancing radio button in the Policy Configuration field to enable the WAN load balancing mode. 3. If you want to enable the Connectivity Check, please tick the Enable Connectivity Check checkbox and then fill in all necessary fields. 4. Select an appropriate load balancing algorithm from the Algorithm drop-down list. 5. [Weighted Round Robin Only] Tick the ―Calculate from [Tx Max.
PAGE 97
OfficeConnect VPN Firewall User’s Manual 14 Chapter 14. Configuring IPSec VPN Options Description Configuring IPSec VPN site VPN tunnel. If you want to use L2TP over IPSec, a Transport mode setting is required. OfficeConnect Gigabit VPN Firewall provides secure, encrypted communication This option allows you to setup IPSec policy for L2TP to business partners and remote offices at a fraction of the cost of dedicated L2TP/IPSec. leased lines.
PAGE 98
OfficeConnect Gigabit VPN Firewall User’s Manual Chapter 14 Configuring IPSec VPN Options Description any computer. Options Description FQDN/user_FQDN Domain Name (FQDN). Enter the identity string in the This option allows you to include all the computers that Subnet Identifier field. For examples: vpn1.3com.com. For are connected in an IP subnet. The following fields examples: vpn1.3com.
PAGE 99
OfficeConnect VPN Firewall User’s Manual Options Authentication Description Chapter 14. Configuring IPSec VPN Options Description The following encryption algorithms are supported. choose to generate new keys for every re-negotiation. MD-5 Select ―None‖ to use the same keys for all the re- SHA-1 negotiations. Select a specific DH (Diffie-Hellman) group to generate new keys for every re-negotiation. SA-Lifetime Enter the IKE security association life time in seconds.
PAGE 100
Chapter 14 Configuring IPSec VPN packets according to the user-configured rule. The parameters that should be configured are:  the network addresses of internal and remote networks.  the remote gateway address and the local gateway address.  pre-shared secret for remote gateway authentication.  appropriate priority for the connection. OfficeConnect Gigabit VPN Firewall User’s Manual 4.
PAGE 101
OfficeConnect VPN Firewall User’s Manual Chapter 14. Configuring IPSec VPN 1. Log into Configuration Manager as admin, click the VPN menu, and then click the IPSec submenu. 2. Prior to modifying a VPN rule, make sure that the VPN service is enabled in System Service Configuration page. 3. Click on the table. icon of the rule to be modified in the VPN policy rule 4.
PAGE 102
OfficeConnect Gigabit VPN Firewall User’s Manual Chapter 14 Configuring IPSec VPN configuration and maintenance is more important or automatic keying is not feasible due to interoperability issues between IKE implementations on the gateways. However, this is a weak security option as all packets use the same keys unless you – as the network administrator, use different key for authentication. 14.3.
PAGE 103
OfficeConnect VPN Firewall User’s Manual Chapter 14. Configuring IPSec VPN 1. Log into Configuration Manager as admin, click the VPN menu, and then click the IPSec submenu. 2. Click on the check box in front of rule to be deleted. 3. Click on the button to delete selected rules. 14.3.4 Display VPN Rules To see existing VPN rules, follow the instructions below:  Configure VPN connection rules.  Configure Firewall access rules to allow inbound and outbound VPN traffic.
PAGE 104
OfficeConnect Gigabit VPN Firewall User’s Manual Chapter 14 Configuring IPSec VPN Table 14.2 and Table 14.3 provide the parameters to be configured for the outbound and inbound Firewall rule fields. For a general description on configuring any inbound/outbound Firewall rule, please refer to sections 11.3 and 11.4. Table 14.2. Outbound Un-translated Firewall Rule for VPN Packets on ISR1 Field Source IP Destination IP Value Type Subnet Address 192.168.1.0 Mask 255.255.255.
PAGE 105
OfficeConnect VPN Firewall User’s Manual Field Destination IP Chapter 14. Configuring IPSec VPN Value Type Subnet Address 192.168.1.0 Mask 255.255.255.0 NAT None Action Allow 14.4.1.2 Configure Rules on OfficeConnect Gigabit VPN Firewall 2 (ISR2) Step 1: Configure VPN connection rules Refer to the section 14.2 Establish VPN Connection Using Automatic Keying to configure VPN policies on ISR2 using automatic keying. Figure 14.6.
PAGE 106
OfficeConnect Gigabit VPN Firewall User’s Manual Chapter 14 Configuring IPSec VPN configuring any inbound/outbound Firewall rule, please refer to sections 11.3 and Field Value 11.4. Mask 255.255.255.0 Table 14.4. Outbound Un-translated Firewall Rule for VPN Packets on ISR1 Field Source IP Value Type Subnet Address 192.168.2.0 Mask 255.255.255.0 Type Subnet Address 192.168.1.0 Mask 255.255.255.0 NAT None Action Allow VPN Enable 14.4.1.
PAGE 107
OfficeConnect VPN Firewall User’s Manual Chapter 14. Configuring IPSec VPN 1. Click on the icon of the entry to be modified in the Users List table. Figure 14.9 Editing an existing VPN User 2. Enter the username and password into the space provided. 3. Click on Apply button to save the change. 4. To delete one or more user entries, please follow these steps: 5. Check the checkbox in front of the user entry to be selected. 6. Click on Delete button to remove selected entries. Figure 14.
PAGE 108
OfficeConnect Gigabit VPN Firewall User’s Manual Chapter 14 Configuring IPSec VPN Figure 14.10 VPN User Group Configuration Page 2. Enter the group name into the space provided. 3. Move the cursor to the desired user in the left pane. Hold the CTRL key down to click on multiple users. Release the CTRL key and click on the Right Arrow button to add selected users into the right pane as group members. 94 Figure 14.11 Configuring a User Group 4. Click on button to save the change.
PAGE 109
OfficeConnect VPN Firewall User’s Manual 15 Chapter 15. Configuring L2TP Server Options Configuring L2TP Server Description Click on Yes radio button if you want to enable the Enable L2TP L2TP server. 15.1 Introduction Enter the starting IP address of L2TP address pool in Start IP the specified field. The OfficeConnect Gigabit VPN Firewall can terminate L2TP-over-IPsec connections from incoming Microsoft Windows 2000 and Windows XP clients.
PAGE 110
OfficeConnect VPN Firewall User’s Manual Chapter 16. Configuring PPTP Server 15.4 Viewing Active L2TP Session Log into Configuration Manager as admin, click the VPN menu, click L2TP submenu and then click the Status tab on the top of the configuration page, as shown in Figure 15.2. Figure 15.1. L2TP Server Configuration Page 15.3 Configuring L2TP Server Log into Configuration Manager as admin, click the VPN menu and then click L2TP submenu.
PAGE 111
OfficeConnect VPN Firewall User’s Manual Chapter 16. Configuring PPTP Server Options 16 Configuring PPTP Server 16.1 Introduction PPTP (Point-to-Point Tunnelling Protocol) is an encrypted VPN protocol like Description Secondary DNS If you want to specify the secondary DNS address, Server enter the address in the specified field. Primary WINS Enter the first WINS server address in the specified Server field.
PAGE 112
OfficeConnect VPN Firewall User’s Manual Chapter 16. Configuring PPTP Server 16.3 Configuring PPTP Server Log into Configuration Manager as admin, click the VPN menu and then click PPTP submenu. The PPTP Server Configuration page displays, as shown in Figure 16.1. PPTP Server Configuration Page. To configure the PPTP Server, follow below instructions: 1. To enable PPTP Server functionality on the OfficeConnect Gigabit VPN Firewall, select ―Yes‖ in the Enable PPTP field. 2.
PAGE 113
OfficeConnect VPN Firewall User’s Manual Chapter 16.
PAGE 114
PAGE 115
OfficeConnect VPN Firewall User’s Manual 17 Chapter 17. System Management System Management This chapter describes the following administrative tasks that you can perform using Configuration Manager:  Configure Port Mirroring  Modify password  Modify system Information  Modify system date and time  Reset, backup and restore system configuration  Update firmware  Logout of Configuration Manager Figure 17.
PAGE 116
OfficeConnect VPN Firewall User’s Manual Chapter 17. System Management only view the system settings. Passwords of both the admin and guest accounts Options Description can be changed by the administrator. Add Account This username and password is only used for logging into the Username Configuration Manager; it is not the same as the login password Note Enter the username for the specific management account. you may use to connect to your ISP.
PAGE 117
OfficeConnect VPN Firewall User’s Manual Chapter 17. System Management 17.3 Configuring the Management Interface 3. Click on Add button the save the change. The management service enables system administrator to manage the 4. If you want to limit the WAN user to access the management interfaces, you can click on ―IP address range‖ or ―Only this IP address‖ to specify one or multiple WAN users to access the management interfaces.
PAGE 118
OfficeConnect VPN Firewall User’s Manual Chapter 17. System Management 17.5 Setup Date and Time The OfficeConnect Gigabit VPN Firewall keeps a record of the current date and time, which it uses to calculate and report various performance data. and the update interval if desired and then click on button to save the changes. 17.5.
PAGE 119
OfficeConnect VPN Firewall User’s Manual Chapter 17. System Management 1. Log into Configuration Manager as admin and then click the Administration menu, click the Backup/Restore/Upgrade submenu. The configuration page displays, as shown in Figure 17.6. 2. Enter the path and name of the system configuration file that you want to restore in the ―Configuration File‖ text box. Alternatively, you may click on the button to search for the system configuration file on your hard drive.
PAGE 120
OfficeConnect VPN Firewall User’s Manual Chapter 17. System Management 1. Log into Configuration Manager, click the System Management menu and then click the Firmware Upgrade submenu. The Firmware Upgrade page displays, as shown in Figure 17.8. 17.9 Logout Configuration Manager To logout of Configuration Manager, click on the button in the Configuration Manager Logout page. If you are using IE as your browser, a window similar to the one shown in Figure 17.
PAGE 121
OfficeConnect VPN Firewall User’s Manual Chapter 17. System Management 5. In the E-mail Configuration field, please check the Enable E-mail Logs checkbox to enable the E-mail Log function. Enter the IP address of the Email (SMTP) server into the E-Mail Server Address and Email address to the Sender and Receiver E-Mail Address fields. Here is an example of Email address: user01@domain.com 6.
PAGE 122
OfficeConnect VPN Firewall User’s Manual Chapter 17. System Management The SNMP Traps Setup Page contains information for defining filters that determine whether traps are sent to specific users, and the trap type sent. Follow these steps to configure the SNMP Trap settings: 1. Click Administration > SNMP > Trap to enter the SNMP Trap configuration page. Figure 17.11 SNMP Community Configuration Page 2.
PAGE 123
OfficeConnect VPN Firewall User’s Manual 18 Chapter 18. ALG Configuration ALG Configuration ALG/Application Name Protocol and Port Predefined Service Name Tested Software Version Netmeeting with GK TCP/1720 H323 1.2.0 UDP/1719 H323GK Table 18.1 lists all the supported ALGs (Application Layer Gateway). Table 18.1. Supported ALG ALG/Application Name Protocol and Port Predefined Service Name Tested Software Version PCAnywhere UDP/22 PC-ANYWHERE pcAnywhere 9.0.
PAGE 124
OfficeConnect VPN Firewall User’s Manual Chapter 18.
PAGE 125
OfficeConnect VPN Firewall User’s Manual Chapter 19. IP Addresses, Network Masks, and Subnets  19 IP Addresses, Network Masks, and Subnets 19.1 IP Addresses This section pertains only to IP addresses for IPv4 (version 4 of the Internet Protocol). IPv6 addresses are not covered.
PAGE 126
OfficeConnect VPN Firewall User’s Manual Chapter 19. IP Addresses, Network Masks, and Subnets billion hosts. Because of their huge size, these networks are used for WANs and more bits from the host ID portion of the address. The subnet mask identifies by organizations at the infrastructure level of the Internet, such as your ISP. these host ID bits. Class B networks are smaller but still quite large, each able to hold over 65,000 For example, consider a class C network 192.168.1.
PAGE 127
OfficeConnect VPN Firewall User’s Manual Chapter 19. IP Addresses, Network Masks, and Subnets initially configured, at which time it has no subnets.
PAGE 128
PAGE 129
OfficeConnect VPN Firewall User’s Manual Appendix 20. Troubleshooting Problem Troubleshooting Suggestion LINK LAN LED Verify that the Ethernet cable is securely connected to does not illuminate your LAN hub or PC and to the OfficeConnect Gigabit This appendix suggests solutions for problems you may encounter in installing or after Ethernet cable VPN Firewall. Make sure the PC and/or hub is turned on. using the OfficeConnect Gigabit VPN Firewall, and provides instructions for is attached.
PAGE 130
OfficeConnect VPN Firewall User’s Manual Appendix 21. SAFETY INFORMATION Problem Troubleshooting Suggestion Problem Troubleshooting Suggestion Cannot access the Use the ping utility, discussed in the following section, to Configuration check whether your PC can communicate with the Manager program OfficeConnect Gigabit VPN Firewall’s LAN IP address (by from your browser. default 192.168.1.1).
PAGE 131
OfficeConnect Gigabit VPN Firewall User’s Manual Appendix 22. OBTAINING SUPPORT FOR YOUR PRODUCT On Windows-based computers, you can execute a ping command from the Start You can also test whether access to the Internet is working by typing an external menu. Click the Start button, and then click Run. In the Open text box, type a address, such as that for www.yahoo.com (216.115.108.243).
PAGE 132
Appendix 21. SAFETY INFORMATION Figure 20.2. Using the nslookup Utility There may be several addresses associated with an Internet name. This is common for web sites that receive heavy traffic; they use multiple, redundant servers to carry the same information. To exit from the nslookup utility, type exit and press at the command prompt.
PAGE 133
OfficeConnect Gigabit VPN Firewall User’s Manual Appendix 22.
PAGE 134
Appendix 21.
PAGE 135
OfficeConnect Gigabit VPN Firewall User’s Manual Appendix 22. OBTAINING SUPPORT FOR YOUR PRODUCT query-based interactive tool is located at: http://knowledgebase.3com.com 22 It contains thousands of technical solutions written by 3Com support OBTAINING SUPPORT FOR YOUR PRODUCT 3Com offers product registration, case management, and repair services engineers. Purchase Extended Warranty and Professional Services through eSupport.3com.com.
PAGE 136
OfficeConnect VPN Firewall User’s Manual Appendix 21. SAFETY INFORMATION under the Product Support heading at http://www.3com.com/ numbers clearly marked on the outside of the package, will be returned to the Software Upgrades are the feature releases that follow the software sender unopened, at the sender’s expense. If your product is registered and version included with your original product.
PAGE 137
OfficeConnect Gigabit VPN Firewall User’s Manual Appendix 22. OBTAINING SUPPORT FOR YOUR PRODUCT Pakistan Call the U.S. direct by dialing 00 800 01001, then Country Telephone Number dialing 800 763 6780 0800 71429 Sri Lanka Call the U.S. direct by dialing 02 430 430, then 800 17309 dialing 800 763 6780 0800 113153 Vietnam Call the U.S.
PAGE 138
OfficeConnect VPN Firewall User’s Manual Appendix 21. SAFETY INFORMATION Country Telephone Number Country Telephone Number You can also obtain support in this region using this URL: +5511 5643 2700 http://emea.3com.com/support/email.html AT&T +800 988 2112 AT&T +800 988 2112 You can also obtain non-urgent support in this region at these email addresses: AT&T +800 988 2112 Technical support and general requests: customer_support@3com.
PAGE 139
OfficeConnect Gigabit VPN Firewall User’s Manual Country Appendix 22. OBTAINING SUPPORT FOR YOUR PRODUCT Telephone Number Country Telephone Number AT&T +800 988 2112 Panama AT&T +800 988 2112 English speakers in Latin America should send an e-mail to: AT&T +800 988 2112 lat_support_anc@3com.
PAGE 140
OfficeConnect VPN Firewall User’s Manual Appendix 21. SAFETY INFORMATION Country Telephone Number Country Telephone Number 029003078 PR of China 800 810 0504 Singapore 800 448 1433 South. Korea 080 698 0880 Taiwan 00801 444 318 Thailand 001 800 441 2152 From anywhere in these regions not listed below, call: +44 1442 435529 From the following countries, call the appropriate number: 0800 297 468 Pakistan Call the U.S.
PAGE 141
OfficeConnect Gigabit VPN Firewall User’s Manual Country Appendix 22. OBTAINING SUPPORT FOR YOUR PRODUCT Telephone Number Country Telephone Number 0800 995 014 AT&T +800 988 2112 900 938 919 AT&T +800 988 2112 020 795 482 AT&T +800 988 2112 0800 553 072 Bermuda AT&T +800 988 2112 04-3908997 AT&T +800 988 2112 0800 096 3266 0800-133266 (0800-13-3COM) You can also obtain support in this region using this URL: +5511 5643 2700 http://emea.3com.com/support/email.
PAGE 142
OfficeConnect VPN Firewall User’s Manual Appendix 21. SAFETY INFORMATION Country Telephone Number Country Telephone Number AT&T +800 988 2112 AT&T +800 988 2112 Spanish speakers, enter the URL: AT&T +800 988 2112 http://lat.3com.com/lat/support/form.html 1800 849 2273 +52-55-52-01-0004 Portuguese speakers, enter the URL: AT&T +800 988 2112 http://lat.3com.com/br/support/form.
PAGE 143
OfficeConnect Gigabit VPN Firewall User’s Manual 23 END USER SOFTWARE LICENCE AGREEMENT YOU SHOULD CAREFULLY READ THE FOLLOWING TERMS AND CONDITIONS BEFORE DOWNLOADING, INSTALLING AND USING THIS PRODUCT, THE USE OF WHICH IS LICENSED BY 3COM CORPORATION ("3COM") TO ITS CUSTOMERS FOR THEIR USE ONLY AS SET FORTH BELOW. DOWNLOADING, INSTALLING OR OTHERWISE USING ANY PART OF THE SOFTWARE OR DOCUMENTATION INDICATES THAT YOU ACCEPT THESE TERMS AND CONDITIONS.
PAGE 144
OfficeConnect VPN Firewall User’s Manual Appendix 21. SAFETY INFORMATION In order to meet FCC emissions limits, this equipment must be used only with cables 24 which comply with IEEE 802.3. Regulatory Notices ________________________________________________________________________________ 24.1.1.3 ICES STATEMENT This Class A digital apparatus complies with Canadian ICES-003. ________________________________________________________________________________ 24.1.1.
PAGE 145
OfficeConnect Gigabit VPN Firewall User’s Manual 25 Appendix 22. OBTAINING SUPPORT FOR YOUR PRODUCT bit Short for "binary digit," a bit is a number that can have two Glossary 10BASE-T A designation for the type of wiring used by Ethernet values, 0 or 1. See also binary. bps bits per second broadband A telecommunications technology that can send different networks with a data rate of 10 Mbps. Also known as types of data over the same medium. DSL is a broadband Category 3 (CAT 3) wiring.
PAGE 146
OfficeConnect VPN Firewall User’s Manual Appendix 21. SAFETY INFORMATION requested domain name to find its corresponding IP operate on an interface (or multiple interfaces) and in a address. If the DNS server cannot find the IP address, it particular direction (upstream, downstream, or both). communicates with higher-level DNS servers to firewall determine the IP address. See also domain name.
PAGE 147
OfficeConnect Gigabit VPN Firewall User’s Manual IGMP Appendix 22. OBTAINING SUPPORT FOR YOUR PRODUCT network-related information. The ping command makes domain name that can be specified instead. See also use of ICMP. domain name, network mask. Internet Group Management Protocol ISP Internet Service Provider An Internet protocol that enables a computer to share A company that provides Internet access to its customers, information about its membership in multicast groups with usually for a fee.
PAGE 148
OfficeConnect VPN Firewall User’s Manual Appendix 21. SAFETY INFORMATION NAT rule A defined method for translating between public and port private IP addresses on your LAN. network network mask router, through which data flows into and out of the device. A group of computers that are connected together, allowing them to communicate with each other and share PPP A protocol for serial data transmission that is used to small, such as a LAN, or very large, such as the Internet.
PAGE 149
OfficeConnect Gigabit VPN Firewall User’s Manual IP address and current network conditions. A device that Appendix 22. OBTAINING SUPPORT FOR YOUR PRODUCT Telnet An interactive, character-based program used to access a performs routing is called a router. rule See filtering rule, NAT rule. SDNS Secondary Domain Name System (server) remote computer.
PAGE 150
OfficeConnect VPN Firewall User’s Manual Appendix 21. SAFETY INFORMATION WAN Wide Area Network Any network spread over a large geographical area, such as a country or continent. With respect to the OfficeConnect Gigabit VPN Firewall, WAN refers to the Internet. Web browser A software program that uses Hyper-Text Transfer Protocol (HTTP) to download information from (and upload to) web sites, and displays the information, which may consist of text, graphic images, audio, or video, to the user.
PAGE 151
OfficeConnect VPN Firewall User’s Manual Appendix 20.
PAGE 152
OfficeConnect VPN Firewall User’s Manual Eth-0 interface defined, 19 Ethernet defined, 127 Inbound ACL Configuration page, 54 Internet, 128 troubleshooting access to, 115 Intranet, 128 Ethernet cable, 9 IP addresses, 128 Filtering rule, 127 explained, 111 Firewall, 127 IP configuration Firmware Upgrade page, 106 static, 14 Firmware upgrades, 105 static IP addresses, 14 Front panel, 3 Windows 2000, 12 FTP, 127 Windows Me, 13 Gatewas Windows NT 4.
PAGE 153
OfficeConnect VPN Firewall User’s Manual Appendix 26. Index LAN, 128 Static, 52 LAN DHCP, 25 Virtual Server, 53 LAN IP address, 25, 33 specifying, 25, 33, 36 Navigating, 21 Netmask. See Network mask LAN network mask, 25, 33 Network.
PAGE 154
OfficeConnect VPN Firewall User’s Manual LAN Statistics, 33 Protocol, 129 Routing Configuration, 45, 47 Quick Configuration User Password Configuration, 102 WAN Statistics, 43 logging in, 14 Rear Panel, 3 Pages Inbound ACL Configuration, 54 Remote, 129 Pages Outbound ACL Configuration, 57 RIP, 129 Parts RJ-45, 129 checking for, 3 Password Routing, 129 Routing Configuration page, 45, 47 changing, 101 Secondary DNS, 40, 41, 42 default, 15, 21 Static IP addresses, 14 recovering, 116 Static
PAGE 155
OfficeConnect VPN Firewall User’s Manual Appendix 26.
PAGE 156
OfficeConnect VPN Firewall User’s Manual 142