|
If you have more than one routers and subnets, you will need to enable routing table to allow packets to find proper routing path and allow different subnets to communicate with each other. The routing table allows you to determine which physical interface address to use for outgoing IP data grams.
Dynamic RoutingRouting Information Protocol (RIP) will exchange information about destinations for computing routes throughout the network.
Select this option to specify the RIP version, including RIP-1, RIP-2. Select RIP2 only if you have different subnets in your network. Otherwise, please select RIPv1.Click on 'Save' to store your settings or click 'Undo' to give up the changes. | TopNAT-Virtual Server
| The NAT firewall filters out unrecognized packets to protect your Intranet, so all hosts behind this device are invisible to the outside world. If you wish, you can make some of them accessible by enabling the Virtual Server Mapping. A virtual server is defined as a Service Port, and all requests to this port will be redirected to the computer specified by the Server IP. Virtual Server can work with Scheduling Rules, and give user more flexibility on Access control. For the details, please refer to Scheduling Rule.For an example, if you have an FTP server (port 21) at 192.168.123.1, a Web server (port 80) at 192.168.123.2, and a PPTP server at 192.168.123.6, then you need to specify the following virtual server mapping table:
| | TopNAT-Special ApplicationsSome applications require multiple connections, like Internet games, Video conferencing, Internet telephony, etc. Because of the firewall function, these applications cannot work with a pure NAT router. The Special Applications feature allows some of these applications to work with this product. If the mechanism of Special Applications fails to make an application work, try setting your computer as the DMZ host instead.
- Trigger: The outbound port number issued by the application.
- Incoming Ports: When the trigger packet is detected, the inbound packets sent to the specified port numbers are allowed to pass through the firewall.
This device provides some predefined settings. Select your application and click 'Copy to' to add the predefined setting to your list.
|
Top-MAC FilterImportant:Before enabling MAC Address Control, please make sure to add your computer information into one of the entries and make sure the "Allow" option is checked.
MAC Address Control allows you to assign different access right for different users and to assign a specific IP address to a certain MAC address.
MAC Address Control
Check 'Enable' to enable the 'MAC Address Control'. All of the settings in this page will take effect only when 'Enable' is checked.You can select a client from the DHCP clients drop-down list and select which ID to copy the information.
Otherwise, you can manually type in the MAC address(ex.xx:xx:xx:xx:xx:xx) and IP address (ex.x.x.x.x).
The entries in the list below will not be allowed access to your network unless the "Allow" option is checked. All MAC/IP addresse unchecked or other unlisted MAC/IP addresses will be denied access to your network.
|
Top-URL Filter URL Filter prevents users under this device from accessing specific domains.
URL Filter
Check if you want to enable URL Filter
Log DNS Query
Check if you want to log the action when someone accesses the specific Internet domains.
Privilege IP Addresses Range
Setting a group of hosts and privilege these hosts to access network without restriction.
URL
A suffix of URL can be restricted, for example, '.com', 'xxx.com'.
Action
When someone is accessing the URL met the domain-suffix, what kind of action you want.
Check 'Drop' to block the access. Check 'Log' to record this access.
Enable
Check to enable each rule. |
Top-Keyword Blocking
Keyword Blocking will block LAN computers to connect with pre-define Websites. The major difference between 'URL Filter' and 'Keyword Blocking' is URL Filter require user to input suffix (like .com or .org, etc), while Keyword Blocking require user to input a keyword only. In other words, URL Filter can block specific website, while Keyword Blocking can block hundreds of websites by simply a keyword.
Keyword Blocking
Check if you want to enable Keyword Blocking.
Keyword
If any part of the Website's URL matches the pre-defined word, the connection will be blocked.
For example, you can use pre-defined word 'sex' to block all websites if their URLs contain pre-defined word 'sex'.
Enable
Check to enable each rule.
|
Top-DMZ| The DMZ Host is a local computer exposed to the Internet. When setting a particular internal IP address as the DMZ Host, all incoming packets will be checked by the Firewall and NAT algorithms then passed to the DMZ host, when a packet received does not use a port number used by any other Virtual Server entries. You can indicate a IP address of certain LAN computer to be a DMZ host.
|
Top-Discard PING from WAN side:
When this feature is enabled, any host on the WAN side can`t ping this product. It means this device won`t reply any ICMP packet from Internet.
DoS Attack Detection
When this feature is enabled, the router will detect and log the DoS attack comes from the Internet. Currently, the router can detect the following DoS attack: SYN Attack, WinNuke, Port Scan, Ping of Death, Land Attack.
SPI Mode
When this feature is enabled, the router will record the packet information pass through the router like IP address, port address, ACK, SEQ number and so on. And the router will check every incoming packet to detect if this packet is valid.
|
TopPacket FilterPacket Filter enables you to control what packets are allowed to pass the router. Outbound filter applies on all outbound packets. However, inbound filter applies on packets that destined to Virtual Servers or DMZ host only. You can select one of the two filtering policies:
- Allow all to pass except those match the specified rules.
- Deny all to pass except those match the specified rules.
You can specify 8 rules for each direction: inbound or outbound. For each rule, you can define the following: - Source IP
- Destination IP : Ports
- Use Rule#
For source or destination IP address, you can define a single IP address (4.3.2.1) or a range of IP addresses (4.3.2.1-4.3.2.254). An empty implies all IP addresses.
For destination port, you can define a single port (80) or a range of ports (1000-1999). An empty implies all port addresses. Packet Filter can work with Scheduling Rules, and give user more flexibility on Access control. For Detail, please refer to Scheduling Rule.
Each rule can be enabled or disabled individually.For MAC Level settings, please refer to MAC Control for details. |
Top
If you have more than one routers and subnets, you will need to enable routing table to allow packets to find proper routing path and allow different subnets to communicate with each other. The routing table allows you to determine which physical interface address to use for outgoing IP data grams.
Static Routing
If you have another router with a LAN-to-LAN connection, you may create a static routing on the router that is the gateway to Internet.- Static Routing: For static routing, you can specify up to 8 routing rules. You can enter the destination IP address, subnet mask, Router, and hop for each routing rule, and then enable or disable the rule by checking or un-checking the Enable checkbox.
|
TopDynamic DNSTo host your server on a changing IP address, you have to use dynamic domain name service (DDNS). So that anyone wishing to reach your host only needs to know the name of it. Dynamic DNS will map the name of your host to your current IP address, which changes each time you connect your Internet service provider.
Before you enable Dynamic DNS, you need to register an account on one of these Dynamic DNS servers that we list in Provider field.To enable Dynamic DNS click the check box next to Enable in the DDNS field. Next you have to enter the appropriate information about your Dynamic DNS Serve .Provider, Host Name, Username/E-mail, and Password/Key. You can get this information when you register an account on a Dynamic DNS server. |
Top
VLANThe VLAN function allows you to divide local network into different 'virtual LAN'. In some cases, ISP may need router to support 'VLAN tag' for certain kinds of services (e.g. IPTV) to work properly.
There are four LAN ports with this router, so you can have up to 4 VLAN if required. Those four LAN ports belong to one VLAN by default. If you want to divide them into different VLAN, you just need to assign different 'VID' for them. If ISP requests a 'VLAN Tag' with your outgoing data, please remember to check the checkbox of 'Tx TAG'.
If you want to mapping WAN ID, you can enter WAN VLAN setting, and change router type to Bridge and add WAN Map VLAN ID to your value.
|
TopQuality of service is the ability to provide different priority to different applications, users, or data flows, or to guarantee a certain level of performance to a data flow.You can select Smart-QoS or User defined QoS rule for your own QoS control.
Smart-QoS- QoS Mode : you can select Smart-QoS or User defined QoS rule for your own QoS control.
- Bandwidth of upstream / bandwidth of Downstream : you can input the value of maximize of upstream and downstream bandwidth from your ISP.
- Flexible Bandwidth management : If you enable this management, system will share the bandwidth of those selected applications to other applications if user do not run those selected application, for example, If you select Game/ VoIP/ Video 3 applications for higher priority in your system, then the system will automatically reserve 10% of bandwidth to other application, and share the rest of bandwidth (100-10)/3=30% each to Game/VoIP/Video, so if user do not play a game, then the system will flexible share the 30% of bandwidth to other application.
- Example for Smart-QoS with FBM enable : Mr. Wang selects Game/ VoIP/ Video 3 applications for higher priority in his system, the system will automatically reserve 10% of minimum rate of bandwidth to other application, and share the rest minimum rate of bandwidth (100-10)/3=30% each to Game/VoIP/Video. If Mr. Wang`s son plays on-line game in the morning, the total bandwidth will all reserve to his son. By the evening, when Mr. Wang back home and wants to watch IPTV, then he will get the same priority with his son, and share the bandwidth.
User defined QoS rule- Create a QoS Rule : you can enable the rule, and select QoS class type.
- Class : You can create your own QoS rule by different classes.
- Function :You can set your own function value to enable your QoS rule as below.
| Function | Description | Data | | PRI | Priority | 1~6 | | MAXR | Maximum bandwidth Rate | KBps/MBps | | MINR | Minimum bandwidth Rate | KBps/MBps |
| SESSION | Connection session | number | | DROP | Drop packet | None | | LOG | Log event | None | | ALERT | Alert event | None |
| - Direction :You can select inbound/ outbound for your direction.
| Direction | | | IN | inbound | | OUT | outbound | | BOTH | inbound & outbound |
|
Once you saved the QoS rule, system will show you the rule as below, you can add another new rule accordingly.System will show you all your QoS rule as below. - You can move up or down the priority of all rules if you want to change the priority.
- You can unmark any rule if you do not want it enable now.
|
Top
| UPnP offers peer-to-peer network connectivity for PCs and other network devices, along with control and data transfer between devices. UPnP offers many advantages for users running NAT routers through UPnP NAT Traversal, and on supported systems makes tasks such as port forwarding much easier by letting the application control the required settings, removing the need for the user to control advanced configuration of their device. If the OS of your client computer supports this function, and you enabled it, like Windows XP (Windows 2000 does not support UPnP), you can see the following icon when the client computer gets IP from the device.
|
TopSNMPSNMP, the Simple Network Management Protocol, is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events. SNMP is a protocol used for exchanging management information between network devices and it is a member of the TCP/IP protocol suite. This device can support SNMP v1 and v2c.
Enable SNMP
You must check 'Local', 'Remote' or both to enable SNMP function. If 'Local' is checked, this device will response request from LAN. If 'Remote' is checked, this device will response request from WAN.
Get Community
The community of GetRequest that this device will respond.
Set Community
The community of SetRequest that this device will accept.
IP 1, IP 2, IP 3, IP 4
Enter the IP addresses of your SNMP Management PCs. User has to configure to where this device should send SNMP Trap message.
SNMP Version
Select proper SNMP Version that your SNMP Management software supports.
WAN Access IP Address
If you want to limit the remote SNMP access to specific computer, please enter the PC`s IP address. The default value is 0.0.0.0, and it means that any internet connected computer can get some information of the device with SNMP protocol.
|
Top | |
