- DL manuals
- QNO
- Network Router
- FQR7200
- User Manual
QNO FQR7200 User Manual
Summary of FQR7200
Page 1
4wan 1lan all gigabit multi-wan qos router load balance, bandwidth management, and network security english user’s manual.
Page 2
M m u u l l t t i i - - w w a a n n v v p p n n r r o o u u t t e e r r i content i. Introduction .............................................................................................................................................. 3 ii. Multi- wan router installation .........................
Page 3
M m u u l l t t i i - - w w a a n n v v p p n n r r o o u u t t e e r r ii 10.3 routing ......................................................................................................................................................... 110 10.4 one to one nat .....................................
Page 4
Multi-wan router 1 product manual using permit agreement [product manual (hereafter the "manual") using permit agreement] hereafter the "agreement" is the using permit of the manual, and the relevant rights and obligations between the users and qno technology inc (hereafter "qno"), and is the exclus...
Page 5
Multi-wan router 2 resellers do not bear any liability for direct or indirect economic loss, data loss or other corresponding commercial loss to the user or relevant personnel due to the possible omission. 【4-2】in order to protect the autonomy of the business development and adjustment of qno, qno r...
Page 6
Multi-wan router 3 i. Introduction multi-wan router (referred as router hereby) is a business level firewall router that efficiently integrates new generation multiple wan-port firewall devices. It meets the needs of both medium and large-scale enterprises, internet cafes, and communities, etc. The ...
Page 7
Multi-wan router 4 that whole connections are unobstructed. Strategy routing mode is simply to configure the network without the input of ip address. It can automatically detect outbound packets and filter telecom connection to ensure quick response and packet pass through without obstruction, and i...
Page 8
Multi-wan router 5 ii. Multi- wan router installation in this chapter we are going to introduce hardware installation. Through the understanding of multi-wan setting process, users can easily setup and manage the network,making router functioning and having best performance. 2.1 systematic setting p...
Page 9
Multi-wan router 6 network to meet user’s demand. Physical requirements. 2 login login the device with web browser. Login router web-based ui. 3 verify device specification verify firmware version and working status. Verify router specification, firmware version and working status. Set password and ...
Page 10
Multi-wan router 7 9 management and maintenance settings: syslog, snmp, and configuration backup monitor router working status and configuration backup. Administrators can look up system log and monitor system status and inbound/outbound flow in real time. 10 logout close configuration window. Logou...
Page 11
Multi-wan router 8 iii. Hardware installation in this chapter we are going to introduce hardware interface as well as physical installation. 3.1 router led signal led signal description led color description power green green led on: power on diag amber amber led on: system self-test is running. Amb...
Page 12
Multi-wan router 9 is over or it can not be charged, router will not be able to record time correctly, nor synchronize with internet ntp time server. Please contact your system supplier for information on how to replace the battery. Attention! Do not replace the battery yourself; otherwise irreparab...
Page 13
Multi-wan router 10 3.2 router network connection wan connection:a wan port can be connected with xdsl modem, fiber modem, switching hub, or through an external router to connect to the internet. Lan connection: the lan port can be connected to a switching hub or directly to a pc. Users can use serv...
Page 14
Multi-wan router 11 iv. Login router this chapter is mainly introducing web-based ui after connecting router. First, check up router ip address by connecting to dos through the lan pc under router . Go to start → run, enter cmd to commend dos, and enter ipconfig for getting default gateway address, ...
Page 15
Multi-wan router 12 then, open webpage browser, ie for example, and key in 192.168.1.1 in the website column. The login window will appear as below: router default username and password are both “admin”. Users can change the login password in the setting later. Attention! For security, we strongly s...
Page 16
Multi-wan router 13 v. Device spec verification, status display and login password and time setting this chapter introduces the device specification and status after login as well as change password and system time settings for security. 5.1 home page in the home page, all router parameters and stat...
Page 17
Multi-wan router 14 manual connect: when “obtain an ip automatically” is selected, two buttons (release and renew) will appear. If a wan connection, such as pppoe or pptp, is selected, “disconnect” and “connect” will appear. Dmz ip address: indicates the current dmz ip address. 5.1.2 physical port s...
Page 18
Multi-wan router 15 the current port setting status information will be shown in the port information table. Examples: type (10base-t/100base-tx/1000base-t), iniferface (wan/ lan/ dmz), link status (up/ down), physical port status (port enabled/ port disabled), priority (high or normal), speed statu...
Page 19
Multi-wan router 16 5.1.3 system information device ip address/ subnet mask:identifies the current device ip address and subnet mask. The default is 192.168.1.1 and 255.255.255.0 working mode:indicates the current working mode. Can be gateway or router mode. The default is “gateway” mode. System act...
Page 20
Multi-wan router 17 5.1.4 firewall status spi (stateful packet inspection): indicates whether spi (stateful packet inspection) is on or off. The default configuration is “on”. Dos (denial of service):indicates if dos attack prevention is activated. The default configuration is “on”. Block wan reques...
Page 21
Multi-wan router 18 because you have not specified an outbound smtp server address. ”—— represents that you do not have email setting and it can not send out syslog emails. 2. If you have the email address set in system log, but the log does not meet the sending log conditions, it will show “e-mail ...
Page 22
Multi-wan router 19 user name: the default is “admin”. Old password: input the original password.(the default is “admin”.) new user name: input the new user name. I.E.Qno new password: input the new password. Confirm new password: input the new password again for verification. Apply: click “apply” t...
Page 23
Multi-wan router 20 time zone: select your location from the pull-down time zone list to show correct local time. Daylight saving: if there is daylight saving time in your area, input the date range. The device will adjust the time for the daylight saving period automatically. External ntp server: i...
Page 24
Multi-wan router 21 vi. Network this network page contains the basic settings. For most users, completing this general setting is enough for connecting with the internet. However, some users need advanced information from their isp. Please refer to the following descriptions for specific configurati...
Page 25
Multi-wan router 22 device name and domain name can be input in the two boxes. Though this configuration is not necessary in most environments, some isps in some countries may require it. 6.1.2 lan setting lan setting is shown and can be configured in this page. The lan mac can be modified. When a n...
Page 26
Multi-wan router 23 lan setting this is configuration information for the device current lan ip address. The default configuration is 192.168.1.1 and the default subnet mask is 255.255.255.0. It can be changed according to the actual network structure. Multiple-subnet setting: click “add/edit” to en...
Page 27
Multi-wan router 24 6.1.3 wan & dmz settings wan setting: interface: an indication of which port is connected. Connection type: obtain an ip automatically, static ip connection, pppoe (point-to-point protocol over ethernet), pptp (point-to-point tunneling protocol) or transparent bridge. Config.: a ...
Page 28
Multi-wan router 25 use the following dns server addresses: select a user-defined dns server ip address. Dns server: input the dns ip address set by isp. At least one ip group should be input. The maximum acceptable groups is two ip groups. Enable line-dropped scheduling: the wan disconnection sched...
Page 29
Multi-wan router 26 added connections should go through another wan to connect with the internet. Link backup interface select another wan port as link backup when port binding is configured. Users should select the port that employs the same isp. Shared- circuit wan environment if your wan connects...
Page 30
Multi-wan router 27 wan ip address: input the available static ip address issued by isp. Subnet mask: input the subnet mask of the static ip address issued by isp, such as: issued eight static ip addresses: 255.255.255.248 issued 16 static ip addresses: 255.255.255.240 default gateway: input the def...
Page 31
Multi-wan router 28 disconnection, all the external connections that go through this wan will be disconnected too. Only after the disconnected lines are reconnected can they go through the standby system to connect with the internet. Therefore, to avoid a huge number of disconnections, users can act...
Page 32
Multi-wan router 29 user name: input the user name issued by isp. Password input the password issued by isp. Connect on demand: this function enables the auto-dialing function to be used in a pppoe dial connection. When the client port attempts to connect with the internet, the device will automatic...
Page 33
Multi-wan router 30 through this wan will be disconnected too. Only after the disconnected lines are reconnected can they go through the standby system to connect with the internet. Therefore, to avoid a huge number of disconnections, users can activate this function to arrange new connections throu...
Page 34
Multi-wan router 31 wan ip address: this option is to configure a static ip address. The ip address to be configured could be one issued by isp. (the ip address is usually provided by the isp when the pc is installed. Contact isp for relevant information). Subnet mask: input the subnet mask of the s...
Page 35
Multi-wan router 32 demand: connection. When the client port attempts to connect with the internet, the device will automatically connect with the default isp auto dial connection; when the network has been idle for a period of time, the system will break the connection automatically. (the default t...
Page 36
Multi-wan router 33 different network environment. (e.G. Adsl pppoe mtu: 1492) the default is “auto”. After the changes are completed, click “apply” to save the configuration, or click “cancel" to leave without making any changes. Transparent bridge if all intranet ip addresses are applied as intern...
Page 37
Multi-wan router 34 wan ip address: input one of the static ip addresses issued by isp. Subnet mask: input the subnet mask of the static ip address issued by isp, such as: issued eight static ip addresses: 255.255.255.248 issued 16 static ip addresses: 255.255.255.240 default gateway address: input ...
Page 38
Multi-wan router 35 internal lan ip range 1 and internal lan ip range 2 respectively. Enable line-dropped scheduling: the wan disconnection schedule will be activated by checking this option. In some areas, there is a time limitation for wan connection service. For example: the optical fiber service...
Page 39
Multi-wan router 36 reach the internet. If this wan network is enabled the router plus nat mode, you can still use load balancing function in this wan network. Wan ip address enter the public ip address. Subnet mask enter the public ip address subnet mask. Wan default gateway enter the wan default g...
Page 40
Multi-wan router 37 available.. Intranet routing default gateway enter one of ip addresses that provide by the isp as your default gateway. Intranet ip addresses range enter your ip addresses range, which ip addresses are provided by isp. If you have multiple ip ranges, you need setup group1 and gro...
Page 41
Multi-wan router 38 ip address: indicates the current default static ip address. Config.: indicates an advanced configuration modification: click edit to enter the advanced configuration page. The dmz configuration can be classified by subnet and range: subnet: the dmz and wan located in different s...
Page 42
Multi-wan router 39 ip range: input the ip range located at the dmz port. After the changes are completed, click “apply” to save the configuration, or click “cancel" to leave without making any changes. 6.2 multi- wan setting 6.2.1 load balance mode auto load balance mode when auto load balance mode...
Page 43
Multi-wan router 40 automatic load ratio will be 1:1; if one of the upload bandwidths is 1024kbit/sec while the other is 512kbit/sec, the automatic load ratio will be 2:1. Therefore, to ensure that the device can balance the actual network load, please input real upload and download bandwidths. Sess...
Page 44
Multi-wan router 41 allocate connections based on session number to achieve network load balance. ● ip balance : if “by ip” is selected, the wan bandwidth will automatically allocate connections based on the number of ip addresses to achieve network load balance. Note! Only when a device assignment ...
Page 45
Multi-wan router 42 name: to define a name for the wan grouping in the box, such as “education” etc. The name is for recognizing different wan groups. Interface: check the boxes for the wans to be added into this combination. Add to list: to add a wan group to the grouping list. Delete selected item...
Page 46
Multi-wan router 43 to build a policy document users can use a text-based editor, such as notepad, which is included with windows system. Follow the text format in the figure below to key in the destination ip addresses users want to assign. For example, if the destination ip address range users wan...
Page 47
Multi-wan router 44 note! China netcom strategy and self-defined strategy can coexist. However, if a destination ip is assigned by both china netcom strategy and self-defined strategy, china netcom strategy will take priority. In other words, traffic to that destination ip will be transmitted throug...
Page 48
Multi-wan router 45 destination auto binding indicates that the session will be connected with the same wan ip when the destination ip is in the same class b range. For example, there are wan1-1 200.10.10.1 and wan2- 200.10.10.2, and two intranet ip addresses. When 192.168.1.100 visits internet 61.2...
Page 49
Multi-wan router 46 user define dis. Or port auto binding indicates that the intranet ip will connect through the same wan ip when the service ports are self- defined. You can self- define the service ports and destination ip. (if the destination ip is set as 0.0.0.0 to 0, this represents that the d...
Page 50
Multi-wan router 47 it will go through the same wan ip. As for which wan will be selected, this follows the first- chosen wan ip distributed by the original session balance mechanism. For example, there are two intranet ip- 192.168.100.1 and 192.168.100.2. When these intranet ips first connects with...
Page 51
Multi-wan router 48 retry timeout: delay time for external connection detection latency. The default is 30 seconds. After the retry timeout, external service detection will restart. When fail: (1) generate the error condition in the system log: if an isp connection failure is detected, an error mess...
Page 52
Multi-wan router 49 isp host: this is the detected location for the isp port, such as the dns ip address of isp. When configuring an ip address for this function, make sure this ip is capable of receiving feedback stably and speedily. (please input the dns ip of the isp port) remote host: this is th...
Page 53
Multi-wan router 50 protocol binding users can define specific ip addresses or specific application service ports to go through a user-assigned wan for external connections. For any other unassigned ip addresses and services, wan load balancing will still be carried out. Note! in the load balance mo...
Page 54
Multi-wan router 51 service: this is to select the binding service port to be activated. The default (such as all-tcp&udp 0~65535, www 80~80, ftp 21 to 21, etc.) can be selected from the pull-down option list. The default service is all 0~65535. Option list for service management: click the button t...
Page 55
Multi-wan router 52 input “0” in the ip boxes. Destination ip: in the boxes, input an external static ip address. For example, if connections to destination ip address 210.11.1.1 are to be restricted to wan1, the external static ip address 210.1.1.1 ~ 210.1.1.1 should be input. If a range of destina...
Page 56
Multi-wan router 53 add or remove service port if the service port users want to activate is not in the list, users can add or remove service ports from “service port management” to arrange the list, as described in the following: service name: in this box, input the name of the service port which u...
Page 57
Multi-wan router 54 close: to quit this configuration window. Auto load balancing mode when enabled: the collocation of the auto load balance mode and the auto load mode will enable more flexible use of bandwidth. Users can assign specific intranet ip addresses to specific destination application se...
Page 58
Multi-wan router 55 example 2:how do i set up auto load balance mode to keep intranet ip 192.168.1.150 ~ 200 from going through wan2 when the destination port is port 80? As in the figure below, select “http [tcp/80~80]” from the pull-down option list “service”, and then in the boxes for “source ip”...
Page 59
Multi-wan router 56 example 3:how do i set up auto load balance mode to keep all intranet ip addresses from going through wan2 when the destination port is port 80 and keep all other services from going through wan1? As in the figure below, there are two rules to be configured. The first rule: selec...
Page 60
Multi-wan router 57 click “add new” and the rule will be added to the mode. The device will transmit packets that are not going to port 80 to the internet through wan1. Configuring “assigned routing mode” for load balance: ip group: this function allows users to assign packets from specific intranet...
Page 61
Multi-wan router 58 then in the boxes of “source ip” input “192.168.1.0 ~ 0” (which means to include all intranet ip addresse s). Retain the original numbers “0.0.0.0” in the boxes of “destination ip” (which means to include all internet ip addresses). Select wan2 from the pull- down option list “in...
Page 62
Multi-wan router 59 then click “enable”. Finally, click “add new” and the rule will be added to the mode. The second rule: select “all port [tcp&udp/1~65535]” from the pull-down option list “service”, and then in the boxes of “source ip” input “192.168.1.0 ~ 0” (which means to include all intranet i...
Page 63
Multi-wan router 60 vii. Port management this chapter introduces how to configure ports and understand how to configure intranet ip addresses. 7.1 setup through the device, users can easily manage the setup for wan ports, lan ports and the dmz port by choosing the number of ports, speed, priority, d...
Page 64
Multi-wan router 61 deliver the packet. The default value is “normal”. Speed: this feature allows users to select the network hardware connection speed for the ethernet port. The options are 10mbps and 100mbps. Duplex status: this feature allows users to select the network hardware connection speed ...
Page 65
Multi-wan router 62 summary: there are network connection type, interface, link status (up/down), port activity (port enabled), priority setting (high or normal), speed status (10mbps, 100mbps or 1000mbps), duplex status (half duplex or full duplex), auto neg. (enabled/disabled), and vlan. Statistic...
Page 66
Multi-wan router 63 with an embedded dhcp server, it supports automatic ip assignation for lan computers. (this function is similar to the dhcp service in nt servers.) it benefits users by freeing them from the inconvenience of recording and configuring ip addresses for each pc respectively. When a ...
Page 67
Multi-wan router 64 pc. The default is 1440 minutes (a day). Users can change it according to their needs. The time unit is minute. Range start: this is an initial ip automatically leased by dhcp. It means dhcp will start the lease from this ip. The default initial ip is 192.168.1.100. Range end: th...
Page 68
Multi-wan router 65 7.4 dhcp status this is an indication list of the current status and setup record of the dhcp server. The indications are for the administrator’s reference when a network modification is needed. Dhcp server: this is the current dhcp ip. Dynamic ip used: the amount of dynamic ip l...
Page 69
Multi-wan router 66 7.5 ip & mac binding administrators can apply ip & mac binding function to make sure that users can not add extra pcs for internet access or change private ip addresses. There are two methods for setting up this function: block mac address not on the list this method only allows ...
Page 70
Multi-wan router 67.
Page 71
Multi-wan router 68 ip & mac binding static ip: there are two ways to input static ip: 1. If users want to set up a mac address to acquire ip from dhcp, but the ip need not be a specific assigned ip, input 0.0.0.0 in the boxes. The boxes cannot be left empty. 2. If users want dhcp to assign a static...
Page 72
Multi-wan router 69 name: for distinguishing clients, input the name or address of the client that is to be bound. The maximum acceptable characters are 12. Enabled: activate this configuration. Add to list: add the configuration or modification to the list. Delete selected item: remove the selected...
Page 73
Multi-wan router 70 7.6 ip grouping ip group function can combine several ip addresses or ip address ranges into several groups. When you manage user internet access privileges by ip address, you can set up every management functions for users who have same internet access privileges in the same ip ...
Page 74
Multi-wan router 71 local group set you can choose from the ip list on the left side to set up a local ip group. Ip group choose ip group that you would like to modify. If you would like to add new groups, please push “add new group” button. Group name when you add new groups, please note if the gro...
Page 75
Multi-wan router 72 first, and choose to add ip address information from the left side into the remote group..
Page 76
Multi-wan router 73 7.7 port group management service ports can be grouping as ip grouping. It is convenient to set qos, firewall access rules, and other functions. User edit port input the name, protocol, and port range for the specific service port. Name name the port in order to identify its prop...
Page 77
Multi-wan router 74 cancel click “cancel" to leave without making any changes..
Page 78
Multi-wan router 75 viii. Qos (quality of service) qos is an abbreviation for quality of service. The main function is to restrict bandwidth usage for some services and ip addresses to save bandwidth or provide priority to specific applications or services, and also to enable other users to share ba...
Page 79
Multi-wan router 76 8.1 bandwidth management 8.1.1 the maximum bandwidth provided by isp.
Page 80
Multi-wan router 77 in the boxes for wan1 and wan2 bandwidth, input the upstream and downstream bandwidth which users applied for from bandwidth supplier. The bandwidth qos will make calculations according to the data users input. In other words, it will guarantee a minimum rate of upstream and down...
Page 81
Multi-wan router 78 interface: select on which wan the qos rule should be executed. It can be a single selection or multiple selections. Service port: select what bandwidth control is to be configured in the qos rule. If the bandwidth for all services of each ip is to be controlled, select “all (tcp...
Page 82
Multi-wan router 79 be controlled, input “0” in the boxes of ip address. This means all intranet ip addresses will be restricted. Qos can also control the range of class b. Direction: upstream: means the upload bandwidth for intranet ip. Downstream: means the download bandwidth for intranet ip. Serv...
Page 83
Multi-wan router 80 download information, the total occupied bandwidth is fixed. Enable: activate the rule. Add to list: add this rule to the list. Move up & move down: qos rules will be executed from the bottom of the list to the top of the list. In other words, the lower down the list, the higher ...
Page 84
Multi-wan router 81 interface: select on which wan the qos rule should be executed. It can be a single selection or multiple selections. Service port: select what bandwidth control is to be configured in the qos rule. If ftp uploads or downloads need to be controlled, select “ftp port 21~21”. Refer ...
Page 85
Multi-wan router 82 priority: high: 60% guaranteed bandwidth to the service low: only 10% bandwidth offered to the service enabled: activate the rule. Add to list: add this rule to the list. Delete selected items: remove the rules selected from the service list. Show table: this will display all the...
Page 86
Multi-wan router 83 8.1.3 smart qos enabled qos: choose to apply qos function. When the usage of any wan ’s bandwidth is over___%, enable smart qos input the required rate value into the column. The default is 60%. Each ip ’s upstream bandwidth threshold (for all wan): input the max. Upstream rate f...
Page 87
Multi-wan router 84 shown on the list. Scheduling: if “always” is selected, the rule will be executed around the clock. If “from…” is selected, the rule will be executed according to the configured time range. For example, if the time control is from monday to friday, 8:00am to 6:00pm, users can ref...
Page 88
Multi-wan router 85 8.1.4 exception ip address if some users are allowed to avoid traffic management control, you can use this function to fulfill the requirement. Wan select wan ports. Source ip enter the exempted ip range, or select the exempted ip group. Do not control direction select do not con...
Page 89
Multi-wan router 86 8.2 session control session management controls the acceptable maximum simultaneous sessions of intranet pcs. This function is very useful for managing connection quantity when p2p software such as bt, thunder, or emule is used in the intranet causing large numbers of sessions. S...
Page 90
Multi-wan router 87 this user will not be able to make a new session for five minutes. Even if the previous session has been closed, new sessions cannot be made until the setting time ends. If this function is selected, when the user’s port connections reach the limit, all the lines that this user i...
Page 91
Multi-wan router 88 exempted service port or ip address service port: choose the service port. Ip address: input the ip address range or ip group. Enabled: activate the rule. Add to list: add this rule to the list. Delete seleted item: remove the rules selected from the service list. Apply: click “a...
Page 92
Multi-wan router 89 8.3 hardware optimization (future feature) this gigabit flagship router not only provides high processing performance but also launches “hardware optimization’ function for bandwidth control and traffic prioritization. The main purpose is to process the bandwidth functions throug...
Page 93
Multi-wan router 90 the traffic in high priorities when the traffic rules match source mac addresses. (2) destination mac address: hardware optimization will only be effective to guarantee the traffic in high priorities when the traffic rules match destination mac addresses. (3) none: the traffic ru...
Page 94
Multi-wan router 91 ix. Firewall this chapter introduces firewall general policy, access rule, and content filter settings to ensure network security. 9.1 general policy the firewall is enabled by default. If the firewall is set as disabled, features such as spi, dos, and outbound packet responses w...
Page 95
Multi-wan router 92 inspection): technology. The firewall operates mainly at the network layer. By executing the dynamic authentication for each connection, it will also perform an alarming function for application procedure. Meanwhile, the packet authentication firewall may decline the connections ...
Page 96
Multi-wan router 93 advanced setting packet type: this device provides three types of data packet transmission: tcp-syn-flood, udp-flood and icmp-flood. Wan threshold: when all packet values from external attack or from single external ip attack reach the maximum amount (the default is 15000 packets...
Page 97
Multi-wan router 94 show blocked ip: show the blocked ip list and the remained blocked time. Restricted web features: it supports the block that is connected through: java, cookies, active x, and http proxy access. Don’t block java / activex / cookies proxy to trusted domain: if this option is activ...
Page 98
Multi-wan router 95 user name: input the information of the qq number, etc. Exempted qq number: input the number. Add to list: add the number to the list. Delete selected item: delete the selected rule in the list. Block file type.
Page 99
Multi-wan router 96 exception ip address: input exception ip..
Page 100
Multi-wan router 97 9.2 access rule users may turn on/off the setting to permit or forbid any packet to access internet. Users may select to set different network access rules: from internal to external or from external to internal. Users may set different packets for ip address and communication po...
Page 101
Multi-wan router 98 in addition to the default rules, all the network access rules will be displayed as illustrated above. Users may follow or self-define the priority of each network access rule. The device will follow the rule priorities one by one, so please make sure the priority for all the rul...
Page 102
Multi-wan router 99 9.2.2 add new access rule action: allow: permits the pass of packets compliant with this control rule. Deny: prevents the pass of packets not compliant with this control rule. Service port: from the drop-down menu, select the service that users grant or do not give permission. Se...
Page 103
Multi-wan router 100 address or an ip address within a session. Dest. Ip: select the destination ip range (such as any, single, range, or preset ip group name) if single or range is selected; please enter a single ip address or an ip address within a session. Scheduling: select “always” to apply the...
Page 104
Multi-wan router 101 9.3 content filter the device supports two webpage restriction modes: one is to block certain forbidden domains, and the other is to give access to certain web pages. Only one of these two modes can be selected. Block forbidden domain fill in the complete website such as www.Sex...
Page 105
Multi-wan router 102 add to list: click ”add to list” to create a new website to be controlled. Delete selected item: click to select one or more controlled websites and click this option to delete. Website blocking by keywords: enabled: click to activate this feature. The default setting is disable...
Page 106
Multi-wan router 103 accept allowed domains in some companies or schools, employees and students are only allowed to access some specific websites. This is the purpose of the function. Enabled: activate the function. The default s etting is “disabled.” domain name: input the allowed domain name, etc...
Page 107
Multi-wan router 104 always: select “always” to apply the rule on a round-the-clock basis. Select “from”, and the operation will run according to the defined time. …to…: select "always" to apply the rule on a round-the-clock basis. If “from” is selected, the activation time is introduced as below da...
Page 108
Multi-wan router 105 x. Advanced function 10.1 dmz host/ port range forwarding 11.1.1 dmz host when the nat mode is activated, sometimes users may need to use applications that do not support virtual ip addresses such as network games. We recommend that users map the device actual wan ip addresses d...
Page 109
Multi-wan router 106 external service such as www, ftp, mail, etc) is contained in the network, we recommend that users use the firewall function to set up the host as a virtual host, and then convert the actual ip addresses (the internet ip addresses) with port 80 (the service port of www is port 8...
Page 110
Multi-wan router 107 service port management: add or remove service ports from the list of service ports. Add to list: add to the active service content. Service port management the services in the list mentioned above are frequently used services. If the service users want to activate is not in the...
Page 111
Multi-wan router 108 apply: click the “apply” button to save the modification. Cancel: click the “cancel” button to cancel the modification. This only works before “apply” is clicked. Close: quit this configuration window..
Page 112
Multi-wan router 109 10.2 upnp upnp (universal plug and play) is a protocol set by microsoft. If the virtual host supports upnp system (such as windows xp), users could also activate the pc upnp function to work with the device. Service port: select the upnp service number default list here; for exa...
Page 113
Multi-wan router 110 10.3 routing in this chapter we introduce the dynamic routing information protocol and static routing information protocol..
Page 114
Multi-wan router 111 10.3.1 dynamic routing the abbreviation of routing information protocol is rip. There are two kinds of rip in the ip environment – rip i and rip ii. Since there is usually only one router in a network, ordinarily just static routing will be used. Rip is used when there is more t...
Page 115
Multi-wan router 112 dest. Ip: subnet mask: input the remote network ip locations and subnet that is to be routed. For example, the ip/subnet is 192.168.2.0/255.255.255.0. Gateway: the default gateway location of the network node which is to be routed. Hop count: this is the router layer count for t...
Page 116
Multi-wan router 113.
Page 117
Multi-wan router 114 10.4 one to one nat as both the device and atu-r need only one actual ip, if isp issued more than one actual ip (such as eight adsl static ip addresses or more), users can map the remaining real ip addresses to the intranet pc virtual ip addresses. These pcs use private ip addre...
Page 118
Multi-wan router 115 enabled one to one nat: to activate or close the one-to-one nat function. (check to activate the function). Private ip range begin: input the private ip address for the intranet one-to-one nat function. Public ip range begin: input the public ip address for the internet one-to-o...
Page 119
Multi-wan router 116 attention! one-to-one nat mode will change the firewall working mode. If this function has been set up, the internet ip server or pc which is mapped with a lan port will be exposed on the internet. To prevent internet users from actively connecting with the one-on-one nat server...
Page 120
Multi-wan router 117 add to list add this configuration to the one-to-one nat list. Delete selected range remove a selected one-to-one nat list. Apply click “apply” to save the network configuration modification. Cancel click “cancel" to leave without making any changes..
Page 121
Multi-wan router 118 10.5 ddns- dynamic domain name service ddns supports the dynamic web address transfer for qnoddns.Org.Cn、3322.Org、dyndns.Org and dtdns.Com. This is for vpn connections to a website that is built with dynamic ip addresses, and for dynamic ip remote control. For example, the actua...
Page 122
Multi-wan router 119 interface this is an indication of the wan port the user has selected. Ddns check either of the boxes before dyndns.Org, 3322.Org, dtdns.Com and qnoddns.Org.Cn to select one of the four ddns website address transfer functions. Username the name which is set up for ddns. Input a ...
Page 123
Multi-wan router 120 configuration modification. Cancel click “cancel" to leave without making any changes..
Page 124
Multi-wan router 121 10.6 mac clone some isp will request for a fixed mac address (network card physical address) for distributing ip address, which is mostly suitable for cable mode users. Users can input the network card physical address (mac address: 00-xx-xx-xx-xx-xx) here. The device will adopt...
Page 125
Multi-wan router 122 10.7 inbound load balance qno firewall/router not only supports efficient outbound load balance, but inbound load balance. It distributes inbound traffic equally to every wan port to make best use of bandwidth. It also can prevent traffic from unequally distribution and congeste...
Page 126
Multi-wan router 123.
Page 127
Multi-wan router 124 4. Configure domain name and host ip. Assign dns service provider and host ip address. Take the setting on twnic as an example, the network structure and ip are as following: wan1:adsl isp a 210.10.1.1 wan2:adsl isp b 200.1.1.1 domain name:abc.Com.Tw name server(ns):ns1.Abc.Com....
Page 128
Multi-wan router 125 domain name: input the domain name which is applied before. The domain name will be shown in following configuration automatically without entering again. Time to live: time to live (the abbreviation is ttl) is time interval of dns inquiring (second, 0~65535). Too long interval ...
Page 129
Multi-wan router 126 interface: assign wan ip address as corresponding ip of ns record. The system will show all acquired enabled wan ip addresses automatically so that users can check directly. But users have to check if the ip addresses are the same as the corresponding settings on twnic dns servi...
Page 130
Multi-wan router 127 “www.Mydomain.Com” and “mail.Mydomain.Com”. They are both orientated to “host.Mydomain.Com.” you can also assign several domain names to the same ip address. One of the domains will be a record corresponding server ip, and the others will be alias of a record domain. If you chan...
Page 131
Multi-wan router 128 mail server: input the server name which is saved in a record or external mail server. Click “apply” button to save the configuration. Besides, users have to configure dns service port as following description. 10. Enable dns query (dns service port) in access rule of firewall s...
Page 132
Multi-wan router 129 service port: activate the service port of a record server, e.G. Smtp [tcp/25~25] for mail. Internal ip: input the internal ip of a record, e.G. 192.168.8.100 of mail server. Interface: select the wan port of a record and corresponding ip. Enable: activate the configuration. Add...
Page 133
Multi-wan router 130 xi. System tool this chapter introduces the management tool for controlling the device and testing network connection. For security consideration, we strongly suggest to change the password. Password and time setting is in chapter 5.2. 11.1 diagnostic the device provides a simpl...
Page 134
Multi-wan router 131 ping this item informs users of the status quo of the outbound session and allows the user to know the existence of computers online. On this test screen, please enter the host ip that users want to test such as 192.168.5.20. Press "go" to start the test. The result will be disp...
Page 135
Multi-wan router 132 11.2 firmware upgrade users may directly upgrade the device firmware on the firmware upgrade page. Please confirm all information about the software version in advance. Select and browse the software file, click "firmware upgrade right now" to complete the upgrade of the designa...
Page 136
Multi-wan router 133 11.3 setting backup import configuration file: this feature allows users to integrate all backup content of parameter settings into the device. Before upgrade, confirm all information about the software version. Select and browse the backup parameter file: "config.Exp." select t...
Page 137
Multi-wan router 134 11.4 snmp simple network management protocol (snmp) refers to network management communications protocol and it is also an important network management item. Through this snmp communications protocol, programs with network management (i.E. Snmp tools-hp open view) can help commu...
Page 138
Multi-wan router 135 apply: press “apply” to save the settings. Cancel: press “cancel” to keep the settings unchanged..
Page 139
Multi-wan router 136 11.5 system recover users can restart the device with system recover button. Restart as the figure below, if clicking “restart router” button, the dialog block will pop out, confirming if users would like to restart the device. Return to factory default setting if clicking “retu...
Page 140
Multi-wan router 137 it ’s recommended to save the current configuration before upgrading firmware. After firmware upgraded, import the configuration file after returning to factory default to ensure system stable. (please refer to 12.3).
Page 141
Multi-wan router 138 11.6 high availability high availability is adopted in the network that requires fault tolerance and backup mechanism. Two similar devices are used to be the backup for each other. One of these devices is employed for major network transmitting, and the other redundant device wi...
Page 142
Multi-wan router 139 (2) two devices are operating simultaneously two devices operate outbound linking simultaneously, but they are still separated as master device and backup device. In normal situation, master device is major dhcp ip issuer, and backup device will disable dhcp issuing automaticall...
Page 143
Multi-wan router 140 operation-backup mode indicates the backup device will take over when the master fails transmitting. Wan and lan ip setting in backup device should be the same as those of master device. The backup device should not be in charge of network transmitting and dhcp server. ※ if the ...
Page 144
Multi-wan router 141 operation-master mode besides operating network with another device, master device is also the dhcp server to issue lan ip addresses. Although slave device also supports outbound linking, its dhcp server is disabled. Wan backup (the checked wans are not working in this device.) ...
Page 145
Multi-wan router 142 operation-slave mode although working with master device, backup device ’s dhcp server is disabled. Lan users need to transmit traffic through the wan on slave device. You should add lan ip of slave device into master device dhcp server default gateway, which is dhcp server ip a...
Page 146
Multi-wan router 143 11.7 license key users have to purchase license key to “enable” some functions in qno firwalls/routers series or upgrade to “official version”(not trial version), such as qnosniff or inbound load balance, etc. Current time: before inputing license key, the device will check whet...
Page 147
Multi-wan router 144 registration time: display successfully inputted and registered time. Status information: indicate remaining trial date or supported amount of qnosoftkey vpn tunnels. Refresh: refresh current system status and time..
Page 148
Multi-wan router 145 xii. Log from the log management and look up, we can see the relevant operation status, which is convenient for us to facilitate the setup and operation. 12.1 system log its system log offers three options: system log, e-mail alert, and log setting. System log.
Page 149
Multi-wan router 146 enabled: if this option is selected, the system log feature will be enabled. Host name: the device provides external system log servers with log collection feature. System log is an industrial standard communications protocol. It is designed to dynamically capture related system...
Page 150
Multi-wan router 147 reaches the threshold first and send the log message of that parameter to the user. Send log to e- mail: users may send out the log right away by pressing this button. Log setting alert log the device provides the following warning message. Click to activate these features: syn ...
Page 151
Multi-wan router 148 general log the device provides the following warning message. Click to activate the feature. System error message, blocked regulations, regulation of passage permission, system configuration change and registration verification. System error message: provides the system log wit...
Page 152
Multi-wan router 149 outgoing packet log: view system packet log which is sent out from the internal pc to the internet. This log includes lan ip, destination ip, and service port that is applied. It is illustrated as below. Incoming packet log: view system packet log of those entering the firewall....
Page 153
Multi-wan router 150 clear log now: this feature clears all the current information on the log..
Page 154
Multi-wan router 151 12.2 system statistic the device has the real-time surveillance management feature that provides system current operation information such as port location, device name, current wan link status, ip address, mac address, subnet mask, default gateway, dns, number of received/ sent...
Page 155
Multi-wan router 152 12.3 traffic statistic six messages will be displayed on the traffic statistic page to provide better traffic management and control. By inbound ip address: the figure displays the source ip address, bytes per second, and percentage. By outbound ip address: the figure displays t...
Page 156
Multi-wan router 153 by outbound port: the figure displays the network protocol type, destination ip address, bytes per second, and percentage. By inbound port: the figure displays the network protocol type, destination ip address, bytes per second, and percentage..
Page 157
Multi-wan router 154 by outbound session: the figure displays the source ip address, network protocol type, source port, destination ip address, destination port, bytes per second and percentage. By inbound session: the figure displays the source ip address, network protocol type, source port, desti...
Page 158
Multi-wan router 155 12.4 connection statistic (future feature) connection statistic function is used to record the numbers of network connections, including outbound sessions, and intranet users (pc). It also displays the user connection sessions. Enable: when enabling connection statistic function...
Page 159
Multi-wan router 156 connection statistic and details.(as the following graph): host name: display pc names that having outbound traffic. It will show blank when the system cannot analyze. Session: display pc connection sessions that having outbound traffic. Refresh: click the refresh button that th...
Page 160
Multi-wan router 157 12.5 ip/ port statistic the device allows administrators to inquire a specific ip (or from a specific port) about the addresses that this ip had visited, or the users (source ip) who used this service port. This facilitates the identification of websites that needs authenticatio...
Page 161
Multi-wan router 158.
Page 162
Multi-wan router 159 12.6 qrtg (qno router traffic grapher) qrtg utilizes dynamic gui and simple statistic to display system status of qno firewall/ router presently, including cpu utilization(%), memory utilization(%), session and wan traffic. Enable qrtg: the funcation is disabled by default. When...
Page 163
Multi-wan router 160
Page 164
Multi-wan router 161 ii. Wan traffic statistic (hourly) graphic and average (up/down stream) (as in the following figures) * the ui might vary from model to model, depending on different product lines..
Page 165
Multi-wan router 162 iii. Wan traffic statistic (day) graphic and average (up/down stream)(as in the following figures) * the ui might vary from model to model, depending on different product lines..
Page 166
Multi-wan router 163 iv. Wan traffic statistic (week) graphic and average (up/down stream)(as in the following figures) * the ui might vary from model to model, depending on different product lines..
Page 167
Multi-wan router 164 xiii. Log out on the top right corner of the web- based ui, there is alogout button. Click on it to log out of the web-based ui. To enter next time, open the web browser and enter the ip address, user name and password to log in..
Page 168
Multi-wan router 165 appendix i: user interface and user manual chapter cross reference this appendix is to show the corresponding index for each chapter and user interface. Users can find how to setup quickly and understand the router capability at the same time. Router overall interface is as belo...
Page 169
Multi-wan router 166 session control 8.2 session limit hardware optimization 8.3 hardware optimization ip/dhcp vii. Port management setup 7.3 dhcp/ ip status 7.4 dhcp status ip & mac binding 7.5 ip & mac binding group management vii. Port management local ip group 7.6 ip grouping remote ip group 7.6...
Page 170
Multi-wan router 167 system recover 12.5 system recover high availability 13.6 high availability license key 13.7 license key port management vii. Port management setup 7.1 setup status 7.2 status log xiii. Log system log 13.1 system log system status 13.2 system statistic traffic statistic 13.3 tra...
Page 171
Multi-wan router 168 appendix ii: troubleshooting (1) shock wave and worm virus prevention since many users have been attacked by shock wave and worm viruses recently, the internet transmission speed was brought down and the session bulky increase result in the massive processing load of the device....
Page 172
Multi-wan router 169 use the same method to add udp [udp135~139] and tcp [445~445] ports. C. Enhance the priority level of these three to the highest..
Page 173
Multi-wan router 170 (2) block qqlive video broadcast setting qqlive video broadcast software is a stream media broadcast software. Many clients are bothered by the same problem: when several users apply qqlive video broadcast software, a greater share of the bandwidth is occupied, thus overloading ...
Page 174
Multi-wan router 171 cache.Tv.Qq.Com 58.60.11.145 58.60.11.146 58.60.11.147 59.36.97.5 59.36.97.7 59.36.97.37 219.133.63.48 loginqqlivedx.Qq.Com 219.133.49.159 loginqqlivewt.Qq.Com 58.251.63.13 loginqqlivexy.Qq.Com 202.205.3.218 qqlive.Qq.Com 219.133.62.70 tv1-3t.Qq.Com 221.236.11.40 tv2.Qq.Com 218....
Page 175
Multi-wan router 172 (3) arp virus attack prevention 1. Arp issue and information recently, many cyber cafes in china experienced disconnection (partially or totally) for a short period of time, but connection is resumed quickly. This is caused by the clash with mac address. When virus-contained mac...
Page 176
Multi-wan router 173 data to host b. Meanwhile, it will update its arp cache. Moreover, arp virus attack can be briefly described as an internal attack to the pc, which causes trouble to the arp table of the pc. In lan, ip address was transferred into the second physical address (mac address) throug...
Page 177
Multi-wan router 174 if there are cases of packet loss of the ping lan ip and lf later there is connection, it is possible that the system is attacked by arp. To verify the situation, we may judge by checking arp table. Enter the arp -a command as illustrated below. It is found that the ip of 192.16...
Page 178
Multi-wan router 175 b) bind the gateway ip and mac address for each pc this prevents the arp from cheating ip and its mac address. First, find out the gateway ip and mac address on the device end. On every pc, start or operate cmd to enter the dos operation. Enter arp –s 192.168.1.1 0a-0f-d4-9e-fb-...
Page 179
Multi-wan router 176 arp -d arp -s router lan ip router lan mac for those internal network attacked by arp, the source must be identified. Method: if the pc fails to go online or there is packet loss of ping, in the dos screen, input arp –a command to check if the mac address of the gateway is the s...
Page 180
Multi-wan router 177 after an item is added to the list, the corresponding message will be displayed in the white block on the bottom. However, such method is not recommended because the inquiry of ip/mac addresses of all hosts creates heavy workload. Another method to bind ip and mac is more recomm...
Page 181
Multi-wan router 178 click to display ip and mac binding list dialog box. In this box, the unbinding ip and mac address corresponding to the pc are displayed. Enter the "name" of the computer and click on "enabled" with the display of the “√” icon and push the option on the top right corner of the s...
Page 182
Multi-wan router 179 though these basic operations can help solve the problem but qno's technical engineers suggest that further measures should be taken to prevent the arp attack. 1. Deal with virus source as well as the source device affected by virus through virus killing and the system re-instal...
Page 183
Multi-wan router 180 and delete some redundant accounts. 5. Frequently update anti-virus software (virus data base), and set the daily upgrade that allows regular and automatic update. Install and use the network firewall software. Network firewall is important for the process of anti-virus. It can ...
Page 184
Multi-wan router 181 appendix iii: qno technical support information for more information about the qno's product and technology, please log onto the qno's bandwidth forum, refer to the examples of the ftp server, or contact the technical department of qno's dealers as well as the qno's mainland tec...