Product Manual
Page 5
... Internet Attacks 86 Chapter 6. SSL VPN ...101 7.1 Groups and Users 103 7.1.1 Users and Passwords 109 7.2 Using SSL VPN Policies 110 7.2.1 Using Network Resources 113 7.3 Application Port Forwarding 114 7.4 SSL VPN Client Configuration 116 7.5 User Portal ...118 7.5.1 Creating Portal Layouts 119 Chapter 8. Advanced Configuration Tools 121 8.1 USB Device Setup 121 8.2 SMS service...122...
... Internet Attacks 86 Chapter 6. SSL VPN ...101 7.1 Groups and Users 103 7.1.1 Users and Passwords 109 7.2 Using SSL VPN Policies 110 7.2.1 Using Network Resources 113 7.3 Application Port Forwarding 114 7.4 SSL VPN Client Configuration 116 7.5 User Portal ...118 7.5.1 Creating Portal Layouts 119 Chapter 8. Advanced Configuration Tools 121 8.1 USB Device Setup 121 8.2 SMS service...122...
Product Manual
Page 6
...Router Status and Statistics 144 10.1 System Overview 144 10.1.1 Device Status ...144 10.1.2 Resource Utilization 146 10.2 Traffic Statistics ...149 10.2.1 Wired Port Statistics 149 10.2.2 Wireless Statistics 150 10.3 Active Connections 151 10.3.1 Sessions through the Router 151 10.3.2 Wireless Clients...153 10.3.3 LAN Clients ...... ...161 Appendix A. Glossary ...162 Appendix B. Unified Services Router User Manual 8.3 Authentication Certificates 124 8.4 Advanced Switch Configuration 126 Chapter 9. Standard Services Available for Port Forwarding & Firewall Configuration 166 4
...Router Status and Statistics 144 10.1 System Overview 144 10.1.1 Device Status ...144 10.1.2 Resource Utilization 146 10.2 Traffic Statistics ...149 10.2.1 Wired Port Statistics 149 10.2.2 Wireless Statistics 150 10.3 Active Connections 151 10.3.1 Sessions through the Router 151 10.3.2 Wireless Clients...153 10.3.3 LAN Clients ...... ...161 Appendix A. Glossary ...162 Appendix B. Unified Services Router User Manual 8.3 Authentication Certificates 124 8.4 Advanced Switch Configuration 126 Chapter 9. Standard Services Available for Port Forwarding & Firewall Configuration 166 4
Product Manual
Page 10
...Global filter 111 Figure 74: SSL VPN policy configuration 112 Figure 75: List of configured resources, which are available to assign to the DSR 102 Figure 65: List of groups ...103 Figure 66: User group configuration ...104 Figure 67: SSLVPN Settings...105 Figure 68: Group ...options for traffic through router 135 Figure 93: E-mail configuration as a Remote Logging option 136 Figure 94: Syslog server configuration for SSL Port Forwarding 116 Figure 77: SSL VPN client adapter and access configuration 117 Figure 78: Configured client routes only apply in the current configuration being...
...Global filter 111 Figure 74: SSL VPN policy configuration 112 Figure 75: List of configured resources, which are available to assign to the DSR 102 Figure 65: List of groups ...103 Figure 66: User group configuration ...104 Figure 67: SSLVPN Settings...105 Figure 68: Group ...options for traffic through router 135 Figure 93: E-mail configuration as a Remote Logging option 136 Figure 94: Syslog server configuration for SSL Port Forwarding 116 Figure 77: SSL VPN client adapter and access configuration 117 Figure 78: Configured client routes only apply in the current configuration being...
Product Manual
Page 15
...management connected to the LAN to avoid duplicate addresses on the LAN. The LAN connection may also be used to forward DHCP lease information from another PC on your PCs, set the DHCP mode to the hosts on the router, or... once the initial setup is complete, the DSR may be through its wireless interface as the gateway address for all DHCP clients receive the DNS IP addresses of using...devices can be the DHCP server or if you can be managed through the wired Ethernet ports available on the WLAN or LAN network.
...management connected to the LAN to avoid duplicate addresses on the LAN. The LAN connection may also be used to forward DHCP lease information from another PC on your PCs, set the DHCP mode to the hosts on the router, or... once the initial setup is complete, the DSR may be through its wireless interface as the gateway address for all DHCP clients receive the DNS IP addresses of using...devices can be the DHCP server or if you can be managed through the wired Ethernet ports available on the WLAN or LAN network.
Product Manual
Page 25
... untagged. By selecting one ). All data going into the port is not forwarded, except for the default VLAN with PVID=1, which is untagged. Trunk ports multiplex traffic for multiple VLANs over the same physical link. Select PVID for the port when the General mode is selected. Configured VLAN memberships will be routed between...
... untagged. By selecting one ). All data going into the port is not forwarded, except for the default VLAN with PVID=1, which is untagged. Trunk ports multiplex traffic for multiple VLANs over the same physical link. Select PVID for the port when the General mode is selected. Configured VLAN memberships will be routed between...
Product Manual
Page 70
... otherwise ALLOW, or ALLOW by this rule. Source & Destination users: For each relevant category, select the users to the port number entered here. 68 Destination NAT is available when the To Zone = DMZ or secure LAN. With an inbound allow ...the router's logging feature separately. QoS Priority: Outbound rules (where To Zone = insecure WAN only) can enable port forwarding for managing traffic from the internet to reach the appropriate LAN port via a port forwarding rule. Translate Port Number: With port forwarding, the incoming traffic to be logged;
... otherwise ALLOW, or ALLOW by this rule. Source & Destination users: For each relevant category, select the users to the port number entered here. 68 Destination NAT is available when the To Zone = DMZ or secure LAN. With an inbound allow ...the router's logging feature separately. QoS Priority: Outbound rules (where To Zone = insecure WAN only) can enable port forwarding for managing traffic from the internet to reach the appropriate LAN port via a port forwarding rule. Translate Port Number: With port forwarding, the incoming traffic to be logged;
Product Manual
Page 74
... addresses. Unified Services Router User Manual 5.3.1 Firewall Rule Configuration Examples Example 1: Allow inbound HTTP traffic to Local Server (DNAT IP) Destination Users From To Enable Port Forwarding Value Insecure (WAN1/WAN2/WAN3) Secure (LAN) CU-SEEME:UDP ALLOW always 192.168.10.11 Address Range 132.177.88.2 134.177.88.254...
... addresses. Unified Services Router User Manual 5.3.1 Firewall Rule Configuration Examples Example 1: Allow inbound HTTP traffic to Local Server (DNAT IP) Destination Users From To Enable Port Forwarding Value Insecure (WAN1/WAN2/WAN3) Secure (LAN) CU-SEEME:UDP ALLOW always 192.168.10.11 Address Range 132.177.88.2 134.177.88.254...
Product Manual
Page 81
... incoming data for that application only on one or more flexible than static port forwarding that port forwarding does not offer. Port triggering is not appropriate for servers on the LAN, since there is a dependency on a specific port or range of dynamic port forwarding while an application is an available option when configuring firewall rules. Unified Services...
... incoming data for that application only on one or more flexible than static port forwarding that port forwarding does not offer. Port triggering is not appropriate for servers on the LAN, since there is a dependency on a specific port or range of dynamic port forwarding while an application is an available option when configuring firewall rules. Unified Services...
Product Manual
Page 103
... to allow remote users to the standard IPsec VPN. Note that are available to remote port forwarding users instead of a preinstalled VPN client on the user's host and this router: ... host. Once established, the host machine can define specific services or applications that Port Forwarding service only supports TCP connections between the remote user and the router. The router..., and Apple Safari. Chapter 7. The router administrator can access allocated network resources. Port Forwarding: A web-based (ActiveX or Java) client is installed in place of a VPN client ...
... to allow remote users to the standard IPsec VPN. Note that are available to remote port forwarding users instead of a preinstalled VPN client on the user's host and this router: ... host. Once established, the host machine can define specific services or applications that Port Forwarding service only supports TCP connections between the remote user and the router. The router..., and Apple Safari. Chapter 7. The router administrator can access allocated network resources. Port Forwarding: A web-based (ActiveX or Java) client is installed in place of a VPN client ...
Product Manual
Page 115
... both. Defined resources: This policy can provide access to the resource (VPN tunnel, Port Forwarding or All). 113 The Network Address, Mask Length, and Port Range/Port Number can be configured in the GUI: Resource name: A unique identifier name for multiple remote SSL VPN users.... the following in advance of creating the policy to easily create and configure SSL VPN policies. Unified Services Router User Manual Port range: If the policy governs a type of traffic, this field is used to make them available for selection as required. Leaving the...
... both. Defined resources: This policy can provide access to the resource (VPN tunnel, Port Forwarding or All). 113 The Network Address, Mask Length, and Port Range/Port Number can be configured in the GUI: Resource name: A unique identifier name for multiple remote SSL VPN users.... the following in advance of creating the policy to easily create and configure SSL VPN policies. Unified Services Router User Manual Port range: If the policy governs a type of traffic, this field is used to make them available for selection as required. Leaving the...
Product Manual
Page 116
... users. Allowing access to a LAN server requires entering the local server IP address and TCP port number of configured resources, which are available to assign to SSL VPN policies 7.3 Application Port Forwarding Setup > VPN Settings > SSL VPN Server > Port Forwarding Port forwarding allows remote SSL users to access specified network applications or services after they login to...
... users. Allowing access to a LAN server requires entering the local server IP address and TCP port number of configured resources, which are available to assign to SSL VPN policies 7.3 Application Port Forwarding Setup > VPN Settings > SSL VPN Server > Port Forwarding Port forwarding allows remote SSL users to access specified network applications or services after they login to...
Product Manual
Page 117
... an IP address, the FQDN corresponding to access TCP applications instead of errorprone IP addresses when using the Port Forwarding service through the SSL User Portal. To configure port forwarding, following are required: Local Server IP address: The IP address of the local server which... defined it is displayed in a list of the configured application for port forwarding. The local server IP address of the configured hostname must match the IP address of configured applications for port forwarding. 115 allow for IP address resolution. This host name resolution provides...
... an IP address, the FQDN corresponding to access TCP applications instead of errorprone IP addresses when using the Port Forwarding service through the SSL User Portal. To configure port forwarding, following are required: Local Server IP address: The IP address of the local server which... defined it is displayed in a list of the configured application for port forwarding. The local server IP address of the configured hostname must match the IP address of configured applications for port forwarding. 115 allow for IP address resolution. This host name resolution provides...
Product Manual
Page 118
... is launched from the corporate subnet, DNS and WINS settings is being accessed through the SSL VPN tunnel. 116 The IP address range for SSL Port Forwarding 7.4 SSL VPN Client Configuration Setup > VPN Settings > SSL VPN Client > SSL VPN Client An SSL VPN tunnel client provides a point-to access services on the...
... is launched from the corporate subnet, DNS and WINS settings is being accessed through the SSL VPN tunnel. 116 The IP address range for SSL Port Forwarding 7.4 SSL VPN Client Configuration Setup > VPN Settings > SSL VPN Client > SSL VPN Client An SSL VPN tunnel client provides a point-to access services on the...
Product Manual
Page 120
This portal provides the authentication fields to access the private network through an SSL tunnel (either using the Port Forwarding or VPN tunnel service), they login through a user portal. The domain where the user account is set here. Subnet mask: The subnet ...VPN tunnel. Unified Services Router User Manual Setup > VPN Settings > SSL VPN Client > Configured Client Routes If the SSL VPN client is needed to forward private traffic through the VPN Firewall to the remote SSL VPN client. As well a static route on the private LAN's firewall (typically this router) ...
This portal provides the authentication fields to access the private network through an SSL tunnel (either using the Port Forwarding or VPN tunnel service), they login through a user portal. The domain where the user account is set here. Subnet mask: The subnet ...VPN tunnel. Unified Services Router User Manual Setup > VPN Settings > SSL VPN Client > Configured Client Routes If the SSL VPN client is needed to forward private traffic through the VPN Firewall to the remote SSL VPN client. As well a static route on the private LAN's firewall (typically this router) ...
Product Manual
Page 121
... Portal Layouts Setup > VPN Settings > SSL VPN Server > Portal Layouts The router allows you to communicate details such as the VPN Tunnel page or Port Forwarding page. The portal name, title, banner name, and banner contents are various fields in the SSL VPN menu. To configure a portal layout and theme... SSL VPN portals. The portal name is appended to select for remote SSL VPN users that opens when the ―User Portal‖ link is https://192.168.10.1/scgi- This field is presented upon authentication. This is the same page that is optional. 119 Unified Services ...
... Portal Layouts Setup > VPN Settings > SSL VPN Server > Portal Layouts The router allows you to communicate details such as the VPN Tunnel page or Port Forwarding page. The portal name, title, banner name, and banner contents are various fields in the SSL VPN menu. To configure a portal layout and theme... SSL VPN portals. The portal name is appended to select for remote SSL VPN users that opens when the ―User Portal‖ link is https://192.168.10.1/scgi- This field is presented upon authentication. This is the same page that is optional. 119 Unified Services ...
Product Manual
Page 122
.... Display banner message on this SSL VPN portal. SSL VPN portal page to display: The User can either enable VPN tunnel page or Port Forwarding, or both depending on the SSL services to display on the login page: The user has the option to either display or hide the banner...
.... Display banner message on this SSL VPN portal. SSL VPN portal page to display: The User can either enable VPN tunnel page or Port Forwarding, or both depending on the SSL services to display on the login page: The user has the option to either display or hide the banner...
Product Manual
Page 157
... active. Unified Services Router Figure 111: List of current Active VPN Sessions User Manual All active SSL VPN connections, both for VPN tunnel and VPN Port forwarding, are as well. Status of the SSL connection between this router. Table fields are displayed on this page as follows. The assigned IP address of... the remote VPN client. Field Description User Name The SSL VPN user that has an active tunnel or port forwarding session to this router and the remote VPN client: Not Connected or Connected. 155
... active. Unified Services Router Figure 111: List of current Active VPN Sessions User Manual All active SSL VPN connections, both for VPN tunnel and VPN Port forwarding, are as well. Status of the SSL connection between this router. Table fields are displayed on this page as follows. The assigned IP address of... the remote VPN client. Field Description User Name The SSL VPN user that has an active tunnel or port forwarding session to this router and the remote VPN client: Not Connected or Connected. 155
Product Manual
Page 168
Standard Services Available for Port Forwarding & Firewall Configuration ANY AIM BGP BOOTP_CLIENT BOOTP_SERVER CU-SEEME:UDP CU-SEEME:TCP DNS:UDP DNS:TCP FINGER FTP HTTP HTTPS ICMP-TYPE-3 ICMP-TYPE-4 ICMP-TYPE-5 ICMP-TYPE-6 ICMP-TYPE-7 ICMP-TYPE-8 ICMP-TYPE-9 ICMP-TYPE-10 ICMP-TYPE-11 ICMP-TYPE-13 ICQ IMAP2 IMAP3 IRC NEWS NFS NNTP PING POP3 PPTP RCMD REAL-AUDIO REXEC RLOGIN RTELNET RTSP:TCP RTSP:UDP SFTP SMTP SNMP:TCP SNMP:UDP SNMP-TRAPS:TCP SNMP-TRAPS:UDP SQL-NET SSH:TCP SSH:UDP STRMWORKS TACACS TELNET TFTP VDOLIVE 166 Unified Services Router User Manual Appendix C.
Standard Services Available for Port Forwarding & Firewall Configuration ANY AIM BGP BOOTP_CLIENT BOOTP_SERVER CU-SEEME:UDP CU-SEEME:TCP DNS:UDP DNS:TCP FINGER FTP HTTP HTTPS ICMP-TYPE-3 ICMP-TYPE-4 ICMP-TYPE-5 ICMP-TYPE-6 ICMP-TYPE-7 ICMP-TYPE-8 ICMP-TYPE-9 ICMP-TYPE-10 ICMP-TYPE-11 ICMP-TYPE-13 ICQ IMAP2 IMAP3 IRC NEWS NFS NNTP PING POP3 PPTP RCMD REAL-AUDIO REXEC RLOGIN RTELNET RTSP:TCP RTSP:UDP SFTP SMTP SNMP:TCP SNMP:UDP SNMP-TRAPS:TCP SNMP-TRAPS:UDP SQL-NET SSH:TCP SSH:UDP STRMWORKS TACACS TELNET TFTP VDOLIVE 166 Unified Services Router User Manual Appendix C.
Product Manual
Page 170
...: user has changed MTU option nimfAdvOptSetWrap: MTU: %d nimfAdvOptSetWrap: old MTU size: %d nimfAdvOptSetWrap: old Port Speed Option: %d nimfAdvOptSetWrap: old Mac Address Option: %d nimfAdvOptSetWrap: MacAddress: %s Setting LED [%d]:[%d] For...nimfStatusUpdate: updating NimfStatus failed nimfStatusUpdate: updating NimfStatus failed nimfLinkStatusGet: determinig link's status failed nimfLinkStatusGet: opening the lanUptime File Error Opening the...forwarding failed to set capabilities on the " failed to enable IPv6 forwarding failed to set capabilities on the " failed to disable IPv6 forwarding ...
...: user has changed MTU option nimfAdvOptSetWrap: MTU: %d nimfAdvOptSetWrap: old MTU size: %d nimfAdvOptSetWrap: old Port Speed Option: %d nimfAdvOptSetWrap: old Mac Address Option: %d nimfAdvOptSetWrap: MacAddress: %s Setting LED [%d]:[%d] For...nimfStatusUpdate: updating NimfStatus failed nimfStatusUpdate: updating NimfStatus failed nimfLinkStatusGet: determinig link's status failed nimfLinkStatusGet: opening the lanUptime File Error Opening the...forwarding failed to set capabilities on the " failed to enable IPv6 forwarding failed to set capabilities on the " failed to disable IPv6 forwarding ...
Product Manual
Page 190
... for pLogicalIfName \ Enabling Accept for INPUT Enabling Accept for FORWARD Setting Routing mode for pLogicalIfName \ Enabling DROP for INPUT Enabling DROP for FORWARD Disabling NAT based Firewall Rules Enabling Firewall Rules for URL Filtering & " Adding Firewall Rule for Public zone. Deleting rule, port triggering for PERMIT and BLOCK REST. DEBUG DEBUG DEBUG DEBUG...
... for pLogicalIfName \ Enabling Accept for INPUT Enabling Accept for FORWARD Setting Routing mode for pLogicalIfName \ Enabling DROP for INPUT Enabling DROP for FORWARD Disabling NAT based Firewall Rules Enabling Firewall Rules for URL Filtering & " Adding Firewall Rule for Public zone. Deleting rule, port triggering for PERMIT and BLOCK REST. DEBUG DEBUG DEBUG DEBUG...