|
Top Top Does SP883 support MAC address authentication and how to configure it?
SP883 supports MAC authentication mechanism. You have to key in the current using computer IP in the LAN address list and clone the MAC address. Add it to the Fix DHCP table. All the later policy configuration, just select this LAN address name for the policy, the MAC will be the authentication basis.
Top Why my SP883 virtual server configuration can not work?
SP883 is a bandwidth controller, so you have to configure the virtual server in policy for management and monitoring. For internal server hosting, you have to configure the incoming policy and the pre-defined virtual server rule will show in the address selection list.
Top I only know that the VPN is a kind of security router. Could you tell me what is VPN and while in the VPN mode is it possible to view/browse the shared document or file from the remote client?
VPN is short for virtual private network, a network that is constructed by using public wires (such as the Internet) as the medium to enable user to create networks for transporting data. It uses encryption and other security mechanisms to ensure that only authorized users can access the network and the data cannot be intercepted. Therefore, the VPN connection across the Internet logically operates as a local area network (LAN) line between the sites.
VPN technology is designed to address issues surrounding the current business trend toward increased telecommuting and widely distributed global operations, where works must be able to connect to central resources and must be able to communicate with each other. The main purpose of a VPN is to give the company the same capabilities as private leased lines at much lower cost by using the shared public infrastructure.
There are two kind of VPN connection:
1. Remote user VPN: Figure 1 below show a VPN connection used to connect a remote user to a corporate intranet.
2. Remote Network VPN: Figure 2 below using a VPN connection to connect two remote sites, for example connection between the branch office router and the corporate router across the Internet.
New VPN tunneling technologies have been introduced in recent years. These newer technologies include PPTP, L2TP and IPSec as described below:
These technologies can be based on either a Layer 2 or a Layer 3 tunneling protocol. PPTP and L2TP are Layer 2 tunneling protocols; both encapsulate the payload in a PPP frame. Layer 3 protocols correspond to the Network layer, and use packets. IPSec tunnel mode is an example of a Layer 3 tunneling protocol.
*Point-to-Point Tunneling Protocol (PPTP): PPTP allows IP, IPX, or NetBEUI traffic to be encrypted, and then encapsulated in an IP header to be sent across a corporate IP internetwork or a public IP internetwork such as the Internet.
*Layer Two Tunneling Protocol (L2TP): L2TP allows IP, IPX, or NetBEUI traffic to be encrypted, and then sent over any medium that supports point-to-point datagram delivery, such as IP, X.25, Frame Relay, or ATM.
*IPSec tunnel mode: IPSec tunnel mode allows IP packets to be encrypted, and then encapsulated in an IP header to be sent across a corporate IP internetwork or a public IP internetwork such as the Internet.
Top I want to use the IPsec VPN on SP881, but we also need to use bandwidth management on SP883 to control VOIP service. Could you tell me the configuration concept between SP881 and SP883?
Yes, you can achieve it by connecting the SP883 bandwidth controller behind SP881VPN firewall. Then, you can use the VPN and bandwidth control feature together in your network.
Firstly, you need to configure SP883 to transparent mode also called the bridge mode, which means that NAT function of the SP883 will be disabled, but the firewall function of SP883 will still be available. The user has to configure the outgoing and incoming policy to allow the packets to pass through the SP883 firewall.
The detail configuration process is as shown below:
• Environment diagram: as photo 1 below.
• Configure SP883 to transparent mode: as photo 2 below.
The IP address of SP883 must be in the same subnet of SP881; the default gateway is the LAN IP of SP881. Then enter the DNS server IP address.
• Go to outgoing policy of SP883 and configure it to allow inside PCs of SP883 to pass through the firewall and reach to the SP881 as photo 3 below.
• Also add the incoming policy in SP883 as photo 4 below to allow the packets come from SP881 to pass through the SP883 to reach to the inside PCs of SP883 as well.
• Configure SP881 as NAT mode as usual.
• Now, the client PCs can connect to the remote VPN site by SP881 VPN router as well as be controlled by the SP883 bandwidth controller and without any problem to accessing to the Internet.
Note: Enable "Ping" and "WebUI" in the LAN and WAN.
Top 
Top If I would like to restrict some and not all of my employees from using the MSN message by using SP883, what should I do?
If you would like to deny the application for a specific user, you can follow the steps as below:
1. Here, using MSN application as an example, go to service ---> Pre-defined (from here, you can see MSN has been pre-defined as photo 1 below, so you don´t need to add the MSN service again.)
But if the application or service you are trying to restrict is not listing here, you have to go to "custom" item and define it by yourself.
2. After service, go to virtual server --> virtual server 1 to configure the virtual server for MSN service and user IP address (using 192.168.1.2 as an example here) as photo 2 below, here you can specify which user you would like to define.
3. After configuring the virtual server, please go to policy --> incoming to deny MSN incoming service as photo 3 below:
Destination address: Please choose the virtual server 1 that you just configured earlier.
4. Now the SP883 will deny the MSN incoming packet for user IP 192.168.1.2.
Top
|
