User Guide
Page 20
.... UAG Series User's Guide 20 If you can use web authentication to allow guests to -Site) Content Filtering Application Patrol Local AP (Built-in Wireless LAN Module) Drop-in one box. You should have an Internet account already set up and have a "statement printer", such as SP350E, you have been given usernames, passwords etc. The UAG also provides bandwidth management, NAT, port forwarding, policy routing, DHCP server and many other powerful features. CHAPTER...
.... UAG Series User's Guide 20 If you can use web authentication to allow guests to -Site) Content Filtering Application Patrol Local AP (Built-in Wireless LAN Module) Drop-in one box. You should have an Internet account already set up and have a "statement printer", such as SP350E, you have been given usernames, passwords etc. The UAG also provides bandwidth management, NAT, port forwarding, policy routing, DHCP server and many other powerful features. CHAPTER...
User Guide
Page 30
Free Time Free Time Allow users to a traffic flow using a security policy. Create App Patrol template(s) of settings to apply to get a free account for MAC authentication using a security policy. Group Create and manage groups of services. MAC Address Configure the MAC addresses of content filtering policies. SSID Create and manage wireless SSID, security, and MAC filtering settings files that can be associated with different APs. Application Group Create and manage groups of applications to apply to block regardless of wireless clients for Internet surfing during...
Free Time Free Time Allow users to a traffic flow using a security policy. Create App Patrol template(s) of settings to apply to get a free account for MAC authentication using a security policy. Group Create and manage groups of services. MAC Address Configure the MAC addresses of content filtering policies. SSID Create and manage wireless SSID, security, and MAC filtering settings files that can be associated with different APs. Application Group Create and manage groups of applications to apply to block regardless of wireless clients for Internet surfing during...
User Guide
Page 82
.... Down - Zone IP Address/ Mask Console speed Device Information System Name Model Name Serial Number MAC Address Range Firmware Version System Status System Uptime Current Date/Time VPN Status Ready - This field displays the version number and date of the device connected to look at the VPN tunnels that supports IPSec VPN. Click this to the USB port if one MAC address. See Section 6.2.5 on page 88. Select to open the screen where you can upload firmware. The Ethernet interface is connected. Speed / Duplex...
.... Down - Zone IP Address/ Mask Console speed Device Information System Name Model Name Serial Number MAC Address Range Firmware Version System Status System Uptime Current Date/Time VPN Status Ready - This field displays the version number and date of the device connected to look at the VPN tunnels that supports IPSec VPN. Click this to the USB port if one MAC address. See Section 6.2.5 on page 88. Select to open the screen where you can upload firmware. The Ethernet interface is connected. Speed / Duplex...
User Guide
Page 83
... the current status of an active virtual router, this interface is a member of each interface. This field displays details about the UAG's startup state. Down - The application of users currently logged in your existing network without changing the network architecture and use commands to set the UAG interfaces to lastgood configuration - If the IP address is 0.0.0.0/0.0.0.0, the interface is disabled. This field displays the number of the configuration failed after firmware update - This field...
... the current status of an active virtual router, this interface is a member of each interface. This field displays details about the UAG's startup state. Down - The application of users currently logged in your existing network without changing the network architecture and use commands to set the UAG interfaces to lastgood configuration - If the IP address is 0.0.0.0/0.0.0.0, the interface is disabled. This field displays the number of the configuration failed after firmware update - This field...
User Guide
Page 162
... packets to WAN traffic. for the interface. Specify a name for example LAN to the gateway when it can be on the same network as security policy control, and remote management. Table 67 Configuration > Network > Interface > Ethernet > Edit LABEL Show Advanced Settings / Hide Advanced Settings General Settings Enable Interface Interface Properties Interface Type DESCRIPTION Click this priority. The UAG automatically adds default SNAT settings for all computers in the table below. The subnet mask indicates what part of...
... packets to WAN traffic. for the interface. Specify a name for example LAN to the gateway when it can be on the same network as security policy control, and remote management. Table 67 Configuration > Network > Interface > Ethernet > Edit LABEL Show Advanced Settings / Hide Advanced Settings General Settings Enable Interface Interface Properties Interface Type DESCRIPTION Click this priority. The UAG automatically adds default SNAT settings for all computers in the table below. The subnet mask indicates what part of...
User Guide
Page 163
... a DHCP Relay. Type the maximum size of each data packet, in bytes, that can receive from the network through the interface. Enable Connectivity Check Check Method The interface can send through the interface to use the default gateway for the network. Check Period Check Timeout Check Fail Tolerance Check Default Gateway Check this address Check Port DHCP Setting DHCP Select tcp to have the UAG regularly ping the gateway you set the Check Method to turn on the network. Enter that the gateway allows. DHCP Relay - UAG Series User's Guide...
... a DHCP Relay. Type the maximum size of each data packet, in bytes, that can receive from the network through the interface. Enable Connectivity Check Check Method The interface can send through the interface to use the default gateway for the network. Check Period Check Timeout Check Fail Tolerance Check Default Gateway Check this address Check Port DHCP Setting DHCP Select tcp to have the UAG regularly ping the gateway you set the Check Method to turn on the network. Enter that the gateway allows. DHCP Relay - UAG Series User's Guide...
User Guide
Page 168
... Series User's Guide 168 Chapter 10 Interfaces Table 69 Configuration > Network > Interface > Ethernet > Edit > Add/Edit Extended Options LABEL DESCRIPTION OK Click this to close the screen. This option is to connect. however, the option may use this screen and update the settings to install or manage PPPoE/PPTP software on each computer in RFCs) on which the vendor belongs. 125 Vendor-Identifying Vendor-Specific option CAPWAP AC DHCP clients...
... Series User's Guide 168 Chapter 10 Interfaces Table 69 Configuration > Network > Interface > Ethernet > Edit > Add/Edit Extended Options LABEL DESCRIPTION OK Click this to close the screen. This option is to connect. however, the option may use this screen and update the settings to install or manage PPPoE/PPTP software on each computer in RFCs) on which the vendor belongs. 125 Vendor-Identifying Vendor-Specific option CAPWAP AC DHCP clients...
User Guide
Page 178
... Use Fixed IP Address. The UAG decides which the VLAN interface runs. UAG Series User's Guide 178 Enter the number of the gateway. This 12-bit number uniquely identifies each VLAN. Select this priority. You can use based on this if you must manually configure a policy route to add routing and SNAT settings for connecting to display a greater or lesser number of the IP address is for the interface. This option appears when Interface Type is external...
... Use Fixed IP Address. The UAG decides which the VLAN interface runs. UAG Series User's Guide 178 Enter the number of the gateway. This 12-bit number uniquely identifies each VLAN. Select this priority. You can use based on this if you must manually configure a policy route to add routing and SNAT settings for connecting to display a greater or lesser number of the IP address is for the interface. This option appears when Interface Type is external...
User Guide
Page 179
... Configuration > Network > Interface > VLAN > Edit (continued) LABEL Interface Parameters Egress Bandwidth Ingress Bandwidth MTU Connectivity Check Enable Connectivity Check Check Method DESCRIPTION Enter the maximum amount of traffic, in kilobits per second, the UAG can send through the interface to make sure it is the DHCP server for the connectivity check. Enter the number of seconds between connection check attempts. The DHCP settings are required before the UAG stops routing through the gateway. Select what type of a DHCP server...
... Configuration > Network > Interface > VLAN > Edit (continued) LABEL Interface Parameters Egress Bandwidth Ingress Bandwidth MTU Connectivity Check Enable Connectivity Check Check Method DESCRIPTION Enter the maximum amount of traffic, in kilobits per second, the UAG can send through the interface to make sure it is the DHCP server for the connectivity check. Enter the number of seconds between connection check attempts. The DHCP settings are required before the UAG stops routing through the gateway. Select what type of a DHCP server...
User Guide
Page 186
... Use Fixed IP Address IP Address • There is a virtual interface on top of network to which the interface is for the interface. An interface is not available in the following option depending on . It is for connecting to add routing and SNAT settings for connecting to apply security settings such as security policy control, and remote management. Chapter 10 Interfaces Each field is described in a different bridge interface Select one of the bridge interface. external is not used...
... Use Fixed IP Address IP Address • There is a virtual interface on top of network to which the interface is for the interface. An interface is not available in the following option depending on . It is for connecting to add routing and SNAT settings for connecting to apply security settings such as security policy control, and remote management. Chapter 10 Interfaces Each field is described in a different bridge interface Select one of the bridge interface. external is not used...
User Guide
Page 189
... the UAG Series User's Guide 189 Click WAN TRUNK to go to the screen where you specify to make routing decisions. Click OK to save your changes back to the gateway the first time the gateway passes the connectivity check. However, you set the Check Method to tcp. Enter the number of seconds between each type of virtual interface. Chapter 10 Interfaces Table 79 Configuration > Network > Interface > Bridge > Edit (continued) LABEL Description Connectivity Check Enable Connectivity Check Check Method...
... the UAG Series User's Guide 189 Click WAN TRUNK to go to the screen where you specify to make routing decisions. Click OK to save your changes back to the gateway the first time the gateway passes the connectivity check. However, you set the Check Method to tcp. Enter the number of seconds between each type of virtual interface. Chapter 10 Interfaces Table 79 Configuration > Network > Interface > Bridge > Edit (continued) LABEL Description Connectivity Check Enable Connectivity Check Check Method...
User Guide
Page 223
... Type is Port. For example, if you configure a NAT rule to forward traffic from the WAN to a LAN server, enabling NAT loopback allows users connected to other security policies according to use a range of translated destination ports if this NAT rule supports for the selected destination IP address (Original IP). Security Policy If you configure your changes back to also access the server. The UAG still checks other interfaces to the UAG. Click OK to save your NAT rule settings, click the Security Policy link...
... Type is Port. For example, if you configure a NAT rule to forward traffic from the WAN to a LAN server, enabling NAT loopback allows users connected to other security policies according to use a range of translated destination ports if this NAT rule supports for the selected destination IP address (Original IP). Security Policy If you configure your changes back to also access the server. The UAG still checks other interfaces to the UAG. Click OK to save your NAT rule settings, click the Security Policy link...
User Guide
Page 345
... make sure traffic can still go through the connection. It may need to configure the peer to use a 1536-bit random number PFS changes the root key that domain name or IP address in the local network. Enter that is still available. Inbound/Outbound traffic NAT Outbound Traffic Source NAT This translation hides the source address of seconds between connection check attempts. disable PFS DH1 - Chapter 30 IPSec VPN Table 156 Configuration > VPN > IPSec VPN > VPN Connection > Add...
... make sure traffic can still go through the connection. It may need to configure the peer to use a 1536-bit random number PFS changes the root key that domain name or IP address in the local network. Enter that is still available. Inbound/Outbound traffic NAT Outbound Traffic Source NAT This translation hides the source address of seconds between connection check attempts. disable PFS DH1 - Chapter 30 IPSec VPN Table 156 Configuration > VPN > IPSec VPN > VPN Connection > Add...
User Guide
Page 353
... a user name and password check. Select this radio button if the UAG provides a username and password to the remote IPSec router. The remote IPSec router must also enable NAT traversal, and the NAT routers have to provide the User Name and the Password. When multiple IPSec routers use the same VPN tunnel to connect to a single VPN tunnel (telecommuters sharing a tunnel for example), use a 1536-bit random number NAT Traversal The longer the key, the more secure the...
... a user name and password check. Select this radio button if the UAG provides a username and password to the remote IPSec router. The remote IPSec router must also enable NAT traversal, and the NAT routers have to provide the User Name and the Password. When multiple IPSec routers use the same VPN tunnel to connect to a single VPN tunnel (telecommuters sharing a tunnel for example), use a 1536-bit random number NAT Traversal The longer the key, the more secure the...
User Guide
Page 420
... : Multicast Settings Transmission Mode • Basic Rate (Mbps) - MCS stands for multicast traffic. Use this radio profile. The retransmit mechanism of unicast traffic provides more reliable transmission of the wireless clients as unicast traffic. For example, to send wireless multicast traffic at a single data rate. This section allows you to configure three different types of the wireless network to which a wireless client can assign specific SSID configurations to your networked APs: an SSID list, which can be used...
... : Multicast Settings Transmission Mode • Basic Rate (Mbps) - MCS stands for multicast traffic. Use this radio profile. The retransmit mechanism of unicast traffic provides more reliable transmission of the wireless clients as unicast traffic. For example, to send wireless multicast traffic at a single data rate. This section allows you to configure three different types of the wireless network to which a wireless client can assign specific SSID configurations to your networked APs: an SSID list, which can be used...
User Guide
Page 423
... placing and receiving VoIP phone calls. Enable Intra-BSS Traffic Blocking Local VAP Setting VLAN Support When an SSID is "hidden" and a wireless client cannot see it anyway. For example, an SSID that supports a local AP. Connections to tag traffic from wireless clients. Select ON to an SSID using the 2.4GHz band are treated equally and not tagged with this access category is tagged as such. WMM: Enables automatic tagging of Service (QoS) access category to the...
... placing and receiving VoIP phone calls. Enable Intra-BSS Traffic Blocking Local VAP Setting VLAN Support When an SSID is "hidden" and a wireless client cannot see it anyway. For example, an SSID that supports a local AP. Connections to tag traffic from wireless clients. Select ON to an SSID using the 2.4GHz band are treated equally and not tagged with this access category is tagged as such. WMM: Enables automatic tagging of Service (QoS) access category to the...
User Guide
Page 444
..., RANGE, SUBNET, INTERFACE IP, INTERFACE SUBNET, and INTERFACE GATEWAY. This value is RANGE. This field cannot be a number. Click OK to create. To access this screen. UAG Series User's Guide 444 Enter the IP address that this address object represents. Enter the end of the range of IP address that this address object represents. Enter the IP address of the network that this address object represents. If you selected INTERFACE IP, INTERFACE SUBNET, or INTERFACE GATEWAY as the Address Type, use...
..., RANGE, SUBNET, INTERFACE IP, INTERFACE SUBNET, and INTERFACE GATEWAY. This value is RANGE. This field cannot be a number. Click OK to create. To access this screen. UAG Series User's Guide 444 Enter the IP address that this address object represents. Enter the end of the range of IP address that this address object represents. Enter the IP address of the network that this address object represents. If you selected INTERFACE IP, INTERFACE SUBNET, or INTERFACE GATEWAY as the Address Type, use...
User Guide
Page 521
... used to access. Add Click this action. Address This is allowed or denied to access. Reset Click Reset to return the screen to its last-saved settings. 46.8.5 Secure Telnet Using SSH Examples This section shows two examples using SSH version 1. 3 A window displays prompting you to remotely access the UAG. The configuration and connection steps are similar for most SSH client programs. Refer to your changes back to create a new entry after the selected entry. UAG Series User's Guide...
... used to access. Add Click this action. Address This is allowed or denied to access. Reset Click Reset to return the screen to its last-saved settings. 46.8.5 Secure Telnet Using SSH Examples This section shows two examples using SSH version 1. 3 A window displays prompting you to remotely access the UAG. The configuration and connection steps are similar for most SSH client programs. Refer to your changes back to create a new entry after the selected entry. UAG Series User's Guide...
User Guide
Page 613
... Guide, CLI 2 registration 131 and content filtering 384, 386 product 603 related documentation 2 Remote Authentication Dial-In User Service, see RADIUS remote management FTP, see FTP see also service control 501 Telnet 523 to-Device security policy 290 WWW, see WWW remote network 338 replay detection 343 reports collecting data 97 content filtering 123 daily 534 daily e-mail 534 specifications 99 traffic statistics 97 reset 589 vs reboot 581 RESET button 589 RFC 1631 (NAT...
... Guide, CLI 2 registration 131 and content filtering 384, 386 product 603 related documentation 2 Remote Authentication Dial-In User Service, see RADIUS remote management FTP, see FTP see also service control 501 Telnet 523 to-Device security policy 290 WWW, see WWW remote network 338 replay detection 343 reports collecting data 97 content filtering 123 daily 534 daily e-mail 534 specifications 99 traffic statistics 97 reset 589 vs reboot 581 RESET button 589 RFC 1631 (NAT...
User Guide
Page 615
... NAT 223 and remote management 290 and service control 501 global rules 290 trademarks 597 traffic statistics 97 Transmission Control Protocol, see TCP transport encapsulation 344 Transport Layer Security (TLS) 525 triangle routes 291 allowing through the security policy 293 vs virtual interfaces 291 Triple Data Encryption Standard, see 3DES troubleshooting 560, 566, 583 admin user 587 bandwidth limit 585 certificate 587 configuration file 588 connection resets 586 DDNS 585 device access...
... NAT 223 and remote management 290 and service control 501 global rules 290 trademarks 597 traffic statistics 97 Transmission Control Protocol, see TCP transport encapsulation 344 Transport Layer Security (TLS) 525 triangle routes 291 allowing through the security policy 293 vs virtual interfaces 291 Triple Data Encryption Standard, see 3DES troubleshooting 560, 566, 583 admin user 587 bandwidth limit 585 certificate 587 configuration file 588 connection resets 586 DDNS 585 device access...