- DL manuals
- QNO
- Network Router
- 4WAN
- User Manual
QNO 4WAN User Manual
Summary of 4WAN
Page 1
English user’s manual 4 wan enterprise multi-wan vpn qos router load balancing, bandwidth management, vpn & network security management.
Page 2
Enterprise multi-wan vpn qos router i product manual using permit agreement [product manual (hereafter the "manual") using permit agreement] hereafter the "agreement" is the using permit of the manual, and the relevant rights and obligations between the users and qno technology inc (hereafter "qno")...
Page 3
Enterprise multi-wan vpn qos router ii it may cause serious civil and criminal punishment. The transgressor will receive the accusation possibly. 【 4】legal liability and exclusion 【 4-1】qno will check the mistake of the texts and diagrams with all strength. However, qno, distributors, and resellers ...
Page 4
Enterprise multi-wan vpn qos router iii there is any dissension or dispute between the users and qno, it should be attempted to solve by consultation first. If it is not solved by consultation, user agrees that the dissension or dispute is brought to trial in the jurisdiction of the court in the loc...
Page 5
Enterprise multi-wan vpn qos router iv content i. Introduction.................................................................................................................................................1 ii. Multi- wan vpn router installation .......................................................
Page 6
Enterprise multi-wan vpn qos router v 7.6 ip grouping................................................................................................................................................. 65 viii. Qos (quality of service) ......................................................................
Page 7
Enterprise multi-wan vpn qos router vi 12.3 routing .................................................................................................................................................... 159 12.3.1 dynamic routing............................................................................
Page 8
Enterprise multi-wan vpn qos router 1 i. Introduction enterprise multi-wan vpn qos router (referred as vpn router hereby) is a business level security router that efficiently integrates new generation multiple wan-port devices. It meets the needs of both medium and large-scale enterprises, internet ...
Page 9
Enterprise multi-wan vpn qos router 2 the advanced built-in firewall function enables vpn router to resist most attacks from the internet. It utilizes active detection technology spi (stateful packet inspection). The spi firewall functions mainly within the network by dynamically inspecting each lin...
Page 10
Enterprise multi-wan vpn qos router 3 ii. Multi- wan vpn router installation in this chapter we are going to introduce hardware installation. Through the understanding of multi-wan setting process, users can easily setup and manage the network,making vpn router functioning and having best performanc...
Page 11
Enterprise multi-wan vpn qos router 4 # setting content purpose 1 hardware installation configure the network to meet user’s demand. Install the device hardware based on user physical requirements. 2 login login the device with web browser. Login the device web- based ui. Verify device specification...
Page 12
Enterprise multi-wan vpn qos router 5 7 set firewall: prevent attack and improper access to network resources block attack, set access rule and restrict web access. Administrators can block bt to avoid bandwidth occupation, and enable access rules to restrict employee accessing internet improperly o...
Page 13
Enterprise multi-wan vpn qos router 6 iii. Hardware installation in this chapter we are going to introduce hardware interface as well as physical installation. 3.1 led signal led signal description led color description power green green led on: power on diag amber amber led on: system self-test is ...
Page 14
Enterprise multi-wan vpn qos router 7 installing the device on a standard 19” rack we suggest to either place the device on a desk or install it in a rack with attached brackets. Do not place other heavy objects together with the device on a rack. Overloading may cause the rack to fail, thus causing...
Page 15
Enterprise multi-wan vpn qos router 8 3.2 vpn router network connection wan connection :a wan port can be connected with xdsl modem, fiber modem, switching hub, or through an external router to connect to the internet. Lan connection: the lan port can be connected to a switching hub or directly to a...
Page 16
Enterprise multi-wan vpn qos router 9 iv. Login this chapter is mainly introducing web- based ui after conneting the device. First, check up the device’s ip address by connecting to dos through the lan pc under the device. Go to start run, enter cmd to commend dos, and enter ipconfig for getting def...
Page 17
Enterprise multi-wan vpn qos router 10 then, open webpage browser, ie for example, and key in 192.168.1.1 in the website column. The login window will appear as below: the device’s default username and password are both “admin”. Users can change the login password in the setting later. Attention! Fo...
Page 18
Enterprise multi-wan vpn qos router 11 v. Device spec verification, status display and login password and time setting this chapter introduces the device specification and status after login as well as change password and system time settings for security. 5.1 home page in the home page, all the dev...
Page 19
Enterprise multi-wan vpn qos router 12 quality of service: indicates how many qos rules are set. Manual connect: when “obtain an ip automatically” is selected, two buttons (release and renew) will appear. If a wan connection, such as pppoe or pptp, is selected, “disconnect” and “connect” will appear...
Page 20
Enterprise multi-wan vpn qos router 13 the current port setting status information will be shown in the port information table. Examples: type (10base-t/100base-tx/1000base-t), iniferface (wan/ lan/ dmz), link status (up/ down), physical port status (port enabled/ port disabled), priority (high or n...
Page 21
Enterprise multi-wan vpn qos router 14 device ip address/ subnet mask:identifies the current device ip address and subnet mask. The default is 192.168.1.1 and 255.255.255.0 working mode:indicates the current working mode. Can be gateway or router mode. The default is “gateway” mode. System active ti...
Page 22
Enterprise multi-wan vpn qos router 15 5.1.5 vpn status vpn setting status: indicates vpn setting information in the device. Tunnel(s) used:indicates number of tunnels that have been configured in vpn (virtual private network). Tunnel(s) available:indicates number of tunnels that are available for v...
Page 23
Enterprise multi-wan vpn qos router 16 5.2 change and set login password and time 5.2.1 password setting when you login the device setting window every time, you must enter the password. The default value for the device username and password are both “admin”. For security reasons, we strongly recomm...
Page 24
Enterprise multi-wan vpn qos router 17 confirm new password: input the new password again for verification. Apply: click “apply” to save the configuration. Cancel: click “cancel" to leave without making any change. This action will be effective before ”apply” to save the configuration. 5.2.2 time th...
Page 25
Enterprise multi-wan vpn qos router 18 time zone: select your location from the pull-down time zone list to show correct local time. Daylight saving: if there is daylight saving time in your area, input the date range. The device will adjust the time for the daylight saving period automatically. Ext...
Page 26
Enterprise multi-wan vpn qos router 19 vi. Network this network page contains the basic settings. For most users, completing this general setting is enough for connecting with the internet. However, some users need advanced information from their isp. Please refer to the following descriptions for s...
Page 27
Enterprise multi-wan vpn qos router 20 6.1.1 host name and domain name device name and domain name can be input in the two boxes. Though this configuration is not necessary in most environments, some isps in some countries may require it. 6.1.2 lan setting this is configuration information for the d...
Page 28
Enterprise multi-wan vpn qos router 21 this function enables users to input ip segments that differ from the router network segment to the multi-net segment configuration; the internet will then be directly accessible. In other words, if there are already different ip segment groups in the intranet,...
Page 29
Enterprise multi-wan vpn qos router 22 interface: an indication of which port is connected. Connection type: obtain an ip automatically, static ip connection, pppoe (point-to-point protocol over ethernet), pptp (point-to-point tunneling protocol) or transparent bridge. Config.: a modification in an ...
Page 30
Enterprise multi-wan vpn qos router 23 enable line-dropped scheduling: the wan disconnection schedule will be activated by checking this option. In some areas, there is a time limitation for wan connection service. For example: the optical fiber service will be disconnected from 0:00 am to 6:00 am. ...
Page 31
Enterprise multi-wan vpn qos router 24 wan ip address: input the available static ip address issued by isp. Subnet mask: input the subnet mask of the static ip address issued by isp, such as: issued eight static ip addresses: 255.255.255.248 issued 16 static ip addresses: 255.255.255.240 default gat...
Page 32
Enterprise multi-wan vpn qos router 25 enable line-dropped scheduling: the wan disconnection schedule will be activated by checking this option. In some areas, there is a time limitation for wan connection service. For example: the optical fiber service will be disconnected from 0:00 am to 6:00 am. ...
Page 33
Enterprise multi-wan vpn qos router 26 user name: input the user name issued by isp. Password input the password issued by isp. Connect on demand: this function enables the auto-dialing function to be used in a pppoe dial connection. When the client port attempts to connect with the internet, the de...
Page 34
Enterprise multi-wan vpn qos router 27 enable line-dropped scheduling the wan disconnection schedule will be activated by checking this option. In some areas, there is a time limitation for wan connection service. For example: the optical fiber service will be disconnected from 0:00 am to 6:00 am. A...
Page 35
Enterprise multi-wan vpn qos router 28 password issued by isp, and use the built-in pptp software to connect with the internet. Wan ip address: this option is to configure a static ip address. The ip address to be configured could be one issued by isp. (the ip address is usually provided by the isp ...
Page 36
Enterprise multi-wan vpn qos router 29 connect on demand: this function enables the auto-dialing function to be used for a pptp dial connection. When the client port attempts to connect with the internet, the device will automatically connect with the default isp auto dial connection; when the netwo...
Page 37
Enterprise multi-wan vpn qos router 30 shared- circuit wan environment if your wan connects to a switch, select “enabled” to filter broadcast packets. The default is “disabled”. Mtu: : : : mtu is abbreviation of maximum transmission unit. “auto” and “manual” can be chosen. The default value is 1500....
Page 38
Enterprise multi-wan vpn qos router 31 wan ip address: input one of the static ip addresses issued by isp. Subnet mask: input the subnet mask of the static ip address issued by isp, such as: issued eight static ip addresses: 255.255.255.248 issued 16 static ip addresses: 255.255.255.240 default gate...
Page 39
Enterprise multi-wan vpn qos router 32 enable line-dropped scheduling: the wan disconnection schedule will be activated by checking this option. In some areas, there is a time limitation for wan connection service. For example: the optical fiber service will be disconnected from 0:00 am to 6:00 am. ...
Page 40
Enterprise multi-wan vpn qos router 33 externally connected servers such as web and mail servers. Therefore, the device supports a set of independent dmz ports for users to set up connections for servers with real ip addresses. The dmz ports act as bridges between the internet and lans. Ip address: ...
Page 41
Enterprise multi-wan vpn qos router 34 ip range: input the ip range located at the dmz port. After the changes are completed, click “apply” to save the configuration, or click “cancel" to leave without making any changes..
Page 42
Enterprise multi-wan vpn qos router 35 6.2 multi- wan setting 6.2.1 load balance mode auto load balance mode when auto load balance mode is selected, the device will use sessions or ip and the wan bandwidth automatically allocate connections to achieve load balancing for external connections. The ne...
Page 43
Enterprise multi-wan vpn qos router 36 for example, if users want to assign ip 192.168.1.100 to go through wan 1 when connecting with the internet, or assign all intranet ip to go through wan 2 when connecting with servers with port 80, or assign all intranet ip to go through wan 1 when connecting w...
Page 44
Enterprise multi-wan vpn qos router 37 attention: when assigning mode is selected, as in the above example, the ip(s) or service provider(s) configured in the connection rule will follow the rule for external connections, but those which are not configured in the rule will still follow the device lo...
Page 45
Enterprise multi-wan vpn qos router 38 name: to define a name for the wan grouping in the box, such as “education” etc. The name is for recognizing different wan groups. Interface: check the boxes for the wans to be added into this combination. Add to list: to add a wan group to the grouping list. D...
Page 46
Enterprise multi-wan vpn qos router 39 to build a policy document users can use a text-based editor, such as notepad, which is included with windows system. Follow the text format in the figure below to key in the destination ip addresses users want to assign. For example, if the destination ip addr...
Page 47
Enterprise multi-wan vpn qos router 40 interface: select the wan port that enables network service detection. Retry: this selects the retry times for network service detection. The default is five times. If there is no feedback from the internet in the configured “retry times", it will be judged as ...
Page 48
Enterprise multi-wan vpn qos router 41 for 10.0.0.1~10.254.254.254 cannot be transmitted through wan 2, and there is no need to remove the connection when wan 1 is disconnected. (2) keep system log and remove the connection: if an isp connection failure is detected, no error message will be recorded...
Page 49
Enterprise multi-wan vpn qos router 42 in addition, do not input the same web address in this box for two different wans. Note! in the load balance mode for assigned routing, the first wan port (wan1) will be saved for the traffic of the ip addresses or the application service ports that are not ass...
Page 50
Enterprise multi-wan vpn qos router 43 protocol binding users can define specific ip addresses or specific application service ports to go through a user-assigned wan for external connections. For any other unassigned ip addresses and services, wan load balancing will still be carried out. Note! in ...
Page 51
Enterprise multi-wan vpn qos router 44 service: this is to select the binding service port to be activated. The default (such as all-tcp&udp 0~65535, www 80~80, ftp 21 to 21, etc.) can be selected from the pull-down option list. The default service is all 0~65535. Option list for service management:...
Page 52
Enterprise multi-wan vpn qos router 45 note! the rules configured in protocol binding will be executed by the device according to their priorities too. The higher up on the list, the higher the priority of execution. Show table: click the “show table” button. A dialogue box as shown in the following...
Page 53
Enterprise multi-wan vpn qos router 46 service name: in this box, input the name of the service port which users want to activate, such as bt, etc. Protocol: this option list is for selecting a packet format, such as tcp or udp for the service ports users want to activate. Port range: in the boxes, ...
Page 54
Enterprise multi-wan vpn qos router 47 as in the figure below, select “all traffic” from the pull-down option list “service”, and then in the boxes of “source ip” input the source ip address “192.168.1.100” to “100”. Retain the original numbers “0.0.0.0” in the boxes of “destination ip” (which means...
Page 55
Enterprise multi-wan vpn qos router 48 example 3:how do i set up auto load balance mode to keep all intranet ip addresses from going through wan2 when the destination port is port 80 and keep all other services from going through wan1? As in the figure below, there are two rules to be configured. Th...
Page 56
Enterprise multi-wan vpn qos router 49 internet ip addresses). Select wan1 from the pull-down option list “interface”, and then click “enable”. Finally, click “add new” and the rule will be added to the mode. The device will transmit packets that are not going to port 80 to the internet through wan1...
Page 57
Enterprise multi-wan vpn qos router 50 through wan1? As in the figure below, select “http[tcp/80~80]” from the pull-down option list “service”, and then in the boxes of “source ip” input “192.168.1.0 ~ 0” (which means to include all intranet ip addresses). Retain the original numbers “0.0.0.0” in th...
Page 58
Enterprise multi-wan vpn qos router 51 port [tcp&udp/1~65535]” from the pull-down option list “service”, and then in the boxes of “source ip” input “192.168.1.0 ~ 0” (which means to include all intranet ip addresses). In the boxes for “destination ip” input “211.1.1.1 ~ 211.254.254.254”. Select wan2...
Page 59
Enterprise multi-wan vpn qos router 52 vii. Port management this chapter introduces how to configure ports and understand how to configure intranet ip addresses. 7.1 setup through the device, users can easily manage the setup for wan ports, lan ports and the dmz port by choosing the number of ports,...
Page 60
Enterprise multi-wan vpn qos router 53 mirror port:users can configure lan 1 as mirror port by choosing “enable port 1 as mirror port”. All the traffic from lan to wan will be copied to mirror port. Administrator can control or filter the traffic through mirror port. Once this function is enabled, l...
Page 61
Enterprise multi-wan vpn qos router 54 disabled: this feature allows users turn on/off the ethernet port. If selected, the ethernet port will be shut down immediately and no connection can be made. The default value is "on". Priority: this feature allows users to set the high/low priority of the pac...
Page 62
Enterprise multi-wan vpn qos router 55 7.2 port status summary: there are network connection type, interface, link status (up/down), port activity (port enabled), priority setting (high or normal), speed status (10mbps or 100mbps), duplex status (half duplex or full duplex), auto neg. (enabled/disab...
Page 63
Enterprise multi-wan vpn qos router 56 statistics: the packet data of this specific port will be displayed. Data include receive/ transmit packet count, receive/ transmit packet byte count and error packet count. Users may press the refresh button to update all real-time messages..
Page 64
Enterprise multi-wan vpn qos router 57 7.3 ip/ dhcp with an embedded dhcp server, it supports automatic ip assignation for lan computers. (this function is similar to the dhcp service in nt servers.) it benefits users by freeing them from the inconvenience of recording and configuring ip addresses f...
Page 65
Enterprise multi-wan vpn qos router 58 dynamic ip: client lease time: check the option to activate the dhcp server automatic ip lease function. If the function is activated, all pcs will be able to acquire ip automatically. Otherwise, users should configure static virtual ip for each pc individually...
Page 66
Enterprise multi-wan vpn qos router 59 7.4 dhcp status this is an indication list of the current status and setup record of the dhcp server. The indications are for the administrator’s reference when a network modification is needed. Dhcp server: this is the current dhcp ip. Dynamic ip used: the amo...
Page 67
Enterprise multi-wan vpn qos router 60 ip address: the ip address acquired by the current computer. Mac address: the actual mac network location of the current computer. Client lease time: the lease time of the ip released by dhcp. Delete: remove a record of an ip lease..
Page 68
Enterprise multi-wan vpn qos router 61 7.5 ip & mac binding administrators can apply ip & mac binding function to make sure that users can not add extra pcs for internet access or change private ip addresses. There are two methods for setting up this function:.
Page 69
Enterprise multi-wan vpn qos router 62 block mac address not on the list this method only allows mac addresses on the list to receive ip addresses from dhcp and have internet access. When this method is applied, please fill out static ip with 0.0.0.0, as the figure below: ip & mac binding.
Page 70
Enterprise multi-wan vpn qos router 63 static ip: there are two ways to input static ip: 1. If users want to set up a mac address to acquire ip from dhcp, but the ip need not be a specific assigned ip, input 0.0.0.0 in the boxes. The boxes cannot be left empty. 2. If users want dhcp to assign a stat...
Page 71
Enterprise multi-wan vpn qos router 64 name: for distinguishing clients, input the name or address of the client that is to be bound. The maximum acceptable characters are 12. Enabled: activate this configuration. Add to list: add the configuration or modification to the list. Delete selected item: ...
Page 72
Enterprise multi-wan vpn qos router 65 7.6 ip grouping the function enables users to make the same configuration for a range of continuous ip addresses in the network. For example, if an ip range (192.168.1.100~192.168.1.110) has been assigned to a department of a company, we can bind all the ip add...
Page 73
Enterprise multi-wan vpn qos router 66 viii. Qos (quality of service) qos is an abbreviation for quality of service. The main function is to restrict bandwidth usage for some services and ip addresses to save bandwidth or provide priority to specific applications or services, and also to enable othe...
Page 74
Enterprise multi-wan vpn qos router 67 8.1 bandwidth management 8.1.1 the maximum bandwidth provided by isp in the boxes for wan1 and wan2 bandwidth, input the upstream and downstream bandwidth which users applied for from bandwidth supplier. The bandwidth qos will make calculations according to the...
Page 75
Enterprise multi-wan vpn qos router 68 rate of upstream and downstream for each ip and service port based on the total actual bandwidth of wan1 and wan2. For example, if the upstream bandwidths of both wan1 and wan2 are 512kbit/sec, the total upstream bandwidth will be: wan1 + wan2 = 1024kbit/sec. T...
Page 76
Enterprise multi-wan vpn qos router 69 interface: select on which wan the qos rule should be executed. It can be a single selection or multiple selections. Service port: select what bandwidth control is to be configured in the qos rule. If the bandwidth for all services of each ip is to be controlle...
Page 77
Enterprise multi-wan vpn qos router 70 ip address: this is to select which user is to be controlled. If only a single ip is to be restricted, input this ip address, such as “192.168.1.100 to 100”. The rule will control only the ip 192.168.1.100. If an ip range is to be controlled, input the range, s...
Page 78
Enterprise multi-wan vpn qos router 71 bandwidth assign type: sharing total bandwidth with all ip addresses: if this option is selected, all ip addresses or service ports will share the bandwidth range (from minimum to maximum bandwidth). Assign bandwidth for each ip address: if this option is selec...
Page 79
Enterprise multi-wan vpn qos router 72 priority control: the router will distribute the bandwidth as 60% (the highest) and 10% (the lowest). If you set the service port 80 as “high” priority, the router will give 60% bandwidth to the port 80. In the other hand, if you give the port 21 as “low” prior...
Page 80
Enterprise multi-wan vpn qos router 73 direction: upstream: means the upload bandwidth for intranet ip. Downstream: means the download bandwidth for intranet ip. Server in lan, upstream: if a server for external connection has been built in the device, this option is to control the bandwidth for the...
Page 81
Enterprise multi-wan vpn qos router 74 8.2 session control session management controls the acceptable maximum simultaneous sessions of intranet pcs. This function is very useful for managing connection quantity when p2p software such as bt, thunder, or emule is used in the intranet causing large num...
Page 82
Enterprise multi-wan vpn qos router 75 when single ip exceed __: if this function is selected, when the user’s port session reach the limit, this user will not be able to make a new session for five minutes. Even if the previous session has been closed, new sessions cannot be made until the setting ...
Page 83
Enterprise multi-wan vpn qos router 76 service port: choose the service port. Ip address: input the ip address range or ip group. Enabled: activate the rule. Add to list: add this rule to the list. Delete seleted item: remove the rules selected from the service list. Apply: click “apply” to save the...
Page 84
Enterprise multi-wan vpn qos router 77 8.3 smart qos the smart qos function enables the administrators to constrain the bandwidth occupied automatically without any configuring. Enabled smart qos to activate the smart qos function. When the usage of any wan's bandwith is over than __ %, enable smart...
Page 85
Enterprise multi-wan vpn qos router 78 enabled penalty mechanism to activate the penalty mechanism. Show penalty list to show the ips with upstream constraint、 downstream constraint and in the penalty mechanism. Applied time if “always” is selected, the rule will be executed around the clock. If “fr...
Page 86
Enterprise multi-wan vpn qos router 79 ix. Firewall this chapter introduces firewall general policy, access rule, and content filter settings to ensure network security. 9.1 general policy the firewall is enabled by default. If the firewall is set as disabled, features such as spi, dos, and outbound...
Page 87
Enterprise multi-wan vpn qos router 80 spi (stateful packet inspection): this enables the packet automatic authentication detection technology. The firewall operates mainly at the network layer. By executing the dynamic authentication for each connection, it will also perform an alarming function fo...
Page 88
Enterprise multi-wan vpn qos router 81 advanced setting packet type: this device provides three types of data packet transmission: tcp-syn-flood, udp-flood and icmp-flood. Wan threshold: when all packet values from external attack or from single external ip attack reach the maximum amount (the defau...
Page 89
Enterprise multi-wan vpn qos router 82 show blocked ip: show the blocked ip list and the remained blocked time. Restricted web features: it supports the block that is connected through: java, cookies, active x, and http proxy access. Don’t block java / activex / cookies proxy to trusted domain: if t...
Page 90
Enterprise multi-wan vpn qos router 83 9.2 restrict application users can check msn/ skype/ qq/ bt and the device will block the service users checked. However, to provide this service for certain ip address in the intranet, users may check the following item and then enter the specific ip address o...
Page 91
Enterprise multi-wan vpn qos router 84 user name: input the information of the qq number, etc. Exempted qq number: input the number. Add to list: add the number to the list. Delete selected item: delete the selected rule in the list..
Page 92
Enterprise multi-wan vpn qos router 85 9.3 access rule users may turn on/off the setting to permit or forbid any packet to access internet. Users may select to set different network access rules: from internal to external or from external to internal. Users may set different packets for ip address a...
Page 93
Enterprise multi-wan vpn qos router 86 in addition to the default rules, all the network access rules will be displayed as illustrated above. Users may follow or self- define the priority of each network access rule. The device will follow the rule priorities one by one, so please make sure the prio...
Page 94
Enterprise multi-wan vpn qos router 87 9.3.2 add new access rule action: allow: permits the pass of packets compliant with this control rule deny: prevents the pass of packets not compliant with this control rule service port: from the drop-down menu, select the service that users grant or do not gi...
Page 95
Enterprise multi-wan vpn qos router 88 menu. Source ip: select the source ip range (for example: any, single, range, or preset ip group name). If single or range is selected, please enter a single ip address or an ip address within a session. Dest. Ip: select the destination ip range (such as any, s...
Page 96
Enterprise multi-wan vpn qos router 89 9.4 content filter the device supports two webpage restriction modes: one is to block certain forbidden domains, and the other is to give access to certain web pages. Only one of these two modes can be selected. Block forbidden domain fill in the complete websi...
Page 97
Enterprise multi-wan vpn qos router 90 domain name: enter the websites to be controlled such as www.Playboy.Com add to list: click ”add to list” to create a new website to be controlled. Delete selected item: click to select one or more controlled websites and click this option to delete. Website bl...
Page 98
Enterprise multi-wan vpn qos router 91 accept allowed domains in some companies or schools, employees and students are only allowed to access some specific websites. This is the purpose of the function. Enabled: activate the function. The default setting is “disabled.” domain name: input the allowed...
Page 99
Enterprise multi-wan vpn qos router 92 always: select “always” to apply the rule on a round-the-clock basis. Select “from”, and the operation will run according to the defined time. …to…: select "always" to apply the rule on a round-the-clock basis. If “from” is selected, the activation time is intr...
Page 100
Enterprise multi-wan vpn qos router 93 x. Vpn (virtual private network) 10.1. Vpn 10.1.1. Display all vpn summary this vpn summary displays the real-time data with regard to vpn status. These data include: all tunnel numbers (pptp, ipsec + qnokey and ipsec vpn), setting parameters and group vpn and ...
Page 101
Enterprise multi-wan vpn qos router 94 advanced setting: through advanced setting,users may adjust the tunnel number of ipsec and qnokey. This shows how many vpn tunnels are in use or available. Detail: push this button to display the following information with regard to all current vpn configuratio...
Page 102
Enterprise multi-wan vpn qos router 95 vpn tunnel status: the following describes vpn tunnel status, the current status of vpn tunnel in detail: previous page/next page, jump to __/__ page, __ entries per page click previous page or next page to view the desired vpn tunnel page. Or users can select ...
Page 103
Enterprise multi-wan vpn qos router 96 account id: displays the current vpn tunnel connection name, such as xxx office. Users are well-advised to give them different names to avoid confusion should users have more than one tunnel settings. Note: if this tunnel is to be connected to other vpn device ...
Page 104
Enterprise multi-wan vpn qos router 97 group name: displays the tunnel name of the group vpn that is connected. Connected tunnels: displays the vpn groups tunnel numbers. Phase2 encrypt/auth/dh: displays settings such as encryption (des/3des), authentication (md5/sha1) and group (1/2/5). If users se...
Page 105
Enterprise multi-wan vpn qos router 98 10.1.2. Add a new vpn tunnel the device supports gateway to gateway tunnel or client to gateway tunnel. The vpn tunnel connections are done by 2 vpn devices via the internet. When a new tunnel is added, the setting page for gateway to gateway or client to gatew...
Page 106
Enterprise multi-wan vpn qos router 99 10.1.2.1. Gateway to gateway setting the following instructions will guide users to set a vpn tunnel between two devices. Tunnel no.: set the embedded vpn feature, please select the tunnel number. Tunnel name: displays the current vpn tunnel connection name, su...
Page 107
Enterprise multi-wan vpn qos router 100 local security gatewaytype: this local gateway authentication type comes with five operation modes, which are: ip only ip + domain name (fqdn) authentication ip + e-mail addr. (user fqdn) authentication dynamic ip + domain name (fqdn) authentication dynamic ip...
Page 108
Enterprise multi-wan vpn qos router 101 need to do further settings. (4) dynamic ip + domain name(fqdn) authentication: if users use dynamic ip address to connect to the device, users may select this option to link to vpn. If the remote vpn gateway requires connection to the device for vpn connectio...
Page 109
Enterprise multi-wan vpn qos router 102 build the vpn tunnel. Reference: when this vpn tunnel is connected, computers with the ip address of 192.168.1.0 can establish connection. 2. Subnet this option allows local computers in this subnet can be connected to the vpn tunnel. Reference: when this vpn ...
Page 110
Enterprise multi-wan vpn qos router 103 this remote gateway authentication type (remote security gateway type) must be identical to the remotely-connected local security gateway authentication type (local security gateway type). Remote security gateway type: this remote gateway authentication type c...
Page 111
Enterprise multi-wan vpn qos router 104 (2) ip + domain name(fqdn) authentication: if users select ip + domain name, please enter ip address and the domain name to be verified. Fqdn refers to the combination of host name and domain name. Users may enter any name that corresponds to the domain name o...
Page 112
Enterprise multi-wan vpn qos router 105 if users select ip address and e-mail type, entering the ip address and the e-mail allows users to gain access to this tunnel. If the remote ip address is unknown, choose ip by dns resolved, allowing dns to translated the ip address. This domain name must be a...
Page 113
Enterprise multi-wan vpn qos router 106 (5) dynamic ip + e-mail addr. (user fqdn) authentication. If users use dynamic ip address to connect with the device, users may select this type to link to vpn. When the remote vpn gateway requires connection to facilitate vpn connection, the device will start...
Page 114
Enterprise multi-wan vpn qos router 107 remote security group type: this option allows users to set the remote vpn connection access type. The following offers a few items for remote settings. Please select and set appropriate parameters: (1) ip address this option allows the only ip address which i...
Page 115
Enterprise multi-wan vpn qos router 108 tunnels must be identical in order to create connection. And the transmission data must be encrypted with ipsec key, which is known as the encryption "key". The device provides the following two encrypted key managements. They are manual and ike automatic encr...
Page 116
Enterprise multi-wan vpn qos router 109 use ike protocol: click the shared key generated by ike to encrypt and authenticate the remote user. If pfs (perfect forward secrecy) is enabled, the phase 2 shared key generated during the ike coordination will conduct further encryption and authentication. W...
Page 117
Enterprise multi-wan vpn qos router 110 identical to that of the remote authentication mode: “md5” or “sha1”. Phase 1 sa life time: the life time for this exchange code is set to 28800 seconds (or 8hours) by default. This allows the automatic generation of other exchange password within the valid ti...
Page 118
Enterprise multi-wan vpn qos router 111 users must set it the same with the outgoing spi string of the remote vpn device. And the outgoing spi string must be the same with the incoming spi string of the remote vpn device. Advanced setting- for ike protocol only the advanced settings include main mod...
Page 119
Enterprise multi-wan vpn qos router 112 dead peer detection (dpd): if this option is selected, the connected vpn tunnel will regularly transmit hello/ack message packet to detect whether there is connection between the two ends of the vpn tunnel. If one end is disconnected, the device will disconnec...
Page 120
Enterprise multi-wan vpn qos router 113 10.1.2.2. Client to gateway setting the following describes how an administrator builds a vpn tunnel between devices. Users can set this vpn tunnel to be used by one client or by a group of clients (group vpn) at the client end. If it is used by a group of cli...
Page 121
Enterprise multi-wan vpn qos router 114 local group setup this local gateway authentication type (local security gateway type) must be identical with that of the remote type (remote security gateway type). Local security gateway type: this local gateway authentication type comes with five operation ...
Page 122
Enterprise multi-wan vpn qos router 115 (3) ip + e-mail addr. (user fqdn) authentication. If users select ip address and e-mail, enter the ip address and e-mail address to gain access to this tunnel and the wan ip address will be automatically filled into this space. Users don't need to do further s...
Page 123
Enterprise multi-wan vpn qos router 116 local security group type: this option allows users to set the local vpn connection access type. The following offers a few items for local settings. Please select and set appropriate parameters: 4. Ip address this option allows the only ip address which is en...
Page 124
Enterprise multi-wan vpn qos router 117 remote group setup: this remote gateway authentication type (remote security gateway type) must be identical to the remotely-connected local security gateway authentication type (local security gateway type). Remote security gateway type: this local gateway au...
Page 125
Enterprise multi-wan vpn qos router 118 if users select ip + domain name type, please enter the domain name and ip address. The wan ip address will be automatically filled into this space. Users don't need to do further settings. Fqdn refers to the combination of host name and domain name and can be...
Page 126
Enterprise multi-wan vpn qos router 119 users may select this option to connect to vpn without entering ip address. When vpn gateway requires for vpn connection, the device will start authentication and respond to vpn tunnel connection; if users select this option to link to vpn, enter e-mail addres...
Page 127
Enterprise multi-wan vpn qos router 120 when users set this vpn tunnel to use any encryption and authentication mode, users must set the parameter of this exchange password with that of the remote. Setting methods include auto (ike) or manual. To do the settings, select any one from the two options....
Page 128
Enterprise multi-wan vpn qos router 121 phase 1/phase 2 authentication: this authentication option allows users to set this vpn tunnel to use any authentication mode. Note that this parameter must be identical to that of the remote authentication mode: “md5” or “sha1”. Phase 1 sa life time: the life...
Page 129
Enterprise multi-wan vpn qos router 122 ● moreover, the exchange strings for “incoming spi” and “outgoing spi” must be identical to those of the connected vpn device. For the incoming spi parameters, users must set it the same with the outgoing spi string of the remote vpn device. And the outgoing s...
Page 130
Enterprise multi-wan vpn qos router 123 passage of netbios broadcast packet. This facilitates the easy connection with other microsoft network; however, the traffic using this vpn tunnel will increase. ● dead peer detection (dpd): if this option is selected, the connected vpn tunnel will regularly t...
Page 131
Enterprise multi-wan vpn qos router 124 local group setup: local security group type: this option allows users to set the local vpn connection access type. The following offers a few items for local settings. Please select and set appropriate parameters: (1) ip address this option allows the only ip...
Page 132
Enterprise multi-wan vpn qos router 125 remote group setup remote security client type: this setting offers three operation modes, which are: domain name (fqdn) e-mail address (user fqdn) microsoft xp/2000 vpn client (1) domain name(fqdn) if users select domain name type, please enter the domain nam...
Page 133
Enterprise multi-wan vpn qos router 126 ipsec setup if there is any encryption mechanism, the encryption mechanism of these two vpn channel settings must be identical in order to establish connection. And the transmission data must be encrypted with ipsec key, which is also known as the encryption "...
Page 134
Enterprise multi-wan vpn qos router 127 groups: group 1/ group 2/ group 5. Phase1/phase2 encryption: this option allows users to set this vpn channel to use any encryption mode. Note that this parameter must be identical to that of the remote encryption parameter: des (64 - bit encryption mode), 3de...
Page 135
Enterprise multi-wan vpn qos router 128 the advanced settings include main mode and aggressive mode. In main mode, the default setting is vpn operation mode. The connection is the same as most of the vpn device. ● aggressive mode: this mode is mostly adopted by remote devices. The ip connection is d...
Page 136
Enterprise multi-wan vpn qos router 129 enabled pptp server: when this option is selected, the point-to-point tunnel protocol pptp server can be enabled..
Page 137
Enterprise multi-wan vpn qos router 130 pptp client ip range: please enter pptp ip address range so as to provide the remote users with an entrance ip into the local network. Enter range start: enter the value into the last field. Enter range end: enter the value into the last field. Username: pleas...
Page 138
Enterprise multi-wan vpn qos router 131 10.1.4. Vpn pass through ipsec pass through: if this option is enabled, the pc is allowed to use vpn- ipsec packet to pass in order to connect to external vpn device. Fixed source port change source port: this option is only required when having vpn connection...
Page 139
Enterprise multi-wan vpn qos router 132 10.2. Qnokey introduces how qno vpn devices conducts preliminary configuration of the data from the user end and how to set the qnokey user to successfully create qnokey by using qnokey management software. 10.2.1. Qnokey summary login to the web-based ui and ...
Page 140
Enterprise multi-wan vpn qos router 133 available time: if the number of days of using qnokey is set, the remaining time is displayed here. Account number limitation: the upper limited number of qnokey users. Used number: the number of qnokey in use. Online number: displays the number of connected d...
Page 141
Enterprise multi-wan vpn qos router 134 this page is designed for qnokey group setup. Group parameters for qnokey include wan ports, valid time, and number of users, and protection actions for potential qnokey losses. These setting options facilitate classified management for qnokey users and enhanc...
Page 142
Enterprise multi-wan vpn qos router 135 for normal and frequent use, the option "forever" may be selected so the user end valid time is infinite. If the user is more complicated or if it is meant for mobile users who travel on business, the vpn security can be guaranteed by setting the valid time of...
Page 143
Enterprise multi-wan vpn qos router 136 on the qnokey summary page, the defined group will be displayed, which is illustrated as below. When a new rule is created, "show list" and "edit" button will be displayed behind the rule. Click on "show list" to show the list of users applying this group rule...
Page 144
Enterprise multi-wan vpn qos router 137 the user is connected and online; “disconnect" means no connection and offline. Stolen key login action: select this option to create settings if the qnokey is lost. Bind mac: if there is hardware binding, qnokey can only execute on the bound pc. Mac address: ...
Page 145
Enterprise multi-wan vpn qos router 138 10.3. Qvm vpn function setup the qvm-series device provides three major convenient functions: 1. Smart link ipsec vpn: easy vpn setup replaces the conventional complicated vpn setup process by entering server ip, user name, and password. 2. Central control fea...
Page 146
Enterprise multi-wan vpn qos router 139 10.3.1. Qvm server settings select qvm feature as server mode:.
Page 147
Enterprise multi-wan vpn qos router 140 account id: must be identical to that of the remote client end. Please enter the remote client user name in either english or chinese. Password: confirm password: must be identical to that of the remote client end. Please enter the password and confirm again. ...
Page 148
Enterprise multi-wan vpn qos router 141 account: displays the remote client user. Green means connection, blue waiting for connection and red for qvm disconnection. Status: displays the qvm vpn connection status. Red means disconnection and green means connection. Interface: shows which wan port is ...
Page 149
Enterprise multi-wan vpn qos router 142 10.3.3. Qvm client settings select qvm feature as client mode: account id: must be identical to that of the server account id. Password: confirm password: must be identical to that of the server password. Please enter the password and confirm again. Qvm vpn ( ...
Page 150
Enterprise multi-wan vpn qos router 143 mins: qvm backup tunnel: you can input at most 3 backup ip addresses or domain names for backup. Once the connection is dropped, the function will be automatically enabled to backup the vpn connection and ensure data transition security. Advanced function: cha...
Page 151
Enterprise multi-wan vpn qos router 144 xi. Virtue route virtual router enable the branch only has single isp service can enjoy two different broadband network. The branch can access another isp network with connecting to headquarter server with dual-bradband connection. As the result, the linking p...
Page 152
Enterprise multi-wan vpn qos router 145 café a can enable virtual route function and link to café b’s device. They can access another isp service through café b’s network. It seems that café a employ dual isp service, too. If users in café a want to access to another isp network, the link speed won’...
Page 153
Enterprise multi-wan vpn qos router 146 11.1 virtue route server (pptp server) the chapter intrduces how to configure a virtue route server. Virtue route builds pptp on the basis of ppp (point-to-point protocol), it strengthens the security of ppp. Virtue route enables encryption transmission betwee...
Page 154
Enterprise multi-wan vpn qos router 147 enabled pptp server: when this option is selected, the point-to-point tunnel protocol pptp server can be enabled. Pptp client ip range: please enter pptp ip address range so as to provide the remote users with an entrance ip into the local network. Enter range...
Page 155
Enterprise multi-wan vpn qos router 148 add to list: add a new account and password. Delete selected item: delete selected item. All pptp status:displays all successfully connected users, including username, remote ip address, and pptp address..
Page 156
Enterprise multi-wan vpn qos router 149 11.2 virtue route client enabled to activate the function. Binding interface to select which wan port is binded: wan1~wan4 binding network to select the binding network: netcome or self-defined. Import ip range click “browse” to import binding ip range. Bindin...
Page 157
Enterprise multi-wan vpn qos router 150 remote host ip address input the ip of virtual route server. User name input the user name. Password input the password. Status show the link status: connect or disconnect. Self-defined ip to build a self-defined ip users can use a text-based editor, such as n...
Page 158
Enterprise multi-wan vpn qos router 151.
Page 159
Enterprise multi-wan vpn qos router 152 xii. Advanced function 12.1 dmz host/ port range forwarding 12.1.1 dmz host when the nat mode is activated, sometimes users may need to use applications that do not support virtual ip addresses such as network games. We recommend that users map the device actu...
Page 160
Enterprise multi-wan vpn qos router 153 12.1.2 port range forwarding setting up a port forwarding virtual host: if the server function (which means the server for an external service such as www, ftp, mail, etc) is contained in the network, we recommend that users use the firewall function to set up...
Page 161
Enterprise multi-wan vpn qos router 154 ip address: input the virtual host ip address. Enabled: activate this function. Service port management: add or remove service ports from the list of service ports. Add to list: add to the active service content. Service port management the services in the lis...
Page 162
Enterprise multi-wan vpn qos router 155 protocol: to select whether a service port is tcp or udp. Port range: to activate this function, input the range of the service port locations users want to activate such as 500~500 or 2300~2310, etc. Add to list: add the service to the service list. It suppor...
Page 163
Enterprise multi-wan vpn qos router 156 application name: users can define names for special application software. This is to make management simple. Trigger port range: input the port numbers for data going from the device to the internet. (such as 9000~6600). Incoming port range: input the port nu...
Page 164
Enterprise multi-wan vpn qos router 157 12.2 upnp upnp (universal plug and play) is a protocol set by microsoft. If the virtual host supports upnp system (such as windows xp), users could also activate the pc upnp function to work with the device. Service port: select the upnp service number default...
Page 165
Enterprise multi-wan vpn qos router 158 delete selected item: remove selected services. Show table: this is a list which displays the current active upnp functions. Apply: click “apply” to save the network configuration modification. Cancel: click “cancel" to leave without making any change..
Page 166
Enterprise multi-wan vpn qos router 159 12.3 routing in this chapter we introduce the dynamic routing information protocol and static routing information protocol. 12.3.1 dynamic routing the abbreviation of routing information protocol is rip. There are two kinds of rip in the ip environment – rip i...
Page 167
Enterprise multi-wan vpn qos router 160 refresh the paths. Rip is a very simple routing protocol, in which distance vector is used. Distance vector determines transmission distance in accordance with the number of routers, rather than based on actual session speed. Therefore, sometimes it will selec...
Page 168
Enterprise multi-wan vpn qos router 161 dest. Ip: subnet mask: input the remote network ip locations and subnet that is to be routed. For example, the ip/subnet is 192.168.2.0/255.255.255.0. Gateway: the default gateway location of the network node which is to be routed. Hop count: this is the route...
Page 169
Enterprise multi-wan vpn qos router 162 12.4 one to one nat as both the device and atu-r need only one actual ip, if isp issued more than one actual ip (such as eight adsl static ip addresses or more), users can map the remaining real ip addresses to the intranet pc virtual ip addresses. These pcs u...
Page 170
Enterprise multi-wan vpn qos router 163 enabled one to one nat: to activate or close the one-to-one nat function. (check to activate the function). Private ip range begin: input the private ip address for the intranet one-to-one nat function. Public ip range begin: input the public ip address for th...
Page 171
Enterprise multi-wan vpn qos router 164 set up, the internet ip server or pc which is mapped with a lan port will be exposed on the internet. To prevent internet users from actively connecting with the one-on-one nat server or pc, please set up a proper denial rule for access, as described firewall....
Page 172
Enterprise multi-wan vpn qos router 165 interface this is an indication of the wan port the user has selected. Ddns check either of the boxes before dyndns.Org, 3322.Org, dtdns.Com and qnoddns.Org.Cn to select one of the four ddns website address transfer functions. Username the name which is set up...
Page 173
Enterprise multi-wan vpn qos router 166 register for qnoddns 1. please go to qno website and register the product at http://www.Qno.Com.Tw . 2. input the e-mail address which users used to register this product and the serial number of the product to log in to the qnoddns service system. Be sure to ...
Page 174
Enterprise multi-wan vpn qos router 167 3. rules for applying a domain name: ●the domain should have at least 4 letters and no more than 63 letters. ●the domain name should only consist of a-z (lowercase letter) and 0-9 (numerals) and the first character should be an english letter. ●for products wi...
Page 175
Enterprise multi-wan vpn qos router 168.
Page 176
Enterprise multi-wan vpn qos router 169 12.6 mac clone some isp will request for a fixed mac address (network card physical address) for distributing ip address, which is mostly suitable for cable mode users. Users can input the network card physical address (mac address: 00-xx-xx-xx-xx-xx) here. Th...
Page 177
Enterprise multi-wan vpn qos router 170 xiii. System tool this chapter introduces the management tool for controlling the device and testing network connection. For security consideration, we strongly suggest to change the password. Password and time setting is in chapter 5.2. 13.1 diagnostic the de...
Page 178
Enterprise multi-wan vpn qos router 171 ping this item informs users of the status quo of the outbound session and allows the user to know the existence of computers online. On this test screen, please enter the host ip that users want to test such as 192.168.5.20. Press "go" to start the test. The ...
Page 179
Enterprise multi-wan vpn qos router 172 13.2 firmware upgrade users may directly upgrade the device firmware on the firmware upgrade page. Please confirm all information about the software version in advance. Select and browse the software file, click "firmware upgrade right now" to complete the upg...
Page 180
Enterprise multi-wan vpn qos router 173 13.3 setting backup import configuration file: this feature allows users to integrate all backup content of parameter settings into the device. Before upgrade, confirm all information about the software version. Select and browse the backup parameter file: "co...
Page 181
Enterprise multi-wan vpn qos router 174 13.4 snmp simple network management protocol (snmp) refers to network management communications protocol and it is also an important network management item. Through this snmp communications protocol, programs with network management (i.E. Snmp tools-hp open v...
Page 182
Enterprise multi-wan vpn qos router 175 enabled: activate snmp feature. The default is activated. System name: set the name of the device such as 4wanrouter. System contact: set the name of the person who manages the device (i.E. John). System location: define the location of the device (i.E. Taipei...
Page 183
Enterprise multi-wan vpn qos router 176 13.5 system recover users can restart the device with system recover button. Restart as the figure below, if clicking “restart router” button, the dialog block will pop out, confirming if users would like to restart the device..
Page 184
Enterprise multi-wan vpn qos router 177 return to factory default setting if clicking “return to factory default setting, the dialog block will pop out, if the device will return to factory default..
Page 185
Enterprise multi-wan vpn qos router 178 xiv. Log from the log management and look up, we can see the relevant operation status, which is convenient for us to facilitate the setup and operation. 14.1 system log its system log offers three options: system log, e-mail alert, and log setting..
Page 186
Enterprise multi-wan vpn qos router 179 system log enabled: if this option is selected, the system log feature will be enabled..
Page 187
Enterprise multi-wan vpn qos router 180 host name: the device provides external system log servers with log collection feature. System log is an industrial standard communications protocol. It is designed to dynamically capture related system message from the network. The system log provides the sou...
Page 188
Enterprise multi-wan vpn qos router 181 log time threshold: set the interval of sending the log, and the default is set to 10 minutes. Reaching this defined number, it will automatically send out the mail log. The device will detect which parameter (either entries or intervals) reaches the threshold...
Page 189
Enterprise multi-wan vpn qos router 182 ping of death: the system fails because the sent data exceeds the maximum packet that can be handled by the ip protocol. Unauthorized login: if intruders into the device are identified, the message will be sent to the system log. General log the device provide...
Page 190
Enterprise multi-wan vpn qos router 183 outgoing packet log: view system packet log which is sent out from the internal pc to the internet. This log includes lan ip, destination ip, and service port that is applied. It is illustrated as below. Incoming packet log: view system packet log of those ent...
Page 191
Enterprise multi-wan vpn qos router 184 clear log now: this feature clears all the current information on the log..
Page 192
Enterprise multi-wan vpn qos router 185 14.2 system statistic the device has the real-time surveillance management feature that provides system current operation information such as port location, device name, current wan link status, ip address, mac address, subnet mask, default gateway, dns, numbe...
Page 193
Enterprise multi-wan vpn qos router 186.
Page 194
Enterprise multi-wan vpn qos router 187 14.3 traffic statistic six messages will be displayed on the traffic statistic page to provide better traffic management and control. By inbound ip address: the figure displays the source ip address, bytes per second, and percentage..
Page 195
Enterprise multi-wan vpn qos router 188 by outbound ip address: the figure displays the source ip address, bytes per second, and percentage. By outbound port: the figure displays the network protocol type, destination ip address, bytes per second, and percentage. By inbound port: the figure displays...
Page 196
Enterprise multi-wan vpn qos router 189 by outbound session: the figure displays the source ip address, network protocol type, source port, destination ip address, destination port, bytes per second and percentage. By inbound session: the figure displays the source ip address, network protocol type,...
Page 197
Enterprise multi-wan vpn qos router 190 specific ip status: enter the ip address that users want to inquire, and then the entire destination ip connected to remote devices as well as the number of ports will be displayed..
Page 198
Enterprise multi-wan vpn qos router 191 specific port status: enter the service port number in the field and ip that are currently used by this port will be displayed..
Page 199
Enterprise multi-wan vpn qos router 192 xv. Log out on the top right corner of the web- based ui, there is alogout button. Click on it to log out of the web- based ui. To enter next time, open the web browser and enter the ip address, user name and password to log in..
Page 200
Enterprise multi-wan vpn qos router 193 appendix i: user interface and user manual chapter cross reference this appendix is to show the corresponding index for each chapter and user interface. Users can find how to setup quickly and understand the vpn router capability at the same time. Vpn router o...
Page 201
Enterprise multi-wan vpn qos router 194 bandwidth management 8.1 (qos) 8.3 bandwidth management session control 8.2 session limit ip/dhcp vii. Port management setup 7.3 dhcp/ ip status 7.4 dhcp status ip & mac binding 7.5 ip & mac binding ip grouping 7.6 ip grouping firewall ix. Firewall general pol...
Page 202
Enterprise multi-wan vpn qos router 195 setup 7.1 setup status 7.2 status vpn x. Vpn summary 10.1.1 summary gateway to gateway 10.1.2.1 gateway to gateway client to gateway 10.1.2.2 client to gateway pptp setup 10.1.3 pptp setup pptp status 10.1.3 pptp status vpn pass through 10.1.4 vpn pass through...
Page 203
Enterprise multi-wan vpn qos router 196 appendix ii:troubleshooting (1) block bt download to block bt and prevent downloading by users, go to the “firewall -> content filter" and select "enable website block by keywords," followed by the input of "torrent." this will prevent the users from downloadi...
Page 204
Enterprise multi-wan vpn qos router 197 ( 2)shock wave and worm virus prevention since many users have been attacked by shock wave and worm viruses recently, the internet transmission speed was brought down and the session bulky increase result in the massive processing load of the device. The follo...
Page 205
Enterprise multi-wan vpn qos router 198 use the same method to add udp [udp135~139] and tcp [445~445] ports. C. Enhance the priority level of these three to the highest..
Page 206
Enterprise multi-wan vpn qos router 199 ( 3)block qqlive video broadcast setting qqlive video broadcast software is a stream media broadcast software. Many clients are bothered by the same problem: when several users apply qqlive video broadcast software, a greater share of the bandwidth is occupied...
Page 207
Enterprise multi-wan vpn qos router 200 qqlive server. Repeated addition may be needed). Lastly, select "always" under the scheduling setting so that the qqlive login time can be set. (if necessary, specific time setting may be undertaken). Click "apply" to move to the next step. C). Input the follo...
Page 208
Enterprise multi-wan vpn qos router 201 ( 4)arp virus attack prevention 1. Arp issue and information recently, many cyber cafes in china experienced disconnection (partially or totally) for a short period of time, but connection is resumed quickly. This is caused by the clash with mac address. When ...
Page 209
Enterprise multi-wan vpn qos router 202 address is known. Simply fill in the mac address for transmission. If no corresponding ip address is found in arp cache, host a will send a broadcast. The mac address is “ff.Ff.Ff.Ff.Ff.Ff,” which is to inquire all the host devices in the same network session ...
Page 210
Enterprise multi-wan vpn qos router 203 take appropriate measures. The following is experience shared by qno technical engineers with regard to the arp prevention. Through the arp working principle, it is known that if the arp cache is changed and the device is constantly notified with the series of...
Page 211
Enterprise multi-wan vpn qos router 204 enter ”firewall-> general” and find the option "prevent arp virus attack" to the right of the page. Click on the option to activate it and click "apply" at the bottom of the page (see illustrated). B) bind the gateway ip and mac address for each pc this preven...
Page 212
Enterprise multi-wan vpn qos router 205 arp -d arp -s router lan ip router lan mac for those internal network attacked by arp, the source must be identified. Method: if the pc fails to go online or there is packet loss of ping, in the dos screen, input arp –a command to check if the mac address of t...
Page 213
Enterprise multi-wan vpn qos router 206 after an item is added to the list, the corresponding message will be displayed in the white block on the bottom. However, such method is not recommended because the inquiry of ip/mac addresses of all hosts creates heavy workload. Another method to bind ip and...
Page 214
Enterprise multi-wan vpn qos router 207 click to display ip and mac binding list dialog box. In this box, the unbinding ip and mac address corresponding to the pc are displayed. Enter the "name" of the computer and click on "enabled" with the display of the “√” icon and push the option on the top ri...
Page 215
Enterprise multi-wan vpn qos router 208 though these basic operations can help solve the problem but qno's technical engineers suggest that further measures should be taken to prevent the arp attack. 1. Deal with virus source as well as the source device affected by virus through virus killing and t...
Page 216
Enterprise multi-wan vpn qos router 209 5. Frequently update anti-virus software (virus data base), and set the daily upgrade that allows regular and automatic update. Install and use the network firewall software. Network firewall is important for the process of anti-virus. It can effectively avert...
Page 217
Enterprise multi-wan vpn qos router 210 appendix iii:qno technical support information for more information about the qno's product and technology, please log onto the qno's bandwidth forum, refer to the examples of the ftp server, or contact the technical department of qno's dealers as well as the ...