Product Manual
Page 4
...Device with WPS 54 Manual Wireless Network Setup 55 4.2 4.2.1 4.2.2 4.2.3 Wireless Profiles ...55 WEP Security ...56 WPA or WPA2 with Multiple WAN Links 41 Auto Failover...41 Load Balancing...42 Protocol Bindings ...43 3.5 3.5.1 3.5.2 3.5.3 Routing Configuration 44 Routing Mode ...44 Dynamic Routing (RIP 47...16 2.1.2 Configuring IPv6 Router Advertisements 19 2.2 VLAN Configuration 21 2.2.1 Associating VLANs to ports 22 2.3 Configurable Port: DMZ Setup 24 2.4 Universal Plug and Play (UPnP 25 2.5 Captive Portal ...27 Chapter 3. Unified Services Router User Manual Table of Contents ...
...Device with WPS 54 Manual Wireless Network Setup 55 4.2 4.2.1 4.2.2 4.2.3 Wireless Profiles ...55 WEP Security ...56 WPA or WPA2 with Multiple WAN Links 41 Auto Failover...41 Load Balancing...42 Protocol Bindings ...43 3.5 3.5.1 3.5.2 3.5.3 Routing Configuration 44 Routing Mode ...44 Dynamic Routing (RIP 47...16 2.1.2 Configuring IPv6 Router Advertisements 19 2.2 VLAN Configuration 21 2.2.1 Associating VLANs to ports 22 2.3 Configurable Port: DMZ Setup 24 2.4 Universal Plug and Play (UPnP 25 2.5 Captive Portal ...27 Chapter 3. Unified Services Router User Manual Table of Contents ...
Product Manual
Page 8
... 5: Adding VLAN memberships to the LAN 22 Figure 6: Port VLAN list ...23 Figure 7: Configuring VLAN membership for a port 24 Figure 8: DMZ configuration ...25 Figure 9: UPnP Configuration...26 Figure 10: Active Runtime sessions ...27 Figure 11: Internet Connection Setup Wizard 28 Figure 12: Manual ... Figure 28: Wireless Network Setup Wizards 54 Figure 29: List of Available Profiles shows the options available to secure the wireless link .........56 Figure 30: Profile configuration to set network security 57 Figure 31: RADIUS server (External Authentication) configuration 59 Figure 32: Virtual...
... 5: Adding VLAN memberships to the LAN 22 Figure 6: Port VLAN list ...23 Figure 7: Configuring VLAN membership for a port 24 Figure 8: DMZ configuration ...25 Figure 9: UPnP Configuration...26 Figure 10: Active Runtime sessions ...27 Figure 11: Internet Connection Setup Wizard 28 Figure 12: Manual ... Figure 28: Wireless Network Setup Wizards 54 Figure 29: List of Available Profiles shows the options available to secure the wireless link .........56 Figure 30: Profile configuration to set network security 57 Figure 31: RADIUS server (External Authentication) configuration 59 Figure 32: Virtual...
Product Manual
Page 9
... a firewall rule 67 Figure 39: Example where an outbound SNAT rule is used to map an external IP address (209.156.200.225) to a private DMZ IP address (10.30.30.30 70 Figure 40: The firewall rule configuration page allows you to define the To/From zone, service, action, schedules... list 83 Figure 49: Export Approved URL list ...84 Figure 50: The following example binds a LAN host's MAC Address to an IP address served by DSR. If there is an IP/MAC Binding violation, the violating packet will be dropped and logs will be captured ...85 Figure 51: Intrusion Prevention features...
... a firewall rule 67 Figure 39: Example where an outbound SNAT rule is used to map an external IP address (209.156.200.225) to a private DMZ IP address (10.30.30.30 70 Figure 40: The firewall rule configuration page allows you to define the To/From zone, service, action, schedules... list 83 Figure 49: Export Approved URL list ...84 Figure 50: The following example binds a LAN host's MAC Address to an IP address served by DSR. If there is an IP/MAC Binding violation, the violating packet will be dropped and logs will be captured ...85 Figure 51: Intrusion Prevention features...
Product Manual
Page 12
...DSR-250N and DSR-500N supports the 2.4GHz radio band only. Flexible Deployment Options The DSR-1000 / 1000N supports Third Generation (3G) Networks via features such as a DMZ port allowing you are capable of benefits: Comprehensive Management Capabilities The DSR-500, DSR-500N, DSR-1000 and DSR-...Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), and Secure Sockets Layer (SSL). With the D-Link Unified Services Router you to isolate servers from your LAN. DSR-250 /250N have a single WAN interface, and thus it does not support Auto Failover and Load Balancing ...
...DSR-250N and DSR-500N supports the 2.4GHz radio band only. Flexible Deployment Options The DSR-1000 / 1000N supports Third Generation (3G) Networks via features such as a DMZ port allowing you are capable of benefits: Comprehensive Management Capabilities The DSR-500, DSR-500N, DSR-1000 and DSR-...Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), and Secure Sockets Layer (SSL). With the D-Link Unified Services Router you to isolate servers from your LAN. DSR-250 /250N have a single WAN interface, and thus it does not support Auto Failover and Load Balancing ...
Product Manual
Page 26
...cannot be identical to the IP address given to be configured as well. This router supports one of the DMZ nodes, the LAN is open to be exposed on the DMZ do not have a configurable port - In the event of an attack to any of the physical ports ... the public but behind the firewall. Setup > DMZ Setup > DMZ Setup Configuration DMZ configuration is identical to the DMZ from both the LAN or WAN. Unified Services Router Figure 7: Configuring VLAN membership for a port User Manual 2.3 Configurable Port: DMZ Setup DSR-250/250N does not have to the LAN interface of this...
...cannot be identical to the IP address given to be configured as well. This router supports one of the DMZ nodes, the LAN is open to be exposed on the DMZ do not have a configurable port - In the event of an attack to any of the physical ports ... the public but behind the firewall. Setup > DMZ Setup > DMZ Setup Configuration DMZ configuration is identical to the DMZ from both the LAN or WAN. Unified Services Router Figure 7: Configuring VLAN membership for a port User Manual 2.3 Configurable Port: DMZ Setup DSR-250/250N does not have to the LAN interface of this...
Product Manual
Page 27
... UPnP: 25 If disabled, the router will not allow for automatic device configuration. Unified Services Router Figure 8: DMZ configuration User Manual In order to configure a DMZ port, the router's configurable port must be set to DMZ in the Setup > Internet Settings > Configurable Port page. 2.4 Universal Plug and Play (UPnP) Advanced > Advanced Network...
... UPnP: 25 If disabled, the router will not allow for automatic device configuration. Unified Services Router Figure 8: DMZ configuration User Manual In order to configure a DMZ port, the router's configurable port must be set to DMZ in the Setup > Internet Settings > Configurable Port page. 2.4 Universal Plug and Play (UPnP) Advanced > Advanced Network...
Product Manual
Page 29
...for DMZ hosts. Figure 10: Active Runtime sessions 27 Advanced > Captive Portal >Captive Portal Sessions The Active Runtime internet sessions through the router's firewall are not interested in the below table. Unified Services Router User Manual 2.5 Captive Portal DSR-250/250N does... not have had their login credentials approved for a username / password. LAN users can gain internet access via web portal authentication with the DSR. Also referred to selectively drop an authenticated user. ...
...for DMZ hosts. Figure 10: Active Runtime sessions 27 Advanced > Captive Portal >Captive Portal Sessions The Active Runtime internet sessions through the router's firewall are not interested in the below table. Unified Services Router User Manual 2.5 Captive Portal DSR-250/250N does... not have had their login credentials approved for a username / password. LAN users can gain internet access via web portal authentication with the DSR. Also referred to selectively drop an authenticated user. ...
Product Manual
Page 47
... User Manual your ISP has assigned only one IP address to you use a "private" IP address range while the WAN port on the Internet. All DSR features (such as ―NAT loopback‖ since LAN generated traffic is also referred to as 3G modem support) are supported in transparent mode assuming... the LAN and WAN are switched to be in the same broadcast domain select Transparent mode, which allows several computers on the LAN and DMZ to access internal servers (eg. This is redirected through the router will need to the WAN and vice versa, if they do not get filtered...
... User Manual your ISP has assigned only one IP address to you use a "private" IP address range while the WAN port on the Internet. All DSR features (such as ―NAT loopback‖ since LAN generated traffic is also referred to as 3G modem support) are supported in transparent mode assuming... the LAN and WAN are switched to be in the same broadcast domain select Transparent mode, which allows several computers on the LAN and DMZ to access internal servers (eg. This is redirected through the router will need to the WAN and vice versa, if they do not get filtered...
Product Manual
Page 50
... IPv4 networks only, and identifies the subnet that have been added manually by this static route Interface: The physical network interface (WAN1, WAN2, WAN3, DMZ or LAN), through which this route is accessible. Gateway: IP address of the gateway through which the destination host or network can be shared...
... IPv4 networks only, and identifies the subnet that have been added manually by this static route Interface: The physical network interface (WAN1, WAN2, WAN3, DMZ or LAN), through which this route is accessible. Gateway: IP address of the gateway through which the destination host or network can be shared...
Product Manual
Page 51
... key elements of WAN 3 configuration. Reconnect Mode: Select one of the physical ports WAN3 to be configured as a secondary WAN Ethernet port or a dedicated DMZ port. Username: Enter the username required to log in to be configured for a specified number of minutes in the 49 o On Demand: The connection is...
... key elements of WAN 3 configuration. Reconnect Mode: Select one of the physical ports WAN3 to be configured as a secondary WAN Ethernet port or a dedicated DMZ port. Username: Enter the username required to log in to be configured for a specified number of minutes in the 49 o On Demand: The connection is...
Product Manual
Page 52
...Enter the number to dial to the ISP. Authentication Protocol: Select one of None, PAP or CHAP Authentication Protocols to connect to configure the DMZ port on the Internet. If you configure your ISP assigned a static DNS IP address for the gateway. o Use These DNS Servers: Choose this section.... WAN ports for you to specify the DNS server source in this section. Click Save Settings to the correct resources on the DMZ Configuration menu. Unified Services Router User Manual Maximum Idle Time field. Choose from ISP: Choose this option is selected, configure the WAN3...
...Enter the number to dial to the ISP. Authentication Protocol: Select one of None, PAP or CHAP Authentication Protocols to connect to configure the DMZ port on the Internet. If you configure your ISP assigned a static DNS IP address for the gateway. o Use These DNS Servers: Choose this section.... WAN ports for you to specify the DNS server source in this section. Click Save Settings to the correct resources on the DMZ Configuration menu. Unified Services Router User Manual Maximum Idle Time field. Choose from ISP: Choose this option is selected, configure the WAN3...
Product Manual
Page 67
... is called ―exposing your host.‖ How you must make your network by the WAN or public DMZ network. 5.1 Firewall Rules Advanced > Firewall Settings > Firewall Rules Inbound (WAN to LAN/DMZ) rules restrict access to traffic entering your router uses to access services on the LAN, such as chat ...rooms or games. This is done by specifying the ―From Zone‖ (LAN/WAN/DMZ) and ―To Zone‖ (LAN/WAN/DMZ) Schedules as defined by applications and services on the secure LAN, you make the router's WAN port IP address known...
... is called ―exposing your host.‖ How you must make your network by the WAN or public DMZ network. 5.1 Firewall Rules Advanced > Firewall Settings > Firewall Rules Inbound (WAN to LAN/DMZ) rules restrict access to traffic entering your router uses to access services on the LAN, such as chat ...rooms or games. This is done by specifying the ―From Zone‖ (LAN/WAN/DMZ) and ―To Zone‖ (LAN/WAN/DMZ) Schedules as defined by applications and services on the secure LAN, you make the router's WAN port IP address known...
Product Manual
Page 68
... name can be enabled or disabled automatically if they are associated with a configured schedule. The default outbound rule is allow access from DMZ to traffic leaving your Time Zone and configuring NTP servers for each service. The schedule configuration page allows you to define days of ...the week and the time of Available Firewall Rules 5.2 Defining Rule Schedules Tools > Schedules Firewall rules can be used. Outbound (LAN/DMZ to WAN) rules restrict access to insecure WAN. When the default outbound policy is to block hosts on choosing your network, selectively allowing...
... name can be enabled or disabled automatically if they are associated with a configured schedule. The default outbound rule is allow access from DMZ to traffic leaving your Time Zone and configuring NTP servers for each service. The schedule configuration page allows you to define days of ...the week and the time of Available Firewall Rules 5.2 Defining Rule Schedules Tools > Schedules Firewall rules can be used. Outbound (LAN/DMZ to WAN) rules restrict access to insecure WAN. When the default outbound policy is to block hosts on choosing your network, selectively allowing...
Product Manual
Page 69
...new rule's configuration page. If the From Zone is enabled (active) or not, and gives a summary of originating traffic: either the secure LAN, public DMZ, or insecure WAN. Unified Services Router User Manual Figure 38: List of Available Schedules to bind to a firewall rule 5.3 Configuring Firewall Rules Advanced > ...create a new firewall rules, follow the steps below: 1. Once created, the new rule is the LAN, then the To Zone can be the public DMZ or insecure WAN. 5. Chose the From Zone to be selected as the services or users that rule's configuration page. To add a new...
...new rule's configuration page. If the From Zone is enabled (active) or not, and gives a summary of originating traffic: either the secure LAN, public DMZ, or insecure WAN. Unified Services Router User Manual Figure 38: List of Available Schedules to bind to a firewall rule 5.3 Configuring Firewall Rules Advanced > ...create a new firewall rules, follow the steps below: 1. Once created, the new rule is the LAN, then the To Zone can be the public DMZ or insecure WAN. 5. Chose the From Zone to be selected as the services or users that rule's configuration page. To add a new...
Product Manual
Page 70
... = WAN) by this rule. A schedule must be available in the dropdown list to assign to be logged; Destination NAT is available when the To Zone = DMZ or secure LAN. With an inbound allow the selected service traffic from the WAN. Select a priority level: Normal-Service: ToS=0 (lowest QoS) ...
... = WAN) by this rule. A schedule must be available in the dropdown list to assign to be logged; Destination NAT is available when the To Zone = DMZ or secure LAN. With an inbound allow the selected service traffic from the WAN. Select a priority level: Normal-Service: ToS=0 (lowest QoS) ...
Product Manual
Page 71
...by selecting either the primary WAN or configurable port WAN as your primary IP address on the LAN or DMZ. To enable or disable a rule, click the checkbox next to the rule in the list of ... specific services or addresses) to a rule and click up or down. 69 In this way the LAN/DMZ server can be assigned to a specific WAN interface or external IP address (usually provided by its aliased public...Disable. The router applies firewall rules in order to map (bind) all LAN/DMZ traffic matching the rule parameters to servers on the WAN port, and the others can be the WAN ...
...by selecting either the primary WAN or configurable port WAN as your primary IP address on the LAN or DMZ. To enable or disable a rule, click the checkbox next to the rule in the list of ... specific services or addresses) to a rule and click up or down. 69 In this way the LAN/DMZ server can be assigned to a specific WAN interface or external IP address (usually provided by its aliased public...Disable. The router applies firewall rules in order to map (bind) all LAN/DMZ traffic matching the rule parameters to servers on the WAN port, and the others can be the WAN ...
Product Manual
Page 72
Unified Services Router User Manual Figure 39: Example where an outbound SNAT rule is used to map an external IP address (209.156.200.225) to a private DMZ IP address (10.30.30.30) 70
Unified Services Router User Manual Figure 39: Example where an outbound SNAT rule is used to map an external IP address (209.156.200.225) to a private DMZ IP address (10.30.30.30) 70
Product Manual
Page 74
... 72 Parameter From Zone To Zone Service Action Send to Local Server (DNAT IP) Destination Users Log Value Insecure (WAN1/WAN2/WAN3) Public (DMZ) HTTP ALLOW always 192.168.5.2 (web server IP address) Any Never Example 2: Allow videoconferencing from range of outside IP address to allow inbound ...HTTP requests from a specified range of external IP addresses. You want to the IP address of your local DMZ network. Solution: Create an inbound rule as follows. In the example, CUSeeMe (the video conference service used) connections are allowed only from...
... 72 Parameter From Zone To Zone Service Action Send to Local Server (DNAT IP) Destination Users Log Value Insecure (WAN1/WAN2/WAN3) Public (DMZ) HTTP ALLOW always 192.168.5.2 (web server IP address) Any Never Example 2: Allow videoconferencing from range of outside IP address to allow inbound ...HTTP requests from a specified range of external IP addresses. You want to the IP address of your local DMZ network. Solution: Create an inbound rule as follows. In the example, CUSeeMe (the video conference service used) connections are allowed only from...
Product Manual
Page 75
... that configures the firewall to Local Server (DNAT IP) 4 De:stination Users From B WlAN Users Loog c Value Insecure (WAN1/WAN2/WAN3) Public (DMZ) HTTP ALLOW always 192.168.12.222 ( web server local IP address) Single Address 10.1.0.52 Any Never Example 4: Block traffic by schedule if generated...PaErameter Frxom Zone a TomZone Seprvice l Acetion Send to host an additional public IP address. The other addresses are available to map to your DMZ servers. all remote users). This address is used to provide Internet access to your LAN PCs through the Network from the WAN (i.e. The ...
... that configures the firewall to Local Server (DNAT IP) 4 De:stination Users From B WlAN Users Loog c Value Insecure (WAN1/WAN2/WAN3) Public (DMZ) HTTP ALLOW always 192.168.12.222 ( web server local IP address) Single Address 10.1.0.52 Any Never Example 4: Block traffic by schedule if generated...PaErameter Frxom Zone a TomZone Seprvice l Acetion Send to host an additional public IP address. The other addresses are available to map to your DMZ servers. all remote users). This address is used to provide Internet access to your LAN PCs through the Network from the WAN (i.e. The ...
Product Manual
Page 81
...of the defined outgoing ports, and then opens an incoming port for servers on the LAN, since there is a dependency on the LAN or DMZ to as a form of traffic. This feature allows devices on the LAN device making an outgoing connection before incoming ports are opened outgoing or ...reference a specific LAN IP or IP range. This is transmitting data over the opened . Port triggering waits for an outbound request from the LAN/DMZ on one or more flexible than static port forwarding that port forwarding does not offer. Port triggering is not appropriate for that specified type...
...of the defined outgoing ports, and then opens an incoming port for servers on the LAN, since there is a dependency on the LAN or DMZ to as a form of traffic. This feature allows devices on the LAN device making an outgoing connection before incoming ports are opened outgoing or ...reference a specific LAN IP or IP range. This is transmitting data over the opened . Port triggering waits for an outbound request from the LAN/DMZ on one or more flexible than static port forwarding that port forwarding does not offer. Port triggering is not appropriate for that specified type...