Allnet ALL7007 Owner's manual

Category
Routers
Type
Owner's manual
ALL7007
Users Manual
2
Table of Contents
System
Chapter 1 Administrator …………………………………………………… 6
Admin …………………………………………………………… 8
Permitted IPs ………………………………………………….. 10
Logout ………………………………………………….………. 11
Software Update ………………………………………………. 12
Chapter 2 Configure ………………………………………………………… 13
Setting ………………………………………………….………. 22
Date/Time ……………………………………………………… 27
Multiple Subnet ………………………………...……………… 28
Route Table ……………………………………………….…… 33
DHCP …………………………………………………………… 37
DDNS ……………………………………………...…………… 39
Host Table ……………………………………………….…….. 41
Language ………………………………………………………… 42
Interface
Chapter 3 Interface ………………………………………………….……. 43
LAN …………………………………………………………….. 47
WAN ……………………………………………………………. 48
DMZ ……………………………………………………………. 52
Policy Object
3
Chapter 4 Address ………………………………………………………… 54
Example ………………………………………………………… 56
Chapter 5 Service …………………………………………………………. 64
Custom …………………………………………………………. 67
Group …………………………………………………………… 71
Chapter 6 Schedule ………………………………………………………. 74
Chapter 7 QoS …………………………………………………………….. 77
Example ……………………………………………………….. 80
Chapter 8 Authentication ………………………………………………… 83
Example ……………………………………………………….. 88
Chapter 9 Content Blocking ……………………………………………… 117
URL …………………………………………………………….. 121
Script …………………………………………………………… 124
P2P …………………………………………………………….. 126
IM ……………………………………………………………….. 128
Download ………………………………………………………. 130
Chapter 10 Virtual Server …………………………………………………... 132
Example ……………………………………………………….. 135
Chapter 11 VPN …………………………………………………………….. 151
Example ……………………………………………………….. 158
Policy
Chapter 12 Policy …………………………………………………………… 183
4
Example ………………………………………………………… 188
Mail Security
Chapter 13 Configure ………………………………………………………. 203
Mail Relay ……………………………………………………… 206
Chapter 14 Anti-Spam ……………………………………………….……… 211
Example ………………………………………………………….. 225
Chapter 15 Anti-Virus ……………………………………………….……… 272
Example ………………………………………………………… 277
IDP
Chapter 16 Configure ……………………………………………………… 287
Chapter 17 Signature ……………………………………………………… 291
Chapter 18 IDP Report …………………………………………………… 297
Monitor
Chapter 19 Log ……………………………………………………….…….. 299
Traffic …………………………………………………………… 301
Event …………………………………………………………… 305
Connection …………………………………………………….. 308
Log Backup ……………………………………………………. 311
Chapter 20 Statistics ……………………………………………….……….. 313
WAN ……………………………………………………………. 315
Policy …………………………………………………………… 317
5
Chapter 21 Status …………………………………………………………… 319
Interface ………………………………………………………… 320
ARP Table …………………………………………………….. 321
DHCP Clients …………………………………………………. 322
6
Chapter 1
System
“System” is the managing of settings such as the privileges of packets that pass
through ALL7007 and monitoring controls. The System Administrators can
manage, monitor, and configure the ALL7007 settings. But all configurations are
“read-only” for all users other than the System Administrator; those users are not
able to change any setting of the ALL7007.
7
Define the required fields of Administrator
Administrator Name:
The username of Administrators and Sub-Administrator for the ALL7007.
The admin user name cannot be removed; and the sub-admin user can be
removed or configure.
The default Account: admin; Password: admin
Privilege:
The privileges of Administrators (Admin or Sub Admin). The username of
the main Administrator is Administrator with reading / writing privilege.
Administrator also can change the system setting, log system status, and to
increase or delete sub-administrator. Sub Admin may be created by the
Admin by clicking
New Sub Admin
. Sub Admin have only read and
monitor privilege and cannot change any system setting value.
Configure:
Click Modify to change the “Sub-Administrator’s” password or click
Remove to delete a “Sub Administrator.”
8
Adding a new Sub Administrator
STEP 1In the Admin WebUI, click the New Sub Admin button to create a
new Sub Administrator.
STEP 2In the Add New Sub Administrator WebUI (Figure 1-1) and enter the
following setting:
Sub Admin Name: sub_admin
Password: 12345
Confirm Password: 12345
STEP 3Click OK to add the user or click Cancel to cancel it.
Figure1-1 Add New Sub Admin
9
Modify the Administrators Password
STEP 1In the Admin WebUI, locate the Administrator name you want to edit,
and click on Modify in the Configure field.
STEP 2The Modify Administrator Password WebUI will appear. Enter the
following information:
Password: admin
New Password: 52364
Confirm Password: 52364 (Figure1-2)
STEP 3Click OK to confirm password change or click Cancel to cancel it.
Figure1-2 Modify Admin Password
10
Add Permitted IPs
STEP 1Add the following setting in Permitted IPs of Administration:
(Figure1-3)
Name: Enter master
IP Address: Enter 163.173.56.11
Netmask: Enter 255.255.255.255
Service: Select Ping and WebUI
Click OK
Complete add new permitted IPs (Figure1-4)
Figure1-3 Setting Permitted IPs WebUI
Figure1-4 Complete Add New Permitted IPs
To make Permitted IPs be effective, it must cancel the Ping and WebUI selection
in the WebUI of ALL7007 that Administrator enter. (LAN, WAN, or DMZ Interface)
Before canceling the WebUI selection of Interface, must set up the Permitted IPs first,
otherwise, it would cause the situation of cannot enter WebUI by appointed Interface.
11
Logout
STEP 1Click Logout in System to protect the system while Administrator are
away. (Figure1-5)
Figure1-5 Confirm Logout WebUI
STEP 2Click OK and the logout message will appear in WebUI. (Figure1-6)
Figure1-6 Logout WebUI Message
12
Software Update
STEP 1Select Software Update in System, and follow the steps below:
To obtain the version number from Version Number and obtain the
latest version from Internet. And save the latest version in the
hardware of the PC, which manage the ALL7007
Click Browse and choose the latest software version file.
Click OK and the system will update automatically. (Figure1-7)
Figure1-7 Software Update
It takes 3 minutes to update software. The system will reboot after update. During
the updating time, please don’t turn off the PC or leave the WebUI. It may cause some
unexpected mistakes. (Strong suggests updating the software from LAN to avoid
unexpected mistakes.)
13
Chapter 2
Configure
The Configure is according to the basic setting of the ALL7007. In this
chapter the definition is Setting, Date/Time, Multiple Subnet, Hacker Alert,
Blaster Alert, Route Table, DHCP, Dynamic DNS, Hosts Table, Mail Relay,
SNMP and Language settings.
14
Define the required fields of Settings
ALL7007 Configuration:
The Administrator can import or export the system settings. Click OK to
import the file into the ALL7007 or click Cancel to cancel importing. You
also can revive to default value here.
Email Settings:
Select Enable E-mail Alert Notification under E-mail Settings. This
function will enable the ALL7007 to send e-mail alerts to the System
Administrator when the network is being attacked by hackers or when
emergency conditions occur. (It can be set from Settings-Hacker Alert in
System to detect Hacker Attacks)
Web Management (WAN Interface):
The System Manager can change the port number used by HTTP port
anytime. (Remote WebUI management)
After HTTP port has changed, if the administrator want to enter WebUI from WAN,
will have to change the port number of browser. (For example:
http://61.62.108.172:8080)
MTU Setting:
It provides the Administrator to modify the networking package length
anytime. Its default value is 1500 Bytes.
Link Speed / Duplex Mode:
By this function can set the transmission speed and mode of WAN Port
when connecting other device.
15
Administration Packet Logging:
After enable this function; the ALL7007 will record packet which source IP or
destination address is ALL7007. And record in Traffic Log for System
Manager to inquire about.
Define the required fields of Time Settings
Synchronize Time/Date:
Synchronizing the ALL7007 with the System Clock. The administrator can
configure the ALL7007’s date and time by either syncing to an Internet
Network Time Server (NTP) or by syncing to your computer’s clock.
GMT:
International Standard Time (Greenwich Mean Time)
Define the required fields of Multiple Subnet
Multiple Mode:
To display the mode that Multiple Subnet use. (NAT mode or Routing Mode)
WAN Interface Address:
The IP address that Multiple Subnet corresponds to WAN.
LAN Interface Address/Subnet Netmask:
The Multiple Subnet range.
16
NAT Mode:
It allows Internal Network to set multiple subnet address and connect with
the Internet through different WAN IP Addresses. For exampleThe lease
line of a company applies several real IP Addresses 168.85.88.0/24, and the
company is divided into R&D department, service, sales department,
procurement department, accounting department, the company can
distinguish each department by different subnet for the purpose of
managing conveniently. The settings are as the following
1. R&D department subnet192.168.1.1/24(LAN) ÅÆ 168.85.88.253(WAN)
2. Service department subnet 192.168.2.1/24(LAN) ÅÆ
168.85.88.252(WAN)
3. Sales department subnet 192.168.3.1/24(LAN) ÅÆ
168.85.88.251(WAN)
4. Procurement department subnet
192.168.4.1/24(LAN) ÅÆ 168.85.88.250(WAN)
5. Accounting department subnet
192.168.5.1/24(LAN) ÅÆ 168.85.88.249(WAN)
The first department (R&D department) had set while setting interface IP; the
other four ones have to be added in Multiple Subnet. After completing the
settings, each department uses the different WAN IP Address to connect to the
Internet. The settings of each department are as following:
Service Sales Procurement Accounting
IP Address 192.168.2.2~254 192.168.3.2~254 192.168.4.2~254 192.168.5.2~254
Subnet Netmask 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
Gateway 192.168.2.1 192.168.3.1 192.168.4.1 192.168.5.1
Routing Mode:
It is the same as NAT mode approximately but does not have to correspond
to the real WAN IP address, which let internal PC to access to Internet by its
own IP. (External user also can use the IP to connect with the Internet)
17
Define the required fields of Hacker Alert
Detect SYN attack:
Select this option to detect TCP SYN attacks that hackers send to server
computers continuously to block or cut down all the connections of the
servers. These attacks will cause valid users cannot connect to the servers.
SYN Flood Threshold(Total) Pkts/Sec: The system Administrator
can enter the maximum number of SYN packets per second that is
allowed to enter the network/ALL7007. If the value exceeds the setting
one, and then the device will determine it as an attack.
SYN Flood Threshold(Per Source IP) Pkts/Sec: The system
Administrator can enter the maximum number of SYN packets per
second from attacking source IP Address that is allowed to enter the
network/ALL7007. And if value exceeds the setting one, and then the
device will determine it as an attack.
SYN Flood Threshold Blocking Time(Per Source IP) Seconds:
When the ALL7007 determines as being attacked, it will block the
attacking source IP address in the blocking time you set. After blocking
for certain seconds, the device will start to calculate the max number of
SYN packets from attacking source IP Address. And if the max number
still exceed the define value, it will block the attacking IP Address
continuously.
Detect ICMP Attack:
When Hackers continuously send PING packets to all the machines of the
LAN networks or to the ALL7007 via broadcasting, your network is
experiencing an ICMP flood attack.
ICMP Flood Threshold( Total) Pkts/Sec: The System
Administrator can enter the maximum number of ICMP packets per
second that is allow to enter the network/ALL7007. If the value exceeds
the setting one, and then the device will determine it as an attack.
ICMP Flood Threshold(Per Source IP)Pkts/Sec: The System
18
Administrator can enter the maximum number of ICMP packets per
second from attacking source IP Address that is allow to enter the
network / ALL7007. If the value exceeds the setting one, and then the
device will determine it as an attack.
ICMP Flood Threshold Blocking Time(Per Source
IP)Seconds:When the ALL7007 determines as being attacked, it will
block the attacking source IP address in the blocking time you set. After
blocking for certain seconds, the device will start to calculate the max
number of ICMP packets from attacking source IP Address. And if the
max number still exceed the define value, it will block the attacking IP
Address continuously.
Detect UDP Attack:
When Hackers continuously send PING packets to all the machines of the
LAN networks or to the ALL7007 via broadcasting, your network is
experiencing an UDP attack.
UDP Flood Threshold(Total)Pkts/Sec: The System Administrator
can enter the maximum number of UDP packets per second that is
allow to enter the network/ALL7007. If the value exceeds the setting
one, and then the device will determine it as an attack.
UDP Flood Threshold(Per Source IP)Pkts/Sec: The System
Administrator can enter the maximum number of UDP packets per
second from attacking source IP Address that is allow to enter the
network/ALL7007. If the value exceeds the setting one, and then the
device will determine it as an attack.
UDP Flood Threshold Blocking Time ( Per Source IP) Seconds:
When ALL7007 determines as being attacked, it will block the attacking
source IP in the blocking time you set. After blocking for certain
seconds, the device will start to calculate the max number of UPD
packets from attacking source IP. If the max number still exceed the
define value, it will block the attacking IP Address continuously.
19
Detect Ping of Death Attack:
Select this option to detect the attacks of tremendous trash data in PING
packets that hackers send to cause System malfunction. This attack can
cause network speed to slow down, or even make it necessary to restart the
computer to get a normal operation.
Detect IP Spoofing Attack:
Select this option to detect spoof attacks. Hackers disguise themselves as
trusted users of the network in Spoof attacks. They use a fake identity to
try to pass through the ALL7007 System and invade the network.
Detect Port Scan Attack:
Select this option to detect the port scans hackers use to continuously scan
networks on the Internet to detect computers and vulnerable ports that are
opened by those computers.
Detect Tear Drop Attack:
Select this option to detect tear drop attacks. These are packets that are
segmented to small packets with negative length. Some Systems treat the
negative value as a very large number, and copy enormous data into the
System to cause System damage, such as a shut down or a restart.
Filter IP Route Option:
Each IP packet can carry an optional field that specifies the replying address
that can be different from the source address specified in packet’s header.
Hackers can use this address field on disguised packets to invade LAN
networks and send LAN networks’ data back to them.
20
Detect Land Attack:
Some Systems may shut down when receiving packets with the same
source and destination addresses, the same source port and destination
port, and when SYN on the TCP header is marked. Enable this function to
detect such abnormal packets.
After System Manager start Hacker Alert, if the ALL7007 has detected any
abnormal situation, the alarm message will appear in Alarm- Event Alarm. And if the
system manager starts the E-mail Alert Notification in Settings, the device will send
e-mail to alarm the system manager automatically. As for to enable SNMP Trap Alert
Notification in SNMP function, then instant message can appear in the software of
SNMP Trap client.
Define the required fields of DHCP
Subnet:
The domain name of LAN
NetMask:
The LAN Netmask
Gateway:
The default Gateway IP address of LAN
Broadcast IP:
The Broadcast IP of LAN
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37
  • Page 38 38
  • Page 39 39
  • Page 40 40
  • Page 41 41
  • Page 42 42
  • Page 43 43
  • Page 44 44
  • Page 45 45
  • Page 46 46
  • Page 47 47
  • Page 48 48
  • Page 49 49
  • Page 50 50
  • Page 51 51
  • Page 52 52
  • Page 53 53
  • Page 54 54
  • Page 55 55
  • Page 56 56
  • Page 57 57
  • Page 58 58
  • Page 59 59
  • Page 60 60
  • Page 61 61
  • Page 62 62
  • Page 63 63
  • Page 64 64
  • Page 65 65
  • Page 66 66
  • Page 67 67
  • Page 68 68
  • Page 69 69
  • Page 70 70
  • Page 71 71
  • Page 72 72
  • Page 73 73
  • Page 74 74
  • Page 75 75
  • Page 76 76
  • Page 77 77
  • Page 78 78
  • Page 79 79
  • Page 80 80
  • Page 81 81
  • Page 82 82
  • Page 83 83
  • Page 84 84
  • Page 85 85
  • Page 86 86
  • Page 87 87
  • Page 88 88
  • Page 89 89
  • Page 90 90
  • Page 91 91
  • Page 92 92
  • Page 93 93
  • Page 94 94
  • Page 95 95
  • Page 96 96
  • Page 97 97
  • Page 98 98
  • Page 99 99
  • Page 100 100
  • Page 101 101
  • Page 102 102
  • Page 103 103
  • Page 104 104
  • Page 105 105
  • Page 106 106
  • Page 107 107
  • Page 108 108
  • Page 109 109
  • Page 110 110
  • Page 111 111
  • Page 112 112
  • Page 113 113
  • Page 114 114
  • Page 115 115
  • Page 116 116
  • Page 117 117
  • Page 118 118
  • Page 119 119
  • Page 120 120
  • Page 121 121
  • Page 122 122
  • Page 123 123
  • Page 124 124
  • Page 125 125
  • Page 126 126
  • Page 127 127
  • Page 128 128
  • Page 129 129
  • Page 130 130
  • Page 131 131
  • Page 132 132
  • Page 133 133
  • Page 134 134
  • Page 135 135
  • Page 136 136
  • Page 137 137
  • Page 138 138
  • Page 139 139
  • Page 140 140
  • Page 141 141
  • Page 142 142
  • Page 143 143
  • Page 144 144
  • Page 145 145
  • Page 146 146
  • Page 147 147
  • Page 148 148
  • Page 149 149
  • Page 150 150
  • Page 151 151
  • Page 152 152
  • Page 153 153
  • Page 154 154
  • Page 155 155
  • Page 156 156
  • Page 157 157
  • Page 158 158
  • Page 159 159
  • Page 160 160
  • Page 161 161
  • Page 162 162
  • Page 163 163
  • Page 164 164
  • Page 165 165
  • Page 166 166
  • Page 167 167
  • Page 168 168
  • Page 169 169
  • Page 170 170
  • Page 171 171
  • Page 172 172
  • Page 173 173
  • Page 174 174
  • Page 175 175
  • Page 176 176
  • Page 177 177
  • Page 178 178
  • Page 179 179
  • Page 180 180
  • Page 181 181
  • Page 182 182
  • Page 183 183
  • Page 184 184
  • Page 185 185
  • Page 186 186
  • Page 187 187
  • Page 188 188
  • Page 189 189
  • Page 190 190
  • Page 191 191
  • Page 192 192
  • Page 193 193
  • Page 194 194
  • Page 195 195
  • Page 196 196
  • Page 197 197
  • Page 198 198
  • Page 199 199
  • Page 200 200
  • Page 201 201
  • Page 202 202
  • Page 203 203
  • Page 204 204
  • Page 205 205
  • Page 206 206
  • Page 207 207
  • Page 208 208
  • Page 209 209
  • Page 210 210
  • Page 211 211
  • Page 212 212
  • Page 213 213
  • Page 214 214
  • Page 215 215
  • Page 216 216
  • Page 217 217
  • Page 218 218
  • Page 219 219
  • Page 220 220
  • Page 221 221
  • Page 222 222
  • Page 223 223
  • Page 224 224
  • Page 225 225
  • Page 226 226
  • Page 227 227
  • Page 228 228
  • Page 229 229
  • Page 230 230
  • Page 231 231
  • Page 232 232
  • Page 233 233
  • Page 234 234
  • Page 235 235
  • Page 236 236
  • Page 237 237
  • Page 238 238
  • Page 239 239
  • Page 240 240
  • Page 241 241
  • Page 242 242
  • Page 243 243
  • Page 244 244
  • Page 245 245
  • Page 246 246
  • Page 247 247
  • Page 248 248
  • Page 249 249
  • Page 250 250
  • Page 251 251
  • Page 252 252
  • Page 253 253
  • Page 254 254
  • Page 255 255
  • Page 256 256
  • Page 257 257
  • Page 258 258
  • Page 259 259
  • Page 260 260
  • Page 261 261
  • Page 262 262
  • Page 263 263
  • Page 264 264
  • Page 265 265
  • Page 266 266
  • Page 267 267
  • Page 268 268
  • Page 269 269
  • Page 270 270
  • Page 271 271
  • Page 272 272
  • Page 273 273
  • Page 274 274
  • Page 275 275
  • Page 276 276
  • Page 277 277
  • Page 278 278
  • Page 279 279
  • Page 280 280
  • Page 281 281
  • Page 282 282
  • Page 283 283
  • Page 284 284
  • Page 285 285
  • Page 286 286
  • Page 287 287
  • Page 288 288
  • Page 289 289
  • Page 290 290
  • Page 291 291
  • Page 292 292
  • Page 293 293
  • Page 294 294
  • Page 295 295
  • Page 296 296
  • Page 297 297
  • Page 298 298
  • Page 299 299
  • Page 300 300
  • Page 301 301
  • Page 302 302
  • Page 303 303
  • Page 304 304
  • Page 305 305
  • Page 306 306
  • Page 307 307
  • Page 308 308
  • Page 309 309
  • Page 310 310
  • Page 311 311
  • Page 312 312
  • Page 313 313
  • Page 314 314
  • Page 315 315
  • Page 316 316
  • Page 317 317
  • Page 318 318
  • Page 319 319
  • Page 320 320
  • Page 321 321
  • Page 322 322
  • Page 323 323

Allnet ALL7007 Owner's manual

Category
Routers
Type
Owner's manual

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI