Académique Documents
Professionnel Documents
Culture Documents
第 1 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Table of Contents
1. Introduction .................................................................................................................................................... 5
2. Main features:................................................................................................................................................. 7
Hardware...............................................................................................................11
QVM1000 Front Panel.........................................................................................11
LED Status ..........................................................................................................11
Reset Button........................................................................................................11
Replacing a Lithium Battery ..................................................................................12
Connecting the QVM1000 to your Network ...........................................................13
4. How To Manage QVM1000........................................................................................................................... 15
Login .....................................................................................................................15
Home.....................................................................................................................15
Port Statistics ........................................................................................................16
General Setting Status ..........................................................................................18
Advanced Setting Status .......................................................................................18
Firewall Setting Status...........................................................................................19
VPN Setting Status................................................................................................19
Log Setting Status: ................................................................................................20
General Setting .....................................................................................................20
Configure .............................................................................................................21
Multi WAN ...........................................................................................................27
Quality of Service (QoS)......................................................................................35
Password.............................................................................................................39
Time ....................................................................................................................40
Advanced Setting ..................................................................................................43
DMZ Host-(Demilitarized Zone) ...........................................................................43
Forwarding ..........................................................................................................43
UPnP ...................................................................................................................47
Routing ................................................................................................................48
One-to-One NAT .................................................................................................50
DDNS ..................................................................................................................52
MAC Clone ..........................................................................................................54
DHCP ..................................................................................................................55
第 2 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Setup ...................................................................................................................55
Status ..................................................................................................................62
Tool .......................................................................................................................63
SNMP ..................................................................................................................63
Diagnostic............................................................................................................64
Restart.................................................................................................................65
Factory Default ....................................................................................................66
Firmware Upgrade...............................................................................................68
Setting Backup ....................................................................................................69
Port Management..................................................................................................70
Port Setup ...........................................................................................................70
Port Status...........................................................................................................71
Firewall..................................................................................................................72
General................................................................................................................72
Access Rules.......................................................................................................73
Content Filter .......................................................................................................77
VPN.......................................................................................................................80
Summary .............................................................................................................80
Add New Tunnel ..................................................................................................83
Gateway to Gateway ...........................................................................................83
Client to Gateway ................................................................................................91
PPTP .................................................................................................................102
VPN Pass Through............................................................................................103
QVM Server ........................................................................................................104
Setup...................................................................................................................104
Status ..................................................................................................................105
Log ......................................................................................................................106
System Log .......................................................................................................106
System Statistics ...............................................................................................109
Traffic Statistic: ..................................................................................................110
Traffic Statistic: ..................................................................................................112
Logout .................................................................................................................113
5. Troubleshooting ..........................................................................................................................................114
6. FAQ...............................................................................................................................................................114
第 3 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
第 4 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
1. Introduction
QVM1000 is an advanced SME level Firewall router with cost efficient superiority and high performance
features, In order to satisfy the needs of enterprise users, this product offers the feature of a 16-port
port-based QoS switch with the speed of 10/100 Mbps and the ability to connect to the Internet as well.
QVM1000 not only provides a DMZ port for firewall security but also four WAN ports with Intelligent
Banancer (Auto Mode), and IP Group by Users to enhance high quality network performance.
In order to accommodate the environment with high security integrated firewall functionality; QVM1000
has a built-in Intel IXP 425 CPU with 533 MHz to improve the network performance. The product provides
built-in advanced firewall with the speed up to 100 Mbps and IPsec VPN with DES/3DES/AES encryption.
The QVM1000’s VPN can establish 200 VPN connections and provide up to 70 Mbps performance with
3DES encryption. Therefore, QVM1000 can overtake the specification of high level products no matter in its
functionalities and practical use.
QVM1000 IPSec VPN can be used in the office, branch office or for remote user. This product provides
an secure encryption method, including 168 bit Data Encryption Standard (3DES), 56 bit Data Encryption
Standard (DES), 128/192/256 bit Data Encryption Standard(AES),and AH/ESP protocols. QVM1000 support
three types of VPN, Gateway To Gateway, Client To Gateway and Group VPN, for branch offices or remote
clients to transfer important data.
QVM1000 also provide an easier, simpler and faster functionality called QVM (Qno VPN management) to
establish virtual private tunnel. This feature also enhances the connection mechanism by providing the VPN
backup. Once one connection is disconnection, it will switch to the other connection to ensure the
connection is always connected.
QVM1000 has an advanced built-in Firewall and is capable of blocking most Internet attacks with Stateful
Packet Inspection (SPI), mainly working at the network layer. By executing dynamic inspections on each
connection, SPI has alert functions for application programs to preset automatic detections and deny and
block nonstandard protocol connections. QVM1000 also supports Network Address Translation (NAT) and
Routing making Internet environment and infrastructure more flexible and easier to plan and manage.
Content Filtering allows enterprises to make internal access rules. The Web-based UI can add and delete
the filtering list for administrators to choose what types of websites to allow, deny, record, or monitor. By
doing so, schools and enterprises can have specific Internet management strategies and make filtering
settings by themselves. With the thorough OS management kernel, QVM1000 provides diverse SysLog,
supports on-line management setting tools and the easy-to-understand Internet configurations, and
enhances the management of all security and VPN polices and other services.
第 5 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
QVM1000 can fully ensure the security of various types of branch offices and communications among
terminals and avoid the increasing stealth and sabotage of commercial secrets. Using the independent OS
console, end users without professional Internet knowledge can easily set up and configure the router and
configure and manage the QVM1000 Firewall through the Web browsers like IE or Netscape.
第 6 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
2. Main features:
Product Features
Network Connection:
One IP address to access the Internet over your entire network
Multi-WAN
Intelligent Balancer (Auto Mode)
Protocol Binding
Quality of Service(QoS)
TCP/IP
DHCP Server(support class B),DHCP client, dynamic IP, static IP support
PPPoE
DNS Relay
ARP
ICMP
FTP/TFTP
Port-based QoS
第 7 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Routing protocol:
Dynamic routing RIP 1,RIP 2 , Static routing support
Network management:
Comprehensive web based management and policy setting
Firewall:
Stateful Packet Inspection Firewall
VPN:
Support IPSec VPN 3DES Throughput 70Mbps UP.
第 8 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Other features:
Virtual Server –Port Forwarding.
Port-Triggering Support
UPnP Support
DDNS/3322/DtDNS Support
Performance:
Firewall Throughput: 100Mbps
Hardware Spec:
CPU: Intel IXP425- 533MHz RISC
SDRAM :128Mbyte
Ethernet Standards:
IEEE 802.3 10Base-T
第 9 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
LED Display:
System: Power, DIAG
Working Environment:
Operating Temperature: 00 ~ 450C (320 ~ 1130F)
Safety Certification:
EMI/EMC: FCC Class A
Dimension:
13” (L) x 9” (W) x 1.75” (H) Inch
Power Supply:
Internal: AC100~240V /50~60Hz
Installation Method:
Desktop
第 10 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
LED Status
LED Color Description
Power Green Green On: Power On
Reset Button
Action Description
Warm Reset
Push button for 4 seconds
DIAG LED : Orange blinking slowly
第 11 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
to 2 years. When the battery is out of use or beyond the lifetime, QVM1000 can not correctly record the time or
synchronize the time of NTP time server on the Internet. Users need to contact with your vendor to replace a new
battery.
You can set the Router on a desktop, install it in a rack with attached brackets, or mount it on the wall.
Do not place excessive weight on top of the chassis that could damage the chassis.
as below.
After attaching those accessories to the router, users can rack-mount it, as shown bellow.
第 12 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Figure 1: Multi-WAN
Figure 2: DMZ
The Router is a network device that connects two networks together.
Set up WAN connection: WAN port can be connected to an xDSL modem, hub, and switch or to a router.
第 13 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Set up LAN connection: LAN port can be connected to a hub, switch or to a computer directly.
Set up DMZ port: it can be connected to the public servers, such as Web and Mail servers.
Connect the power cord into a power outlet and the power port on the rear panel of QVM1000, and QVM1000 runs a
第 14 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Enter User Name and Password in the blank area, and then click ‘OK’ button.
The QVM1000 4WAN QoS VPN Management Router's default User Name and Password is ‘admin’ when you first power
up the Route. Users can change the settings later. We strongly recommend users to change the Password!!
Home
The Home screen displays the router’s current status and settings. This information is read only. If you click the button
with underline, it will hyperlink to related setup pages. It also shows the language version (English/Simple
Chinese). Click on the button and it will switch to the language version users choose. The button with green color
shows the current language version.
System Information
第 15 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Serial Number:
It shows the serious number of QVM1000.
Firmware version:
It shows the current firmware version of QVM1000.
CPU:
It shows that the CPU for QVM1000 is Intel IXP425-533MHz.
DRAM:
It shows that the DRAM for QVM1000 is 128MB.
Flash:
It shows that the Flash for QVM1000 16MB.
Current time:
It shows current time. There is one thing that should be noticed. Users should correctly synchronize the time with a
remote NTP server and QVM1000 will show the exact time.
Port Statistics
Users can click the port number from port diagram to see the status of the selected port. Once the port is disabled, its
color will turn into red. In Summary table, it shows the setting of the port selected by users, such as Type, Link
Status(up or down), Port Disable(on or off), Priority (High or Normal), Speed Status(10Mbps or 100Mbps), Duplex
Status(half or full), and Auto negotiation(Enabled or disabled). In Statistics table, it shows the port receive/transmit
packet count/packet byte count and Port Packet Error Count of the selected port.
第 16 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
第 17 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
LAN IP: It shows the current IP Address of the Router, as seen by internal users on the Internet, and hyperlinks to LAN
Setting in General Setting page. The default value is 192.168.1.1.
WAN1~4 IP: It shows the current WAN IP Address of the Router, as seen by external users on the Internet and
hyperlinks to WAN Connection type in General Setting page.
When users select Obtain an IP automatically and it shows two buttons, Release and Renew. Users can click Release
button to release the IP that users have already got and click Renew button to update the DHCP Lease Time or get a
new IP. When users select PPPoE or PPTP, and it shows Connect / Disconnect.
DMZ IP: It shows the current DMZ IP address, as seen by external users on the Internet and hyperlinks to DMZ Setting
in General Setting page.
Default Gateway: It shows the Default Gateway for WAN 1~4 ports.
DNS: It shows all DNS Server Addresses and hyperlinks to WAN Connection Type in General Setting page.
QoS: It shows the QoS used in WAN1~4 and hyperlinks to QoS in General Setting page.
Advanced Setting Status
DMZ Host: It shows DMZ Private Address and hyperlinks to DMZ Host in Advanced Setting page. The default is
disabled.
Working Mode: It shows the Gateway or Router Mode and hyperlinks to Dynamic Routing in Advanced Setting page.
第 18 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
DDNS (WAN1~4): It shows the status (Enable / Disable) and hyperlinks to DDNS in Advanced Setting page. The
default is disabled.
SPI (Stateful Packet Inspection): It shows the status (On/Off) and hyperlinks to the General in Firewall page. The
default is On.
DoS (Denial of Service): It shows the status (On/Off) and hyperlinks to the General in Firewall page. The default is
On.
Block WAN Request: It shows the status (On/Off) and hyperlinks to the Block WAN Request in Firewall page. The
default is On.
Remote Management: It shows the status (On/Off) and hyperlinks to the remote Management in Firewall page. The
default is Off.
VPN Summary: It contains related information of VPN functionalities and hyperlinks to VPN page
Tunnel(s) Used: It shows the number of Tunnels Used.
Current Connected (The Group Name of GroupVPN1) users: It shows the number of the Group VPN1 used currently.
Current Connected (The Group Name of GroupVPN2) users: It shows the number of the Group VPN2 used currently
PPTP server: It shows the status (Disabled/Enabled) of PPTP server and hyperlinks to PPTP page.
第 19 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
1. If you have not set up the mail server in Log page, it shows “E-mail cannot be sent because you have not specified
2. If you have set up the mail server but the log has not been shown due to Log Queue Length and Log Time Threshold
3. If you have set up the mail server and the log has been sent to the mail server, it shows “E-mail settings have been
4. If you have set up the mail server and log can not be sent to mail sever successfully, it shows “E-mail cannot be sent
General Setting
The General Setting screen contains all of the router’s basic setup functions. For most users, the default values for the
device should be satisfactory. The device can be used in most network settings without changing any of the values. Some
users will need to enter additional information in order to connect to the Internet through an ISP (Internet Service Provider)
or broadband (DSL, cable modem) carrier. Detailed settings will be shown as follows.
第 20 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Configure
Configure
Host Name & Domain Name: Enter a host and domain name for the Router. Some ISPs (Internet Service
Providers) may require these names as identification, and these settings can be obtained from your ISP. In most cases,
LAN Setting
This is the Router’s LAN IP Address and Subnet Mask. The default value is 192.168.1.1 for IP address and
255.255.255.0 for the Subnet Mask. Click on Add/Edit button to setup up to 5 groups of Multiple Subnet.
第 21 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Save setting: Click on the Save setting button to save the settings.
Cancel changes: Click on the Cancel Changes button to undo the change.
第 22 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
WAN Setting
Please choose how Users can choose from 2~ 4 and the interface in the following table will be changed
many WAN ports you automatically according to your WAN number setting here.
prefer to use
Interface: It will display how many WAN ports are shown here. The default is four WAN
ports.
Connection Type There are four connection type shown as follows.
Obtain an IP automatically; Static IP; PPPoE (Point-to-Point Protocol over
Ethernet); PPTP (Point-to-Point Tunneling Protocol):
Config: Click on the Edit with underline in Config. Column to edit the WAN settings of the
selected WAN port. If users change the number of WAN ports and click Edit in the
Cofig. Column to edit the WAN connection, the confirm message will show. Users
have to save settings for the change or cancel the settings. Make sure the network
configuration match with the settings. It shows “Undefined” in Connection Type if
users have not edited the WAN settings of the selected WAN port.
Obtain an IP automatically: If your ISP is running a DHCP server, select Obtain an IP automatically option. Your ISP
will assign these values, includes DNS Server automatically. Or users can check the box of Use the Following DNS
Server Addresses, and enter the specific DNS Server IP address. Multiple DNS IP Settings are common. In most cases,
the first available DNS entry is used.
第 23 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Use the Following DNS Enter the specific DNS Server IP.
Server Address:
Domain Name Server (DNS): Enter the specific DNS IP address. Please enter at least one specific
DNS IP address.
Static IP:
If users’ local ISP provides some specific IP address, select Static IP. Users can get this information from local ISP.
Notes: Some ISP will provide one static IP address by DHCP server or PPPoE connection. Although users can get
the same IP address, users should still choose appropriate WAN connection type!
Subnet Mask: Enter the specific Subnet Mask by ISP. For example:
Default Gateway IP Address: Enter the specific Gateway IP address by ISP. If ADSL is used, It will
be the IP address of ATU-R.
第 24 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Domain Name Server (DNS): Enter the specific DNS IP address. Please enter at least one specific
DNS IP address.
connect to the Internet through QVM1000. If users have already the PPPoE dial-up software provided by ISP, please
remove it.
Keep Alive: If you select Keep Alive option, the Router will keep the connection
alive by sending out a few data packets at Redial Period, so your
Internet service thinks that the connection is still alive. The default is
30 seconds.
This connection type will be used for PPTP. Enter the User Name and Password and then connect to the Internet through
第 25 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Specify WAN IP Address: Enter the specific WAN IP address provided by ISP.
Default Gateway Address: Enter the specific Gateway IP address by ISP. If ADSL is used, it will
be the IP address of ATU-R.
User Name: Enter the User Name.
DMZ Setting
In order to allow such services, QVM1000 comes with a special DMZ port which is used for setting up public servers.
The DMZ sits between the local network and the Internet. Servers on the DMZ are publicly accessible, but they are
protected from attacks such as SYN Flooding. Use of the DMZ port is optional, it may be left unconnected.
Using the DMZ is preferred and, if practical, a strongly recommended alternative to Public LAN Servers or putting these
servers on the WAN port where they are not protected and not accessible by users on the LAN
Each of the servers on the DMZ will need a unique, publishable Internet IP address. The Internet Service Provider used
to connect the network to the Internet should be able to provide these addresses, as well as information on setting up
第 26 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Config. Click on the Edit with underline in Config. Column to edit the DMZ settings.
Click the Apply button to save the network settings or click the Cancel button to undo your changes.
Multi WAN
There are three functions provided for users – Intelligent Balancer (Auto Mode), IP Group (By Users), and IP balance.
第 27 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Interface Setting: Users can choose the selected interface to do the further settings.
Interface: It will display how many WAN ports are shown here. The default is four
WAN ports.
Mode: In Intelligent Balancer (Auto Mode), it will show auto which means that
QVM1000 will automatically calculate the maximum Bandwidth of all WAN
ports.
Config.: Click on the Edit with underline in Config. Column to do the further settings.
第 28 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Interface: The WAN port number that users are editing is shown here.
The Max. Bandwidth Enter The Max. Bandwidth of Upstream and Downstream for WAN1 ~
provided by ISP: WAN4 provided by ISP. It is between 0~100 Mbits.
Network Services This tool can detect the network connection status of ISP by pinging Default
Detection: Gateway, ISP Host, Remote Host, and DNS Lookup Host. If you check this
Detection, you have to choose at least one option from the following four
items.
Retry Count: The count of ping. The default is 5. If there is no response during the retry
count setting, the network connection is down.
Retry Timeout: The interval between two ping actions. The default is 30 seconds. If there is
no response during the retry timeout setting, the network connection is
down.
When Fail Generate the Error Condition in the System Log: The Router will generate
the System Log when ping fails to inform users that the ISP connection is
disconnected.
Remove the Connection: This WAN Interface will be suspended when the
network connection to ISP is not active. The traffic on this WAN will be
dispatched to the other WAN port. Once ISP returns to connect, the traffic
will be dispatched back.
Default Gateway: To ping the default gateway in the LAN. For example, the IP address of the
ADSL Router.
ISP Host: To ping the remote IP address of ISP. For example, DNS IP address of ISP
第 29 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Protocol Binding
This device supports the Protocol Binding functionality. It allows users to specify the internal IP or/and Service going
Service: Users can choose the Service from the drop-down menu (ex: all traffic
(TCP&UDP) is 1-65535, www is 80(80~80).Or click the service
management to add new Service. The default Service is SMTP.
Source IP: Users can specify the internal IP to go through the specific WAN port. If
users need the Service Binding only, entering zero in Source IP field is
suggested.
Destination IP: Users can specify the specific Service from the internal Source IP to
Destination IP going through the specific WAN port, and enter the
Destination IP. If users need the Service Binding only, entering zero in
Source and Destination IP field is suggested.
Enable: Users can click on the box to enable this Protocol Binding rule.
Add to list: Click Add to list button to add the Protocol Binding rule to list, and users
can set up to 30 rules
Delete selected Click Delete selected application button to delete the selected rule.
application:
Back: Click on the Back button to the previous page.
If the Service you need is not listed in menu, please click the Service Management button to add new Service and enter
the Protocol and Port Range. Then click the Save Setting button. It is described as follows:
第 30 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Service Management:
Services Name: Enter the name that you want the Internet users to access. For example,
Edonky.
Protocol: Enter the protocol. The default is TCP protocol.
Port Range: Enter the port range of the protocol. For example, HTTP is 80(80~80).
Add to List: Click the Add to List button, and configure as many entries as you would
like.
第 31 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
the bandwidth and higher priority for the specific IP or important users, and the IP Group users do not need to share the bandwidth
with lower classification users who are with Intelligent Balancer mode. If specified IP group users have chosen services, the rest of
This port (WAN1) always uses Intelligent Balancer (Auto Mode): QVM1000 reserves at least one WAN port for non- IP Group
Users and WAN1 will always use Intelligent Balancer mode.
Interface Setting: Users can choose the selected interface to do the further settings.
Interface: It will display how many WAN ports are shown here. The default is four
WAN ports.
Mode: It shows the result after settings. After users configure further settings, the
mode will show “Dispatched by user”. If not, the mode will show
“Dispatched by system”. However, QVM1000 reserves at least one WAN
port for non- IP Group Users and WAN1 will always use Intelligent Balancer
mode. The WAN1 mode will always be “Dispatched by system”.
第 32 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Config.: Click on the Edit with underline in Config. Column to do the further settings.
If users want to change the Mode from Intelligent Balancer (Auto Mode) to IP Group (By users) to edit the interface, the confirm
message will be shown. Users have to save settings for the change before edit the interface.
The Max. Bandwidth Users can choose the selected interface to do the further settings.
provided by ISP::
Network Service The explanation here is the same as Multi-WAN. Users can see the details
detection in Multi-WAN.
第 33 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
IP Group IP Group (By Users) enables the administrator to define traffic into different
priority levels or classes of service (CoS).
Services: Users can choose the Service from the drop-down menu (ex: all traffic
(TCP&UDP) is 1-65535, www is 80(80~80).Or click the service
management to add new Service.
Services Management: Add or delete new entries in the service Management.
Source IP: Users can define specific LAN IP address to transfer packets through the
selected WAN port. For example, enter LAN IP address from 192.168.1.150
to 200. If Users do not use it, please enter zero.
Destination IP User can define WAN IP address to transfer packets to the destination. For
example, enter WAN IP 210.11.1.1. If Users do not use it, please enter
zero.
IP Balance
All WAN ports will be IP balance Mode. QVM1000 will equally distribute new IP addresses to each WAN port.
第 34 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
One of the functionality is Rate Control for guarantee/ minimum bandwidth and maximum bandwidth; the other of
functionality is priority for different services. Users can only choose one of the functionality.
Rate Control
QVM1000 provides specific service and IP address to transfer sensitive data through WAN ports with guarantee bandwidth.
第 35 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
The Maximum Users can enter Upstream/Downstream bandwidth and those settings will update
Bandwidth provided simultaneously in Multi WAN page.
by ISP:
Interface: Click on the square box to apply the rule to the WAN port users choose.
Service: Users can choose the Service from the drop-down menu (ex: all traffic
(TCP&UDP) is 1-65535, www is 80(80~80).Or click the service management
to add new Service. The default is SMTP.
第 36 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Direction: Select Uplink (for outbound Traffic) or downlink (for inbound traffic) from the
pull-down menu. If users would like to download data, please choose the
downlink from the pull-down menu.
Minimum Rate (Min. Enter the guarantee/minimum bandwidth. For example, enter 200 in the
square box and the device will guarantee 200kbit/Sec for the specific service
Rate):
Maximum Rate (Max. Enter the Maximum bandwidth. For example, enter 700 in the square box
and the specific service will not exceed 700kbit/Sec.
Rate):
Bandwidth Sharing: Select Share total bandwidth with all IP addresses if mini/Max. Rate
users configure is used for all IP addresses. Select Assign bandwidth for
each IP address if Mini/Max. Rate users configure is used for separate IP
addresses.
Enable: If users click on the square box, the settings will be enabled. Otherwise,
users are only adding the services to the list but not enabling them.
Add to List: Click this icon and configure as many entities as you like. The maximum
entry is 100. The settings of the last rule will be applied first when QoS is
enabled. The applied ordering of rules is from bottom to top. Therefore, if
some settings of the last rule are overlapped with those of the previous rule,
the last rule will be dominant.
Show Tables: Click the Show Tables button and it will show the rules that are configured
on the list of QoS. Users can search and configure the rules more easily on
this page. The default is by interface and the ordering of settings will show
according to the order of WAN port. Users can click on Rule and all the
ordering of settings will show based on service.
Priority
QVM1000 provides specific service transferring sensitive data through WAN ports with three different types of priorities. They are
第 37 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
The Maximum Users can enter Upstream/Downstream bandwidth and those settings will update
Bandwidth provided simultaneously in Multi WAN page.
by ISP:
Interface: Click on the square box to apply the rule to the WAN port users choose.
Services: Users can choose the Service from the drop-down menu (ex: all traffic
(TCP&UDP) is 1-65535, www is 80(80~80).Or click the service management
to add new Service. The default is SMTP.
第 38 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Direction: Select Uplink (for outbound Traffic) or downlink (for inbound traffic) from the
pull-down menu. If users would like to download data, please choose the
downlink from the pull-down menu.
Priority: Users can just select two levels of priority, including high (60%), Low (10%).
Services in the high priority list will share 60% of total system bandwidth,
and the low priority list will share 10% of total bandwidth. Services that are
not included in the list will share the middle priority (30%).
Add to List: Click this icon and configure as many entities as you like. The maximum
entry is 50. The settings of the last rule will be applied first when QoS is
enabled. The applied ordering of rules is from bottom to top. Therefore, if
some settings of the last rule are overlapped with those of the previous rule,
the last rule will be dominant.
Enable: If users click on the square box, the settings will be enabled. Otherwise,
users are only adding the services to the list but not enabling them.
Show Tables: Click the Show Tables button and it will show the rules that are configured
on the list of QoS. Users can search and configure the rules more easily on
this page. The default is by interface and the ordering of settings will show
according to the order of WAN port. Users can click on Rule and the
ordering of settings will show based on service.
Password
The Router's default password is “admin”, and it is strongly recommended that you change the Router's password. After
users set up password, please remember to click on the apply button to save the settings.
第 39 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Time
QVM1000 uses the time settings to time stamp log events, to automatically update the Content Filter List, and for other
internal purposes. Set the local time using Network Time Protocol (NTP) automatically or manually. The setting will help
users correctly understanding when the events happed, access rule is denied or enabled.
Automatically:
Select the Time Zone and enter the Daylight Saving and NTP Server. The default Time Zone is Greenwich Mean Time.
第 40 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Manually:
Enter the Hours, Minutes, Seconds, Month, Day and Year.
第 41 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Click the Apply button to save the Time settings or click the Cancel button to undo the changes.
第 42 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Advanced Setting
DMZ Host-(Demilitarized Zone)
The DMZ (Demilitarized Zone) Host feature allows one local user to be exposed to the Internet to use a
Enter the DMZ Private IP Address to access DMZ Host settings. The Default value zero (0) will deactivate DMZ Host.
Click the Apply button to save the DMZ Host setting or click the Cancel button to undo the changes.
Forwarding
Port forwarding can be used to set up public services on your network. When users from the Internet make certain
requests on your network, the Router can forward those requests to computers equipped to handle the requests. If, for
example, you set the port number 80 (HTTP) to be forwarded to IP Address 192.168.1.50, then all HTTP requests
from outside users will be forwarded to 192.168.1.50.
You may use this function to establish a Web server or FTP server via an IP Gateway. Be sure that you enter a valid
第 43 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
IP Address. (You may need to establish a static IP address in order to properly run an Internet server.) For added
security, Internet users will be able to communicate with the server, but they will not actually be connected. The
Services: Users can choose the Service from the drop-down menu (ex: all traffic
(TCP&UDP) is 1-65535, www is 80(80~80).Or click the service
management to add new Service.
IP Address: Please enter internal IP address in the LAN. For example, 192.168.1.100.
Enable: Users can click on the box to enable this Port Range Forwarding rule.
Add to List: Click the Add to List button, and configure as many entries as you would
like.
If the Service you need is not listed in menu, please click the Service Management button to add new Service and enter
the Protocol and Port Range. Then click the Save Setting button. It is described as follows:
Service Management:
Services Name: Enter the name that you want the Internet users to access. For example,
Edonky.
Protocol: Enter the protocol. The default is TCP protocol.
Port Range: Enter the port range of the protocol. For example, HTTP is 80(80~80).
Add to List: Click the Add to List button, and configure as many entries as you would
第 44 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
like.
Port Triggering
第 45 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Some Internet applications or games use alternate ports to communicate between server and LAN host. When you
want to use those applications, enter the triggering (outgoing) port and alternate incoming port in this table. The
Trigger Port Range: Enter the outgoing port numbers. For example, 9000~10000)
Incoming Port Range: Enter the incoming port number from the Internet. For example,
2004~2005.
Add to List: Click the Add to List button, and configure as many entries as you would
like.
There are common applications and port numbers used in the Port Triggering.
第 46 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
UPnP
UPnP (Universal Plug and Play) forwarding can be used to set up public services on your network. Windows XP can
modify those entries via UPnP when UPnP function is enabled by selecting” Yes”.
Services: Users can choose the Service from the drop-down menu (ex: www is
80(80~80), FTP is 21(21~21).Or click the service management to add new
Service.
IP Address: Please enter internal IP address in the LAN. For example, 192.168.1.100.
Enable: Users can click on the box to enable this UPnP rule.
Add to List: Click the Add to List button, and configure as many entries as you would
like.
第 47 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Routing
Dynamic Routing
The Router's dynamic routing feature can be used to automatically adjust to physical changes in the network's layout.
The Router uses the dynamic RIP protocol. It determines the route that the network packets take based on the fewest
number of hops between the source and the destination. The RIP protocol regularly broadcasts routing information to
Working Mode: Select Gateway mode if your Router is hosting your network’s connection
to the Internet. Select Router mode if the Router exists on a network with
other routers, including a separate network gateway that handles the
Internet connection.
RIP: The Router, using the RIP protocol, calculates the most efficient route for
the network’s data packets to travel between the source and the
destination, based upon the shortest paths.
Transmit RIP Version: Choose the TX protocol you want for transmitting data on the network.
(None, RIPv1, RIPv2-Broadcast, RIPv2-Multicast)
Receive RIP Version: Choose the RX protocol you want for receiving data from the network.
(None, RIPv1, RIPv2, Both RIPv1 and v2).
Static Routing
You will need to configure Static Routing if there are multiple routers installed on your network. The static routing
function determines the path that data follows over your network before and after it passes through the Router. You can
第 48 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
use static routing to allow different IP domain users to access the Internet through this device. This is an advanced
This Router is also capable of dynamic routing (see the Dynamic Routing tab). In many cases, it is better to use
dynamic routing because the function will allow the Router to automatically adjust to physical changes in the network's
layout. In order to use static routing, the Router's DHCP settings must be disabled.
To set up static routing, you should add routing entries in the Router's table that tells the device where to send all
incoming packets. All of your network routers should direct the default route entry to this Router.
Select Route entry: Enter the static routing table. Users can choose up to 30 entries.
Destination IP and Subnet Enter the remote IP address and subnet Mask. For example,
Mask: 192.168.2.0/255.255.255.0
Default Gateway: Enter the default gateway for the static routing. For example, 192.168.2.1.
Hop Count: This value gives the number of nodes that a data packet passes through
before reaching its destination. A node is any device on the network, such
as switches, PCs, etc. The default is one and the max. is fifteen.
Interface Interface tells you whether your network is on the LAN or the WAN, or the
Internet. If you’re connecting to a sub-network, select LAN. If you’re
connecting to another network through the Internet, select WAN.
第 49 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
One-to-One NAT
When users apply for 8 static IP addresses, QVM1000 will use one Public IP address, and one public IP address will
be used for ATU-R. There will be four public IP addresses left. Left four public IP addresses will be correspondent to
Method:
When users choose some internet games which do not support some application in the LAN, users can use
For example: If you have 5 public IP addresses, 210.11.1.1~6, 210.11.1.1 has been used for WAN IP address,
there are still four public IP addresses for one-to-NAT settings described as follows:
210.11.1.4 Æ 192.168.1.3
210.11.1.5Æ 192.168.1.4
210.11.1.6Æ 192.168.1.5
210.11.1.7Æ 192.168.1.6
Note: QVM1000 WAN IP address (WAN IP -NAT Public) can not be included in this setting.
第 50 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
One-to-One NAT: If you check the box, One-to-One NAT will be enabled.
Private Range Begin: Enter the beginning IP address of the private address range being
mapped in the Private Range Begin field. This will be the IP address of the
first machine being made accessible from the Internet.
Public Range Begin: Enter the beginning IP address of the public address range being mapped
in the Public Range Begin field. This address assigned by the ISP.
QVM1000 Router’s WAN IP (NAT Public) Address may not be included in
the range.
Range Length: Enter the number of IP addresses for the range. The range length may not
exceed the number of valid IP address. Up to 64 ranges may be added.
To map a single address, use a Range Length of 1.
Add to List: Click the Add to List button, and configure as many entries as you would
like.
Note: One-to-One NAT does change the way the firewall functions work. Access to machines on the LAN from the
Internet will be allowed, and the local IP will be exposed to the internet unless Network Access Rules are set. You can
第 51 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
DDNS
DNS (Dynamic DNS) service allows you to assign a fixed domain name to a dynamic WAN IP address. This allows you
to host your own Web, FTP or other type of TCP/IP server in your LAN.
Before configuring DDNS, you need to visit www.dyndns.org or www.3322.org and register a domain name.
The table shown above is according to the number of WAN port settings on General Setting or Port Management page.
Click Edit with underline in the Config. Column to edit DDNS of selected WAN port.
第 52 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
DDNS Service: Users can choose three types of DDNS,Disable,DDNS.org and 3322.org.
Internet IP Address The Router's current Internet IP Address is displayed here. Because it is
dynamic, this will change.
Status: When you finish entering the Username, Password and Host Name, click
the Save Settings button, and the Status will be updated. It will
show "DDNS is updated successfully" once DDNS is updated
successfully. If it shows "The hostname does not exist", "Username is not
correct", "Hostname is not correct", please make sure you enter the
correct information of the account you set up with DynDNS.org.
第 53 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
MAC Clone
Some ISPs require that you register a MAC address. This "clones" your network adapter's MAC address onto the
Cable/DSL Firewall Router, and prevents you from having to call your ISP to change the registered MAC address to the
Cable/DSL Firewall Router's MAC address. The Cable/DSL Firewall Router's MAC address is a 12-digit code assigned
The table shown above is according to your number of WAN port settings on General Setting or Port Management page.
Click Edit in the Config. Column to edit MAC Clone of selected WAN port.
第 54 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
User Defined WAN1 MAC Enter the MAC address defined by users.
Address:
MAC Address From this Enter the MAC address of this PC.
PC:
Back: Click on the Back button to the previous page
DHCP
Setup
The Router can be used as a DHCP (Dynamic Host Configuration Protocol) server on your network. A DHCP server
assigns available IP addresses to each computer on your network automatically. If you choose to enable the DHCP
server option, you must configure all of the PCs on your LAN to connect to a DHCP server
第 55 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Dynamic IP
Client Lease Time: This is the lease time assigned if the computer (DHCP client) requests
one. The range is 5 ~ 43,200 Minutes.
Range Start: Enter a starting IP address. The default is 100.
QVM1000 provides the feature of IP&MAC binding which will check the packet whether it is with correct MAC and/or IP
address on the list or not. If the packet is not with correct MAC and/or IP address, the packet will be blocked by
QVM1000.
There are some situations here to describe how to use IP&MAC binding.
First, Users enter static IP address in the Static IP Address and one PC’s MAC address in the MAC address. At the
same time, users configure to get IP address automatically in this PC. After these settings, this PC will be assigned with
the Static IP address by QVM1000 and use this IP address to transit packets through QVM1000.
Second, Users enter static IP address in the Static IP Address and one PC’s MAC address in the MAC address. At the
same time, users configure the same static IP address in one PC as it is in the static IP Address. Therefore, the PC will
第 56 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Third, Users enter static IP address, 0.0.0.0, in the Static IP Address and one PC’s MAC address in the MAC address.
No matter IP address of this PC is static IP or dynamic IP address, users can transit packets through QVM1000.
Fourth, if the packet is with the correct MAC address but with wrong IP address that is not on the list, users can also
click the square box in front of Block MAC address on the list with wrong IP address to block the packet.
Fifth, users can also block MAC address that is not included on the list. Please click the square box in front of Block
Finally, if users do not need some of the functions, please do not click the square box.
Static IP Address: Please enter static IP address. Users can enter 0.0.0.0 of IP address in the
blank. It will be dispatched and get IP address by DHCP server.
第 57 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Block MAC address on Please click the square box to enable this function if users would like to block
the list with wrong IP the traffic that includes the MAC address on the list but do not user the exact
address: IP address for this MAC on the list.
Block MAC address Please click the square box to enable this function if users would like to block
not on the list: the traffic that includes the wrong MAC on the list.
Show new IP user Click Show new IP user button and it will show real time’s all new IP
addresses with corresponding MAC addresses. If some rules are already on
the Add to list, the IP addresses of these rules will not be shown on IP&MAC
binding list. Users can transfer all IP/MAC information to Add to list table after
this rule is enabled.
Click check box in the column of Enable to enable this rule. Click Select All
button to enable all the rules; click Refresh button to update the latest IP/MAC
information; click Apply button and all enabled rules will be transferred to Add
to list table; Click Close button to close this page. Users can also type 12
alphabet characters in the Name column for users easily to remember.
DNS Server
You can assign the DNS server(s) to the DHCP clients. This is optional, and the Router will use these for quicker
第 58 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
WINS
Windows Internet Naming Service (WINS) is a service that resolves NetBIOS names to IP addresses. The WINS is
assigned if the computer (DHCP client) requests one. If you do not know the WINS, leave it as 0.
WIN Server: Enter the IP address of WIN Server. The default is Zero.
Show Tables: Click the Show Tables button and it will show the rules that are configured
on the list of IP&MAC binding. Users can search and configure the rules
more easily on this page.
If the Router's DHCP server function is disabled, you have to carefully configure the IP address, Mask, and DNS settings
of every computer on your network. Be careful not to assign the same IP Address to different computers.
第 59 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
QVM1000 also provides the feature of IP&MAC binding which will check the packet whether it is with correct MAC and/or
IP address on the list or not. If the packet is not with correct MAC and/or IP address, the packet will be blocked by
QVM1000.
There are some situations here to describe how to use IP&MAC binding
First, Users enter static IP address in the Static IP Address and one PC’s MAC address in the MAC address. At the
same time, users configure the same static IP address in one PC as it is in the static IP Address. Therefore, the PC will
Second, Users enter static IP address, 0.0.0.0, in the Static IP Address and one PC’s MAC address in the MAC address.
At the same time, users configure the static IP address in one PC. Therefore, users can transit packets through
Third, if the packet is with the correct MAC address but with wrong IP address that is not on the list, users can also click
the square box in front of Block MAC address on the list with wrong IP address to block the packet.
Fourth, users can also block MAC address that is not included on the list. Please click on the square box in front of Block
Finally, if users do not need some of the functions, please do not click the square box.
Static IP Address: Please enter static IP address. Users can enter 0.0.0.0 IP address in the
black. It will be dispatched and get IP address by DHCP server.
Block MAC address on Please click the square box to enable this function if users would like to
the list with wrong IP block the traffic that includes the MAC address on the list but do not user
address: the exact IP address for this MAC on the list.
Block MAC address not Please click the square box to enable this function if users would like to
on the list: block the traffic that includes the wrong MAC on the list.
第 60 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Show Tables: Click the Show Tables button and it will show the rules that are configured
on the list of IP&MAC binding. Users can search and configure the rules
more easily on this page. The default is by interface and the ordering of
settings will show according to the order of WAN port. Users can click on
Rule and all the ordering of settings will show based on service.
Show new IP user Click Show new IP user button and it will show real time’s all new IP
addresses with corresponding MAC addresses. If some rules are already
on the Add to list, the IP addresses of these rules will not be shown on
IP&MAC binding list. Users can transfer all IP/MAC information to Add to
list table after this rule is enabled.
Click check box in the column of Enable to enable this rule. Click Select All
button to enable all the rules; click Refresh button to update the latest
IP/MAC information; click Apply button and all enabled rules will be
transferred to Add to list table; Click Close button to close this page. Users
can also type 12 alphabet characters in the Name column for users easily
to remember.
第 61 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Status
The status table shows the status and record as a reference for network manager. It is described as follows.
DHCP Available: It shows how many IP address left that can be released by DHCP server.
Total: It shows how many IP addresses that can be released by DHCP server.
Client Host Name: The name of one computer which get one IP address from DHCP server.
IP Address: The IP address of one computer which get one IP address from DHCP
server.
MAC Address: The MAC address of one computer which get one IP address from DHCP
server.
Leased Time: This is the lease time assigned if the computer (DHCP client) requests
one.
第 62 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Tool
SNMP
Simple Network Management Protocol is a network protocol that provides network administrators with the ability to
monitor the status of the QVM1000 and receive notification of any critical events as they occur on the network. The
QVM1000 supports SNMP v1/v2c and all relevant Management Information Base II (MIBII) groups. The appliance
replies to SNMP Get commands for MIBII via any interface and supports a custom MIB for generating trap messages.
Enable SNMP: SNMP is enabled by default. To disable the SNMP agent, leave the box
blank.
System Name: Enter the name of this router. For example,QVM1000
System Contact: Enter the name of the network administrator, For example, John.
System Location: The network administrator's contact information is placed into this field.
Type in an E-mail address, telephone number, or pager number.
Get Community Name: Create a name for a group or community of administrators who can view
SNMP data. The default value is "Public".
Set Community Name: Create a name for a group or community of administrators who can
receive SNMP traps. A name must be entered. The default is private.
第 63 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Trap Community Name: Enter the Trap Community Name, which is the password sent with each
trap to the SNMP manager.
Send SNMP Trap to: Enter the IP or Domain Name in this filed and QVM1000 will send traps to.
Diagnostic
QVM1000 has two built-in tools, DNS Name Lookup and Ping, which will help with trouble shooting network problems.
not add the prefix http://; otherwise the result will be Address Resolving Failed. QVM1000 will then query the DNS
server and display the result at the bottom of the screen.
Ping
第 64 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
The Ping test bounces a packet off a machine on the Internet back to the sender. This test shows if QVM1000 is able
to contact the remote host. If users on the LAN are having problems accessing services on the Internet, try pinging the
DNS server, or other machine at the ISP’s location. If this test is successful, try pinging devices outside the ISP. This
Restart
第 65 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
The recommended method of restarting your QVM1000 is to use this "Restart" tool. Restarting with this button will send
Factory Default
第 66 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
The "Factory Default" button can be used to clear all of your configuration information and restore QVM1000 to its
factory state. Only use this feature if you wish to discard all other configuration preferences.
第 67 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Firmware Upgrade
Firmware Upgrade
Users can use the following download function to download the new version of firmware into computer in advance, and
then select the file. Finally, click the Firmware Upgrade Right Now button. Pease take a look at the warning messages
第 68 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Setting Backup
dialog which will allow you to select a file which you had previously saved using the "Export Settings" button. After you
have selected the file, click the "Import" button. This process may take up to a minute. You will then need to restart
preferences file. This file will be called "config.exp" by default, but you may rename it if you wish. This process may take
up to a minute.
第 69 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Port Management
In this router, users can choose the number of WAN ports and configure the connection status for each port, such as
Port Setup
Interface: There are LAN1~LAN 11, WAN1~WAN4, and DMZ .The interface shown
here will be changed automatically according to your number of WAN port
setting.
Port Disable: Check the box, the port will be disabled. It is a per-port setting. The default
is enabled.
Priority: Select High or Normal for Port-based QoS (Quality of Service). QoS is
used to maximize a network’s performance and this setting allows you to
prioritize performance on eight LAN ports.
第 70 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Speed: Users can manually configure the per-port speed as 10Mbps or 100Mbps.
Auto-negotiation: If enable this function, every port can be set as auto-negotiation. Users
will not need to set up speed and duplex.
Port Status
Users can choose the port number from pull down menu to see the status of the selected port, shown as follows.
In Summary table, it will show the setting for the port selected by users, such as Type, Link Status(up or down), Port
Activity (on or off), Priority (High or Normal), Speed Status(10Mbps or 100Mbps), Duplex Status(half or full), and Auto
negotiation(on or off).
In Statistics table, it will show the port receive/transmit packet count/packet byte count and Port Packet Error Count
of the selected port. Click Refresh button to refresh the port status.
第 71 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Firewall
General
From the Firewall Tab, you can configure the Router to deny or allow specific internal users from accessing the Internet.
You can also configure the Router to deny or allow specific Internet users from accessing the internal servers. You can
set up different packet filters for different users that are located on internal (LAN) side or external (WAN) side based on
Firewall: The default is enabled. If users disable the Firewall function, SPI, DoS,
Block WAN Request will be disabled, Remote Management will be
enabled and Access Rules and Content Filter will be disabled.
SPI(Stateful Packet The Router's Firewall uses Stateful Packet Inspection to maintain
connection information that passes through the firewall. It will inspect all
Inspection): packets based on the established connection, prior to passing the packets
for processing through a higher protocol layer.
DoS(Denial of Service): Protect internal networks from Internet attacks, such as SYN Flooding,
Smurf, LAND, Ping of Death, IP Spoofing and reassembly attacks.
Block WAN Request: This feature is designed to prevent attacks through the Internet. When it is
第 72 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
enabled, the Router will drop both the unaccepted TCP request and ICMP
packets from the WAN side. The hacker will not find the Router if he tries
to ping the WAN IP address. If DMZ is enabled, this function will be
disabled.
Remote Management: This Router supports remote management. If you want to manage this
Router through the WAN connection, you have to 'Enable' this option.
Users can enter port number for remote management, and the default is
80.
Multicast Pass Through: IP Multicasting occurs when a single data transmission is sent to multiple
recipients at the same time. Using this feature, the Router allows IP
multicast packets to be forwarded to the appropriate computers.
MTU(Maximum This feature specifies the largest packet size permitted for network
Transmission Unit): transmission. It is recommended that you enable this feature, and the
default of MTU size is 1500 bytes.
Access Rules
Network Access Rules evaluate network traffic's Source IP address, Destination IP address, and IP protocol type to
The ability to define Network Access Rules is a very powerful tool. Using custom rules, it is possible to disable all
firewall protection or block all access to the Internet. Use extreme caution when creating or deleting Network Access
Rules.
Custom rules can be created to override the above QVM1000 default rules, but there are four additional default rules
that will be always active, and custom rule can not override the four rules.
* HTTP service from LAN side to QVM1000 is always allowed. (For the use of managing QVM1000)
* DHCP service from LAN side is always allowed. (For the use of getting IP address from QVM1000 automatically)
* DNS service from LAN side is always allowed. (For the use of resolving DNS)
* Ping service from LAN side to QVM1000 is always allowed. (For the use of detecting the connection)
第 73 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Besides the Default Rules, all configured Network Access Rules are listed in the table, and you can choose the Priority
for each custom rule. Click the Edit button to edit the rule, and click the Trash Can icon to delete the rule.
Click Add New Rule button to add new Access Rules, or click the Restore to Default Rules button to restore to the
default rules, and all custom rules will be deleted.
第 74 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Services: Users can evaluate network traffic's Source IP address, Destination IP address,
and IP protocol type to decide if the IP traffic is allowed to pass through the
firewall.
Action: Select the Allow or Deny button depending on the intent of the rule.
Service Management: Add or delete new entries in the service Management If the service you
need is not listed in the menu, click the Service Management button to
add new Service. Enter Service Name, Protocol and Prot Range, and click
Add to list and Save Setting.
Log: Users can select Log packet to match this rule or Not log.
Source Interface: Select the Source Interface (LAN, WAN1~4, DMZ, Any) from the
pull-down menu.
Source IP: Select Any, Single or Range, and enter IP Address for single and range.
Destination IP: Select Any, Single or Range, and enter IP Address for single and range.
Scheduling: Decide when users will enforce this rule. There are two types of
scheduling: always and from.
Apply this rule (time Select the time range and the day of the week for this rule to be enforced.
parameter): The default condition for any new rule is always to enforce.
第 75 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Services Management:
Services Name: Enter the name that you want the Internet users to access. For example,
Edonky.
Protocol: Enter the protocol. The default is TCP protocol.
Port Range: Enter the port range of the protocol. For example, HTTP is 80(80~80).
Add to List: Click the Add to List button, and configure as many entries as you would
like.
第 76 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Content Filter
Block Forbidden When the Block Forbidden Domains check box is selected, QVM1000
Domains: will forbid web access to sites on the Forbidden Domains list.
Add to List: Click the Add to List button, and configure as many entries as you would
like.
第 77 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Website Blocking by When the Website Blocking by keyword button check box is selected,
Keyword FVR9208 will forbid web access to sites on the website blocking list.
Add to List: Click the Add to List button, and configure as many entries as you would
like.
Scheduling
The Time of Day feature allows you to define specific times when Content Filtering is enforced. For example, you could
configure QVM1000 to filter employee Internet access during normal business hours, but allow unrestricted access at
第 78 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Time parameter: Always: When selected, Content Filtering is enforced at all times.
第 79 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
VPN
Summary
The VPN Summary displays the Summary, Tunnel Status and GroupVPN Status.
Summary:
It shows the number of Tunnel(s) Used and Tunnel(s) Available. QVM1000 supports up to 200 tunnels.
Detail: lick the Detail button to see the detail of VPN Summary as below, and users can use the tools on the top to save,
export or print the details of VPN Summary.
第 80 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Tunnel Status:
Gateway to Gateway:
The following figure illustrates the Gateway to Gateway tunnel, a tunnel created between two VPN Routers. When click
Client to Gateway:
The following figure illustrates the Client to Gateway tunnel, a tunnel created between the VPN Router and the Client
user using VPN client software that supports IPSec. When click “Add Now”, it will show Client to Gateway page.
第 81 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Tunnel No: It shows the used Tunnel No. 1~200, and the tunnels defined in GroupVPN
are also included.
Status: It shows Connected, Hostname Resolution Failed, Resolving Hostname or
Waiting for Connection. If users select Manual in IPSec Setup page, the
Status will show Manual and no Tunnel Test function for Manual Keying
Mode.
Name: It shows the Tunnel Name that you enter in Gateway to Gateway page,
Client to Gateway page or Group ID Name.
Phase2 It shows the Encryption (DES/3DES), Authentication (MD5/SHA1) and
Encrypt/Auth/Group: Group (1/2/5) that you chose in IPSec Setup field. If you chose Manual
mode, there will be no Phase 2 DH Group, and it will show the Encryption
and Authentication method that you set up in Manual mode.
Local Group: It shows the IP and subnet of Local Group.
Tunnel Test: Click the Connect button to verify the tunnel status. The test result will be
updated in Status.
Configure: Edit and Delete : If you click Edit button, it will link to the original setup
page. You can change the settings. If you click , all settings of this tunnel
will be deleted, and this tunnel will be available.
Tunnel(s) Enable and It shows the number of Tunnel(s) Enabled and Tunnel(s) Defined. The
Tunnel(s) Defined: number of Tunnel Enabled may be fewer than the number of Tunnel
Defined once the Defined Tunnels are disabled.
GroupVPN Status:
If you did not enable GroupVPN, it will be blank in GroupVPN Status.
第 82 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Group ID Name: It shows the name you enter in Add new client to gateway tunnel page.
Local Group: It shows the IP address and Subnet of Local Group you set up.
Remote Clients Status: If you click the Detail List button, it shows the details of Group Name, IP
address and Connection Time of this Group VPN.
Tunnel Test: Click the Connect button to verify the tunnel status. The test result will be
updated in Status.
Config: Edit and Delete : If you click Edit button, it will link to the original setup
page, and you can change the settings. If you click , all settings of this
tunnel will be deleted, and this tunnel will be available.
Tunnel No.: The tunnel number will be generated automatically from 1~200.
Interface: You can select the Interface from the pull-down menu. When Multi WAN is
enabled, there will be four two options. (WAN1~WAN4). The options of
WAN ports will be generated by WAN port number settings on General
Setting or Port Management page.
Tunnel Name: Enter the Tunnel Name, such as LA Office, Branch Site, Corporate Site, etc.
This is to allow you to identify multiple tunnels and does not have to match
the name used at the other end of the tunnel.
第 83 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
第 84 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Local Group Setup: The settings of Local Group Setup should match with the settings of the Remote Group setup in
the other end of tunnel.
(1) IP Only: If you select IP Only, only the specific IP Address will be able to
access the tunnel. The WAN IP of QVM1000 will come out in this filed
automatically, and you don’t need to enter.
第 85 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
QVM1000, and QVM1000 will work as a responder. If you select this
type, just enter the E-mail address for Authentication.
Local Security Group Select the local LAN user(s) behind the router that can use this VPN tunnel.
Type Local Security Group Type may be a single IP address and a Subnet
(1)IP Address
If you select IP Address, only the computer with the specific IP Address
that you enter will be able to access the tunnel. The default IP is
192.168.1.0.
(2)Subnet
If you select Subnet (which is the default), this will allow all computers on
the local subnet to access the tunnel. Enter the IP Address and the Subnet
Mask. The default IP is 192.168.1.0, and default Subnet Mask is
255.255.255.192.
Remote Group Setup: The settings of Remote Group Setup should match with the settings of the Local Group of
VPN device in the other end of tunnel.
(1) IP Only: If you select IP Only, only the specific IP Address that you enter
will be able to access the tunnel. It’s the IP Address of the remote VPN
Router or device which you wish to communicate. The remote VPN
device can be another VPN Router or a VPN Server. If you know the
static IP address of remote VPN device, select IP address from
drop-down menu. If you don’t know the static IP address of remote VPN
device, but the domain name of remote VPN device is known, you can
select IP by DNS Resolved, and enter the real domain name on the
Internet. QVM1000 will get the IP address of remote VPN device by DNS
Resolved, and IP address of remote VPN device will be displayed on
VPN Status of Summary page.
第 86 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
(3) IP + E-mail Addr. (USER FQDN) Authentication: If you know the static
IP address of remote VPN device, select IP address from drop-down
menu. If you don’t know the static IP address of remote VPN device, but
the domain name of remote VPN device is known, you can select IP by
DNS Resolved, and enter the real domain name on the Internet.
QVM1000 will get the IP address of remote VPN device by DNS
Resolved, and IP address of remote VPN device will be displayed on
VPN Status of Summary page. Then, enter the E-mail Address as an ID.
第 87 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
responder. If you select this type, just enter the Domain Name for
Authentication, and the Domain Name must be same with the Local
Gateway of the remote VPN device. The same Domain Name can be
only for one tunnel connection, and users cannot use the same Domain
Name to create a new tunnel connection.
Remote Security Group Select the Remote Security Group that behind the above Remote Gateway
Type: Type you chose that can use this VPN tunnel. Remote Security Group Type
may be a single IP address and a Subnet
(1)IP Address
If you select IP Address, only the remote computer with the specific IP
Address that you enter will be able to access the tunnel.
.
(2)Subnet
If you select Subnet (which is the default), this will allow all computers
on the remote subnet to access the tunnel. Enter the remote IP Address
and the Subnet Mask. The default Subnet Mask is 255.255.255.0.
IPSec Setup
In order for any encryption to occur, the two ends of the tunnel must agree on the type of encryption and the way the
data will be decrypted. This is done by sharing a “key” to the encryption code. There are two Keying Modes of key
If you select Manual, it allows you to generate the key yourself, and no key negotiation is needed. Basically, manual key
management is used in small static environments or for troubleshooting purposes. Both sides must use the same Key
Management method.
第 88 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Key Management: There are two Keying Modes of key management, Manual and IKE with
Preshared Key (automatic).
Phase1/Phase2 DH Group:
There are three groups of different prime key lengths. Group1 is 768 bits,
Group2 is 1,024 bits and Group 5 is 1,536 bits.
Phase1/Phase2 Encryption:
This is used to create one or more IPSec SAs, which are then used to key
IPSec sessions. There are two methods of encryption, DES and 3DES. The
Encryption method determines the length of the key used to encrypt/decrypt
ESP packets. DES is 56-bit encryption and 3DES is 168-bit encryption. Both
sides must use the same Encryption method.
Phase1/Phase2 Authentication:
There are two methods of authentication, MD5 and SHA. The
Authentication method determines a method to authenticate the ESP
packets. Both sides must use the same Authentication method.
Phase1 SA Lifetime This field allows you to configure the length of time a
VPN tunnel is active in Phase 1. The default value is 28,800 seconds.
Phase2 SA Lifetime This field allows you to configure the length of time a
VPN tunnel is active in Phase 2. The default value is 3,600 seconds.
第 89 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Manual: If you select Manual, it allows you to generate the key yourself, and
no key negotiation is needed.
Encryption Key: This field specifies a key used to encrypt and decrypt IP
traffic, and the Encryption Key is generated yourself. The hexadecimal
value is acceptable in this field. Both sides must use the same Encryption
Key. If DES is selected, the Encryption Key is 16-bit. If users do not fill up to
16-bit, this filed will be filled up to 16-bit automatically by 0. If 3DES is
selected, the Encryption Key is 48-bit. If users do not fill up to 48-bit, this
filed will be filled up to 48-bit automatically by 0.
There are two types of Phase 1 exchanges: Main mode and Aggressive
mode. Aggressive Mode requires half of the main mode messages to be
exchanged in Phase 1 of the SA exchange. If network security is preferred,
select Main mode. When users select the Dynamic IP in Remote Security
第 90 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Gateway Type, it will be limited as Aggressive Mode.
Compress:
QVM1000 supports IP Payload compression Protocol. IP Payload
Compression is a protocol to reduce the size of IP datagrams. If Compress is
enabled, QVM1000 will propose compression when initiating a connection. If
the responders reject this propose, QVM1000 will not implement the
compression. When QVM1000 works as a responder, QVM1000 will always
accept compression even without enabling compression.
Keep-Alive:
This mechanism helps to keep up the connection of IPSec tunnels.
Whenever a connection is dropped and detected, it will be re-established
immediately.
AH Hash Algorithm:
AH (Authentication Header) protocol describe the packet format and the
default standards for packet structure. With the use of AH as the security
protocol, protected is extended forward into IP header to verify the integrity of
the entire packet by use of portions of the original IP header in the hashing
process. There are two algorithms, MD5 and SHA1. MD5 produces a 128-bit
digest to authenticate packet data and SHA1 produces a 160-bit digest to
authenticate packet data. Both sides of tunnel should use the same
algorithm.
NetBIOS Broadcast:
Check the box to enable NetBIOS traffic to pass through the VPN tunnel. By
default, the Router blocks these broadcasts.
Dead Peer Detection(DPD):
When DPD is enabled, QVM1000 will send the periodic HELLO/ACK
messages to prove the tunnel liveliness when both peers of a VPN tunnel
provide DPD mechanism. Once a dead peer is detected, QVM1000 will
disconnect the tunnel so the connection can be re-established. The Interval
is the number of seconds between DPD messages. The default is DPD
enabled, and default Interval is 10 seconds.
Client to Gateway
By setting this page, you can create a new tunnel between Local VPN device and mobile user.
You can select Tunnel to create tunnel for single mobile user, or select Group VPN to create tunnels for multiple VPN
clients. Group VPN feature facilitates the setup and it’s not necessary to individually configure remote VPN clients.
In Tunnel condition
Tunnel No.: The tunnel no. will be generated automatically from 1~200.
Interface: You can select the Interface from the pull-down menu. When Multi WAN is
enabled, there will be four two options. (WAN1~WAN4). The options of
WAN ports will be generated by WAN port number settings on General
Setting or Port Management page.
第 91 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Tunnel Name: Once the tunnel is enabled, enter the Tunnel Name field. Such as, Sales
Name. This is to allow you to identify multiple tunnels and does not have to
match the name used at the other end of the tunnel.
Local Group Setup: The Settings of Local Security Gateway Type should match with the
Remote Security Gateway Type of VPN devices in the other end of tunnel.
Local Security Gateway There are five types.
Type: IP Only
IP + Domain Name (FQDN) Authentication
IP + E-mail Addr. (USER FQDN) Authentication
Dynamic IP + Domain Name (FQDN) Authentication
Dynamic IP + E-mail Addr. (USER FQDN) Authentication.
(1) IP Only: If you select IP Only, only the specific IP Address will be able to
access the tunnel. The WAN IP of QVM1000 will come out in this filed
automatically, and you don’t need to enter.
第 92 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Name must be same with the Remote Security Gateway of the remote
VPN device. The same Domain Name can be only for one tunnel
connection, and users cannot use the same Domain Name to create a
new tunnel connection.
Local Security Group Select the local LAN user(s) behind the router that can use this VPN tunnel.
Type Local Security Group Type may be a single IP address and a Subnet
(1)IP Address
If you select IP Address, only the computer with the specific IP Address
that you enter will be able to access the tunnel. The default IP is
192.168.1.0.
(2)Subnet
If you select Subnet (which is the default), this will allow all computers on
the local subnet to access the tunnel. Enter the IP Address and the Subnet
Mask. The default IP is 192.168.1.0, and default Subnet Mask is
255.255.255.192.
Remote Client Setup: The type of Remote Security Gateway should match with the Local Security Gateway Type of
VPN devices in the other end of tunnel
Remote Client: There are five types.
IP Only
IP + Domain Name (FQDN) Authentication,
IP + E-mail Addr. (USER FQDN) Authentication
Dynamic IP + Domain Name (FQDN) Authentication
Dynamic IP + E-mail Addr. (USER FQDN) Authentication.
(1) IP Only: If you select IP Only, only the specific IP Address that you
enter will be able to access the tunnel. It’s the IP Address of the remote
VPN Router or device which you wish to communicate. The remote VPN
device can be another VPN Router or a VPN Server. If you know the
static IP address of remote VPN device, select IP address from
第 93 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
drop-down menu. If you don’t know the static IP address of remote VPN
device, but the domain name of remote VPN device is known, you can
select IP by DNS Resolved, and enter the real domain name on the
Internet. QVM1000 will get the IP address of remote VPN device by DNS
Resolved, and IP address of remote VPN device will be displayed on
VPN Status of Summary page.
(3) IP + E-mail Addr. (USER FQDN) Authentication: If you know the static
IP address of remote VPN device, select IP address from drop-down
menu. If you don’t know the static IP address of remote VPN device, but
the domain name of remote VPN device is known, you can select IP by
DNS Resolved, and enter the real domain name on the Internet.
QVM1000 will get the IP address of remote VPN device by DNS
Resolved, and IP address of remote VPN device will be displayed on
VPN Status of Summary page. Then, enter the E-mail Address as an ID.
第 94 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
IPSec Setup
In order for any encryption to occur, the two ends of the tunnel must agree on the type of encryption and the way the
data will be decrypted. This is done by sharing a “key” to the encryption code. There are two Keying Modes of key
If you select Manual, it allows you to generate the key yourself, and no key negotiation is needed. Basically, manual key
management is used in small static environments or for troubleshooting purposes. Both sides must use the same Key
Management method.
第 95 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Key Management: There are two Keying Modes of key management, Manual and IKE with
Preshared Key (automatic).
Phase1/Phase2 DH Group:
There are three groups of different prime key lengths. Group1 is 768 bits,
Group2 is 1,024 bits and Group 5 is 1,536 bits.
Phase1/Phase2 Encryption:
This is used to create one or more IPSec SAs, which are then used to key
IPSec sessions. There are two methods of encryption, DES and 3DES. The
Encryption method determines the length of the key used to encrypt/decrypt
ESP packets. DES is 56-bit encryption and 3DES is 168-bit encryption. Both
sides must use the same Encryption method.
Phase1/Phase2 Authentication:
There are two methods of authentication, MD5 and SHA. The
Authentication method determines a method to authenticate the ESP
packets. Both sides must use the same Authentication method.
Phase1 SA Lifetime This field allows you to configure the length of time a
VPN tunnel is active in Phase 1. The default value is 28,800 seconds.
Phase2 SA Lifetime This field allows you to configure the length of time a
VPN tunnel is active in Phase 2. The default value is 3,600 seconds.
Manual
第 96 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Manual: If you select Manual, it allows you to generate the key yourself, and
no key negotiation is needed.
Encryption Key: This field specifies a key used to encrypt and decrypt IP
traffic, and the Encryption Key is generated yourself. The hexadecimal
value is acceptable in this field. Both sides must use the same Encryption
Key. If DES is selected, the Encryption Key is 16-bit. If users do not fill up to
16-bit, this filed will be filled up to 16-bit automatically by 0. If 3DES is
selected, the Encryption Key is 48-bit. If users do not fill up to 48-bit, this
filed will be filled up to 48-bit automatically by 0.
There are two types of Phase 1 exchanges: Main mode and Aggressive
mode. Aggressive Mode requires half of the main mode messages to be
exchanged in Phase 1 of the SA exchange. If network security is preferred,
select Main mode. When users select the Dynamic IP in Remote Security
第 97 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Gateway Type, it will be limited as Aggressive Mode.
Compress:
QVM1000 supports IP Payload compression Protocol. IP Payload
Compression is a protocol to reduce the size of IP datagrams. If Compress is
enabled, QVM1000 will propose compression when initiating a connection. If
the responders reject this propose, QVM1000 will not implement the
compression. When QVM1000 works as a responder, QVM1000 will always
accept compression even without enabling compression.
Keep-Alive:
This mechanism helps to keep up the connection of IPSec tunnels.
Whenever a connection is dropped and detected, it will be re-established
immediately.
AH Hash Algorithm:
AH (Authentication Header) protocol describe the packet format and the
default standards for packet structure. With the use of AH as the security
protocol, protected is extended forward into IP header to verify the integrity of
the entire packet by use of portions of the original IP header in the hashing
process. There are two algorithms, MD5 and SHA1. MD5 produces a 128-bit
digest to authenticate packet data and SHA1 produces a 160-bit digest to
authenticate packet data. Both sides of tunnel should use the same
algorithm.
NetBIOS Broadcast:
Check the box to enable NetBIOS traffic to pass through the VPN tunnel. By
default, the Router blocks these broadcasts.
Dead Peer Detection(DPD):
When DPD is enabled, QVM1000 will send the periodic HELLO/ACK
messages to prove the tunnel liveliness when both peers of a VPN tunnel
provide DPD mechanism. Once a dead peer is detected, QVM1000 will
disconnect the tunnel so the connection can be re-established. The Interval
is the number of seconds between DPD messages. The default is DPD
enabled, and default Interval is 10 seconds.
Group No.: The group no. will be generated automatically from 1~2. Two GroupVPNs
are supported by QVM1000.
Interface: You can select the Interface from the pull-down menu. When Multi WAN is
enabled, there will be four two options. (WAN1~WAN4). The options of
WAN ports will be generated by WAN port number settings on General
Setting or Port Management page.
Group Name: Enter the Group ID Name. Such as, American Sales Group.
第 98 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
Local Group Setup: Select the local LAN user(s) behind the router that can use this VPN tunnel.
Local Security Group Type may be a single IP address, a Subnet. The Local
Local Security Group Secure Group must match Remote VPN Client’s Remote Secure Group.
Type: (1)IP Address
If you select IP Address, only the computer with the specific IP Address that
you enter will be able to access the tunnel. The default IP is 192.168.1.0.
(2)Subnet
If you select Subnet (which is the default), this will allow all computers
on the local subnet to access the tunnel. Enter the IP Address and the
Subnet Mask. The default IP is 192.168.1.0, and default Subnet Mask
is 255.255.255.192.
第 99 頁,共 118 頁
QVM1000 4WAN QoS VPN Management Router
(3) Microsoft XP/2000 VPN Client:
This option is used for Dynamic IP users which use Microsoft VPN client.
The difference between Microsoft and other VPN client is that Microsoft
client does not support Aggressive mode and FQDN/USER FQDN ID
options.
IPSec Setup
In order for any encryption to occur, the two ends of the tunnel must agree on the type of encryption and the way the
data will be decrypted. This is done by sharing a “key” to the encryption code. There are two Keying Modes of key
management, Manual and IKE with Preshared Key (automatic). If GroupVPN is enabled, the key management will
Phase1/Phase2 DH Group:
There are three groups of different prime key lengths. Group1 is 768 bits,
Group2 is 1,024 bits and Group 5 is 1,536 bits.
Phase1/Phase2 Encryption:
This is used to create one or more IPSec SAs, which are then used to key
IPSec sessions. There are two methods of encryption, DES and 3DES. The
Encryption method determines the length of the key used to encrypt/decrypt
ESP packets. DES is 56-bit encryption and 3DES is 168-bit encryption. Both
sides must use the same Encryption method.
Phase1/Phase2 Authentication:
Phase1 SA Lifetime This field allows you to configure the length of time a
VPN tunnel is active in Phase 1. The default value is 28,800 seconds.
Phase2 SA Lifetime This field allows you to configure the length of time a
VPN tunnel is active in Phase 2. The default value is 3,600 seconds.
There are two types of Phase 1 exchanges: Main mode and Aggressive
mode. Aggressive Mode requires half of the main mode messages to be
exchanged in Phase 1 of the SA exchange. If network security is preferred,
select Main mode. If network speed is preferred, select Aggressive mode.
When Group VPN is enabled, it will be limited as Aggressive Mode. If you
select Dynamic IP in Remote Client Type in tunnel mode, it will be also
limited as Aggressive Mode.
Compress:
QVM1000 supports IP Payload compression Protocol. IP Payload
Compression is a protocol to reduce the size of IP datagrams. If Compress is
enabled, QVM1000 will propose compression when initiating a connection. If
the responders reject this propose, QVM1000 will not implement the
compression. When QVM1000 works as a responder, QVM1000 will always
accept compression even without enabling compression.
Keep-Alive:
This mechanism helps to keep up the connection of IPSec tunnels.
Whenever a connection is dropped and detected, it will be re-established
immediately.
AH Hash Algorithm:
AH (Authentication Header) protocol describe the packet format and the
default standards for packet structure. With the use of AH as the security
protocol, protected is extended forward into IP header to verify the integrity of
the entire packet by use of portions of the original IP header in the hashing
process. There are two algorithms, MD5 and SHA1. MD5 produces a 128-bit
digest to authenticate packet data and SHA1 produces a 160-bit digest to
authenticate packet data. Both sides of tunnel should use the same
algorithm.
NetBIOS Broadcast:
Check the box to enable NetBIOS traffic to pass through the VPN tunnel. By
default, the Router blocks these broadcasts.
PPTP
QVM1000 supports Windows XP/2000 for remote users using PPTP to create VPN connections.
Enable PPTP Server: Click on the square box to enable PPTP Server.
PPTP IP Address Range: Enter the internal IP Address Range for remote users entering to Local
Area Network.QVM1000 supports up to 5 PPTP connections. The default
IP range is start from 200 to 209.
Confirm New Password: Re-enter the new password you just entered.
Add to list: Click the Add to List button, and configure as many entries as you would
like.
User Name: The name of the remote client after the PPTP tunnel is connected.
Remote Address: The IP address of the remote client after the PPTP tunnel is connected.
PPTP IP Address: The IP address of PPTP server after the PPTP tunnel is connected
Refresh: Click Refresh button to update the latest information in the list
IPSec Pass Through: Internet Protocol Security (IPSec) is a suite of protocols used to
implement secure exchange of packets at the IP layer. To allow IPSec
tunnels to pass through the Router, IPSec Pass Through is enabled by
default.
PPTP Pass Through: Point to Point Tunneling Protocol (PPTP) Pass Through is the method
used to enable VPN sessions. PPTP Pass Through is enabled by default
L2TP Pass Through: Layer 2 Tunneling Protocol (L2TP) Pass Through is the method used to
enable VPN sessions. PPTP Pass Through is enabled by default.
QVM Server
The device provides the unique, simpler and faster functionality called QVM (Qno VPN Management), to establish a
virtual private tunnel and transmit sensitive and important data, mainly for headquarters and branch offices. It supports
not only the quick connection mechanism but also the backup mechanism. If the main connection is down, it will switch
to anther WAN port and reconnect again. The QVM server of QVM1000/FVR9416 should comply with QVM client of
Setup
Account ID: Enter a specific ID for authentication between QVM server and client.
Add to List: Click the Add to List button, and configure as many entries as users would
like.
Status
Start time: It shows the time when the connection is once established.
Log
System Log
There are three parts in System Log- Syslog, E-mail and Log Setting.
Syslog
Enable Syslog: If check the box, Syslog will be enabled.
Syslog Server: In addition to the standard event log, the QVM1000 can send a detailed
log to an external Syslog server. Syslog is an industry-standard protocol
used to capture information about network activity. QVM1000 Syslog
captures all log activities and includes every connection source and
destination IP address, IP service, and number of bytes transferred. Enter
the Syslog server name or IP address in the Syslog Server field. Restart
the QVM1000 for the change to take effect.
E-mail
Enable E-Mail Alert: If check the box, E-Mail Albert will be enabled.
Mail Server If you wish to have any log or alert information E-mailed to you, then you
must enter the name or numerical IP address of your SMTP server. Your
Internet Service Provider can provide you with this information.
Send E-mail To: This is the E-mail address to which your log files will be sent. You may
leave this field blank if you do not want to receive copies of your log
information.
Log Queue Length The default is 50 entries. QVM1000 will e-mail log when Log entries is
(entries): over 50.
Log Time Threshold The default is 10 minutes. QVM1000 will e-mail log every 10 minutes.
(minutes): QVM1000 will e-mail log when meet any one of Log Queue Length or Log
Time Threshold settings
E-mail Log Now: Click E-mail Log Now to immediately send the log to the address in the
Send E-mail to Filed.
Log Setting
Alert Log
By clicking on the check box located besides the items, users can add the specified alert logs to be
displayed in the System Log Table.
Syn Flooding: It will cause servers to stop responding to requests of opening new
connections with clients
IP Spoofing: It is used to gain unauthorized access to PCs.
Win Nuke: It will affect the Microsoft Window 95 operating system.
Ping of Death: It will generate crashes, auto reboot and cause damages to your
systems by sending a ping of a certain sizes from a remote
machine.
Unauthorized Login It will capture logs whenever an unsuccessful login attempt
Attempt: happens.
General Log
Check the following event boxes for receiving logs in the System Log Table, including System Error Messages, Deny
Policies, Allow Policies, Content Filtering, Data Inspection, Authorized Login, and Configuration Changes.
System Error Message: It will capture logs for various kinds of errors in the system, such
as incorrect settings and malfunctioning of features.
Deny Policies: It will capture logs when the router detects remote devices denied
from gaining access to itself with the method of matching the deny
policies.
Allow Policies: It will capture logs if the router detects any devices are allowed to
access it with the methods matching the allow policies
Configuration Changes It will capture logs when any router configurations are changed.
Authorized Login It will capture logs whenever a successful login attempt happens.
View System Log: Once you press this button, the new window will pop up the Log, and user can choose ALL,
System Log, Access Log, Firewall Log and VPN Log.
Outgoing Log Table: Once you press this button, the new window will pop up and show you the outgoing packet
information including LAN IP, Destination URL/IP and Service/Port number.
Incoming Log Table: Once you press this button, the new window will pop up and show you the incoming packet
information including Source IP and Destination Port number.
Clear Log Now: This button will clear out your log without E-mailing it. Only use this button if you don't mind losing
your log information.
System Statistics
QVM1000 is able to perform the system statistics includes the Device Name, Status, IP Address, MAC Address, Subnet
Mask, Default Gateway, DNS, Network Service Detection, Received Packets, Sent Packets, Total Packets, Received
Bytes, Sent Bytes, Total Bytes, Received Bytes/Sec, Sent Bytes/Sec, Error Packets Received and ,Dropped Packets
Received, Sessions, New Session/Sec Up, Upstream Bandwidth Usage(%), and Downstream Bandwidth Usage(%) for
Users can click Next page with underline to see the system statistics on next page or click Previous page to see the
system statistics on previous page when the number of WAN port is 3~4. Click on the Refresh button to update the
statistics.
Traffic Statistic:
There are six traffic information displayed in the Traffic Statistic page.
Inbound IP Service:
Outbound IP Service:
Inbound IP session:
In this table, it will display Source IP, Protocol, Source Port, Destination IP, Destination Port, bytes/sec, and
%.
Outbound IP Session:
In this table, it will display Source IP, Protocol, Source Port, Destination IP, Destination Port, bytes/sec, and
%.
The device provides functionality for uses to lookup specific IP/Port statue when massive down/updown files are shown
up. User can comply this with that in Traffic statistic together to find out some abnormal traffic.
The default is IP address. Enter IP address to search a specific IP with related information. When users select Port,
enter port number to search a specific port with related information. After clicking on search button, all related
information will shown in the bellow table, including Source IP, Protocol, Source Port, Interface(WAN), Destination IP,
Logout
The Logout button is located on the upper right corner of the Web Interface. This button will terminate the management
session and the Authentication window will be displayed. You will need to re-enter your User Name and Password to
login and continue to manage QVM1000.
5. Troubleshooting
6. FAQ