Product Manual
Page 5
...64 5.3 Configuring Firewall Rules 65 5.3.1 Firewall Rule Configuration Examples 70 5.4 Security on Custom Services 74 5.5 ALG support...75 5.6 VPN Passthrough for Firewall 76 5.7 Application Rules ...77 5.8 5.8.1 5.8.2 5.8.3 Web Content Filtering 78 Content Filtering...78 Approved URLs ...79 Blocked Keywords 80 5.9 IP/MAC Binding ...81 5.10 Intrusion Prevention (IPS 82 5.11 Protecting from Internet Attacks 83 Chapter 6. Unified Services Router User Manual 4.4 Tuning Radio Specific Settings 60 4.5 Advanced Wireless Settings 61 4.6 Wi-Fi Protected Setup (WPS 61 Chapter...
...64 5.3 Configuring Firewall Rules 65 5.3.1 Firewall Rule Configuration Examples 70 5.4 Security on Custom Services 74 5.5 ALG support...75 5.6 VPN Passthrough for Firewall 76 5.7 Application Rules ...77 5.8 5.8.1 5.8.2 5.8.3 Web Content Filtering 78 Content Filtering...78 Approved URLs ...79 Blocked Keywords 80 5.9 IP/MAC Binding ...81 5.10 Intrusion Prevention (IPS 82 5.11 Protecting from Internet Attacks 83 Chapter 6. Unified Services Router User Manual 4.4 Tuning Radio Specific Settings 60 4.5 Advanced Wireless Settings 61 4.6 Wi-Fi Protected Setup (WPS 61 Chapter...
Product Manual
Page 7
...: Routing Mode is used to configure traffic routing between WAN and LAN, as well as Dynamic routing (RIP) ...44 Figure 25: Static route configuration fields 47 Figure 26: WAN2 configuration for 3G internet (part 1 48 Figure 27: WAN2 configuration for 3G internet (part 2 49 Figure 28: Physical WAN port settings ...50 Figure 29: Wireless Network Setup Wizards 52 Figure 30: List of Available Profiles shows the options available to secure the wireless link .........54 Figure 31: Profile configuration to set network security 55...
...: Routing Mode is used to configure traffic routing between WAN and LAN, as well as Dynamic routing (RIP) ...44 Figure 25: Static route configuration fields 47 Figure 26: WAN2 configuration for 3G internet (part 1 48 Figure 27: WAN2 configuration for 3G internet (part 2 49 Figure 28: Physical WAN port settings ...50 Figure 29: Wireless Network Setup Wizards 52 Figure 30: List of Available Profiles shows the options available to secure the wireless link .........54 Figure 31: Profile configuration to set network security 55...
Product Manual
Page 8
... IPsec client connections to the DSR 96 Figure 62: Available Users with login status and associated Group/Domain 97 Figure 63: User configuration options...100 6 Unified Services Router User Manual Figure 33: Virtual AP configuration ...58 Figure 34: List of configured access points (Virtual APs) shows one enabled access point on the radio, broadcasting its SSID 59 Figure 35: Radio card configuration options 60 Figure 36: Advanced Wireless communication settings 61 Figure 37: WPS configuration for an AP with WPA...
... IPsec client connections to the DSR 96 Figure 62: Available Users with login status and associated Group/Domain 97 Figure 63: User configuration options...100 6 Unified Services Router User Manual Figure 33: Virtual AP configuration ...58 Figure 34: List of configured access points (Virtual APs) shows one enabled access point on the radio, broadcasting its SSID 59 Figure 35: Radio card configuration options 60 Figure 36: Advanced Wireless communication settings 61 Figure 37: WPS configuration for an AP with WPA...
Product Manual
Page 13
... all DHCP clients receive the DNS IP addresses of the browser to access the router's management UI. 2.1 LAN Configuration Setup > Network Settings > LAN Configuration By default, the router functions as the gateway address for wireless clients. DHCP relay can be managed through the wired Ethernet ports available on the WLAN or LAN network. The router includes the WINS server IP address in this procedure. Access the router's graphical user interface (GUI) for management by using a DNS server, you can also enable DNS proxy for DNS servers, Windows Internet Name Service (WINS...
... all DHCP clients receive the DNS IP addresses of the browser to access the router's management UI. 2.1 LAN Configuration Setup > Network Settings > LAN Configuration By default, the router functions as the gateway address for wireless clients. DHCP relay can be managed through the wired Ethernet ports available on the WLAN or LAN network. The router includes the WINS server IP address in this procedure. Access the router's graphical user interface (GUI) for management by using a DNS server, you can also enable DNS proxy for DNS servers, Windows Internet Name Service (WINS...
Product Manual
Page 22
... Ethernet ports. This is mode is typically used with IP Phones that port and VLAN membership information. Unified Services Router User Manual will allow traffic from LAN hosts belonging to this VLAN ID to pass through to other configured VLAN IDs that is tagged or untagged with the same PVID will be untagged. Setup > VLAN Settings > Port VLAN VLAN membership properties for that have Inter VLAN Routing enabled. The default is access. In General mode the port is a member of a user...
... Ethernet ports. This is mode is typically used with IP Phones that port and VLAN membership information. Unified Services Router User Manual will allow traffic from LAN hosts belonging to this VLAN ID to pass through to other configured VLAN IDs that is tagged or untagged with the same PVID will be untagged. Setup > VLAN Settings > Port VLAN VLAN membership properties for that have Inter VLAN Routing enabled. The default is access. In General mode the port is a member of a user...
Product Manual
Page 26
... indicating whether the port of UPnP devices that respond to use UPnP: Advertisement Period: This is displayed for networks with few switches. Port (Internal Port): The internal ports opened by the DSR Int. Port (External Port): The external ports opened by UPnP (if any ) IP Address: The IP address of steps a packet is the number of the UPnP device detected by this router Click Refresh to propagate before being discarded. HTTP, FTP, etc.) used by UPnP (if any...
... indicating whether the port of UPnP devices that respond to use UPnP: Advertisement Period: This is displayed for networks with few switches. Port (Internal Port): The internal ports opened by the DSR Int. Port (External Port): The external ports opened by UPnP (if any ) IP Address: The IP address of steps a packet is the number of the UPnP device detected by this router Click Refresh to propagate before being discarded. HTTP, FTP, etc.) used by UPnP (if any...
Product Manual
Page 29
... needed and as provided by configuting the routing from the ISP server. The Internet Connection Setup Wizard assists with a USB modem is supported on the ISP you to enable Microsoft Point-to-Point Encryption (MPPE). Split Tunnel (supported for a period of routing manually by your LAN hosts to access internet sites over this WAN link while sti ll permitting VPN traffic to be directed to a VPN configured on this router, choose Static IP address, DHCP client, Point-to-Point Tunneling Protocol (PPTP), Point-to-Point...
... needed and as provided by configuting the routing from the ISP server. The Internet Connection Setup Wizard assists with a USB modem is supported on the ISP you to enable Microsoft Point-to-Point Encryption (MPPE). Split Tunnel (supported for a period of routing manually by your LAN hosts to access internet sites over this WAN link while sti ll permitting VPN traffic to be directed to a VPN configured on this router, choose Static IP address, DHCP client, Point-to-Point Tunneling Protocol (PPTP), Point-to-Point...
Product Manual
Page 32
Unified Services Router Figure 13: PPPoE configuration for standard ISPs User Manual Most PPPoE ISP's use of data and internet traffic and the Secondary PPPoE connection carries ISP specific (i.e. The GUI will prompt you for authentication, service, and connection settings in Japan, the use a single control and data connection, and require username / password credentials to login and authenticate the DSR with the ISP. The Primary connection is used for this case is required in order...
Unified Services Router Figure 13: PPPoE configuration for standard ISPs User Manual Most PPPoE ISP's use of data and internet traffic and the Secondary PPPoE connection carries ISP specific (i.e. The GUI will prompt you for authentication, service, and connection settings in Japan, the use a single control and data connection, and require username / password credentials to login and authenticate the DSR with the ISP. The Primary connection is used for this case is required in order...
Product Manual
Page 42
... allows you can configure spill-over mode by using WAN port-WAN2: WAN2 is the primary internet link. Unified Services Router User Manual Auto-Rollover using WAN port-WAN1: WAN1 is the primary internet link. Auto-Rollover using folloing options: Load Tolerance: It is the percentage of bandwidth after which the router switches to manage internet flow. Failover Detection Settings: To check connectivity of the primary internet link, one WAN port greatly differs from another. After configuring...
... allows you can configure spill-over mode by using WAN port-WAN2: WAN2 is the primary internet link. Unified Services Router User Manual Auto-Rollover using WAN port-WAN1: WAN1 is the primary internet link. Auto-Rollover using folloing options: Load Tolerance: It is the percentage of bandwidth after which the router switches to manage internet flow. Failover Detection Settings: To check connectivity of the primary internet link, one WAN port greatly differs from another. After configuring...
Product Manual
Page 45
... router-terminated traffic and other management traffic. Along with a single "public" IP address. an internal FTP server) using their external name. 43 The computers that allows internal network users on the LAN interface are configured to be assigned IP addresses from a private subnet. Transparent routing between the LAN and WAN does not perform NAT. The computers on the LAN use a "private" IP address range while the WAN port on the Internet. To maintain the LAN and WAN in transparent mode assuming the LAN...
... router-terminated traffic and other management traffic. Along with a single "public" IP address. an internal FTP server) using their external name. 43 The computers that allows internal network users on the LAN interface are configured to be assigned IP addresses from a private subnet. Transparent routing between the LAN and WAN does not perform NAT. The computers on the LAN use a "private" IP address range while the WAN port on the Internet. To maintain the LAN and WAN in transparent mode assuming the LAN...
Product Manual
Page 53
... four unique wireless networks can enable a Wi -Fi™ network on your wireless network: Types of devices expected to the DSR-500N and DSR-1000N products. By going through a few straightforward configuration pages you to be used on multiple AP instances or SSIDs. 4.1 Wireless Settings Wizard Setup > Wizard > Wireless Settings The Wireless Network Setup Wizard is available for the AP, including the security between multiple APs instances on the same physical radio integrated with this router. Unified Services Router User Manual Chapter 4. You...
... four unique wireless networks can enable a Wi -Fi™ network on your wireless network: Types of devices expected to the DSR-500N and DSR-1000N products. By going through a few straightforward configuration pages you to be used on multiple AP instances or SSIDs. 4.1 Wireless Settings Wizard Setup > Wizard > Wireless Settings The Wireless Network Setup Wizard is available for the AP, including the security between multiple APs instances on the same physical radio integrated with this router. Unified Services Router User Manual Chapter 4. You...
Product Manual
Page 55
... a link to enable at least one AP with RADIUS 53 By choosing to the Setup> Wireless Settings> Access Points page. The encryption for wireless devices that will link to broadcast the SSID, compatible wireless clients within 2 minutes, click the PBC connect button. Click Connect to complete setup and connect to an AP configured with this option. This mode is it allows any compatible wireless clients to connect to the client. Push Button Configuration (PBC): for WPA will use the WPS wizard. 4.1.3 Manual Wireless Network Setup This button...
... a link to enable at least one AP with RADIUS 53 By choosing to the Setup> Wireless Settings> Access Points page. The encryption for wireless devices that will link to broadcast the SSID, compatible wireless clients within 2 minutes, click the PBC connect button. Click Connect to complete setup and connect to an AP configured with this option. This mode is it allows any compatible wireless clients to connect to the client. Push Button Configuration (PBC): for WPA will use the WPS wizard. 4.1.3 Manual Wireless Network Setup This button...
Product Manual
Page 58
... be configured and accessible by the router when needed. Authentication Port: the port for WPA and/or WPA2 security. A secondary RADIUS server provides redundancy in the event that the primary server cannot be reached, or to give up the RADIUS authentication attempt if communication with a profile that allows this router to log into the specified RADIUS server(s). Unified Services Router User Manual 4.2.3 RADIUS Authentication Setup > Wireless Settings > RADIUS Settings Enterprise Mode uses a RADIUS Server for the RADIUS server connection...
... be configured and accessible by the router when needed. Authentication Port: the port for WPA and/or WPA2 security. A secondary RADIUS server provides redundancy in the event that the primary server cannot be reached, or to give up the RADIUS authentication attempt if communication with a profile that allows this router to log into the specified RADIUS server(s). Unified Services Router User Manual 4.2.3 RADIUS Authentication Setup > Wireless Settings > RADIUS Settings Enterprise Mode uses a RADIUS Server for the RADIUS server connection...
Product Manual
Page 68
... the port number entered here. 66 this rule. Destination NAT is filtered by this requires configuring the router's logging feature separately. QoS Priority: Outbound rules (where To Zone = insecure WAN only) can enter the internal server address that is available when the To Zone = DMZ or secure LAN. With an inbound allow the selected service traffic from the WAN. For a specific service the drop down list has common services...
... the port number entered here. 66 this rule. Destination NAT is filtered by this requires configuring the router's logging feature separately. QoS Priority: Outbound rules (where To Zone = insecure WAN only) can enter the internal server address that is available when the To Zone = DMZ or secure LAN. With an inbound allow the selected service traffic from the WAN. For a specific service the drop down list has common services...
Product Manual
Page 116
... of payload. Jumbo Frames support can exchange information at Jumbo frames rate. 114 The two ―green‖ options available for IPsec and HTTPS management 8.3 Advanced Switch Configuration The DSR allows you to a LAN port is reduced when a smaller cable length is connected on the number of connected ports. With ―Power Saving by Link Status‖ option enabled, the total power consumption by Link Status and Length Detection State.
... of payload. Jumbo Frames support can exchange information at Jumbo frames rate. 114 The two ―green‖ options available for IPsec and HTTPS management 8.3 Advanced Switch Configuration The DSR allows you to a LAN port is reduced when a smaller cable length is connected on the number of connected ports. With ―Power Saving by Link Status‖ option enabled, the total power consumption by Link Status and Length Detection State.
Product Manual
Page 151
... factory defaults -whether initiated from the configuration interface or the Reset button - After a restore to reboot. 2. Unified Services Router User Manual Verify that the network (subnet) address of your PC is different from the network address of the remote device. Verify that the cable or DSL modem is the case, configure your PCs. manually restart it rejects the Ethernet MAC addresses of all but some ISPs additionally restrict access to the MAC address of just a single PC connected...
... factory defaults -whether initiated from the configuration interface or the Reset button - After a restore to reboot. 2. Unified Services Router User Manual Verify that the network (subnet) address of your PC is different from the network address of the remote device. Verify that the cable or DSL modem is the case, configure your PCs. manually restart it rejects the Ethernet MAC addresses of all but some ISPs additionally restrict access to the MAC address of just a single PC connected...
Product Manual
Page 161
...connection type is: %s nimfAdvOptSetWrap: failed to get old MTU Option nimfAdvOptSetWrap: error getting MTU size nimfOldFieldValueGet: failed to get old " nimfOldFieldValueGet: user has changed MTU size nimfAdvOptSetWrap: failed to get old Port Speed " nimfAdvOptSetWrap: user has changed Port Speed nimfAdvOptSetWrap: failed to get old Mac Address " nimfAdvOptSetWrap: user has changed Mac Address " nimfAdvOptSetWrap: unable to get Mac Address nimfAdvOptSetWrap:Failed to RESET the flag nimfAdvOptSetWrap: setting advanced options failed nimfAdvOptSetWrap: interface advanced options applied ERROR...
...connection type is: %s nimfAdvOptSetWrap: failed to get old MTU Option nimfAdvOptSetWrap: error getting MTU size nimfOldFieldValueGet: failed to get old " nimfOldFieldValueGet: user has changed MTU size nimfAdvOptSetWrap: failed to get old Port Speed " nimfAdvOptSetWrap: user has changed Port Speed nimfAdvOptSetWrap: failed to get old Mac Address " nimfAdvOptSetWrap: user has changed Mac Address " nimfAdvOptSetWrap: unable to get Mac Address nimfAdvOptSetWrap:Failed to RESET the flag nimfAdvOptSetWrap: setting advanced options failed nimfAdvOptSetWrap: interface advanced options applied ERROR...
Product Manual
Page 175
... %s pSecServ %s DEBUG DEBUG DEBUG Making request from %d cmd=%d ! caller %d default reached Unable to set debug level for radAuth. cmd %d not supported. nRows=%d nCols=%d Error in the list after %d \ Primary is not available, " Secondary is not available, " DEBUG DEBUG DEBUG DEBUG Invalid value for use default servers, " No server is configured, " Backing off for %d seconds Requesting time from %s Synchronized time with %s Received KOD packet...
... %s pSecServ %s DEBUG DEBUG DEBUG Making request from %d cmd=%d ! caller %d default reached Unable to set debug level for radAuth. cmd %d not supported. nRows=%d nCols=%d Error in the list after %d \ Primary is not available, " Secondary is not available, " DEBUG DEBUG DEBUG DEBUG Invalid value for use default servers, " No server is configured, " Backing off for %d seconds Requesting time from %s Synchronized time with %s Received KOD packet...
Product Manual
Page 184
... mac address Failed to set %s SSID Failed to set SSID broadcast status Failed to set PreAuth mode unable to install key KDOT11_SET_PARAM:IEEE80211_I OC_AUTHMODE failed KDOT11_SET_PARAM:IEEE80211_I OC_PRIVACY failed wpaInit failed dot11InstallProfile: unable to get interface index adpHmacInit(%s) failed interface %s not found AP not found on %s keyLen > PNAC_KEY_MAX_SIZE Invalid profile name passed Creation of WPS EAP Profile failed unsupported command %d device %s not found unsupported command %d dot11NodeAlloc failed Getting WPA IE failed for %s Getting WPS IE failed for %s Failed initialize...
... mac address Failed to set %s SSID Failed to set SSID broadcast status Failed to set PreAuth mode unable to install key KDOT11_SET_PARAM:IEEE80211_I OC_AUTHMODE failed KDOT11_SET_PARAM:IEEE80211_I OC_PRIVACY failed wpaInit failed dot11InstallProfile: unable to get interface index adpHmacInit(%s) failed interface %s not found AP not found on %s keyLen > PNAC_KEY_MAX_SIZE Invalid profile name passed Creation of WPS EAP Profile failed unsupported command %d device %s not found unsupported command %d dot11NodeAlloc failed Getting WPA IE failed for %s Getting WPS IE failed for %s Failed initialize...
Product Manual
Page 191
... code - %d ./src/dot11/mgmt/dot11Mgmt.c:1177: ADP_ERROR ( only delete event expected on dot11RogueAP. old values result does not contain 2 rows ERROR ERROR ERROR sqlite3QueryResGet failed ERROR Error in getting port pae information pnacPDUForward: error allocating memory pnacUmiIfMacAddrChange: %s not configured for 802.1x pnacUmiSuppConfig: could not PNAC port Access" pnacUmiSuppConfig: Failed to register user information pnacPortByMacDeconfig: port not found pnacPortByMacDeconfig: port not found pnacUmiIfDown: Invalid config data ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR...
... code - %d ./src/dot11/mgmt/dot11Mgmt.c:1177: ADP_ERROR ( only delete event expected on dot11RogueAP. old values result does not contain 2 rows ERROR ERROR ERROR sqlite3QueryResGet failed ERROR Error in getting port pae information pnacPDUForward: error allocating memory pnacUmiIfMacAddrChange: %s not configured for 802.1x pnacUmiSuppConfig: could not PNAC port Access" pnacUmiSuppConfig: Failed to register user information pnacPortByMacDeconfig: port not found pnacPortByMacDeconfig: port not found pnacUmiIfDown: Invalid config data ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR...