Billion Electric BIL-8200NX (3G) 802.11n VDSL (VPN) Firewall Router User Manual Users manual 02

Billion Electric Co., Ltd. (3G) 802.11n VDSL (VPN) Firewall Router Users manual 02

UserManual.wiki >

Billion Electric >

BIL-8200NX User Manual >

Users manual-02

Contents

Users manual-02

694. Enter the AP SSID then click Next.5. Enter the passphrase then click Next.

6. When you have come to this step, you will have comleted the Wi-Fi network setup using the built-in WCN feature in Windows Vista.70

71DHCP ServerDHCP allows networked devices to obtain information on the parameter of IP, Netmask, Gateway as well as DNS through the Ethernet Address of the device.To congure the router’s DHCP Server, select DHCP Server from the DHCP Server Mode drop-down menu. You can then congure parameters of the DHCP Server including the domain, IP pool (starting IP address and ending IP address to be allocated to PCs on your network), lease time for each assigned IP address (the period of time the IP address assigned will be valid), DNS IP address and the gateway IP address. These details are sent to the DHCP client (i.e. your PC) when it requests an IP address from the DHCP server. If you check “Use Router as a DNS Server”, the Router will perform the domain name lookup, nd the IP address from the outside network automatically and forward it back to the requesting PC in the LAN (your Local Area Network). Click Apply to enable this function.If you select DHCP Relay from the DHCP Server Mode drop-down menu, you must enter the IP address of the DHCP server that assigns an IP address to the DHCP client in the LAN. Use this function only if advised to do so by your network administrator or ISP. Click Apply to enable this function.

72WAN - Wide Area NetworkA WAN (Wide Area Network) is a computer network that covers a broad geographical area (eg. Internet) that is used to connect LAN and other types of network systems. WAN Prole - Main Port: VDSLObtain an IP Address Automatically (VDSL)When connecting to the ISP, your router also functions as a DHCP client. By conguring DHCP settings, the device is able to obtain IP settings automatically from the ISP.Protocol: Select the protocol you will use in the device.NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single IP account by sharing the single IP address. If users on your LAN have their own public IP addresses to access the Internet, NAT function can be disabled.Obtain DNS: Select this check box to activate DNS.Primary DNS/ Secondary DNS: Enter the IP addresses of the DNS servers. The DNS servers are passed to the DHCP clients along with the IP address and the netmask.MAC Spoong: This option is required by some service providers. You must ll the MAC address specied by your service provider when this information is required. It will temporarily change your router’s MAC address to the one you have specied in this eld. The default setting is set to disable.Click Apply to conrm the settings.

Fixed IP Address (VDSL)A Static WAN connection will be congured according to the IP properties dened by your ISP.Protocol: Select the protocol you will use in the device.NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single IP account by sharing the single IP address. If users on your LAN have their own public IP addresses to access the Internet, NAT function can be disabled.IP Address: Enter your xed IP address. Each IP address entered in the eld must be in the appropriate IP form, which is four IP octets separated by a dot (x.x.x.x). The Router will not accept the IP address if it is not in this format.Netmask: User can change it to others such as 255.255.255.128. Type the netmask assigned to you by your ISP (if given)Gateway: Enter the IP address of the default gateway (if given).Obtain DNS: Select this check box to activate DNS.Primary DNS/ Secondary DNS: Enter the IP addresses of the DNS servers. The DNS servers are passed to the DHCP clients along with the IP address and the netmask.MAC Spoong: This option is required by some service providers. You must ll the MAC address specied by your service provider when this information is required. It will temporarily change your router’s MAC address to the one you have specied in this eld. The default setting is set to disable.Click Apply to conrm the settings.73

74PPPoE (VDSL)PPPoE (PPP over Ethernet) provides access control in a manner which is similar to dial-up services using PPP.Protocol: Select the protocol you will use in the device.Username: Enter the username provided by your ISP. You can input up to 256 alphanumeric characters (case sensitive). This is in the format of “username@ispname” instead of simply “username”.Password: Enter the password provided by your ISP. You can input up to 32 alphanumeric characters (case sensitive).Service Name: This item is for identication purposes. If it is required, your ISP will provide you the necessary information. Maximum input is 32 alphanumeric characters.NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single IP account by sharing the single IP address. If users on your LAN have their own public IP addresses to access the Internet, NAT function can be disabled.IP (0.0.0.0.Auto): Enter your xed IP address. Leave this at 0.0.0.0 to automatically obtain an IP address from your ISP.Auth. Protocol: Default is Auto. Please consult your ISP on whether to use Pap or Chap.Obtain DNS: Select this check box to activate DNS.Primary DNS/ Secondary DNS: Enter the IP addresses of the DNS servers. The DNS servers are passed to the DHCP clients along with the IP address and the netmask.Connection: Click on Always On to establish a PPPoE session during start up and to automatically re-establish the PPPoE session when disconnected by the ISP. You may uncheck the item to disable this function.Idle Timeout: Auto-disconnect the broadband rewall gateway when there is no activity on the line for a predetermined period of time. MTU: Maximum Transmission Unit. The size of the largest datagram (excluding media-specic headers) that IP will attempt to send through the interface.

MAC Spoong: This option is required by some service Providers. You must ll the MAC address specied by your service provider when this information is required. It will temporarily change your router’s MAC address to the one you have specied in this eld. The default setting is set to disable.Click Apply to conrm the settings.75

Pure Bridge (VDSL)Protocol: Select the protocol you will use in the device.Click Apply to conrm the change.76

77WAN Prole - Main Port: EWANBesides using VDSL to get connected to the Internet, the VDSL router offers its Ethernet port 4 as a WAN port to be used to connect to Cable Modems and bre optic lines. This alternative, yet faster method to connect to the internet will provide users with more exibility to get online.Obtain an IP Address Automatically (EWAN)When connecting to the ISP, your router also functions as a DHCP client. By conguring DHCP settings, the device is able to obtain IP settings automatically from the ISP.Protocol: Select the protocol you will use in the device.Line Speed: Set the downstream and upstream of your connection in kilobytes per second. The connection speed is used by QoS settings.Protocol: Select the protocol you will use in the device.NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single IP account by sharing the single IP address. If users on your LAN have their own public IP addresses to access the Internet, NAT function can be disabled.Obtain DNS: Select this check box to activate DNS.Primary DNS/ Secondary DNS: Enter the IP addresses of the DNS servers. The DNS servers are passed to the DHCP clients along with the IP address and the netmask.MAC Spoong: This option is required by some service providers. You must ll the MAC address specied by your service provider when this information is required. It will temporarily change your router’s MAC address to the one you have specied in this eld. The default setting is set to disable.Click Apply to conrm the settings.

Fixed IP Address (EWAN)A Static WAN connection will be congured according to the IP properties dened by your ISP.Line Speed: Set the downstream and upstream of your connection in kilobytes per second. The connection speed is used by QoS settings.Protocol: Select the protocol you will use in the device.NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single IP account by sharing the single IP address. If users on your LAN have their own public IP addresses to access the Internet, NAT function can be disabled.IP Address: Enter your xed IP address. Each IP address entered in the eld must be in the appropriate IP form, which is four IP octets separated by a dot (x.x.x.x). The Router will not accept the IP address if it is not in this format.Netmask: User can change it to others such as 255.255.255.128. Type the netmask assigned to you by your ISP (if given)Gateway: Enter the IP address of the default gateway (if given).Obtain DNS: Select this check box to activate DNS.Primary DNS/ Secondary DNS: Enter the IP addresses of the DNS servers. The DNS servers are passed to the DHCP clients along with the IP address and the netmask.MAC Spoong: This option is required by some service providers. You must ll the MAC address specied by your service provider when this information is required. It will temporarily change your router’s MAC address to the one you have specied in this eld. The default setting is set to disable.Click Apply to conrm the settings.78

79PPPoE (EWAN)PPPoE (PPP over Ethernet) provides access control in a manner which is similar to dial-up services using PPP.Line Speed: Set the downstream and upstream of your connection in kilobytes per second. The connection speed is used by QoS settings.Protocol: Select the protocol you will use in the device.Username: Enter the username provided by your ISP. You can input up to 256 alphanumeric characters (case sensitive). This is in the format of “username@ispname” instead of simply “username”.Password: Enter the password provided by your ISP. You can input up to 32 alphanumeric characters (case sensitive).Service Name: This item is for identication purposes. If it is required, your ISP will provide you the necessary information. Maximum input is 32 alphanumeric characters.NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single IP account by sharing the single IP address. If users on your LAN have their own public IP addresses to access the Internet, NAT function can be disabled.IP (0.0.0.0.Auto): Enter your xed IP address. Leave this at 0.0.0.0 to automatically obtain an IP address from your ISP.Auth. Protocol: Default is Auto. Please consult your ISP on whether to use Pap or Chap.Obtain DNS: Select this check box to activate DNS.Primary DNS/ Secondary DNS: Enter the IP addresses of the DNS servers. The DNS servers are passed to the DHCP clients along with the IP address and the netmask.Connection: Click on Always On to establish a PPPoE session during start up and to automatically re-establish the PPPoE session when disconnected by the ISP. You may uncheck the item to disable this function.

Idle Timeout: Auto-disconnect the broadband rewall gateway when there is no activity on the line for a predetermined period of time. MTU: Maximum Transmission Unit. The size of the largest datagram (excluding media-specic headers) that IP will attempt to send through the interface. MAC Spoong: This option is required by some service Providers. You must ll the MAC address specied by your service provider when this information is required. It will temporarily change your router’s MAC address to the one you have specied in this eld. The default setting is set to disable.Click Apply to conrm the settings.80

81SystemThere are the items within the System section: Time Zone, Firmware Upgrade, Backup/Restore, Restart, User Management and Mail alert.Time ZoneThe router does not have a real time clock on board; instead, it uses the Simple Network Time Protocol (SNTP) to get the most current time from an SNTP server outside your network. Choose your local time zone from the drop down menu. To apply the selected local time zone, click Enable and click the Apply button. After a successful connection to the Internet, the router will retrieve the correct local time from the SNTP server you have specied. If you prefer to specify an SNTP server other than those in the drop-down list, simply enter its IP address in their appropriate blanks provided as shown above. Your ISP may also provide an SNTP server for you to use. Resync Period (in minutes) is the periodic interval the router will wait before it re-synchronizes the router’s time with that of the specied SNTP server. In order to avoid unnecessarily increasing the load on your specied SNTP server you should keep the poll interval as high as possible – at the absolute minimum every few hours or even days.Click Apply to conrm the settings.

Firmware UpgradeYour router’s rmware is the software that enables it to operate and provides all its functionality. Think of your router as a dedicated computer, and the rmware as the software that runs in your router. Thus, by upgrading the newly improved version of the rmware allows you the advantage to use newly integrated features.Factory Default Settings: If select this setting, the device will reboot to restore the parameters of all its applications to its default values.Current Settings: If select this setting, the device will reboot and retain the customized settings of all applications.Click on Browse to select the new rmware image le you have downloaded to your PC. Once thecorrect le is selected, click Upgrade to update the rmware to your router.82

83Backup / RestoreThese functions allow you to save a backup of the current conguration of your router to a dened location on your PC, or to restore a previously saved conguration. This is useful if you wish to experiment with different settings, knowing that you have a backup in hand in case any mistakes occur. It is advisable that you backup your router conguration before making any changes to your router conguration.Backup CongurationPress Backup to select where on your local PC you want to store your setting le. You may also want to change the name of the le when saving if you wish to keep multiple backups.Restore CongurationPress Browse to select a le from your PC to restore. You should only restore your router setting that has been generated by the Backup function which is created with the current version of the router rmware. Settings les saved to your PC should not be manually edited in any way.Select the settings les you wish to use, and press Restore to load the setting into the router. Click Restore to begin restoring the conguration and wait for the router to restart before performing any actions.

84RestartThere are 2 options for you to choose from before restarting the your 8200N device. You can either choose to restart your device to restore it to the Factory Default Settings or to restart the device with your current settings applied. Restarting your device to Factory Default Setting will be useful especially after you have accidentally changed your settings that may result in undesirable outcome.If you wish to restart the router using the factory default settings (for example, after a rmware upgrade or if you have saved an incorrect conguration), select Factory Default Settings to reset to factory default settings.Click Restart with option Current Settings to reboot your router (and restore your last saved conguration).After selecting the type of setting you want the device to restart with, click the Restart button to initiate the process. After restarting, please wait several minutes to let the selected setting applied to the system.You may also reset your router to factory settings by holding the small Reset pinhole button more than 1 second on the back of your router.

85User ManagementIn order to prevent unauthorized access to your router conguration interface, it requires all users to login with a username and password. Therefore only system administrator can access the system.This feature allows you to set up multiple user accounts which contains a unique password of its own. In addition, you can also edit any existing user accounts or add new users to allow access to the device conguration interface. Edit Account InformationYou can change the informations of any account whether the account is active or valid. 1. To edit an account, click on the Edit radio button of the account you want to edit. Once selected, all information of that account will be displayed.2. Delete the information to be edited and replace it with the new one.3. When it is done, simply click on the Edit/Delete button to save your changes.Note: It is highly recommended that you change the password immediately to prevent security breach to your GUI.

Add an account1. Check the Valid checkbox, ll in all the information: User name, Comment (optional), Password, Conrm Password.2. When it is done, click the Add button.Delete a User Account1. Check the Delete checkbox of the account you want to delete.2. Then click the Edit/Delete to conrm the deletion.Note: You can delete any user account except for the default admin account. Thus there is no delete radio button available for this account.86

Mail AlertMail Alert allows administrator to receive notications from the router through email about important events that is occurring in real time. This allows administrator to be able to take immediate actions to counteract any possible hacking or to restore the router to its original status should any failover / failback ever occurs.Server InformationSMTP Server: Enter the SMTP (mail) server address. Username: Enter the username of your SMTP server.Password: Enter the password associated with the username.Sender’s E-mail: Enter the email address you wish to send the mail alert email to.Failover / FailbackRecipient’s E-mail: Enter the email address you wish to send the Failover / Failback email to.WAN IP Change Alert Recipient’s E-mail: Enter the email address you wish to send the WAN IP Change email to.Intrusion DetectionAlert Mail Time: Set the time for sending the Alert mail.Recipient’s E-mail: Enter the email address you wish to send the Intrusion Detection email to.Click Apply to conrm the settings.87

88FirewallFirewall and Access ControlYour router includes a full SPI (Stateful Packet Inspection) rewall for controlling Internet access from your LAN, as well as helping to prevent attacks from hackers. In addition to this, when using NAT (Network Address Translation) the router acts as a “natural” Internet rewall, since all PCs on your LAN use private IP addresses that cannot be directly accessed from the Internet. See the WAN conguration section for more details on NAT. Firewall: Prevents access from outside your network. NAT natural rewall: This masks LAN users’ IP addresses, which are invisible to outside users on the Internet, making it much more difcult for a hacker to target a machine on your network. This natural rewall is on when the NAT function is enabled.Firewall Security and Policy (General Settings): Inbound direction of Packet Filter rules prevent unauthorized computers or applications accessing your local network from the Internet.Intrusion Detection: Enable Intrusion Detection to detect, prevent, and log malicious attacks.MAC Filter rules: Prevents unauthorized computers accessing the Internet.URL Filter: Blocks PCs on your local network from unwanted websites.A detailed explanation of each of the following items appears in the Firewall section below: Packet Filter, MAC Filter, Intrusion Detection, Block WAN PING and URL Filter.

89Packet FilterPacket ltering enables you to congure your router to block specic internal / external users (IP address) from Internet access, or disable specic service requests (Port number) to / from the Internet. This conguration program allows you to set up different lter rules for different users based on their IP addresses or their network Port number. The relationship among all lters is “or” operation, which means that the router checks these different lter rules one by one, starting from the rst rule. As long as one of the rules is satised, the specied action will be taken.Rule Name: User dened description for entry identication. The maximum name length is 32 characters, and then can choose an application that they want from the listbox.Internal IP Address / External IP Address: This is the Address-Filter used to allow or block trafc to/rom particular IP address(es). Input the range you want to lter out. If you leave these four elds empty or enter 0.0.0.0, it means any IP address. Protocol: Specify the packet type (TCP, UDP, TCP/UDP) that the rule applies to. Select TCP if you wish to search for the connection-based application service on the remote server using the port number. Or select UDP if you want to search for the connectionless application service on the remote server using the port number.Action: If a packet matches this lter rule, forward (allows the packets to pass) or drop (disallow the packets to pass) this packet.Internal Port: This Port or Port Range denes the ports allowed to be used by the Remote/WAN to connect to the application. Default is set the range from 1 to 65535. It is recommended that this option be congured by an advanced user.External Port: This is the Port or Port Range that denes the application.Direction: Determine whether the rule is for outgoing packets or for incoming packets.Time Schedule: It is self-dened time period. You may specify a time schedule for your prioritization policy. For setup and detail, refer to Time Schedule section.Log: Check the checking box if you wish to generate logs when the ler rule is applied to a packet.

90Add: Click this button to add a new packet lter rule and the added rule will appear at the bottom table.Edit: Check Edit next to the item you wish to edit, and then change parameters as desired. Complete it by press “Edit/Delete”.Delete: Check Edit next to the item you wish to delete, and press “Edit/Delete” to remove this rule.Order: Be aware that packet ltering parameters appear in priority order i.e. the rst one takes precedence over all other rules. There is a sort function next to the Rule Name column, you can move the rule to higher or lower priority by clicking the Order arrow, and press “Reorder” to save the new priority.

MAC FilterA MAC (Media Access Control) address is the unique network hardware identier for each PC on your network’s interface (i.e. its Network Interface Card or Ethernet card). Using your router’s MAC Address Filter function, you can congure the network to block specic machines from accessing your LAN.There are no pre-dened MAC address lter rules, you can add the lter rules to meet your requirements. The format of MAC address could be: xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx.Filter ActionAction: Select an action for MAC Filter. This feature is disabled by default. Check Allow or Block to activate the lter.Server InformationMAC Address: Enter the MAC addresses you wish to have the lter rule applies.91

Intrusion DetectionThe router Intrusion Detection System (IDS) is used to detect hacker’s attack and intrusion attempts from the Internet. If the IDS function of the rewall is enabled, inbound packets are ltered and blocked depending on whether they are detected as possible hacker attacks, intrusion attempts or other connections that the router determines to be suspicious. Intrusion Detection: Check Enable if you wish to detect intruders accessing your computer without permission.Maximum TCP Open Handshaking Count: This is a threshold value to decide whether a SYN Flood attempt is occurring or not. Default value is 100 TCP SYN per seconds.Maximum Ping Count: This is a threshold value to decide whether an ICMP Echo Storm is occurring or not. Default value is 15 ICMP Echo Requests (PING) per second.Maximum ICMP Count: This is a threshold to decide whether an ICMP ood is occurring or not. Default value is 100 ICMP packets per seconds except ICMP Echo Requests (PING).Log: Check Log if you wish to generate logs when the ler rule is applied to the Intrusion Detection.Click Apply to conrm the settings.92

Table: Hacker attack types recognized by the IDSIntrusion Name Detect Parameter Blacklist Type of Block Duration Drop Packet Show LogAscend Kill Ascend Kill data Src IP DoS Yes YesWinNukeTCPPort 135, 137~139, Flag: URGSrc IP DoS Yes YesSmurf ICMP type 8Des IP is broadcast Dst IP Victim Protection Yes YesLand attack SrcIP = DstIP Yes YesEcho/CharGen ScanUDP Echo Port and CharGen Port Yes YesEcho Scan UDP Dst Port = Echo(7) Src IP Scan Yes YesCharGen Scan UDP Dst Port = CharGen(19) Src IP Scan Yes YesX’mas Tree Scan TCP Flag: X’mas Src IP Scan Yes YesIMAPSYN/FIN ScanTCP Flag: SYN/FINDstPort: IMAP(143)SrcPort: 0 or 65535Src IP Scan Yes YesSYN/FIN/RST/ACK ScanTCPNo Existing session And Scan Hosts more than ve.Src IP Scan Yes YesNet Bus ScanTCPNo Existing sessionDstPort = Net Bus 12345,12346, 3456SrcIP Scan Yes YesBack Orice Scan UDP, DstPort = Orice Port (31337) SrcIP Scan Yes YesSYN FloodMax TCP Open Handshaking Count (Default 100 c/sec)YesICMP Flood Max ICMP Count (Default 100 c/sec) YesICMP Echo Max PING Count(Default 15 c/sec) Yes93

Src IP: Source IP Src Port: Source PortDst Port: Destination Port Dst IP: Destination IP94

Block WAN PingThis feature is to be enabled when you want the public WAN IP address on your router not to respond to any ping command.This feature is disabled by default. To activate the Block WAN PING feature, check the Enable box then click the Apply button.95

URL FilterURL (Uniform Resource Locator) (e.g. an address in the form of http://www.abcde.com or http://www.example.com) lter rule allows you to prevent users on your network from accessing specic websites dened by their URL. There are no predened URL lter rules, therefore you can add lter rules to meet your requirements. Keywords Filtering: Allow blocking against specic keywords within a particular URL rather than having to specify a complete URL (e.g. to block any image called “advertisement.gif”). When enabled, your specied keywords list will be checked to see if any keywords are present in URLs accessed to determine if the connection attempt should be blocked. Please note that the URL lter blocks web browser (HTTP) connection attempts using port 80 only.For example, if the URL is http://www.abc.com/abcde.html, it will be dropped as the keyword “abcde” occurs in the URL.Domains Filtering: This function checks the whole URL not the IP address, in URLs accessed against your list of domains to block or allow. If it is matched, the URL request will be sent (Trusted) or dropped (Forbidden). For this function to be activated, both check-boxes must be checked. Here is the checking procedure: 1. Check the domain in the URL to determine if it is in the trusted list. If yes, the connection attempt is sent to the remote web server.2. If not, check if it is listed in the forbidden list. If yes, then the connection attempt will be dropped.3. If the packet does not match either of the above two items, it is sent to the remote web server.96

4. Please be note that the completed URL, “www” + domain name shall be specied. For example to block trafc to www.google.com.au, enter “www.google” or “www.google.com”. Restrict URL Features: This function enhances the restriction to your URL rules.Block Java Applet: Blocks Web content which includes the Java Applet to prevent someone who wants to damage your system via the standard HTTP protocol.Block ActiveX: Blocks ActiveX.Block Cookies: Blocks Cookies.Block Proxy: Blocks Proxy.Except IP Address: The except IP address list.Time Schedule: It is self-dened time period. You may specify a time schedule for your prioritization policy. For setup and detail, refer to Time Schedule section.Log: Check this checking box if you wish to generate logs when the ler rule is applied to the URL Filter.Click Apply to conrm the settings.97

Navigation menu