Barricade™Dual WAN Port Load Balancing VPN RouterSMCBR21VPN
9• Das Gerät muß an eine geerdete Steckdose angeschlossen werden, welche die internationalen Sicherheitsnormen erfüllt. • Der Gerätestecker (der An
99We set up four Authentication examples in this chapter: No Suitable Situation Example PageEx1 Auth User Auth Group Setting specific users to conn
100Example Setting specific users to connect with external network only before passing the authentication of policy. (Adopt the built-in Auth User an
101STEP 2﹒Add Auth User Group Setting in Authentication function and enter the following settings: Click New Entry Name: Enter laboratory Sel
102STEP 3﹒Add a policy in Outgoing Policy and input the Address and Authentication of STEP 2 (Figure8-6, 8-7) Figure8-6 Auth-User Poli
103STEP 4﹒When user is going to access to Internet through browser, the authentication UI will appear in Browser. After entering the correct user nam
104Chapter 9 Content Blocking Content Filtering Content Filtering includes「URL」,「Script」,「P2P」,「IM」,「Download」. 【URL Blocking】: The administrator
105Define the required fields of Content Blocking URL String: The domain name that restricts to enter or only allow entering. Popup Blocking:
106Sub-name file Blocking: Prevent users to deliver specific sub-name file by http All Type: Prevent users to send the Audio, Video types,
107We set up five Content Blocking examples in this chapter: No Suitable Situation Example PageEx1 URL Blocking Restrict the Internal Users only c
108URL Restrict the Internal Users only can access to some specific Website URL Blocking: Symbol: ~ means open up; * means metacharacter Restri
10 Warnings and Cautionary Messages Warning: This product does not contain any serviceable user parts. Warning: Installation and removal of the unit
109STEP 1﹒Enter the following in URL of Content Filtering function: Click New Entry URL String: Enter ~yahoo, and click OK Click New Entry
110STEP 2﹒Add a Outgoing Policy and use in Content Blocking function: (Figure9-2) Figure9-2 URL Blocking Policy Setting STEP 3﹒Complet
111SCRIPT Restrict the Internal Users to access to Script file of Website STEP 1﹒Select the following data in Script of Content Blocking function:
112STEP 2﹒Add a new Outgoing Policy and use in Content Blocking function: (Figure9-5) Figure9-5 New Policy of Script Blocking Setting
113 Download Restrict the Internal Users to access to video, audio, and some specific sub-name file from http or ftp protocol directly STEP 1﹒Enter
114STEP 2﹒Add a new Outgoing Policy and use in Content Blocking function: (Figure9-14) Figure9-14 Add New Download Blocking Policy Setti
115P2P / IM Limit internal user access internet resources by P2P software. Step1. In IM / P2P Blocking Æ Setting, add the following settings: Click
116 Step2. In Policy Æ Outgoing, add one policy applied to P2P blocking setting.(Fig. 10-7) Fig. 10-7 Set the policy applied to P2P blocking
117Use P2P will seriously occupy network bandwidth and it can change its service port. So the MIS engineer not only set the service port in Service,
118Chapter 10 Virtual Server Virtual Server The real IP address provided from ISP is always not enough for all the users when the system manager ap
11Environmental Statement The manufacturer of this product endeavours to sustain an environmentally-friendly policy throughout the entire production
119In this chapter, we will have detailed introduction and instruction of Mapped IP and Server 1/2/3/4: Mapped IP: Because the Intranet is transferr
120Define the required fields of Virtual Server WAN IP: WAN IP Address (Real IP Address) Map to Virtual IP: Map the WAN Real IP Address into
121We set up four Virtual Server examples in this chapter: No. Suitable Situation Example PageEx1 Mapped IP Make a single server that provides sever
122Example Make a single server that provides several services such as FTP, Web, and Mail, to provide service by policy STEP 1﹒Setting a server that
123STEP 4﹒Group the services (DNS, FTP, HTTP, POP3, SMTP…) that provided and used by server in Service function. And add a new service group for serv
124STEP 7﹒Complete the setting of providing several services by mapped IP. (Figure10-6) Figure10-6 A Single Server that Provides Sev
125Make several servers that provide a single service, to provide service through policy by Virtual Server (Take Web service for example) STEP 1﹒Set
126STEP 2﹒Enter the following data in Server 1 of Virtual Server function: Click the button next to Virtual Server Real IP (“click here to configu
127STEP 3﹒Add a new policy in Incoming Policy, which includes the virtual server, set by STEP2. (Figure10-9) Figure10-9 Complete Virtual Server P
128The external user use VoIP to connect with VoIP of LAN (VoIP Port: TCP 1720, TCP 15328-15333, UDP 15328-15333) STEP 1﹒Set up VoIP in LAN network,
12Audience The guide is intended for use by network administrators who are responsible for installing and setting up network equipment; consequently,
129STEP 4﹒Enter the following setting in Server1 of Virtual Server function: Click the button next to Virtual Server Real IP (“click here to confi
130STEP 5﹒Add a new Incoming Policy, which includes the virtual server that set by STEP4: (Figure10-15) Figure10-15 Complete the Policy includes
131STEP 7﹒Complete the setting of the external/internal user using specific service to communicate with each other by Virtual Server. (Figure10-17)
132Make several servers that provide several same services, to provide service through policy by Virtual Server. (Take HTTP, POP3, SMTP, and DNS Grou
133STEP 3﹒Group the service of server in Custom of Service. Add a Service Group for server to send e-mail at the same time. (Figure10-20) Figure
134STEP 4﹒Enter the following data in Server1 of Virtual Server: Click the button next to Virtual Server Real IP (“click here to configure”) in Se
135STEP 5﹒Add a new Incoming Policy, which includes the virtual server that set by STEP 3: (Figure10-23) Figure10-23 Complete Incoming Policy Set
136STEP 7﹒Complete the setting of providing several services by Virtual Server. (Figure10-25) Figure10-25 Complete the Setting of P
137Chapter 11 VPN VPN The SMC BR21VPN adopts VPN to set up safe and private network service. And combine the remote Authentication system in order
138Define the required fields of VPN: RSA: A public-key cryptosystem for encryption and authentication. Preshared Key: The IKE VPN must
13Contents CHAPTER 1 ADMINISTRATOR...16 ADMIN
139DES (Data Encryption Standard): The Data Encryption Standard developed by IBM in 1977 is a 64-bit block encryption block cipher using a 56-bi
140Define the required fields of IPSec Function To display the VPN connection status via icon。 Chart -- Meaning Not be applied Disconnect C
141Define the required fields of PPTP Server Function PPTP Server: To select Enable or Disable Client IP Range: Setting the IP addresses
142Define the required fields of PPTP Client Function To display the VPN connection status via icon。 Chart -- Meaning Not be applied Discon
143Define the required fields of Tunnel Function To display the VPN connection status via icon。 Chart -- Meaning Not be applied Disconnect
144We set up two VPN examples in this chapter: No. Suitable Situation Example Page Ex1 IPSec Autokey Setting IPSec VPN connection between two SMC BR
145Example Setting IPSec VPN connection between two SMC BR21VPN Preparation Company A WAN IP: 61.11.11.11 LAN IP: 192.168.10.X Company B WAN IP
146STEP 4﹒Select Preshare in Authentication Method and enter the Preshared Key (max: 100 bits) STEP 5﹒Select ISAKMP Algorithm in Encapsulation list.
147STEP 6﹒You can choose Data Encryption + Authentication or Authentication Only to communicate in IPSec Algorithm list: ENC Algorithm: 3DES/DES/AES/
148STEP 9﹒Enter the following setting in Tunnel of VPN function: (Figure11-13) Enter a specific Tunnel Name. From Source: Select LAN From Sou
14CHAPTER 8 AUTHENTICATION...94 EXAMPLE...
149STEP 10﹒Enter the following setting in Outgoing Policy:(Figure11-15) Authentication User: Select All_NET. Schedule: Select Schedule_1. QoS:
150STEP 11﹒Enter the following setting in Incoming Policy: (Figure11-17) Schedule: Select Schedule_1. QoS: Select QoS_1. Tunnel: Select IPSec_V
151 The Default Gateway of Company B is the LAN IP of the SMC BR21VPN 192.168.20.1. Follow the steps below: STEP 1.Enter the following setting in Mu
152STEP 4.Select Remote Gateway-Fixed IP or Domain Name In To Destination list and enter the IP Address STEP 5.Select Preshare in Authentication Met
153STEP 7.You can choose Data Encryption + Authentication or Authentication Only to communicate in IPSec Algorithm list: ENC Algorithm: 3DES/DES/AES/
154STEP 10.Enter the following setting in Tunnel of VPN function: (Figure11-28) Enter a specific Tunnel Name. From Source: Select LAN From So
155STEP 11.Enter the following setting in Outgoing Policy: (Figure11-30) Authentication User: Select All_NET. Schedule: Select Schedule_1. QoS:
156STEP 12.Enter the following setting in Incoming Policy: (Figure11-32) Schedule: Select Schedule_1. QoS: Select QoS_1. Tunnel: Select IPSec_V
157STEP 13.Complete IPSec VPN Connection. (Figure11-34) Figure 11-34 IPSec VPN Connection Deployment
158Setting PPTP VPN connection between two SMC BR21VPN Preparation Company A WAN IP: 61.11.11.11 LAN IP: 192.168.10.X Company B WAN IP: 211.22.
15CHAPTER 17 STATISTICS...238 WA N STA
159The Default Gateway of Company A is the LAN IP of the SMC BR21VPN 192.168.10.1. Follow the steps below: STEP 1.Enter PPTP Server of VPN function
160STEP 2.Add the following settings in PPTP Server of VPN function in the SMC BR21VPN of Company A: Select New Entry. (Figure11-36) User Name:
161STEP 3.Enter the following setting in Tunnel of VPN function: (Figure11-38) Enter a specific Tunnel Name. From Source: Select LAN From Sou
162STEP 4.Enter the following setting in Outgoing Policy: (Figure11-40) Authentication User: Select All_NET. Schedule: Select Schedule_1. QoS:
163STEP 5.Enter the following setting in Incoming Policy: (Figure11-42) Schedule: Select Schedule_1. QoS: Select QoS_1. Tunnel: Select PPTP_VPN
164The Default Gateway of Company B is the LAN IP of the SMC BR21VPN 192.168.20.1. Follow the steps below: STEP 1.Add the following settings in PPTP
165STEP 2.Enter the following setting in Tunnel of VPN function: (Figure11-46) Enter a specific Tunnel Name. From Source: Select LAN From Sou
166STEP 3.Enter the following setting in Outgoing Policy: (Figure11-48) Authentication User: Select All_NET. Schedule: Select Schedule_1. QoS:
167STEP 4.Enter the following setting in Incoming Policy: (Figure11-50) Schedule: Select Schedule_1. QoS: Select QoS_1. Tunnel: Select PPTP_Cli
168STEP 5.Complete PPTP VPN Connection. (Figure11-52) Figure 11-52 PPTP VPN Connection Deployment
16Chapter 1 Administrator Administration “System” is the managing of settings such as the privileges of packets that pass through the SMC BR21VPN a
169Chapter 12 Policy Policy Every packet has to be detected if it corresponds with Policy or not when it passes the SMC BR21VPN. When the conditions
170(4) LAN to DMZ: The source IP is in LAN network; the destination is in DMZ network. The system manager can set all the policy rules of LAN to DMZ
171Define the required fields of Policy Source and Destination: Source IP and Destination IP is according to the SMC BR21VPN’s point of view. The
172Option: To display if every function of Policy is enabled or not. If the function is enabled and then the chart of the function will appear (S
173 MAX. Concurrent Sessions: Set the concurrent sessions that permitted by policy. And if the sessions exceed the setting value, the surplus conn
174We set up six Policy examples in this chapter: No. Suitable Situation Example PageEx1 Outgoing Set up the policy that can monitor the internal us
175Example Set up the policy that can monitor the internal users. (Take Logging, Statistics, and Alarm Threshold for example) STEP 1﹒Enter the follo
176STEP 2﹒Complete the setting of Logging, Statistics, and Alarm Threshold in Outgoing Policy: (Figure12-2) Figure12-2 Complete Policy Setting STE
177STEP 4﹒To display the traffic record that through Policy to access to Internet in Policy Statistics of Statistics function. (Figure12-4) Figure1
178Forbid the users to access to specific network. (Take specific WAN IP and Content Blocking for example) STEP 1﹒Enter the following setting in UR
17Define the required fields of Administrator Administrator Name: The username of Administrators and Sub Administrator for the SMC BR21VPN. The
179Figure12-8 IM Blocking Setting Figure12-9 Download Blocking Setting 1. URL Blocking can restrict the Internal Users only can access to some spe
180STEP 2﹒Enter as following in WAN and WAN Group of Address function: (Figure12-10, 12-11) Figure12-10 Setting the WAN IP that going to block Fi
181STEP 3﹒Enter the following setting in Outgoing Policy: Click New Entry Destination Address: Select Romote_Group that set by STEP 2. (Blo
182STEP 4﹒Enter the following setting in Outgoing Policy: Click New Entry Select Content Blocking & IM / P2P Blocking Click OK (Figure12-13
183Only allow the users who pass Authentication to access to Internet in particular time STEP 1﹒Enter the following in Schedule function: (Figure12-
184STEP 3﹒Enter the following setting in Outgoing Policy: Click New Entry Authentication User: Select laboratory Schedule: Select WorkingTime
185The external user control the internal PC through remote control software (Take pcAnywhere for example) STEP 1﹒Set up a Internal PC controlled by
186STEP 3﹒Enter the following in Incoming Policy: Click New Entry Destination Address: Select Virtual Server1 (61.11.11.12) Service: Select P
187Set a FTP Server under DMZ NAT Mode and restrict the download bandwidth from external and MAX. Concurrent Sessions. STEP 1﹒Set a FTP Server under
188STEP 4﹒Enter the following in WAN to DMZ Policy: Click New Entry Destination Address: Select Virtual Server1 (61.11.11.12) Service: Select
18Admin Adding a new Sub Administrator STEP 1﹒In the Admin WebUI, click the New Sub Admin button to create a new Sub Administrator. STEP 2﹒In the Ad
189Set a Mail Server to allow the internal and external users to receive and send e-mail under DMZ Transparent Mode STEP 1﹒Set a Mail Server in DMZ
190STEP 4﹒Enter the following setting in WAN to DMZ Policy: Click New Entry Destination Address: Select Mail_Server Service: Select E-mail
191STEP 6﹒Add the following setting in LAN to DMZ Policy: Click New Entry Destination Address: Select Mail_Server Service: Select E-mail Cl
192STEP 8﹒Add the following setting in DMZ to WAN Policy: Click New Entry Source Address: Select Mail_Server Service: Select E-mail Click O
193Chapter 13 Alert Setting Alert Setting When the SMC BR21VPN had detected attacks from hackers and the internal PC sending large DDoS attacks.
194Define the required fields of Hacker Alert Detect SYN Attack: Select this option to detect TCP SYN attacks that hackers send to server comput
195 【ICMP Flood Threshold(Per Source IP)Pkts/Sec】: The System Administrator can enter the maximum number of ICMP packets per second from attacking
196Detect Ping of Death Attack: Select this option to detect the attacks of tremendous trash data in PING packets that hackers send to cause Syste
197Detect Land Attack: Some Systems may shut down when receiving packets with the same source and destination addresses, the same source port and
198Internet Alert SMC BR21VPN Alarm and to prevent the computer which being attacked to send DDoS packets to LAN network STEP 1﹒Select Anomaly Flow
Copyright Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for
19Modify the Administrator’s Password STEP 1﹒In the Admin WebUI, locate the Administrator name you want to edit, and click on Modify in the Configure
199After complete the Internal Alert Settings, if the device had detected the internal computer sending large DDoS attack packets and then the alarm
200 Figure16-4 NetBIOS Alert Notification to Administrator’s PC
201 Figure16-5 E-mail Virus Alert
202Chapter 14 Attack Alarm Attack Alarm SMC BR21VPN has two alarm forms: Internal Alarm, and External Alarm. Internal Alarm: When the SMC BR21V
203We set up two Alarm examples in the chapter: No. Suitable Situation Example PageEx 1 Internal Alarm To record the DDoS attack alarm from internal
204Internal Alarm To record the DDoS attack alarm from internal PC STEP 1﹒Select Internal Alarm in Attack Alarm when the device detects DDoS attacks
205External Alarm To record the attack alarm about Hacker attacks the SMC BR21VPN and Intranet STEP 1﹒Select the following settings in External Aler
206STEP 2﹒When Hacker attacks the SMC BR21VPN and Intranet, select External Alarm in Attack Alarm function to have detailed records about the hacker
207Chapter 15 LOG LOG Log records all connections that pass through the SMC BR21VPN’s control policies. The information is classified as Traffic L
208We set up four LOG examples in the chapter: No. Suitable Situation Example PageEx 1 Traffic Log To detect the information and Protocol port that
20Add Remote Management IPs STEP 1﹒Add the following setting in Permitted IPs of Administration: (Figure1-3) Name: Enter master IP Address: Ent
209Traffic Log To detect the information and Protocol port that users use to access to Internet or Intranet by SMC BR21VPN STEP 1﹒Add new policy in
210STEP 3﹒Click Traffic Log. It will show up the packets records that pass this policy. (Figure18-3) Figure18-3 Traffic Log WebUI
211STEP 4﹒Click on a specific IP of Source IP or Destination IP in Figure18-3, it will prompt out a WebUI about Protocol and Port of the IP. (Figure1
212STEP 5﹒Click on Download Logs and select Save in File Download WebUI. And then choose the place to save in PC and click OK; the records will be sa
213STEP 6﹒Click Clear Logs and click OK on the confirm WebUI; the records will be deleted from the SMC BR21VPN instantly. (Figure18-6) Figure18-6 C
214Event Log To record the detailed management events (such as Interface and event description of SMC BR21VPN) of the Administrator STEP 1﹒Click Ev
215STEP 2﹒Click on Download Logs and select Save in File Download WebUI. And then choose the place to save in PC and click OK; the records will be sa
216STEP 3﹒Click Clear Logs and click OK on the confirm WebUI; the records will be deleted from the SMC BR21VPN. (Figure18-9) Figure18-9 Clearing Ev
217Connection Log To Detect Event Description of WAN Connection STEP 1﹒Click Connection in LOG. It can show up WAN Connection records of the SMC BR2
218STEP 2﹒Click on Download Logs and select Save in File Download WebUI. And then choose the place to save in PC and click OK; the records will be sa
21Logout STEP 1﹒Click Logout in System to protect the system while Administrator are away. (Figure1-5) Figure1-5 Confirm Logout WebUI STEP 2﹒Click
219STEP 3﹒Click Clear Logs and click OK on the confirm WebUI, the records will be deleted from the SMC BR21VPN instantly. (Figure18-12) Figure18-12
220Log Backup To save or receive the records that sent by the SMC BR21VPN STEP 1﹒Enter Setting in System, select Enable E-mail Alert Notification f
221STEP 3﹒Enter Log Backup in Log, enter the following settings in Syslog Settings: Select Enable Syslog Messages Enter the IP in Syslog Host
222Chapter 16 Accounting Report Accounting Report Administrator can use this Accounting Report to inquire the LAN IP users and WAN IP users, and
223Define the required fields of Accounting Report Accounting Report Setting: By accounting report function can record the sending information ab
224Inbound Accounting Report It is the statistics of downstream / upstream for all kinds of communication services; the Inbound Accounting report
225Outbound STEP 1﹒Enter Outbound in Accounting Report and select Top Users to inquire the statistics of Send / Receive packets, Downstream / Upstrea
226 Figure19-1 Outbound Source IP Statistics Report
227STEP 2﹒Enter Outbound in Accounting Report and select Top Sites to inquire the statistics website of Send/Receive packets, Downstream/Upstream, Fi
228 Figure19-2 Outbound Destination IP Statistics Report
22Software Update STEP 1﹒Select Software Update in System, and follow the steps below: To obtain the version number from Version Number and obtain
229STEP 3﹒Enter Outbound in Accounting Report and select Top Services to inquire the statistics website of Send / Receive packets, Downstream/Upstrea
230Accounting Report.
231 Figure19-3 Outbound Services Statistics Report Figure19-4 According to the downstream / upstream report of the selected TOP numbering to draw t
232Inbound STEP 1﹒Enter Inbound in Accounting Report and select Top Users to inquire the statistics website of Send / Receive packets, Downstream /
233 Figure19-5 Inbound Top Users Statistics Report
234Enter Inbound in Accounting Report and select Top Sites to inquire the statistics website of Send / Receive packets, Downstream / Upstream, First
235 Figure19-6 Inbound Destination IP Statistics Report
236STEP 2﹒Enter Inbound in Accounting Report and select Top Services to inquire the statistics website of Send/Receive packets, Downstream/Upstream,
237 Figure19-7 Inbound Services Statistics Report Figure19-8 According to the downstream / upstream report of the selected TOP numbering to draw th
238 Chapter 17 Statistics Statistics WAN Statistics: The statistics of Downstream / Upstream packets and Downstream/Upstream traffic record that p
23Chapter 2 Configure Configure The Configure is according to the basic setting of the SMC BR21VPN. In this chapter the definition is Setting, Date
239Define the required fields of Statistics: Statistics Chart: Y-Coordinate:Network Traffic(Kbytes/Sec) X-Coordinate:Time(Hour/Minute) Source
240WAN Statistics STEP 1﹒Enter WAN in Statistics function, it will display all the statistics of Downstream/Upstream packets and Downstream/Upstream
241STEP 3﹒Statistics Chart (Figure20-2) Y-Coordinate:Network Traffic(Kbytes/Sec) X-Coordinate:Time(Hour/Minute) Figure20-2 To Detect WAN Stat
242Policy Statistics STEP 1﹒If you had select Statistics in Policy, it will start to record the chart of that policy in Policy Statistics. (Figure20
243STEP 3﹒Statistics Chart (Figure20-4) Y-Coordinate:Network Traffic(Kbytes/Sec) X-Coordinate:Time(Hour/Minute/Day) Figure
244Chapter 18 Status Status The users can know the connection status in Status. For example: LAN IP, WAN IP, Subnet Netmask, Default Gateway, DNS
245Interface STEP 1﹒Enter Interface in Status function; it will list the setting for each Interface: (Figure21-1) PPPoE Con. Time: The last time
246 Figure21-1 Interface Status
247Authentication STEP 1﹒Enter Authentication in Status function, it will display the record of login status: (Figure21-2) IP Address: The authen
248ARP Table STEP 1﹒Enter ARP Table in Status function; it will display a table about IP Address, MAC Address, and the Interface information which i
24Define the required fields of Settings SMC BR21VPN Configuration: The Administrator can import or export the system settings. Click OK to impo
249DHCP Clients STEP 1﹒In DHCP Clients of Status function, it will display the table of DHCP Clients that are connected to the SMC BR21VPN: (Figure2
SMCBR21VPN20 Mason • Irvine, CA 92618 • Phn: (949) 679-8000 • www.smc.com
25Administration Packet Logging: After enable this function; the SMC BR21VPN will record packet which source IP or destination address is SMC BR
26NAT Mode: It allows Internal Network to set multiple subnet address and connect with the Internet through different WAN IP Addresses. For exampl
27Define the required fields of DHCP Subnet: The domain name of LAN NetMask: The LAN Netmask Gateway: The default Gateway IP address
28Setting System Settings- Exporting STEP 1﹒In System Setting WebUI, click on button next to Export System Settings to Client. STEP 2﹒When the Fi
2LIMITED WARRANTY Limited Warranty Statement: SMC Networks, Inc. (“SMC”) warrants its products to be free from defects in workmanship and materials,
29System Settings- Importing STEP 1﹒In System Setting WebUI, click on the Browse button next to Import System Settings from Client. When the Choose F
30Restoring Factory Default Settings STEP 1﹒Select Reset Factory Settings in SMC BR21VPN Configuration WebUI STEP 2﹒Click OK at the bottom-right of
31 Figure2-4 Reset Factory Settings
32Enabling E-mail Alert Notification STEP 1﹒Select Enable E-mail Alert Notification under E-Mail Settings. STEP 2﹒Device Name: Enter the Device Name
33Reboot SMC BR21VPN STEP 1﹒Reboot SMC BR21VPN:Click Reboot button next to Reboot SMC BR21VPN Appliance. STEP 2﹒A confirmation pop-up page will app
34Date / Time Date/Time Settings STEP 1﹒Select Enable synchronize with an Internet time Server (Figure2-7) STEP 2﹒Click the down arrow to select the
35Multiple Subnet Connect to the Internet through Multiple Subnet NAT or Routing Mode by the IP address that set by the LAN user’s network card Pre
36Adding Multiple Subnet Add the following settings in Multiple Subnet of System function: Click on New Entry Alias IP of LAN Interface: Enter 1
37 WAN1 and WAN2 Interface can use Assist to enter the data. After setting, there will be two subnet in LAN: 192.168.1.0/24 (default LAN subnet) an
38Route Table To connect two different subnet router with the SMC BR21VPN and makes them to connect to Internet through SMC BR21VPN Preparation Comp
3marked on the outside of the package will be returned to customer at customer’s expense. For warranty claims within North America, please call our t
39Route Table STEP 1﹒Enter the following settings in Route Table in System function: 【Destination IP】: Enter 192.168.10.1 【Netmask】: Enter 255.2
40STEP 3﹒Enter the following setting in Route Table in System function: 【Destination IP】: Enter 10.10.10.0 【Netmask】: Enter 255.255.255.0 【Gate
41STEP 4﹒Adding successful. At this time the computer of 192.168.10.1/24, 192.168.20.1/24 and 192.168.1.1/24 can connect with each other and connect
42 DHCP STEP 1﹒Select DHCP in System and enter the following settings: Domain Name:Enter the Domain Name DNS Server 1: Enter the distributed
43 Figure 2-14 DHCP WebUI When selecting Automatically Get DNS, the DNS Server will lock it as LAN Interface IP. (Using Occasion: When the system Ad
44DDNS Dynamic DNS Settings STEP 1﹒Select Dynamic DNS in System function (Figure2-15). Click New Entry button Service providers:Select service pr
45 Chart Meaning Update successfully Incorrect username or password Connecting to server Unknown error If System Administrator had not regi
46Host Table STEP 1﹒Select Host Table in Settings function and click on New Entry Domain Name: The domain name of the server Virtual IP Address
47Language Select the Language version (English Version/ Traditional Chinese Version or Simplified Chinese Version) and click OK. (Figure2-18) Fig
48Chapter 3 Interface Interface In this section, the Administrator can set up the IP addresses for the office network. The Administrator may confi
4CONSEQUENTIAL DAMAGES FOR CONSUMER PRODUCTS, SO THE ABOVE LIMITATIONS AND EXCLUSIONS MAY NOT APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RI
49Define the required fields of Interface LAN: Using the LAN Interface, the Administrator can set up the LAN network of SMC BR21VPN. Ping:
50Connect Mode: Display the current connection mode: PPPoE (ADSL user) Dynamic IP Address (Cable Modem User) Static IP Address Saturated
51DMZ: The Administrator uses the DMZ Interface to set up the DMZ network. The DMZ includes: NAT Mode:In this mode, the DMZ is an indepen
52We set up four Interface Address examples in this chapter: No. Suitable Situation Example PageEx1 LAN Modify LAN Interface Settings 41 Ex2 WAN Set
53LAN Modify LAN Interface Settings STEP 1﹒Select LAN in Interface and enter the following setting: Enter the new IP Address and Netmask Select
54WAN Setting WAN Interface Address STEP 1﹒Select WAN in Interface and click Modify in WAN1 Interface. The setting of WAN2 Interface is almost the
55STEP 2﹒Setting the Connection Service (ICMP or DNS way): ICMP:Enter an Alive Indicator Site IP (can select from Assist) (Figure3-3) DNS:Enter
56STEP 3﹒Select the Connecting way: PPPoE (ADSL User) (Figure3-5): 1. Select PPPoE 2. Enter User Name as an account 3. Enter Password as the passw
57 Figure3-5 PPPoE Connection Figure3-6 Complete PPPoE Connection Setting If the connection is PPPoE, you can choose Service-On-Demand for WAN I
58 Dynamic IP Address (Cable Modem User) (Figure3-7): 1. Select Dynamic IP Address (Cable Modem User) 2. Click Renew in the right side of IP Addres
5COMPLIANCES FCC - Class A This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of th
59 Figure3-7 Dynamic IP Address Connection Figure3-8 Complete Dynamic IP Connection Setting
60 Static IP Address (Figure3-9) 1. Select Static IP Address 2. Enter IP Address, Netmask, and Default Gateway that provide
61 Figure3-10 Complete Static IP Address Connection Setting When selecting Ping and WebUI on WAN network Interface, users will be able to ping the S
62DMZ Setting DMZ Interface Address (NAT Mode) STEP 1﹒Click DMZ Interface STEP 2﹒Select NAT Mode in DMZ Interface Select NAT in DMZ Interface En
63Setting DMZ Interface Address (Transparent Mode) STEP 1﹒Select DMZ Interface STEP 2﹒Select Transparent Mode in DMZ Interface Select DMZ_Transpar
64Chapter 4 Address Address The SMC BR21VPN allows the Administrator to set Interface addresses of the LAN network, LAN network group, WAN network,
65Define the required fields of Address Name: The System Administrator set up a name as IP Address that is easily recognized. IP Address: I
66We set up two Address examples in this chapter: No Suitable Situation Example Page Ex1 LAN Under DHCP circumstances, assign the specific IP to sta
67Example Under DHCP situation, assign the specific IP to static users and restrict them to access FTP net service only through policy STEP 1﹒Select
68STEP 2﹒Adding the following setting in Outgoing Policy: (Figure4-3) Figure 4-3 Add a Policy of Restricting the Specific IP to Access
6RFI Emission: • Limit class A according to EN 55022:1998, IEC 60601-1-2 (EMC,medical) • Limit class A for harmonic current emission according to
69 When the System Administrator setting the Address Book, he/she can choose the way of clicking on to make the SMC BR21VPN to fill out the user’s
70Setup a policy that only allows partial users to connect with specific IP (External Specific IP) STEP 1﹒Setting several LAN network Address. (Figu
71STEP 2﹒Enter the following settings in LAN Group of Address: Click New Entry (Figure 4-6) Enter the Name of the group Select the users in
72STEP 3﹒Enter the following settings in WAN of Address function: Click New Entry (Figure4-8) Enter the following data (Name, IP Address, Netmas
73STEP 4﹒To exercise STEP1~3 in Policy (Figre4-10, 4-11) Figure4-10 To Exercise Address Setting in Policy Figure4-11 Complete the Policy Setting
74Chapter 5 Service Service TCP and UDP protocols support varieties of services, and each service consists of a TCP Port or UDP port number, such a
75it takes only one control policy to achieve the same effect as the 50 control policies.
76Define the required fields of Service Pre-defined WebUI’s Chart and Illustration: Chart Illustration Any Service TCP Service, For example:FTP,
77We set up two Service examples in this chapter: No Suitable Situation Example Page Ex1 Custom Allow external user to communicate with internal use
78Custom Allow external user to communicate with internal user by VoIP through policy. (VoIP Port: TCP 1720, TCP 15328-15333, UDP 15328-15333) STEP
7 Please read the following safety information carefully before installing the device: WARNING: Installation and removal of the unit must be carried
79STEP 2﹒Enter the following setting in Custom of Service function: Click New Entry (Figure5-3) Service Name: Enter the preset name VoIP Proto
80Under general circumstances, the range of port number of client is 1024-65535. Change the client range in Custom of is not suggested. If the por
81STEP 3﹒Compare Service to Virtual Server. (Figure5-5) Figure5-5 Compare Service to Virtual Server STEP 4﹒Compare Virtual Server to Incoming
82Group Setting service group and restrict the specific users only can access to service resource that provided by this group through policy (Group:
83 Figure5-9 Complete the setting of Adding Service Group If you want to remove the service you choose from Selected Service, choose the service
84STEP 2﹒In LAN Group of Address function, Setting an Address Group that can include the service of access to Internet. (Figure5-10) Figure5-10
85Chapter 6 Schedule Schedule In this chapter, the SMC BR21VPN provides the Administrator to configure a schedule for policy to take effect and all
86Example To configure the valid time periods for LAN users to access to Internet in a day STEP 1﹒Enter the following in Schedule: Click New Entry
87STEP 2﹒Compare Schedule with Outgoing Policy (Figure6-3) Figure6-3 Complete the Setting of Comparing Schedule with Policy The Schedule must c
88Chapter 7 QOS QoS By configuring the QoS, you can control the OutBound and InBound Upstream/Downstream Bandwidth. The administrator can configure
8 Veuillez lire à fond l’information de la sécurité suivante avant d’installer le Device: AVERTISSEMENT: L.installation et la dépose de ce groupe doi
89 Figure7-2 the Flow After Using QoS (Max. Bandwidth: 400Kbps, Guaranteed Bandwidth: 200Kbps)
90Define the required fields of QoS WAN: Display WAN1 and WAN2 Downstream Bandwidth: To configure the Guaranteed Bandwidth and Maximum Ban
91We set up two QoS examples in this chapter: No Suitable Situation Example Page Ex1 QoS Setting a policy that can restrict the user’s downstream an
92Example Setting a policy that can restrict the user’s downstream and upstream bandwidth STEP 1﹒Enter the following settings in QoS: Click New En
93STEP 2﹒Use the QoS that set by STEP1 in Outgoing Policy. (Figure7-5, 7-6) Figure7-5 Setting the QoS in Policy Figure7-6 Complete Policy Setting
94Chapter 8 Authentication Authentication By configuring the Authentication, you can control the user’s connection authority. The user has to pass
95Define the required fields of Authentication Authentication Management Provide the Administrator the port number and valid time to setup SMC BR
96z When the user connect to external network by Authentication, the following page will be displayed: (Figure8-2) Figure8-2 Authentication Login
97z It will connect to the appointed website after passing Authentication: (Figure8-3) Figure8-3 Connecting to the Appointed Website After Authent
98Auth-User Name: The user account for Authentication you want to set. Password: The password when setting up Authentication. Confirm Passw
Comments to this Manuals