AirLive RS-3000, User Manual

Page 1: ...1 RS 3000 Office UTM Gateway User s Manual ...

Page 2: ...imits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against radio interference in a commercial environment This equipment can generate use and radiate radio frequency energy and if not installed and used in accordance with the instructions in this manual may cause harmful interference to radio communications Operation o...

Page 3: ...3 2 Permitted IP 12 3 3 Logout 13 3 4 Software Update 14 Chapter 4 Configure 15 4 1 Setting 15 4 2 Date Time 22 4 3 Multiple Subnet 23 4 4 Route Table 26 4 5 DHCP 28 4 6 Dynamic DNS 30 4 7 Host Table 31 4 8 SNMP 32 4 9 Language 33 Chapter 5 Interface 34 5 1 LAN 36 5 2 WAN 37 5 3 DMZ 44 Chapter 6 Address 45 6 1 LAN 47 6 2 LAN Group 49 Chapter 7 Service 52 7 1 Pre defined 53 7 2 Custom 54 7 3 Group ...

Page 4: ...y 147 Chapter 17 Anti Spam 152 17 1 Setting 152 17 2 Rule 156 17 3 Whitelist 158 17 4 Blacklist 158 17 5 Training 159 17 6 Spam Mail 159 Chapter 18 Anti Virus 201 Chapter 19 IDP 212 19 1 Setting 212 19 2 Signature 214 19 3 IDP Report 219 Chapter 20 Anomaly Flow IP 220 Chapter 21 Log 222 Chapter 22 Accounting Report 232 Chapter 23 Statistic 243 Chapter 24 Diagnostic 248 24 1 Ping 248 24 2 Tracerout...

Page 5: ...ail filter Integrated with Clam AV virus engine can filter the attached virus of incoming mail Regularly or manually updated virus pattern The virus pattern can be auto updated regularly every 10 minutes or manually updated And the license is free Anti Spam for Inbound E mail filter Built in with Bayesian fingerprint verifying sender account and checking sender IP in RBL system work to filter spam...

Page 6: ...uthentication User must pass the authenticated for the Internet accessed right The account database can be the local database RADIUS and POP3 server QoS Divided the bandwidth per service or IP address to guarantee a certain bandwidth for the specific service server to be accessed Personal QoS Just a simple setting to unify the bandwidth of all internal clients Advanced functions Multiple WANs Load...

Page 7: ...king Packets is sending receiving DMZ Orange On Cable speed is 100 Mbps Port Description WAN 1 2 Use this port to connect to a router DSL modem or Cable modem LAN Use this port to connect to the LAN network of the office DMZ Connection to the Internet FTP SNMP HTTP DNS Console Port 9 pin serial port connector for checking setting and restore to the factory setting 1 3 Packing List RS 3000 Office U...

Page 8: ...ly that is via DHCP server of this product After installing the TCP IP communication protocol you can use the ping command to check if your computer has successfully connected to this product The following example shows the ping procedure for Windows platforms First execute the ping command ping 192 168 1 1 If the following messages appear Pinging 192 168 1 1 with 32 bytes of data Reply from 192 1...

Page 9: ...t login username admin and password airlive of Administrator Figure 2 1 Login page STEP 2 After entering the username and password the Security Gateway WEB UI screen will display Select the Interface tab on the left menu and a sub function list will be displayed Click on WAN from the sub function list enter proper the network setup information Click Modify to modify WAN1 2 settings i e WAN1 Interf...

Page 10: ...n click on Outgoing from the sub function list STEP 4 Click on New Entry button STEP 5 When the New Entry option appears enter the following configuration Source Address select Inside_Any Destination Address select Outside_Any Service select ANY Action select Permit ALL Click on OK to apply the changes 8 ...

Page 11: ...Make sure that all the computers that are connected to the LAN port have their Default Gateway IP Address set to the Security Gateway s LAN IP Address i e 192 168 1 1 At this point all the computers on the LAN network should gain access to the Internet immediately Figure 2 4 Complete Policy setting page 9 ...

Page 12: ...ministrators and Sub Administrator for the RS 3000 The admin user name cannot be removed and the sub admin user can be removed or modified The default Account admin Password airlive Privilege The privileges of Administrators Admin or Sub Admin The username of the main Administrator is Administrator with reading writing privilege Administrator also can change the system setting log system status an...

Page 13: ...EP 3 Click OK to add the user or click Cancel to cancel it Figure 3 1 Add New Sub Admin Modify the Administrator s Password STEP 1 In the Admin WebUI locate the Administrator name you want to edit and click on Modify in the Configure field STEP 2 The Modify Administrator Password WebUI will appear Enter the following information Password admin New Password 52364 Confirm Password 52364 Figure 3 2 S...

Page 14: ... add new permitted IPs Figure 3 4 Figure 3 3 Setting Permitted IPs WebUI Figure 3 4 Complete Add New Permitted Ips To make Permitted IPs be effective it must cancel the Ping and WebUI selection in the WebUI of RS 3000 that Administrator enter LAN WAN or DMZ Interface Before canceling the WebUI selection of Interface must set up the Permitted IPs first otherwise it would cause the situation of cann...

Page 15: ...lick Logout in System to protect the system while Administrator is away Figure 3 5 Figure 3 5 Confirm Logout WebUI STEP 2 Click OK and the logout message will appear in WebUI Figure 3 6 Figure 3 6 Logout WebUI Message 13 ...

Page 16: ... which manage the RS 3000 Click Browse and choose the latest software version file Click OK and the system will update automatically Figure 3 7 Figure 3 7 Software Update It takes 3 minutes to update software The system will reboot after update During the updating time please don t turn off the PC or leave the WebUI It may cause some unexpected mistakes Strong suggests updating the software from L...

Page 17: ... to the System Administrator when the network is being attacked by hackers or when emergency conditions occur It can be set from Anomaly Flow IP Setting to detect Hacker Attacks Web Management WAN Interface The System Manager can change the port number used by HTTP port anytime Remote WebUI management After HTTP port has changed if the administrator wants to enter WebUI from WAN will have to chang...

Page 18: ...without enabling this function depends on the SIP device s type you have Administration Packet Logging After enable this function the RS 3000 will record packet which source IP or destination address is RS 3000 And record in Traffic Log for System Manager to inquire about System Reboot Once this function is enabled the Office UTM Gateway will be rebooted 16 ...

Page 19: ...ttings to Client Save The setting value of RS 3000 will copy to the appointed site instantly Figure 4 1 STEP 2 When the File Download pop up window appears choose the destination place where to save the exported file and click on Figure 4 1 Select the Destination Place to Save the Exported File 17 ...

Page 20: ... from Client When the Choose File pop up window appears select the file to which contains the saved RS 3000 Settings then click OK Figure 4 2 STEP 2 Click OK to import the file into the RS 3000 Figure 4 3 Figure 4 2 Enter the File Name and Destination of the Imported File Figure 4 3 Upload the Setting File WebUI 18 ...

Page 21: ...ory Default Settings STEP 1 Select Reset Factory Settings in RS 3000 Configuration WebUI STEP 2 Click OK at the bottom right of the page to restore the factory settings Figure 4 4 Figure 4 4 Reset Factory Settings 19 ...

Page 22: ... Enter SMTP server s IP address STEP 5 E Mail Address 1 Enter the e mail address of the first user to be notified STEP 6 E Mail Address 2 Enter the e mail address of the second user to be notified Optional STEP 7 Click OK on the bottom right of the screen to enable E mail Alert Notification Figure 4 5 Figure 4 5 Enable E mail Alert Notification Click on Mail Test to test if E mail Address 1 and E ...

Page 23: ...Reboot RS 3000 Click Reboot button next to Reboot RS 3000 Appliance STEP 2 A confirmation pop up page will appear STEP 3 Follow the confirmation pop up page click OK to restart RS 3000 Figure 4 6 Figure 4 6 Reboot RS 3000 21 ...

Page 24: ...erver Figure 4 7 STEP 2 Click the down arrow to select the offset time from GMT STEP 3 If necessary select Enable daylight saving time setting STEP 4 Enter the Server IP Name with which you want to synchronize STEP 5 Set the interval time to synchronize with outside servers Figure 4 7 System Time Setting Click on the Sync button and then the RS 3000 s date and time will be synchronized to the Admi...

Page 25: ... Multiple Subnet range WAN Interface IP The IP address that Multiple Subnet corresponds to WAN Forwarding Mode To display the mode that Multiple Subnet use NAT mode or Routing Mode Preparation RS 3000 WAN1 60 250 158 66 connect to the ISP Router 60 250 158 254 and the subnet that provided by ISP is 162 172 50 0 24 To connect to Internet WAN2 IP 211 22 22 22 connects with ATUR 23 ...

Page 26: ...4 8 Figure 4 8 Add Multiple Subnet WebUI WAN1 and WAN2 Interface can use Assist to enter the data After setting there will be two subnets in LAN 192 168 1 0 24 default LAN subnet and 162 172 50 0 24 So if LAN IP is 192 168 1 x it must use NAT Mode to access to the Internet In Policy it only can setup to access to Internet by WAN2 If by WAN1 Routing mode then it cannot access to Internet by its vir...

Page 27: ...t 192 168 4 1 24 LAN 168 85 88 250 WAN 5 Accounting department subnet 192 168 5 1 24 LAN 168 85 88 249 WAN The first department R D department had set while setting interface IP the other four ones have to be added in Multiple Subnet After completing the settings each department uses the different WAN IP Address to connect to the Internet The settings of each department are as following Service Sa...

Page 28: ...Route1 STEP 2 Enter the following settings in Route Table in System function Destination IP Enter 192 168 20 1 Netmask Enter 255 255 255 0 Gateway Enter 192 168 1 252 Interface Select LAN Click OK Figure 4 10 Figure 4 10 Add New Static Route2 STEP 3 Enter the following setting in Route Table in System function Destination IP Enter 10 10 10 0 Netmask Enter 255 255 255 0 Gateway Enter 192 168 1 252 ...

Page 29: ...Figure 4 11 Add New Static Route3 STEP 4 Adding successful At this time the computer of 192 168 10 1 24 192 168 20 1 24 and 192 168 1 1 24 can connect with each other and connect to Internet by NAT 27 ...

Page 30: ...buted IP address of WINS Server2 LAN Interface Client IP Address Range 1 Enter the starting and the ending IP address dynamically assigning to DHCP clients The default value is 192 168 1 2 to 192 168 1 254 it must be in the same subnet Client IP Address Range 2 Enter the starting and the ending IP address dynamically assigning to DHCP clients But it must be within the same subnet as Client IP Addr...

Page 31: ...tomatically Get DNS the DNS Server will be locked as LAN Interface IP Using Occasion When the system Administrator starts Authentication the users first DNS Server must be the same as LAN Interface IP in order to enter Authentication WebUI 29 ...

Page 32: ...n name Enter Your host domain name Click OK to add Dynamic DNS Figure 4 14 Figure 4 13 DDNS WebUI Figure 4 14 Complete DDNS Setting Chart Meaning Update successfully Incorrect username or password Connecting to server Unknown error If System Administrator had not registered a DDNS account click on Sign up then can enter the website of the provider If you do not select Automatically fill in the WAN...

Page 33: ...ust be LAN or DMZ IP address STEP 1 Select Host Table in Settings function and click on New Entry Host Name The domain name of the server Virtual IP Address The virtual IP address is corresponding to the Host Click OK to add Host Table Figure 4 15 Figure 4 15 Add New Host Table To use Host Table the user PC s first DNS Server must be the same as the LAN Port or DMZ Port IP of RS 3000 That is the d...

Page 34: ... Taiwan and user can change it Community The default setting is public and user can change it Contact Person The default setting is root public and user can change it Description The default setting is Office UTM gateway Appliance and user can change it Click OK The SNMP Agent setting is done So administrator can install SNMP management software on PC and monitor RS 3000 via SNMP Agent Figure 4 16...

Page 35: ...inistrator can receive alert message from PC installed with SNMP management software via RS 3000 SNMP Trap function System will transfer the alert messages to specific IP address when RS 3000 is attacked by hacker or connect disconnect status of line Figure 4 17 Figure 4 17 SNMP Trap setting 4 9 Language Select the Language version English Version Traditional Chinese Version or Simplified Chinese ...

Page 36: ...ream of WAN For users who are using various download bandwidth Round Robin The RS 3000 distributes the WAN 1 2 download bandwidth 1 1 in other words it selects the agent by order For users who are using same download bandwidths By Traffic The RS 3000 distributes the WAN 1 2 download bandwidth by accumulative traffic By Session The RS 3000 distributes the WAN 1 2 download bandwidth by saturated con...

Page 37: ...ction status DNS Another way to verify the connection status by checking the DNS server and Domain Name configured by user Upstream Downstream Bandwidth The System Administrator can set up the correct Bandwidth of WAN network Interface here Auto Disconnect The PPPoE connection will automatically disconnect after a length of idle time no activities Enter 0 means the PPPoE connection will not discon...

Page 38: ...g LAN Interface WebUI The default LAN IP Address is 192 168 1 1 After the Administrator setting the new LAN IP Address on the computer he she have to restart the System to make the new IP address effective when the computer obtain IP by DHCP Do not cancel WebUI selection before not setting Permitted IPs yet It will cause the Administrator cannot be allowed to enter the RS 3000 WebUI from LAN 36 ...

Page 39: ...ace and click Modify in WAN1 Interface The setting of WAN2 Interface is almost the same as WAN1 The difference is that WAN2 has a selection of Disable The System Administrator can close WAN2 Interface by this selection Figure 5 2 Figure 5 2 Disable WAN2 Interface 37 ...

Page 40: ...Domain Name can select from Assist Figure 5 4 Setting time of seconds between sending alive packet Figure 5 3 ICMP Connection Figure 5 4 DNS Service Connection test is used for RS 3000 to detect if the WAN can connect or not So the Alive Indicator Site IP DNS Server IP Address or Domain Name must be able to use permanently Or it will cause judgmental mistakes of the device 38 ...

Page 41: ...lect Fixed please enter IP Address Netmask and Default Gateway 5 Enter Max Downstream Bandwidth and Max Upstream Bandwidth According to the flow that user apply 6 Select Ping and HTTP 7 Click OK Figure 5 6 Figure 5 5 PPPoE Connection Figure 5 6 Complete PPPoE Connection Setting You can set up Auto Disconnect if idle in order to disconnect the PPPoE when the idle time is up and save the network exp...

Page 42: ...MAC IP automatically 4 Hostname Enter the hostname provided by ISP 5 Domain Name Enter the domain name provided by ISP 6 User Name and Password are the IP distribution method according to Authentication way of DHCP protocol 7 Enter Max Downstream Bandwidth and Max Upstream Bandwidth According to the flow applied by user 8 Select Ping and HTTP 9 Click OK Figure 5 8 Figure 5 7 Dynamic IP Address Con...

Page 43: ...o the flow applied by user 5 Select Ping and HTTP 6 Click OK Figure 5 10 Figure 5 9 Static IP Address Connection Figure 5 10 Complete Static IP Address Connection Setting When selecting Ping and WebUI on WAN network Interface users will be able to ping the RS 3000 and enter the WebUI WAN network It may influence network security The suggestion is to Cancel Ping and WebUI after all the settings hav...

Page 44: ...ovided by ISP 7 Domain Name Enter the domain name provided by ISP 8 If user selects Use the following IP address please enter IP Address Netmask and Default Gateway 9 Enter PPTP server IP address as the PPTP Gateway provided by ISP 10 Enter Max Downstream Bandwidth and Max Upstream Bandwidth According to the flow applied by user 11 Select BEZEQ ISRAEL Israel User Only 12 Select Ping and HTTP 13 Cl...

Page 45: ...Figure 5 11 PPTP Connection Figure 5 12 Complete PPTP Connection Setting 43 ...

Page 46: ...ure 5 13 Setting DMZ Interface Address NAT Mode WebUI Setting DMZ Interface Address Transparent Mode STEP 1 Select DMZ Interface STEP 2 Select Transparent Mode in DMZ Interface Select DMZ_Transparent in DMZ Interface STEP 3 Select Ping and HTTP STEP 4 Click OK Figure 5 14 Figure 5 14 Setting DMZ Interface Address Transparent Mode WebUI In WAN the connecting way must be Static IP Address and can ch...

Page 47: ... the Administrator needs to create a control policy for packets of different IP addresses he can first add a new group in the LAN Group or the WAN Group and assign those IP addresses into the newly created group Using group addresses can greatly simplify the process of building control policies With easily recognized names of IP addresses and names of address groups shown in the address table the ...

Page 48: ...ould be set as 255 255 255 255 When correspond to several IP of a specific Domain Take 192 168 100 1 C Class subnet as an example it should be set as 255 255 255 0 MAC Address Correspond a specific PC s MAC Address to its IP it can prevent users changing IP and accessing to the net service through policy without authorizing Get Static IP address from DHCP Server When enable this function and then ...

Page 49: ...dress and enter the following settings Click New Entry button Figure 6 1 Name Enter Jacky IP Address Enter 192 168 3 2 Netmask Enter 255 255 255 255 MAC Address Enter the user s MAC Address 00 18 F3 F5 D3 54 Select Get static IP address from DHCP Server Click OK Figure 6 2 Figure 6 1 Setting LAN Address Book WebUI Figure 6 2 Complete the Setting of LAN 47 ...

Page 50: ...ecific IP to Access to Internet When the System Administrator setting the Address Book he she can choose the way of clicking on to make the RS 3000 to fill out the user s MAC Address automatically In LAN of Address function the RS 3000 will default an Inside Any address represents the whole LAN network automatically Others like WAN DMZ also have the Outside Any and DMZ Any default address setting ...

Page 51: ... several LAN network Address Figure 6 5 Figure 6 5 Setting Several LAN Network Address STEP 2 Enter the following settings in LAN Group of Address Click New Entry Figure 6 6 Enter the Name of the group Select the users in the Available Address column and click Add Click OK Figure 6 7 Figure 6 6 Add New LAN Address Group 49 ...

Page 52: ... Group of Address are the same as LAN Group STEP 3 Enter the following settings in WAN of Address function Click New Entry Figure 6 8 Enter the following data Name IP Address Netmask Click OK Figure 6 9 Figure 6 8 Add New WAN Address Figure 6 9 Complete the Setting of WAN Address 50 ...

Page 53: ... 4 To exercise STEP1 3 in Policy Figure 6 10 6 11 Figure 6 10 To Exercise Address Setting in Policy Figure 6 11 Complete the Policy Setting The Address function really take effect only if use with Policy 51 ...

Page 54: ...here are three sub menus under Service which are Pre defined Custom and Group The Administrator can simply follow the instructions below to define the protocols and port numbers for network communication applications Users then can connect to servers and other computers through these available network services How to use Service The Administrator can add new service group names in the Group option...

Page 55: ... WINFRAME X WINDOWS MSN etc UDP Service For example IKE DNS NFS NTP PC Anywhere RIP SNMP SYSLOG TALK TFTP UDP ANY UUCP etc ICMP Service Foe example PING TRACEROUTE etc Define the required fields of Service New Service Name The System Manager can name the custom service Protocol The protocol type to be used in connection for device such as TCP and UDP mode Client Port The port number of network car...

Page 56: ...ing LAN Group Address Book WebUI STEP 2 Enter the following setting in Custom of Service function Click New Entry Figure 7 3 Service Name Enter the preset name VoIP Protocol 1 select TCP need not to change the Client Port and set the Server Port as 1720 1720 Protocol 2 select TCP need not to change the Client Port and set the Server Port as 15328 15333 Protocol 3 select UDP need not to change the ...

Page 57: ...Change the client range in Custom of is not suggested If the port numbers that enter in the two spaces are different port number then enable the port number under the range between the two different port numbers for example 15328 15333 And if the port number that enters in the two spaces are the same port number then enable the port number as one for example 1720 1720 55 ...

Page 58: ...7 6 Complete the Policy for External VoIP to Connect with Internal VoIP STEP 5 In Outgoing Policy complete the setting of internal users using VoIP to connect with external network VoIP Figure 7 7 Figure 7 7 Complete the Policy for Internal VoIP to Connect with External VoIP Service must cooperate with Policy and Virtual Server that the function can take effect 56 ...

Page 59: ...the following setting in Group of Service Click New Entry Figure 7 8 Name Enter Main_Service Select HTTP POP3 SMTP DNS in Available Service and click Add Click OK Figure 7 9 Figure 7 8 Add Service Group Figure 7 9 Complete the setting of Adding Service Group If you want to remove the service you choose from Selected Service choose the service you want to delete and click Remove 57 ...

Page 60: ...ess function set up an Address Group that can include the service of access to Internet Figure 7 10 Figure 7 10 Setting Address Book Group STEP 3 Compare Service Group to Outgoing Policy Figure 7 11 Figure 7 11 Setting Policy 58 ...

Page 61: ...e designated times And then the Administrator can set the start time and stop time or VPN connection in Policy or VPN By using the Schedule function the Administrator can save a lot of management time and make the network system most effective How to use the Schedule The system Administrator can use schedule to set up the device to carry out the connection of Policy or VPN during several different...

Page 62: ...ss to Internet in a day STEP 1 Enter the following in Schedule Click New Entry Figure 8 1 Enter Schedule Name Set up the working time of Schedule for each day Click OK Figure 8 2 Figure 8 1 Setting Schedule WebUI Figure 8 2 Complete the Setting of Schedule 60 ...

Page 63: ...STEP 2 Compare Schedule with Outgoing Policy Figure 8 3 Figure 8 3 Complete the Setting of Comparing Schedule with Policy The Schedule must compare with Policy 61 ...

Page 64: ...re the Guaranteed Bandwidth and Maximum Bandwidth QoS Priority To configure the priority of distributing Upstream Downstream and unused bandwidth The RS 3000 configures the bandwidth by different QoS and selects the suitable QoS through Policy to control and efficiently distribute bandwidth The RS 3000 also makes it convenient for the administrator to make the Bandwidth to reach the best utility F...

Page 65: ...mum Bandwidth according to the bandwidth range you applied from ISP Priority To configure the priority of distributing Upstream Downstream and unused bandwidth Guaranteed Bandwidth The basic bandwidth of QoS The connection that uses the IPSec Autokey of VPN or Policy will preserve the basic bandwidth Maximum Bandwidth The maximum bandwidth of QoS The connection that uses the IPSec Autokey of VPN o...

Page 66: ...eam bandwidth STEP 1 Enter the following settings in QoS Click New Entry Figure9 3 Name The name of the QoS you want to configure Enter the bandwidth in WAN1 WAN2 Select QoS Priority Click OK Figure9 4 Figure9 3 QoS WebUI Setting Figure9 4 S Setting Complete the Qo 64 ...

Page 67: ...y Figure9 tting 6 Complete Policy Se When the administrator are setting QoS the bandwidth range that can be set is the value that system administrator set in the WAN of Interface So when the System Administrator sets the downstream and upstream bandwidth in WAN of Interface he she must set up precisely 65 ...

Page 68: ...e port number to allow internal users to connect to the authentication page The port number is allowed to be changed Re Login if Idle The function works to force internal user to login again when the idle time is exceeded after passing the authentication The default value is 30 minutes Re Login after user login successfully The function works to permit user to re login within a period of time The ...

Page 69: ...tting in this function Figure10 1 Figure10 1 Authentication Setting WebUI When the user connect to external network by Authentication the following page will be displayed Figure10 2 Figure10 2 Authentication Login WebUI 67 ...

Page 70: ... user asks for authentication positively he she can enter the LAN IP with the Authentication port number And then the Authentication WebUI will be displayed Authentication User Name The user account for Authentication you want to set Password The password when setting up Authentication Confirm Password Enter the password that correspond to Password 68 ...

Page 71: ...policy Adopt the built in Auth User and Auth Group RADIUS or POP3 Function STEP 1 Setup several Auth User in Authentication Figire10 4 Figure10 4 Setting Several Auth Users WebUI To use Authentication the DNS Server of the user s network card must be the same as the LAN Interface Address of RS 3000 69 ...

Page 72: ...re10 5 Setting Auth Group WebUI STEP 3 User also can select to authenticate user with RADIUS server Just need to enter the Server IP Port number password and enable the function Enable RADIUS Server Authentication Enter RADIUS Server IP Enter RADIUS Server Port Enter password in Shared Secret Complete the setting of RADIUS Server Figure10 6 Figure10 6 Setting RADIUS WebUI STEP 4 The third method o...

Page 73: ...rt Complete the setting of POP3 Server Figure10 7 Figure10 7 Setting POP3 WebUI Figure1 STEP 5 Add a policy in Outgoing Policy and input the Address and Authentication of STEP 2 Figure10 8 10 9 Figure10 8 Auth User Policy Setting User 0 9 Complete the Policy Setting of Auth 71 ...

Page 74: ... Internet Figure10 10 Figure10 10 n WebUI Access to Internet through Authenticatio STEP 7 If the user does not need to access to Internet anymore and is going to logout he she can click LOGOUT Auth User to logout the system Or enter the Logout Authentication WebUI http LAN Interface Authentication port number logout html to logout Figure10 11 Figure10 11 Logout Auth User WebUI 72 ...

Page 75: ...ow or Restrict entering the specific website by complete domain name key words and meta character and Script Blocking To restrict the access authority of Popup ActiveX Java or Cookie Download Blocking To restrict the authority of download specific sub name file audio and some common video by http protocol directly Upload Blocking To restrict the authority of upload specific sub name file or restri...

Page 76: ...ring ActiveX Blocking Prevent ActiveX packets Java Blocking Prevent Java packets Cookie Blocking Prevent Cookies packets Audio and Video Types Prevent users to transfer sounds and video file by http Extension Blocking Prevent users to deliver specific sub name file by http All Type Prevent users to send the Audio Video types and sub name file etc by http protocol 74 ...

Page 77: ... tw or gov 2 After setting up the website you want to access user needs to input an order to forbid all in the last URL String just type in in URL String Warning The order to forbid all must be placed at the last If you want to open a new website you must delete the order of forbidding all and then input the new domain name At last re type in the forbid all order again STEP 1 Enter the following i...

Page 78: ...cy Setting STEP 3 Complete the policy of permitting the internal users only can access to some specific website in Outgoing Policy function Figure11 3 Figure1 ttings 1 3 Complete Policy Se Afterwards the users only can browse the website that includes yahoo and google in domain name by the above policy 76 ...

Page 79: ...f Website STEP 1 Select the following data in Script of Content Blocking function Select Popup Blocking Select ActiveX Blocking Select Java Blocking Select Cookie Blocking Click OK Complete the setting of Script Blocking Figure11 4 Figure11 4 Script Blocking WebUI 77 ...

Page 80: ...omplete the policy of restricting the internal users to access to Script file of Website in Outgoing Policy Figure11 6 Figure11 6 Complete Script Blocking Policy Setting The users may not u throug se the specific function like JAVA cookie etc to browse the website h this policy It can forbid the user browsing stock exchange website etc 78 ...

Page 81: ...STEP 1 Enter the following settings in Download of Content Blocking function Select All Types Blocking Click OK Complete the setting of Download Blocking Figure11 7 Figure11 7 Download Blocking WebUI STEP 2 Add a new Outgoing Policy and use in Content Blocking function Figure11 8 Figure11 8 Add New Download Blocking Policy Setting 79 ...

Page 82: ...omplete the Outgoing Policy of restricting the internal users to download video audio and some specific sub name file by http protocol directly Figure11 9 Figure11 9 Complete Download Blocking Policy Setting 80 ...

Page 83: ...nter the following settings in Upload of Content Blocking function Select All Types Blocking Click OK Complete the setting of Upload Blocking Figure11 10 Figure11 10 Upload Blocking WebUI STEP 2 Add a new Outgoing Policy and use in Content Blocking function Figure11 11 Figure11 11 Add New Upload Blocking Policy Setting 81 ...

Page 84: ...STEP 3 Complete the Outgoing Policy of restricting the internal users to upload some specific sub name file by http protocol directly Figure11 12 Figure11 12 Complete Upload Blocking Policy Setting 82 ...

Page 85: ...plication Signature Definition WebUI Instant Message Login Restrict the authority to login MSN Yahoo Messenger ICQ AIM QQ TM2008 Skype Google Talk Gadu Gadu Rediff WebIM and AllSoft Figure 12 2 Figure 12 2 Instant Message Login WebUI Instant Message File Transfer Restrict the authority to transfer file from MSN Yahoo Messenger ICQ AIM QQ Skype Google Talk and Gadu Gadu Figure 12 3 Figure 12 3 Inst...

Page 86: ...ation Restrict the authority to watch video or listen audio from Internet by using PPLive PPStream UUSee QQLive ezPeer and qvodplayer Figure 12 5 Figure 12 5 Video Audio Application WebUI Webmail Restrict the authority to access web mail service such as Gmail Hotmail Yahoo Hinet PChome URL Yam Seednet 163 126 Yeah Tom Sina Sohu and QQ Foxmail Figure 12 6 Figure 12 6 Webmail WebUI Game Application ...

Page 87: ...p Figure 12 9 Figure 12 9 Tunnel Application WebUI Configuration Example GroupA users are not allowed to use MSN Yahoo and Skype GroupB users are allowed to use MSN but they can not transfer file by MSN GroupC users are not allowed to use MSN Yahoo Skype eDnokey Bit Torrent STEP 1 Policy Object Address LAN Enter the name and IP address of LAN users STEP 2 Policy Object Address LAN Group Allocate t...

Page 88: ...cation Blocking Setting Create Second Application Blocking rule for GroupB So the user in GroupB can access MSN but can not send files using MSN Figure 12 12 Figure 12 12 Create Second Application Groups STEP 5 Policy Object Application Blocking Setting Create Second Application Blocking rule for GroupC to block MSN Yahoo Skype eDonkey and Bit Torrent Figure 12 13 Figure 12 13 Create Second Applic...

Page 89: ... Policy rules with groups and enable Application Blocking P2P Transfer will occupy large bandwidth so that it may influence other users And P2P Transfer can change the service port free so it is invalid to restrict P2P Transfer by Service Therefore the system manager must use Application Blocking to restrict users to use P2P Transfer efficiently 87 ...

Page 90: ...y mapping This is when one real server IP address on the WAN interface can be mapped into four LAN network servers provide the same service private IP addresses This option is useful for Load Balancing which causes the Virtual Server to distribute data packets to each private IP addresses which are the real servers by session Therefore it can reduce the loading of a single server and lower the cra...

Page 91: ... Number The service name that provided by the Virtual Server External Service Port The WAN Service Port that provided by the virtual server If the service you choose only have one port and then you can change the port number here If change the port number to 8080 and then when the external users going to browse the Website he she must change the port number first to enter the Website Server Virtua...

Page 92: ...DNS is External DNS Server STEP 2 Enter the following setting in LAN of Address function Figure13 1 Figure13 1 Mapped IP Settings of Server in Address STEP 3 Enter the following data in Mapped IP of Virtual Server function Click New Entry WAN IP Enter 61 11 11 12 click Assist for assistance Map to Virtual IP Enter 192 168 1 100 Click OK Complete the setting of adding new mapped IP Figure13 2 Figur...

Page 93: ... policy that includes settings of STEP3 4 in Incoming Policy Figure13 4 Figure13 4 Complete the Incoming Policy des STEP2 4 in Outgoing Policy It makes the server to send e mail STEP 6 to external mail server by mail service Figure13 5 Figure13 5 Complete the Outgoing Policy viding several services by mapped IP S Strong suggests not to choose ANY when setting Mapped IP and choosing service Otherwi...

Page 94: ...er 1 of Virtual Server function Click the button next to Virtual Server Real IP click here to configure in Server1 Virtual Server Real IP Enter 211 22 22 23 click Assist for assistance Click OK Figure13 6 Figure13 6 Virtual Server Real IP Setting Click New Entry Service Select HTTP 80 External Service Port Change to 8080 Load Balance Server1 Enter 192 168 1 101 Load Balance Server2 Enter 192 168 1...

Page 95: ...des the virtual server set by STEP2 Figure13 8 Figure13 8 Complete Virtual Server Policy Setting In this example the external users must change its port number to 8080 before entering the Website that set by the Web server STEP 4 Complete the setting of providing a single service by virtual server 93 ...

Page 96: ...ce gro Figure13 10 Add Custom Service STEP 4 Enter the following setting in Server1 of V rtual Server function to configure in Server1 Click New Service Port From Service Custom 3 12 i Click the button next to Virtual Server Real IP click here Virtual Server Real IP Enter 61 11 11 12 click Assist for assistance Use WAN Click OK Figure13 11 Figure13 11 Virtual Server Real IP Setting WebUI Entry Sel...

Page 97: ...rary if the custom service has more than one port network number then the external network port of Virtual Server cannot be changed S Figure13 13 Figure13 13 Complete the Policy includes Virtual Server Setting owing setting of the internal users using VoIP to connect with external network S VoIP in Outgoing Policy Figure13 14 Figure13 14 Complete the Policy Setting of VoIP Connection setting servi...

Page 98: ...vers that provide several services in LAN network Its network card s IP is 192 168 1 101 192 168 1 102 192 168 1 103 192 168 1 104 and the DNS setting is External DNS server STEP 2 Enter the following in LAN and LAN Group of Address function Figure13 15 13 16 Figure13 15 Mapped IP Setting of Virtual Server in Address Figure13 16 Group Setting of Virtual Server in Address 96 ...

Page 99: ... following dat Click New Ent Service Port From Service Group e13 19 Click the button next to Virtual Server Real IP Virtual Server Real IP Enter 211 22 22 23 click Assist for assistance Click OK Figure13 18 Figure13 18Virtual Server Real IP Setting ry Select Group Service Mail_Service External Service Enter the server IP in Load Balance Server Click OK Complete the setting of Virtual Server Figur ...

Page 100: ...plete the Figure13 20 Figure13 20 Complete Incoming Policy Setting licy that includes the settings of STEP2 3 in Outgoing Policy It makes server can send e mail to external mail server by mail service Figure13 21 Figure13 21 Complete Outgoing Policy Setting setting of pro ual Server viding several services by Virt 98 ...

Page 101: ...anager IPSec Autokey The system manager can create a VPN connection using Autokey IKE Autokey IKE Internet Key Exchange provides a standard method to negotiate keys between two security gateways Also set up IPSec Lifetime and Preshared Key of the RS 3000 PPTP Server The System Manager can set up VPN PPTP Server functions in this chapter PPTP Client The System Manager can set up VPN PPTP Client fun...

Page 102: ...phase of the Oakley protocol in establishing a security association using three data packets AH Authentication Header One of the IPSec standards that allows for data integrity of data packets ESP Encapsulating Security Payload One of the IPSec standards that provides for the confidentiality of data packets DES Data Encryption Standard The Data Encryption Standard developed by IBM in 1977 is a 64 b...

Page 103: ...tute ESP Encryption SHA 1 Secure Hash Algorithm 1 A message digest hash algorithm that takes a message less than 264 bits and produces a 160 bit digest MD5 MD5 is a common message digests algorithm that produces a 128 bit message digest from an arbitrary length input developed by Ron Rivest GRE IPSec The device Select GRE IPSec Generic Routing Encapsulation packet seal technology 101 ...

Page 104: ...The VPN name to identify the IPSec Autokey definition The name must be the only one and cannot be repeated Gateway IP The WAN interface IP address of the remote Gateway IPSec Algorithm To display the Algorithm way Configure Click Modify to change the argument of IPSec click Remove to remote the setting Figure14 1 Figure14 1 IPSec Autokey WebUI 102 ...

Page 105: ...ia icon Chart Meaning Not be applied Disconnect Connecting User Name Displays the PPTP Client user s name when connecting to PPTP Server Client IP Displays the PPTP Client s IP address when connecting to PPTP Server Uptime Displays the connection time between PPTP Server and Client Configure Click Modify to modify the PPTP Server Settings or click Remove to remove the setting Figure14 2 Figure14 2...

Page 106: ... Server Server IP or Domain Name Displays the PPTP Server IP addresses or Domain Name when connecting to PPTP Server Encryption Displays PPTP Client and PPTP Server transmission whether opens the encryption authentication mechanism Uptime Displays the connection time between PPTP Server and Client Configure Click Modify to change the argument of PPTP Client click Remove to remote the setting Figur...

Page 107: ...inition The name must be the only one and cannot be repeated Source Subnet Displays the Source Subnet Destination Subnet Displays the Destination Subnet Tunnel Displays the Virtual Private Network s IPSec Autokey PPTP Server PPTP Client settings of Tunnel function Configure Click Modify to change the argument of VPN Tunnel click Remove to remote the setting Figure14 4 Figure14 4 VPN Tunnel Web UI ...

Page 108: ...IP of the RS 3000 192 168 10 1 Follow the steps below STEP 1 Enter the default IP of Gateway of Company A s RS 3000 with 192 168 10 1 and select IPSec Autokey in VPN Click New Entry Figure14 5 Figure14 5 IPSec Autokey WebUI STEP 2 In the list of IPSec Autokey fill in Name with VPN_A Figure14 6 Figure14 6 IPSec Autokey Name Setting STEP 3 Select Remote Gateway Fixed IP or Domain Name In To Destinat...

Page 109: ... You can choose Data Encryption Authentication or Authentication Only to communicate in IPSec Algorithm list ENC Algorithm 3DES DES AES NULL AUTH Algorithm MD5 SHA1 Here we select 3DES for ENC Algorithm and MD5 for AUTH Algorithm to make sure the encapsulation way for data transmission Figure14 10 Figure14 10 IPSec Algorithm Setting STEP 7 Select GROUP1 in Perfect Forward Secrecy enter 3600 second...

Page 110: ... From Source Subnet Mask Enter 192 168 10 0 255 255 255 0 To Destination Select To Destination Subnet Mask To Destination Subnet Mask Enter 192 168 20 0 255 255 255 0 IPSec PPTP Setting Select VPN_A Enter 192 168 20 1 the Default Gateway of Company B as the Keep alive IP Select Show remote Network Neighborhood and Click OK Figure14 14 Figure14 13 New Entry Tunnel Setting 108 ...

Page 111: ...Setting STEP 10 Enter the following setting in Outgoing Policy Figure14 15 Trunk Select IPSec_VPN_Tunnel Click OK Figure14 16 Figure14 15 Setting the VPN Tunnel Outgoing Policy Figure14 16 Complete the VPN Tunnel Outgoing Policy Setting 109 ...

Page 112: ...he following setting in Incoming Policy Figure14 17 Trunk Select IPSec_VPN_Tunnel Click OK Figure14 18 Figure14 17 Setting the VPN Tunnel Incoming Policy Figure14 18 Complete the VPN Tunnel Incoming Policy Setting 110 ...

Page 113: ...PN_B Figure14 20 Figure14 20 IPSec Autokey Name Setting STEP 3 Select Remote Gateway Fixed IP or Domain Name In To Destination list and enter the IP Address Figure14 21 Figure14 21 IPSec To Destination Setting STEP 4 Select Preshare in Authentication Method and enter the Preshared Key max 100 bits Figure14 22 Figure14 22 IPSec Authentication Method Setting STEP 5 Select ISAKMP Algorithm in Encapsu...

Page 114: ... SHA1 Here we select 3DES for ENC Algorithm and MD5 for AUTH Algorithm to make sure the encapsulation way for data transmission Figure14 24 Figure14 24 IPSec Algorithm Setting STEP 7 After selecting GROUP1 in Perfect Forward Secrecy enter 3600 seconds in ISAKMP Lifetime enter 28800 seconds in IPSec Lifetime and selecting Main mode in Mode Figure14 25 Figure14 25 IPSec Perfect Forward Secrecy Setti...

Page 115: ...l Name From Source Select LAN From Source Subnet Mask Enter 192 168 20 0 255 255 255 0 To Destination Select To Destination Subnet Mask To Destination Subnet Mask Enter 192 168 10 0 255 255 255 0 IPSec PPTP Setting Select VPN_B Enter 192 168 10 1 the Default Gateway of Company A as the Keep alive IP Select Show remote Network Neighborhood Click OK Figure14 28 Figure14 27 New Entry Tunnel Setting 1...

Page 116: ...Setting STEP 10 Enter the following setting in Outgoing Policy Figure14 29 Trunk Select IPSec_VPN_Tunnel Click OK Figure14 30 Figure14 29 Setting the VPN Tunnel Outgoing Policy Figure14 30 Complete the VPN Tunnel Outgoing Policy Setting 114 ...

Page 117: ...g in Incoming Policy Figure14 31 Trunk Select IPSec_VPN_Tunnel Click OK Figure14 32 Figure14 31 Setting the VPN Tunnel Incoming Policy Figure14 32 Complete the VPN Tunnel Incoming Policy Setting STEP 12 Complete IPSec VPN Connection 115 ...

Page 118: ...mpany A WAN IP 61 11 11 11 LAN IP 192 168 10 X Company B WAN IP 211 22 22 22 LAN IP 192 168 20 X This example takes two RS 3000s as flattop Suppose Company B 192 168 20 100 is going to have VPN connection with Company A 192 168 10 100 and download the resource 116 ...

Page 119: ...Client IP Range Keep the setting with original ex 192 44 75 1 254 Enter DNS Server or WINS Server IP if necessary Idle Time Enter 0 Figure14 33 Figure14 33 Enable PPTP VPN Server Settings Client IP Range the setting can not be the same as LAN IP subnet or the PPTP function will not be workable Idle Time the setting time that the VPN Connection will auto disconnect under unused situation Unit minut...

Page 120: ...ion in the RS 3000 of Company A Select New Entry Figure14 34 User Name Enter PPTP_Connection Password Enter 123456789 Client IP assigned by Select IP Range Click OK Figure14 35 Figure 14 34 PPTP VPN Server Setting Figure 14 35 Complete PPTP VPN Server Setting 118 ...

Page 121: ...sk Enter 192 168 10 0 255 255 255 0 To Destination Select To Destination Subnet Mask To Destination Subnet Mask Enter 192 168 20 0 255 255 255 0 IPSec PPTP Setting Select PPTP_Server_PPTP_Connection Select Show remote Network Neighborhood Click OK Figure14 37 Figure14 36 New Entry Tunnel Setting Figure14 37 Complete New Entry Tunnel Setting 119 ...

Page 122: ...he following setting in Outgoing Policy Figure14 38 Trunk Select PPTP_VPN_Tunnel Click OK Figure14 39 Figure14 38 Setting the VPN Tunnel Outgoing Policy Figure14 39 Complete the VPN Tunnel Outgoing Policy Setting 120 ...

Page 123: ...he following setting in Incoming Policy Figure14 40 Trunk Select PPTP_VPN_Tunnel Click OK Figure14 41 Figure14 40 Setting the VPN Tunnel Incoming Policy Figure14 41 Complete the VPN Tunnel Incoming Policy Setting 121 ...

Page 124: ...ettings in PPTP Client of VPN function in the RS 3000 of Company B Click New Entry Button Figure14 42 User Name Enter PPTP_Connection Password Enter123456789 Server IP or Domain Name Enter 61 11 11 11 Select Encryption Click OK Figure14 43 Figure 14 42 PPTP VPN Client Setting Figure 14 43 Complete PPTP VPN Client Setting 122 ...

Page 125: ...ask Enter 192 168 20 0 255 255 255 0 To Destination Select To Destination Subnet Mask To Destination Subnet Mask Enter 192 168 10 0 255 255 255 0 IPSec PPTP Setting Select PPTP_Client_PPTP_Connection Select Show remote Network Neighborhood Click OK Figure14 45 Figure14 44 New Entry Tunnel Setting Figure14 45 Complete New Entry Tunnel Setting 123 ...

Page 126: ...he following setting in Outgoing Policy Figure14 46 Trunk Select PPTP_VPN_Tunnel Click OK Figure14 47 Figure14 46 Setting the VPN Tunnel Outgoing Policy Figure14 47 Complete the VPN Tunnel Outgoing Policy Setting 124 ...

Page 127: ...ng in Incoming Policy Figure14 48 Trunk Select PPTP_VPN_Tunnel Click OK Figure14 49 Figure14 48 Setting the VPN Tunnel Incoming Policy Figure14 49 Complete the VPN Tunnel Incoming Policy Setting STEP 5 Complete PPTP VPN Connection 125 ...

Page 128: ...gorized into 1 Outgoing The source IP is in LAN network the destination is in WAN network The system manager can set all the policy rules of Outgoing packets in this function 2 Incoming The source IP is in WAN network the destination is in LAN network For example Mapped IP Virtual Server The system manager can set all the policy rules of Incoming packets in this function 3 WAN to DMZ The source IP...

Page 129: ...ct packets that delivered between LAN network and WAN network when pass through RS 3000 See the chart and illustration below Chart Name Illustration Permit all WAN network Interface Allow the packets that correspond with policy to be transferred by WAN1 2 Port Permit WAN1 Allow the packets that correspond with policy to be transferred by WAN1 Port Permit WAN2 Allow the packets that correspond with...

Page 130: ...Blocking Enable Content Blocking IM P2P Blocking Enable IM P2P Blocking QoS Enable QoS Schedule Setting the policy to automatically execute the function in a certain time Authentication User The user have to pass the authentication to connect by Policy Trunk Select the specific VPN setting to allow the packets passing through Traffic Log Record all the packets that go through policy Statistics Cha...

Page 131: ...Concurrent Sessions Per IP Set the concurrent sessions that permitted by policy And if the IP sessions exceed the setting value the surplus connection cannot be set successfully MAX Concurrent Sessions Set the concurrent sessions that permitted by policy And if the whole Policy sessions exceed the setting value the surplus connection cannot be set successfully Move Every packet that passes the RS ...

Page 132: ... New Entry Select Traffic Log Select Statistics Click OK Figure15 1 Figure15 1 Setting the different Policies STEP 2 Complete the setting of Logging Statistics and Alarm Threshold in Outgoing Policy Figure15 2 Figure15 2 Complete Policy Setting STEP 3 Obtain the information in Traffic of Log function if you want to monitor all the packets of the RS 3000 Figure15 3 130 ...

Page 133: ...Figure15 3 Traffic Log Monitor WebUI 131 ...

Page 134: ...STEP 4 To display the traffic record that through Policy to access to Internet in Policy Statistics of Statistics function Figure15 4 Figure15 4 Statistics WebUI 132 ...

Page 135: ...ocking for example STEP 1 Enter the following setting in URL Blocking Script Blocking and Download Blocking in Content Blocking function and IM P2P Blocking Function Figure15 5 15 6 15 7 15 8 Figure15 5 URL Blocking Setting Figure15 6 Script Blocking Setting Figure15 7 Download Blocking Setting 133 ...

Page 136: ...o Script file of Website Java Cookies etc Download Blocking can restrict the Internal Users to access to video audio and some specific sub name file by http protocol directly IM P2P Blocking can restrict the Internal Users to send message files audio and video by instant messaging Ex MSN Yahoo Messenger QQ ICQ and Skype and to access to the file on Internet by P2P eDonkey BT 134 ...

Page 137: ...d WAN Group of Address function Figure15 9 15 10 Figure15 9 Setting the WAN IP that going to block Figure15 10 WAN Address Group The Administrator can group the custom address in Address It is more convenient when setting policy rule 135 ...

Page 138: ...Select to enable IM P2P Blocking Click OK Figure15 11 Figure15 11 Setting Blocking Policy STEP 4 Complete the setting of forbidding the users to access to specific network Figure15 12 Figure15 12 Complete Policy Setting Deny in Policy can block the packets that correspond to the policy rule The System Administrator can put the policy rule in the front to prevent the user connecting with specific I...

Page 139: ...in Schedule function Figure15 13 Figure15 13 Add New Schedule STEP 2 Enter the following in Auth User and Auth User Group in Authentication function Figure15 14 Figure15 14 Setting Auth User Group The Administrator can use group function the Authentication and Service It is more convenient when setting policy 137 ...

Page 140: ...t laboratory Schedule Select Working_Time Click OK Figure15 15 Figure15 15 Setting a Policy of Authentication and Schedule STEP 4 Complete the policy rule of only allows the users who pass authentication to access to Internet in particular time Figure15 16 Figure15 16 Complete Policy Setting 138 ...

Page 141: ... Server1 of Virtual Server function Figure15 17 Figure15 17 Setting Virtual Server STEP 3 Enter the following in Incoming Policy Click New Entry Destination Address Select Virtual Server1 61 11 11 12 Service Select PC Anywhere 5631 5632 Click OK Figure15 18 Figure15 18 Setting the External User Control the Internal PC Policy STEP 4 Complete the policy for the external user to control the internal ...

Page 142: ...Figure15 19 Complete Policy Setting 140 ...

Page 143: ... 192 168 3 1 24 STEP 2 Enter the following setting in Virtual Server1 of Virtual Server function Figure15 20 Figure15 20 Setting up Virtual Server Corresponds to FTP Server When using the function of Incoming or WAN to DMZ in Policy strong suggests that cannot select ANY in Service It may be attacked by Hacker easily STEP 3 Enter the following in QoS Figure15 21 Figure15 21 QoS Setting 141 ...

Page 144: ...2 Service Select FTP 21 QoS Select FTP_QoS MAX Concurrent Sessions Enter 100 Click OK Figure15 22 Figure15 22 Add New Policy STEP 5 Complete the policy of restricting the external users to access to internal network server which may occupy the resource of network Figure15 23 Figure15 23 Complete the Policy Setting 142 ...

Page 145: ... and set its network card s IP Address as 61 11 11 12 The DNS setting is external DNS Server STEP 2 Add the following setting in DMZ of Address function Figure15 24 Figure15 24 Specify Mail Server s IP STEP 3 Add the following setting in Group of Service function Figure15 25 Figure15 25 Setting up a Service Group that has POP3 SMTP and DNS 143 ...

Page 146: ... Address Select Mail_Server Service Select E mail Click OK Figure15 26 Figure15 26 Setting a Policy to access Mail Service by WAN to DMZ STEP 5 Complete the policy to access mail service by WAN to DMZ Figure15 27 Figure15 27 Complete the Policy to access Mail Service by WAN to DMZ 144 ...

Page 147: ...Address Select Mail_Server Service Select E mail Click OK Figure15 28 Figure15 28 Setting a Policy to access Mail Service by LAN to DMZ STEP 7 Complete the policy to access mail service by LAN to DMZ Figure15 29 Figure15 29 Complete the Policy to access Mail Service by LAN to DMZ 145 ...

Page 148: ...Address Select Mail_Server Service Select E mail Click OK Figure15 30 Figure15 30 Setting the Policy of Mail Service by DMZ to WAN STEP 9 Complete the policy access to mail service by DMZ to WAN Figure15 31 Figure15 31 Complete the Policy access to Mail Service by DMZ to WAN 146 ...

Page 149: ...ti Virus functions of RS 3000 then to setup the relevant setting in Mail Relay function Define the required fields of Setting Scanned Mail Setting It can setup to deal with the size of mail in order to judge if to scan the mail or not Unscanned Mail Setting According to the unscanned mail it can add an unscanned message in the mail subject For example add the following setting in this function 1 T...

Page 150: ... When receive unscanned mail it will add the tag in front of the e mail subject Figure16 2 Figure16 2 The Unscanned Mail Subject WebUI 148 ...

Page 151: ...ing Mail Relay setting STEP 1 Add the following setting in Mail Relay function of Configure Select Domain Name of Internal Mail Server Domain Name of Mail Server Enter the Domain Name IP Address of Mail Server Enter the IP address that Mail Server s domain name mapped to Mail Relay setting is complete The mails from external and its destination mail server have to be in the domain name setting tha...

Page 152: ...ent account in external mail server have to add the following mail relay setting STEP 1 Add the first setting in Mail Relay function of Configure Select Domain Name of Internal Mail Server Domain Name of Mail Server Enter the Domain Name IP Address of Mail Server Enter the IP address that Mail Server s domain name mapped to Figure16 4 Figure16 4 The First Mail Relay Setting WebUI STEP 2 Add the se...

Page 153: ...ent account by mail server s sender account of broadband com tw add the following Mail Relay setting STEP 1 Add the first setting in Mail Relay function of Configure Select Domain Name of Internal Mail Server Domain Name of Mail Server Enter the Domain Name IP Address of Mail Server Enter the IP address that Mail Server s domain name mapped to Figure16 6 Figure16 6 The First Mail Relay Setting Web...

Page 154: ...iciency of the employees and will not lose the important information of enterprise In this chapter we will have the detailed illustration about Anti Spam 17 1 Setting Define the required fields of Setting Spam Setting It can choose the inspection way of the mails where the mail server is placed in Internal LAN or DMZ or External WAN It can inspect all of the mails that are sent to the enterprise A...

Page 155: ...elevant settings in Mail Relay function of Configure add the following settings in this function 1 The Mail Server is placed in Internal LAN or DMZ 2 The threshold score Enter 5 3 Add the message to the subject line Enter spam 4 Select Add score tag to the subject line 5 Select Deliver to the recipient 6 Click OK Figure17 1 Figure17 1 Anti Spam Setting WebUI 153 ...

Page 156: ... When receive Spam mail it will add score tag and message in front of the subject of the E mail Figure17 2 Figure17 2 the subject of the mail that considered as spam mail WebUI 154 ...

Page 157: ... When receive Ham mail it will only add score tag in front of the e mail s subject Figure17 3 Figure17 3 the subject of the mail that considered as Spam mail WebUI 155 ...

Page 158: ...pam that will enable this function Because only spam mail needs to be handled You can choose to Delete mail Deliver to the recipient or Forward to another mail account Auto Training When Classification is set as Spam and enable this function and then the mails that correspond to this rule will be trained to identify as spam mail according to the setting time in Training function When Classificatio...

Page 159: ...tem is set as Size the available conditions are More Than Is Equal To Is Not Equal To and Less Than Pattern Enter the relevant value in Item and Condition field For example From Item and use Contains Condition and enter josh as a characteristics Afterward when the sender and receiver s mail account has josh inside and then it will be considered as spam mail or ham mail 157 ...

Page 160: ...s that can send to the recipient without being restricted Direction From To judge the sending address of the mail To To judge the receiving address of the mail 17 4 Blacklist Define the required fields of Blacklist Blacklist To determine the mail comes from specific mail address that cannot be sent to the recipient 158 ...

Page 161: ...as spam mail here To raise the judgment rate of ham mail after the RS 3000 learning the file Training time The System Manager can set the training time for RS 3000 to learn the import file each day here 17 6 Spam Mail Define the required fields of Spam Mail Top Total Spam To show the top chart that represent the spam mail that recipient receive and send In Top Total Spam report you can choose to d...

Page 162: ... If there is a mapped MX record and then the e mail will be delivered to the MX Master first and then be delivered to the destination yahoo com tw by MX Master means the Master of yahoo co tw If it maps to several MX records and then the e mail will be deliver to the first priority Master And if there is no MX record the e mail will deliver to your mail master only after searching for mapped IP An...

Page 163: ...e user sending or receiving mails they are both completed by MTA Basically its functions are as below 1 To receive the mail that sent by external master when receiving the mails from external only if the recipient exists in MTA internal account then this mail will be received by MTA 2 To send mail for user Only if the user has the authority to use MTA and then the mail can be sent by MTA 3 To let ...

Page 164: ...the mail again if the recipient of the mail is not the internal account then the mail will be transferred again This function is called Relay Remote MTA receive the mail that sent by local MTA Remote MTA will receive the mail that sent by local MTA and transfer the mail to its MDA Meanwhile the mail will be saved in remote MTA and applied for the user to download And the action of user to receive ...

Page 165: ...open up Relay function according to Localhost Therefore MTA can receive the mail that indicative of the recipient is the internal account of MTA mail server So there is no problem in receiving the mail However it causes some problems because MTA only setup some standard IP and Subnet to open their Relay function So in the range of this setting the Client can send receive mail very free As for the ...

Page 166: ... 12 and the DNS setting is DNS server STEP 2 In LAN of Address function add the following settings Figure17 4 Figure17 4 Mapped IP of Internal User s PC in Address Book STEP 3 Add the following setting in Group of Service Figure17 5 Figure14 5 Service Group that includes POP3 SMTP or DNS STEP 4 Add the following setting in Outgoing Policy Figure17 6 Figure17 6 Outgoing Policy Setting 164 ...

Page 167: ...STEP 5 Add the following setting in Setting of Anti Spam function Figure17 7 Figure17 7 Action of Spam Mail and Spam Setting 165 ...

Page 168: ...received from external mail server Figure17 8 Figure17 8 Default Value of Spam Setting When only filter the mail that internal users received from external server 1 In Action of Spam Mail no matter choose Delete mail Deliver to the recipient or Forward to it will add the message on the subject line of spam mail and send it to the recipient 2 Also can use Rule Whitelist Blacklist or Training functi...

Page 169: ...ail at the same time and the chart will be in the Spam Mail in Anti Spam function At this time choose External to see the mail account chart Figure17 9 Figure17 9 Report Function Chart To setup the relevant settings in Mail Relay function of Configure so that can choose to display the scanned mails that sent to Internal Mail Server 167 ...

Page 170: ...NS server and the Master name is broadband com tw STEP 2 Enter the following setting in DMZ of Address function Figure17 10 Figure17 10 Mapped Name Setting in Address of Mail Server STEP 3 Enter the following setting in Group in Service function Figure17 11 Figure17 11 Setting Service Group that include POP3 SMTP or DNS STEP 4 Enter the following setting in WAN to DMZ Policy Figure17 12 Figure17 1...

Page 171: ...Policy Setting STEP 6 Enter the following setting in Mail Relay function of Setting Figure17 14 Figure17 14 Mail Relay Setting of External Mail to Internal Mail Server Mail Relay function makes the mails that sent to DMZ s mail server could be relayed to its mapped mail server by RS 3000 169 ...

Page 172: ...mail in Action of Spam Mail and then the other functions Deliver to the recipient or Forward to cannot be selected So when RS 3000 had scanned spam mail it will delete it directly But still can check the relevant chart in Spam Mail function Action of Spam Mail here is according to the filter standard of Blacklist to take action about spam mail 170 ...

Page 173: ...2k01 yahoo com tw Direction Select From Enable Auto Training Click OK Figure17 16 Enter New Entry again Whitelist Enter josh broadband com tw Direction Select To Enable Auto Training Click OK Figure17 17 Complete setting Figure17 18 Figure17 16 Add Whitelist Setting 1 Figure17 17 Add Whitelist Setting 2 171 ...

Page 174: ...7 18 Complete Whitelist Setting When enable Auto Training function the mail that correspond to Whitelist setting will be trained as Ham Mail automatically according to the time setting in Training function 172 ...

Page 175: ...l that correspond to Blacklist setting will be trained as Spam Mail automatically according to the time setting in Training function The address of Whitelist and Blacklist can be set as complete mail address For example josh broadband com tw or the word string that make up of For example yahoo means the e mail account that includes yahoo inside The privilege of Whitelist is greater than Blacklist ...

Page 176: ...yahoo sender account share2k003 yahoo com tw and then there will only be josh broadband com tw can receive the mail that sent from this sender account the mail that sent to steve broadband com tw will be considered as spam mail After RS 3000 had filtered the mail above it will bring the chart as follows in the Spam Mail function of Anti Spam Figure17 21 Figure17 21 Chart of Report Function When cl...

Page 177: ...S 3000 172 16 1 12 STEP 1 Setup a Mail Server in DMZ and its network card IP is 172 16 1 13 The DNS setting is external DNS Server Its host name is broadband com tw STEP 2 Enter the following setting in DMZ Address Figure17 22 Figure17 22 Mapped IP Setting of Mail Server in Address Book STEP 3 Enter the following setting in Service Group Figure17 23 Figure17 23 Setting Service Group includes POP3 ...

Page 178: ... WAN to DMZ Policy Setting STEP 5 Enter the following setting in DMZ to WAN Policy Figure17 25 Figure17 25 DMZ to WAN Policy Setting STEP 6 Add the following setting in Mail Relay in Configure Figure17 26 Figure17 26 Mail Relay Setting of External Mail to Internal Mail Server 176 ...

Page 179: ...Select From Condition Select Contains Pattern share2k01 Click Next Row In the second Item field Select To Condition Select Contains Pattern josh Figure17 27 Press OK Figure17 28 Figure17 27 The First Rule Item Setting Figure17 28 Complete First Rule Setting In Rule Setting when Classification select as Ham Non Spam the Action function is disabled Because the mail that considered as Ham mail will s...

Page 180: ... Action Select Deliver to the recipient Enable Auto Training Item Select From Condition Select Contains Pattern yahoo Figure17 29 Press OK Figure17 30 Figure17 29 The Second Rule Setting Figure17 30 Complete the Second Rule Setting In Rule Setting when the Classification select as Spam then the Action only can select Delete the spam mail Forward to or Deliver to the recipient 178 ...

Page 181: ... When the external yahoo mail account send mail to the recipient account of mail server of broadband com tw in RS 3000 josh broadband com tw and steve broadband com tw If the sender account is share2k01 yahoo com tw then these two recipient accounts both will receive the mail that sent by this sender account If it comes from other yahoo sender account share2k003 yahoo com tw and then there will on...

Page 182: ... spam mail that had not detected as spam mail be considered as spam mail after training STEP 1 Create a new folder SpamMail in Outlook Express Press the right key of the mouse and select New Folder Figure17 32 In Create Folder WebUI and enter the Folder s Name as SpamMail and then click on OK Figure17 33 Figure17 32 Select New Folder Function WebUI 180 ...

Page 183: ...Figure17 33 Create Folder WebUI 181 ...

Page 184: ...SpamMail Folder In Inbox select all of the spam mails that do not judge correctly and press the right key of the mouse and move to the folder Figure17 34 In Move WebUI select SpamMail Folder and click OK Figure17 35 Figure17 34 Move Spam Mail WebUI 182 ...

Page 185: ...Figure17 35 Select Folder for Spam Mail to move to 183 ...

Page 186: ...amMail Folder in Outlook Express to shorten the data and upload to RS 3000 for training Select SpamMail Folder Figure17 36 Select Compact function in selection of the folder Figure17 37 Figure17 36 Select SpamMail Folder 184 ...

Page 187: ...Figure17 37 Compact SpamMail Folder 185 ...

Page 188: ... to convenient to upload the training to RS 3000 Press the right key of the mouse in SpamMail file and select Properties function Figure17 38 Copy the file address in SpamMail Properties WebUI Figure17 39 Figure17 38 Select SpamMail File Properties Function 186 ...

Page 189: ...Figure17 39 Copy the File Address that SpamMail File Store 187 ...

Page 190: ...s spam mail in the appointed time Figure17 40 Figure17 40 Paste the File Address that SpamMail File Save to make RS 3000 to be Trained The training file that uploads to RS 3000 can be any data file and not restricted in its sub name but the file must be ACS11 form When the training file of RS 3000 is Microsoft Office Outlook exporting file pst it has to close Microsoft Office Outlook first to star...

Page 191: ...pload to RS 3000 to training directly next time Select all of the mails in SpamMail File and press the right key of the mouse to select Delete function Figure17 41 Make sure that all of the mails in SpamMail file had been deleted completely Figure17 42 Figure17 41 Delete all of the mails in SpamMail File 189 ...

Page 192: ...Figure17 42 Confirm that All of the Mail in SpamMail File had been Deleted 190 ...

Page 193: ...er training STEP 1 Add a new HamMail folder in Outlook Express Press the right key of the mouse in Local Folders and select New Folder Figure17 43 Enter HamMail in Folder Name in Create Folder WebUI and click OK Figure17 44 Figure17 43 Select Create New Folder Function WebUI 191 ...

Page 194: ...Figure17 44 Create Folder Function WebUI 192 ...

Page 195: ...In Inbox select the spam mail that all of the recipients need and press the right key of the mouse on the mail and choose Move to Folder function Figure17 45 Select HamMail folder in Move WebUI and click OK Figure17 46 Figure17 45 Move the Needed Spam Mail WebUI 193 ...

Page 196: ...Figure17 46 Select the Folder for Needed Spam Mail to Move to 194 ...

Page 197: ...the HamMail folder in Outlook Express to shorten the data and upload to RS 3000 for training Select HamMail File Figure17 47 Select Compact function in selection of File Figure17 48 Figure17 47 Select HamMail File 195 ...

Page 198: ...Figure17 48 Compact HamMail File 196 ...

Page 199: ...ss to convenient to upload the training to RS 3000 Press the right key of the mouse in HamMail file and select Properties function Figure17 49 Copy the file address in HamMail Properties WebUI Figure17 50 Figure17 49 Select Properties of HamMail File WebUI 197 ...

Page 200: ...Figure17 50 Copy the File Address that HamMail File Store 198 ...

Page 201: ...g field in Training function of Anti Spam And press OK to transfer this file to the RS 3000 instantly and to learn the uploaded mail file as ham mail in the appointed time Figure17 51 Figure17 51 Paste the File Address that HamMail File Save to make RS 3000 to be trained 199 ...

Page 202: ...ressed and upload to RS 3000 to training directly next time Select all of the mails in HamMail and press the right key of the mouse to select Delete function Figure17 52 Make sure that all of the mails in HamMail file had been deleted completely Figure17 52 Delete All of Mails in HamMail File 200 ...

Page 203: ...llustration about Anti Virus Define the required fields of Setting Anti Virus Settings It can detect the virus according to the mails that sent to internal mail server or receive from external mail server It will add warning message in front of the subject of the mail that had been detected have virus If after scanning and do not discover virus then it will not add any message in the subject field...

Page 204: ...e relevant settings in Mail Relay function of Configure add the following settings in this function 1 Virus Scanner Select Clam 2 The Mail Server is placed in Internal LAN or DMZ 3 Add the message to the subject line virus 4 Select Remove virus mail and the attached file 5 Select Deliver to the recipient 6 Click OK Figure18 1 Figure18 1 Anti Virus Settings WebUI 202 ...

Page 205: ... the message virus in the subject line of infected mail Figure18 2 Figure18 2 The Subject of Infected Mail WebUI When select Disable in Virus Scanner it will stop the virus detection function to e mail 203 ...

Page 206: ...us mail that the recipient receives and the sender sent In Top Total Virus Report it can choose to display the scanned mail that sent to Internal Mail Server or received from External Mail Server In Top Total Virus it can sort the mail according to Recipient and Sender Total Virus and Scanned Mail 204 ...

Page 207: ...68 139 12 and the DNS setting is DNS server STEP 2 In LAN of Address function add the following settings Figure18 3 Figure18 3 Mapped IP of Internal User s PC in Address Book STEP 3 Add the following setting in Group of Service Figure18 4 Figure18 4 Service Group that includes POP3 SMTP or DNS STEP 4 Add the following setting in Outgoing Policy Figure18 5 Figure18 5 Outgoing Policy Setting 205 ...

Page 208: ...rus Select Deliver a notification mail instead of the original virus mail Figure18 6 Action of Infected Mail and Anti Virus Settings Anti Virus function is enabled in default status So the System Manager does not need to set up the additional setting and then the RS 3000 will scan the mails automatically which sent to the internal mail server or received from external mail server 206 ...

Page 209: ...il at the same time and the chart will be in the Virus Mail in Anti Virus function At this time choose External to see the mail account chart Figure18 7 Figure18 7 Report Function Chart To setup the relevant settings in Mail Relay function of Configure so that can choose to display the scanned mail that sent to Internal Mail Server 207 ...

Page 210: ...ing is external DNS server and the Master name is broadband com tw STEP 2 Enter the following setting in LAN of Address function Figure18 8 Figure18 8 Mapped IP Setting in Address of Mail Server STEP 3 Enter the following setting in Group in Service function Figure18 9 Figure18 9 Setting Service Group that include POP3 SMTP or DNS STEP 4 Enter the following setting in Server1 in Virtual Server fun...

Page 211: ...utgoing Policy Figure18 12 Figure18 12 Outgoing Policy Setting STEP 7 Enter the following setting in Mail Relay function of Configure Figure18 13 Figure18 13 Mail Relay Setting of External Mail to Internal Mail Server Mail Relay function makes the mails that sent to LAN s mail server could be relayed to its mapped mail server by RS 3000 209 ...

Page 212: ...ected Mail Select Deliver to the recipient Figure18 14 Figure18 14 Infected Mail Definition and Action of Infected Mail When select Delete mail in Action of Infected Mail and then the other functions Deliver to the recipient or Forward to cannot be selected So when RS 3000 had scanned mail that have virus it will delete it directly But still can check the relevant chart in Virus Mail function 210 ...

Page 213: ...the attached file If it comes from other yahoo sender account share2k003 yahoo com tw which attached file is safe includes no virus After RS 3000 had scanned the mails above it will bring the chart as follows in the Virus Mail function of Anti Virus Figure18 15 Figure18 15 Report Chart When clicking on Remove button in Total Virus Mail the record of the chart will be deleted and the record cannot ...

Page 214: ...ects any internal or external attacks to enhance the enterprises network stability 19 1 Setting The RS 3000 can update signature definitions every 30 minutes or the MIS engineer can select to use manual update It also shows the latest update time and version The MIS engineer can enable anti virus to the compact or non encryption files Virus engine The default setting is free to use Clam engine The...

Page 215: ...IDP Configure Setting to add the following settings 1 Select Enable Anti Virus 2 High Risk Select Drop and Log 3 Medium Risk Select Drop and Log 4 Low Risk Select Pass and Log 5 Click OK Figure19 1 6 Select enable IDP in Policy Figure19 1 The IDP setting When the RS 3000 detected the attack types corresponded to the signature then it will save the Log results in IDP IDP Report 213 ...

Page 216: ...original Anomaly and Pre defined detection according to the user demand Anomaly It includes the syn flood udp flood icmp flood syn fin tcp no flag fin no ack tcp land larg icmp ip record route ip strict src record route ip loose src record route invalid url winnuke bad ip protocol portscan and http inspect such Anomaly detection signatures Figure 19 2 User can enable the anomaly packets signature ...

Page 217: ...Risk Action and Log Figure19 3 The Pre defined setting Custom Except Anomaly and Pre defined settings the RS 3000 also provides a feature to allow user modifying the custom signature in order to block the specific intruder system Name The MIS engineer can define the signature name Protocol The detection and prevention protocol setting includes TCP UDP ICMP and IP Source Port To set the attack PC p...

Page 218: ...fined settings in order to detect and prevent the intrusion STEP 1 In Configure Setting add the following settings Figure 19 4 Figure19 4 The IDP configure setting STEP 2 In Signature Anomaly add the following settings Figure 19 5 Figure19 5 The Anomaly setting 216 ...

Page 219: ... enter Software_Crack_Website Protocol select TCP Source Port enter 0 65535 Destination Port enter 80 80 Risk select High Action select Drop and Log Content enter cracks Click OK to complete the setting Figure 19 7 Figure19 6 The custom setting Figure19 7 Complete the custom setting 217 ...

Page 220: ...STEP 4 In Policy Outgoing add the new policy and enable IDP Figure 19 8 19 9 Figure19 8 The IDP setting in Policy Figure19 9 Complete the IDP setting in Policy 218 ...

Page 221: ...nd log so the enterprises can easily know the whole network status STEP 1 In IDP Report Log it shows the IDP status in RS 3000 Figure19 9 The IDP log The icon description in Log 1 Action Icon Description Pass Drop 2 Risk Icon Description High Risk Medium Risk Low Risk 219 ...

Page 222: ...urce IP has exceeded the limitation of anomaly flow sessions per source IP RS 3000 will take this kind of IP to be anomaly flow IP and make some actions For example block the anomaly flow IP or send the notification Anomaly Flow IP Blocking RS 3000 can block the sessions of virus infected IP Notification RS 3000 can notice the user and system administrator by e mail or NetBIOS notification as any ...

Page 223: ...Notification Select Enable NetBIOS Alert Notification IP Address of Administrator Enter 192 168 1 10 Click OK Anomaly Flow IP Setting is completed Figure20 1 Figure20 1 Anomaly Flow IP Setting After complete the Internal Alert Settings if the device had detected the internal computer sending large DDoS attack packets and then the alarm message will appear in the Virus infected IP or send NetBIOS A...

Page 224: ...nistrator such as the time of change settings that change the IP address used to log in etc Connection Log records all of the connections of RS 3000 When the connection occurs some problem the Administrator can trace back the problem from the information Application Blocking Log records the contents of Application Blocking result when RS 3000 is configured to block Application connections Content ...

Page 225: ...ternet or Intranet by RS 3000 STEP 1 Add new policy in DMZ to WAN of Policy and select Enable Logging Figure21 1 Figure21 1 Logging Policy Setting STEP 2 Complete the Logging Setting in DMZ to WAN Policy Figrue21 2 Figure21 2 Complete the Logging Setting of DMZ to WAN 223 ...

Page 226: ...STEP 3 Click Traffic Log It will show up the packets records that pass this policy Figure21 3 Figure21 3 Traffic Log WebUI 224 ...

Page 227: ... Click on a specific IP of Source IP or Destination IP in Figure20 3 it will prompt out a WebUI about Protocol and Port of the IP Figure21 4 Figure21 4 The WebUI of detecting the Traffic Log by IP Address 225 ...

Page 228: ...STEP 5 Click on Download Logs RS 3000 will pop up a notepad file with the log recorded User can choose the place to save in PC instantly Figure21 5 Figure21 5 Download Traffic Log Records WebUI 226 ...

Page 229: ... Click Event log of LOG The management event records of the administrator will show up Figure21 6 Figure21 6 Event Log WebUI STEP 2 Click on Download Logs RS 3000 will pop up a notepad file with the log recorded User can choose the place to save in PC instantly Figure21 7 Figure21 7 Download Event Log Records WebUI 227 ...

Page 230: ...To Detect Event Description of WAN Connection STEP 1 Click Connection in LOG It can show up WAN Connection records of the RS 3000 Figure21 8 Figure21 8 Connection records WebUI 228 ...

Page 231: ...og recorded User can choose the place to save in PC instantly Figure21 9 Figure21 9 Download Connection Log Records WebUI If the content of notepad file is not in order user can read the file with WordPad or MS Word Excel program the logs will be displayed with good order 229 ...

Page 232: ...e21 10 Figure21 10 E mail Setting WebUI STEP 2 Enter Log Backup in Log select Enable Log Mail Support and click OK Figure21 11 Figure21 11 Log Mail Configuration WebUI After Enable Log Mail Support every time when LOG is up to 300Kbytes and it will accumulate the log records instantly And the device will e mail to the Administrator and clear logs automatically 230 ...

Page 233: ... settings in Syslog Settings Select Enable Syslog Messages Enter the IP in Syslog Host IP Address that can receive Syslog Enter the receive port in Syslog Host Port Click OK Complete the setting Figure21 12 Figure21 12 Syslog Messages Setting WebUI 231 ...

Page 234: ...eport Setting By accounting report function can record the sending information about Intranet and the external PC via RS 3000 Accounting Report can be divided into two parts Outbound Accounting Report and Inbound Accounting Report Outbound Accounting Report It is the statistics of the downstream and upstream of the LAN WAN and all kinds of communication network services Source IP The IP address us...

Page 235: ...report will be shown if Internet user connects to LAN Service Server via RS 3000 Source IP The IP address used by WAN users who use RS 3000 Destination IP The IP address used by LAN service server who use RS 3000 Service The communication service which listed in the menu when WAN users use RS 3000 to connect to LAN Service server 233 ...

Page 236: ...ess WAN service server via RS 3000 Downstream The percentage of downstream and the value of each WAN service server which passes through RS 3000 to LAN user Upstream The percentage of upstream and the value of each LAN user who passes through RS 3000 to WAN service server First Packet When the first packet is sent to WAN service server from LAN user the sent time will be recorded by the RS 3000 La...

Page 237: ...The percentage of downstream and the value of each WAN service server which passes through RS 3000 to LAN user Upstream The percentage of upstream and the value of each LAN user who passes through RS 3000 to WAN service server First Packet When the first packet is sent from WAN service server to LAN users the sent time will be recorded by the RS 3000 Last Packet When the last packet from LAN user ...

Page 238: ... server Downstream The percentage of downstream and the value of each WAN service server who passes through RS 3000 and connects to LAN user Upstream The percentage of upstream and the value of each LAN user who passes through RS 3000 to WAN service server First Packet When the first packet is sent to the WAN Service Server the sent time will be recorded by the RS 3000 Last Packet When the last pa...

Page 239: ...Figure22 4 Outbound Services Statistics Report Figure22 5 The Pizza chart of Accounting report published base on Service 237 ...

Page 240: ...to List Table of Accounting Report window Accounting Report function will occupy lots of hardware resource so users must take care to choose the necessary items in order to avoid slowing down the total performance 238 ...

Page 241: ... of Downstream and the value of each WAN user which passes through RS 3000 to LAN service server Upstream The percentage of Upstream and the value of each LAN service server which passes through RS 3000 to WAN users First Packet When the first packet is sent from WAN users to LAN service server the sent time will be recorded by the RS 3000 Last Packet When the last packet is sent from LAN service ...

Page 242: ...rough RS 3000 to LAN service server Upstream The percentage of Upstream and the value of each LAN service server who passes through RS 3000 to WAN users First Packet When the first packet is sent from WAN users to LAN service server the sent time will be recorded by the RS 3000 Last Packet When the last packet is sent from LAN service server to WAN users the sent time will be recorded by the RS 30...

Page 243: ...nstream and the value of each WAN user who uses RS 3000 to LAN service server Upstream The percentage of upstream and the value of each LAN service server who uses RS 3000 to WAN user First Packet When the first packet is sent to the LAN Service Server the sent time will be recorded by the RS 3000 Last Packet When the last packet is sent from the LAN Service Server the sent time will be recorded b...

Page 244: ...of Inbound Accounting report published base on Service Accounting Report function will occupy lots of hardware resource so users must take care to choose the necessary items in order to avoid slowing down the total performance 242 ...

Page 245: ... network loads Define the required fields of Statistics Statistics Chart Y Coordinate Network Traffic Kbytes Sec X Coordinate Time Hour Minute Source IP Destination IP Service and Action These fields record the original data of Policy From the information above the Administrator can know which Policy is the Policy Statistics belonged to Time To detect the statistics by minutes hours days months or...

Page 246: ...l function of WAN Interface When enable WAN Interface it will enable WAN Statistics too STEP 2 In the Statistics window find the network you want to check and click Minute on the right side and then you will be able to check the Statistics figure every minute click Hour to check the Statistics figure every hour click Day to check the Statistics figure every day click Week to check the Statistics f...

Page 247: ...STEP 3 Statistics Chart Figure23 2 Y Coordinate Network Traffic Kbytes Sec X Coordinate Time Hour Minute Figure23 2 To Detect WAN Statistics 245 ...

Page 248: ... the Statistics in Policy first STEP 2 In the Statistics WebUI find the network you want to check and click Minute on the right side and then you will be able to check the Statistics chart every minute click Hour to check the Statistics chart every hour click Day to check the Statistics chart every day click Week to check the Statistics figure every week click Month to check the Statistics figure ...

Page 249: ...STEP 3 Statistics Chart Figure23 4 Y Coordinate Network Traffic Kbytes Sec X Coordinate Time Hour Minute Day Figure23 4 To Detect Policy Statistics 247 ...

Page 250: ... ping specific IP address and confirm RS 3000 WAN connecting status Figure24 1 Type in available Internet IP address or domain name Choose the Ping Packets size 32 Bytes by default Type in the Count value the default setting is 4 Type in the Wait Time the default setting is 1 second Choose the source interface to send out the Ping packets Press OK to ping the IP address or domain name Figure24 2 F...

Page 251: ...Interface is selected VPN it must be typed in with RS 3000 LAN IP address and type in remote VPN site of LAN IP address in Destination IP Domain name Figure 24 3 Figure 24 3 Ping configuration via VPN 249 ...

Page 252: ...in available Internet IP address or domain name Choose the Ping Packets size 40 Bytes by default Type in the Max Time to Live value 30 Hops by default Type in the Wait Time the default setting is 2 seconds Choose the source interface to send out the Ping packets Press OK to ping the IP address or domain name Figure24 5 Figure 24 4 Traceroute Diagnostic Figure 24 5 Traceroute result 250 ...

Page 253: ... to transfer within Internet but user can login RS 3000 remotely and enable Wake on Lan function to boot up the LAN computer To configure Wake on Lan function in RS 3000 STEP 1 Select Setting in Wake on Lan and enter MAC Address to specify the computer who needs to be booted up remotely User can press Assist to obtain the MAC Address from the table list Figure25 1 Figure 25 1 Wake on Lan Setting S...

Page 254: ... IP WAN IP Subnet Netmask Default Gateway DNS Server Connection and its IP etc Interface Display all of the current Interface status of the RS 3000 Authentication The Authentication information of RS 3000 ARP Table Record all the ARP that connect to the RS 3000 DHCP Clients Display the table of DHCP clients that are connected to the RS 3000 252 ...

Page 255: ... to WAN traffic Upstream Alloca The distribution percentage of Upstream according to WAN traffic PPPoE Con Time The last time of the RS 3000 to be enabled MAC Address The MAC Address of the Interface IP Address Netmask The IP Address and its Netmask of the Interface Default Gateway To display the Gateway of WAN DNS1 2 The DNS1 2 Server Address provided by ISP Rx Tx Pkts Error Pkts To display the r...

Page 256: ...it will display the record of login status Figure 26 2 IP Address The authentication user IP Auth User Name The account of the auth user to login Login Time The login time of the user Year Month Day Hour Minute Second Figur ebUI e 26 2 Authentication Status W 254 ...

Page 257: ...nd the Interface information which is connecting to the RS 3000 Figure26 3 Anti ARP virus software Works to rewrite LAN ARP table as default IP Address The IP Address of the network MAC Address The identified number of the network card Interface The Interface of the computer Figure 26 3 ARP Table WebUI 255 ...

Page 258: ...CP Clients that are connected to the RS 3000 Figure26 4 IP Address The dynamic IP that provided by DHCP Server MAC Address The IP that corresponds to the dynamic IP Leased Time The valid time of the dynamic IP Start End Year Month Day Hour Minute Second Figure 26 4 DHCP Clients WebUI 256 ...

Page 259: ...hernet UTP port 1 10 100 DMZ port Modify the MAC address Dimensions W x D x H cm 44x23 7x4 3 Size Rack Mount Weight Kgs 2 75 Power 100 250 VAC 80W Performance WAN LAN Zone 1 Zone 2 Port 1 Port 2 100 Mbps DES Encryption 18 Mbps VPN 3DES Encryption 16 Mbps HTTP 12Mbps Anti Virus FTP 20Mbps Throughput IDP 10 Mbps Max Concurrent Sessions 110 000 New Sessions Second 10 000 Email Capacity Per Day Mail S...

Page 260: ...o Training Export Import Whitelist Max entry 128 Whitelist Auto Training Export Import Blacklist Max entry 128 Blacklist Auto Training Export Import Training Database Spam Mail for Training Ham Mail for Training Spam Account for Training Anti Spam Spam Training Ham Account for Training Virus Scanner Clam Auto Update Virus Definitions 10 min Inbound Scanning for Internal Mail Server LAN DMZ Anti Vi...

Page 261: ...ted IP Static ARP Management Web Based UI Traditional Chinese Simplified Chinese and English Web UI Web Management HTTP Firmware Upgrade From LAN WAN Web UI Sub Administrator Max entry 10 Remote Monitor Web Management Port Number can be changeable Permitted IPs Max entry 32 Web UI Logout Remote management MTU changeable for WAN Interface Statistics Traffic Statistics WAN Policy Multiple Subnet NAT...

Page 262: ...width MB 50 QoS Personal QoS Accounting Report Ranking by IP Port Authentication User Max entry 200 Authentication Group Max entry 50 RADIUS POP3 URL to redirect Messages to display Authentication Authentication Status Disable re login Inbound Outbound Function Load balancing OutBound Auto AI Mode By Session By Packet Round Robin Auto Backup By Secure IP By Destination IP ICMP WAN Port connection ...

Page 263: ... Packet Filtering by Source IP Packet Filtering by Destination IP Packet Filtering by Port Access control by group Time Schedule Management Max Concurrent Sessions Incoming NAT mode External To DMZ NAT mode Outgoing Max entry 200 Incoming Max entry 50 LAN To DMZ Max entry 20 WAN To DMZ Max entry 50 DMZ To LAN Max entry 20 DMZ To WAN Max entry 20 Policy Control Tips URL Blocking Max entry 300 Scrip...

Page 264: ...cking VNN Client MSN Messenger Yahoo Messenger ICQ QQ Skype VoIP Google Talk IM Blocking Gadu Gadu IM P2P Blocking IM P2P Rule Drop Intruding Packets Traffic Log Event Log Connection Log Syslog Settings Log Log Backup E mail alert when WAN link failure H W Watch Dog Auto rebooting when detecting system fails VPN Function One Step IPSec IPSec Dead Peer Detection Show remote Network Neighborhood IKE...

Page 265: ...ec Max entry 200 100 PPTP Server Max entry 32 32 Allow to Configure Connection Tunnels PPTP Client Max entry 16 16 Stateful Packet Inspection Supports Windows VPN Client VPN Hub VPN Trunk Max entry 50 263 ...

Page 266: ... 10Mbps 10 BaseT standard WAN Wide Area Network A communication system of connecting PCs and other computing devices across a large local regional national or international geographic area LAN Local Area Network It is a computer network covering a small physical area or small group of buildings DMZ Demilitarized Zone When a router opens a DMZ port to an internal network device it opens all the TCP...

Page 267: ...e provider whenever there is a change Therefore users can build website or other Internet servers even if they don t have fixed IP connection Subnetwork or Subnet Found in larger networks these smaller networks are used to simplify addressing between numerous computers Subnets connect to the central network through a router switch or gateway Each individual wireless LAN will probably use the same ...

Page 268: ...cation and accounting system used by many Internet Service Providers ISPs When you dial in to the ISP you must enter your username and password This information is passed to a RADIUS server which checks that the information is correct and then authorizes access to the ISP system RADIUS typically uses port 1812 and port 1813 for authentication and accounting port Though not an official standard the...

Page 269: ...128 bytes long ISAKMP Internet Security Association Key Management Protocol An extensible protocol encoding scheme that complies to the Internet Key Exchange IKE framework for establishment of Security Associations SAs AH Authentication Header One of the IPSec standards that allows for data integrity of data packets ESP Encapsulating Security Payload One of the IPSec standards that provides for th...

Page 270: ...e data packets GRE IPSec The device Select GRE IPSec Generic Routing Encapsulation packet seal technology Sasser Sasser is a computer worm that affects computers running vulnerable versions of the Microsoft operating systems Windows XP and Windows 2000 Sasser spreads by exploiting the system through a vulnerable network port as do certain other worms Thus it is particularly virulent in that it can...

Page 271: ...tim The network s bandwidth is quickly used up preventing legitimate packets from getting through to their destination UDP Flood A UDP flood attack is a denial of service DoS attack using the User Datagram Protocol UDP a sessionless connectionless computer networking protocol Using UDP for denial of service attacks is not as straightforward as with the Transmission Control Protocol TCP However a U...

Page 272: ...t Detect Land Attack Some Systems may shut down when receiving packets with the same source and destination addresses the same source port and destination port and when SYN on the TCP header is marked Enable this function to detect such abnormal packets DoS Attack Denial of Service A type of network attack that floods the network with useless traffic Many DoS attacks such as the Ping of Death and ...