Manuals / Brands / Household Appliance / Thermostat / Planet Technology / Household Appliance / Thermostat

Planet Technology VRT-311, VRT-311S Using the DMZ Port, Advantages of the DMZ Port

1 147

Download 147 pages, 2.66 Mb

Introduction

Using the DMZ Port

The DMZ port is intended for connection of a server you wish to make available to the public. To use multiple servers, use a standard LAN cable to connect the DMZ port to a normal port on another hub, and connect your servers to the hub.

Please note the following points regarding the DMZ port.

∙Although physically attached to the hub ports, the DMZ port is not part of the built-in hub. It is a separate single port which is isolated from the hub.

∙PCs connected to the DMZ port are on the same LAN segment as PCs connected to the Hub ports. They must use the same IP address range.

∙PCs connected to the DMZ port are NOT visible to PCs on the hub (LAN) ports. So you cannot use Microsoft networking or other networking protocols to connect to PCs on the DMZ. The connection must be made via the Internet.

∙PCs connected to the DMZ port still share the WAN port IP address for Internet access.

∙To make PCs on the DMZ port available from the Internet, the "Virtual Server" (Port Forwarding) feature must be configured to send incoming traffic to the appropriate server.

Advantages of the DMZ Port

If running any Servers on your LAN, you should connect them to the DMZ port, for the following reasons:

∙Traffic passing between the DMZ and LAN passes through the firewall. The firewall will protect your LAN if your Server is compromised and used to launch an attack on your LAN.

∙When using the Virtual Servers feature, (see Virtual Servers in Chapter 6) a firewall rule to allow incoming traffic from the Internet (WAN) to the DMZ is automatically created.

If the Server is connected to the LAN (hub) ports, you must add the firewall rule manually.

7

Contents

Page Page Page Page Introduction Internet Access Features Advanced Internet Functions LAN Features Configuration & Management Security Features IPSec VPN Gateway Features Microsoft VPN Gateway Support Front-mountedLEDs PPPoE Rear Panel Using the DMZ Port Installation 3. Connect WAN Cable 4. Power Up 5. Check the LEDs Setup Preparation Using your Web Browser HTTP://192.168.0.1 If you can't connect ping Figure 7: Password Dialog Admin Login Common Connection Types Other Modems (e.g. Broadband Wireless) Big Pond Cable (Australia) SingTel RAS Home Screen LAN Screen Figure 9: LAN Screen Data - LAN Screen TCP/IP Subnet Mask DHCP PC Configuration TCP/IP Settings - Overview Checking TCP/IP Settings - Windows 9x/ME: Figure 32: Gateway Tab (Win 95/98) Figure 3: DNS Tab (Win 95/98) Checking TCP/IP Settings - Windows NT4.0 Obtain an IP address from a DHCP Server Specify an IP Address Figure 16: Windows NT4.0 - Add Gateway Figure17: Windows NT4.0 - DNS Checking TCP/IP Settings - Windows 2000: Using a fixed IP Address ("Use the following IP Address") Checking TCP/IP Settings - Windows XP Figure21: TCP/IP Properties (Windows XP) Internet Access Macintosh Clients Note: Linux Clients Ensure you are logged in as "root" before attempting any changes Fixed IP Address Operation and Status Data - Status Screen Internet Connection Method Broadband Modem Internet Connection Connection Status - PPPoE Figure23: PPPoE Status Screen Data - PPPoE Screen Connection Physical Address Connect Disconnect Clear Log Refresh Connection Log Messages Connection Status - PPTP Figure24: PPTP Status Screen Data - PPTP Screen PPTP Status Connection Status - Telstra Big Pond Figure25: Telstra Big Pond Status Screen Data - Telstra Big Pond Screen Connection Status Connection Details - SingTel RAS Figure26: Connection Details - SingTel RAS Data - SingTel RAS Screen RAS Plan DNS IP Address DHCP Client Release/Renew Button will display EITHER Connection Details - Fixed/Dynamic IP Address Figure27: Connection Details - Fixed/Dynamic IP Address Data - Fixed/Dynamic IP address Screen Page Internet Features WAN Port Configuration Internet Figure28: WAN Port Configuration Screen Data – WAN Port Configuration Screen Identification IP Address Dynamic IP Address is assigned auto matically Specified Login Login Method PPTP Big Pond Cable SingTel RAS Communication Applications Special Applications Multi-DMZ URL Filter URL Filter Screen Dynamic DNS Screen DDNS Data User Name Password/Key Domain Name DDNS Status IP Address seen by Internet Users Virtual Servers Screen Defining your own Virtual Servers Connecting to the Virtual Servers Security Configuration Figure37: Password Dialog Access Control Screen Data - Access Control Screen Group Group "Members" Button Internet Access Page Group Members Screen Access Control Log Firewall Rules Screen Data Source Action Edit Move Define Firewall Rule Dest IP Log Logs Figure42: Logs Screen Data - Logs Screen Enable Logs Incoming Traffic All IP traffic All TCP/UDP/ICMP traffic Timezone Timezone Syslog Server Enable Syslog Syslog Server Include E-mail Figure43: E-MailScreen Data – E-MailScreen E-MailAlerts Send E-Mailalert E-mailaddress Subject SMTP Server Port No Security Options Figure44: Security Options Screen Data - Security Options Screen Firewall Enable DoS Options Respond to ICMP (ping) Allow VPN pass through Define Schedule Screen Services Figure46: Services Screen Data - Services Screen Available Services Available Services VPN (IPSec) IPSec IKE Policies VPN Configuration VPN Pass-through Client PC to VPN Gateway Connecting 2 LANs via VPN VPN Policies Screen Adding a New Policy Figure52: VPN Wizard – General Screen General Settings Enable Policy Allow NetBIOS traffic Figure53: VPN Wizard - Traffic Selector Screen Local IP addresses Any Single address Range address Remote IP addresses Manual Key Exchange Figure54: VPN Wizard - Manual Key Exchange Screen Manually assigned Keys AH Authentication SPI ESP Encryption Encryption Algorithm Key - In / Key - Out ESP Authentication IKE Phase Figure55: VPN Wizard - IKE Phase 1 Screen IKE Phase 1 (IKE SA) Local Identity WAN IP Address Authentication RSA Signature Pre-shared key Algorithm IKE Phase 2 Screen Figure56: VPN Wizard - IKE Phase 2 Screen IKE Phase 2 (IPsec SA) IPsec SA Life Time IPSec PFS Figure57: VPN Wizard - Final Screen Example 1: Connecting 2 VRT-311 / VRT-311Ss IPSec SA Parameters Example 2: Windows 2000/XP Client to LAN Windows Client Configuration Figure60: Windows 2000/XP - Local Security Settings Figure61: Windows 2000/XP - Policy Properties Figure62: IP Filter List Figure63: Filter Properties: Addressing Figure64: New Rule Properties: IP Filter List Figure65: New Rule Properties: Filter Action Figure66: Require Security Properties Figure67: Modify Security Method Figure68: Require Security Properties VPN Setting Windows Setting Figure69: Tunnel Setting Figure70: Authentication Method Figure71: Windows 2000/XP Client to VRT-311 / VRT-311S Figure72: Windows 2000/XP Client to VRT-311 / VRT-311S Figure73: Filter Properties: Addressing Figure74: Filter List Figure75: Filter Action Figure76: Security Methods Figure77: Modify Security Method Figure78: Tunnel Setting Figure79: Authentication Method Figure80: DUT to Win2K Properties Figure81: Properties - General Tab Figure82: Key Exchange Settings Figure83: Key Exchange Security Methods Figure84: IKE Security Algorithms Figure85: Windows 2000/XP Client to VRT-311 / VRT-311S Configuration is now complete Example 3: Windows 2000 Server to VPN Gateway Windows 2000 Server Configuration Figure87: Windows 2000 Server - Addressing Trusted Certificates Requesting a Trusted Certificate Self Certificates Requesting a Self Certificate Hash Algorithm Signature Algorithm Signature Key Length IP address E-mailAddress Figure93: Upload Self Certificate CRLs To add a New CRL Figure94: Certificate Revocation Lists Figure 95: Upload CRL Status Figure96: VPN Status Screen Data – VPN Status Screen VPN Status Data Rx Microsoft VPN Data – Microsoft VPN Screen PPTP Server Methods Client Database Client Data - Microsoft VPN Client Database Screen Existing Users User List Allow connection Login Name Figure99: Microsoft VPN Status Screen Data - Microsoft VPN Status Screen Server Status Status Current Connec Windows 98/ME Figure102: Windows ME VPN Dialing Properties To establish a connection: Windows Figure105: Windows 2000 VPN Host Figure106: Windows 2000 Connection Availability Figure107: Windows 2000 Finish Wizard Changing the connection settings Windows XP Figure110: Windows XP Connection Name Figure111: Windows XP Public Network Figure112: Windows XP VPN Server Figure113: Windows XP Connection Availability Other Features & Settings Config File Network Diagnostics PC Database Config File Config File Figure114: Config File Screen Data - Config File Screen Backup Config Restore Config Network Diagnostics Network Diagnostics Figure115: Network Diagnostics Screen Data - Network Diagnostics Screen Ping Ping Button PC Database Screen Data - PC Database Screen Known PCs Generate Report Advanced Administration PC Database (Admin) Automatic discovery MAC is Add as New Entry Standard Screen Remote Administration Figure118: Remote Administration Screen Data - Remote Administration Screen Information Information Port Number Allow Remote Access Everyone IP address range Overview Routing Screen Figure119: Routing Screen Data - Routing Screen RIP Enable RIP Static Routing Configuring Other Routers on your LAN Static Routing - Example For Router A's Default Route For Router B's Default Route Upgrade Firmware Figure121: Upgrade Firmware Screen Data – Upgrade Firmware Screen Upgrade Firmware VRT-311 /VRT 311S Password Upgrade File Start Upgrade UPnP Figure122: UPnP Screen Data - UPnP Screen UPnP Enable UPnP Allow Configu ration Allow Internet Troubleshooting Solution 2: Specifications FCC Radiation Exposure Statement