Product Manual
Page 5
... 121 8.2 SMS service...122 3 SSL VPN ...101 7.1 Groups and Users 103 7.1.1 Users and Passwords 109 7.2 Using SSL VPN Policies 110 7.2.1 Using Network Resources 113 7.3 Application Port Forwarding 114 7.4 SSL VPN Client Configuration 116 7.5 User Portal ...118 7.5.1 Creating Portal Layouts 119 Chapter 8. Securing the Private Network 65 5.1 Firewall Rules ...65 5.2 Defining Rule Schedules...
... 121 8.2 SMS service...122 3 SSL VPN ...101 7.1 Groups and Users 103 7.1.1 Users and Passwords 109 7.2 Using SSL VPN Policies 110 7.2.1 Using Network Resources 113 7.3 Application Port Forwarding 114 7.4 SSL VPN Client Configuration 116 7.5 User Portal ...118 7.5.1 Creating Portal Layouts 119 Chapter 8. Securing the Private Network 65 5.1 Firewall Rules ...65 5.2 Defining Rule Schedules...
Product Manual
Page 6
...Router User Manual 8.3 Authentication Certificates 124 8.4 Advanced Switch Configuration 126 Chapter 9. Credits ...161 Appendix A. Standard Services Available for Port Forwarding & Firewall Configuration 166 4 Router Status and Statistics 144 10.1 System Overview 144 10.1.1 Device Status ...144 10.1.2 Resource ...Utilization 146 10.2 Traffic Statistics ...149 10.2.1 Wired Port Statistics 149 10.2.2 Wireless Statistics 150 10.3 Active Connections 151 10.3.1 Sessions through the Router 151 10.3.2 Wireless Clients...
...Router User Manual 8.3 Authentication Certificates 124 8.4 Advanced Switch Configuration 126 Chapter 9. Credits ...161 Appendix A. Standard Services Available for Port Forwarding & Firewall Configuration 166 4 Router Status and Statistics 144 10.1 System Overview 144 10.1.1 Device Status ...144 10.1.2 Resource ...Utilization 146 10.2 Traffic Statistics ...149 10.2.1 Wired Port Statistics 149 10.2.2 Wireless Statistics 150 10.3 Active Connections 151 10.3.1 Sessions through the Router 151 10.3.2 Wireless Clients...
Product Manual
Page 10
...options for traffic through router 135 Figure 93: E-mail configuration as a Remote Logging option 136 Figure 94: Syslog server configuration for SSL Port Forwarding 116 Figure 77: SSL VPN client adapter and access configuration 117 Figure 78: Configured client routes only apply in the current configuration being ...Figure 79: List of configured SSL VPN portals. Unified Services Router User Manual Figure 64: Example of clientless SSL VPN connections to the DSR 102 Figure 65: List of groups ...103 Figure 66: User group configuration ...104 Figure 67: SSLVPN Settings...105 Figure 68: Group ...
...options for traffic through router 135 Figure 93: E-mail configuration as a Remote Logging option 136 Figure 94: Syslog server configuration for SSL Port Forwarding 116 Figure 77: SSL VPN client adapter and access configuration 117 Figure 78: Configured client routes only apply in the current configuration being ...Figure 79: List of configured SSL VPN portals. Unified Services Router User Manual Figure 64: Example of clientless SSL VPN connections to the DSR 102 Figure 65: List of groups ...103 Figure 66: User group configuration ...104 Figure 67: SSLVPN Settings...105 Figure 68: Group ...
Product Manual
Page 15
... Host Configuration Protocol (DHCP) server to be managed through the wired Ethernet ports available on the router, or once the initial setup is complete, the DSR may also be the DHCP server or if you can be used to forward DHCP lease information from another PC on the WLAN or LAN network. When...
... Host Configuration Protocol (DHCP) server to be managed through the wired Ethernet ports available on the router, or once the initial setup is complete, the DSR may also be the DHCP server or if you can be used to forward DHCP lease information from another PC on the WLAN or LAN network. When...
Product Manual
Page 25
... In Trunk mode the port is untagged. Untagged coming into the port is not forwarded, except for the default VLAN with PVID=1, which is a member of a user selectable set of VLANs. All data going into and out of the port is a member of the port is selected. Configured ...VLAN memberships will be routed between the selected VLAN membership IDs 23 Trunk ports multiplex traffic for multiple VLANs over the same physical link. Select PVID for the port. By selecting one ). All data going into and out of a single VLAN (and only ...
... In Trunk mode the port is untagged. Untagged coming into the port is not forwarded, except for the default VLAN with PVID=1, which is a member of a user selectable set of VLANs. All data going into and out of the port is a member of the port is selected. Configured ...VLAN memberships will be routed between the selected VLAN membership IDs 23 Trunk ports multiplex traffic for multiple VLANs over the same physical link. Select PVID for the port. By selecting one ). All data going into and out of a single VLAN (and only ...
Product Manual
Page 70
... (all traffic is hosting the selected service. You can enable port forwarding for managing traffic from the internet to reach the appropriate LAN port via a port forwarding rule. Translate Port Number: With port forwarding, the incoming traffic to be logged; For a specific service the drop... (enter an IP address) Address Range (enter the appropriate IP address range) Log: traffic that this rule can be forwarded to the port number entered here. 68 Select a priority level: Normal-Service: ToS=0 (lowest QoS) Minimize-Cost: ToS=1 ...
... (all traffic is hosting the selected service. You can enable port forwarding for managing traffic from the internet to reach the appropriate LAN port via a port forwarding rule. Translate Port Number: With port forwarding, the incoming traffic to be logged; For a specific service the drop... (enter an IP address) Address Range (enter the appropriate IP address range) Log: traffic that this rule can be forwarded to the port number entered here. 68 Select a priority level: Normal-Service: ToS=0 (lowest QoS) Minimize-Cost: ToS=1 ...
Product Manual
Page 74
.... Solution: Create an inbound rule as follows. Parameter From Zone To Zone Service Action Send to Local Server (DNAT IP) Destination Users From To Enable Port Forwarding Value Insecure (WAN1/WAN2/WAN3) Secure (LAN) CU-SEEME:UDP ALLOW always 192.168.10.11 Address Range 132.177.88.2 134.177.88.254...
.... Solution: Create an inbound rule as follows. Parameter From Zone To Zone Service Action Send to Local Server (DNAT IP) Destination Users From To Enable Port Forwarding Value Insecure (WAN1/WAN2/WAN3) Secure (LAN) CU-SEEME:UDP ALLOW always 192.168.10.11 Address Range 132.177.88.2 134.177.88.254...
Product Manual
Page 81
...one or more flexible than static port forwarding that specified type of traffic. Port triggering application rules are more ports to be thought of as port triggering. The router must send all incoming data for that application only on a specific port or range of ports in use, thereby providing a ... User Manual 5.7 Application Rules Advanced > Application Rules > Application Rules Application rules are also referred to as a form of dynamic port forwarding while an application is transmitting data over the opened . This feature allows devices on the LAN or DMZ to request one of the...
...one or more flexible than static port forwarding that specified type of traffic. Port triggering application rules are more ports to be thought of as port triggering. The router must send all incoming data for that application only on a specific port or range of ports in use, thereby providing a ... User Manual 5.7 Application Rules Advanced > Application Rules > Application Rules Application rules are also referred to as a form of dynamic port forwarding while an application is transmitting data over the opened . This feature allows devices on the LAN or DMZ to request one of the...
Product Manual
Page 103
.... Instead, users can securely login through a customizable user portal interface, and each SSL VPN user can access allocated network resources. Port Forwarding: A web-based (ActiveX or Java) client is installed on the remote host to join the corporate LAN with pre-configured access/policy privileges...used when the remote user accesses the portal using a standard web browser and receive access to access the LAN over an encrypted link through the SSL User Portal using the Internet Explorer browser. SSL VPN differs from the router. The router administrator can be ...
.... Instead, users can securely login through a customizable user portal interface, and each SSL VPN user can access allocated network resources. Port Forwarding: A web-based (ActiveX or Java) client is installed on the remote host to join the corporate LAN with pre-configured access/policy privileges...used when the remote user accesses the portal using a standard web browser and receive access to access the LAN over an encrypted link through the SSL User Portal using the Internet Explorer browser. SSL VPN differs from the router. The router administrator can be ...
Product Manual
Page 115
...for the resource. Service: The SSL VPN service corresponding to the resource (VPN tunnel, Port Forwarding or All). 113 This shortcut saves time when creating similar policies for defining TCP or UDP port number(s) corresponding to the governed traffic. The services offered are used for multiple remote SSL VPN ... Network Resources Setup > VPN Settings > SSL VPN Server > Resources Network resources are services or groups of LAN IP addresses that are VPN tunnel, port forwarding or both. Defined resources: This policy can provide access to specific network resources.
...for the resource. Service: The SSL VPN service corresponding to the resource (VPN tunnel, Port Forwarding or All). 113 This shortcut saves time when creating similar policies for defining TCP or UDP port number(s) corresponding to the governed traffic. The services offered are used for multiple remote SSL VPN ... Network Resources Setup > VPN Settings > SSL VPN Server > Resources Network resources are services or groups of LAN IP addresses that are VPN tunnel, port forwarding or both. Defined resources: This policy can provide access to specific network resources.
Product Manual
Page 116
... server requires entering the local server IP address and TCP port number of configured resources, which are available to assign to SSL VPN policies 7.3 Application Port Forwarding Setup > VPN Settings > SSL VPN Server > Port Forwarding Port forwarding allows remote SSL users to access specified network applications or ...services after they login to the router is detected and re-routed based on configured port forwarding rules. Unified Services Router User Manual Figure 75: List of the application to remote users. Traffic from the remote...
... server requires entering the local server IP address and TCP port number of configured resources, which are available to assign to SSL VPN policies 7.3 Application Port Forwarding Setup > VPN Settings > SSL VPN Server > Port Forwarding Port forwarding allows remote SSL users to access specified network applications or ...services after they login to the router is detected and re-routed based on configured port forwarding rules. Unified Services Router User Manual Figure 75: List of the application to remote users. Traffic from the remote...
Product Manual
Page 117
... the new application is defined it is displayed in a list of configured hosts for port forwarding. Defining the hostname is optional as minimum requirement for port forwarding is defined in the port forwarding host configuration section. Local server IP address: The IP address of the ... the application. The local server IP address of the configured hostname must match the IP address of the configured application for port forwarding. 115 This host name resolution provides users with easy-to-remember FQDN's to access TCP applications instead of errorprone IP addresses...
... the new application is defined it is displayed in a list of configured hosts for port forwarding. Defining the hostname is optional as minimum requirement for port forwarding is defined in the port forwarding host configuration section. Local server IP address: The IP address of the ... the application. The local server IP address of the configured hostname must match the IP address of the configured application for port forwarding. 115 This host name resolution provides users with easy-to-remember FQDN's to access TCP applications instead of errorprone IP addresses...
Product Manual
Page 118
... does not conflict with an IP address from the user portal, a "network adapter" with physical devices on the LAN. The IP address range for SSL Port Forwarding 7.4 SSL VPN Client Configuration Setup > VPN Settings > SSL VPN Client > SSL VPN Client An SSL VPN tunnel client provides a point-to the router's IP address...
... does not conflict with an IP address from the user portal, a "network adapter" with physical devices on the LAN. The IP address range for SSL Port Forwarding 7.4 SSL VPN Client Configuration Setup > VPN Settings > SSL VPN Client > SSL VPN Client An SSL VPN tunnel client provides a point-to the router's IP address...
Product Manual
Page 120
... > SSL VPN Client > SSL VPN Client Portal When remote users want to access the private network through an SSL tunnel (either using the Port Forwarding or VPN tunnel service), they login through the VPN tunnel. When split tunnel mode is enabled, the user is required to configure routes for ...network from the VPN tunnel clients' perspective is set here. Subnet mask: The subnet information of the destination network is needed to forward private traffic through the VPN Firewall to the remote SSL VPN client. This portal provides the authentication fields to the remote user. 118 The...
... > SSL VPN Client > SSL VPN Client Portal When remote users want to access the private network through an SSL tunnel (either using the Port Forwarding or VPN tunnel service), they login through the VPN tunnel. When split tunnel mode is enabled, the user is required to configure routes for ...network from the VPN tunnel clients' perspective is set here. Subnet mask: The subnet information of the destination network is needed to forward private traffic through the VPN Firewall to the remote SSL VPN client. This portal provides the authentication fields to the remote user. 118 The...
Product Manual
Page 121
...During domain setup, configured portal layouts are available to select for the custom portal that opens when the ―User Portal‖ link is appended to communicate details such as login instructions, available services, and other usage details in the SSL VPN menu. The router...customizable for this portal. This is the same page that is presented upon authentication. It is used as the VPN Tunnel page or Port Forwarding page. As well, the users assigned to this portal (through their authentication domain) can then be presented with an authentication domain 7.5.1 ...
...During domain setup, configured portal layouts are available to select for the custom portal that opens when the ―User Portal‖ link is appended to communicate details such as login instructions, available services, and other usage details in the SSL VPN menu. The router...customizable for this portal. This is the same page that is presented upon authentication. It is used as the VPN Tunnel page or Port Forwarding page. As well, the users assigned to this portal (through their authentication domain) can then be presented with an authentication domain 7.5.1 ...
Product Manual
Page 122
... browser whenever users login to this SSL VPN portal. SSL VPN portal page to display: The User can either enable VPN tunnel page or Port Forwarding, or both depending on the SSL services to display on the login page: The user has the option to either display or hide the banner...
... browser whenever users login to this SSL VPN portal. SSL VPN portal page to display: The User can either enable VPN tunnel page or Port Forwarding, or both depending on the SSL services to display on the login page: The user has the option to either display or hide the banner...
Product Manual
Page 157
... client. Unified Services Router Figure 111: List of current Active VPN Sessions User Manual All active SSL VPN connections, both for VPN tunnel and VPN Port forwarding, are as well. Status of the SSL connection between this router. Table fields are displayed on this page as follows. Field Description User Name The...
... client. Unified Services Router Figure 111: List of current Active VPN Sessions User Manual All active SSL VPN connections, both for VPN tunnel and VPN Port forwarding, are as well. Status of the SSL connection between this router. Table fields are displayed on this page as follows. Field Description User Name The...
Product Manual
Page 168
Unified Services Router User Manual Appendix C. Standard Services Available for Port Forwarding & Firewall Configuration ANY AIM BGP BOOTP_CLIENT BOOTP_SERVER CU-SEEME:UDP CU-SEEME:TCP DNS:UDP DNS:TCP FINGER FTP HTTP HTTPS ICMP-TYPE-3 ICMP-TYPE-4 ICMP-TYPE-5 ICMP-TYPE-6 ICMP-TYPE-7 ICMP-TYPE-8 ICMP-TYPE-9 ICMP-TYPE-10 ICMP-TYPE-11 ICMP-TYPE-13 ICQ IMAP2 IMAP3 IRC NEWS NFS NNTP PING POP3 PPTP RCMD REAL-AUDIO REXEC RLOGIN RTELNET RTSP:TCP RTSP:UDP SFTP SMTP SNMP:TCP SNMP:UDP SNMP-TRAPS:TCP SNMP-TRAPS:UDP SQL-NET SSH:TCP SSH:UDP STRMWORKS TACACS TELNET TFTP VDOLIVE 166
Unified Services Router User Manual Appendix C. Standard Services Available for Port Forwarding & Firewall Configuration ANY AIM BGP BOOTP_CLIENT BOOTP_SERVER CU-SEEME:UDP CU-SEEME:TCP DNS:UDP DNS:TCP FINGER FTP HTTP HTTPS ICMP-TYPE-3 ICMP-TYPE-4 ICMP-TYPE-5 ICMP-TYPE-6 ICMP-TYPE-7 ICMP-TYPE-8 ICMP-TYPE-9 ICMP-TYPE-10 ICMP-TYPE-11 ICMP-TYPE-13 ICQ IMAP2 IMAP3 IRC NEWS NFS NNTP PING POP3 PPTP RCMD REAL-AUDIO REXEC RLOGIN RTELNET RTSP:TCP RTSP:UDP SFTP SMTP SNMP:TCP SNMP:UDP SNMP-TRAPS:TCP SNMP-TRAPS:UDP SQL-NET SSH:TCP SSH:UDP STRMWORKS TACACS TELNET TFTP VDOLIVE 166
Product Manual
Page 170
...nimfAdvOptSetWrap: user has changed MTU option nimfAdvOptSetWrap: MTU: %d nimfAdvOptSetWrap: old MTU size: %d nimfAdvOptSetWrap: old Port Speed Option: %d nimfAdvOptSetWrap: old Mac Address Option: %d nimfAdvOptSetWrap: MacAddress: %s Setting LED [%d]:[%d] For ...: updating NimfStatus failed nimfStatusUpdate: updating NimfStatus failed nimfLinkStatusGet: determinig link's status failed nimfLinkStatusGet: opening the lanUptime File Error Opening the...forwarding failed to set capabilities on the " failed to enable IPv6 forwarding failed to set capabilities on the " failed to disable IPv6 forwarding...
...nimfAdvOptSetWrap: user has changed MTU option nimfAdvOptSetWrap: MTU: %d nimfAdvOptSetWrap: old MTU size: %d nimfAdvOptSetWrap: old Port Speed Option: %d nimfAdvOptSetWrap: old Mac Address Option: %d nimfAdvOptSetWrap: MacAddress: %s Setting LED [%d]:[%d] For ...: updating NimfStatus failed nimfStatusUpdate: updating NimfStatus failed nimfLinkStatusGet: determinig link's status failed nimfLinkStatusGet: opening the lanUptime File Error Opening the...forwarding failed to set capabilities on the " failed to enable IPv6 forwarding failed to set capabilities on the " failed to disable IPv6 forwarding...
Product Manual
Page 190
... for protocol TCP. Enabling rule, port triggering for protocol UDP. DEBUG DEBUG %d:%d:%d:%d:%d Disabling Port Trigger Rule for %d:%d:%d:%d:%d Adding Port Trigger Rule for %d:%d:%d:%d:%d Enabling Content Filter Disabling Content Filter Enabling Content Filter Setting NAT mode for pLogicalIfName = %s Enabling DROP for INPUT Enabling DROP for FORWARD Enabling NAT based Firewall Rules Setting transparent mode for pLogicalIfName...
... for protocol TCP. Enabling rule, port triggering for protocol UDP. DEBUG DEBUG %d:%d:%d:%d:%d Disabling Port Trigger Rule for %d:%d:%d:%d:%d Adding Port Trigger Rule for %d:%d:%d:%d:%d Enabling Content Filter Disabling Content Filter Enabling Content Filter Setting NAT mode for pLogicalIfName = %s Enabling DROP for INPUT Enabling DROP for FORWARD Enabling NAT based Firewall Rules Setting transparent mode for pLogicalIfName...