Product Manual
Page 5
... 61 Chapter 5. SSL VPN ...95 7.1 Users, Groups, and Domains 96 7.1.1 User Types and Passwords 98 7.2 Using SSL VPN Policies 100 7.2.1 Using Network Resources 103 7.3 Application Port Forwarding 104 7.4 SSL VPN Client Configuration 106 7.5 User Portal ...108 7.5.1 Creating Portal Layouts 109 Chapter 8. Administration & Management 116 3 Advanced Configuration Tools 111 8.1 USB Device Setup 111...
... 61 Chapter 5. SSL VPN ...95 7.1 Users, Groups, and Domains 96 7.1.1 User Types and Passwords 98 7.2 Using SSL VPN Policies 100 7.2.1 Using Network Resources 103 7.3 Application Port Forwarding 104 7.4 SSL VPN Client Configuration 106 7.5 User Portal ...108 7.5.1 Creating Portal Layouts 109 Chapter 8. Administration & Management 116 3 Advanced Configuration Tools 111 8.1 USB Device Setup 111...
Product Manual
Page 6
Standard Services Available for Port Forwarding & Firewall Configuration 156 Appendix D. Factory Default Settings 155 Appendix C. Unified Services Router User Manual 9.1 9.1.1 9.1.2 9.2 9.3 9.4 9.4.1 9.4.2 9.4.3 9.5 9.6 9.7 9.8 9.8.1 9.8.2 9.8.3 9.8.4 Configuration Access ... Statistics 133 10.1 System Overview 133 10.1.1 Device Status ...133 10.1.2 Resource Utilization 135 10.2 Traffic Statistics ...138 10.2.1 Wired Port Statistics 138 10.2.2 Wireless Statistics 139 10.3 Active Connections 140 10.3.1 Sessions through the Router 140 10.3.2 Wireless Clients...142 10.3.3 LAN...
Standard Services Available for Port Forwarding & Firewall Configuration 156 Appendix D. Factory Default Settings 155 Appendix C. Unified Services Router User Manual 9.1 9.1.1 9.1.2 9.2 9.3 9.4 9.4.1 9.4.2 9.4.3 9.5 9.6 9.7 9.8 9.8.1 9.8.2 9.8.3 9.8.4 Configuration Access ... Statistics 133 10.1 System Overview 133 10.1.1 Device Status ...133 10.1.2 Resource Utilization 135 10.2 Traffic Statistics ...138 10.2.1 Wired Port Statistics 138 10.2.2 Wireless Statistics 139 10.3 Active Connections 140 10.3.1 Sessions through the Router 140 10.3.2 Wireless Clients...142 10.3.3 LAN...
Product Manual
Page 9
...for traffic through router 124 Figure 82: E-mail configuration as a Remote Logging option 125 Figure 83: Syslog server configuration for SSL Port Forwarding 106 Figure 68: SSL VPN client adapter and access configuration 107 Figure 69: Configured client routes only apply in the GUI 131 ... Resource Utilization statistics 136 Figure 93: Resource Utilization data (continued 137 Figure 94: Resource Utilization data (continued 138 Figure 95: Physical port statistics...139 Figure 96: AP specific statistics...140 Figure 97: List of configured SSL VPN portals. The configured portal can then be...
...for traffic through router 124 Figure 82: E-mail configuration as a Remote Logging option 125 Figure 83: Syslog server configuration for SSL Port Forwarding 106 Figure 68: SSL VPN client adapter and access configuration 107 Figure 69: Configured client routes only apply in the GUI 131 ... Resource Utilization statistics 136 Figure 93: Resource Utilization data (continued 137 Figure 94: Resource Utilization data (continued 138 Figure 95: Physical port statistics...139 Figure 96: AP specific statistics...140 Figure 97: List of configured SSL VPN portals. The configured portal can then be...
Product Manual
Page 13
..., Windows Internet Name Service (WINS) servers, and the default gateway. You can be used to forward DHCP lease information from another PC on the router, or once the initial setup is complete, the DSR may also be assigned IP addresses as well as the gateway address for the LAN. Chapter 2. ... when acknowledging a DHCP request from a pool of your network to ‗none'. this procedure. The LAN connection may be through the wired Ethernet ports available on your PCs, set the DHCP mode to be the DHCP server or if you can be managed through its wireless interface as Microsoft...
..., Windows Internet Name Service (WINS) servers, and the default gateway. You can be used to forward DHCP lease information from another PC on the router, or once the initial setup is complete, the DSR may also be assigned IP addresses as well as the gateway address for the LAN. Chapter 2. ... when acknowledging a DHCP request from a pool of your network to ‗none'. this procedure. The LAN connection may be through the wired Ethernet ports available on your PCs, set the DHCP mode to be the DHCP server or if you can be managed through its wireless interface as Microsoft...
Product Manual
Page 23
...access mode looks like any other Ethernet frame. In Trunk mode the port is a member of a user selectable set of the port is tagged. Untagged coming into the port is not forwarded, except for the port when the General mode is selected. Configured VLAN memberships will be ... membership options for a General or Trunk port, traffic can be displayed on the VLAN Membership Configuration for the port. All data going into and out of VLANs. By selecting one ). Trunk ports multiplex traffic for multiple VLANs over the same physical link. Select PVID for the default...
...access mode looks like any other Ethernet frame. In Trunk mode the port is a member of a user selectable set of the port is tagged. Untagged coming into the port is not forwarded, except for the port when the General mode is selected. Configured VLAN memberships will be ... membership options for a General or Trunk port, traffic can be displayed on the VLAN Membership Configuration for the port. All data going into and out of VLANs. By selecting one ). Trunk ports multiplex traffic for multiple VLANs over the same physical link. Select PVID for the default...
Product Manual
Page 68
...rules can use Destination NAT (DNAT) for managing traffic from the internet to reach the appropriate LAN port via a port forwarding rule. Translate Port Number: With port forwarding, the incoming traffic to be forwarded to which the rule applies: Any (all traffic is affected by schedule otherwise BLOCK. ...Range (enter the appropriate IP address range) Log: traffic that is hosting the selected service. You can enable port forwarding for an incoming service specific rule (From Zone = WAN) by this rule can be available in the dropdown list to assign to ...
...rules can use Destination NAT (DNAT) for managing traffic from the internet to reach the appropriate LAN port via a port forwarding rule. Translate Port Number: With port forwarding, the incoming traffic to be forwarded to which the rule applies: Any (all traffic is affected by schedule otherwise BLOCK. ...Range (enter the appropriate IP address range) Log: traffic that is hosting the selected service. You can enable port forwarding for an incoming service specific rule (From Zone = WAN) by this rule can be available in the dropdown list to assign to ...
Product Manual
Page 72
... want to allow incoming videoconferencing to be initiated from a restricted range of outside IP address to Local Server (DNAT IP) Destination Users From To Enable Port Forwarding Value Insecure (WAN1/WAN2) Secure (LAN) CU-SEEME:UDP ALLOW always 192.168.10.11 Address Range 132.177.88.2 134.177.88.254 Yes...
... want to allow incoming videoconferencing to be initiated from a restricted range of outside IP address to Local Server (DNAT IP) Destination Users From To Enable Port Forwarding Value Insecure (WAN1/WAN2) Secure (LAN) CU-SEEME:UDP ALLOW always 192.168.10.11 Address Range 132.177.88.2 134.177.88.254 Yes...
Product Manual
Page 79
...port or range of ports. Port triggering application rules are more ports to be thought of as port triggering. You can be forwarded to them , they receive data on the LAN or DMZ to request one of the defined outgoing ports, and then opens an incoming port for that specified type of dynamic port forwarding... while an application is a dependency on the LAN device making an outgoing connection before incoming ports are opened outgoing or incoming port(s). Unified Services ...
...port or range of ports. Port triggering application rules are more ports to be thought of as port triggering. You can be forwarded to them , they receive data on the LAN or DMZ to request one of the defined outgoing ports, and then opens an incoming port for that specified type of dynamic port forwarding... while an application is a dependency on the LAN device making an outgoing connection before incoming ports are opened outgoing or incoming port(s). Unified Services ...
Product Manual
Page 97
...Instead, users can securely login through a customizable user portal interface, and each SSL VPN user can access allocated network resources. Port Forwarding: A web-based (ActiveX or Java) client is installed in place of a preinstalled VPN client on the remote host to join the ...link through the SSL User Portal using the Internet Explorer browser. A SSL VPN client (Active-X or Java based) is installed on the user's host and this will be provided different options for other browsers like the VPN tunnel. ActiveX clients are available to remote port forwarding...
...Instead, users can securely login through a customizable user portal interface, and each SSL VPN user can access allocated network resources. Port Forwarding: A web-based (ActiveX or Java) client is installed in place of a preinstalled VPN client on the remote host to join the ...link through the SSL User Portal using the Internet Explorer browser. A SSL VPN client (Active-X or Java based) is installed on the user's host and this will be provided different options for other browsers like the VPN tunnel. ActiveX clients are available to remote port forwarding...
Product Manual
Page 99
Since the portal layout assigns access to SSL VPN tunnel and/or SSL VPN Port Forwarding features, the domain is used when validating the remote user's connection. Figure 62: Available Users with login status and associated Group/Domain Advanced >...The session timeout for upto three authentication servers. Authentication Secret: If the domain uses RADIUS authentication then the authentication secret is configured, the DSR will use an authentication method other than the Local User Database (such as a RADIUS server), then the sever access details are multiple authentication servers...
Since the portal layout assigns access to SSL VPN tunnel and/or SSL VPN Port Forwarding features, the domain is used when validating the remote user's connection. Figure 62: Available Users with login status and associated Group/Domain Advanced >...The session timeout for upto three authentication servers. Authentication Secret: If the domain uses RADIUS authentication then the authentication secret is configured, the DSR will use an authentication method other than the Local User Database (such as a RADIUS server), then the sever access details are multiple authentication servers...
Product Manual
Page 105
... Setup > VPN Settings > SSL VPN Server > Resources Network resources are services or groups of LAN IP addresses that are VPN tunnel, port forwarding or both. Defined resources: This policy can provide access to make them available for multiple remote SSL VPN users. The services offered...are used for the resource. Service: The SSL VPN service corresponding to the resource (VPN tunnel, Port Forwarding or All). 103 Unified Services Router User Manual Port range: If the policy governs a type of traffic, this field is used to easily create and configure SSL...
... Setup > VPN Settings > SSL VPN Server > Resources Network resources are services or groups of LAN IP addresses that are VPN tunnel, port forwarding or both. Defined resources: This policy can provide access to make them available for multiple remote SSL VPN users. The services offered...are used for the resource. Service: The SSL VPN service corresponding to the resource (VPN tunnel, Port Forwarding or All). 103 Unified Services Router User Manual Port range: If the policy governs a type of traffic, this field is used to easily create and configure SSL...
Product Manual
Page 106
...LAN server requires entering the local server IP address and TCP port number of configured resources, which are available to assign to SSL VPN policies 7.3 Application Port Forwarding Setup > VPN Settings > SSL VPN Server > Port Forwarding Port forwarding allows remote SSL users to access specified network applications or ...services after they login to the router is detected and re-routed based on configured port forwarding rules. Unified Services Router User Manual Figure 66: List of the application to be specified as being made accessible...
...LAN server requires entering the local server IP address and TCP port number of configured resources, which are available to assign to SSL VPN policies 7.3 Application Port Forwarding Setup > VPN Settings > SSL VPN Server > Port Forwarding Port forwarding allows remote SSL users to access specified network applications or ...services after they login to the router is detected and re-routed based on configured port forwarding rules. Unified Services Router User Manual Figure 66: List of the application to be specified as being made accessible...
Product Manual
Page 107
...domain name: The domain name of the internal server is to be configured to allow users to the IP address is defined in the port forwarding host configuration section. Local server IP address: The IP address of the local server hosting the application. This host name ...application and local server IP address. The local server IP address of the configured hostname must match the IP address of configured applications for port forwarding. Unified Services Router User Manual As a convenience for remote users, the hostname (FQDN) of the network server can be specified Once the...
...domain name: The domain name of the internal server is to be configured to allow users to the IP address is defined in the port forwarding host configuration section. Local server IP address: The IP address of the local server hosting the application. This host name ...application and local server IP address. The local server IP address of the configured hostname must match the IP address of configured applications for port forwarding. Unified Services Router User Manual As a convenience for remote users, the hostname (FQDN) of the network server can be specified Once the...
Product Manual
Page 108
... an IP address from the user portal, a "network adapter" with physical devices on the remote SSL VPN client machine. The IP address range for SSL Port Forwarding 7.4 SSL VPN Client Configuration Setup > VPN Settings > SSL VPN Client > SSL VPN Client An SSL VPN tunnel client provides a point-to-point connection between the...
... an IP address from the user portal, a "network adapter" with physical devices on the remote SSL VPN client machine. The IP address range for SSL Port Forwarding 7.4 SSL VPN Client Configuration Setup > VPN Settings > SSL VPN Client > SSL VPN Client An SSL VPN tunnel client provides a point-to-point connection between the...
Product Manual
Page 110
... > VPN Settings > SSL VPN Client > SSL VPN Client Portal When remote users want to access the private network through an SSL tunnel (either using the Port Forwarding or VPN tunnel service), they login through a user portal. Figure 69: Configured client routes only apply in a different subnet than the corporate network, a client route... route on the private LAN's firewall (typically this router) is set here. Subnet mask: The subnet information of the destination network is needed to forward private traffic through the VPN Firewall to the remote SSL VPN client.
... > VPN Settings > SSL VPN Client > SSL VPN Client Portal When remote users want to access the private network through an SSL tunnel (either using the Port Forwarding or VPN tunnel service), they login through a user portal. Figure 69: Configured client routes only apply in a different subnet than the corporate network, a client route... route on the private LAN's firewall (typically this router) is set here. Subnet mask: The subnet information of the destination network is needed to forward private traffic through the VPN Firewall to the remote SSL VPN client.
Product Manual
Page 112
... to login. It is optional. Display banner message on the login page: The user has the option to either enable VPN tunnel page or Port Forwarding, or both depending on the SSL services to display on this SSL VPN portal. SSL VPN portal page to display: The User can either...
... to login. It is optional. Display banner message on the login page: The user has the option to either enable VPN tunnel page or Port Forwarding, or both depending on the SSL services to display on this SSL VPN portal. SSL VPN portal page to display: The User can either...
Product Manual
Page 146
... Router Figure 100: List of the virtual network adapter. Field Description User Name The SSL VPN user that has an active tunnel or port forwarding session to this router and the remote VPN client: Not Connected or Connected. 144 The assigned IP address of current Active VPN Sessions... User Manual All active SSL VPN connections, both for VPN tunnel and VPN Port forwarding, are as well. IP Address Local PPP Interface Peer PPP Interface IP Connect Status IP address of the SSL connection between this router....
... Router Figure 100: List of the virtual network adapter. Field Description User Name The SSL VPN user that has an active tunnel or port forwarding session to this router and the remote VPN client: Not Connected or Connected. 144 The assigned IP address of current Active VPN Sessions... User Manual All active SSL VPN connections, both for VPN tunnel and VPN Port forwarding, are as well. IP Address Local PPP Interface Peer PPP Interface IP Connect Status IP address of the SSL connection between this router....
Product Manual
Page 158
Unified Services Router User Manual Appendix C. Standard Services Available for Port Forwarding & Firewall Configuration ANY AIM BGP BOOTP_CLIENT BOOTP_SERVER CU-SEEME:UDP CU-SEEME:TCP DNS:UDP DNS:TCP FINGER FTP HTTP HTTPS ICMP-TYPE-3 ICMP-TYPE-4 ICMP-TYPE-5 ICMP-TYPE-6 ICMP-TYPE-7 ICMP-TYPE-8 ICMP-TYPE-9 ICMP-TYPE-10 ICMP-TYPE-11 ICMP-TYPE-13 ICQ IMAP2 IMAP3 IRC NEWS NFS NNTP PING POP3 PPTP RCMD REAL-AUDIO REXEC RLOGIN RTELNET RTSP:TCP RTSP:UDP SFTP SMTP SNMP:TCP SNMP:UDP SNMP-TRAPS:TCP SNMP-TRAPS:UDP SQL-NET SSH:TCP SSH:UDP STRMWORKS TACACS TELNET TFTP VDOLIVE 156
Unified Services Router User Manual Appendix C. Standard Services Available for Port Forwarding & Firewall Configuration ANY AIM BGP BOOTP_CLIENT BOOTP_SERVER CU-SEEME:UDP CU-SEEME:TCP DNS:UDP DNS:TCP FINGER FTP HTTP HTTPS ICMP-TYPE-3 ICMP-TYPE-4 ICMP-TYPE-5 ICMP-TYPE-6 ICMP-TYPE-7 ICMP-TYPE-8 ICMP-TYPE-9 ICMP-TYPE-10 ICMP-TYPE-11 ICMP-TYPE-13 ICQ IMAP2 IMAP3 IRC NEWS NFS NNTP PING POP3 PPTP RCMD REAL-AUDIO REXEC RLOGIN RTELNET RTSP:TCP RTSP:UDP SFTP SMTP SNMP:TCP SNMP:UDP SNMP-TRAPS:TCP SNMP-TRAPS:UDP SQL-NET SSH:TCP SSH:UDP STRMWORKS TACACS TELNET TFTP VDOLIVE 156
Product Manual
Page 160
...: updating NimfStatus failed nimfStatusUpdate: updating NimfStatus failed nimfLinkStatusGet: determinig link's status failed nimfLinkStatusGet: opening the lanUptime File Error Opening the...nimfAdvOptSetWrap: user has changed MTU option nimfAdvOptSetWrap: MTU: %d nimfAdvOptSetWrap: old MTU size: %d nimfAdvOptSetWrap: old Port Speed Option: %d nimfAdvOptSetWrap: old Mac Address Option: %d nimfAdvOptSetWrap: MacAddress: %s Setting LED [%d]:[%d] For ...forwarding failed to set capabilities on the " failed to enable IPv6 forwarding failed to set capabilities on the " failed to disable IPv6 forwarding...
...: updating NimfStatus failed nimfStatusUpdate: updating NimfStatus failed nimfLinkStatusGet: determinig link's status failed nimfLinkStatusGet: opening the lanUptime File Error Opening the...nimfAdvOptSetWrap: user has changed MTU option nimfAdvOptSetWrap: MTU: %d nimfAdvOptSetWrap: old MTU size: %d nimfAdvOptSetWrap: old Port Speed Option: %d nimfAdvOptSetWrap: old Mac Address Option: %d nimfAdvOptSetWrap: MacAddress: %s Setting LED [%d]:[%d] For ...forwarding failed to set capabilities on the " failed to enable IPv6 forwarding failed to set capabilities on the " failed to disable IPv6 forwarding...
Product Manual
Page 180
...'%s'. Restarting DMZ rule having %s address with %s address. DEBUG DEBUG %d:%d:%d:%d:%d Disabling Port Trigger Rule for %d:%d:%d:%d:%d Adding Port Trigger Rule for %d:%d:%d:%d:%d Enabling Content Filter Disabling Content Filter Enabling Content Filter Setting NAT... mode for pLogicalIfName = %s Enabling DROP for INPUT Enabling DROP for FORWARD Enabling NAT based Firewall Rules Setting transparent mode for pLogicalIfName \ Enabling Accept for INPUT Enabling Accept for FORWARD...
...'%s'. Restarting DMZ rule having %s address with %s address. DEBUG DEBUG %d:%d:%d:%d:%d Disabling Port Trigger Rule for %d:%d:%d:%d:%d Adding Port Trigger Rule for %d:%d:%d:%d:%d Enabling Content Filter Disabling Content Filter Enabling Content Filter Setting NAT... mode for pLogicalIfName = %s Enabling DROP for INPUT Enabling DROP for FORWARD Enabling NAT based Firewall Rules Setting transparent mode for pLogicalIfName \ Enabling Accept for INPUT Enabling Accept for FORWARD...