Check Point Safe@Office Internet Security Appliance User Guide Version 4.
COPYRIGHT & TRADEMARKS Safety or Performance and could result in violation of Part 15 of the FCC Rules. Copyright © 2004 SofaWare, All Rights Reserved. No part of this document may be reproduced in any form or by any means without written permission from SofaWare. When installing the appliance, ensure that the vents are not blocked. Information in this document is subject to change without notice and does not represent a commitment on part of SofaWare Technologies Ltd.
Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.
Contents Contents Chapter 1: Introduction ................................................................................... 1 About Your Check Point Safe@Office Appliance ......................................... 1 Safe@Office Products .................................................................................... 2 Safe@Office 105 ........................................................................................ 2 Safe@Office 110 ...............................................................
Contents Rear Panel................................................................................................. 20 Front Panel................................................................................................ 22 About This Guide ......................................................................................... 24 Contacting Technical Support ...................................................................... 24 Chapter 2: Installing and Setting up the Safe@Office Appliance ....
Contents Using a PPTP or PPPoE Dialer Connection ............................................. 62 Using PPPoE............................................................................................. 63 Using PPTP .............................................................................................. 64 Using Internet Setup ..................................................................................... 66 Using a LAN Connection ...............................................................
Contents Configuring High Availability.................................................................... 117 Using Traffic Shaper................................................................................... 120 Adding and Editing a Class .................................................................... 122 Deleting Classes ..................................................................................... 127 Restoring Traffic Shaper Defaults ...................................................
Contents Refreshing Your Service Center Connection.............................................. 171 Configuring Your Account ......................................................................... 171 Disconnecting from Your Service Center................................................... 172 Web Filtering .............................................................................................. 172 Enabling/Disabling Web Filtering ..........................................................
Contents Adding and Editing VPN Sites using Safe@Office 110 and 225 ............... 206 Configuring a Remote Access VPN Site ................................................ 208 Configuring a Site-to-Site VPN Gateway............................................... 219 Creating a PPPoE Tunnel ....................................................................... 228 Deleting a VPN Site.................................................................................... 231 Enabling/Disabling a VPN Site .....
Contents Registering Your Safe@Office Appliance ................................................. 262 Configuring Syslog Logging ...................................................................... 263 Configuring HTTPS.................................................................................... 265 Setting the Time on the Appliance.............................................................. 267 Controlling the Appliance via the Command Line .....................................
About Your Check Point Safe@Office Appliance Chapter 1 Introduction This chapter introduces the Check Point Safe@Office appliance and this guide. This chapter includes the following topics: About Your Check Point Safe@Office Appliance ................................. 1 Safe@Office Products ............................................................................ 2 Safe@Office Features and Compatibility............................................... 4 Getting to Know Your Safe@Office 100 Series........
Safe@Office Products updates, Web filtering, and dynamic DNS. Business users can use the Safe@Office appliance to securely connect to the office network. Safe@Office Products The Safe@Office appliance is available with the following hardware: • Safe@Office 100 series • Safe@Office 200 series • Safe@Office 300 series All three series provide a Web-based management interface, which enables you to manage and configure the Safe@Office appliance operation and options.
Safe@Office Products from home to securely connect to the office network. Safe@Office 110 can also be configured as a Site-to-Site VPN Gateway, which allows permanent bi-directional connections between two gateways, such as two company offices. Safe@Office 110 is intended for small and medium businesses with one or more branch offices, and for their employees working from home. It can be used by up to ten computers.
Safe@Office Features and Compatibility Safe@Office 300 Safe@Office 300 provides all the benefits of Safe@Office 225, along with two USB ports for printer server functionality. Safe@Office 300 is intended for small to medium-sized businesses with extended networks. It can be used by up to 25 computers. Safe@Office 300W Safe@Office 300W provides the same functionality as Safe@Office 300, but can function as an access point for a wireless network.
Safe@Office Features and Compatibility Feature Safe@ Office 105 Safe@ Safe@ Safe@ 110 225/225U 300/300W Office Office Office WLAN Antennas 300W only USB Ports Serial Console Port Ethernet cable type recognition Users (nodes) 5 10 25 or Unlimited 25 or Unlimited Supported Internet Static IP, DHCP Client, Cable Modem, PPTP Client, connection PPPoE Client, Telstra BPA login methods DHCP Server DHCP relay MAC Cloning Backup Internet connection Chapter 1: Introduction 5
Safe@Office Features and Compatibility Feature Safe@ Office 105 Safe@ Safe@ Safe@ 110 225/225U 300/300W Office Office Office High Availability Traffic Shaper Static NAT Static Routes Firewall Feature Safe@ Safe@ Safe@ Safe@ 105 110 225/225U 300/300W Office Firewall Type Office Office Office Check Point Firewall-1 Embedded NG Network Address Translation (NAT) INSPECT Policy Rules Unlimited Unlimited User-defined rules 6 Check Point Safe@Office User Guide Unlimited Unlimite
Safe@Office Features and Compatibility Feature Safe@ Safe@ Safe@ Safe@ 105 110 225/225U 300/300W Logical Physical Physical Office Office Office Office Three levels preset security policies DoS Protection Anti-spoofing Attack Logging Voice over IP (H.
Safe@Office Features and Compatibility VPN Feature Safe@ Safe@ Safe@ Safe@ 105 110 225/225U 300/300W Office VPN Type Office Office Office Check Point VPN-1 Embedded NG Remote Remote Remote Access Client Access Client Access Client IPSEC VPN mode Remote Access Server Remote Remote Remote Access Server Access Server Access Server Site-to-Site Site-to-Site Site-to-Site AES/3DES/ AES/3DES/ AES/3DES/ AES/3DES/ DES DES DES DES SHA1/MD5 SHA1/MD5 SHA1/MD5 SHA1/MD5 IPSEC VPN pas
Safe@Office Features and Compatibility Feature Safe@ Safe@ Safe@ Safe@ 105 110 225/225U 300/300W Office Office Office Office Hardware Random Number Generator Management Feature Safe@ Office 105 Safe@ Office 110 Safe@ Office Safe@ Office 225/225U 300/300W Web Management HTTPS Access (local and remote) Multiple Administrators CLI Management Systems SofaWare SMP SofaWare SofaWare SofaWare SMP SMP SMP Chapter 1: Introduction 9
Safe@Office Features and Compatibility Optional Security Services Feature Safe@ Office 105 Safe@ Safe@ Safe@ 110 225/225U 300/300W Office Firewall security and software updates Web Filtering * Email Antivirus protection * Dynamic DNS Service * SecureDesk Antivirus Compliance Checking * VPN Management 10 Check Point Safe@Office User Guide Office Office
Safe@Office Features and Compatibility Feature Safe@ Office 105 Safe@ Safe@ Safe@ 110 225/225U 300/300W Office Office Office Firewall security and software updates Centralized Logging and Intrusion Detection * When managed by SofaWare Security Management Portal (SMP).
Safe@Office Features and Compatibility Item Safe@Office 105, 100, 225/225U Safe@Office 300 USB cable Two antennas Two plastic conical anchors Two cross-head screws Getting Started Guide This Users Guide 12 Check Point Safe@Office User Guide Safe@Office 300W
Safe@Office Features and Compatibility Network Requirements • A broadband Internet connection via cable or DSL modem with Ethernet interface (RJ-45) • 10BaseT or 100BaseT Network Interface Card installed on each computer • TCP/IP network protocol installed on each computer • Internet Explorer 5.0 or higher, or Netscape Navigator 4.
Getting to Know Your Safe@Office 100 Series Getting to Know Your Safe@Office 100 Series Rear Panel The following figure shows the Safe@Office 100 series appliance's rear panel. All physical connections (network and power) to the Safe@Office appliance are made via the rear panel of your Safe@Office appliance. Figure 1: Safe@Office Appliance 100 Rear Panel Items The following table lists the Safe@Office appliance's rear panel elements.
Getting to Know Your Safe@Office 100 Series Label Description RESET A button used for rebooting the Safe@Office appliance or resetting the Safe@Office appliance to its factory defaults. You need to use a pointed object to press this button. • Short press. Reboots the Safe@Office appliance • Long press (7 seconds). Resets the Safe@Office appliance to its factory defaults, and resets your firmware to the version that shipped with the Safe@Office appliance.
Getting to Know Your Safe@Office 100 Series Table 2: Safe@Office 100 Appliance Status LEDs LED State Explanation PWR/SEC Off Power off Flashing quickly (Green) System boot-up Flashing slowly (Green) Establishing Internet connection LAN 1- On (Green) Normal operation Flashing (Red) Hacker attack blocked On (Red) Error LINK/ACT Off, 100 Off Link is down LINK/ACT On, 100 Off 10 Mbps link established 4/WAN for the corresponding port LINK/ACT On, 100 On 100 Mbps link established for the c
Getting to Know Your Safe@Office 200 Series Getting to Know Your Safe@Office 200 Series Rear Panel The following figure shows the Safe@Office 200 series appliance's rear panel. All physical connections (network and power) to the Safe@Office appliance are made via the rear panel of your Safe@Office appliance. Figure 3: Safe@Office 200 Appliance Rear Panel Items The following table lists the Safe@Office 200 appliance's rear panel elements.
Getting to Know Your Safe@Office 200 Series Label Description RESET A button used for rebooting the Safe@Office appliance or resetting the Safe@Office appliance to its factory defaults. You need to use a pointed object to press this button. • Short press. Reboots the Safe@Office appliance • Long press (7 seconds). Resets the Safe@Office appliance to its factory defaults, and resets your firmware to the version that shipped with the Safe@Office appliance.
Getting to Know Your Safe@Office 200 Series Front Panel The Safe@Office 200 appliances includes several status LEDs that enable you to monitor the appliance’s operation. Figure 4: Safe@Office 200 Appliance Front Panel For an explanation of the Safe@Office 200 appliance’s status LEDs, see the table below.
Getting to Know Your Safe@Office 300 Series Appliance LED State Explanation LINK/ACT On, 100 Off 10 Mbps link established for the corresponding port LINK/ACT On, 100 On 100 Mbps link established for the corresponding port LNK/ACT Flashing Data is being transmitted/received VPN Flashing (Green) VPN port in use Serial Flashing (Green) Serial port in use Getting to Know Your Safe@Office 300 Series Appliance Rear Panel All physical connections (network and power) to the Safe@Office appliance are
Getting to Know Your Safe@Office 300 Series Appliance Table 5: Safe@Office 300 Appliance Rear Panel Elements Label PWR Description A power jack used for supplying power to the unit. Connect the supplied power adapter to this jack. RESET A button used for rebooting the Safe@Office appliance or resetting the Safe@Office appliance to its factory defaults. You need to use a pointed object to press this button. • Short press. Reboots the Safe@Office appliance • Long press (7 seconds).
Getting to Know Your Safe@Office 300 Series Appliance Label Description ANT 1/ Antenna connectors (Safe@Office 300W only) ANT 2 Front Panel The Safe@Office 300 appliances includes several status LEDs that enable you to monitor the appliance’s operation. Figure 5: Safe@Office 300 Appliance Front Panel For an explanation of the Safe@Office 300 appliance’s status LEDs, see the table below.
Getting to Know Your Safe@Office 300 Series Appliance LED State Explanation LAN 1- LINK/ACT Off, 100 Off Link is down LINK/ACT On, 100 Off 10 Mbps link established 4/WAN/ DMZ/WAN2 for the corresponding port LINK/ACT On, 100 On 100 Mbps link established for the corresponding port LNK/ACT Flashing Data is being transmitted/received VPN Flashing (Green) VPN port in use Serial Flashing (Green) Serial port in use USB Flashing (Green) USB port in use WLAN Flashing (Green) WLAN in use (30
About This Guide About This Guide To make finding information in this manual easier, some types of information are marked with special symbols or formatting. Boldface type is used for command and button names. Note: Notes are denoted by indented text and preceded by the Note icon. Warning: Warnings are denoted by indented text and preceded by the Warning icon. Each task is marked with a product bar indicating the Safe@Office products required to perform the task.
Before You Install the Safe@Office Appliance Chapter 2 Installing and Setting up the Safe@Office Appliance This chapter describes how to properly set up and install your Safe@Office appliance in your networking environment. This chapter includes the following topics: Before You Install the Safe@Office Appliance ................................... 25 Wall Mounting the Appliance .............................................................. 38 Network Installation ...........................................
Before You Install the Safe@Office Appliance Windows 2000/XP Note: While Windows XP has an "Internet Connection Firewall" option, it is recommended to disable it if you are using a Safe@Office appliance, since the Safe@Office appliance offers better protection. If you want to subscribe to SecureDesk, you must disable the Windows XP firewall before you install the antivirus software. For information on SecureDesk, see Using SecureDesk on page 183. Checking the TCP/IP Installation 1.
Before You Install the Safe@Office Appliance The Network and Dial-up Connections window appears. 3. Right-click the menu that opens.
Before You Install the Safe@Office Appliance The Local Area Connection Properties window appears. 4. In the above window, check if TCP/IP appears in the components list and if it is properly configured with the Ethernet card, installed on your computer. If TCP/IP does not appear in the Components list, you must install it as described in the next section.
Before You Install the Safe@Office Appliance Installing TCP/IP Protocol 1. In the Local Area Connection Properties window click Install…. The Select Network Component Type window appears. 2. Choose Protocol and click Add. The Select Network Protocol window appears. 3. Choose Internet Protocol (TCP/IP) and click OK. TCP/IP protocol is installed on your computer.
Before You Install the Safe@Office Appliance TCP/IP Settings 1. In the Local Area Connection Properties window double-click the Internet Protocol (TCP/IP) component, or select it and click Properties. The Internet Protocol (TCP/IP) Properties window opens. 2. Click the Obtain an IP address automatically radio button. Note: Normally, it is not recommended to assign a static IP address to your PC but rather to obtain an IP address automatically.
Before You Install the Safe@Office Appliance 4. Click OK to save the new settings. Your computer is now ready to access your Safe@Office appliance. Windows 98/Millennium Checking the TCP/IP Installation 1. Click Start > Settings > Control Panel. The Control Panel window appears. 2. Double-click the icon.
Before You Install the Safe@Office Appliance The Network window appears. 3. In the Network window, check if TCP/IP appears in the network components list and if it is already configured with the Ethernet card, installed on your computer. Installing TCP/IP Protocol Note: If TCP/IP is already installed and configured on your computer skip this section and move directly to TCP/IP Settings. 1. In the Network window, click Add.
Before You Install the Safe@Office Appliance The Select Network Component Type window appears. 2. Choose Protocol and click Add. The Select Network Protocol window appears. 3. In the Manufacturers list choose Microsoft, and in the Network Protocols list choose TCP/IP. 4. Click OK. If Windows asks for original Windows installation files, provide the installation CD and relevant path when required (e.g. D:\win98) 5. Restart your computer if prompted.
Before You Install the Safe@Office Appliance TCP/IP Settings Note: If you are connecting your Safe@Office appliance to an existing LAN, consult your network manager for the correct configurations. 1. In the Network window, double-click the TCP/IP service for the Ethernet card, which has been installed on your computer (e.g. The TCP/IP Properties window opens. 2. Click the Gateway tab, and remove any installed gateways. 34 Check Point Safe@Office User Guide ).
Before You Install the Safe@Office Appliance 3. Click the DNS Configuration tab, and click the Disable DNS radio button.
Before You Install the Safe@Office Appliance 4. Click the IP Address tab, and click the Obtain an IP address automatically radio button. Note: Normally, it is not recommended to assign a static IP address to your PC but rather to obtain an IP address automatically. If for some reason you need to assign a static IP address, select Specify an IP address, type in an IP address in the range of 192.168.10.129-254, enter 255.255.255.0 in the Subnet Mask field, and click OK to save the new settings.
Before You Install the Safe@Office Appliance Mac OS Use the following procedure for setting up the TCP/IP Protocol. 1. Choose Apple Menus -> Control Panels -> TCP/IP. The TCP/IP window appears. 2. Click the Connect via drop-down list and select Ethernet. 3. Click the Configure drop-down list and select Using DHCP Server. 4. Close the window and save the setup.
Wall Mounting the Appliance Wall Mounting the Appliance If desired, you can mount your Safe@Office 300 series appliance on the wall. To mount the Safe@Office appliance on the wall 1. Decide where you want to mount your Safe@Office appliance. 2. Decide on the mounting orientation. You can mount the appliance on the wall facing up, down, left, or right. Note: Facing downwards is not recommended, as dust might accumulate in unused ports.
Wall Mounting the Appliance 3. Mark two drill holes on the wall, in accordance with the following sketch: 4. Drill two 3.5 mm diameter holes, approximately 25 mm deep. 5. Insert the two plastic conical anchors you received with your Safe@Office appliance into the holes. 6. Insert the two screws you received with your Safe@Office appliance into the plastic conical anchors, and turn them until they protrude approximately 5 mm from the wall. 7.
Network Installation Your Safe@Office appliance is wall mounted. You can now connect it to your computer. See Network Installation on page 40. Network Installation 1. Verify that you have the correct cable type. For information, see Network Requirements on page 13. 2. Connect the LAN cable: • Connect one end of the Ethernet cable to one of the LAN ports at the back of the unit. • Connect the other end to PCs, hubs, or other network devices. 3.
Setting Up the Safe@Office Appliance Figure 6: Typical Connection Diagram 5. In Safe@Office appliance 300W, prepare the Safe@Office appliance for a wireless connection: a. Connect the antennas that came with your Safe@Office appliance to the ANT1 and ANT2 antenna connectors in the appliance's rear panel. b. Bend the antennas at the hinges, so that they point upwards. Setting Up the Safe@Office Appliance After you have installed the Safe@Office appliance, you must set it up using the steps shown below.
Setting Up the Safe@Office Appliance Logging on to the Safe@Office Portal and setting up your password Initial Login to the Safe@Office Portal on page 45 Configuring an Internet connection Using the Internet Wizard on page 58 Setting the Time on your Safe@Office appliance (200 series only) Setting the Time on the Appliance on page 267 Installing the Product Key Upgrading Your Software Product on page 258 Registering your Safe@Office Appliance Registering Your Safe@Office Appliance on page 262 Setting
Setting Up the Safe@Office Appliance You can access the Setup Wizard at any time after initial setup, using the procedure below. To access the Setup Wizard 1. Click Setup in the main menu, and click the Firmware tab. The Firmware page appears. 2. Click Safe@Office Setup Wizard. 3. The Safe@Office Setup Wizard opens with the Welcome page displayed.
Initial Login to the Safe@Office Portal Chapter 3 Getting Started This chapter contains all the information you need in order to get started using your Safe@Office appliance. This chapter includes the following topics: Initial Login to the Safe@Office Portal................................................ 45 Logging on to the Safe@Office Portal ................................................. 47 Accessing the Safe@Office Portal Remotely .......................................
Initial Login to the Safe@Office Portal The initial login page appears. 2. Type a password both in the Password and the Confirm Password fields. Note: The password must be five to 25 characters (letters or numbers). Note: You can change your password at any time. For further information, see Changing Your Password on page 245. 3. Click OK. The Safe@Office Setup Wizard opens, with the Welcome screen displayed.
Logging on to the Safe@Office Portal 4. Configure your Internet connection using one of the following ways: • Internet Wizard The Internet Wizard is the first part of the Setup Wizard, and it takes you through basic Internet connection setup, step by step. For information on using the Internet Wizard, see Using the Internet Wizard on page 58. After you have completed the Internet Wizard, the Setup Wizard continues to guide you through appliance setup.
Logging on to the Safe@Office Portal The login page appears. If you are using Safe@Office 105, the page appears without the Username field. 2. Type in your username and password. 3. Click OK. The Welcome page appears.
Accessing the Safe@Office Portal Remotely Accessing the Safe@Office Portal Remotely You can access the Safe@Office Portal remotely (from the Internet) through HTTPS. HTTPS is a protocol for accessing a secure Web server. It is used to transfer confidential user information, since it encrypts data and utilizes a secure port. If desired, you can also use HTTPS to access the Safe@Office Portal from your internal network.
Using the Safe@Office Portal If this is your first attempt to access the Safe@Office Portal through HTTPS, the certificate in the Safe@Office appliance is not yet known to the browser, so the Security Alert dialog box appears. To avoid seeing this dialog box again, install the certificate of the destination Safe@Office appliance. If you are using Internet Explorer 5, do the following: a. Click View Certificate. The Certificate dialog box appears, with the General tab displayed. b.
Using the Safe@Office Portal Table 7: Safe@Office Portal Elements Element Main menu Description Used for navigating between the various topics (such as Reports, Security, and Setup). Main frame Displays information and controls related to the selected topic. The main frame may also contain tabs that allow you to view different pages related to the selected topic. Status bar Shows your Internet connection and managed services status.
Using the Safe@Office Portal Main Menu The main menu includes the following submenus. Table 8: Main Menu Submenus This Does this… Welcome Displays the welcome information. Reports Provides reporting capabilities in terms of event submenu… logging, established connections, and active computers. Security Provides controls and options for setting the security of any computer in the network. Services Allows you to control your subscription to subscription services.
Using the Safe@Office Portal This Does this… Users Allows you to manage Safe@Office appliance users. submenu… This submenu only appears in Safe@Office 110 and 225. VPN Allows you to manage, configure, and log on to VPN sites. This submenu only appears in Safe@Office 110 and 225. Help Provides context-sensitive help. Logout Allows you to log off of the Safe@Office Portal. Main Frame The main frame displays the relevant data and controls pertaining to the menu and tab you select.
Using the Safe@Office Portal Table 9: Status Bar Fields This field… Displays this… Internet Your Internet connection status. The connection status may be one of the following: • Connected. The Safe@Office appliance is connected to the Internet. • Not Connected. The Internet connection is down. • Establishing Connection. The Safe@Office appliance is connecting to the Internet. • Contacting Gateway. The Safe@Office appliance is trying to contact the Internet default gateway. • Disabled.
Using the Safe@Office Portal This field… Displays this… Service Displays your subscription services status. Center Your Service Center may offer various subscription services. These include the firewall service and optional services such as Web Filtering and Email Antivirus. Your subscription services status may be one of the following: • Not Subscribed. You are not subscribed to security services. • Connection Failed. The Safe@Office appliance failed to connect to the Service Center.
Logging off Logging off Logging off terminates your administration session. Any subsequent attempt to connect to the Safe@Office Portal will require re-entering of the administration password. To log off of the Safe@Office Portal • Do one of the following: • If you are connected through HTTP, click Logout in the main menu. The Logout page appears. • If you are connected through HTTPS, the Logout option does not appear in the main menu. Close the browser window.
Overview Chapter 4 Configuring the Internet Connection This chapter describes how to configure and work with an Safe@Office Internet connection. This chapter includes the following topics: Overview .............................................................................................. 57 Using the Internet Wizard..................................................................... 58 Using Internet Setup .............................................................................
Using the Internet Wizard • Internet Setup. Offers advanced setup options. If you are using Safe@Office 110 or 225, you can configure two Internet connections. In Safe@Office 225, you can also do the following: • Enable Traffic Shaper for traffic flowing through the connection. For information on Traffic Shaper, see Using Traffic Shaper on page 120. • Configure a dialup Internet connection. Before configuring the connection, you must first set up the modem.
Using the Internet Wizard The Internet Wizard opens with the Welcome page displayed. 3. Click Next. The Internet Connection Method dialog box appears. 4. Select the Internet connection method you want to use for connecting to the Internet. Note: If you selected PPTP or PPPoE dialer, do not use your dial-up software to connect to the Internet. 5. Click Next.
Using the Internet Wizard Using a Direct LAN Connection No further settings are required for a direct LAN (Local Area Network) connection. The Confirmation screen appears. 1. Click Next. The system attempts to connect to the Internet via the selected connection. The Connecting… screen appears. At the end of the connection process the Connected screen appears. 2. Click Finish.
Using the Internet Wizard Using a Cable Modem Connection If you selected the Cable Modem connection method, the Identification dialog box appears. 1. If your ISP requires a specific hostname for authentication, enter it in the Host Name field. The ISP will supply you with the proper hostname, if required. Most ISPs do not require a specific hostname. 2. A MAC address is a 12-digit identifier assigned to every network device.
Using the Internet Wizard The system attempts to connect to the Internet. The Connecting… screen appears. At the end of the connection process the Connected screen appears. 5. Click Finish. Using a PPTP or PPPoE Dialer Connection If you selected the PPTP or PPPoE dialer connection method, the DSL Connection Type dialog box appears. 1. Select the connection method used by your DSL provider. Note: Most xDSL providers use PPPoE.
Using the Internet Wizard Using PPPoE If you selected the PPPoE connection method, the DSL Configuration dialog box appears. 1. Complete the fields using the information in the table below. 2. Click Next. The Confirmation screen appears. 3. Click Next. The system attempts to connect to the Internet via the DSL connection. The Connecting… screen appears. At the end of the connection process the Connected screen appears. 4. Click Finish.
Using the Internet Wizard In this field… Do this… Service Type your service name. This field can be left blank. Using PPTP If you selected the PPTP connection method, the DSL Configuration dialog box appears. 1. Complete the fields using the information in the table below. 2. Click Next. The Confirmation screen appears. 3. Click Next. The system attempts to connect to the Internet via the DSL connection. The Connecting… screen appears. At the end of the connection process the Connected screen appears.
Using the Internet Wizard Table 11: PPTP Connection Fields In this field… Do this… Username Type your user name. Password Type your password. Confirm password Type your password. Service Type your service name. Server IP Type the IP address of the PPTP modem. Internal IP Type the local IP address required for accessing the PPTP modem. Subnet Mask Type the subnet mask of the PPTP modem.
Using Internet Setup Using Internet Setup Internet Setup allows you to manually configure your Internet connection. To configure the Internet connection using Internet Setup 1. Click Network in the main menu, and click the Internet tab. If you are using Safe@Office 105, the secondary connection does not appear. 2. If your ISP restricts connections to specific, recognized MAC addresses, clone a MAC address using the procedure Cloning a MAC Address on page 86. 3.
Using Internet Setup The Internet Setup page appears. 4. From the Connection Type drop-down list, select the Internet connection type you are using/intend to use. The display changes according to the connection type you selected. The following steps should be performed in accordance with the connection type you have chosen.
Using Internet Setup Using a LAN Connection Note: The QoS area only appears in the Safe@Office 200 series. 1. Complete the fields using the relevant information in Internet Setup Fields on page 79.
Using Internet Setup New fields appear, depending on the check boxes you selected. 2. Click Apply. The Safe@Office appliance attempts to connect to the Internet, and the Status Bar displays the Internet status “Connecting”. This may take several seconds. Once the connection is made, the Status Bar displays the Internet status “Connected”.
Using Internet Setup Using a Cable Modem Connection 1. Complete the fields using the relevant information in Internet Setup Fields on page 79. New fields appear, depending on the check boxes you selected. 2. Click Apply. The Safe@Office appliance attempts to connect to the Internet, and the Status Bar displays the Internet status “Connecting”. This may take several seconds. Once the connection is made, the Status Bar displays the Internet status “Connected”.
Using Internet Setup Using a PPPoE Connection 1. Complete the fields using the relevant information in Internet Setup Fields on page 79.
Using Internet Setup New fields appear, depending on the check boxes you selected. 2. Click Apply. The Safe@Office appliance attempts to connect to the Internet, and the Status Bar displays the Internet status “Connecting”. This may take several seconds. Once the connection is made, the Status Bar displays the Internet status “Connected”.
Using Internet Setup Using a PPTP Connection 1. Complete the fields using the relevant information in Internet Setup Fields on page 79.
Using Internet Setup New fields appear, depending on the check boxes you selected. 2. Click Apply. The Safe@Office appliance attempts to connect to the Internet, and the Status Bar displays the Internet status “Connecting”. This may take several seconds. Once the connection is made, the Status Bar displays the Internet status “Connected”.
Using Internet Setup Using a Telstra (BPA) Connection Use this Internet connection type only if you are subscribed to Telstra® BigPond™ Internet. Telstra BigPond is a trademark of Telstra Corporation Limited. 1. Complete the fields using the relevant information in Internet Setup Fields on page 79.
Using Internet Setup New fields appear, depending on the check boxes you selected. 2. Click Apply. The Safe@Office appliance attempts to connect to the Internet, and the Status Bar displays the Internet status “Connecting”. This may take several seconds. Once the connection is made, the Status Bar displays the Internet status “Connected”.
Using Internet Setup Using a Dialup Connection To use this connection type, you must first set up the dialup modem. For information, see Setting Up a Dialup Modem on page 84. 1. Complete the fields using the relevant information in Internet Setup Fields on page 79.
Using Internet Setup New fields appear, depending on the check boxes you selected. 2. Click Apply. The Safe@Office appliance attempts to connect to the Internet, and the Status Bar displays the Internet status “Connecting”. This may take several seconds. Once the connection is made, the Status Bar displays the Internet status “Connected”.
Using Internet Setup Using No Connection If you are using Safe@Office 110 or 225, and you do not have a secondary Internet connection, set the connection type to None. • Click Apply. Table 12: Internet Setup Fields In this field… Do this… Host Name Type the hostname for authentication. If your ISP has not provided you with a host name, leave this field blank. Most ISPs do not require a specific hostname. Username Type your user name. Password Type your password.
Using Internet Setup In this field… Do this… Phone Number If you selected Dialup, type the phone number that the modem should dial, as given by your ISP. Dial On Demand Connect on Select this option if you do not want the dialup demand modem to be constantly connected to the Internet. The modem will dial a connection only under certain conditions. This option is useful when configuring a dialup backup connection. For information, see Setting Up a Dialup Backup Connection on page 92.
Using Internet Setup In this field… Do this… On outgoing Select this option to specify that the dialup modem activity should only dial a connection if no other connection exists, and there is outgoing activity (that is, packets need to be transmitted to the Internet). If another connection opens, or if the connection times out, the dialup modem will disconnect. Idle timeout Type the amount of time (in minutes) that the connection can remain idle.
Using Internet Setup In this field… Do this… Subnet Mask Select the subnet mask that applies to the static IP address of your Safe@Office appliance. Default Gateway Type the IP address of your ISP’s default gateway. Primary DNS Type the Primary DNS server IP address. Server Secondary DNS Type the Secondary DNS server IP address. Server WINS Server Type the WINS server IP address. QoS Shape Upstream: Select this option to enable Traffic Shaper for Link Rate outgoing traffic.
Using Internet Setup In this field… Do this… Shape Select this option to enable Traffic Shaper for Downstream: Link incoming traffic. Then type a rate (in kilobits/second) Rate slightly lower than your Internet connection's maximum measured downstream speed in the field provided. It is recommended to try different rates in order to determine which one provides the best results.
Setting Up a Dialup Modem In this field… Do this… MTU This field allows you to control the maximum transmission unit size. As a general recommendation you should leave this field empty. If however you wish to modify the default MTU, it is recommended that you consult with your ISP first and use MTU values between 1300 and 1500. Setting Up a Dialup Modem You can use a dialup modem as a primary or secondary Internet connection method.
Setting Up a Dialup Modem The Dialup page appears. 3. Complete the fields using the information in the table below. 4. Click Apply. 5. To check that that the values you entered are correct, click Test. The Dialup page displays a message indicating whether the test succeeded. 6. Configure a Dialup Internet connection using the information in Using Internet Setup on page 66. Table 13: Dialup Fields In this field… Do this… Modem Type Select the modem type.
Cloning a MAC Address In this field… Do this… Initialization String Type the installation string for the custom modem type. Is you selected a standard modem type, this field is read-only. Dial Mode Select the dial mode the modem uses. Port Speed Select the modem's port speed (in bits per second). Cloning a MAC Address A MAC address is a 12-digit identifier assigned to every network device. If your ISP restricts connections to specific, recognized MAC addresses, you must clone a MAC address.
Cloning a MAC Address The MAC Cloning page appears. 3. Do one of the following: • Click This Computer to automatically "clone" the MAC address of your computer to the Safe@Office appliance. Or • If the ISP requires authentication using the MAC address of a different computer, enter the MAC address in the MAC cloning field. 4. Click Apply. 5. Click Back. The Internet page reappears with your computer’s MAC address displayed.
Viewing Internet Connection Information Viewing Internet Connection Information You can view information on your Internet connection(s) in terms of status, duration, and activity. To view Internet connection information 1. Click Network in the main menu, and click the Internet tab. The Internet page appears. For an explanation of the fields on this page, see the table below. 2. To refresh the information on this page, click Refresh.
Enabling/Disabling the Internet Connection Field Description Enabled Indicates whether or not the connection is enabled. For further information, see Enabling/Disabling the Internet Connection on page 89 WAN MAC The Safe@Office appliance’s MAC address. Address Cloned MAC The cloned MAC address. Address For further information, see Cloning a MAC Address on page 86. Received Packets The number of data packets received in the active connection.
Using Quick Internet Connection/Disconnection To enable/disable an Internet connection 1. Click Network in the main menu, and click the Internet tab. The Internet page appears. 2. Next to the Internet connection, do one of the following: • To enable the connection, click The button changes to and the connection is enabled. • To disable the connection, click The button changes to . . and the connection is disabled.
Configuring a Backup Internet Connection Configuring a Backup Internet Connection You can configure both a primary and a secondary Internet connection. The secondary connection acts as a backup, so that if the primary connection fails, the Safe@Office appliance remains connected to the Internet. Note: You can configure different DNS servers for the primary and secondary connections.
Configuring a Backup Internet Connection Setting Up a Dialup Backup Connection If desired, you can use a dialup modem as the secondary Internet connection method. The Safe@Office appliance automatically dials the modem if the primary Internet connection fails. To set up a dialup backup Internet connection 1. Setup a dialup modem. For instructions, see Setting Up a Dialup Modem on page 84. 2. Configure a LAN or broadband primary Internet connection. For instructions, see Using Internet Setup on page 66. 3.
Configuring Network Settings Chapter 5 Managing Your Network This chapter describes how to manage and configure your network connection and settings. This chapter includes the following topics: Configuring Network Settings.............................................................. 93 Configuring High Availability............................................................ 117 Using Traffic Shaper .......................................................................... 120 Using Network Objects ......
Configuring Network Settings Configuring a DHCP Server By default, the Safe@Office appliance operates as a DHCP (Dynamic Host Configuration Protocol) server. This allows the Safe@Office appliance to automatically configure all the devices on your network with their network configuration details. Note: The DHCP server only serves computers that are configured to obtain an IP address automatically.
Configuring Network Settings Enabling/Disabling the Safe@Office DHCP Server To enable/disable the Safe@Office DHCP server 1. Click Network in the main menu, and click the My Network tab. The My Network page appears. If you are using Safe@Office 105, the page appears without the DMZ area. 2. In the desired network's row, click Edit.
Configuring Network Settings The Edit Network Settings page appears. 3. From the DHCP Server list, select Enabled or Disabled. 4. Click Apply. A warning message appears. 5. Click OK. A success message appears 6. If your computer is configured to obtain its IP address automatically (using DHCP), and either the Safe@Office DHCP server or another DHCP server is enabled, restart your computer. If you enabled the DHCP server, your computer obtains an IP address in the DHCP address range.
Configuring Network Settings If desired, you can set the Safe@Office DHCP range manually. To configure the DHCP address range 1. Click Network in the main menu, and click the My Network tab. The My Network page appears. 2. In the desired network's row, click Edit. The Edit Network Settings page appears. 3. To set the DHCP range manually: a. Clear the Automatic DHCP range check box. The DHCP IP range fields appear. b. In the DHCP IP range fields, type the desired DHCP range. 4.
Configuring Network Settings 7. If your computer is configured to obtain its IP address automatically (using DHCP), and either the Safe@Office DHCP server or another DHCP server is enabled, restart your computer. Your computer obtains an IP address in the new DHCP address range.
Configuring Network Settings Configuring DHCP Relay To configure DHCP relay 1. Click Network in the main menu, and click the My Network tab. The My Network page appears. 2. In the desired network's row, click Edit. The Edit Network Settings page appears. 3. In the DHCP Server list, select Relay. The Automatic DHCP range check box is disabled, and the Relay to IP field appears. 4. In the Relay to IP field, type the IP address of the desired DHCP server. 5. Click Apply. A warning message appears. 6.
Configuring Network Settings A success message appears 7. If your computer is configured to obtain its IP address automatically (using DHCP), and either the Safe@Office DHCP server or another DHCP server is enabled, restart your computer. Your computer obtains an IP address in the DHCP address range. Changing IP Addresses If desired, you can change your Safe@Office appliance’s internal IP address. Using Safe@Office 110 or 225, you can also change the entire range of IP addresses in your internal network.
Configuring Network Settings Note: The internal network range is defined both by the Safe@Office appliance’s internal IP address and by the subnet mask. For example, if the Safe@Office appliance’s internal IP address is 192.168.100.7, and you set the subnet mask to 255.255.255.0, the network’s IP address range will be 192.168.100.1 – 192.168.100.254. The default internal network range is 192.168.10.*. 5. Click Apply. A warning message appears. 6. Click OK.
Configuring Network Settings Note: If Hide NAT is disabled, you must obtain a range of Internet IP addresses from your ISP. Hide NAT is enabled by default. Note: Static NAT and Hide NAT can be used together. To enable/disable Hide NAT 1. Click Network in the main menu, and click the My Network tab. The My Network page appears. 2. In the desired network's row, click Edit. The Edit Network Settings page appears. 3. From the Hide NAT list, select Enabled or Disabled. 4. Click Apply.
Configuring Network Settings networks. You can easily customize this behavior by creating firewall user rules. For further information, see Using Rules on page 154. For example, you could assign your company’s accounting department to the LAN network and the rest of the company to the DMZ network. The accounting department would be able to connect to all company computers, while the rest of the employees would not be able to access any sensitive information on the accounting department computers.
Configuring Network Settings The Edit Network Settings page appears. 4. In the Mode drop-down list, select Enabled. The fields are enabled. 5. If desired, enable or disable Hide NAT. See Enabling/Disabling Hide NAT on page 101. 6. If desired, configure a DHCP server. See Configuring a DHCP Server on page 94. 7. In the IP Address field, type the IP address of the DMZ network's default gateway. Note: The DMZ network must not overlap the LAN network. 8.
Configuring Network Settings • In the Management page, select ANY in either the SSH or HTTPS drop-down list. • Create a custom firewall rule to allow the desired protocols from the WLAN, or from an IP address in the WLAN. To configure a WLAN network 1. Prepare the appliance for a wireless connection as described in Network Installation on page 40. 2. Click Network in the main menu, and click the My Network tab. The My Network page appears. 3. In the WLAN network's row, click Edit.
Configuring Network Settings 6. If desired, configure a DHCP server. See Configuring a DHCP Server on page 94. 7. Complete the fields using the information in the table below. New fields appear depending on the options you selected. 8. Click Apply. A warning message appears. 9. Click OK. A success message appears. 10.
Configuring Network Settings • If you selected the 802.1X or WPA security mode, configure RADIUS servers. See Using RADIUS Authentication on page 252. • If you selected the WEP security mode, give the WEP key to the wireless clients. • If you selected the WPA-PSK security mode, give the passphrase to the wireless clients. 11. The wireless clients' administrators should configure the wireless clients and connect them to the WLAN. Refer to the wireless cards' documentation for details.
Configuring Network Settings Table 15: WLAN Settings Fields In this field… Do this… IP Address Type the IP address of the WLAN network's default gateway. Note: The WLAN network must not overlap the LAN network. Subnet Mask Type the WLAN’s internal network range. Wireless Settings Network Name Type the network name (SSID) that identifies your (SSID) wireless network. It can be up to 32 alphanumeric characters long and is case-sensitive. Country Select the country where you are located.
Configuring Network Settings In this field… Do this… Operation Mode Select an operation mode: • 802.11b (11Mbps) - Operates in the 2.4 GHz range and offers a rate of 11 Mbps (in theory). • 802.11g (54 Mbps) - Operates in the 2.4 GHz range, and offers a rate of 54 Mbps (in theory). Compatible with 802.11b. • Turbo G (108 Mbps) - Operates in the 2.4 GHz range, and offers a rate of 54 Mbps (in theory). Compatible with 802.11b and 802.11g.
Configuring Network Settings In this field… Do this… Channel Select the radio frequency to use for the wireless connection: • Automatic - The Safe@Office appliance automatically selects a channel. This is the default. • A specific channel - The list of channels is dependent on the selected country and operation mode. Note: If there is another wireless network in the vicinity, the two networks may interfere with one another.
Configuring Network Settings In this field… Do this… Security Select the security protocol to use: • None - No security method is used. This option is not recommended, because it allows unauthorized users to access your network. • WEP encryption - In the WEP (Wired Equivalent Privacy) encryption security method, wireless clients must use a preshared key to connect to your network. This option is not recommended, due to known security flaws.
Configuring Network Settings In this field… Passphrase Do this… • WPA: RADIUS authentication, encryption The WPA (Wi-Fi Protected Access) security method uses MIC (message integrity check) to ensure the integrity of messages, and TKIP (Temporal Key Integrity Protocol) to enhance data encryption. Furthermore, WPA includes 802.1x and EAP authentication, based on a central RADIUS authentication server. To use this security method, you must configure RADIUS servers. See Using RADIUS Authentication.
Configuring Network Settings In this field… Do this… WEP Keys Key 1, 2, 3, 4 radio Click the radio button next to the desired WEP key. button 64 Bits:10x[0-9, A- Select the WEP key length from the drop-down list. F] The possible key lengths are: • 64 Bits - The key length is 10 characters. • 128 Bits - The key length is 26 characters. • 152 Bits - The key length is 32 characters. Note: Some wireless card vendors call these lengths 40/104/128, respectively.
Configuring Network Settings In this field… Do this… Advanced Security Hide the Network Specify whether you want to hide your network's SSID, Name (SSID) by selecting one of the following: • Yes - Hide the SSID. Only devices to which your SSID is known can connect to your network. • No - Do not hide the SSID.
Configuring Network Settings In this field… Do this… MAC Address Specify whether you want to enable MAC address filtering filtering, by selecting one of the following: • Yes - Enable MAC address filtering. Only MAC addresses that you added as network objects can connect to your network. For information on network objects, see Using Network Objects on page 129. • No - Disable MAC address filtering. This is the default.
Configuring Network Settings In this field… Do this… Fragmentation Type the smallest IP packet size (in bytes) that Threshold requires that the IP packet be split into smaller fragments. If you are experiencing significant radio interference, set the threshold to a low value (around 1000), to reduce error penalty and increase overall throughput. Otherwise, set the threshold to a high value (around 2000), to reduce overhead. The default value is 2346.
Configuring High Availability Configuring High Availability You can install two Safe@Office appliances on your network, one acting as the “Master”, the default gateway through which all network traffic is routed, and one acting as the “Backup”. If the Master fails, the Backup automatically and transparently takes over all the roles of the Master. This ensures that your network is consistently protected by a Safe@Office appliance and connected to the Internet.
Configuring High Availability The procedure below explains how to configure High Availability for the LAN network, but can be used to configure High Availability for the DMZ network as well. Note: You can enable the DHCP server in both Safe@Office appliances. The Backup gateway’s DHCP server will start answering DHCP requests only if the Master gateway fails. Note: You can force a fail-over to the Backup Safe@Office appliance.
Configuring High Availability The High Availability page appears. d. In the LAN area, in the High Availability Mode drop-down list, select Master. e. In the Virtual Router IP field, type the default gateway IP address. This can be any unused IP address in the LAN network, and must be the same for both gateways. f. Click Apply. A success message appears. 2. In the Backup appliance, do the following: a. Set the appliance’s internal IP address. For further information, see Changing IP Addresses on page 100.
Using Traffic Shaper d. In the LAN area, in the High Availability Mode drop-down list, select Backup. e. In the Virtual Router IP field, type the default gateway IP address. This address must be identical to the Virtual Router IP address you specified when configuring the Master gateway. f. Click Apply. A success message appears. Using Traffic Shaper Traffic Shaper is a bandwidth management solution that allows you to set bandwidth policies to control the flow of communication.
Using Traffic Shaper Traffic Shaper allows you to give a class a bandwidth limit. A class's bandwidth limit is the maximum amount of bandwidth that connections belonging to that class may use together. Once a class has reached its bandwidth limit, connections belonging to that class will not be allocated further bandwidth, even if there is unused bandwidth available. For example, you can limit all traffic used by Peer-To-Peer file-sharing applications to a specific rate, such as 512 kilobit per second.
Using Traffic Shaper Note: If you do not assign a connection type to a class, Traffic Shaper automatically assigns the connection type to the built-in "Default" class. Adding and Editing a Class To add or edit a QoS class 1. Click Network in the main menu, and click the Traffic Shaper tab. The Quality of Service Classes page appears. 2. Click Add.
Using Traffic Shaper The Safe@Office QoS Class Editor wizard opens, with the Step 1 of 3: Quality of Service Parameters dialog box displayed. 3. Complete the fields using the relevant information in the table below. 4. Click Next. The Step 2 of 3: Advanced Options dialog box appears. 5. Complete the fields using the relevant information in the table below. 6. Click Next.
Using Traffic Shaper The Step 3 of 3: Save dialog box appears with a summary of the class. 7. Type a name for the class. For example, if you are creating a class for high priority Web connections, you can name the class "High Priority Web". 8. Click Finish. The new class appears in the Quality of Service Classes page. Table 16: QoS Class Fields In this field… Relative Weight Do this… Type a value indicating the class's importance relative to the other defined classes.
Using Traffic Shaper In this field… Do this… Guaranteed Rate The percentage of bandwidth that the class is guaranteed, out of the total amount of bandwidth. For example, if there are only two classes, and you assign one class a weight of 100 and the other class a weight of 50, the first class's guaranteed rate will be 66% and the second class's guaranteed rate will be 33%. This field is read-only and is shown for informational purposes.
Using Traffic Shaper In this field… Do this… Delay Sensitivity Select the degree of precedence to give this class in the transmission queue: • Low (Bulk Traffic) - Traffic that is not sensitive to long delays. For example, SMTP traffic (outgoing email). • Medium (Normal Traffic) - Normal traffic • High (Interactive Traffic) - Traffic that is highly sensitive to delay. For example, IP telephony, videoconferencing, and interactive protocols that require quick user response, such as telnet.
Using Traffic Shaper In this field… Do this… DiffServ Code Select this option to mark packets belonging to this Point class with a DiffServ Code Point (DSCP), which is an integer between 0 and 63. Then type the DSCP in the field provided. The marked packets will be given priority on the public network according to their DSCP. To use this option, your ISP or private WAN must support DiffServ. You can obtain the correct DSCP value from your ISP or private WAN administrator.
Using Traffic Shaper Restoring Traffic Shaper Defaults The Safe@Office appliance provides four built-in QoS classes: If desired, you can reset the Traffic Shaper bandwidth policy to use these classes, and restore the classes to their default settings (shown above). Note: This will delete any additional classes you defined in Traffic Shaper and reset all rules to use the Default class. If one of the additional classes is currently used by a rule, you cannot reset Traffic Shaper to defaults.
Using Network Objects Using Network Objects You can add individual computers or networks as network objects. This enables you to configure various settings for the computer or network represented by the network object. You can configure the following settings for a network object: • Static NAT (or One-to-One NAT) Static NAT allows the mapping of Internet IP addresses or address ranges to hosts inside the internal network.
Using Network Objects • Assign the network object's IP address to a MAC address Normally, the Safe@Office DHCP server consistently assigns the same IP address to a specific computer. However, if the Safe@Office DHCP server runs out of IP addresses and the computer is down, then the DHCP server may reassign the IP address to a different computer. If you want to guarantee that a particular computer's IP address remains constant, you can reserve the IP address for use by the computer's MAC address only.
Using Network Objects • The Active Computers page This page enables you to add only individual computers as network objects. The computer's details are filled in automatically in the wizard. To add or edit a network object via the Network Objects page 1. Click Network in the main menu, and click the Network Objects tab. The Network Objects page appears with a list of network objects. 2. Do one of the following: • To add a network object, click New.
Using Network Objects The Safe@Office Network Object Wizard opens, with the Step 1: Network Object Type dialog box displayed. 3. Do one of the following: • To specify that the network object should represent a single computer or device, click Single Computer. • To specify that the network object should represent a network, click Network. 4. Click Next. The Step 2: Computer Details dialog box appears. If you chose Single Computer, the dialog box includes the Perform Static NAT option.
Using Network Objects If you chose Network, the dialog box does not include this option. 5. Complete the fields using the information in the tables below. 6. Click Next. The Step 3: Save dialog box appears. 7. Type a name for the network object in the field. 8. Click Finish. To add or edit a network object via the Active Computers page 1. Click Reports in the main menu, and click the Active Computers tab.
Using Network Objects The Active Computers page appears. If a computer has not yet been added as a network object, the Add button appears next to it. If a computer has already been added as a network object, the Edit button appears next to it. 2. Do one of the following: • To add a network object, click Add next to the desired computer. • To edit a network object, click Edit next to the desired computer. The Safe@Office Network Object Wizard opens, with the Step 2: Computer Details dialog box displayed.
Using Network Objects Table 17: Network Object Fields for a Single Computer In this field… IP Address Do this… Type the IP address of the local computer, or click This Computer to specify your computer. Reserve this IP for use Select this option to assign the network object's by the following MAC IP address to a MAC address. address MAC Address Type the MAC address you want to assign to the network object's IP address, or click This Computer to specify your computer's MAC address.
Using Network Objects Table 18: Network Object Fields for a Network In this field… IP Range Do this… Type the range of local computer IP addresses in the network. Perform Static NAT Select this option to map the network's IP (Network Address address range to a range of Internet IP addresses Translation) of the same size. You must then fill in the External IP Range field. External IP Range Type the Internet IP address range to which you want to map the network's IP address range.
Using Static Routes A confirmation message appears. b. Click OK. The network object is deleted. Using Static Routes A static route is a setting that explicitly specifies the route for packets destined for a certain subnet. Packets with a destination that does not match any defined static route will be routed to the default gateway. To modify the default gateway, see Using a LAN Connection on page 68.
Using Static Routes The Static Routes page appears, with a listing of existing static routes. 2. Click New Route. The Edit Route page appears. 3. Complete the fields using the information in the table below. 4. Click Apply. The new static route is saved.
Using Static Routes Table 19: Edit Route Page Fields In this field… Do this… Destination Network Type the network address of the destination network. Subnet Mask Select the subnet mask. Gateway IP Type the IP address of the gateway (next hop router) to which to route the packets destined for this network. Metric Type the static route's metric. The gateway sends a packet to the route that matches the packet's destination and has the lowest metric.
