Billion BiGuard 2 - Manual

5 Chapter 3: Getting Started 3.1 Overview 3.2 Before You Begin 3.3 Connecting Your Router 3.4 Configuring PCs for TCP/IP Networking 3.4.1 Overview 3.4.2 Windows XP 3.4.2.1 Configuring 3.4.2.2 Verifying Settings 3.4.3 Windows 2000 3.4.3.1 Configuring 3.4.3.2 Verifying Settings 3.4.4 Windows 98 / ME 3...

6 Chapter 4: Router Configuration 4.1 Overview 4.2 Status 4.2.1 ARP Table 4.2.2 Routing Table 4.2.3 Session Table 4.2.4 DHCP Table 4.2.5 IPSec Status 4.2.6 PPTP Status 4.2.7 System Log 4.2.8 IPSec Log 4.3 Quick Start 4.3.1 DHCP 4.3.2 Static IP 4.3.3 PPPoE 4.3.4 PPTP 4.3.5 Big Pond 4.4 Configuration ...

7 4.4.3.7 System Log Server 4.4.3.8 E-mail Alert 4.4.4 Firewall 4.4.4.1 Packet Filter 4.4.4.2 URL Filter 4.4.4.3 LAN MAC Filter 4.4.4.4 Block WAN Request 4.4.4.5 Intrusion Detection 4.4.5 VPN 4.4.5.1 IPSec 4.4.5.1.1 IPSec Wizard 4.4.5.1.2 IPSec Policy 4.4.5.2 PPTP 4.4.6 QoS 4.4.7 Virtual Server 4.4....

8 5.2.3.2 Javascripts 5.2.3.3 Java Permissions 5.3 WAN Interface 5.3.1 Can’t Get WAN IP Address from the ISP 5.4 ISP Connection 5.5 Problems with Date and Time 5.6 Restoring Factory Defaults Appendix A: Product Specifications A.1 BiGuard 10 Product Specifications A.2 BiGuard 2 Product Specifications...

9 Appendix E: Virtual Private Networking E.1 What is a VPN? E.1.1 VPN Applications E.2 What is IPSec? E.2.1 IPSec Security Components E.2.1.1 Authentication Header (AH) E.2.1.2 Encapsulating Security Payload (ESP) E.2.1.3 Security Associations (SA) E.2.2 IPSec Modes E.2.3 Tunnel Mode AH E.2.4 Tunnel...

10 Chapter 1: Introduction 1.1 Overview Congratulations on purchasing BiGuard 2/10 Router from Billion. Combining a router with an Ethernet network switch, BiGuard 2/10 is a state-of-the-art device that provides everything you need to get your network connected to the Internet over your Cable or DSL...

11 1.2.3 Intelligent Bandwidth Management BiGuard 2/10 utilizes Quality of Service (QoS) to give you full control over the priority of both incoming and outgoing data, ensuring that critical data such as customer information moves through your network, even while under a heavy load. Transmission spe...

12 Link/ACT: Lit when device is connected. Blinking when data is transmitting/receiving. LAN 1 – 8 Lit when connected to an Ethernet device. 10/100M : Lit green when connected at 100Mbps. Not lit when connected at 10Mbps. Link/ACT: Lit when device is connected. Blinking when data is transmitting/rec...

13 1.3.1.3 Rack Mounting To rack mount BiGuard 10, carefully secure the device to your rack on both sides using the included brackets and screws. See the diagram below for a more detailed explanation. 1.3.1.4 Cabling Most Ethernet networks currently use unshielded twisted pair (UTP) cabling. The UTP...

14 4 3 2 1 1.3.2.1 Front Panel LED Function POWER A solid light indicates a steady connection to a power source. STATUS A blinking light indicates the device is writing to flash memory. WAN Lit when connected to an Ethernet device. 10/100M : Lit green when connected at 100Mbps. Not lit when connecte...

16 Chapter 2: Router Applications 2.1 Overview Your BiGuard 2/10 Router is a versatile device that can be configured to not only protect your network from malicious attackers, but also ensure optimal usage of available bandwidth with Quality of Service (QoS). Alternatively, BiGuard 2/10 can also be ...

17 2.2.2 QoS Policies for Different Applications By setting different QoS policies according to the applications you are running, you can use BiGuard 2/10 to optimize the bandwidth that is being used on your network. Inbound Outbound Scheduler Meter Classifier Restricted PC Normal PCs VoIP

24 Chapter 3: Getting Started 3.1 Overview BiGuard 2/10 is designed to be a powerful and flexible network device that is also easy to use. With an intuitive web-based configuration, BiGuard 2/10 allows you to administer your network via virtually any Java-enabled web browser and is fully compatible ...

25 Be sure to also review the Safety Warnings located in the preface of this manual before working with your BiGuard 2/10. 3.3 Connecting Your Router Connecting BiGuard 2/10 is an easy three-step process: 1. Connect BiGuard 2/10 to your LAN by connecting Ethernet cables from your networked PCs to th...

26 3.4 Configuring PCs for TCP/IP Networking Now that your BiGuard 2/10 is connected properly to your network, it’s time to configure your networked PCs for TCP/IP networking. In order for your networked PCs to communicate with your router, they must have the following characteristics: 1. Have a pro...

30 3.4.2.2 Verifying Settings To verify your settings using a command prompt: 1. Click Start > Programs > Accessories > Command Prompt. 2. In the Command Prompt window, type ipconfig and then press ENTER. If you are using BiGuard 2/10’s default settings, your PC should have: - An IP address...

42 b. Select Client, then click Add. c. Select Microsoft. Æ Client for Microsoft Networks, and then click OK. 3. Restart your PC to apply your changes. 3.4.4.2 Configuring 1. Select Start > Settings > Control Panel.

48 IP Address: 192.168.1.254 Subnet Mask: 255.255.255.0 ISP setting in WAN site: Obtain an IP Address automatically (DHCP Client) DHCP server: DHCP server is enabled. Start IP Address: 192.168.1.100 End IP Address: 192.168.1.199 3.5.1 Username and Password The default user name and password are "...

49 3.6 Information From Your ISP 3.6.1 Protocols Before configuring this device, you have to check with your ISP (Internet Service Provider) to find out what kind of service is provided such as DHCP, Static IP, PPPoE, or PPTP. The following table outlines each of these protocols: DHCP Configure this...

53 7. Click OK to save your changes. 3.7 Web Configuration Interface BiGuard 2/10 includes a Web Configuration Interface for easy administration via virtually any browser on your network. To access this interface, open your web browser, enter the IP address of your router, which by default is 192.16...

56 restricted to only one PC accessing the web configuration interface at a time. Once a PC has logged into the web interface, other PCs cannot gain access until the current PC has logged out. If the previous PC forgets to logout, the second PC can access the page after a user-defined period (5 minu...

65 Username: Enter your user name. Password: Enter your password. Retype Password: Retype your password. Login Server: Enter the IP of the Login server provided by your ISP. Click Apply to save your changes. To reset to defaults, click Reset . For detailed instructions on configuring WAN settings, p...

66 4.4.1 LAN There are two items within this section: Ethernet , DHCP Server and LAN Address Mapping. 4.4.1.1 Ethernet IP Address: Enter the internal LAN IP address for BiGuard 2/10 (192.168.1.254 by default). Subnet Mask: Enter the subnet mask (255.255.255.0 by default). RIP: RIP v2 Broadcast and R...

67 To disable the router’s DHCP Server, select the Disable radio button, and then click Apply . When the DHCP Server is disabled, you will need to manually assign a fixed IP address to each PC on your network, and set the default gateway for each PC to the IP address of the router (192.168.1.254 by ...

68 reserved IP. Candidates: You can also select the Candidates which are referred from the ARP table for automatic input. Click the Apply button to add the configuration into the Host Table. Press the Delete button to delete a configuration from the Host Table. 4.4.1.3 LAN Address Mapping LAN Addres...

69 Name: Please input the name of the rule. IP Address: Please input the LAN Gateway IP Address you would like to use. Netmask: Please input the Netmask you would like to use. WAN IP Address: Please click Candidates to select the WAN IP address you would like to use from WAN Alias list. Click the Ap...

75 Click Apply to save your changes. To reset to defaults, click Reset . A simpler alternative is to select Quick Start from the main menu. Please see the Quick Start section of this chapter for more information. 4.4.2.2 Bandwidth Settings Under Bandwidth Settings, you can easily configure both inbo...

76 Please click Create to create a LAN Address Mapping rule. Name: Please input the name of the rule. IP Address: Please input the additional WAN IP address you would like to use. Click the Apply button to add the configuration into the WAN IP Alias. 4.4.3 System The System menu allows you to adjust...

78 Time, please check the Automatic checkbox. Resync Period: Please input the resync circle of time zone update. Click Apply to apply the rule, Click Cancel to discard the changes. 4.4.3.2 Remote Access To allow remote users to configure and manage BiGuard 2/10 through the Internet, select the Enabl...

80 Upgrading your BiGuard 2/10’s firmware is a quick and easy way to enjoy increased functionality, better reliability, and ensure trouble-free operation. To upgrade your firmware, simply visit Billion’s website ( http://www.billion.com ) and download the latest firmware image file for BiGuard 2/10....

82 In order to prevent unauthorized access to your router’s configuration interface, it requires the administrator to login with a password. You can change your password by entering your new password in both fields. Click Apply to save your changes. Click Reset to reset to the default administration...

83 This function allows BiGuard 2/10 to send system logs to an external Syslog Server. Syslog is an industry-standard protocol used to capture information about network activity. To enable this function, select the Enable radio button and enter your Syslog server IP address in the Log Server IP Addr...

87 The URL Filter is a powerful tool that can be used to limit access to certain URLs on the Internet. You can block web sites based on keywords or even block out an entire domain. Certain web features can also be blocked to grant added security to your network. URL Filtering: You can choose to Enab...

88 checkbox. To edit the list of filtered domains, click Details . Enter a domain and selected whether this domain is trusted or forbidden with the pull-down menu. Next, click Apply . Your new domain will be added to either the Trusted Domain or Forbidden Domain listing, depending on which you selec...

89 Enter a name for the IP Address and then enter the IP address itself. Click Apply to save your changes. The IP address will be entered into the Exception List, and excluded from the URL filtering rules in effect. 4.4.4.3 LAN MAC Filter LAN Mac Filter can decide that BiGuard will serve those devic...

90 Rule: Enable or disable this entry. Action When Matched: Select to Drop or Forward the packet specified in this filter entry. MAC Address: The MAC Address you would like to apply. Candidates: You can also select the Candidates which are referred from the ARP table for automatic input. 4.4.4.4 Blo...

91 4.4.4.5 Intrusion Detection Intrusion Detection can prevent most common DoS attacks from the Internet or from LAN users. Intrusion Detection: Enable or disable this function. Intrusion Log: All the detected and dropped attacks will be shown in the system log. 4.4.5 VPN 4.4.5.1 IPSec IPSec is a se...

95 (5)LAN to Host (For BiGuard VPN Client only): BiGuard would like to establish an IPSec VPN tunnel with BiGuard VPN Client software C01 by using aggressive mode. VPN Client IP Address: The VPN Client Address for BiGuard VPN Client, this value will be apply on both remote ID and remote Network as s...

96 After your configuration is done, you will see a Configuration Summary . Back: Back to the Previous page. Done: Click Done to apply the rule. 4.4.5.1.2 IPSec Policy Click Create to create a new IPSec VPN connection account. Configuring a New VPN Connection

97 Connection Name: A user-defined name for the connection. Tunnel: Select Enable to activate this tunnel. Select Disable to deactivate this tunnel. Local: This section configures the local host. ID: This is the identity type of the local router or host. Choose from the following four options: WAN I...

100 Key Life Time: Allows you to specify the timer interval for renegotiation of another key. The value is in seconds e.g. 3600 seconds = 1 hour. Netbios Broadcast: Allows BiGuard to send local Netbios Broadcast packet through the IPSec Tunnel, please select Enable or Disable . DPD Setting: DPD, Dea...

101 PPTP function: Select Enable to activate PPTP Server. Disable to deactivate PPTP Server function. Auth. Type: The authentication type, Pap or Chap, PaP, Chap. Data Encryption: Select Enable or Disable the Data Encryption. Encryption Key Length: Auto , 40 bits or 128 bits . Peer Encryption Mode: ...

103 The first menu screen gives you an overview of which WAN ports currently have QoS active, and the bandwidth settings for each. WAN Outbound: QoS Function: QoS status for WAN outbound. Select Enable to activate QoS for WAN’s outgoing traffic. Select Disable to deactivate. Max ISP Bandwidth: The m...

105 Bandwidth per source IP Address: Please select Bandwidth per source IP Address if you would like the specified bandwidth to be applied individually per source IP address in specified IP range. For IP Address (default)… Source IP Address Range: The range of source IP Addresses this rule applies t...

107 Enable DMZ function: Enable: Activates your router’s DMZ function. Disable: Default setting. Disables the DMZ function. DMZ IP Address: Give a static IP address to the DMZ Host when the Enable radio button is selected. Be aware this IP will be exposed to the WAN/Internet. Candidates: You can als...

108 Click Create to add a new port forwarding rule. There are two port forwarding modes: Port Range Mapping and Port Redirection . This function allows any incoming data addressed to a range of service port numbers (from the Internet/WAN Port) to be re-directed to a particular LAN private/internal I...

110 (subnet). The routing table stores the routing information so the router knows where to redirect the IP packets. Click on Static Route and then click Create to add a routing table. Rule: Select Enable to activate this rule, Disable to deactivate this rule. Destination: This is the destination su...

111 Click Apply to save your changes. 4.4.8.2 Dynamic DNS The Dynamic DNS function allows you to alias a dynamic IP address to a static hostname, allowing users whose ISP does not assign them a static IP address to use a domain name. This is especially useful when hosting servers via your WAN connec...

112 Enable: Check to enable the Dynamic DNS function. The following fields will be activated and required: Dynamic DNS Server: Select the DDNS service you have established an account with. Wildcard: Select this check box to enable the DYNDNS Wildcard. Domain Name: Enter your registered domain name f...

113 Management IP Address: You may specify an IP address allowed to logon and access the router’s web server. Setting the IP address to 0.0.0.0 will disable IP address restrictions, allowing users to login from any IP address. Expire to auto-logout: Specify a time frame for the system to auto-logout...

115 VLAN Name: Please input VLAN name of this rule. VLAN ID: Please input VLAN ID that will be used for Tagged member port(s). Tagged Member port(s): Please check the interface that you would like to use in this VLAN ID group. Untagged Member port(s): Please check the interface that you would like t...

116 your configuration settings before you logout. Be aware that the router is restricted to only one PC accessing the web configuration interface at a time. Once a PC has logged into the web interface, other PCs cannot gain access until the current PC has logged out. If the previous PC forgets to l...

119 - Check the 10/100 LAN LEDs on BiGuard 2/10’s front panel. One of these LEDs should be on. If they are both off, check the cables between BiGuard 2/10 and the hub or PC. - Check the corresponding LAN LEDs on your PC’s Ethernet device are on. - Make sure that driver software for your PC’s Etherne...

120 3. Make sure that the Delete All Offline Content checkbox is checked, and click OK . 4. Click OK under Internet Options to close the dialogue. - In Windows, type arp –d at the command prompt to clear you computer’s ARP table.

124 5.3 WAN Interface If you are having problems with the WAN Interface, refer to the tips below. 5.3.1 Can’t Get WAN IP Address from the ISP If the WAN IP address cannot be obtained from the ISP: - If you are using PPPoE or PPTP, you will need a user name and password. Ensure that you have entered ...

126 account as your PC’s host name on the router. - Your ISP may check for your PCs MAC address. Either inform your ISP that you have purchased a new network device and ask them to use your router’s MAC address, or configure your router to spoof your PC’s MAC address. If an IP address can be obtaine...

127 Appendix A: Product Specifications A.1 BiGuard 10 Product Specifications Virtual Private Network - IPSec VPN, supports up to 10 IPSec tunnels - IPSec VPN performance is up to 20 Mbps - PPTP VPN, support up to 4 PPTP tunnels - PPTP VPN performance is up to 10 Mbps - Manual key, Internet Key Excha...

128 - Intrusion detection Content Filtering - URL Filter settings prevent user access to certain sites on the Internet - Java Applet/Active X/Cookie Blocking Quality of Service Control - Supports DiffServ approach - Traffic prioritization and bandwidth management based-on IP protocol, port number an...

131 Firewall - Stateful Packet Inspection (SPI) and Denial of Service (DoS) prevention - Packet filter un-permitted inbound (WAN)/Inbound (LAN) Internet access by IP address, port number and packet type - Email alert and logs of attack - MAC Address Filtering - Intrusion detection Content Filtering ...

133 Appendix B: Customer Support Most problems can be solved by referring to the Troubleshooting section in the User’s Manual. If you cannot resolve the problem with the Troubleshooting chapter, please contact the dealer where you purchased this product. Contact Billion Worldwide http://www.billion....

134 Appendix C: FCC Interference Statement This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: - This device may not cause harmful interference. - This device must accept any interference received, including interference that may cause undesired oper...

137 D.1.2 Network Address Translation (NAT) Traditionally, multiple PCs that needed simultaneous Internet access also required a range of IP addresses from the Internet Service Provider (ISP). Not only was this method very costly, but the number of available IP addresses for PCs is limited. Instead,...

140 Appendix E: Virtual Private Networking E.1 What is a VPN? A Virtual Private Network (VPN) is a shared network where private data is segmented from other traffic so that only the intended recipient has access. It allows organizations to securely transmit data over a public medium like the Interne...

144 Transport Mode : - This mode is used to provide data security between two networks. It provides protection for the entire IP packet and is sent by adding an outer IP header corresponding to the two tunnel end-points. Since tunnel mode hides the original IP header, it provides security of the net...

147 Appendix F: IPSec Logs and Events F.1 IPSec Log Event Categories There are three major categories of IPSec Log Events for your BiGuard 2/10. These include: 1. IKE Negotiate Packet Messages 2. Rejected IKE Messages 3. IKE Negotiated Status Messages The table in the following section lists the dif...

151 Appendix G: Bandwidth Management with QoS G.1 Overview In a home or office environment, users constantly have to transmit data to and from the Internet. When too many are accessing the Internet at the same time, service can slow to a crawl, causing service interruptions and general frustration. ...

153 broadband connection. Application Data Ratio (%) Priority On-line games 30% High Skype 5% High Email 10% High FTP 20% Upload (High), Download (Normal) Other 35% G.4.2 Office Users QoS is also ideal for small businesses using an office server as a web server. With QoS control, web pages served to...

155 Appendix H: Router Setup Examples H.1 VPN Configuration This section outlines some concrete examples on how you can configure BiGuard 2/10 for your VPN. H.1.1 LAN to LAN Branch Office Head Office Local ID IP Address IP Address Data 69.121.1.30 69.121.1.3 Network Any Local Address Any Local Addre...

156 ID IP Address IP Address Data 69.121.1.3 69.121.1.30 Network Subnet Subnet IP Address 192.168.1.0 192.168.0.0 Netmask 255.255.255.0 255.255.255.0 Proposal IKE Pre-shared Key 12345678 12345678 Security Algorithm Main Mode; ESP: MD5 3DES PFS Main ESP MD5 3DES PFS H.1.2 Host to LAN

158 H.2 VPN Concentrator Step 1: Go to Configuration > IPSec and configure the link from BiGuard 2/10 Headquarter to BiGuard 2/10 Branch A. 100.100.100.1 200.200.200.1 192.168.2.x 192.168.3.x 201.201.201.1 192.168.4.x Local ID Type: Subnet Local subnet: 0.0.0.0 Local mask: 0.0.0.0 Remote ID Type:...

160 Step 4: Go to Configuration > IPSec and configure the connection from the BiGuard 2/10 Branch B to BiGuard 2/10 Headquarter. Step 5: Click Save Config to save all changes to flash memory. H.3 Intrusion Detection Intrusion Detection on Internet Internet Detected! Dropped BiGuard Safe!! Server ...

161 Step 1: Go to Configuration > Firewall > Intrusion Detection and Enable the settings. Step 2: Click Apply and then Save Config to save all changes to flash memory. H.4 PPTP Remote Access by Windows XP Internet Internet Windows XP PPTP Client Internet Internet 100.100.100.1 Headquarter BiGu...

163 Step3: Click Apply , you can see the account is successfully created. Step4: Click Save Config to save all changes to flash memory. Step5: In Windows XP, go Start > Settings > Network Connections .

164 Step6: In Network Tasks , Click Create a new connection , and press Next. Step7: Select Connect to the network at my workplace and press Next .

165 Step8: Select Virtual Private Network connection and press Next . Step9: Input the user-defined name for this connection and press Next .

167 Step12: Double click the connection, and input Username and Password that defined in BiGuard PPTP Account Settings . PS. You can also refer the Properties > Security page as below, by default.

168 H.5 PPTP Remote Access by BiGuard Internet Internet Internet Internet 100.100.100.1 Headquarter BiGuard &PPTP Server PPTP Tunnel Branch Office 200.200.200.1 BiGuard &PPTP Client Local subnet: 192.168.30.0Local mask: 255.255.255.0 Step1: Go to Configuration > VPN > PPTP and Enable t...