Planet MH-2001 User manual
MH-2001 Multi-Homing Security Gateway User’s Manual
Multi-Homing Security
Gateway
MH-2001
User’s Manual
MH-2001 Multi-Homing Security Gateway User’s Manual
Copyright
Copyright© 2007 by PLANET Technology Corp. All rights reserved. No part of this publication may be
reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language or computer
language, in any form or by any means, electronic, mechanical, magnetic, optical, chemical, manual or
otherwise, without the prior written permission of PLANET.
PLANET makes no representations or warranties, either expressed or implied, with respect to the contents
hereof and specifically disclaims any warranties, merchantability or fitness for any particular purpose. Any
software described in this manual is sold or licensed "as is". Should the programs prove defective following
their purchase, the buyer (and not this company, its distributor, or its dealer) assumes the entire cost of all
necessary servicing, repair, and any incidental or consequential damages resulting from any defect in the
software. Further, this company reserves the right to revise this publication and to make changes from time
to time in the contents hereof without obligation to notify any person of such revision or changes.
All brand and product names mentioned in this manual are trademarks and/or registered trademarks of their
respective holders.
Disclaimer
PLANET Technology does not warrant that the hardware will work properly in all environments and
applications, and makes no warranty and representation, either implied or expressed, with respect to the
quality, performance, merchantability, or fitness for a particular purpose.
PLANET has made every effort to ensure that this User’s Manual is accurate; PLANET disclaims liability
for any inaccuracies or omissions that may have occurred.
Information in this User’s Manual is subject to change without notice and does not represent a commitment
on the part of PLANET. PLANET assumes no responsibility for any inaccuracies that may be contained in
this User’s Manual. PLANET makes no commitment to update or keep current the information in this User’s
Manual, and reserves the right to make improvements to this User’s Manual and/or to the products described
in this User’s Manual, at any time without notice.
If you find information in this manual that is incorrect, misleading, or incomplete, we would appreciate your
comments and suggestions.
Trademarks
The PLANET logo is a trademark of PLANET Technology.
This documentation may refer to numerous hardware and software products by their trade names. In most, if
not all cases, these designations are claimed as trademarks or registered trademarks by their respective
companies.
CE mark Warning
This is a class B device, in a domestic environment; this product may cause radio interference, in which case the user
may be required to take adequate measures.
Federal Communication Commission Interference Statement
This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to
Part 15 of FCC Rules. These limits are designed to provide reasonable protection against harmful
interference in a residential installation. This equipment generates, uses, and can radiate radio frequency
energy and, if not installed and used in accordance with the instructions, may cause harmful interference to
radio communications. However, there is no guarantee that interference will not occur in a particular
installation. If this equipment does cause harmful interference to radio or television reception, which can
be determined by turning the equipment off and on, the user is encouraged to try to correct the interference
by one or more of the following measures:
1. Reorient or relocate the receiving antenna.
2. Increase the separation between the equipment and receiver.
3. Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
4. Consult the dealer or an experienced radio technician for help.
MH-2001 Multi-Homing Security Gateway User’s Manual
FCC Caution:
To assure continued compliance (example-use only shielded interface cables when connecting to computer or
peripheral devices). Any changes or modifications not expressly approved by the party responsible for
compliance could void the user’s authority to operate the equipment.
This device complies with Part 15 of the FCC Rules. Operation is subject to the Following two conditions: (1)
This device may not cause harmful interference, and (2) this Device must accept any interference received,
including interference that may cause undesired operation.
R&TTE Compliance Statement
This equipment complies with all the requirements of DIRECTIVE 1999/5/EC OF THE EUROPEAN
PARLIAMENT AND THE COUNCIL OF 9 March 1999 on radio equipment and telecommunication
terminal Equipment and the mutual recognition of their conformity (R&TTE)
The R&TTE Directive repeals and replaces in the directive 98/13/EEC (Telecommunications Terminal
Equipment and Satellite Earth Station Equipment) As of April 8, 2000.
WEEE Caution
To avoid the potential effects on the environment and human health as a result of the presence of hazardous
substances in electrical and electronic equipment, end users of electrical and electronic equipment should
understand the meaning of the crossed-out wheeled bin symbol. Do not dispose of WEEE as unsorted
municipal waste and have to collect such WEEE separately.
Safety
This equipment is designed with the utmost care for the safety of those who install and use it. However,
special attention must be paid to the dangers of electric shock and static electricity when working with
electrical equipment. All guidelines of this and of the computer manufacture must therefore be allowed at all
times to ensure the safe use of the equipment.
Customer Service
For information on customer service and support for the Multi-Homing Security Gateway, please refer to the following
Website URL:
http://www.planet.com.tw
Before contacting customer service, please take a moment to gather the following information:
♦Multi-Homing Security Gateway serial number and MAC address
♦Any error messages that displayed when the problem occurred
♦Any software running when the problem occurred
♦Steps you took to resolve the problem on your own
Revision
User’s Manual for PLANET Multi-Homing Security Gateway
Model: MH-2001
Rev: 1.0 (April, 2007)
MH-2001 Multi-Homing Security Gateway User’s Manual
Table of Contents
CHAPTER 1: INTRODUCTION ........................................................................................................................ 1
1.1FEATURES................................................................................................................................................................1
1.2 PACKAGE CONTENTS ..............................................................................................................................................2
1.3 MH-2001 FRONT VIEW...........................................................................................................................................2
1.4 MH-2001 REAR PANEL...........................................................................................................................................3
1.5 SPECIFICATION ........................................................................................................................................................4
CHAPTER 2: HARDWARE INSTALLATION.................................................................................................... 5
2.1 INSTALLATION REQUIREMENTS ...............................................................................................................................5
2.2 OPERATION MODE...................................................................................................................................................6
2.2.1 Transparent Mode Connection Example...................................................................................................6
2.2.2 NAT Mode Connecting Example................................................................................................................7
CHAPTER 3: GETTING STARTED .................................................................................................................. 8
3.1 WEB CONFIGURATION.............................................................................................................................................8
3.2 CONFIGURE WAN 1INTERFACE .............................................................................................................................9
3.3 CONFIGURE WAN 2INTERFACE ...........................................................................................................................11
3.4 CONFIGURE DMZ INTERFACE...............................................................................................................................11
3.5 CONFIGURE POLICY .............................................................................................................................................. 11
CHAPTER 4: SYSTEM ................................................................................................................................... 13
4.1ADMINISTRATION....................................................................................................................................................13
4.1.1 Admin ...........................................................................................................................................................13
4.1.2 Permitted IPs...............................................................................................................................................16
4.1.3 Software Update.........................................................................................................................................17
4.2 CONFIGURE ...........................................................................................................................................................18
4.2.1 Setting..........................................................................................................................................................18
4.2.2 Date/Time....................................................................................................................................................24
4.2.3 Multiple Subnet...........................................................................................................................................25
4.2.4 Route Table .................................................................................................................................................28
4.2.5 DHCP...........................................................................................................................................................29
4.2.6 Dynamic DNS..............................................................................................................................................30
4.2.7 Host Table....................................................................................................................................................32
4.2.8 Language.....................................................................................................................................................32
4.3 LOGOUT.................................................................................................................................................................33
CHAPTER 5: INTERFACE.............................................................................................................................. 34
MH-2001 Multi-Homing Security Gateway User’s Manual
5.1 LAN.......................................................................................................................................................................34
5.2 WAN......................................................................................................................................................................35
5.3 DMZ......................................................................................................................................................................40
CHAPTER 6: POLICY OBJECT..................................................................................................................... 42
6.1ADDRESS...............................................................................................................................................................42
6.1.1 LAN...............................................................................................................................................................42
6.1.2 LAN Group...................................................................................................................................................44
6.1.3 WAN.............................................................................................................................................................45
6.1.4 WAN Group.................................................................................................................................................46
6.1.5 DMZ..............................................................................................................................................................47
6.1.6 DMZ Group..................................................................................................................................................49
6.1.7 Example1.....................................................................................................................................................51
6.1.8 Example2.....................................................................................................................................................53
6.2 SERVICE ................................................................................................................................................................56
6.2.1 Pre-defined..................................................................................................................................................56
6.2.2 Custom.........................................................................................................................................................57
6.2.3 Group............................................................................................................................................................58
6.3 SCHEDULE.............................................................................................................................................................60
6.4 QOS.......................................................................................................................................................................61
6.5AUTHENTICATION...................................................................................................................................................63
6.5.1 Auth Setting.................................................................................................................................................63
6.5.2 Auth User.....................................................................................................................................................64
6.5.3 Auth User Group.........................................................................................................................................67
6.5.4 Radius Server .............................................................................................................................................70
6.5.5 POP3............................................................................................................................................................90
6.6 CONTENT BLOCKING .............................................................................................................................................92
6.6.1 URL Blocking...............................................................................................................................................92
6.6.2 Script Blocking............................................................................................................................................94
6.6.3 Download Blocking.....................................................................................................................................95
6.6.4 Upload Blocking..........................................................................................................................................96
6.7 IM/P2PBLOCKING ................................................................................................................................................97
6.8 VIRTUAL SERVER...................................................................................................................................................98
6.8.1 Mapped IP ...................................................................................................................................................99
6.8.2 Virtual Server 1- 4.....................................................................................................................................102
6.9 VPN.....................................................................................................................................................................104
6.9.1 Example.1...................................................................................................................................................111
6.9.2 Example.2..................................................................................................................................................124
6.9.3 Example.3..................................................................................................................................................182
6.9.4 Example.4..................................................................................................................................................195
MH-2001 Multi-Homing Security Gateway User’s Manual
6.9.5 Example.5..................................................................................................................................................208
6.9.6 Example.6..................................................................................................................................................218
CHAPTER 7: POLICY................................................................................................................................... 235
7.1 OUTGOING...........................................................................................................................................................238
7.2 INCOMING ............................................................................................................................................................242
7.3 WAN TO DMZ &LANTO DMZ .........................................................................................................................244
7.4 DMZTO WAN &DMZTO LAN .........................................................................................................................247
CHAPTER 8: ANOMALY FLOW IP .............................................................................................................. 253
CHAPTER 9: MONITOR............................................................................................................................... 261
9.1 LOG......................................................................................................................................................................261
9.1.1 Traffic Log..................................................................................................................................................262
9.1.2 Event ..........................................................................................................................................................264
9.1.3 Connection Log.........................................................................................................................................266
9.1.4 Log Backup................................................................................................................................................268
9.2ACCOUNTING REPORT.........................................................................................................................................270
9.2.1 Setting........................................................................................................................................................270
9.2.2 Outbound......................................................................................................................................................273
9.2.3 Inbound ........................................................................................................................................................277
9.3 STATISTICS ..........................................................................................................................................................280
9.3.1 WAN Statistics...........................................................................................................................................281
9.3.2 Policy Statistics.........................................................................................................................................284
9.4 WAKE ON LAN......................................................................................................................................................286
9.5 STATUS ................................................................................................................................................................287
9.5.1 Interface Status.........................................................................................................................................287
9.5.2 Authentication............................................................................................................................................289
9.5.3 ARP Table..................................................................................................................................................290
9.5.4 DHCP Clients............................................................................................................................................291
MH-2001 Multi-Homing Security Gateway User’s Manual
Chapter 1: Introduction
As Internet become essential for your business, the only way to prevent your Internet connection from failure
is to have more than one connection. PLANET’s Multi-Homing Security Gateway MH-2001 reduces the risk
of potential shutdown if one of the Internet connections should fail. In addition, they allow you to perform
load-balancing by distributing the traffic through two WAN connections.
Not only is a multi-homing device, PLANET’s MH-2001 also provides a complete security solution in a box.
The policy-based firewall, Intrusion detection and prevention, content filtering function and VPN connectivity
with 3DES and AES encryption make it become a perfect product for your network security. No more
complex connection and settings for integrating different security products on the network is required.
Bandwidth management function is also supported on MH-2001 to offers network administrators an easy
and powerful means to allocate network resources based on business priorities, and to shape and control
bandwidth usage.
1.1 Features
WAN Backup: The MH-2001 can monitor each WAN link status and automatically activate backup links
when a failure is detected. The detection is based on the configurable target Internet addresses.
Outbound Load Balancing: The network sessions are assigned based on the user configurable load
balancing mode, including “Auto”, “Round-Robin”, “By Traffic”, “By Session”, “By Packet”, “By Source IP”
and “By Destination IP”. User can also configure which IP or TCP/UDP type of traffic use which WAN
port to connect.
Policy-based Firewall: The built-in policy-based firewall prevent many known hacker attack including
SYN attack, ICMP flood, UDP flood, Ping of Death, etc. The access control function allowed only
specified WAN or LAN users to use only allowed network services on specified time.
VPN Connectivity: The security gateway support PPTP and IPSec VPN. With DES, 3DES and AES
encryption and SHA-1 / MD5 authentication, the network traffic over public Internet is secured.
Content Filtering: The security gateway can block network connection based on URLs, Scripts (The
Pop-up, Java Applet, cookies and Active X), P2P (eDonkey, Bit Torrent and WinMX), Instant Messaging
(MSN, Yahoo Messenger, ICQ, QQ and Skype) and Download/Upload blocking.
Dynamic Host Control Protocol (DHCP) server: DHCP server can allocate up to 253 client IP
addresses and distribute them including IP address, subnet mask as well as DNS IP address to local
computers. It provides an easy way to manage the local IP network.
Web based GUI: MH-2001 supports web based GUI for configuration and management. It also supports
multiple language including English, Traditional Chinese and Simplified Chinese.
User Authentication: User database can be configured on the devices, MH-2001 also supports the
authenticated database through external RADIUS and POP3 server.
Bandwidth Management: Network packets can be classified based on IP address, IP subnet and
- 1 -
MH-2001 Multi-Homing Security Gateway User’s Manual
TCP/UDP port number and give guarantee and burst bandwidth with three levels of priority
Dynamic Domain Name System (DDNS): The Dynamic DNS service allows users to alias a dynamic
IP address to a static hostname.
Multiple NAT: Multiple NAT allows local port to set multiple subnet and connect to the Internet through
different WAN IP addresses.
Server Load Balancing: Up to 4 group virtual servers support server load balancing
Accounting Report: Accounting report function can monitor the information about the Intranet and
External network traffic via MH-2001.
1.2 Package Contents
The following items should be included:
MH-2001
Multi-Homing Security Gateway x 1
User’s Manual CD-ROM x 1
Quick Installation Guide x 1
Power Adapter x 1
Cat5 Cable x 1
Mat x 4
If any of the contents are missing or damaged, please contact your dealer or distributor immediately.
1.3 MH-2001 Front View
MH-2001 Front Panel
LED / Button Definition
LED / Button Description
Reset Button Press this button to restore factory default setting.
PWR Power is supplied to this device.
STATUS Blinks to indicate this devise is being turned on and
booting. After four minutes, this LED indicator will stop
blinking, it means this device is now ready to use.
WAN1, WAN2,
LAN, DMZ Steady on indicates the port is connected to other
network device.
Blink to indicates there is traffic on the port
- 2 -
MH-2001 Multi-Homing Security Gateway User’s Manual
- Port definition
Port Description
WAN1, WAN2 Connect to your xDSL/Cable modem or other Internet
connection devices
LAN Connect to your local PC, switch or other local network
device
DMZ Connect to your server or other network device
1.4 MH-2001 Rear Panel
MH-2001 Rear Panel
DC Power: connect one end of the power supply to this port, the other end to the electrical wall outlet.
- 3 -
MH-2001 Multi-Homing Security Gateway User’s Manual
1.5 Specification
Product Multi-Homing Security Gateway
Model MH-2001
Hardware LAN 1 x 10/100Mbps RJ-45
WAN 2 x 10/100Mbps RJ-45
Ethernet
DMZ 1 x 10/100Mbps RJ-45
Button Reset button for reset to factory default setting
Software
Management Web
Network Connection DMZ_NAT, DMZ_Transparent, NAT
Routing Protocol Static Route, RIPv2
Outbound Load Balancing Policy-based routing
Load-balancing by Round-Robin, traffic, session, packet, Source IP and
Destination IP
Firewall Policy-based firewall rule with schedule
NAT/ NAPT
SPI firewall
Prevention of SYN attack, ICMP Flood, UDP flood, Ping of Death, Tear Drop,
IP Spoofing, IP route, Port Scan and Land attack
VPN Tunnels
(Configure/Connection)
200/100
VPN Functions PPTP, IPSec
DES, 3DES and AES encrypting
SHA-1 / MD5 authentication algorithm
Remote access VPN (Client-to-Site) and Site to Site VPN
Content Filtering URL blocking, Script blocking (Popup, JavaApplet, cookies andActive X)
IM blocking (MSN, Yahoo Messenger, ICQ, QQ and Skype)
P2P blocking (eDonkey, Bit Torrent and WinMX)
Download and Upload blocking
Bandwidth Management Policy-based bandwidth management
Guarantee and maximum bandwidth with 3 priority levels
Classify traffics based on IP, IP subnet, TCP/UDP port
User authentication Built-in user database with up to 200 entries
Radius, POP3 authentication support
Accounting Report Outbound/Inbound accounting report statistics by Source IP, Destination IP
and Service
Log and Alarm Log and alarm for event and traffic
Log can be saved from web, sent by e-mail or sent to syslog server
Statistics Traffic statistic for interface (WAN 1/2) and policies
Graphic display
Record up to 30 days
Others Firmware Upgradeable through Web
Configuration Backup and Restore through Web
Dynamic DNS
NTP support
DHCP server
Multiple NAT and multiple DMZ (mapped IP) support
Server load balancing
- 4 -
MH-2001 Multi-Homing Security Gateway User’s Manual
Chapter 2: Hardware Installation
2.1 Installation Requirements
Before installing MH-2001, make sure your network meets the following requirements.
- Mechanical Requirements
MH-2001 is installed between your Internet connection and local area network. You can place it on the
table or rack, and locate the unit near the power outlet.
- Electrical Requirements
MH-2001 is a power-required device, which means, it will not work until it is powered. If your network PCs
will need to transmit data all the time, please consider use an UPS (Uninterrupted Power Supply) for your
MH-2001. It will prevent you from network data loss. In some area, installing a surge suppression device
may also help to protect your device from being damaged by unregulated surge or current to the MH-2001.
- Network Requirements
In order for MH-2001 to secure your network traffic, the traffic must pass through the device at a useful
point in a network. In most situations, MH-2001 should be placed behind the Internet connection device.
- 5 -
MH-2001 Multi-Homing Security Gateway User’s Manual
- 6 -
2.2 Operation Mode
MH-2001 DMZ port supports three operation modes, Disable, NAT and Transparent. In Disable mode, the
DMZ port is not active. In transparent mode, MH-2001 works as proxy with forward DMZ packet to WAN
and forward WAN packet to DMZ. The DMZ and WAN side IP addresses are in the same subnet. In NAT
mode, DMZ side user will share one public IP address of WAN port to make Internet connection. Please
find the following two pictures for example.
2.2.1 Transparent Mode Connection Example
LAN PC1
192.168.1.2 LAN PC2
192.168.1.3
Internet
DMZ Transparent
To WAN1
WAN2
62.22.22.22
WAN1
61.11.11.11
DMZ PC1
61.11.11.12 DMZ PC2
61.11.11.13
ISP1
ADSL / Cable
Modem
ISP2
ADSL / Cable
Modem
LAN
192.168.1.1
255.255.255.0
MH-2001
The WAN1 and DMZ side IP addresses are on the same subnet. This application is suitable if you have a
subnet of IP addresses and you do not want to change any IP configuration on the subnet.
MH-2001 Multi-Homing Security Gateway User’s Manual
2.2.2 NAT Mode Connecting Example
DMZ and WAN1 IP addresses are on the different subnet. This provides higher security level then
transparent mode.
- 7 -
MH-2001 Multi-Homing Security Gateway User’s Manual
Chapter 3: Getting Started
3.1 Web Configuration
STEP 1:
Connect the Administrator’s PC and the LAN port of MH-2001 to a hub or switch. Make sure there is a link
light on the hub/switch for both connections. MH-2001 has an embedded web server used for management
and configuration. Use a web browser to display the configurations of MH-2001 (such as Internet Explorer
4(or above) or Netscape 4.0(or above) with full java script support). The default IP address of MH-2001 is
192.168.1.1 with a subnet mask of 255.255.255.0. Therefore, the IP address of the Administrator PC must be
in the range between 192.168.1.2– 192.168.1.254
If the company’s LAN IP Address is not subnet of 192.168.1.0, (i.e. LAN IP Address is 172.16.0.1), then the
Administrator must change his/her PC IP address to be within the same range of the LAN subnet. Reboot
the PC if necessary.
By default, MH-2001 is shipped with its DHCP Server function enabled. This means the client computers on
the LAN network including the Administrator PC can set their TCP/IP settings to automatically obtain an IP
address from the device.
The following table is a list of private IP addresses. These addresses may not be used as a WAN IP address.
10.0.0.0 ~ 10.255.255.255
172.16.0.0 ~ 172.31.255.255
192.168.0.0 ~ 192.168.255.255
STEP 2:
Once the Administrator PC has an IP address on the same network as the Multi-Homing Security Gateway,
open up an Internet web browser and type in http://192.168.1.1 in the address bar.
Apop-up screen will appear and prompt for a username and password. Ausername and password is required
to connect to MH-2001. Enter the default login username and password of Administrator (see below).
Username: admin
Password: admin
Click OK.
- 8 -
MH-2001 Multi-Homing Security Gateway User’s Manual
3.2 Configure WAN 1 interface
After entering the username and password, MH-2001 WebUI screen will display. Select the Interface tab on
the left menu. Click on WAN from the sub-function list, and a sub-function list will be displayed.
Click Modify button to configure WAN NO. 1 and the following page will be displayed.
Alive Indicator Site IP: This feature is used to ping an address for detecting WAN connection status.
Service: ICMP You can select an IP address by Assist, or type an IP address manually.
- 9 -
MH-2001 Multi-Homing Security Gateway User’s Manual
Service: DNS You can select a DNS IP and Domain name by Assist, or type the related data manually.
PPPoE (ADSL User): This option is for PPPoE users who are required to enter a username and password in
order to connect.
Username: Enter the PPPoE username provided by the ISP.
Password: Enter the PPPoE password provided by the ISP.
IP Address provided by ISP:
Dynamic: Select this if the IP address is automatically assigned by the ISP.
Fixed: Select this if you were given a static IP address. Enter the IP address that is given to you by
your ISP.
Max. Upstream/Downstream Bandwidth: The bandwidth provided by ISP.
Service-On-Demand:
The PPPoE connection will automatically disconnect after a length of idle time (no activities). Enter in
the amount of idle minutes before disconnection. Enter ‘0’ if you do not want the PPPoE connection to
disconnect at all.
For Dynamic IP Address (Cable Modem User): This option is for users who are automatically assigned an
IP address by their ISP, such as cable modem users. The following fields apply:
MAC Address: This is the MAC Address of the device. Some ISPs require specified MAC address. If the
required MAC address is your PC’s, click Clone MAC Address.
Hostname: This will be the name assign to the device. Some cable modem ISP assigns a specific
hostname in order to connect to their network, please enter the hostname here. If not
required by your ISP, you do not have to enter a hostname.
Domain Name: You can specify your own domain name or leave it blank.
User Name: The user name is provided by ISP.
Password: The password is provided by ISP.
Max. Upstream/Downstream Bandwidth: The bandwidth provided by ISP.
For Static IP Address: This option is for users who are assigned a static IPAddress from their ISP. Your ISP
will provide all the information needed for this section such as IPAddress, Netmask, Gateway, and DNS.
IP Address: Enter the static IP address assigned to you by your ISP. This will be the public IP address of
the WAN 1 port of the device.
Netmask: This will be the Netmask of the WAN 1 network. (i.e. 255.255.255.0)
Default Gateway: This will be the Gateway IP address.
Domain Name Server (DNS): This is the IPAddress of the DNS server.
Max. Upstream/Downstream Bandwidth: The bandwidth provided by ISP.
Ping: Select this to allow the WAN network to ping the IPAddress of MH-2001 This will allow people from the
Internet to be able to ping MH-2001 WAN IP. If set to enable, the device will respond to echo request packets
from the WAN network.
- 10 -
MH-2001 Multi-Homing Security Gateway User’s Manual
HTTP: Select this to allow the device WebUI to be accessed from the WAN network. This will allow the WebUI
to be configured from a user on the Internet. Keep in mind that the device always requires a username and
password to enter the WebUI.
3.3 Configure WAN 2 interface
If you want to connect WAN 2 to another ISP connection, click Modify button of WAN No. 2 then repeat above
procedures to setup.
3.4 Configure DMZ interface
Depends on your network requirement, you can disable the DMZ port, make DMZ port transparent to WAN 1 or
enable NAT function on it.
To configure the DMZ port, select the Interface tab on the left menu, then click on DMZ, the following page is
shown.
Please refer to Section 2.2 for select the mode you need and configure relative IP parameters.
3.5 Configure Policy
STEP 1:
Click on the Policy tab from the main function menu, and then click on Outgoing (LAN to WAN) from the
sub-function list.
STEP 2:
Click on New Entry button.
STEP 3:
When the New Entry option appears, enter the following configuration:
Source Address – select “Inside_Any”
Destination Address – select “Outside_Any”
Service - select “ANY”
Action - select “Permit, ALL”
Click on OK to apply the changes.
- 11 -
MH-2001 Multi-Homing Security Gateway User’s Manual
STEP 4:
The configuration is successful when the screen below is displayed.
Please make sure that all the computers that are connected to the LAN port have their Default Gateway IP
Address set to MH-2001’s LAN IP Address (i.e. 192.168.1.1). At this point, all the computers on the LAN
network should gain access to the Internet immediately. If MH-2001 filter function is required, please refer to
the Policy section in chapter 7.
- 12 -
MH-2001 Multi-Homing Security Gateway User’s Manual
Chapter 4: System
MH-2001 Administration and monitoring configuration is set by the System Administrator. The System
Administrator can add or modify System settings and monitoring mode. The sub Administrators can only read
System settings but not modify them. In System, the System Administrator can:
1. Add and change the sub Administrator’s names and passwords;
2. Back up all MH-2001 settings into local files;
3. Set up alerts for Hackers invasion.
“System” is the managing of settings such as the privileges of packets that pass through MH-2001 and
monitoring controls. Administrators may manage, monitor, and configure MH-2001 settings. All configurations
are “read-only” for all users other than the Administrator; those users are not able to change any settings for
MH-2001.
4.1 Administration
4.1.1 Admin
Click the System/Administration/Admin on the left menu, and the list of Administrators will display as below.
Define the required fields of Administrator
Admin Name:
The username of Administrators and Sub Administrator for the MH-2001. The admin user name cannot
be removed; and the sub-admin user can be removed or configure.
The default Account: admin; Password: admin
Privilege:
The privileges of Administrators (Admin or Sub Admin). The username of the main Administrator is
Administrator with reading / writing privilege. Administrator also can change the system setting, log
system status, and to increase or delete sub-administrator. Sub-Admin may be created by the Admin by
- 13 -
MH-2001 Multi-Homing Security Gateway User’s Manual
clicking New Sub Admin. Sub Admin have only read and monitor privilege and cannot change any
system setting value.
Configure:
Click Modify to change the “Sub-Administrator’s” password or click Remove to delete a “Sub
Administrator.”
Changing the Main/Sub-Administrator’s Password
Step 1. The Modify Administrator Password window will appear. Enter in the required information:
Password: enter original password.
New Password: enter new password
Confirm Password: enter the new password again.
Step 2. Click OK to confirm password change or click Cancel to cancel it.
Adding a new Sub Administrator
Step 1. In the Add New Sub Administrator window:
Sub Admin Name: enter the username of new Sub Admin.
Password: enter a password for the new Sub Admin.
Confirm Password: enter the password again.
Step 2. Click OK to add the user or click Cancel to cancel the addition.
- 14 -
Other manuals for MH-2001
1
Table of contents
Other Planet Gateway manuals
Planet
Planet VIP-1680 Series User manual
Planet
Planet WPG-100 User manual
Planet
Planet MH-4000 User manual
Planet
Planet IMG-2100T User manual
Planet
Planet WPG-100 User manual
Planet
Planet WSG-500 User manual
Planet
Planet VGW Series User manual
Planet
Planet WIPG-300H User manual
Planet
Planet VGW-402 User manual
Planet
Planet VGW-804 User manual
Planet
Planet LCG-300 Series User manual
Planet
Planet WSG-500 User manual
Planet
Planet VIP 24 Series User manual
Planet
Planet VGW 10 Series User manual
Planet
Planet WPG-110 User manual
Planet
Planet VIP-000 User manual
Planet
Planet IMG-110T User manual
Planet
Planet SKG-300 User manual
Planet
Planet WPG-120 User manual
Planet
Planet IG-100 User manual
