QNO 2WAN 3LAN User manual
English User’s Manual
2
22
2WAN
WANWAN
WAN 3
3 3
3LAN
LANLAN
LAN
VPN
VPN VPN
VPN QoS Security Router
QoS Security RouterQoS Security Router
QoS Security Router
Load Balance, Bandwidth Management, VPN, and Network Security
2WAN 3LAN VPN QoS Security Router
I
Product Manual Using Permit Agreement
[Product Manual (hereafter the "Manual") Using Permit Agreement] hereafter the "Agreement" is
the using permit of the Manual, and the relevant rights and obligations between the users and
no Technology Inc (hereafter " no"), and is the exclusion to remit or limit the liability of no.
The users who obtain the file of this manual directly or indirectly, and users who use the relevant
services, must obey this Agreement.
Important Notice: no would like to remind the users to read the clauses of the "Agreement"
before downloading and reading this Manual. Unless you accept the clauses of this "Agreement",
please return this Manual and relevant services. The downloading or reading of this Manual is
regarded as accepting this "Agreement" and the restriction of clauses in this "Agreement".
【1】Statement of Intellectual Property
Any text and corresponding combination, diagram, interface design, printing materials or
electronic file are protected by copyright of our country, clauses of international copyright and
other regulations of intellectual property. When the user copies the "Manual", this statement of
intellectual property must also be copied and indicated. Otherwise, no regards it as tort and
relevant duty will be prosecuted as well.
【2】Scope of Authority of "Manual"
The user may install, use, display and read this "Manual on the complete set of computer.
【3】User Notice
If users obey the law and this Agreement, they may use this "Manual" in accordance with
"Agreement". If the users violate the "Agreement", no will terminate the using authority and
destroy the copy of this "Manual". The "hardcopy or softcopy" of this Manual is restricted using for
information, non-commercial and personal purpose. Besides, it is not allowed to copy or
announce on any network computer. Furthermore, it is not allowed to disseminate on any media.
It is not allowed to modify any part of the "file". Using for other purposes is prohibited by law and
it may cause serious civil and criminal punishment. The transgressor will receive the accusation
possibly.
【4】Legal Liability and Exclusion
2WAN 3LAN VPN QoS Security Router
II
【4-1】no will check the mistake of the texts and diagrams with all strength. However, no,
distributors, and resellers do not bear any liability for direct or indirect economic loss, data loss or
other corresponding commercial loss to the user or relevant personnel due to the possible
omission.
【4-2】In order to protect the autonomy of the business development and adjustment of no, no
reserves the right to adjust or terminate the software / Manual any time without informing the
users. There will be no further notice regarding the product upgrade or change of technical
specification. If it is necessary, the change or termination will be announced in the relevant block
of the no website.
【4-3】All the set parameters are examples and they are for reference only. You may also purpose
your opinion or suggestion. We will take it as reference and they may be amended in the next
version.
【4-4】This Manual explains the configuration of all functions for the products of the same series.
The actual functions of the product may vary with the model. Therefore, some functions may not
be found on the product you purchased.
【4-5】no reserves the right to change the file content of this Manual and the Manual content
may not be updated instantly. To know more about the updated information of the product, please
visit no official website.
【4-6】no (and / or) distributors hereby declares that no liability will be born for any guarantee
and condition of the corresponding information. The guarantee and condition include tacit
guarantee and condition about marketability, suitability for special purposes, ownership, and
non-infringement. The name of the companies and products mentioned may be the trademark of
the owners. no (and/or) the distributors do not provide the product or software of any third
party company. Under any circumstance, no and / or distributors bear no liability for special,
indirect, derivative loss or any type of loss in the lawsuit caused by usage or information on the
file, no matter the lawsuit is related to agreement, omission, or other tort.
【5】Other Clauses
【5-1】The potency of this Agreement is over any other verbal or written record. The invalidation
of part or whole of any clause does not affect the potency of other clauses.
【5-2】The power of interpretation, potency and dispute are applicable for the law of Taiwan. If
there is any dissension or dispute between the users and no, it should be attempted to solve by
consultation first. If it is not solved by consultation, user agrees that the dissension or dispute is
brought to trial in the jurisdiction of the court in the location of no. In Mainland China, the "China
International Economic and Trade Arbitration Commission" is the arbitration organization.
2WAN 3LAN VPN QoS Security Router
III
Content
I. Introduction.................................................................................................................................................1
II. Hardware Installation...............................................................................................................................2
2.1 VPN oS Router LED Signal ................................................................................................................... 2
2.2 VPN oS Router Network Connection ................................................................................................ 3
III. Quick Configuration................................................................................................................................5
3.1 Login and Set Up........................................................................................................................................ 5
3.2 Home Page.................................................................................................................................................... 5
3.2.1 System Information.........................................................................................................................5
3.2.2 Port Statistics.....................................................................................................................................6
3.2.3 General Setting Status ...................................................................................................................7
3.2.4 Advanced Setting Status ...............................................................................................................8
3.2.5 Firewall Setting Status ...................................................................................................................8
3.2.6 VPN Setting Status ..........................................................................................................................9
3.3 General Setting ........................................................................................................................................... 9
3.3.1 Configure .............................................................................................................................................9
3.3.2 Dual WAN ..........................................................................................................................................14
3.3.3 oS ......................................................................................................................................................21
3.3.4 Password............................................................................................................................................29
3.3.5 Time.....................................................................................................................................................30
IV. Advanced Configuration........................................................................................................................33
4.1 DMZ Host-(Demilitarized Zone).......................................................................................................... 33
4.2 Forwarding .................................................................................................................................................. 34
4.3 UPnP- (Universal Plug and Play)......................................................................................................... 37
4.4 Routing......................................................................................................................................................... 39
4.5 One-to-One NAT ....................................................................................................................................... 40
4.6 DDNS- Dynamic Domain Name Service .......................................................................................... 42
4.7 MAC Clone................................................................................................................................................... 44
4.8 DHCP IP Issuing Server ......................................................................................................................... 45
4.8.1 Dynamic IP........................................................................................................................................45
4.8.2 IP & MAC Binding............................................................................................................................46
4.8.3 DNS & WINS Server ......................................................................................................................49
4.8.4 DHCP Status.....................................................................................................................................49
V. Tool Configuration...................................................................................................................................51
5.1 Diagnostic ................................................................................................................................................... 51
2WAN 3LAN VPN QoS Security Router
IV
5.2 Restart.......................................................................................................................................................... 52
5.3 Return to Factory Default Setting ...................................................................................................... 52
5.4 Firmware Upgrade.................................................................................................................................... 53
5.5 Setting Backup .......................................................................................................................................... 54
VI. Firewall Configuration ..........................................................................................................................56
6.1 General Settings ....................................................................................................................................... 56
6.2 Access Rule................................................................................................................................................. 58
6.2.1 Add a new Rule ...............................................................................................................................61
VII VPN Configuration.....................................................................................................................63
7.1 Display All VPN Summary ..................................................................................................................... 63
7.2 Gateway to Gateway VPN ..................................................................................................................... 66
7.2.1 Tunnel Setup ....................................................................................................................................67
7.2.2 IPSec Setup ......................................................................................................................................75
7.2.3 VPN Advanced..................................................................................................................................78
7.3 Client to Gateway & Group VPN ......................................................................................................... 79
7.4 PPTP Setting............................................................................................................................................... 81
7.5 VPN Pass Through .................................................................................................................................... 83
VIII. QVM VPN Function Setup.................................................................................................................85
IX. Log Configuration..................................................................................................................................87
9.1 System Log................................................................................................................................................. 87
9.2 System Statistics...................................................................................................................................... 89
9.3 Traffic Statistic........................................................................................................................................... 90
9.4 Specific IP/ Port Status .......................................................................................................................... 92
X. Logout.......................................................................................................................................................96
Appendix I: VPN setting Sample.................................................................................................................97
Appendix II:
::
:Qno Technical Support Information................................................................................101
2WAN 3LAN VPN QoS Security Router
1
I. Introduction
2 WAN 3 LAN VPN oS Router (referred as VPN oS Router hereby) is a small business,
local branch, and government and school department level router that high efficiently
integrates full function VPN oS Router with well worth it's value. This VPN oS Router has
two WAN ports and also provides high proformance dual-line Intelligent Load Balancing which
supports exteral connections of WAN prot. Besides, Internet connection capacity is satisfied
with the spec. of most bandwidth marketing. Moreover, the second WAN port can be a
configurable hardware DMZ port. In addition, VPN oS Router has 3 10/100 Bazs-T/TX
Ethernet (RJ45) Switch ports, each of which can connect extra switches to connect more
Internet devices.
To fulfill the requirement for self defense of most enterprise against from the Internet
network attack, our VPN oS Router has firewall system embedded. In addition to include
NAT, it has DoS (Denial of Service), and SPI (Stateful Packet Inspection). Also it could use the
default setting to automatically detect the Internet network attack.
And, no is a supporter of the IPSec Protocol. IPSec VPN provides DES(56bit),
3DES(168bit), MD5 & SHA certification. VPN oS Router also has unique VM VPN-
SmartLink IPSec VPN. Just input VPN server IP, user name, and password, and IPSec VPN will
be automatically set up. Through VPN oS Router exclusive VM function, users can set up
VM to work as a server, and have it accept other VM series products from client ports.
VPN oS Router also has unique VM VPN- SmartLink IPSec VPN. Just input VPN server
IP, user name, and password, and IPSec VPN will be automatically set up. Through VPN oS
Router exclusive VM function, users can set up VM to work as a server, and have it accept
other VM series products from client ports. VM offers easy VPN allocation for users; users
can do it even without a network administrator. VPN oS Router enables enterprises to
benefit from VPN without being troubled with technical and network management problems.
The central control function enables the host to log in remote client computers at any time.
Security and secrecy are guaranteed to meet the IPSec standard, so as to ensure the
continuity of VPN service.
NAT (Network Address Translation) can do Private IP and Public IP exchange, which you
can only need one Public IP but many people could go to the Internet at the same time.
Besides, it includes virtual NAT application function, which makes the network environment
more flexible and easier to manage.
Through web- based UI, VPN oS Router enables enterprises to have their own network
access rules . To control web access, users can build and edit filter lists. It also enables users
to ban or monitor websites according to their needs. By the filter setting and complete OS
management, school and business internet management will be clearly improved. VPN oS
Router offers various on-line SysLog records. It supports on-line management setup tools; it
makes setting up networks easy to understand. It also reinforces the management of
network access rules, VPN, and all other network services.
2WAN 3LAN VPN QoS Security Router
2
II. Hardware Installation
In this chapter we are going to introduce hardware interface as well as physical
installation.
2.1 VPN oS Router LED Signal
LED Signal Description
LED Color Description
Power Green Green LED on: Power ON
DIAG Amber
Amber LED on: System self-test is running.
Amber LED off: System self-test is completed
successfully.
Link/Act
(Green light at the
right of the port)
Green Green LED on: Ethernet connection is fine.
Green LED blinking: Packets are transmitting through
Ethernet port.
100M- Speed
(Amber light at the
left of the port)
Amber
Green LED on: Ethernet is running at 100Mbps.
Green LED off: Ethernet is running at 10Mbps.
Connect Green Green LED on: WAN is connected and gets the IP address.
Reset
Action Description
Press Reset Button For 5 Secs Warm Start
DIAG indicator: Amber LED flashing slowly.
Press Reset Button Over 10 Secs
Factory Default
DIAG indicator: Amber LED flashing quickly.
System Built-in Battery
A system timing battery is built into VPN oS Router. The lifespan of the battery is about
1~2 years. If the battery life is over or it can not be charged, VPN oS Router will not be able
to record time correctly, nor synchronize with internet NTP time server. Please contact your
system supplier for information on how to replace the battery.
Attention!
Do not replace the battery yourself; otherwise irreparable damage to the product may
be caused.
Installing VPN oS Router on a Standard 19” Rack
2WAN 3LAN VPN QoS Security Router
3
We suggest to either place VPN oS Router on a desk or install it in a rack with attached
brackets. Do not place other heavy objects together with VPN oS Router on a rack.
Overloading may cause the rack to fail, thus causing damage or danger.
Each VPN oS Router comes with a set of rack installation accessories, including 2 L-
shaped brackets and 8 screws. Users can rack- mount the device onto the chassis. Please
refer to the figure below for the installation onto a 19” rack:
Attention!
In order for the device to run smoothly, wherever users install it, be sure not to obstruct
the vent on each side of the device. Keep at least 10cm space in front of both the vents for
air convection.
2.2 VPN oS Router Network Connection
WAN connection :A WAN port can be connected with xDSL Modem, Fiber Modem,
Switching Hub, or through an external router to connect to the Internet.
LAN Connection: The LAN port can be connected to a Switching Hub or directly to a PC.
2WAN 3LAN VPN QoS Security Router
4
Users can use servers for monitoring or filtering through the port after “Physical Port
Mangement” configuration is done.
DMZ : The DMZ port can be connected to servers that have legal IP addresses, such as Web
servers, mail servers, etc.
2WAN 3LAN VPN QoS Security Router
5
III. uick Configuration
In this chapter we are going to introduce software setting interface, explaining the
message of home page as well as basic connection setting.
3.1 Login and Set Up
VPN oS Router default username and password are both “admin”. Users can change the
login password in the setting later.
Attention!
For security, we strongly suggest that users must change password after login. Please
keep the password safe, or you can not login to VPN oS Router. Press Reset button for
more than 10 sec, all the setting will return to default.
3.2 Home Page
In the Home page, all the device parameters and status are listed for users’ reference. For
detailed settings, click each parameter or status hyperlink below: the relevant set-up tab will be
loaded for users to choose their management options.
3.2.1 System Information
2WAN 3LAN VPN QoS Security Router
6
Serial No
This number is the device serial number.
Firmware version
Information about the device present software version.
CPU (Central Processing Unit)
Indicates the device CPU model No.: Intel IXP425-533MHz
System active time:
Indicates how long the device has been running.
Current Time:
Indicates the device present time, but you have to pay attention to set the synchronous
time with that of the romote NTP server, and then the time will be shown correctly.
3.2.2 Port Statistics
2WAN 3LAN VPN QoS Security Router
7
The current port setting status information will be shown in the Port Status Table. Examples:
Network connection, port (on or off), priority (high or normal), connection speed (10Mbps or
100Mbps), duplex status (half-duplex or full duplex), and auto negotiation (Enabled or Disabled).
3.2.3 General Setting Status
LAN IP:
Indicates the LAN port current IP configuration. The default IP is 192.168.1.1. Click the
hyperlink to enter and manage the configuration.
WAN 1 IP:
Indicates the WAN1 current IP configuration. Click the hyperlink to enter and manage the
configuration. When “Obtain an IP automatically” is selected, two buttons (Release and
Renew) will appear on the right of the page. Click “Release” to release the IP that is issued by
the ISP, and click “Renew” to refresh the IP that is issued by the ISP. If a WAN connection,
such as PPPoE or PPTP, is selected, “Disconnect” and “Connect” will appear on the page.
WAN 2/DMZ IP:
Indicates the WAN2 or DMZ current IP configuration. Click the hyperlink to enter and
manage the configuration.
Default Gateway:
Indicates the current Gateway IP configuration. Click the hyperlink to enter and manage
the configuration.
DNS:
Indicates the current DNS IP configuration. Click the hyperlink to enter and manage the
2WAN 3LAN VPN QoS Security Router
8
configuration.
3.2.4 Advanced Setting Status
DMZ Host:
Indicates if DMZ is activated. Click the hyperlink to enter and manage the configuration.
The default configuration is “Disabled”.
Working Mode:
Indicates the the device current operation mode (either Gateway mode or Router mode).
Click the hyperlink to enter and manage the configuration. The default operation mode is
Gateway mode.
DDNS (Dynamic Domain Name Service):
Indicates if Dynamic Domain Name is activated. Click the hyperlink to enter and manage
the configuration. The default configuration is “Off”.
3.2.5 Firewall Setting Status
SPI (Stateful Packet Inspection):
Indicates whether SPI (Stateful Packet Inspection) is on or off. Click the hyperlink to
enter and manage the configuration. The default configuration is “Off”.
DoS (Denial of Service):
Indicates if DoS attack prevention is activated. Click the hyperlink to enter and manage
the
configuration. The default configuration is “Off”.
Block WAN Request:
Indicates that denying the connection from Internet is activated. Click the hyperlink to
2WAN 3LAN VPN QoS Security Router
9
enter and manage the configuration. The default configuration is “Off”.
Remote Management:
Indicates if remote management is activated (on or off). Click the hyperlink to enter and
manage the configuration. The default configuration is “Off”.
3.2.6 VPN Setting Status
VPN Summary:
Indicates VPN configuration status. Click the hyperlink to enter and manage the
configuration.
Tunnel(s) Used:
Indicates number of tunnels that have been configured in VPN (Virtual Private
Network).
Tunnel(s) Available:
Indicates number of tunnels that are available for VPN (Virtual Private Network).
3.3 General Setting
General Setting provides basic VPN oS Router Internet connection setting. For most users,
it’s enough to go to Internet after making basic setting without doing any changes. However, to
connect Internet still needs some ISPs to provide advanced detail information. Therefore, please
refer to the following explaination of the detail setting.
3.3.1 Configure
2WAN 3LAN VPN QoS Security Router
10
Host Name and Domain Name
Device name and domain name can be input in the two boxes. Though this configuration
is not necessary in most environments, some ISPs in some countries may require it.
LAN Setting
This is configuration information for the device current LAN IP address. The default
configuration is 192.168.1.1 and the default Subnet Mask is 255.255.255.0. Now it can
support to the IP Class C network and also it can be changed according to the actual network
structure.
Dual-WAN / DMZ Setting
It provides a configurable WAN 2 or DMZ port. First, choose this port as the second WAN
port or define it as DMZ mode, and then keep doing the following setting.
DMZ Setting
For some network environments, an independent DMZ port may be required to set up
externally connected servers such as WEB and Mail servers. Therefore, the device supports
a set of independent DMZ ports for users to set up connections for servers with real IPs. The
2WAN 3LAN VPN QoS Security Router
11
DMZ ports act as bridges between the Internet and LANs.
Subnet:
The DMZ and WAN located in different Subnets
For example: If the ISP issued 16 real IP addresses: 220.243.230.1-16 with Mask
255.255.255.240, users have to separate the 16 IP addresses into two groups: 220.243.230.1-8
with Mask 255.255.255.248, and 220.243.230.9-16 with Mask 255.255.255.248 and then set the
device and the gateway in the same group with the other group in the DMZ.
Range:
DMZ and WAN within same Subnet
IP Range for DMZ port: Put IP range in DMZ port.
After the changes are completed, click “Apply” to save the configuration, or click “Cancel"
to leave without making any changes.
2WAN 3LAN VPN QoS Security Router
12
WAN Connection Type
Obtain an IP automatically
This mode is often used in the connection mode to obtain an automatic DHCP IP. This is the
device system default connection mode. It is a connection mode in which DHCP clients obtain an
IP address automatically, which is often applied in Cable Modem or DHCP Client connection mode,
etc. If having a different connection mode, please refer to the following introduction for selection
of appropriate configurations. Users can also set up their own DNS IP address (Use the Following
DNS Server Address). Check the options and input the user-defined DNS IP addresses.
Static IP
If ISP issue a static IP (such as one IP or eight IPs, etc.), please select this connection mode
and follow the steps below to input the IP numbers issued by ISP into the relevant boxes.
Attention: Even if ISP offers a static IP address, it might be an automatic mode to
obtain a DHCP IP or to obtain a PPPoE dial-up IP. Although the IP address obtained will be
the same each time, users still must select the correct connecting mode!
2WAN 3LAN VPN QoS Security Router
13
Specify WAN
IP address:
Input the available static IP address issued by ISP.
Subnet Mask:
Input the subnet
mask of the static IP address issued by ISP, such
as:
Issued eight static IP addresses: 255.255.255.248
Issued 16 static IP addresses: 255.255.255.240
Default
Gateway
Address:
Input the default gateway issued by ISP. For ADSL users, it is
usually an ATU-
R IP address. As for optical fiber users, please input
the optical fiber switching IP.
Domain Name
Server (DNS):
::
:
Input the DNS IP address issued by ISP. At least one IP group
should be input. The maximum acceptable is two IP groups.
Point-to-Point Protocol over Ethernet
This option is for an ADSL virtual dial-up connection (suitable for ADSL PPPoE). Input the user
connection name and password issued by ISP. Then use the PPP Over-Ethernet software built into
the device to connect with the Internet. If the PC has been installed with the PPPoE dialing
software provided by ISP, remove it. This software will no longer be used for network connection.
2WAN 3LAN VPN QoS Security Router
14
User Name: Input the user name issued by ISP.
Password Input the password issued by ISP.
Connect on
Demand:
This function enables the auto-
dialing function to be used in a
PPPoE dial connection. When the client port attempts to
connect with the Internet, the device will automatically make a
dial connection. If the line has been idle for a period of time,
the system will break the connection automatically. (The
default time for automatic break-
off resulting from no packet
transmissions is five minutes).
Keep Alive: This function enables the PPPoE dial connection to keep
connected, and to automatically redial if the line is
interrupted. It also enables a user to set up a time for
redialing. The default is 30 seconds.
After the changes are completed, click “Apply” to save the configuration, or click
“Cancel" to leave without making any change.
3.3.2 Dual WAN
If you have chosen the second WAN, then you can employment this setting.
Network Service Detection
2WAN 3LAN VPN QoS Security Router
15
Network Service Detection System:
This is a detection system for network external services. If this option is selected,
information such “Retry Count” or “Retry Timeout” will be displayed. If two WANs
are used for external connection, be sure to activate the NSD system, so as to avoid
any unwanted break caused by the device misjudgment of the overload traffic for the
WAN.
Retry Count: This selects the retry times for network service detection. The
default is five times. If there is no feedback from the Internet in
the configured “Retry Times", it will be judged as “External
Connection Interrupted”.
Retry Timeout: Delay time for external connection detection latency. The default
is 30 seconds. After the retry timeout, external service detection
will restart.
When Fail: (1) Generate the Error Condition in the System Log: If an ISP
connection failure is detected, an error message will be
recorded in the System Log. This line will not be removed;
therefore, the some of the users on this line will not have
normal connections.
This option is suitable under the condition that one of the WAN
Table of contents
Other QNO Network Router manuals
Popular Network Router manuals by other brands
Alcatel
Alcatel SpeedTouch 610 Management guide
Cisco
Cisco CISCO871-K9 - 871 Integrated Services Router Hardware installation guide
Mec
Mec Empower Broadband Calix GigaCenter quick start guide
Bicom Systems
Bicom Systems officeBOX M1000 installation guide
Gateway
Gateway Wireless Broadband Router none user guide
Cisco
Cisco 7200 VXR Series user manual
GreatSpeed
GreatSpeed GS-R250S Plus/Duo installation guide
MB Connect Line
MB Connect Line mbNET Series manual
GRASS VALLEY
GRASS VALLEY 8900NET - datasheet
Acopia Networks
Acopia Networks ARX 1000 Hardware installation guide
Zhone
Zhone 6388 6388-A1-XXX Specification manual
Allied Telesis
Allied Telesis AR400 Series How to configure