Smc-networks SMCBR21VPN Uživatelský manuál

Barricade™Dual WAN Port Load Balancing VPN RouterSMCBR21VPN

9• Das Gerät muß an eine geerdete Steckdose angeschlossen werden, welche die internationalen Sicherheitsnormen erfüllt. • Der Gerätestecker (der An

99We set up four Authentication examples in this chapter: No Suitable Situation Example PageEx1 Auth User Auth Group Setting specific users to conn

100Example Setting specific users to connect with external network only before passing the authentication of policy. （Adopt the built-in Auth User an

101STEP 2﹒Add Auth User Group Setting in Authentication function and enter the following settings:  Click New Entry  Name: Enter laboratory  Sel

102STEP 3﹒Add a policy in Outgoing Policy and input the Address and Authentication of STEP 2 (Figure8-6, 8-7) Figure8-6 Auth-User Poli

103STEP 4﹒When user is going to access to Internet through browser, the authentication UI will appear in Browser. After entering the correct user nam

104Chapter 9 Content Blocking Content Filtering Content Filtering includes「URL」,「Script」,「P2P」,「IM」,「Download」. 【URL Blocking】： The administrator

105Define the required fields of Content Blocking URL String:  The domain name that restricts to enter or only allow entering. Popup Blocking:

106Sub-name file Blocking:  Prevent users to deliver specific sub-name file by http All Type:  Prevent users to send the Audio, Video types,

107We set up five Content Blocking examples in this chapter: No Suitable Situation Example PageEx1 URL Blocking Restrict the Internal Users only c

108URL Restrict the Internal Users only can access to some specific Website URL Blocking: Symbol: ～ means open up; ＊ means metacharacter Restri

10 Warnings and Cautionary Messages Warning: This product does not contain any serviceable user parts. Warning: Installation and removal of the unit

109STEP 1﹒Enter the following in URL of Content Filtering function:  Click New Entry  URL String: Enter ~yahoo, and click OK  Click New Entry 

110STEP 2﹒Add a Outgoing Policy and use in Content Blocking function: (Figure9-2) Figure9-2 URL Blocking Policy Setting STEP 3﹒Complet

111SCRIPT Restrict the Internal Users to access to Script file of Website STEP 1﹒Select the following data in Script of Content Blocking function: 

112STEP 2﹒Add a new Outgoing Policy and use in Content Blocking function: (Figure9-5) Figure9-5 New Policy of Script Blocking Setting

113 Download Restrict the Internal Users to access to video, audio, and some specific sub-name file from http or ftp protocol directly STEP 1﹒Enter

114STEP 2﹒Add a new Outgoing Policy and use in Content Blocking function: (Figure9-14) Figure9-14 Add New Download Blocking Policy Setti

115P2P / IM Limit internal user access internet resources by P2P software. Step1. In IM / P2P Blocking Æ Setting, add the following settings：  Click

116 Step2. In Policy Æ Outgoing, add one policy applied to P2P blocking setting.（Fig. 10-7） Fig. 10-7 Set the policy applied to P2P blocking

117Use P2P will seriously occupy network bandwidth and it can change its service port. So the MIS engineer not only set the service port in Service,

118Chapter 10 Virtual Server Virtual Server The real IP address provided from ISP is always not enough for all the users when the system manager ap

11Environmental Statement The manufacturer of this product endeavours to sustain an environmentally-friendly policy throughout the entire production

119In this chapter, we will have detailed introduction and instruction of Mapped IP and Server 1/2/3/4: Mapped IP: Because the Intranet is transferr

120Define the required fields of Virtual Server WAN IP：  WAN IP Address (Real IP Address) Map to Virtual IP：  Map the WAN Real IP Address into

121We set up four Virtual Server examples in this chapter: No. Suitable Situation Example PageEx1 Mapped IP Make a single server that provides sever

122Example Make a single server that provides several services such as FTP, Web, and Mail, to provide service by policy STEP 1﹒Setting a server that

123STEP 4﹒Group the services (DNS, FTP, HTTP, POP3, SMTP…) that provided and used by server in Service function. And add a new service group for serv

124STEP 7﹒Complete the setting of providing several services by mapped IP. (Figure10-6) Figure10-6 A Single Server that Provides Sev

125Make several servers that provide a single service, to provide service through policy by Virtual Server (Take Web service for example) STEP 1﹒Set

126STEP 2﹒Enter the following data in Server 1 of Virtual Server function:  Click the button next to Virtual Server Real IP (“click here to configu

127STEP 3﹒Add a new policy in Incoming Policy, which includes the virtual server, set by STEP2. (Figure10-9) Figure10-9 Complete Virtual Server P

128The external user use VoIP to connect with VoIP of LAN (VoIP Port: TCP 1720, TCP 15328-15333, UDP 15328-15333) STEP 1﹒Set up VoIP in LAN network,

12Audience The guide is intended for use by network administrators who are responsible for installing and setting up network equipment; consequently,

129STEP 4﹒Enter the following setting in Server1 of Virtual Server function:  Click the button next to Virtual Server Real IP (“click here to confi

130STEP 5﹒Add a new Incoming Policy, which includes the virtual server that set by STEP4: (Figure10-15) Figure10-15 Complete the Policy includes

131STEP 7﹒Complete the setting of the external/internal user using specific service to communicate with each other by Virtual Server. (Figure10-17)

132Make several servers that provide several same services, to provide service through policy by Virtual Server. (Take HTTP, POP3, SMTP, and DNS Grou

133STEP 3﹒Group the service of server in Custom of Service. Add a Service Group for server to send e-mail at the same time. (Figure10-20) Figure

134STEP 4﹒Enter the following data in Server1 of Virtual Server:  Click the button next to Virtual Server Real IP (“click here to configure”) in Se

135STEP 5﹒Add a new Incoming Policy, which includes the virtual server that set by STEP 3: (Figure10-23) Figure10-23 Complete Incoming Policy Set

136STEP 7﹒Complete the setting of providing several services by Virtual Server. (Figure10-25) Figure10-25 Complete the Setting of P

137Chapter 11 VPN VPN The SMC BR21VPN adopts VPN to set up safe and private network service. And combine the remote Authentication system in order

138Define the required fields of VPN: RSA:  A public-key cryptosystem for encryption and authentication. Preshared Key:  The IKE VPN must

13Contents CHAPTER 1 ADMINISTRATOR...16 ADMIN

139DES (Data Encryption Standard):  The Data Encryption Standard developed by IBM in 1977 is a 64-bit block encryption block cipher using a 56-bi

140Define the required fields of IPSec Function  To display the VPN connection status via icon。 Chart -- Meaning Not be applied Disconnect C

141Define the required fields of PPTP Server Function PPTP Server:  To select Enable or Disable Client IP Range:  Setting the IP addresses

142Define the required fields of PPTP Client Function  To display the VPN connection status via icon。 Chart -- Meaning Not be applied Discon

143Define the required fields of Tunnel Function  To display the VPN connection status via icon。 Chart -- Meaning Not be applied Disconnect

144We set up two VPN examples in this chapter: No. Suitable Situation Example Page Ex1 IPSec Autokey Setting IPSec VPN connection between two SMC BR

145Example Setting IPSec VPN connection between two SMC BR21VPN Preparation Company A WAN IP: 61.11.11.11 LAN IP: 192.168.10.X Company B WAN IP

146STEP 4﹒Select Preshare in Authentication Method and enter the Preshared Key (max: 100 bits) STEP 5﹒Select ISAKMP Algorithm in Encapsulation list.

147STEP 6﹒You can choose Data Encryption + Authentication or Authentication Only to communicate in IPSec Algorithm list: ENC Algorithm: 3DES/DES/AES/

148STEP 9﹒Enter the following setting in Tunnel of VPN function: (Figure11-13)  Enter a specific Tunnel Name.  From Source: Select LAN  From Sou

14CHAPTER 8 AUTHENTICATION...94 EXAMPLE...

149STEP 10﹒Enter the following setting in Outgoing Policy:(Figure11-15)  Authentication User: Select All_NET.  Schedule: Select Schedule_1.  QoS:

150STEP 11﹒Enter the following setting in Incoming Policy: (Figure11-17)  Schedule: Select Schedule_1.  QoS: Select QoS_1.  Tunnel: Select IPSec_V

151 The Default Gateway of Company B is the LAN IP of the SMC BR21VPN 192.168.20.1. Follow the steps below: STEP 1.Enter the following setting in Mu

152STEP 4.Select Remote Gateway-Fixed IP or Domain Name In To Destination list and enter the IP Address STEP 5.Select Preshare in Authentication Met

153STEP 7.You can choose Data Encryption + Authentication or Authentication Only to communicate in IPSec Algorithm list: ENC Algorithm: 3DES/DES/AES/

154STEP 10.Enter the following setting in Tunnel of VPN function: (Figure11-28)  Enter a specific Tunnel Name.  From Source: Select LAN  From So

155STEP 11.Enter the following setting in Outgoing Policy: (Figure11-30)  Authentication User: Select All_NET.  Schedule: Select Schedule_1.  QoS:

156STEP 12.Enter the following setting in Incoming Policy: (Figure11-32)  Schedule: Select Schedule_1.  QoS: Select QoS_1.  Tunnel: Select IPSec_V

157STEP 13.Complete IPSec VPN Connection. (Figure11-34) Figure 11-34 IPSec VPN Connection Deployment

158Setting PPTP VPN connection between two SMC BR21VPN Preparation Company A WAN IP: 61.11.11.11 LAN IP: 192.168.10.X Company B WAN IP: 211.22.

15CHAPTER 17 STATISTICS...238 WA N STA

159The Default Gateway of Company A is the LAN IP of the SMC BR21VPN 192.168.10.1. Follow the steps below: STEP 1.Enter PPTP Server of VPN function

160STEP 2.Add the following settings in PPTP Server of VPN function in the SMC BR21VPN of Company A:  Select New Entry. (Figure11-36)  User Name:

161STEP 3.Enter the following setting in Tunnel of VPN function: (Figure11-38)  Enter a specific Tunnel Name.  From Source: Select LAN  From Sou

162STEP 4.Enter the following setting in Outgoing Policy: (Figure11-40)  Authentication User: Select All_NET.  Schedule: Select Schedule_1.  QoS:

163STEP 5.Enter the following setting in Incoming Policy: (Figure11-42)  Schedule: Select Schedule_1.  QoS: Select QoS_1.  Tunnel: Select PPTP_VPN

164The Default Gateway of Company B is the LAN IP of the SMC BR21VPN 192.168.20.1. Follow the steps below: STEP 1.Add the following settings in PPTP

165STEP 2.Enter the following setting in Tunnel of VPN function: (Figure11-46)  Enter a specific Tunnel Name.  From Source: Select LAN  From Sou

166STEP 3.Enter the following setting in Outgoing Policy: (Figure11-48)  Authentication User: Select All_NET.  Schedule: Select Schedule_1.  QoS:

167STEP 4.Enter the following setting in Incoming Policy: (Figure11-50)  Schedule: Select Schedule_1.  QoS: Select QoS_1.  Tunnel: Select PPTP_Cli

168STEP 5.Complete PPTP VPN Connection. (Figure11-52) Figure 11-52 PPTP VPN Connection Deployment

16Chapter 1 Administrator Administration “System” is the managing of settings such as the privileges of packets that pass through the SMC BR21VPN a

169Chapter 12 Policy Policy Every packet has to be detected if it corresponds with Policy or not when it passes the SMC BR21VPN. When the conditions

170(4) LAN to DMZ: The source IP is in LAN network; the destination is in DMZ network. The system manager can set all the policy rules of LAN to DMZ

171Define the required fields of Policy Source and Destination:  Source IP and Destination IP is according to the SMC BR21VPN’s point of view. The

172Option:  To display if every function of Policy is enabled or not. If the function is enabled and then the chart of the function will appear (S

173 MAX. Concurrent Sessions:  Set the concurrent sessions that permitted by policy. And if the sessions exceed the setting value, the surplus conn

174We set up six Policy examples in this chapter: No. Suitable Situation Example PageEx1 Outgoing Set up the policy that can monitor the internal us

175Example Set up the policy that can monitor the internal users. (Take Logging, Statistics, and Alarm Threshold for example) STEP 1﹒Enter the follo

176STEP 2﹒Complete the setting of Logging, Statistics, and Alarm Threshold in Outgoing Policy: (Figure12-2) Figure12-2 Complete Policy Setting STE

177STEP 4﹒To display the traffic record that through Policy to access to Internet in Policy Statistics of Statistics function. (Figure12-4) Figure1

178Forbid the users to access to specific network. (Take specific WAN IP and Content Blocking for example) STEP 1﹒Enter the following setting in UR

17Define the required fields of Administrator Administrator Name:  The username of Administrators and Sub Administrator for the SMC BR21VPN. The

179Figure12-8 IM Blocking Setting Figure12-9 Download Blocking Setting 1. URL Blocking can restrict the Internal Users only can access to some spe

180STEP 2﹒Enter as following in WAN and WAN Group of Address function: (Figure12-10, 12-11) Figure12-10 Setting the WAN IP that going to block Fi

181STEP 3﹒Enter the following setting in Outgoing Policy:  Click New Entry  Destination Address: Select Romote_Group that set by  STEP 2. (Blo

182STEP 4﹒Enter the following setting in Outgoing Policy:  Click New Entry  Select Content Blocking & IM / P2P Blocking  Click OK (Figure12-13

183Only allow the users who pass Authentication to access to Internet in particular time STEP 1﹒Enter the following in Schedule function: (Figure12-

184STEP 3﹒Enter the following setting in Outgoing Policy:  Click New Entry  Authentication User: Select laboratory  Schedule: Select WorkingTime

185The external user control the internal PC through remote control software (Take pcAnywhere for example) STEP 1﹒Set up a Internal PC controlled by

186STEP 3﹒Enter the following in Incoming Policy:  Click New Entry  Destination Address: Select Virtual Server1 (61.11.11.12)  Service: Select P

187Set a FTP Server under DMZ NAT Mode and restrict the download bandwidth from external and MAX. Concurrent Sessions. STEP 1﹒Set a FTP Server under

188STEP 4﹒Enter the following in WAN to DMZ Policy:  Click New Entry  Destination Address: Select Virtual Server1 (61.11.11.12)  Service: Select

18Admin Adding a new Sub Administrator STEP 1﹒In the Admin WebUI, click the New Sub Admin button to create a new Sub Administrator. STEP 2﹒In the Ad

189Set a Mail Server to allow the internal and external users to receive and send e-mail under DMZ Transparent Mode STEP 1﹒Set a Mail Server in DMZ

190STEP 4﹒Enter the following setting in WAN to DMZ Policy:  Click New Entry  Destination Address: Select Mail_Server  Service: Select E-mail 

191STEP 6﹒Add the following setting in LAN to DMZ Policy:  Click New Entry  Destination Address: Select Mail_Server  Service: Select E-mail  Cl

192STEP 8﹒Add the following setting in DMZ to WAN Policy:  Click New Entry  Source Address: Select Mail_Server  Service: Select E-mail  Click O

193Chapter 13 Alert Setting Alert Setting When the SMC BR21VPN had detected attacks from hackers and the internal PC sending large DDoS attacks.

194Define the required fields of Hacker Alert Detect SYN Attack:  Select this option to detect TCP SYN attacks that hackers send to server comput

195 【ICMP Flood Threshold(Per Source IP)Pkts/Sec】: The System Administrator can enter the maximum number of ICMP packets per second from attacking

196Detect Ping of Death Attack:  Select this option to detect the attacks of tremendous trash data in PING packets that hackers send to cause Syste

197Detect Land Attack:  Some Systems may shut down when receiving packets with the same source and destination addresses, the same source port and

198Internet Alert SMC BR21VPN Alarm and to prevent the computer which being attacked to send DDoS packets to LAN network STEP 1﹒Select Anomaly Flow

Copyright Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for

19Modify the Administrator’s Password STEP 1﹒In the Admin WebUI, locate the Administrator name you want to edit, and click on Modify in the Configure

199After complete the Internal Alert Settings, if the device had detected the internal computer sending large DDoS attack packets and then the alarm

200 Figure16-4 NetBIOS Alert Notification to Administrator’s PC

201 Figure16-5 E-mail Virus Alert

202Chapter 14 Attack Alarm Attack Alarm SMC BR21VPN has two alarm forms: Internal Alarm, and External Alarm. Internal Alarm: When the SMC BR21V

203We set up two Alarm examples in the chapter: No. Suitable Situation Example PageEx 1 Internal Alarm To record the DDoS attack alarm from internal

204Internal Alarm To record the DDoS attack alarm from internal PC STEP 1﹒Select Internal Alarm in Attack Alarm when the device detects DDoS attacks

205External Alarm To record the attack alarm about Hacker attacks the SMC BR21VPN and Intranet STEP 1﹒Select the following settings in External Aler

206STEP 2﹒When Hacker attacks the SMC BR21VPN and Intranet, select External Alarm in Attack Alarm function to have detailed records about the hacker

207Chapter 15 LOG LOG Log records all connections that pass through the SMC BR21VPN’s control policies. The information is classified as Traffic L

208We set up four LOG examples in the chapter: No. Suitable Situation Example PageEx 1 Traffic Log To detect the information and Protocol port that

20Add Remote Management IPs STEP 1﹒Add the following setting in Permitted IPs of Administration: (Figure1-3)  Name: Enter master  IP Address: Ent

209Traffic Log To detect the information and Protocol port that users use to access to Internet or Intranet by SMC BR21VPN STEP 1﹒Add new policy in

210STEP 3﹒Click Traffic Log. It will show up the packets records that pass this policy. (Figure18-3) Figure18-3 Traffic Log WebUI

211STEP 4﹒Click on a specific IP of Source IP or Destination IP in Figure18-3, it will prompt out a WebUI about Protocol and Port of the IP. (Figure1

212STEP 5﹒Click on Download Logs and select Save in File Download WebUI. And then choose the place to save in PC and click OK; the records will be sa

213STEP 6﹒Click Clear Logs and click OK on the confirm WebUI; the records will be deleted from the SMC BR21VPN instantly. (Figure18-6) Figure18-6 C

214Event Log To record the detailed management events (such as Interface and event description of SMC BR21VPN) of the Administrator STEP 1﹒Click Ev

215STEP 2﹒Click on Download Logs and select Save in File Download WebUI. And then choose the place to save in PC and click OK; the records will be sa

216STEP 3﹒Click Clear Logs and click OK on the confirm WebUI; the records will be deleted from the SMC BR21VPN. (Figure18-9) Figure18-9 Clearing Ev

217Connection Log To Detect Event Description of WAN Connection STEP 1﹒Click Connection in LOG. It can show up WAN Connection records of the SMC BR2

218STEP 2﹒Click on Download Logs and select Save in File Download WebUI. And then choose the place to save in PC and click OK; the records will be sa

21Logout STEP 1﹒Click Logout in System to protect the system while Administrator are away. (Figure1-5) Figure1-5 Confirm Logout WebUI STEP 2﹒Click

219STEP 3﹒Click Clear Logs and click OK on the confirm WebUI, the records will be deleted from the SMC BR21VPN instantly. (Figure18-12) Figure18-12

220Log Backup To save or receive the records that sent by the SMC BR21VPN STEP 1﹒Enter Setting in System, select Enable E-mail Alert Notification f

221STEP 3﹒Enter Log Backup in Log, enter the following settings in Syslog Settings:  Select Enable Syslog Messages  Enter the IP in Syslog Host

222Chapter 16 Accounting Report Accounting Report Administrator can use this Accounting Report to inquire the LAN IP users and WAN IP users, and

223Define the required fields of Accounting Report Accounting Report Setting:  By accounting report function can record the sending information ab

224Inbound Accounting Report It is the statistics of downstream / upstream for all kinds of communication services; the Inbound Accounting report

225Outbound STEP 1﹒Enter Outbound in Accounting Report and select Top Users to inquire the statistics of Send / Receive packets, Downstream / Upstrea

226 Figure19-1 Outbound Source IP Statistics Report

227STEP 2﹒Enter Outbound in Accounting Report and select Top Sites to inquire the statistics website of Send/Receive packets, Downstream/Upstream, Fi

228 Figure19-2 Outbound Destination IP Statistics Report

22Software Update STEP 1﹒Select Software Update in System, and follow the steps below:  To obtain the version number from Version Number and obtain

229STEP 3﹒Enter Outbound in Accounting Report and select Top Services to inquire the statistics website of Send / Receive packets, Downstream/Upstrea

230Accounting Report.

231 Figure19-3 Outbound Services Statistics Report Figure19-4 According to the downstream / upstream report of the selected TOP numbering to draw t

232Inbound STEP 1﹒Enter Inbound in Accounting Report and select Top Users to inquire the statistics website of Send / Receive packets, Downstream /

233 Figure19-5 Inbound Top Users Statistics Report

234Enter Inbound in Accounting Report and select Top Sites to inquire the statistics website of Send / Receive packets, Downstream / Upstream, First

235 Figure19-6 Inbound Destination IP Statistics Report

236STEP 2﹒Enter Inbound in Accounting Report and select Top Services to inquire the statistics website of Send/Receive packets, Downstream/Upstream,

237 Figure19-7 Inbound Services Statistics Report Figure19-8 According to the downstream / upstream report of the selected TOP numbering to draw th

238 Chapter 17 Statistics Statistics WAN Statistics: The statistics of Downstream / Upstream packets and Downstream/Upstream traffic record that p

23Chapter 2 Configure Configure The Configure is according to the basic setting of the SMC BR21VPN. In this chapter the definition is Setting, Date

239Define the required fields of Statistics: Statistics Chart:  Y-Coordinate：Network Traffic（Kbytes/Sec）  X-Coordinate：Time（Hour/Minute） Source

240WAN Statistics STEP 1﹒Enter WAN in Statistics function, it will display all the statistics of Downstream/Upstream packets and Downstream/Upstream

241STEP 3﹒Statistics Chart (Figure20-2)  Y-Coordinate：Network Traffic（Kbytes/Sec）  X-Coordinate：Time（Hour/Minute） Figure20-2 To Detect WAN Stat

242Policy Statistics STEP 1﹒If you had select Statistics in Policy, it will start to record the chart of that policy in Policy Statistics. (Figure20

243STEP 3﹒Statistics Chart (Figure20-4)  Y-Coordinate：Network Traffic（Kbytes/Sec）  X-Coordinate：Time（Hour/Minute/Day） Figure

244Chapter 18 Status Status The users can know the connection status in Status. For example: LAN IP, WAN IP, Subnet Netmask, Default Gateway, DNS

245Interface STEP 1﹒Enter Interface in Status function; it will list the setting for each Interface: (Figure21-1)  PPPoE Con. Time: The last time

246 Figure21-1 Interface Status

247Authentication STEP 1﹒Enter Authentication in Status function, it will display the record of login status: (Figure21-2)  IP Address: The authen

248ARP Table STEP 1﹒Enter ARP Table in Status function; it will display a table about IP Address, MAC Address, and the Interface information which i

24Define the required fields of Settings SMC BR21VPN Configuration:  The Administrator can import or export the system settings. Click OK to impo

249DHCP Clients STEP 1﹒In DHCP Clients of Status function, it will display the table of DHCP Clients that are connected to the SMC BR21VPN: (Figure2

SMCBR21VPN20 Mason • Irvine, CA 92618 • Phn: (949) 679-8000 • www.smc.com

25Administration Packet Logging:  After enable this function; the SMC BR21VPN will record packet which source IP or destination address is SMC BR

26NAT Mode:  It allows Internal Network to set multiple subnet address and connect with the Internet through different WAN IP Addresses. For exampl

27Define the required fields of DHCP Subnet:  The domain name of LAN NetMask:  The LAN Netmask Gateway:  The default Gateway IP address

28Setting System Settings- Exporting STEP 1﹒In System Setting WebUI, click on button next to Export System Settings to Client. STEP 2﹒When the Fi

2LIMITED WARRANTY Limited Warranty Statement: SMC Networks, Inc. (“SMC”) warrants its products to be free from defects in workmanship and materials,

29System Settings- Importing STEP 1﹒In System Setting WebUI, click on the Browse button next to Import System Settings from Client. When the Choose F

30Restoring Factory Default Settings STEP 1﹒Select Reset Factory Settings in SMC BR21VPN Configuration WebUI STEP 2﹒Click OK at the bottom-right of

31 Figure2-4 Reset Factory Settings

32Enabling E-mail Alert Notification STEP 1﹒Select Enable E-mail Alert Notification under E-Mail Settings. STEP 2﹒Device Name: Enter the Device Name

33Reboot SMC BR21VPN STEP 1﹒Reboot SMC BR21VPN：Click Reboot button next to Reboot SMC BR21VPN Appliance. STEP 2﹒A confirmation pop-up page will app

34Date / Time Date/Time Settings STEP 1﹒Select Enable synchronize with an Internet time Server (Figure2-7) STEP 2﹒Click the down arrow to select the

35Multiple Subnet Connect to the Internet through Multiple Subnet NAT or Routing Mode by the IP address that set by the LAN user’s network card Pre

36Adding Multiple Subnet Add the following settings in Multiple Subnet of System function:  Click on New Entry  Alias IP of LAN Interface： Enter 1

37 WAN1 and WAN2 Interface can use Assist to enter the data. After setting, there will be two subnet in LAN: 192.168.1.0/24 (default LAN subnet) an

38Route Table To connect two different subnet router with the SMC BR21VPN and makes them to connect to Internet through SMC BR21VPN Preparation Comp

3marked on the outside of the package will be returned to customer at customer’s expense. For warranty claims within North America, please call our t

39Route Table STEP 1﹒Enter the following settings in Route Table in System function:  【Destination IP】: Enter 192.168.10.1  【Netmask】: Enter 255.2

40STEP 3﹒Enter the following setting in Route Table in System function:  【Destination IP】: Enter 10.10.10.0  【Netmask】: Enter 255.255.255.0  【Gate

41STEP 4﹒Adding successful. At this time the computer of 192.168.10.1/24, 192.168.20.1/24 and 192.168.1.1/24 can connect with each other and connect

42 DHCP STEP 1﹒Select DHCP in System and enter the following settings:  Domain Name：Enter the Domain Name  DNS Server 1: Enter the distributed

43 Figure 2-14 DHCP WebUI When selecting Automatically Get DNS, the DNS Server will lock it as LAN Interface IP. (Using Occasion: When the system Ad

44DDNS Dynamic DNS Settings STEP 1﹒Select Dynamic DNS in System function (Figure2-15). Click New Entry button  Service providers：Select service pr

45 Chart Meaning Update successfully Incorrect username or password Connecting to server Unknown error If System Administrator had not regi

46Host Table STEP 1﹒Select Host Table in Settings function and click on New Entry  Domain Name: The domain name of the server  Virtual IP Address

47Language Select the Language version (English Version/ Traditional Chinese Version or Simplified Chinese Version) and click OK. (Figure2-18) Fig

48Chapter 3 Interface Interface In this section, the Administrator can set up the IP addresses for the office network. The Administrator may confi

4CONSEQUENTIAL DAMAGES FOR CONSUMER PRODUCTS, SO THE ABOVE LIMITATIONS AND EXCLUSIONS MAY NOT APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RI

49Define the required fields of Interface LAN:  Using the LAN Interface, the Administrator can set up the LAN network of SMC BR21VPN. Ping: 

50Connect Mode:  Display the current connection mode:  PPPoE (ADSL user)  Dynamic IP Address (Cable Modem User)  Static IP Address Saturated

51DMZ:  The Administrator uses the DMZ Interface to set up the DMZ network.  The DMZ includes:  NAT Mode：In this mode, the DMZ is an indepen

52We set up four Interface Address examples in this chapter: No. Suitable Situation Example PageEx1 LAN Modify LAN Interface Settings 41 Ex2 WAN Set

53LAN Modify LAN Interface Settings STEP 1﹒Select LAN in Interface and enter the following setting:  Enter the new IP Address and Netmask  Select

54WAN Setting WAN Interface Address STEP 1﹒Select WAN in Interface and click Modify in WAN1 Interface. The setting of WAN2 Interface is almost the

55STEP 2﹒Setting the Connection Service (ICMP or DNS way)：  ICMP：Enter an Alive Indicator Site IP (can select from Assist) (Figure3-3)  DNS：Enter

56STEP 3﹒Select the Connecting way:  PPPoE (ADSL User) (Figure3-5): 1. Select PPPoE 2. Enter User Name as an account 3. Enter Password as the passw

57 Figure3-5 PPPoE Connection Figure3-6 Complete PPPoE Connection Setting If the connection is PPPoE, you can choose Service-On-Demand for WAN I

58 Dynamic IP Address (Cable Modem User) (Figure3-7): 1. Select Dynamic IP Address (Cable Modem User) 2. Click Renew in the right side of IP Addres

5COMPLIANCES FCC - Class A This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of th

59 Figure3-7 Dynamic IP Address Connection Figure3-8 Complete Dynamic IP Connection Setting

60 Static IP Address (Figure3-9) 1. Select Static IP Address 2. Enter IP Address, Netmask, and Default Gateway that provide

61 Figure3-10 Complete Static IP Address Connection Setting When selecting Ping and WebUI on WAN network Interface, users will be able to ping the S

62DMZ Setting DMZ Interface Address (NAT Mode) STEP 1﹒Click DMZ Interface STEP 2﹒Select NAT Mode in DMZ Interface  Select NAT in DMZ Interface  En

63Setting DMZ Interface Address (Transparent Mode) STEP 1﹒Select DMZ Interface STEP 2﹒Select Transparent Mode in DMZ Interface  Select DMZ_Transpar

64Chapter 4 Address Address The SMC BR21VPN allows the Administrator to set Interface addresses of the LAN network, LAN network group, WAN network,

65Define the required fields of Address Name:  The System Administrator set up a name as IP Address that is easily recognized. IP Address:  I

66We set up two Address examples in this chapter: No Suitable Situation Example Page Ex1 LAN Under DHCP circumstances, assign the specific IP to sta

67Example Under DHCP situation, assign the specific IP to static users and restrict them to access FTP net service only through policy STEP 1﹒Select

68STEP 2﹒Adding the following setting in Outgoing Policy: (Figure4-3) Figure 4-3 Add a Policy of Restricting the Specific IP to Access

6RFI Emission: • Limit class A according to EN 55022:1998, IEC 60601-1-2 (EMC,medical) • Limit class A for harmonic current emission according to

69 When the System Administrator setting the Address Book, he/she can choose the way of clicking on to make the SMC BR21VPN to fill out the user’s

70Setup a policy that only allows partial users to connect with specific IP (External Specific IP) STEP 1﹒Setting several LAN network Address. (Figu

71STEP 2﹒Enter the following settings in LAN Group of Address:  Click New Entry (Figure 4-6)  Enter the Name of the group  Select the users in

72STEP 3﹒Enter the following settings in WAN of Address function:  Click New Entry (Figure4-8)  Enter the following data (Name, IP Address, Netmas

73STEP 4﹒To exercise STEP1~3 in Policy (Figre4-10, 4-11) Figure4-10 To Exercise Address Setting in Policy Figure4-11 Complete the Policy Setting

74Chapter 5 Service Service TCP and UDP protocols support varieties of services, and each service consists of a TCP Port or UDP port number, such a

75it takes only one control policy to achieve the same effect as the 50 control policies.

76Define the required fields of Service Pre-defined WebUI’s Chart and Illustration: Chart Illustration Any Service TCP Service, For example：FTP,

77We set up two Service examples in this chapter: No Suitable Situation Example Page Ex1 Custom Allow external user to communicate with internal use

78Custom Allow external user to communicate with internal user by VoIP through policy. (VoIP Port: TCP 1720, TCP 15328-15333, UDP 15328-15333) STEP

7 Please read the following safety information carefully before installing the device: WARNING: Installation and removal of the unit must be carried

79STEP 2﹒Enter the following setting in Custom of Service function:  Click New Entry (Figure5-3)  Service Name: Enter the preset name VoIP  Proto

80Under general circumstances, the range of port number of client is 1024-65535. Change the client range in Custom of is not suggested. If the por

81STEP 3﹒Compare Service to Virtual Server. (Figure5-5) Figure5-5 Compare Service to Virtual Server STEP 4﹒Compare Virtual Server to Incoming

82Group Setting service group and restrict the specific users only can access to service resource that provided by this group through policy (Group:

83 Figure5-9 Complete the setting of Adding Service Group If you want to remove the service you choose from Selected Service, choose the service

84STEP 2﹒In LAN Group of Address function, Setting an Address Group that can include the service of access to Internet. (Figure5-10) Figure5-10

85Chapter 6 Schedule Schedule In this chapter, the SMC BR21VPN provides the Administrator to configure a schedule for policy to take effect and all

86Example To configure the valid time periods for LAN users to access to Internet in a day STEP 1﹒Enter the following in Schedule:  Click New Entry

87STEP 2﹒Compare Schedule with Outgoing Policy (Figure6-3) Figure6-3 Complete the Setting of Comparing Schedule with Policy The Schedule must c

88Chapter 7 QOS QoS By configuring the QoS, you can control the OutBound and InBound Upstream/Downstream Bandwidth. The administrator can configure

8 Veuillez lire à fond l’information de la sécurité suivante avant d’installer le Device: AVERTISSEMENT: L.installation et la dépose de ce groupe doi

89 Figure7-2 the Flow After Using QoS (Max. Bandwidth: 400Kbps, Guaranteed Bandwidth: 200Kbps)

90Define the required fields of QoS WAN:  Display WAN1 and WAN2 Downstream Bandwidth:  To configure the Guaranteed Bandwidth and Maximum Ban

91We set up two QoS examples in this chapter: No Suitable Situation Example Page Ex1 QoS Setting a policy that can restrict the user’s downstream an

92Example Setting a policy that can restrict the user’s downstream and upstream bandwidth STEP 1﹒Enter the following settings in QoS:  Click New En

93STEP 2﹒Use the QoS that set by STEP1 in Outgoing Policy. (Figure7-5, 7-6) Figure7-5 Setting the QoS in Policy Figure7-6 Complete Policy Setting

94Chapter 8 Authentication Authentication By configuring the Authentication, you can control the user’s connection authority. The user has to pass

95Define the required fields of Authentication Authentication Management  Provide the Administrator the port number and valid time to setup SMC BR

96z When the user connect to external network by Authentication, the following page will be displayed: (Figure8-2) Figure8-2 Authentication Login

97z It will connect to the appointed website after passing Authentication: (Figure8-3) Figure8-3 Connecting to the Appointed Website After Authent

98Auth-User Name:  The user account for Authentication you want to set. Password:  The password when setting up Authentication. Confirm Passw