Instruction/ maintenance manual of the product VPN 1400/2 HotBrick
Go to page of 76
.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 T A BLE OF CONTENTS 1: INTRODU CTION.......................................... .................................................. ............. ................... 4 Internet Fea tures............
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Upgrade Firm ware.......................................... ........................................ ....... ........................... 60 10: DEVICE INFORMATION............ .....................
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 1:Introduction Congra tulations on the purc hase of your ne w Du al WAN VPN Firewall. The Dual WAN VPN Firewall not only provides 2 WAN ports selections – it also provides Shared B roadband Internet Access for all LAN users.
HotBrick, Tel: 305 - 398 - 0888, Fa x: 305 - 398 - 5966 Supports all common Connec tion M ethods All popular DSL and Cable Modems and connection method s are supported, including Fixed IP, Dy na mic IP, P PPoE, and PPTP.
HotBrick, Tel: 305 - 3 98 - 0888, Fax: 305 - 398 - 5966 Other Features 16 - Port Switching Hub The Dual WAN VPN Fire wall incorporates a 16- port 10 /100BaseT switching hub that a llows you to quickly create or extend your LAN.
H otBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Package Contents The following items should be i ncluded : The Dual WAN VPN Firewall Unit Power Cord Quick Installation Guide CD - ROM containing t he on - line manual. Note: I f any of the above i tems a re damaged or m i ssing, please con tact your dealer immediately.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Some Status an d Error cond itions are ind icated by combinations of LED’s, as s ho w n below LED Action Condition Status – System & Packets flash alternativ ely. Firmware Downlo ad in progress.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Rear Panel Figure 1 - 3: R ear Panel A C 100V ~ 240V Connect to AC100~240V / 50~60Hz with AC power cord.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Note: The supplied Window s TFTP utility also allows y ou to perform three (3) a dditional opera tions: Save the current configuration se ttings to your PC (use the "Save C onfiguration" button).
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 2: Quick Installation Overvie w Initial Basic Setup of your Dual W AN VPN Firewall involves the following steps: 1. Attach a PC to the Dua l WAN VPN Firewall in po rt 3 ~ 16, and configure y our LAN.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 No Respon se? Is your PC using a Fixed IP address? If so, y ou must configure your PC t o use an IP address within the r ange 192.168.1.2 to 192.168.1.254, with a Network Mask of 2 55.255.255.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 8. Select LAN & DHCP from the menu. You will see a screen like the exam ple below. Figure 2 - 3: LAN & DH CP Setup 9. If your LAN alre ady has a DHCP Server, a nd you wish to continue to use it, the following configuration is required.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Installing the Dual W AN VPN Firew all on your L AN Figure 2 - 4: In stallation Di agram 13. Ensure the Dual WAN VPN Firewall and the DSL/Cable modem are powered OFF. Leave the modem or m odems connected to their data l ine.
HotBrick, Tel: 305 - 398 - 0888 , Fax: 305 - 398 - 5966 3. Quick Installation - L AN & DHCP Select LAN & DHC P from the menu. You will see a screen like the example below. Figure 3 - 1: LAN & DH CP Ensure these settings are suit able for your LAN .
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 LAN IP Configuration: IP address - for the Dual WAN VPN Firewall, as seen from the l ocal LAN. Use the default value unless the address is al read y in use or your LAN is using a different IP address range.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 DHCP Client List This table shows the I P addresses that have been allocated b y the DHCP Server. For each allocated address, the following information is displayed. Name – The ""hostname"" of the PC.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Quick installation - Primary setup Connection mode Enable Select this i f you have connected a b roadband modem to this port. Disable – Select this if t here is no broadband m odem connected to this port.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 3 : Loadbalancing This screen is only operational if using Internet connections on both WAN ports Figure 3 - 2: Load Balan ce Load balancing – Lo ad Balancing Enable – Use this to enable your Load Balance setting s.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 4 : Advan ced W AN Port options Connec tion validation Health Check – If disa bled, the Alive I ndicat or C heck is not perform ed.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Transparant b ridge option Bridge Mode – If set to Enable, this W AN port does not use NAT or the Load Balance function when both the LAN and W AN have real IP addresses on the sam e network segment.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 The screen is required in order to use multiple PPPoE sessions on the same WAN port. I t can also be used to manually conn ect or disconn ect a P PPoE session.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Adv a nced WAN PPTP A d vanced W AN WAN Port - Select the desired WAN port (click desired WAN on Connection Status). The data of the selected port will then be displayed in the W AN IP Account se ction.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 5 : A d va n ced Configuration Adv a nced configuration – Host IP This feature is used in the foll owing situations: You have Multi- Session PPPoE, and wish to bind e ach session to a pa rticular PC on y our LAN.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Reserve in DHCP – Select Enable to reserve a particular (LAN) IP address for a particular PC on your LAN. This allows the PC to use D HCP (Wi ndows calls this " obtain an IP address automatically") while having an IP address that never changes.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Adv a nced configuration – Routing Routing This section is only relevant if your LAN has other R out ers or Gat eways. If you don't have othe r Routers or Gateways on your LAN, y ou can ignor e the Static Routing page completely .
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Gateway – Th e IP Address of the G ateway or Router that t he Dual WAN VPN Firewall must use to communicate with t he destination above. (NOT the router attached to the remote segment.) Interface – Select the correct int erface, usually "LAN".
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 For Router A 's Default Route Destination I P 0.0.0.0 Address Network Mask 0.0.0.0 Gateway IP Address 192.168.1.1 Metric 2 For Router B's Defaul t Route Destination I P 0.0.0.0 Address Network Mask 0.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Web Server (192.168.1.45) PC using FT P Server (ftp://205.20.45.34) FTP Server (192.168.1.20) 205.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Adv a nced configuration – virtual server Virtual Serve r Configuration Enable – The enable check box enables or disables each Virtual server as required. Server Name – Enter a nam e for t h is server.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Update – Save any chang es you hav e made to the current ent ry. Cancel – Cancel any chang es you have made since the la st save operation. Virtual Server List - This table shows the d etail for all Cu stom Virtual Serv er configuration data.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Adv a nced configuration - Special Ap plication If you use Internet applications that use non -standard connections or port numbers, you may find that the y do not function correctl y because the y are bl ocked b y the Dual WAN VPN Firewall.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Special A pplicati on List - T his list shows the detail s for all currently def in ed Special Applica tions.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Dynamic DNS Service This pull -down menu can Enable/Disable the Dynamic DNS feature, and select the r equired service provider. Dis able – Dynamic DNS is not used. TZO – Select this to use the TZO service (www.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Adv a nced Configuration - M ulti DMZ This feature allows each WAN port I P address to be associated with one (1) computer on your LAN. All outgoing traff ic from that PC will be asso ciated with that W AN port I P address.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Advanced Configuration - UPnP Setup With the UPnP ( Univ ersal Plug & Play) function, it is e asy to setup and configure an entire network to enable discovery and control of networked devices an d services.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Adv a nced Co nfiguration – NA T Setting NAT Conf iguration NAT Routing – You can enable or disabl e NAT by using the checkbox. If you disable the NAT checkbox, it will act as a brid ge or Static Router.
H otBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Adv a nced Con figuration – Advanced F eature External Filters Conf iguration IDENT Port – Por t 113 is associated with the Internet's (Identification / Authentication) service.
HotBrick, T el: 305 - 398 - 0888, Fax: 305 - 398 - 5966 settings to correct the problem. Enable - If enabled, the WAN port you specify will be used for all outgoing SMTP traffic. If disabled, either WAN port will be used. WAN – Select the desired WAN por t to be bound.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 6 – Security Management Security Management – Block URL This feature allows you to block access to undesirable Web sites. You can block by URL, IP address, or Keyword. You can also have different blocking setti ngs for di fferent groups of PCs.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Securit y Manag ement – A cc ess Filter The network administrator can use the A ccess Filter to control the I nternet access and applications available to LAN users. Five (5) user g roups are available, and each g roup can have different acc ess rights.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Port Blocking – T here are two possible settings : No Filtering - all ports are open Block A l l Ac cess – All ports are closed. When you m a ke a new rule, the po rt will be opened for that entry (m aximum number of rules you enter are 50 ).
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Security M anagement – Sy stem Filter Exeption Sysfilter exception - Sy stem Filter Exception – will reject ever y packet with an unrecognized port to avoid port s can programs run by hackers but this also incurs problems when servers (e.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 7 : VPN Configuration Virtual Private Network (VPN) uses encr yption and authentication to create the connection between two end points (computers or networks).
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 VPN Configuration – Tunnel to HotBrick Unit VPN Tunnel List – here y ou can add a new tunnel or change an existing one from t he list.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Tunnel to HotBr ick Cli ent – This describes an I PSec tunnel from a th e VPN 1400/2 to t he H ot Brick Client Software. VPN Tunnel List– allows you to add a new tunnel or change an e xisting one on the list .
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 596 6 Tunnel Name– I n order to distinguish the tunnel, you hav e to give the “ T unnel ” a unique name. PPPoE Session – If you are using PPPoE to m ake the connection, and your ISP offers multiple PPPoE session s , you can select these PPPoE sessions to constru ct V PN tunnels.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Key management Key – Key Typ e: there are two k ey types (manual key and auto key ) available for key exchange manag ement. Manual Key: I f manua l key is selected, no key negotiation is needed.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 IPSec policy options Tunnel Attribute – T he defined attributes for t he tunnel. Dead Peer Detection - T his setting allows you t o use a WAN port fo r backup or for W AN failover in the event of a connection failure.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Set DF Flag - If this DF ( Do not Fragm ent) f lag is set, it m eans the fragmentation of this pack et at the IP level is not permitted.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 VPN Configuration – SA List VPN configuration – SA list The list will display the details of all Po licy Setup configuration d ata that you have setup. Y ou can modify it by mouse - clicking each row .
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 VPN Configuration – VPN Log You can monitor the VPN status through the VPN log web page. The log le vel (priority) can be chosen from VPN IKE Global Setting web page. Message Status Time – This indicates when this message i s created using the system ti me.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 8: QoS Configuration QoS Configuration – overview The Dual WAN VPN Firew all provides QoS, which supports high quality network service.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 QoS Configuration – QoS Setup QoS Setup QoS Feature Enable QoS – This will allow users to enable the QoS function. Queuing Method - The m ethod used to manage your queue. Pr iority queuing is one o f the first queuing solution s to be wi de ly i mplem ented.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Policy Name List – When adding a new Policy, ignore this list. T o edit an existing entry, se lect it from the list and then click the "Select" button. The data fields will be updated with data for the selected entry.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 9 : M anagement Assistant Management ass istant – Admin Pass w ord Enter the desired password, re-enter it in the Verify Passwo rd field, then sa ve it. When you connect to the Load Balancer with your Browser, you will be prompted for the password as shown below.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Management A ssi stant – Email A lert This feature will send a warning Email to inform the s ystem administrator that one of the WAN port s is disconnected. Enable/Disable E mail Alert Enable – This enables E mail Alert t o send a warning email when a WAN port disconne ct s.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Ping Before Notification - A threshold value for the maximum Ping s allowed to each interface on this device in a minute.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Management A sssi stant – Sy slog This feature can send real time system information on the web page or to t he specified PC. Syslog Delivery Sending out – Check this, if y ou want to send syslog messa ges to an other machine.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Management Assistant - U pgrade Firmware .
HotBrick, Tel: 305 - 398 - 0888, Fax: 30 5 - 398 - 5966 10: Device Status Once both the Dual WAN VPN Firewall and the PCs are configured, operation is automatic. However, some additional Internet configuration may be required for your specific network .
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 DHCP Server – The status of the DHCP Server function - either "Enabled" or "Disable d ". Device Status - WA N status NAT Statistics This section displays data for each WAN port.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Data – NA T Status LAN IP info IP A ddre ss – The LAN IP Address of the Dual WAN VPN Firewall. Mask A ddress – The Network Mask (Subnet Mask) for the IP Address above. A c tive W AN IP Info – There is one (1) row for each active connection.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Device informatio n – Device Information Device Information Firmware V ersion – Version of the Firmware currentl y installed. NAT – Status of the NAT feature – either “ Enab le ” or “ Disable ” .
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 If the "Restore Default V alue" button on this screen is clicked: A ll your current s ettings will be erased. The default I P address, password and A LL other settings will be restored to the factory default values.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Appen dix A Specifications Model HotBrick VPN 1400/2 Dual WAN Firewall Dimensions 120mm (W) x 427mm (D ) x 43.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Appen dix B Window s TCP/IP Setup Overvie w TCP/IP Settings If using the default Load Balancer s ettings, and the d efault Windows 95/98 /ME/2000 settings, no c hanges need to be made.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Ensure your TCP/IP settings are correct, as follows: Using DHCP To use DHCP, select the radio button Obtain a n IP Address auto matically. This is the default Windows settings. Restart your PC to e nsure it obtains an I P Address from the VPN 1400/2 Firewall Router.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 On the DNS Configuration tab, ensure Enabl e DNS is select ed. If th e DNS Server Search Order list is empty, enter t he DNS address provid ed by your I SP in the fields beside the A dd button, then click Add.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Figure B - 6: TC P/IP Propert ies (Win 2000 ) Ensure your TCP/IP settings are correct. Using DHCP To use DHCP, select the radio button Obtain an IP A ddress automatically. This is the default Windows setting.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Checking TCP/IP S ettings - Window s XP: 7. Sel ect Control Pane l - Network Connection. Right click the Local Area Connection and choose Properties.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Figure B -8 : TC P/IP Proper ties (Windows XP) Ensure your TCP/IP settings are correct. Using DHCP To use DHCP, select the radio button obtain an IP A ddress automatically. This is the default Windows setting.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Appen dix C Troubleshooting Overvie w T his chap ter covers some com mon problems that may be encount ered while using the Dual WAN VPN Firewall and some possible s olutions for t hem .
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 Appen dix D : IPSec Tunnel Examples VPN Configurat ion – Examples Tunnel to HotB rick Unit The HotBrick units in the fol lowing example use registered IP addresses. You have to r eplace these addresses with I P addresses that are av ailable t o you.
HotBrick, Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 First we will m ake settings in the VPN 1400/2 Next we will m ake settings for the LB-2 VPN Note : you need d ifferent subnets a t both ends of the t unnel. This is because th e IPSec tun nel will c onnect the two subnets so t hey need to be different in order to avoid IP address conflicts.
HotBrick , Tel: 305 - 398 - 0888, Fax: 305 - 398 - 5966 76.
An important point after buying a device HotBrick VPN 1400/2 (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought HotBrick VPN 1400/2 yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data HotBrick VPN 1400/2 - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, HotBrick VPN 1400/2 you will learn all the available features of the product, as well as information on its operation. The information that you get HotBrick VPN 1400/2 will certainly help you make a decision on the purchase.
If you already are a holder of HotBrick VPN 1400/2, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime HotBrick VPN 1400/2.
However, one of the most important roles played by the user manual is to help in solving problems with HotBrick VPN 1400/2. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device HotBrick VPN 1400/2 along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center
