Billion BIPAC 6500, User Manual

Page 1: ...BIPAC 6500 Broadband VPN Firewall Router with 4 port 10 100M Switch User Manual ...

Page 2: ......

Page 3: ...stem 25 3 4 3 3 1 Password 25 3 4 3 3 2 Time Zone 26 3 4 3 3 3 Upgrade 27 3 4 3 3 4 Factory Setting 27 3 4 3 4 Firewall 28 3 4 3 4 1 Packet Filter 28 3 4 3 4 2 MAC Filter 30 3 4 3 4 3 Block Hacker Attack 31 3 4 3 4 4 Block WAN Request 32 3 4 3 4 5 URL Blocking 33 3 4 3 5 VPN 35 3 4 3 6 Virtual Server 35 3 4 3 7 Advanced 37 3 4 3 7 1 Remote Config 37 3 4 3 7 2 Dynamic Routing 37 3 4 3 7 3 Static Ro...

Page 4: ... sure it works fine 52 How can I check the active IP settings for my WAN port 53 Where can I find the WAN port s MAC address 53 How can I explore a local server to be visible to outside users 53 What is DMZ host 54 How to configure my MacOS to surf Internet through BIPAC 6500 54 How can I do if I forget the password for accessing Router 54 How can I do if there is already a DHCP server in LAN 55 H...

Page 5: ...ss For example to ensure that games and other Internet applications will run properly user can open some specific ports for outside users to access internal services in network Finally it can also detect and block many Hacker Patterns and not allow hacker into your network Integrated DHCP services client and server allow up to 253 users to get their IP addresses automatically on boot up from the p...

Page 6: ...pplication Level Gateway ALG algorithms for multimedia applications such as ICQ NetMeeting MS Messenger QUAKE Real Player etc Universal Plug and Play compliant UPnP Dynamic Domain Name System DDNS Virtual Server and DMZ SNTP and DNS relay Management Easy Web based GUI for remote and local management Firmware upgraded and configuration data upload and download via Web based GUI Support DHCP server ...

Page 7: ...tion IP address MAC address URL filtering string or domain name detection in URL string Virtual Private Network VPN Embedded IPSec PPTP client Embedded L2TP and L2TP over IPSec future release IKE key management DES and 3DES encryption for IPSec L2TP PPTP IPSec pass through ...

Page 8: ...outer 4 1 4 BIPAC 6500 Application Be noted BIPAC 6500 provides a 10 100Mbps Ethernet port 10Base T in the WAN site it will not detect MDI and MDIX automatically Therefore an Ethernet cross over cable should be used to connect to DSL CABLE modem ...

Page 9: ...rface Only use the power adapter that comes with the package 2 2 The Front LEDs LED Meaning 1 Power Lit green when power ON 2 SYS Lit when system is ready 4 LAN 1 5 LAN 2 6 LAN 3 7 LAN 4 Lit green when connected at 100 Mbps Lit orange when connected at 10 Mbps Flashes when sending receiving data 8 WAN Lit green when connected at 100 Mbps Lit orange when connected at 10 Mbps Flashes when sending re...

Page 10: ...re to factory default settings 0 3 seconds reset the device 3 6 seconds no action 6 seconds or above restore to factory default settings this is used when you can not login to BIPAC 6500 e g forgot the password PWR jack Connect the supplied power adapter to this jack Power Switch A Power ON OFF switch 2 4 Cabling Please refer to section 1 4 BIPAC 6500 Application first it gives a clear cable conne...

Page 11: ...n an IP address through a DHCP server or a fixed IP address which must be in the same subnet of BIPAC 6500 The default IP address of router is 192 168 1 254 and subnet mask is 255 255 255 0 The best and easy way is to configure the PC to get an IP address from BIPAC 6500 Please follow the steps below for PC s network environment installation First of all please check your PC s network components T...

Page 12: ...Billion BIPAC 6500 Broadband VPN Firewall Router 8 3 In the Local Area Connection Status window click Properties 4 Select Internet Protocol TCP IP and click Properties ...

Page 13: ... and the Obtain DNS server address automatically radio buttons 6 Click OK to finish the configuration Configuring PC in Windows 2000 1 Go to Start Settings Control Panel In the Control Panel double click on Network and Dial up Connections 2 Double click Local Area Connection ...

Page 14: ...Billion BIPAC 6500 Broadband VPN Firewall Router 10 3 In the Local Area Connection Status window click Properties 4 Select Internet Protocol TCP IP and click Properties ...

Page 15: ...cally radio buttons 6 Click OK to finish the configuration Configuring PC in Windows 95 98 ME 1 Go to Start Settings Control Panel In the Control Panel double click on Network and choose the Configuration tab 2 Select TCP IP NE2000 Compatible or the name of your Network Interface Card NIC in your PC 3 Click Properties ...

Page 16: ...irewall Router 12 4 Select the IP Address tab In this page click the Obtain an IP address automatically radio button 5 Then select the DNS Configuration tab 6 Select the Disable DNS radio button and click OK to finish the configuration ...

Page 17: ...indows NT4 0 1 Go to Start Settings Control Panel In the Control Panel double click on Network and choose the Protocols tab 2 Select TCP IP Protocol and click Properties 3 Select the Obtain an IP address from a DHCP server radio button and click OK ...

Page 18: ...ally 4 DHCP server DHCP server is enabled IP address pool from IP Address 192 168 1 100 to IP Address 192 168 1 199 3 2 1 Password The password is left blank as the default setting When configuring your router with Web browser just click OK and then you are logged in for the first time It is recommended that you set a password for security and management purpose BIPAC 6500 maintains the password o...

Page 19: ...e you have to check with your ISP what kind of service is provided such as PPPoE Fixed IP obtain an IP address automatically or PPTP client Gather the information as illustrated in the following table and keep it for reference PPPoE Username Password Service Name Domain Name System DNS IP address it can be automatically assigned from ISP or be set fixed Fixed IP IP address Subnet mask Gateway addr...

Page 20: ...The default password is left blank If you have set a password enter that and click OK to continue At the configuration homepage the left navigation pane where bookmarks are provided links you directly to the desired setup page including Quick Start Configuration LAN WAN Firewall System VPN Virtual Server Advanced and Help Status System Status Device Info System Logs Security Logs ARP Cache Table D...

Page 21: ... Logout the device when you finish configuring the router 3 4 2 Quick Start If you use this device to access the Internet through the ISP this web page is enough for you to configure this router and access the Internet without a problem Please check Chapter 3 3 Information from the ISP then enter the proper values into this web page click the Apply button and then click the Save Config button to s...

Page 22: ...er 18 3 4 3 Configuration When you click this item you get following sub items to configure BIPAC 6500 LAN WAN Firewall System VPN Virtual Server Advanced and Help 3 4 3 1 LAN This screen contains settings for LAN interface attached to the LAN port ...

Page 23: ...e sure your PC is also located at the same IP subnet Otherwise you may not be able to access the router Subnet Mask Default at 255 255 255 0 If you ever forget the LAN IP address we provide an utility running in MS Windows to find it automatically It is included in the installation CD named RouterFinder exe The PC with RouterFinder EXE and device should locate at the same local area network LAN ...

Page 24: ...er the last address of this local IP network address pool that you want the DHCP server to assign IP addresses to The default value is 192 168 1 199 With this case the DHCP pool is from 192 168 1 100 to 192 168 1 199 Therefore the local computer will get an IP address located at this range randomly If you disable DHCP Server remember to specify a static IP address subnet Mask and DNS setting for e...

Page 25: ...ded by your ISP The maximum input is 20 alphanumeric characters case sensitive MAC Address Specify the MAC address if your ISP needs it The Default MAC address is router s MAC address NAT The NAT feature allows multiple users to access Internet through a single IP account sharing the single IP address from ISP If users in the LAN site have public IP addresses and can access Internet directly the N...

Page 26: ...ification purpose If it is required your ISP will provide you the information Maximum input is 20 alphanumeric characters Specify an IP address Specify the router IP address if your ISP needs to use it NAT The NAT feature allows multiple users to access Internet through a single IP account sharing the single IP address If users in the LAN site have public IP addresses and can access Internet direc...

Page 27: ...d by your ISP Subnet Mask Enter the information provided by your ISP Gateway Address Enter the information provided by your ISP NAT The NAT feature allows multiple users to access Internet through a single IP account sharing the single IP address If users in the LAN site have public IP addresses and can access Internet directly the NAT function can be disabled PPTP Client ...

Page 28: ...anumeric characters case sensitive Password Enter the password Maximum input is 128 alphanumeric characters case sensitive PPTP Server Enter the IP address of the PPTP Server Own IP Address Choose Obtain IP address automatically or choose Static IP If Static IP is selected enter the IP address below If you select WAN interface to be PPTP client you will not see the VPN selection in the left pane a...

Page 29: ...cally PPPoE or PPTP Client as your WAN protocol Or your ISP may provide you with an IP address of DNS If this is the case you must enter the DNS IP address Moreover if you set Fixed IP as your ISP protocol you can only enter the DNS IP Address instead of obtaining the address automatically 3 4 3 3 System There are six items under the System section Password Time Zone Upgrade Factory Setting Reboot...

Page 30: ...hat your Caps Lock is off 3 4 3 3 2 Time Zone BIPAC 6500 does not have a real time clock on board instead it uses the simple network time protocol SNTP to get the current time from the SNTP server in outside network Please choose your local time zone and click Apply button You will get the correct time information after you really establish a connection to Internet The current time of selected tim...

Page 31: ...ur local environment first Press the Browse button to specify the path of the firmware file Then click Upgrade to start upgrading When the procedure is completed BIPAC 6500 will reset automatically to make the new firmware work 3 4 3 3 4 Factory Setting If for any reason you have to reset this router back to factory default settings be careful that the current settings will be lost and the setting...

Page 32: ... function enables you to configure your router to block specified internal external user IP address from Internet access or you can disable specific service request Port number to from Internet You must check the Enable radio button to make the following figure appear for further configuration This configuration program allows you to set up different filter rules up to 10 for different users based...

Page 33: ...dit Then click the Edit button Delete Check the Rule No you want to delete Then click the Delete button Outgoing Incoming Determine whether the rule is for outgoing packets or for incoming packets Active Choose Yes to enable the rule or choose No to disable the rule Packet Type Specify the packet type TCP UDP ICMP or any that the rule will be applied to ...

Page 34: ...et s destination port number s If the DHCP server option is enabled you have to be very careful in assigning the IP addresses of filtered private IP range in order to avoid conflicts because you do not know which PC in LAN is assigned to which IP address The easiest and safest way is that the filtered IP address is assigned to specific PC that is not allowed to access outside resource such as Inte...

Page 35: ...dress listed in the list 3 4 3 4 3 Block Hacker Attack BIPAC 6500 can automatically detect and block the DoS Denial of Service attack if user enables this function This kind of attack is not to achieve the confidential data of this network instead it aims to crush specific equipment or the entire network If this happens the users will not be able to access the network resources The following hacke...

Page 36: ...e informed by emails when hackers attack the router E mail address The alert mail will be sent to this address SMTP server Enter the SMTP server of the above E mail address 3 4 3 4 4 Block WAN Request Check Enable if you want to exclude outside PING request from reaching on this router ...

Page 37: ... Block From to Check this button if you only wish to block a URL in a specific time interval For example if you wish to temporarily block a URL from Monday 8 00am until Wednesday night at 7 40pm in the space provided above you should select 08 00 Monday to 19 40 Wednesday Domains Filter Check if you want to enable the Domains Filtering function and click the Detail button for further configuration...

Page 38: ...nto the domain list Users will no longer be able to access the websites from the LAN To add a domain name enter its host name such as www bad site com into the text field under Domain and click Add The domain will be shown in the Domain List Do not enter the complete URL of the site that is do not include http All subdomains are allowed For instance taking yahoo com as the trusted domain means tha...

Page 39: ...3 4 3 5 VPN VPN Virtual Private Network is a secured Internet protocol to allow users to access the company internal network resources outside the company network If you want to make this function take effect check the Enable button Hence the following fields will be activated There is three items under VPN section PPTP IPSec and L2TP The reference of VPN please refer to VPN Configuration document...

Page 40: ...UDP if you want to scope for the connectionless application service on the remote server using the port number DMZ IP Address Regarding the DMZ Host it is a local computer exposed to the Internet Therefore an incoming packet will be checked by Firewall and NAT algorithms in the router then passed to the DMZ host when packet is not sent from hacker and not matched by virtual server list If the DHCP...

Page 41: ...rt number please use your own port if you change the default value If for any reason you want to limit the IP addresses for remote login please enter the Start IP and the End IP address But be noted that the range is not allowed to exceed 254 If the NAT function is disabled the URL should be http LAN IP address where LAN IP address is the IP address of the router s LAN port You can find the value ...

Page 42: ...e network 3 4 3 7 3 Static Routing If you have another router with a LAN to LAN connection you may create a static routing on the router that is the gateway to Internet Add Click this button to add a new static routing When you click this button the next figure appears Edit Check the item you want to edit Then click the Edit button ...

Page 43: ...red by this Static Routing function 3 4 3 7 4 Dynamic DNS With Dynamic DNS service a domain name can be translated into a dynamic IP address which is often issued by ISP for dial up service A local server such as Web server Email server or FTP server can then be easily accessed without knowing the changing IP address Check the Enable button to access the Dynamic DNS service ...

Page 44: ...utomatically whenever the assigned IP changes 3 4 3 7 5 Check Email BIPAC 6500 may set a Email account to periodically check up incoming mail LED flashes green when there is Email Account Enter your Email account in the field Password Enter your Email password in the field Incoming Mail Server Specify your incoming mail server name or IP address Interval to Check Periodical timer checks up incomin...

Page 45: ...N Messenger will discover that they are behind a NAT router learn the external IP address and configure port mappings on the router to forward packets from the external ports of the router to the internal ports used by the application 3 4 3 8 Help After click on the hyperlink of Help in the left pane the following html page will jump out This page would be a good reference as you proceed the confi...

Page 46: ... current LAN and WAN connection status The first line under the WAN segment displays the ISP protocol you set You can see the status of connection from its right side column If you choose Obtain an IP Address Automatically as your protocol there will be a Renew button beside the connection status description Click this Renew button whenever you want to get a new IP Address rather than the existent...

Page 47: ...SP You will see the system status changing from connecting authenticating to connected if the procedure of connecting works smoothly When you want to disconnect from your ISP under connected status just click the Disconnect button In the PPTP Client protocol you can press the Connect button when the line is disconnected or press the Disconnect button when the line is connected ...

Page 48: ...utomatically every 15 seconds which enables you to get the most updated status of your system You can also click the Refresh button to get the latest information of system status manually 3 4 4 2 Device Info Display the current Firmware version and MAC addresses of your router ...

Page 49: ...al information through this function Refresh Click Refresh to get the latest information of system logs 3 4 4 4 Security Logs Display the information of security logs If hacker attacks your sever he will be isolated by the firewall function and the router will record related information Hence you know where the hacker comes from ...

Page 50: ... of system logs 3 4 4 5 ARP Cache Table From this table you can see the IP address of each PC in your LAN as well as its associated MAC address 3 4 4 6 DHCP Table If you enable the DHCP server function of this device you can see the assigned IP addresses and their associated MAC addresses from this table ...

Page 51: ...Chapter 3 Configuration 47 3 4 4 7 Routing Table Display the current routing paths of BIPAC 6500 3 4 4 8 VPN Connect Status Display the current VPN connection status ...

Page 52: ...Billion BIPAC 6500 Broadband VPN Firewall Router 48 ...

Page 53: ...ault settings go to the Web configuration window Enter Factory Setting under System and then click Reset to begin the process Why do I get IP conflict information in my computer When you see the message box prompted for IP address conflict in your computer it could be caused by rebooting BIPAC 6500 or by two or more workstations occupying the same IP address Please run the winipcfg utility to rele...

Page 54: ...ts that need to be opened for proper operation of the software If you can t find the necessary information call the software maker and ask what ports need to be opened for the software to work through a firewall Can I upgrade the gateway s firmware We provide two firmwares one bfw is for boot code and the other afw is application code Usually you do not need to upgrade boot code in stead there is ...

Page 55: ...ot be used to dynamically adjust TCP IP connections You can also renew leases if allowed by the network and get the current IP address assignments through this program 1 From Windows go to Start Run enter WINIPCFG and click OK 2 The following figure displays the adapter address and current TCP IP address Select the correct Ethernet adapter that is installed in this computer at the Ethernet Adapter...

Page 56: ... should list the product s local port address the device s IP address 3 The DNS server IP addresses should match the DNS server IP addresses set in the device IPCONFIG EXE For WinNT Win2000 and WinXP go to Start Programs Accessories Command Prompt to open the Command Prompt Type in IPCONFIG ALL and hit Enter to see the adapter s information Type in IPCONFIG RELEASE to release all adapters IP addre...

Page 57: ...ocess inside the router including the WAN port IP address and related information Where can I find the WAN port s MAC address When you need this WAN port MAC address you can refer the MAC label in the enclosure But the easiest way is to use Web based GUI to check it Please enter Status Device Info or WAN Obtain an IP address automatically then you will see the MAC address for WAN port Usually some...

Page 58: ...ing packet Therefore DMZ host is the easy to forward this kind of packets If you enable and set virtual server and DMZ host the precedence is Virtual Server and then DMZ For example the incoming packet will be checked with Firewall rules Virtual Server rules and then DMZ host How to configure my MacOS to surf Internet through BIPAC 6500 Please make sure the MacOS open transport networking protocol...

Page 59: ...hod should I select in WAN ISP setting window The broadband firewall router supports four kinds of access method to establish a connection as below PPPoE Username Password Service Name Domain Name System DNS IP address it can be automatically assigned from ISP or be set fixed Fixed IP IP address Subnet mask Gateway address Domain Name System DNS IP address it is fixed IP address Obtain an IP Addre...

Page 60: ...ervices please refer below for details Application Settings for Outgoing Connection Setting for Incoming connection ICQ98a 99b None None Netmeeting 2 1 3 0 None 1503 tcp 1720 tcp AOE 2300 2400 tcp 2300 2400 udp 47624 tcp 2300 2400 tcp 2300 2400 udp 47624 tcp VDO Live None None mIRC None None Cu Seeme 7648 tcp 7648 udp 24032 udp 7648 tcp 7648 udp 24032 udp PCAnywhere 5632 udp 22 udp 5631 tcp 65301 ...

Page 61: ...e solved by using the Troubleshooting in Chapter 4 If you continue to have problems you should contact the dealer where you bought this product For further assistances with the product please feel free to contact and visit us at http www billion com T ...