Billion Electric Company 30 manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of Billion Electric Company 30, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of Billion Electric Company 30 one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of Billion Electric Company 30. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of Billion Electric Company 30 should contain:
- informations concerning technical data of Billion Electric Company 30
- name of the manufacturer and a year of construction of the Billion Electric Company 30 item
- rules of operation, control and maintenance of the Billion Electric Company 30 item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of Billion Electric Company 30 alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of Billion Electric Company 30, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the Billion Electric Company service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of Billion Electric Company 30.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the Billion Electric Company 30 item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    BiGuard 30 iBusiness Security Gateway SMB User ’ s Manual V ersion Release 7.01 (FW:1.06p)[...]

  • Page 2

    2 BiGuard 30 User’s Manual (Updated March 28, 2007) Copyright Information © 2007 Billion Electric Corporation, Ltd. The contents of this publication may n o t be reproduced in whole or in part, transcribed, stored, tr anslated, or transmi tted in any form or any means, without the prior written con sent of Billion Electric Corporation. Published[...]

  • Page 3

    3 Safety Warnings Y our BiGuard 30 is built for reliability and long service life. For your safety , be sure to read and follow the fol lowing safety w arnings. • Read this installation guide thoroughly bef ore attempting to set up your BiGuard 30. • Y our BiGuard 30 is a complex electronic device. DO NO T open or attempt to repair it yourself [...]

  • Page 4

    4 Table of Contents Chapter 1: Introduction 1.1 Overview 1.2 Product Highlights 1.2.1 Increased Bandwidth, Scalability and Resilience 1.2.2 Virtual Private Network Support 1.2.3 Advanced Firewall Security 1.2.4 Intelligent Bandwidth Management 1.3 Package Contents 1.3.1 Front Panel 1.3.2 Rear Panel 1.3.3 Rack Mounting 1.3.4 Cabling Chapter 2: Route[...]

  • Page 5

    5 2.6.1 General VPN Setup 2.6.2 VPN Planning - Fail Over 2.6.3 Concentrato r Chapter 3: Getting Started 3.1 Overview 3.2 Before You Begin 3.3 Connecting Your Router 3.4 Configuring PCs for TCP/IP Networking 3.4.1 Overview 3.4.2 Windows XP 3.4.2.1 Configuri ng 3.4.2.2 Verifying Settings 3.4.3 Windows 2000 3.4.3.1 Configuri ng 3.4.3.2 Verifying Setti[...]

  • Page 6

    6 4.2.5 IPSec Status 4.2.6 PPTP Status 4.2.7 Traffic Stati stics 4.2.8 System Log 4.2.9 IPSec Log 4.3 Quick Start 4.3.1 DHCP 4.3.2 Static IP 4.3.3 PPPoE 4.3.4 PPTP 4.3.5 Big Pond 4.4 Configuration 4.4.1 LAN 4.4.1.1 Ethernet 4.4.1.2 DHCP Server 4.4.1.3 LAN Address Mapping 4.4.2 WAN 4.4.2.1 ISP Settings 4.4.2.1.1 DHCP 4.4.2.1.2 Static IP 4.4.2.1.3 PP[...]

  • Page 7

    7 4.4.4.8 Email Alert 4.4.5 Firewall 4.4.5.1 Packet Filter 4.4.5.2 URL Filter 4.4.5.3 LAN MAC Filter 4.4.5.4 Block WAN Request 4.4.5.5 Intrusion Detection 4.4.6 VPN 4.4.6.1 IPSec 4.4.6.1.1 IPSec Wizard 4.4.6.1.2 IPSec Policy 4.4.6.2 PPTP 4.4.7 QoS 4.4.8 Virtual Server 4.4.8.1 DMZ 4.4.8.2 Port Forwarding Table 4.4.9 Advanced 4.4.9.1 Static Route 4.4[...]

  • Page 8

    8 5.2.3.3 Java Permissions 5.3 WAN Interface 5.3.1 Can’t Get WAN IP Ad dress from the ISP 5.4 ISP Connection 5.5 Problems with Date and Time 5.6 Restoring Factory De faults Appendix A: Product Specifications Appendix B: Customer Support Appendix C: FCC Interference Statement Appendix D: Network, Routing, and Firewall Basics D.1 Network Basics D.1[...]

  • Page 9

    9 E.2 What is IPSec? E.2.1 IPSec Security Components E.2.1.1 Authentication Header (AH) E.2.1.2 Encapsulating Security Payload (ESP) E.2.1.3 Security Associations (SA) E.2.2 IPSec Modes[...]

  • Page 10

    10 E.2.3 Tunnel Mode AH E.2.4 Tunnel Mode ESP E.2.5 Internet Key Exchange (IKE) Appendix F: IPSec Logs and Events F.1 IPSec Log Event Categories F.2 IPSec Log Event Table Appendix G: Bandwidth Management with QoS G.1 Overview G.2 What is Quality of Service? G.3 How Does QoS Work? G.4 Who Needs QoS? G.4.1 Home Users G.4.2 Office Users Appendix H: Ro[...]

  • Page 11

    11 Chapter 1: Introduction 1.1 Overview Congrat ulations on purchasi ng BiGuard 30 R outer from Billion. Combining a router with an Ethe rnet network switch, BiGuard 30 is a stat e-of -the-art devi ce that provides everything yo u need to get your ne twork connected to the Internet ov er your Cable or DSL connection quickly and easil y . The Quick [...]

  • Page 12

    12 connections are possible on BiGuard 30, with performance of up to 10 Mbps. 1.2.3 Advanced Firewall Security Aside from intelligent broadband sharing, BiGuard 30 offers in tegrated firewall protection with adv anced fe atures to secure y our network from outside attacks. Stateful P acket Inspection (SPI) de termines if a data packet i s permitted[...]

  • Page 13

    13 LED Function Power A solid light indicates a steady connection to a power source. Status A blinking light indicates the device is writing to flash memory. LAN 1 – 8 Lit when connected to an Ethernet device. 10/100M : Lit green when connected at 100Mbps. Not lit when connected at 10Mbps. Link/ACT: Lit when device is connected. Blinking when dat[...]

  • Page 14

    14 Port Function 1 RESET To reset the device and restor e factory default settings, after the device is fully booted, press and hold RESET until the Status LED begins to blink. 2 WAN2 WAN2 10/100M Ethernet port (w ith auto crossover support); connect xDSL/Cable modem here. 3 WAN1 WAN1 10/100M Ethernet port (w ith auto crossover support); connect xD[...]

  • Page 15

    15 1.3.4 Cabling Most Ethernet networks cu rrently use unshielded tw isted pair (UTP) cabling. The UTP cable contains eigh t conductors, arr anged in four twisted pairs, and terminated with an RJ45 t ype connector . One of the most common causes of networking problems is bad cabling. Make sure that all connected devices are turned on. On the front [...]

  • Page 16

    16 Chapter 2: Router Applications 2.1 Overview Y our BiGuard 30 router is a versatile device t hat can be configured t o not only protect your network from malicious attack ers, but also ensure optimal usage of available bandwidth with Quality of Service (QoS) and both Inbound and Outbo und Load Balancing. Altern atively , BiGuard 30 can also be se[...]

  • Page 17

    17 2.2.2 QoS Policies for Different Applications By setting differen t QoS policies according to the applicatio ns you are running, you can use BiGuard 30 to optimiz e the bandwidt h that is being used on your network. As illustrated in the diagram above, applications such as V oiceover IP (V oIP) requ ire Restricted PC Normal PCs Vo I P[...]

  • Page 18

    18 low network laten cies to function properly . If bandwidth is being used by other applications such as an FTP server , users using V oIP will experience netw ork lag and/or service interruption s during use. T o avoid this scenario, this network has assigned V oIP with a guaranteed bandwidt h and higher priority to ensure smooth communications. [...]

  • Page 19

    19 policies for differen t PCs on the network. Policy based traffic shaping lets you better manage your bandwidth, providing reliable In ternet and network service to your organization. 2.2.5 Priority Bandwidth Utilization Assigning priority to a certain serv ice allo ws BiGuard 30 to give either a higher or lower priority to traffic from this part[...]

  • Page 20

    20 2.2.6 Management by IP or MAC address BiGuard 30 can also be configured to apply tr affic policies based on a particular IP or MAC address. This allow s you to quickly assign differen t traffic policies to a specific computer on the network. 2.2.7 DiffServ (DSCP Mar king)[...]

  • Page 21

    21 DiffServ (a.k .a. DSCP Marking) allows you to classify t raffic based on IP DSCP v alues. Other interfaces can match tr affic ba sed on the DSCP markings. DSC P markings are used to decide how packets sho uld be tr eated, and is a useful tool to give precedence to varying t ypes of data. 2.2.8 DSCP (Matching) Just like the DSCP M arking, DSCP is[...]

  • Page 22

    22 In the above example, PC 1 (I P_192. 168.2.2 ) and PC 2 (IP_192.168.2.3) are connected to the Internet via W AN1 (I P_230 .100.100.1) on BiGuard 30. Sho uld WAN1 fai l, Outbound F ail Over tells BiGuard 30 to reroute outgoi ng traffi c to W AN2 (IP_213.10.10.2). Configuring your BiGuar d 30 for Outbound F ail Over provides a more reliable connec[...]

  • Page 23

    23 In the above example, PC 1 (I P_192. 168.2.2 ) and PC 2 (IP_192.168.2.3) are connected to the Internet via W AN1 (IP_230.1 00.100.1) and W AN2 (IP_213.10.10.2) on BiGuard 30. Y ou can co nfigure BiGuard 30 to balance the load of each WA N port with one of two mechanisms: 1. Session (by session/by traffic/weight of link capability) 2. IP Hash (by[...]

  • Page 24

    24 In the above example, an FTP Server (IP_192.168.2.2) and an HT TP Server (IP_192.168.2.3) are connected to the I nternet via W AN1 (ftp.billion.dyndns.org) on BiGuard 30. A remote computer is trying to access these servers via the Internet. Under normal circumstances, the remote compu ter will gain access to the network via WAN1. Should WAN1 fai[...]

  • Page 25

    25 In the above example, an FTP server (IP_192.168.2.2) and an HT TP server (IP_192.168.2.3) are connected to the I nternet via W AN1 (www.billion2.dyndns.org) an d W AN2 (www.billion3.dyndns.org) on BiGuard 30. Re mote PCs are attempting to access the serv ers via the Internet. Usi ng Inbound Load Balancing, BiGuard 30 can direct inco ming request[...]

  • Page 26

    26 DNS Inbound is a three step process. First, a DNS request is made to the router via a remote PC. BiGuard 30, based on sett ings specified by the user , will direct the requesting PC to the correct W AN port by replying the selected W AN IP address through the bui lt-i n DNS server . The remote PC then accesses the network via the specified WAN p[...]

  • Page 27

    27 In the above example, an FTP Server (IP_192.168.2.2) and an HT TP Server (IP_192.168.2.3) are connected to the I n ternet via W AN1 (IP_200.20 0.200.1) on BiGuard 30. A remote computer is trying to access these servers via the Internet, and makes a DNS request. The DNS request ( www .mydomain.com ) will be sent through WAN1 (200.200.200.1) to th[...]

  • Page 28

    28 In the above example, an FTP server (IP_192.168.2.2) and an HT TP server (IP_192.168.2.3) are connected to the I nternet via W AN1 (IP_200.200.200.1) and WAN2 (IP_1 00.100.100.1) on BiGuard 30. R e mote PCs are attempting to access the servers via the Internet by making a DNS request, entering a URL (www.m ydomain.com). Using a load balanc ing a[...]

  • Page 29

    29 In the example above, the client is making a DNS reques t. The request is sent to the DNS server of BiGuard 30 through WAN2 (1). W AN2 will route th is request to the embedded DNS server of BiGu ard 30 (2). BiGuard 30 will analyze the bandwidth of both WAN1 and W AN2 and decide which WAN IP to repl y to the request ( 3). After the decision is ma[...]

  • Page 30

    30 The following section discusses Virtual Private Networking with BiGuard 30. 2.6.1 General VPN Setup There are typically thr ee different VPN scenarios. The first is a Gateway to Gateway setup, where two remote gatewa ys communicate o ver the Internet vi a a secure tunnel. The next type of VPN setup is the G ateway to Multiple Gateway setup, wher[...]

  • Page 31

    31 planning. The foll owing sections de monstrate the va rious wa ys of using BiGuard 30 to setup your VP N. 2.6.2 VPN Planning - Fail Over Configurin g your VPN with F ail Over allow s BiGuard 30 to automatically def ault to W AN2 should W AN1 fai l. Because the dynamic domain name biguard.bi llion.com is configured fo r both W AN1 and WAN2, the a[...]

  • Page 32

    32 Configurin g BiGuard 30 for F ail Over provides added reliability to your VPN. 2.6.3 Concentrato r The VPN Concentr ator provides an easy way for branch offices to connect to headquarter through a VPN tunnel . All br anch office tr affic will be redirected to the VPN tunnel to headquarter with the exceptio n of LAN-side tr affic. This way , all [...]

  • Page 33

    33 Chapter 3: Getting Started 3.1 Overview BiGuard 30 is designed to be a powe rful and flexible network device that is also easy to use. With an intu itive web-based configu ration, BiGuard 30 allows you to administer your network via virt ually any Java-enabled web browser and is fully compatible with Linux, Mac OS, an d Windows 98/Me/NT/2000/XP [...]

  • Page 34

    34 password for security reason. 4. Prepare to physically connect BiGuard 30 to Cable or DSL modems and a computer . Be sure to also review the Safety Warn ings located in the preface of this m anual before working with your BiGuard 30. 3.3 Connecting Your Router Connecting BiGuard 30 is an easy three-step process: 1. Connect BiGuard 30 to y our LA[...]

  • Page 35

    35 3.4 Configuring PCs for TCP/IP Networking Now that your BiGuard 30 is connected properly t o your network, it’s time to configure your net worked PC s for T CP/IP networking. In order for your network ed PCs to communi cate with your router , they must have the following characteristics: 1. Have a properly installed and f unctioning Eth ernet [...]

  • Page 36

    36 - Mac OS 7 and later If you are using Windows 3.1, you must pu rchase a third-party TCP/IP application package. Any T CP/IP capable workstation can be used to communicate wi th or through BiGuard 30. T o configure other types of workstations, please consult the manufacturer’ s documentation. 3.4.2 Windows XP 3.4.2.1 Configuri ng 1. Select Star[...]

  • Page 37

    37 3. Select Internet Protocol (TCP/IP) and click Properties . 4a. T o have your PC obtain an IP address au tomatically , select t he Obtain an IP[...]

  • Page 38

    38 address automaticall y and Obtain DNS server address aut omatically rad io buttons. 4b. T o manually assign your PC a fix ed IP address, select the Use the followin g IP address r adio button a nd enter your desired IP ad dress, subnet mask, and default gateway in the blanks provided. R emember that your PC must reside in the same subnet mask as[...]

  • Page 39

    39 3.4.2.2 Verifying Settings T o verify your setting s using a command prom pt: 1. Click Start > Programs > Accessories > Command Prompt . 2. In the Command Pro mpt window , type ipco nfig and then press ENTER . If you are using BiGuard 30’ s default settings, your PC should have:[...]

  • Page 40

    40 - An IP address between 192.168.1.1 and 192 .168.1.253 - A subnet mask of 255.255.255.0 T o verify your setting s using the Windows XP GUI: 1. Click Start > Settings > Network Connections .[...]

  • Page 41

    41 2. Right click one of the networ k connections listed and select Status from the pop-up menu. 3. Click the Support tab .[...]

  • Page 42

    42 If you are usi ng BiGuard 30’ s defaul t settings, yo ur PC should: - Have an IP address be tween 192.168.1.1 and 192.168.1.253 - Have a subnet mask of 255.255.255.0 3.4.3 Windows 2000 3.4.3.1 Configuring 1. Select Start > Settings > Cont rol Panel .[...]

  • Page 43

    43 2. In the Cont rol Panel window , double-click Network and Dial-up Connections . 3. In Network and Dial-up Connections, double -click Local Area Connection .[...]

  • Page 44

    44 4. In the Local Area Connection window , click Properties . 5. Select Internet Protocol (TCP/IP) and cl ick Properties .[...]

  • Page 45

    45 6a. T o have your PC obtain an IP address au tomatically , select t he Obtain an IP address automaticall y and Obtain DNS server address aut omatically rad io buttons. 6b. T o manually assign your PC a fixed IP address, select the Use the following IP address r adio button a nd enter your desired IP ad dress, subnet mask, and default gateway in [...]

  • Page 46

    46 7. Click OK to finish the configurati on. 3.4.3.2 Verifying Settings 1. Click Start > Programs > Accessories > Command Prompt .[...]

  • Page 47

    47 2. In the Command Pro mpt window , type ipco nfig and then press ENTER . If you are using BiGuard 30’ s default settings, your PC should have: - An IP address between 192.168.1.1 and 192 .168.1.253 - A subnet mask of 255.255.255.0[...]

  • Page 48

    48 3.4.4 Windows 98 / Me 3.4.4.1 Installing Components T o prepare Windows 98/Me PCs for T CP/IP networking, you may need to manually install TCP/IP on each PC. T o do this, follow the steps below. Be sure to have your Windows CD handy , as you may need to insert it during the inst allation process. 1. On the Windows tas kbar , select Start > Se[...]

  • Page 49

    49 Y ou mu st have the follow ing installed:[...]

  • Page 50

    50 - An Ethernet adapter - TCP/IP pr otocol - Client for Microsoft Networks If you need to in stall a new Ethern et adapter , follow these steps: a. Click Add . b. Select Adapter , then Add . c. Select the manufactu rer and model of your Ethernet adapt er , then click OK .[...]

  • Page 51

    51 If you need TCP/IP: a. Click Add . b. Select Protocol , then click Add .[...]

  • Page 52

    52 c. Select Microsoft . Æ TCP/IP , then OK . If you need Client for Microsoft Networks: a. Click Add .[...]

  • Page 53

    53 b. Select Client , then click Add . c. Select Microsoft . Æ Client for Microsoft Networks , and then click OK . 3. Re start your PC to a pply your changes. 3.4.4.2 Configuring 1. Select Start > Settings > Cont rol Panel .[...]

  • Page 54

    54 2. In the Con trol Panel, double-click Network and choose the Confi guratio n tab.[...]

  • Page 55

    55 3. Select TCP / IP > ASUSTek or the name of any Network Interface Card (N IC) in your PC and click Properties . 4. Select the IP Address tab and click the Obtain an IP address au tomatic all y radio butto n.[...]

  • Page 56

    56 5. Select the DNS Conf igura tion tab and select the Disable DN S r adio button. 6. Click OK to apply the configurati on.[...]

  • Page 57

    57 3.4.4.3 Verifying Settings T o ch eck the TCP/IP configuration, use the winipcfg.exe utility: 1. Select Start > Run . 2. T y pe winipcfg , and then click OK. 3. From the drop-down bo x, se lect your Ethernet adapter .[...]

  • Page 58

    58 The window i s updated to show your settings. Us ing the defaul t BiGuard 30 settings, your PC should h ave: - An IP address between 192.168.1.1 and 192 .168.1.253 - A subnet mask of 255.255.255.0 - A default gatewa y of 192.168.1.254 3.5 Factory Default Settings Before configuring your BiGuard 30, you need to know the following default settings[...]

  • Page 59

    59 ISP setting in W AN si te: Obtain an IP Address automatically ( DHCP Clie nt) DHCP server: DHCP server is enabled. Start IP Address: 192.168.1.100 End IP Address: 192.16 8.1.199 3.5.1 User Name and Password The default user name and passw ord are "admin" and "admin" respectively . If you ever forget your user name and/or pass[...]

  • Page 60

    60 Before configurin g this device, you have to check with your ISP (Internet Service P r o v i d e r ) t o f i n d o u t w h a t k i n d o f s e r v i c e is provided such as D HCP , St atic IP , PPP oE, or PPTP . The following table out lines each of these protocols: DHCP Configure this WAN interface to use DHCP client protocol to get an IP addre[...]

  • Page 61

    61 If an ISP technician co nfigured yo ur computer or if you c onfigured it usi ng instructions prov ided by your ISP , you n eed to copy the configuration information from your PC’ s Network T C P/IP Properti es wi ndow before reconfiguring yo ur computer for use with B iGuard 30. The follo wing sections descri be how you can obtain this inf orm[...]

  • Page 62

    62 3. In the Network Connections window , right-click Local Area Connection and select Properties . 4. Select Internet Protocol (TCP/IP) and click Properties .[...]

  • Page 63

    63 5. If an IP address , subnet mask and a Default gateway are shown, write down the information. If no address is present, your account’ s IP address is dynamically assigned. Click the Obtain an IP address automatically radio button. 6. If any DNS ser ver addresses are shown, write them down. C lick the Obtain DNS[...]

  • Page 64

    64 server address automa ti cally r adio button. 7. Click OK to save your changes.[...]

  • Page 65

    65 3.7 Web Configuration Interface BiGuard 30 includes a W eb Configur ation Inte rface for easy administr ation via virtually any browser on your network. T o access th is interface, open your web browser , enter the IP address of your ro uter , which by default is 192.168 .1.254, and click Go . A user name and password wind ow prompt will appear [...]

  • Page 66

    66 Chapter 4: Router Configuration 4.1 Overview The W eb Configuration Interface makes it ea sy for you to manage your net work via any PC connected to it. On the W eb Configur atio n homepage, you will see the navigation pane l ocated on the left ha nd si de. From it, you will be able to select various opti ons used to configure y our router . 1. [...]

  • Page 67

    67 access the page after a user-defined period (5 minutes by default). The following sectio ns will show y ou how to configure y our router usin g the W eb Configurati on Interface. 4.2 Status The Status menu displays the v arious option s that have been se lected and a number of statistics about your BiGuard 30. In t his menu, you w ill find the f[...]

  • Page 68

    68 No.: Numbe r of the list. IP Address: A list of IP addresses of devices on yo ur LAN. MAC Address: The Media Access Co ntrol (MAC) addresses for each device on your LAN. Interface: The interface name (on the router) that this IP address connects to. Static: Static status of the ARP table entry . NO indicates dynami cally-gener ated ARP table ent[...]

  • Page 69

    69 4.2.3 Session Table The NA T Session T able displays a list of current sessions for both inco ming and outgoing tr affic with protoc ol type, source IP , source port, destination IP and destination port, each page shows 10 sessions. No.: Numbe r of the list. Protocol: Protocol type of the Session. From IP: Source IP of the session. From port: so[...]

  • Page 70

    70 your network via D ynamic Host Confi gurati on Protocol (DHCP) . No.: Numbe r of the list. IP Address: A list of IP addresses of devices on yo ur LAN. Device Name: The host name (c omputer name) of the client. MAC Address: The MAC address of cl ient. 4.2.5 IPSec Status The IPSec Status window displa ys the status of the IPSec T unnels that are c[...]

  • Page 71

    71 4.2.6 PPTP Status The PPTP Status wi ndow displa ys the status of the PPTP T unnels that are currently configured on your BiGuard 30. Name: The name yo u assigned to t he particular PPTP entr y . Enable: Whether t he PPTP connection is cu rrently Enable or Disable. Status: Whether the PPTP is Activ e, Inactive or Disable. T ype: Whether the Conn[...]

  • Page 72

    72 WAN1: T ransmitted (Tx) and Received (Rx) bytes and packets for WAN1. WAN2: T ransmitted (Tx) and Received (Rx) bytes and packets for WAN2. Display: Allows you to change the units of me asurement for the tr affic gr aph. 4.2.8 System Log This window displays BiGuard 30’ s System Log entries. Major events are logged on this window . Re fresh: R[...]

  • Page 73

    73 Re fresh: R efresh the IPSec Log. Clear Log: Clear the IPSec Log. Send Log: Send IPSec Log to your email account. Y ou can set the email address in Configuration > System > Email Alert . See the Email Alert section for more details. Please refer to Appendix F: IPSec Log Events for more information on log events. 4.3 Quick Start The Quick S[...]

  • Page 74

    74 4.3.2 Static IP IP assigned by your ISP: Enter the assigned IP address from yo ur IP . IP Subnet Mask: Enter your IP sub net mask. ISP Gateway Address: Enter your ISP gatew ay address. Primary DNS: Enter your primary DNS. Secondary DNS: Enter yo ur secondary DNS . Click Apply to save y our changes. T o reset to defaul ts, click Reset . 4.3.3 PPP[...]

  • Page 75

    75 4.3.4 PPTP Username: Enter your user name. Password : Enter your password. Re type Pas sword: R etype yo ur password. PPTP Clie nt IP: Enter the PPTP Client IP pro vided by yo ur ISP . PPTP Client IP Netmask: Enter th e PPTP Client IP N etmask provided by your ISP . PPTP Client IP Gateway: Ent er the PPTP Client IP Gateway provided by your ISP .[...]

  • Page 76

    76 Username: Enter your user name. Password : Enter your password. Re type Pas sword: R etype yo ur password. Login Server: Enter the IP of the Lo gin server provided by your ISP . Click Apply to save y our changes. T o reset to defaul ts, click Reset . For detailed instructions on configurin g WAN settings, please refer to the WAN section of this [...]

  • Page 77

    77 4.4.1 LAN There are three items wi thin this section: Ethernet , DHC P Server and LAN Address Mapping. 4.4.1.1 Ethernet IP Address: Enter the internal LAN IP address for BiGuard 30 (192.168.1.254 by default). Subnet Mask: Enter the subnet ma sk (255.255.255.0 by default). RIP: RIP v2 Broadcast and RIP v2 Multicast. Check to enable RIP .[...]

  • Page 78

    78 4.4.1.2 DHCP Server In this menu, yo u can disabl e or enable the Dynamic Host Co nfigur ation Protocol (DHCP) server . The DHCP protocol allows your BiGuard 30 to dy namically assign IP addresses to PCs on your network if they are configured to aut omatically obtain IP addresses. T o disable the router ’ s DHCP Server , select the Disable rad[...]

  • Page 79

    79 Name: Enter the name you want to give for the IP+Mac Address Fix ed Host account. Active: Select whether you wan t to Enable or Disable this particular Fixed Host account. IP Address: Enter the IP address that you w a nt to reserve for the above MAC address. MAC Address: Enter the MAC address of the PC or server you wish to be assigned a reserve[...]

  • Page 80

    80 Please click Create to create a LAN Address Mapping rule. Name: Please input the name of the rule. IP Address: Please input the LAN Gate way I P Address you would lik e to use. Netmask: Please input the Netmask you would like to us e. WAN IP Add ress: Please click Candidates to select the W AN IP a ddress you would like to use from WAN Alias lis[...]

  • Page 81

    81 The W AN menu contains two items: ISP Settings , Bandwidth Settings and WAN IP Alias . 4.4.2.1 ISP Settings This W AN Servi ce T able displays th e different W AN conne ctions that are configured on BiGuard 30. T o edit any of these connections, click Edit . Y ou will be taken to the following menu.[...]

  • Page 82

    82 Connection Meth od: Select how your router will connect t o the Internet. Selection s include Obtain an IP Address Automatically , Static IP Settings , PPPoE Settings , PPTP Settings , and Big Pond Settings . F or each WAN port, the factory default is DHCP . If your ISP does not use DHCP , select the correct connection method and configure the c[...]

  • Page 83

    83 and enter your primary and secondary DNS . RIP: T o activate RIP , select Send , Recei ve , or Both from the drop down menu. T o disable RIP , select Disa ble from the drop down menu. MTU: Enter the Max imum T ransmission Unit (MTU) f or your network. Network Address T ranslation: Enables or Di sables the NA T function. T o apply this interface [...]

  • Page 84

    84 would like to use router mode, you have to input the packet filter rules you wo uld like to forward in Configuration -> Firewall -> Packet filter Click Apply to save y our changes. T o reset to defaul ts, click Reset . 4.4.2.1.3 PPPoE Username: Enter your user name. Password : Enter your password. Re type Pas sword: R etype yo ur password.[...]

  • Page 85

    85 MAC Address: If your ISP requ ires you to input a WAN Ethern et MAC, check the checkbox and enter your MA C address in the blanks below . Candidates: Y o u can also select the MAC address from the list in the Candidat es. DNS: If your ISP requires you to manu ally setup DNS setting s, check the checkbox and enter your primary and secondary DNS .[...]

  • Page 86

    86 PPTP Client IP Gateway: Ent er the PPTP Client IP Gateway provided by your ISP . PPTP Server IP: E nter the PPTP Serv er IP provided by your ISP . Connection: Select w hethe r the connection should Always Con nect or Trigger on Demand . If yo u want the router to establi sh a PPTP session when star ting up and to automatically re-establish the P[...]

  • Page 87

    87 Username: Enter your user name. Password : Enter your password. Re type Pas sword: R etype yo ur password. Login Server: Enter the IP of the Lo gin server provided by your ISP . MAC Address: If your ISP requ ires you to input a WAN Ethern et MAC, check the checkbox and enter your MA C address in the blanks below . Candidates: Y o u can also sele[...]

  • Page 88

    88 bandwidth for each WA N port. W AN1: Enter yo ur ISP inbound a nd outbound b andwidth for W AN1. W AN2: Enter yo ur ISP inbound a nd outbound b andwidth for W AN2. NO TE: These values entered here are refe renced by both QoS and Load Balancing functions. 4.4.2.3 WAN IP Alias WAN IP Alias allows you to input addition al WAN IP addresses. W AN IP [...]

  • Page 89

    89 Name: Please input the name of the rule. IP Address: Please input the additional W AN IP address you would lik e to use. Interface: Please select th e W AN Interface that you would like to add the additional WAN I P t o. Click the Apply button to add the configur ation into the W AN IP Alias. 4.4.3 Dual WAN In this section, you can setup the fai[...]

  • Page 90

    90 Mode: Y ou can select L oad Balance or F a il Over . Service Detection: En ables or disables the service detection feature. For fail over , the service detection fun ction is enabled. For load balance, user is able to enable or disable it. Connectivity Decisi on: Establishes the num ber of times probing the connection has to fail before the conn[...]

  • Page 91

    91 Outbound Load Balancing on BiGuard 30 can be based on one of two methods: 1. By session mechanism 2. By IP address hash mechanism Choose one by clicking the corresponding r adio button. Based on Session Mechanism: The source IP address and destination IP address might go through WAN1 or W AN2 according to policy settings in this mechanism. Y ou [...]

  • Page 92

    92 authenticate the source IP addres s. Balance by weight of lin k capacity: Uses an IP hash to balance tr affic based on weight of link ba ndwidth capaci ty . Balance by weight: U ses an IP hash to bal ance traffi c based on a r atio . Enter the desired ra tio into the blanks pro vided. Click Apply to save your c hanges. 4.4.3.3 Inbound Load Balan[...]

  • Page 93

    93 SOA: Domain Name: The domain name of DNS Server 1. It is the name that you register on DNS organizat ion. Y ou have to fill-out the Fu lly Qualified Do main Name (FQDN) with an ending character (a dot) for this text fiel d.(ex:abc.com.).When y ou enter the follow ing domain name, you can only inpu t different chars with out an ending dot, its na[...]

  • Page 94

    94 T o edit t he Host Mapping URL list, click Edit . This w ill open the Host Mapping URL table, which lists the c urrent Host Mapping UR Ls. T o add a host mapping URL to the list, click Create . Domain Name: The domain name of the local host. Host URL: The URL to be mapped. Private IP Address: The IP address of the local host. Helper: Y ou could [...]

  • Page 95

    95 Port R ange: The port r ange of all incomi ng packets are accepted and processed by a local host with the specif ied private IP address. Candidates: Y o u can also select the Ca ndidates which are referred from t he ARP table for automatic input. Name1: The Alias Host URL Name2: The Alias Host URL Click Apply to save your c hanges. 4.4.3.4 Proto[...]

  • Page 96

    96 Interface: Choose which W AN port to use: W AN1, W AN2 Pack et T ype: The particular protocol of Internet traffic for the specified policy . Choose from TC P , UDP , or An y . Source IP R ange: All Source IP: Click it to specify all source IPs. Specified Source IP: Click to specify a sp ecific source IP address and source IP netmask. Source IP A[...]

  • Page 97

    97 4.4.4 System The System menu allows you to adjust a v ariety of basic router settings, upgr ade firmware, set up remote access, an d more. In this menu are the following sections: Time Zone , Remote Access , Firmware Upgrade , Backup /Res tore , Restart , Password , System Log an d E-mail Alert . 4.4.4.1 Time Zone BiGuard does not use an onboard[...]

  • Page 98

    98 Time Z one: Select Enab le or Disable this f unction. Local Time Z one(+-GMT Time): Please select the time zone that belongs to your area. NTP Server Address: Please input the NTP serv er address you would lik e to use. Daylight Sa ving: T o hav e BiGuard 30 automaticall y adjust for Dayli ght Savings Time, please check the Automatic checkbo x. [...]

  • Page 99

    99 Allow Re mote Access By: Everyone: Please check if you allow any IP addresses for the remote user to access. Only the PC: Please specify the IP A ddress that is allowed to access. PC from the subnet: Please specify th e subnet that is allowed t o access. 4.4.4.3 Firmware Upgrade Upgrading y our BiGuard 30’ s firmw are is a quick and easy way t[...]

  • Page 100

    100 functionality , better reliability , and ensure trouble-f ree operation. T o upgrade your firmware, simpl y visit Billion’ s website ( http://www.billion.com ) and dow nload the latest firmware image file for BiGu ard 30. Next, click Browse and select the newly downloaded firmw are file. Click Upgrade to complete the update. NOTE: DO NO T pow[...]

  • Page 101

    101 T o rest ore a previously saved backup file, cl ick Browse . Y ou will be prompted to select a file from yo ur PC to restore. Be su re to only restore setti ng files that ha ve been genera ted by the Backup function, a n d that were created when using the same firmware version. Setting s files saved to your PC should not be manually edited in a[...]

  • Page 102

    102 In order to prevent unauth orized access to your router ’ s configuration interface, it requires the admini strator to l ogin with a password. Y ou can change your pass word by entering your new password in both fields. Click Apply to save your c hanges. Click Reset to reset to the defaul t administr ation passwor d (admin). 4.4.4.7 System Lo[...]

  • Page 103

    103 activity . T o enable this functi on, select the Enable r adio button and enter your Syslog server IP addres s in the Log Server IP Address field. Click Apply to save your changes. T o disable this featur e, simply select the Disable r adio button and click Apply . 4.4.4.8 E-mail Alert The Email Alert function allows a log of se curity-related [...]

  • Page 104

    104 the five options: Immediately: The router will send an alert immediat ely . Hourly: The router will send an alert once ev ery hour . Daily: T h e r o u t e r w i l l s e n d a n a l e r t o n c e a day . The exact time can be specified using the pu ll down menu. Weekly: The router will send an alert once a week. When log is full: The router wil[...]

  • Page 105

    105 The Pack et Filter function is used to limit user access to ce rtain sites on the Internet or LAN. The Filt er T able displays all current filter ru les. If there is an ent ry in the Filter T ab le, you can click Edit to modify the setting of th is entry , click Delete to remove this entry , or click Move to change this entry’ s priority . Wh[...]

  • Page 106

    106 applications accessing your local n etwork from the In ternet. Outgoin g P acket Filter rules prevent unauthorized computers or a pplications accessing the Internet. Select if the new filter ru le is incoming or outgoin g. Source IP: Select An y , Subnet , IP Range or Single Address . Starting IP Address: Enter the source IP or starting source [...]

  • Page 107

    107 The URL Filter is a powerful t ool that can be used to limit access to certain URLs on the Internet. Y ou can block we b sites based on k eywords or even block out an e ntire domain. Certain web features ca n also be blocked to gr ant added security to your network. URL Filtering: Y ou can choose to Enable or Disable this feature. K eyword Filt[...]

  • Page 108

    108 Domains Filtering: Click the top checkb ox to enable this feature. Y ou can also choose to disable all web tr affic except for tr usted sites by clicking the bottom checkbox. T o edit t he list of filtered domain s, click Details. Enter a domain and select whether this domain is trusted or forbidden w ith the pull-down menu. Next, click Apply .[...]

  • Page 109

    109 Enter a name for the IP Address and then enter the I P address itself . Click Ap ply to save your changes. The IP address will be ent ered into the Exception List, an d excluded from the URL f iltering rules in effect. 4.4.5.3 LAN MAC Filter LAN Mac Filter can decide that BiGuard will serve those dev ices at LAN side or not by MAC Address. Defa[...]

  • Page 110

    11 0 Create: Y ou can also input a specified MAC Add ress to be dropped or F orward without depending on the default rule. Rule: Enable or disable this ent ry . Action When Matched: Select to Drop or For ward the packet specified in this filter entry . MAC Address: The MAC Address you would like to apply . Candidates: Y ou can also select the Candi[...]

  • Page 111

    111 Blocking W AN requests is one w ay to prev ent DDOS attac ks by preve nting ping requests from the Internet . Use t his menu to enable or di sable function. 4.4.5.5 Intrusion Detection Intrusion Detection can prevent most common DoS attacks from the Internet or from LAN users. Intrusion Detection : Enable or disable this function. Intrusion Log[...]

  • Page 112

    11 2 Limit Maximum sessions per IP to (with reject an d dr op opti ons ): Jus t like the previous option, this option expands on w hat to do with additional sessions above the maximum limit. Y ou can either rej e ct the additional se ssions for a period of time or just drop all packets from those sessions for a period of time. 4.4.6 VPN VPN is a wa[...]

  • Page 113

    11 3 Connection Name: A user-defin ed name for the connection. Interface: Select t he interface the IP Sec tunnel will apply to. WAN1: Select interface WAN1 WAN2: Select interface WAN2 Auto: The devi ce will automatically apply t he tunnel to W AN1 or W AN 2 depending on which WAN interface is active when the IPSec tunn el is being established. Not[...]

  • Page 114

    11 4 Secure Gateway Address (or Domain Name ): The IP address or hostname of the remote VPN gatewa y . Re mote Network: The subnet of the remote network. Allows y ou to enter an IP address and netmask. Back: Back to the Previous page. Next: Go to the next page. (2)LAN to Mobile LAN: BiGuard would lik e to establish an IPSec VPN tunnel with remote r[...]

  • Page 115

    11 5 Re mote Identifier: The Identifi er of the remote gatewa y . According to the input value, the ID type will be auto-defi ned as IP Address, FQDN(DNS) or FQ UN(E-mail). Re mote Network: The subnet of the remote network. Allows y ou to enter an IP address and netmask. Back: Back to the Previous page. Next: Go to the next page. (3)LAN to Host: Bi[...]

  • Page 116

    11 6 remote VPN device that is connected and establishes a VPN tunnel. Back: Back to the Previous page. Next: Go to the next page. (4)LAN to Mobile Host: BiGuard would lik e to establish an IPSec VP N tunnel with remote client software using Dynamic In ternet IP by using aggressive mode. Re mote Identifier: The Identifi er of the remote gatewa y . [...]

  • Page 117

    11 7 VPN Client IP Address: The VPN C lient Address for BiGuard VPN Client, this value will be applied on both remote I D and Remote Network as single address. Back: Back to the Previous page. Next: Go to the next page. After your confi gurati on is done, yo u will see a Configuration Summary . Back: Back to the Previous page. Done: Click Done to a[...]

  • Page 118

    11 8 4.4.6.1.2 IPSec Policy Click Create to create a new IPSec VPN connection account. Configuring a New VPN Connection[...]

  • Page 119

    11 9 Connection Name: A user-defin ed name for the connection. T unnel: Select Enable to activate this tunnel. Sel ect Disable to deacti vate this tunnel. Interface: Select t he interface the IP Sec tunnel will apply to. WAN1: Select interface WAN1 WAN2: Select interface WAN2 Auto: The devi ce will automatically apply t he tunnel to W AN1 or W AN 2[...]

  • Page 120

    120 interface if Aut o is selected. Local: This section configures t he local host. ID: This is the ident ity type of th e local router or host. Choose from the following four options: WAN IP Add ress: Automatically use the current W AN Address as ID . IP Address: Use an IP address format. FQDN DNS(Fully Qualified Domain Name): Consists of a hostna[...]

  • Page 121

    121 Any Local Address: Will enable any local address on the netw ork. Subnet: The subnet of the remote network. Selectin g this option allows you to enter an IP address and netmask. IP Ra nge: The IP Ra ng e of the remote netw ork. Single Address: The IP address of the remote host. Gateway Address: The gatewa y address of the remote host. Proposal:[...]

  • Page 122

    122 negotiation time. Diff ie-Hellman is a public-key cryptography protocol that allows two parties to establish a shar ed secret ov er the Internet. Pre-shared K ey: This is for the Intern et K ey Exchange (IKE) protocol. IKE is used to establi sh a shared security pol icy and authenticated k eys for services (suc h as IPSec) that require a key . [...]

  • Page 123

    123 Local Subnet: Displays I P address and subnet of the local network. Re mote Subnet: Displays IP address and subnet of the remote netw ork. Re mote Gateway: This is the I P address or Domain Name of the remote VPN device that is connected and has an es tablished IPSec tunnel . IPSec Proposal: This is the se lected IPSec security method. 4.4.6.2 [...]

  • Page 124

    124 Connection Name: A user-defin ed name for the connection. T unnel: Select Enable to activate this tunnel. Sel ect Disable to deacti vate this tunnel. Username: Please input the userna me for this account. Password : Please input the password for this account. Re type Pass word: Please repeat the same password as pr evious field. Connection T y [...]

  • Page 125

    125 The first menu screen gives you an overview of which WAN ports currently have QoS active, and the bandwidth settings for each. WA N1 Outbound: QoS Function: QoS status for W AN1 outbound. Select Enable to activ ate QoS for W AN1’ s outgoi ng traffi c. Select Dis able to deacti vate. Max ISP Bandwidth: The maximum bandwidth afforded by the ISP[...]

  • Page 126

    126 Creating a New QoS Rule T o get started using QoS, you will need t o establish QoS rules. These rules tell BiGuard 30 how to handl e both incoming and outgoi ng tr affic. The followi ng example shows you how to configure WAN1 Outbound QoS. Configuring t he other traffic types follows the same process. T o make a new ru le, click Rule T able. Th[...]

  • Page 127

    127 Interface: The current tr affic t ype. This can be W AN1 (ou tbound, inbound) and W AN2 (outbound, i nbound). Application: User defined appli cation name for the current rule . Packet Type: The type of packet this ru le applies to . Choose from Any , TCP , UDP , or ICMP . Guarantee d: The guar anteed amount of bandwidth for this rule as a perce[...]

  • Page 128

    128 Helper: Y ou could also select the application ty pe you would like to apply for automatic input. Click Apply to save your c hanges. For MAC Address: Source MAC Addre ss: The source MAC Address of the de vice this rule applies to. Candidates: Y ou can also select the Candidates whi ch are referred from the ARP table for automatic input. Source [...]

  • Page 129

    129 ports to the PC on your netw ork running th e application. Y ou will also need to us e port forwarding if you want to host an onlin e game server . The reason for this is t hat when using NA T , your publicly accessible IP address will be used by and point to your router , which then needs to deliver all t raffic to the private IP addresses use[...]

  • Page 130

    130 table for automatic input. Select the Apply button to ap ply your change s. 4.4.8.2 Port Forwarding Table Because NA T can act as a "natural" Internet firewall, your router protect s your network from being accessed by outside user s, as all incoming connecti on attempts will point to your router u nless you specifically create Virtua[...]

  • Page 131

    131 Application: User defined appli cation name for the current rule . Helper: Y ou could also select the application ty pe you would like to apply for automatic input. Protocol type: please select protocol type External Port: Enter the port number of the service that will be sent to the Internal IP address. Redirect Port: Enter a new port number f[...]

  • Page 132

    132 advantage of the more adv anced featur es of BiGuard 30. Users who do not understand the features shoul d not attempt to r econfigure their router , unless advised to do so by support sta ff . There are five items within the Adv anced section: Static Route , Dynamic DNS , Device Management , IGMP and VLAN Bridge . 4.4.9.1 Static Route The stati[...]

  • Page 133

    133 Rule: Sele ct Enable to activ ate this rule , Disable to deactiv ate this rul e. Destination: This is the destination subnet IP address. Netmask: This is the subnet mask of the destination IP addresses base d on above destination subn et IP . Gateway: This is the gatewa y IP address to which pack ets are to be forwarded. Interface: Select the i[...]

  • Page 134

    134 Y ou will first need t o register and establish an account with the Dyn amic DNS provider using their website, Example: DYNDNS http://www .dyndns.org/ (BiGuard 30 supports sever al Dynamic DNS providers , su ch as w ww .dynd ns.org , www .orgdns.org , www .dhs.org , www .dyns.cx , www .3domain.hk , www .dyndn s.org , www .3322.org ) Dynamic DNS[...]

  • Page 135

    135 4.4.9.3 Device Management The Device Management Advan ced Configur ation settings allow you t o control your router’s security options and device monitoring features . Device Name Name: Enter a name for this device. Web Server Settings HTTP Port: This is the port number the ro uter’ s embedded web server (for web-based configuration) will u[...]

  • Page 136

    136 SNMP Function: Select Enable to activ ate this functi on, Disabl e to deactiv ate this function. SNMP V1 and V2 Read Community: In put the string for R ead community to match y our SNMP software. Write Community: Input the string for W rite community to match your SN MP software. Trap Community: Input the string for T rap community to match yo [...]

  • Page 137

    137 Click Apply to apply this f unc tion, and please note that the setting will become effective after y ou save to flash and restart th e router . 4.4.9.5 VLAN Bridge This section allows you to create VLAN group and specify th e member. VLAN Mode : Select Disable to disable VLAN mode, select Bridge M ode to use VLAN Bridge function and sel ect Tag[...]

  • Page 138

    138 Tagged Member port( s): Please check the interface th at y ou would lik e to use in this VLAN ID group. Untagged Member port(s): Please check the interface that you would like to use in this VLAN ID group. Click Apply to add this rule. 4.5 Save Configuration To Flash After changing the router’s configuration settings, you must save all of the[...]

  • Page 139

    139 Chapter 5: Troubleshooting 5.1 Basic Functionality This section deals with issues regarding your BiGuard 30’ s basic functions. 5.1.1 Router Won’t Turn O n If the Po wer and other LEDs fai l to ligh t when y our BiGuard 30 is turned on: - Make sure that the power cord is properly connected to your firewa ll and that the power supply adapter[...]

  • Page 140

    140 or workstation. - Make sure that power is tur ned on to the connected hub or worksta tion. - Be sure you are using the correct cable. When connecting the firew all’ s Internet port to a cable or DSL modem, use the cabl e that w as supplied with the cable or DSL modem. This cable could be a standard str aight -through Ethernet cable or an Ethe[...]

  • Page 141

    141 - Check the 10/100 LAN LEDs on BiGuard 30’ s front panel. One of these LEDs should be on. If they are both off , check the ca bles between BiGuard 30 and the hub or PC. - Check the correspondi ng LAN LEDs on y our PC’ s Ethernet device are on. - Make sure that driver softw are for your PC’ s Ethernet adapter and T CP/IP software is correc[...]

  • Page 142

    142 3. Make sur e that the Delete All O ffline Content checkbo x is checked, and click OK . 4. Click OK under Internet Options to close the dialogue. - In Windows, type ar p –d at the command p rompt to clear you computer’ s ARP table.[...]

  • Page 143

    143 5.2.3.1 Pop-up Windows T o use the W eb Configuration Inte rface, you n eed to disable pop-up blocki ng. Y ou can either disable pop-up blocking, whic h is enabled by default in Windows X P Service Pack 2, or create an ex cept ion for your BiGuard 30’ s IP address. Disabling All Pop-ups In Internet Explorer , select Tools > Pop-up Blocker [...]

  • Page 144

    144 3. Under Scripting , check to see if Active scripting is set to Enable . 4. Ensure that Scripting o f J ava applets i s set to Enabl ed . 5. Click OK to close the dialogue. 5.2.3.3 Java Permissions The following Java P ermissions should also be given for the W eb Configuration Interface to display properl y: 1. In Internet Explorer , click Tool[...]

  • Page 145

    145 4. Click OK to close the dialogue. NOTE: If Jav a from Sun Microsystems is installed, scroll d own to Java (Sun) and ensure that the ch eckbox is filled. 5.3 WAN Interface If you are ha ving problems with the W AN Interface, refer to the tips bel ow . 5.3.1 Can’t Get WAN IP Ad dress from the ISP If the W AN IP address cannot be o btained from[...]

  • Page 146

    146 4. Check to see that the WA N port is properly connected to the ISP . If a Connected by (x) where (x) is yo ur connection method is not shown, your ro uter has not successfully obtained an IP address from your ISP . If an IP address cannot be obtained: 1. T u rn off the power to yo ur cable or DSL modem. 2. T urn off the power to your BiGuard 3[...]

  • Page 147

    147 If an IP address can be obtained, but yo ur PC cannot load an y web pages from the Internet: - Y our PC may not recognize DNS s erver addresses. Confi gure your PC manually with DNS addresses. - Y our PC may not hav e the router correctly confi gured as its T CP/IP ga teway . 5.5 Problems with Date and Time If the date and time is not being dis[...]

  • Page 148

    148 Appendix A: Product Specifications Availability and Resilience - Dual- W AN ports - Load balancing for increased bandwi dth o f inbound and outbound tr affic - Automatic failo ver to redirect the pa cket whe n one broadband conne ction is broken. It will k eep your Internet connectio n alwa ys online whenever one connection should fail. Virtual[...]

  • Page 149

    149 Firewall - Stateful P acket Inspe ction (SPI) and Denial of Service ( DoS) prevention - Pack et filter un- permitted inbound (W AN)/I nbound (LAN) Internet access by IP addre ss, port number and packet type - Email alert and logs of attack - MAC Address Filterin g - Intrusion detecti on Content Filtering - URL Filter settings prevent user acce [...]

  • Page 150

    150 Physical Interface Ethernet W AN 2 ports (10/100 Base- T), support Auto- Crossover (MDI/MDIX) Ethernet LAN 8 ports (10/100 Base- T) swit ch support Auto- Crossover (MDI/MDIX) Physical Specifications Dimensions: 18.98" x 6.54" x 1 .77" (482mm x 166 mm x 45mm, with Br acket) 9.84" x 6.54" x 1.38" (250mm x 166 mm x 35[...]

  • Page 151

    151 Appendix B: Customer Support Most problems can be solved by referring to the T roubleshooting section in the User’s Manual. If you cannot resolve the problem w ith the T roubleshootin g chapter , please contact the dealer wher e yo u purchased this prod uct. Contact Billion Wo r l d w i d e http://www.billion.com/[...]

  • Page 152

    152 Appendix C: FCC Interference Statement This device complies with Part 15 of FCC rules. Operation is subject to the follow ing two condition s: - This device may not c ause harmful interference. - This device must accept any interference received, includin g interference th at may cause undesired oper ations. This equipment has been tested and f[...]

  • Page 153

    153 Appendix D: Network, Routing, and Firewall Basics D.1 Network Basics D.1.1 IP Addresses With the number of T CP/IP networks interconne cted across the globe, ensuring that transmitted data reaches the corre ct dest ination requires each computer on the Internet has a unique ident ifier . T his iden tifier is known as the IP address. The Interne[...]

  • Page 154

    154 back slash (/). F or example, a typica l Class C address could be written as 192.168.234.245/24, which means th at the net mask is 24 ones followed by 8 zeros. (11111111 11111111 11111111 00000000). D.1.1.2 Subnet Addressing Subnet addressing enables t he split of one IP network address into mu ltiple physical networks. These smaller networks a[...]

  • Page 155

    155 from these r anges. D.1.2 Network Address Translation (NAT) T raditionally , mult iple PCs that needed simult aneous Intern et access also required a range of IP addresses from the Internet Se rvice Provider (ISP). Not on ly was this method very costly , but t he number of available IP addresses for PCs is limited. Instead, BiGuard 30 uses a ty[...]

  • Page 156

    156 D.2 Router Basics D.2.1 What is a Router? A router is a device that forw ards da ta packets along netwo rks. A router is connected to at least two net works. Usua lly , th is is a LAN and a WAN that is connected to an ISP network. R outers ar e located at gateways, the places where two or more networks connect. R outers use headers and forwardi[...]

  • Page 157

    157 D.3 Firewall Basics D.3.1 What is a Firewall? Firewalls prevent un authoriz ed Internet users from accessing private networks connected to the Internet. All messages entering or leaving the int ranet pass through the fi rewall, whi ch examines each message and blocks those that do not meet the specified security criteria. With the functionality[...]

  • Page 158

    158 D.3.2 Why Use a Firewall? With a LAN connected to the Internet throug h a router , there is a chance for hackers to access or disrupt your networ k. A simp le NA T router provides a basic level of protection by sh ielding your network from the out side Internet . Still, there are ways for more dedicated hackers to ei ther obtain informati on ab[...]

  • Page 159

    159 Appendix E: Virtual Private Networking E.1 What is a VPN? A Virtual Private Network (VPN ) is a shared network where private data is segmented from other tr affic so that only the intended recipi ent has a ccess. It allows organizations to securely tr ansm it data over a publ ic medium like the Internet. VPNs utilize tunnels , which allow data [...]

  • Page 160

    160 data authentication, inte grity , and confidentialit y as data is tr ansferred across IP networks. IPSec provides data security at the IP packet level, and protects against possible security risks by pr otecting data. IPSec is widely used to esta blish VPNs. There are three major functions of IPSec: - Confidentiali ty: Conce als data through e [...]

  • Page 161

    161 E.2.1.2 Encapsulating Security Payload (ESP) Encapsulating Security P ayload (ESP) pro vid es privacy for data through encryption. An encryption algorithm combi nes the data with a k ey to encrypt it. It then repackages the data using a speci al format, and tr ansmits it to the desti nation. The receiver then decrypts the data usi ng the same a[...]

  • Page 162

    162 E.2.1.3 Security Associations (SA) Security Associations are a on e-way relationships between sender and receiver th at specify IPSec-related parameters. They provide data protection by using the defined IPSec protocols, and allow organizati ons to control according to the security policy in effect, wh ich resour ces may communicate securely . [...]

  • Page 163

    163 T ransport Mode - This mode is used to provide data se cu rity between tw o networks. It provides protection for the entire IP packet and is sent by adding an outer IP header corresponding to the two tu nnel end-points. Since tunnel mode hides the original IP header , it provides security of the ne tworks with private I P address space. E.2.3 T[...]

  • Page 164

    164 E.2.4 Tunnel Mode ESP Here is an example of a packet with ESP applied: E.2.5 Internet Key Exchange (IKE) Before either AH or ESP can be used, it is necessary for the two communication devices to exchange a secret key that the security prot ocols themselves will use. T o do this, IPSec uses Internet K ey Exchange (IKE) as a primary support proto[...]

  • Page 165

    165 encryption, and is more vulnerable to Denial of Service attack s. Phase II, known as Quick M ode, establishes symmetrical IPSec Security Associations for both AH and ESP . It do es this by negotiating IPSec parameters, exchange nonces to derive session k eys from the IKE shared secret, ex change DH values to generate a new key , and identify wh[...]

  • Page 166

    166 Appendix F: IPSec Logs and Events F.1 IPSec Log Event Categories There are three major categories of IPSe c Log Events for y our BiGuard 30. These include: 1. IKE Negotiate P acket Messages 2. Rejected IKE Messages 3. IKE Negotiated Status Messages The table in the follow ing section lists th e different events of each category , and provides a[...]

  • Page 167

    167 Send Main mode second response message of ISAKMP Sending the main mode second response message. Done to exchange key values. Received Main mode second response message of ISAKMP Received the main mode second response message. Done to exchange key values. Send Main mode third message of ISAKMP Sending the third message of main mode. Done for aut[...]

  • Page 168

    168 Received Quick mode first response message Received the first response message of quick mode (Phase II). Done to exchange proposal and key values (IPSec). Send Quick mode second message Sending the second message of quick mode (Phase II). Received Quick mode second message Received the second message of quick mode (Phase II). ISAKMP IKE Packet [...]

  • Page 169

    169 Received Delete SA payload: Deleting ISAKMP State ( integer ) (Main/Aggressive) mode peer ID is (identifier string) ISAKMP SA Established IPsec SA Established[...]

  • Page 170

    170 Appendix G: Bandwidth Management with QoS G.1 Overview In a home or office envi ronment, users cons tantly ha ve to transmi t data to and from the Internet. When too many are accessing the Internet at the same time, service can slow to a crawl, causing service interruption s and general frustration. Quality of Service (QoS) is one of the wa ys [...]

  • Page 171

    171 -Prioritizat ion: Assigns diff erent priority levels for diff erent applications, prioritizing traffic. Hi gh, Normal an d Low priority setting s. -Outbound and Inbound IP Throttling: Cont rols network tr affic and allows you to limit the speed of each application. -DiffServ T echnology: Manages priority queues and DSCP tagging through the Inte[...]

  • Page 172

    172 Application Data Ratio (%) Priority On-line games 30% High Skype 5% High Email 10% High FTP 20% Upload (High), Download (Normal) Other 35% G.4.2 Office Users QoS is also ideal for small businesses u sin g an office server as a web server . With QoS control, web pages served to y our customers can be given top priority and delivered first so tha[...]

  • Page 173

    173 Appendix H: Router Setup Examples H.1 Outbound Fa il Over Step 1: Go to Configur ation > WAN > ISP Settings . Select WAN1 and WAN2 and click Edit . Step 2: Configure WAN1 and WAN2 according to the information given by your ISP .[...]

  • Page 174

    174 Step 3: Go to Configur ation > Dual W AN > Gener al Settings. Select t he Fail Over radio butto n. Under Connectivity Decision , input the num ber of times BiGuard 30 should probe the WAN before deciding that the ISP is in service or not (3 by default). Next, input the dur ation of the probe cycl e (30 sec. by default) a nd choose the w a[...]

  • Page 175

    175 Please ensure the W AN ports are functioning by performing a ping oper ation on each before proceeding. Finally , choose whethe r or not BiGuard 30 should fail back to WAN 1 . Step 4: Click Save Config to save all changes to flash memory . H.2 Outbound Load Balancing With Outbound Load Balanci ng, you can impro ve upload p erformance by optimiz[...]

  • Page 176

    176 Step 2: Configure your WAN2 ISP settings and click Apply . Step 3: Go to Configuration > Dual WAN > Gener al Settings . Select the Load Balance radio button.[...]

  • Page 177

    177 Step 4: Go to Configur ation > Dual WAN > Outbound Load Balance . Choose the Load Balance mechanism you want and click Apply . Step 5: Complete. T o check tr affic stati stics, go to Status > Tr affic Stati s tics . Step 6: Click Save Config to save all changes to flash memory .[...]

  • Page 178

    178 H.3 Inbound Fail Over Configurin g your BiGuard 30 for Inbound Fail Over is a great way to ensure a more reliable connection for i ncoming requ ests. T o do so, follow these steps: NO TE: Before you begin, ensure that both W AN1 and W AN2 have been properly configured. See Chapter 4: Router Configuration for more details. Step 1: From the W eb [...]

  • Page 179

    179 Step 2: Configure F ail Over options if necessary . Step 3: Go to Configuration > Adva nced > Dynamic DNS . Set the WAN1 DDNS settings.[...]

  • Page 180

    180 Step 4: From the same menu, set the WAN2 DDNS settings. Step 5: Click Save Config to save all changes to flash memory .[...]

  • Page 181

    181 H.4 DNS Inbound Fail Over NO TE: Before proceeding, please ensure that both W AN1 and W AN2 are properly configured according to the sett ings provided by your ISP . If not, please refer to Chapter 4.2.2. 1 ISP Settings for details on h ow to configure your WAN ports. Step 1: Go to Configur ation > Dual WAN > General Settings . Select the[...]

  • Page 182

    182 Enable radio button an d configure DNS Server 1 by clicking Edit . Step 3: Input DNS Server 1 se ttings and click Ap ply . Step 4: Configure your Host URL Ma pping for DNS Server 1 by clicking Edit to enter the Host URL Mappings List. Click Create and input the settings for Host URL Mappings and click New .[...]

  • Page 183

    183 Step 5: Click Save Config to save all changes to flash memory . H.5 DNS Inbound Load Balancing Step 1: Go to Configuration > Dual WAN > General Settings . Select the Load Built-in DNS 192.168.2. 2 192.168.2. 3 FTP HTTP 200.200.200.1 www .m ydomain.com 200.200.200.1 Authoritative Domain Name Server 100.100.100.1 100.100.100.1 DNS Request D[...]

  • Page 184

    184 Balance radio button. Step 2: Go to Configur ation > Dual WAN > Inbound Load Balance > Server Settings and configur e DNS Server 1. Step 3: Go to Configuration > Dual WAN > Inbound Load Balance > Host URL[...]

  • Page 185

    185 Mapping and configur e your FTP mappi ng. Step 4: Next configure your HTTP mapping. Step 5: Click Save Config to save all changes to flash memory .[...]

  • Page 186

    186 H.6 Dynamic DNS Inbound Load Balancing Step 1: Go to Configuration > WAN > Bandwidth Settings. Configure your WA N inbound and outbound bandwidth. www.billion2.dyndns.org Remote Access from Internet www.billion3.dyndns.org www.billion3.dyndns.org www.billion2.dyndns.org 192.168.2.2 192.168.2.3 FTP HTTP[...]

  • Page 187

    187 Step 2: Go to Configuration > Dual WAN > General Settings and enable Load Balance mode. Y ou may then dec ide whether to enable Service Detection or not. Step 3: Go to Configur ation > Dual WA N > Outbound Load Balance . Choose your load balance policy and click Apply to apply your changes. If you selected Based on session mechanism[...]

  • Page 188

    188 Step 4: Go to Configuration > Ad vanced > Dynamic DN S and input the dynamic DNS settings for W AN1 and W AN2. WAN 1 :[...]

  • Page 189

    189 WAN 2: Step 5: Go to Configuration > Virtual Se rver and set up a virtual server for both FTP a n d H T TP .[...]

  • Page 190

    190 Step 6: Click Save Config to save all changes to flash memory . H.7 VPN Configuration This section outlin es some concrete examples on how you can co nfigure BiGuard 30 for your VPN. H.7.1 LAN to LAN [[...]

  • Page 191

    191 Branch Office Head Office Local ID IP Address IP Address Data 69.121.1.30 69.121.1.3 Network Any Local Address Any Local Address IP Address 192.168.0.0 192.168.1.0 Netmask 255.255.255.0 255.255.255.0 Remote Secure Gateway Address(or Hostname) 69.121.1.3 69.121.1.30 ID IP Address IP Address Data 69.121.1.3 69.121.1.30 Network Subnet Subnet IP Ad[...]

  • Page 192

    192 H.7.2 Host to LAN Single client Head Office Local ID IP Address IP Address Data 69.121.1.30 69.121.1.3 Network Any Local Address Any Local Address IP Address 0.0.0.0 192.168.1.0 Netmask 0.0.0.0 255.255.255.0 Remote Secure Gateway Address(or Hostname) 69.121.1.3 69.121.1.30 ID IP Address IP Address Data 69.121.1.3 69.121.1.30[...]

  • Page 193

    193 Network Subnet Single Address IP Address 192.168.1.0 69.121.1.30 Netmask 255.255.255.0 255.255.255.255 Proposal IKE Pre-shared Key 12345678 12345678 Security Algorithm Main Mode; ESP: MD5 3DES PFS Main ESP MD5 3DES PFS H.8 IP Sec Fail Over (Gateway to Gateway) Before Fail Over After Fail Over 192.168.2.x 192.168.2.x 200.200.200.1 200.200.200.1 [...]

  • Page 194

    194 Step 1: Go to Configuration > Dual WAN > General Settings . Enable F a il Over by selecting the Fail Over radio button. Then, configure your F ail Over policy . Step 2: Go to Configur ation > Advanced > Dy namic DNS and configure your dynamic DNS settings (Both W AN1 and W AN2).[...]

  • Page 195

    195 Step 3: Go to Configur ation > VPN > IPSec > IPSec Policy . Click Create to configure VPN settings. Step 4: Click Save Config to save all changes to flash memory . T o configure BiGuard 10 gateway , refer to the screenshot below .[...]

  • Page 196

    196 H.9 VPN Concentrator Step 1: Go to Configur ation > VPN > IPSec > IPSec Policy and confi gure the link from BiGuard 30 to BiGuard 10 Br anch A. 100.100.100. 1 200.200.200. 1 192.168.2.x 192.168.3.x 201.201.201. 1 192.168.4.x Local ID T ype: Subnet Local subnet: 0. 0. 0.0 Local mask: 0. 0.0.0 Remote ID T ype: Subn et Remote subnet : 192[...]

  • Page 197

    197 Step 2: Go to Configur ation > VPN > IPSec > IPSec Policy and confi gure the link from BiGuard 30 to BiGuard 10 Br anch B. Step 3: Go to Configur ation > VPN > IPSec > IPSec Policy and confi gure the connection from BiGuard 10 Branch A to BiGuard 30.[...]

  • Page 198

    198 Step 4: Go to Configur ation > VPN > IPSec > IPSec Policy and confi gure the connection from BiGuard 10 Branch B to BiGuard 30. Step 5: Click Save Config to save all changes to flash memory . H.10 Protocol Binding Step 1: Go to Configuration > Dual WAN > General Settings. Select the Load Balancing radio butto n.[...]

  • Page 199

    199 Step 2: Go to Configur ation > Dual WA N > Protocol Binding and configure settings for WA N1. Step 3: Go to Configur ation > Dual WA N > Protocol Binding and configure settings for WA N2. Step 4: Click Save Config to save all changes to flash memory .[...]

  • Page 200

    200 H.11 Intrusion Detection Intrusion Detection on Internet Internet Detected! Dropped BiGuard Safe!! Server Safe!! Hacker DoS Attack DoS Attack Hacker Hacker DoS Attack DoS Attack Step 1: Go to Configur ation > Firewall > Intrusion Detection and Enable th e settings. Step 2: Click Apply and then Save Config to sa ve all changes to flash mem[...]

  • Page 201

    201 Step1: Go to Configuration > VP N > PPTP and Enable the PPTP f unction, Click Apply . Step2: Click Create to create a PPTP Account. Step3: Click Apply , you can see the account is successfully created.[...]

  • Page 202

    202 Step4: Click Save Config to save all changes to flash me mory . Step5: In Windows XP , go Start > Settings > Network Connections .[...]

  • Page 203

    203 Step6: In Netwo rk T asks , Click Create a new connection , and press Next. Step7: Select Connect to the net work at my workplac e and press Next .[...]

  • Page 204

    204 Step8: Select Virtual Private Netw ork connection and press Next . Step9: Input the user-defined na m e for this connection and press Next .[...]

  • Page 205

    205 Step10: Input PPTP Server Address and press Next . Step11: Please press Finish .[...]

  • Page 206

    206 Step12: Double cl ick the connection, a nd input Username and Passwor d that defined in BiGuard PPTP Account Settings . PS. Y ou can also refer the Properties > Security page as below , by default.[...]

  • Page 207

    207 H.13 PPTP Remote Access by BiGuard Internet Internet Internet Internet 100. 10 0.10 0.1 Headquarter BiGuard &PPTP S erver PPTP Tunnel Branch Office 200.200.200.1 BiGuard &PPTP Client Local s ubnet: 192.168.30.0 Local mask : 255.255.255.0 Step1: Go to Configuration > VP N > PPTP and Enable the PPTP function, Dis able the Encryption[...]

  • Page 208

    208 Step2: Click Create to create a PPTP Account. Step3: Click Apply , you can see the account is successfully created. Step4: Click Save Config to save all changes to flash me mory .[...]

  • Page 209

    209 Step5: In another BiGuard as Client, Go to Configur ation > WAN > ISP Settings . Step6: Click Apply , and Save CONFIG .[...]