QVM1000

QVM1000 4WAN QoS VPN Management Router
QVM1000 QoS VPN Management Router

User Manual
第 1 頁，共 118 頁
Table of Contents
1. Introduction .................................................................................................................................................... 5
2. Main features:................................................................................................................................................. 7
3. How To Install QVM1000...............................................................................................................................11
Hardware...............................................................................................................11
QVM1000 Front Panel.........................................................................................11
LED Status ..........................................................................................................11
Reset Button........................................................................................................11
Replacing a Lithium Battery ..................................................................................12
Connecting the QVM1000 to your Network ...........................................................13
4. How To Manage QVM1000........................................................................................................................... 15
Login .....................................................................................................................15
Home.....................................................................................................................15
Port Statistics ........................................................................................................16
General Setting Status ..........................................................................................18
Advanced Setting Status .......................................................................................18
Firewall Setting Status...........................................................................................19
VPN Setting Status................................................................................................19
Log Setting Status: ................................................................................................20
General Setting .....................................................................................................20
Configure .............................................................................................................21
Multi WAN ...........................................................................................................27
Quality of Service (QoS)......................................................................................35
Password.............................................................................................................39
Time ....................................................................................................................40
Advanced Setting ..................................................................................................43
DMZ Host-(Demilitarized Zone) ...........................................................................43
Forwarding ..........................................................................................................43
UPnP ...................................................................................................................47
Routing ................................................................................................................48
One-to-One NAT .................................................................................................50
DDNS ..................................................................................................................52
MAC Clone ..........................................................................................................54
DHCP ..................................................................................................................55
第 2 頁，共 118 頁
Setup ...................................................................................................................55
Status ..................................................................................................................62
Tool .......................................................................................................................63
SNMP ..................................................................................................................63
Diagnostic............................................................................................................64
Restart.................................................................................................................65
Factory Default ....................................................................................................66
Firmware Upgrade...............................................................................................68
Setting Backup ....................................................................................................69
Port Management..................................................................................................70
Port Setup ...........................................................................................................70
Port Status...........................................................................................................71
Firewall..................................................................................................................72
General................................................................................................................72
Access Rules.......................................................................................................73
Content Filter .......................................................................................................77
VPN.......................................................................................................................80
Summary .............................................................................................................80
Add New Tunnel ..................................................................................................83
Gateway to Gateway ...........................................................................................83
Client to Gateway ................................................................................................91
PPTP .................................................................................................................102
VPN Pass Through............................................................................................103
QVM Server ........................................................................................................104
Setup...................................................................................................................104
Status ..................................................................................................................105
Log ......................................................................................................................106
System Log .......................................................................................................106
System Statistics ...............................................................................................109
Traffic Statistic: ..................................................................................................110
Traffic Statistic: ..................................................................................................112
Logout .................................................................................................................113
5. Troubleshooting ..........................................................................................................................................114
6. FAQ...............................................................................................................................................................114
7. Appendix A: VPN Configuration Sample ..................................................................................................114
第 3 頁，共 118 頁
Sample VPN Environment 1: Gateway to Gateway.............................................114

Sample VPN Environment 2: Gateway to Gateway.............................................115
Sample VPN Environment 3: Client to Gateway (Tunnel) ...................................116
Sample VPN Environment 4: Client to Gateway (GroupVPN) .............................117
第 4 頁，共 118 頁
1. Introduction
QVM1000 is an advanced SME level Firewall router with cost efficient superiority and high performance
features, In order to satisfy the needs of enterprise users, this product offers the feature of a 16-port
port-based QoS switch with the speed of 10/100 Mbps and the ability to connect to the Internet as well.
QVM1000 not only provides a DMZ port for firewall security but also four WAN ports with Intelligent
Banancer (Auto Mode), and IP Group by Users to enhance high quality network performance.
In order to accommodate the environment with high security integrated firewall functionality; QVM1000
has a built-in Intel IXP 425 CPU with 533 MHz to improve the network performance. The product provides
built-in advanced firewall with the speed up to 100 Mbps and IPsec VPN with DES/3DES/AES encryption.
The QVM1000’s VPN can establish 200 VPN connections and provide up to 70 Mbps performance with
3DES encryption. Therefore, QVM1000 can overtake the specification of high level products no matter in its
functionalities and practical use.
QVM1000 IPSec VPN can be used in the office, branch office or for remote user. This product provides
an secure encryption method, including 168 bit Data Encryption Standard (3DES), 56 bit Data Encryption
Standard (DES), 128/192/256 bit Data Encryption Standard(AES),and AH/ESP protocols. QVM1000 support
three types of VPN, Gateway To Gateway, Client To Gateway and Group VPN, for branch offices or remote
clients to transfer important data.
QVM1000 also provide an easier, simpler and faster functionality called QVM (Qno VPN management) to
establish virtual private tunnel. This feature also enhances the connection mechanism by providing the VPN
backup. Once one connection is disconnection, it will switch to the other connection to ensure the
connection is always connected.
QVM1000 has an advanced built-in Firewall and is capable of blocking most Internet attacks with Stateful
Packet Inspection (SPI), mainly working at the network layer. By executing dynamic inspections on each
connection, SPI has alert functions for application programs to preset automatic detections and deny and
block nonstandard protocol connections. QVM1000 also supports Network Address Translation (NAT) and
Routing making Internet environment and infrastructure more flexible and easier to plan and manage.
Content Filtering allows enterprises to make internal access rules. The Web-based UI can add and delete
the filtering list for administrators to choose what types of websites to allow, deny, record, or monitor. By
doing so, schools and enterprises can have specific Internet management strategies and make filtering
settings by themselves. With the thorough OS management kernel, QVM1000 provides diverse SysLog,
supports on-line management setting tools and the easy-to-understand Internet configurations, and
enhances the management of all security and VPN polices and other services.
第 5 頁，共 118 頁
QVM1000 can fully ensure the security of various types of branch offices and communications among
terminals and avoid the increasing stealth and sabotage of commercial secrets. Using the independent OS
console, end users without professional Internet knowledge can easily set up and configure the router and
configure and manage the QVM1000 Firewall through the Web browsers like IE or Netscape.
第 6 頁，共 118 頁
2. Main features:
Product Features
Network Connection:
One IP address to access the Internet over your entire network
WAN: DHCP client, static IP, PPPoE
DMZ: DHCP client, static IP, PPPoE
LAN: DHCP auto-assignment, Mac-assignment DHCP static IP, Static IP.
Multi-WAN
Intelligent Balancer (Auto Mode)
NSD for Intelligent Balancer and IP Group by Users
Classes of service (CoS) (IP Group by Users)
Protocol Binding
Quality of Service(QoS)
TCP/IP
DHCP Server(support class B),DHCP client, dynamic IP, static IP support
IP&MAC binding (support class B)
PPPoE
NAT with popular ALG support
NAT with port forwarding
NAT with port triggers
DNS Relay
ARP
ICMP
FTP/TFTP
Password protected configuration or management sessions for web access
Classes of service (CoS)
Port-based QoS
NTP Time Server
第 7 頁，共 118 頁
Routing protocol:
Dynamic routing RIP 1,RIP 2 , Static routing support
Gateway/ Routing Mode Support
Network management:
Comprehensive web based management and policy setting
SNMP v1/v2c support
Monitoring, Logging, Alarms of system activities
Supports filter capability (Service and IP)
Support Syslog & E-Mail Alert.
Firewall:
Stateful Packet Inspection Firewall
IP filtering; allows you to configure IP address filters
Port filtering; allows you to configure TCP/UDP port filters
Support Hardware DMZ to protect your network
Denial of Service (DoS) prevention Dos attack prevention
Support user defined Port No. for Remote management
Inappropriate URL command line filter
Set Internet accessing time schedule
Syn Flooding/IP Spoofing/Win Nuke/Ping Of Death

Block Website by Keyword
Allow Website by Domain Name
VPN:
Support IPSec VPN 3DES Throughput 70Mbps UP.
Support up to 200 VPN tunnels
Up to 2 Group VPNs support
Friendly VPN Tunnel Management
Support IKE : Pre-Shared keys
Support IPSec Encryption DES/3DES/AES
Support IPSec Authentication MD5/SHA1
Support PMTU Key management: IKE
Support DNS Resolve
第 8 頁，共 118 頁
Support DPD detection
Support PPTP server
Support VPN Pass-through
Other features:
Virtual Server –Port Forwarding.
Port-Triggering Support
Support Software DMZ.
UPnP Support
One to One NAT Support.
DDNS/3322/DtDNS Support
MAC Clone Change Support
Diagnostic with DNS Lookup & Ping.
Setting Backup with Import & Export.
Performance:
Firewall Throughput: 100Mbps
3DES 168bit VPN: Up to 70Mbps.
Hardware Spec:
CPU: Intel IXP425- 533MHz RISC
SDRAM :128Mbyte
Flash Memory: 16Mbyte
Ethernet Standards:
IEEE 802.3 10Base-T
IEEE 802.3u 100Base-TX
Ethernet Physical Interface:

WAN 1~4:Four 10/100Base-T/TX RJ-45 port
DMZ : One 10/100Base-T/TX RJ-45 port
LAN1~11: 11 Port 10/100Base-T/TX RJ-45 ports
One reset button for factory default setting
第 9 頁，共 118 頁
LED Display:
System: Power, DIAG
Speed, Link/Activity, WAN, Connect
Working Environment:
Operating Temperature: 00 ~ 450C (320 ~ 1130F)
Storage Temperature: -200 ~ 600C (-40 ~ 1400F)
Humidity: 0 ~ 90% non-condensing
Safety Certification:
EMI/EMC: FCC Class A
Dimension:
13” (L) x 9” (W) x 1.75” (H) Inch
Power Supply:
Internal: AC100~240V /50~60Hz
Installation Method:
Desktop
19” Rack- Mount Tools Kit
第 10 頁，共 118 頁
3. How To Install QVM1000

Hardware
QVM1000 Front Panel
LED Status
LED Color Description
Power Green Green On: Power On
Orange On: System not ready

DIAG Orange
Orange Off: System ready
Link/Act Green On: Ethernet Link

Green
Green Blinking: Activity
LAN 1~13
Speed Green On: 100Mbps
Green
Green Off: 10Mbps
Green On: Obtain IP address

Connect Green
Green Off: Not Active
Green On: Ethernet Link

WAN1~4/DMZ Link/ACT Green
Green Blinking: Activity
Green On: 100Mbps

Speed Green
Green Off: 10Mbps
Reset Button
Action Description
Warm Reset
Push button for 4 seconds
DIAG LED : Orange blinking slowly
Push button for 10 seconds Factory Default

DIAG LED : Orange blinking fast
第 11 頁，共 118 頁
Replacing a Lithium Battery

QVM1000 4WAN QoS VPN Management Router has a built-in time controlled battery, the lifetime of which is about one
to 2 years. When the battery is out of use or beyond the lifetime, QVM1000 can not correctly record the time or
synchronize the time of NTP time server on the Internet. Users need to contact with your vendor to replace a new
battery.
Setting up the Chassis
You can set the Router on a desktop, install it in a rack with attached brackets, or mount it on the wall.
Setting up the Chassis on a desktop or other flat secure surface.
Do not place excessive weight on top of the chassis that could damage the chassis.
Rack-Mounting the Chassis

The Router comes with two brackets and eight screws for mount with a 19-inch rack. The attached brackets are shown
as below.
After attaching those accessories to the router, users can rack-mount it, as shown bellow.
第 12 頁，共 118 頁
Connecting the QVM1000 to your Network

The figures bellow describes the integration of the QVM1000 4WAN QoS VPN Management Router into the network.
Figure 1: Multi-WAN
Figure 2: DMZ
The Router is a network device that connects two networks together.
Set up WAN connection: WAN port can be connected to an xDSL modem, hub, and switch or to a router.
第 13 頁，共 118 頁
Set up LAN connection: LAN port can be connected to a hub, switch or to a computer directly.
Set up DMZ port: it can be connected to the public servers, such as Web and Mail servers.
Connect the power cord into a power outlet and the power port on the rear panel of QVM1000, and QVM1000 runs a
series of self-diagnostic tests to check for proper operation.
第 14 頁，共 118 頁
4. How To Manage QVM1000

Login
Enter User Name and Password in the blank area, and then click ‘OK’ button.
The QVM1000 4WAN QoS VPN Management Router's default User Name and Password is ‘admin’ when you first power
up the Route. Users can change the settings later. We strongly recommend users to change the Password!!
Home
The Home screen displays the router’s current status and settings. This information is read only. If you click the button
with underline, it will hyperlink to related setup pages. It also shows the language version (English/Simple
Chinese). Click on the button and it will switch to the language version users choose. The button with green color
shows the current language version.
System Information
第 15 頁，共 118 頁
Serial Number:
It shows the serious number of QVM1000.
Firmware version:
It shows the current firmware version of QVM1000.
CPU:
It shows that the CPU for QVM1000 is Intel IXP425-533MHz.
DRAM:
It shows that the DRAM for QVM1000 is 128MB.
Flash:
It shows that the Flash for QVM1000 16MB.
System active time:

It shows the length of time in Days, Hours, and Minutes that QVM1000 is active.
Current time:
It shows current time. There is one thing that should be noticed. Users should correctly synchronize the time with a
remote NTP server and QVM1000 will show the exact time.
Port Statistics
Users can click the port number from port diagram to see the status of the selected port. Once the port is disabled, its
color will turn into red. In Summary table, it shows the setting of the port selected by users, such as Type, Link
Status(up or down), Port Disable(on or off), Priority (High or Normal), Speed Status(10Mbps or 100Mbps), Duplex
Status(half or full), and Auto negotiation(Enabled or disabled). In Statistics table, it shows the port receive/transmit
packet count/packet byte count and Port Packet Error Count of the selected port.
第 16 頁，共 118 頁
第 17 頁，共 118 頁
General Setting Status
LAN IP: It shows the current IP Address of the Router, as seen by internal users on the Internet, and hyperlinks to LAN
Setting in General Setting page. The default value is 192.168.1.1.
WAN1~4 IP: It shows the current WAN IP Address of the Router, as seen by external users on the Internet and
hyperlinks to WAN Connection type in General Setting page.
When users select Obtain an IP automatically and it shows two buttons, Release and Renew. Users can click Release
button to release the IP that users have already got and click Renew button to update the DHCP Lease Time or get a
new IP. When users select PPPoE or PPTP, and it shows Connect / Disconnect.
DMZ IP: It shows the current DMZ IP address, as seen by external users on the Internet and hyperlinks to DMZ Setting
in General Setting page.
Default Gateway: It shows the Default Gateway for WAN 1~4 ports.
DNS: It shows all DNS Server Addresses and hyperlinks to WAN Connection Type in General Setting page.
QoS: It shows the QoS used in WAN1~4 and hyperlinks to QoS in General Setting page.
Advanced Setting Status
DMZ Host: It shows DMZ Private Address and hyperlinks to DMZ Host in Advanced Setting page. The default is
disabled.
Working Mode: It shows the Gateway or Router Mode and hyperlinks to Dynamic Routing in Advanced Setting page.
第 18 頁，共 118 頁
The default is Gateway Mode
DDNS (WAN1~4): It shows the status (Enable / Disable) and hyperlinks to DDNS in Advanced Setting page. The
default is disabled.
Firewall Setting Status
SPI (Stateful Packet Inspection): It shows the status (On/Off) and hyperlinks to the General in Firewall page. The
default is On.
DoS (Denial of Service): It shows the status (On/Off) and hyperlinks to the General in Firewall page. The default is
On.
Block WAN Request: It shows the status (On/Off) and hyperlinks to the Block WAN Request in Firewall page. The
default is On.
Remote Management: It shows the status (On/Off) and hyperlinks to the remote Management in Firewall page. The
default is Off.
VPN Setting Status
VPN Summary: It contains related information of VPN functionalities and hyperlinks to VPN page
Tunnel(s) Used: It shows the number of Tunnels Used.
Tunnel(s) Available: It shows the number of Tunnels Available...
Current Connected (The Group Name of GroupVPN1) users: It shows the number of the Group VPN1 used currently.
Current Connected (The Group Name of GroupVPN2) users: It shows the number of the Group VPN2 used currently
If GroupVPN is disabled, it will show “No Group VPN was defined”.
PPTP server: It shows the status (Disabled/Enabled) of PPTP server and hyperlinks to PPTP page.
第 19 頁，共 118 頁
Log Setting Status:
E-Mail will hyperlink to System Log of Log page:
1. If you have not set up the mail server in Log page, it shows “E-mail cannot be sent because you have not specified
an outbound SMTP server address.”
2. If you have set up the mail server but the log has not been shown due to Log Queue Length and Log Time Threshold
settings, it shows “E-mail settings have been configured.”
3. If you have set up the mail server and the log has been sent to the mail server, it shows “E-mail settings have been
configured and sent out normally.”
4. If you have set up the mail server and log can not be sent to mail sever successfully, it shows “E-mail cannot be sent
out, probably use incorrect settings.”
General Setting
The General Setting screen contains all of the router’s basic setup functions. For most users, the default values for the
device should be satisfactory. The device can be used in most network settings without changing any of the values. Some
users will need to enter additional information in order to connect to the Internet through an ISP (Internet Service Provider)
or broadband (DSL, cable modem) carrier. Detailed settings will be shown as follows.
第 20 頁，共 118 頁
Configure
Configure
Host Name & Domain Name: Enter a host and domain name for the Router. Some ISPs (Internet Service
Providers) may require these names as identification, and these settings can be obtained from your ISP. In most cases,
leaving these fields blank will work.
LAN Setting
This is the Router’s LAN IP Address and Subnet Mask. The default value is 192.168.1.1 for IP address and
255.255.255.0 for the Subnet Mask. Click on Add/Edit button to setup up to 5 groups of Multiple Subnet.
第 21 頁，共 118 頁
LAN IP address: Enter LAN IP address
Subnet Mask: Enter Subnet Mask
Add to list: Add the rule to the list
Delete selected subnet: Delete users’ selected rule

Add New: Add a new rule
Save setting: Click on the Save setting button to save the settings.
Cancel changes: Click on the Cancel Changes button to undo the change.
Exit: Click on the Exit button to go back previous page.
第 22 頁，共 118 頁
WAN Setting
Please choose how Users can choose from 2~ 4 and the interface in the following table will be changed
many WAN ports you automatically according to your WAN number setting here.
prefer to use
Interface: It will display how many WAN ports are shown here. The default is four WAN
ports.
Connection Type There are four connection type shown as follows.
Obtain an IP automatically; Static IP; PPPoE (Point-to-Point Protocol over
Ethernet); PPTP (Point-to-Point Tunneling Protocol):
Config: Click on the Edit with underline in Config. Column to edit the WAN settings of the
selected WAN port. If users change the number of WAN ports and click Edit in the
Cofig. Column to edit the WAN connection, the confirm message will show. Users
have to save settings for the change or cancel the settings. Make sure the network
configuration match with the settings. It shows “Undefined” in Connection Type if
users have not edited the WAN settings of the selected WAN port.
WAN Connection Type:
Obtain an IP automatically: If your ISP is running a DHCP server, select Obtain an IP automatically option. Your ISP
will assign these values, includes DNS Server automatically. Or users can check the box of Use the Following DNS
Server Addresses, and enter the specific DNS Server IP address. Multiple DNS IP Settings are common. In most cases,
the first available DNS entry is used.
第 23 頁，共 118 頁
Use the Following DNS Enter the specific DNS Server IP.
Server Address:
Domain Name Server (DNS): Enter the specific DNS IP address. Please enter at least one specific
DNS IP address.
Static IP:
If users’ local ISP provides some specific IP address, select Static IP. Users can get this information from local ISP.
Please enter related settings in the following table.
Notes: Some ISP will provide one static IP address by DHCP server or PPPoE connection. Although users can get
the same IP address, users should still choose appropriate WAN connection type!
Specify WAN IP Address: Enter the specific IP address provided by ISP.
Subnet Mask: Enter the specific Subnet Mask by ISP. For example:
Subnet Mask with eight static IP address:255.255.255.248

Subnet Mask with sixteen static IP address:255.255.255.248
Default Gateway IP Address: Enter the specific Gateway IP address by ISP. If ADSL is used, It will
be the IP address of ATU-R.
第 24 頁，共 118 頁
Domain Name Server (DNS): Enter the specific DNS IP address. Please enter at least one specific
DNS IP address.
PPPoE (Point-to-Point Protocol over Ethernet):

This connection type will be used for ADSL. Please enter the User Name and Password provided by ISP and then
connect to the Internet through QVM1000. If users have already the PPPoE dial-up software provided by ISP, please
remove it.
User Name: Enter the User Name provided by ISP.
Password: Enter the Password by ISP.
Connect-on-demand: If users select Connect on Demand option, the PPPoE connection

will be disconnected particularly when it has been idle for a period
longer than the Max Idle Time. The default is 5 Minutes.
Keep Alive: If you select Keep Alive option, the Router will keep the connection
alive by sending out a few data packets at Redial Period, so your
Internet service thinks that the connection is still alive. The default is
30 seconds.
PPTP (Point-to-Point Tunneling Protocol):
This connection type will be used for PPTP. Enter the User Name and Password and then connect to the Internet through
QVM1000. (This connection type is most used in Europe).
第 25 頁，共 118 頁
Specify WAN IP Address: Enter the specific WAN IP address provided by ISP.
Subnet Mask: Enter Subnet Mask.
Default Gateway Address: Enter the specific Gateway IP address by ISP. If ADSL is used, it will
be the IP address of ATU-R.
User Name: Enter the User Name.
Password: Enter the Password.
Connect-on-demand: If users select Connect on Demand option, the PPPoE connection

will be disconnected particularly when it has been idle for a period
longer than the Max Idle Time. The default is 5 Minutes.
Keep Alive: If you select Keep Alive option, the Router will keep the connection
alive by sending out a few data packets at Redial Period, so your
Internet service thinks that the connection is still alive. The default is
30 seconds.
DMZ Setting
In order to allow such services, QVM1000 comes with a special DMZ port which is used for setting up public servers.
The DMZ sits between the local network and the Internet. Servers on the DMZ are publicly accessible, but they are
protected from attacks such as SYN Flooding. Use of the DMZ port is optional, it may be left unconnected.
Using the DMZ is preferred and, if practical, a strongly recommended alternative to Public LAN Servers or putting these
servers on the WAN port where they are not protected and not accessible by users on the LAN
Each of the servers on the DMZ will need a unique, publishable Internet IP address. The Internet Service Provider used
to connect the network to the Internet should be able to provide these addresses, as well as information on setting up
public Internet servers.
第 26 頁，共 118 頁
Interface: It shows the DMZ interface.
IP Address: It shows the static DMZ IP address. The default is Zero.
Config. Click on the Edit with underline in Config. Column to edit the DMZ settings.
Specify DMZ IP Address: Enter the DMZ IP Address.
Subnet Mask: Enter the Subnet Mask.
Click the Apply button to save the network settings or click the Cancel button to undo your changes.
Multi WAN
There are three functions provided for users – Intelligent Balancer (Auto Mode), IP Group (By Users), and IP balance.

All WAN ports will be Auto Mode. QVM1000 will compute automatically the maximum Bandwidth of all WAN ports by
using Weighted Round Robin to balance the traffic.
第 27 頁，共 118 頁
Mode: Click on the Intelligent Balancer (Auto Mode)
Interface Setting: Users can choose the selected interface to do the further settings.
Interface: It will display how many WAN ports are shown here. The default is four
WAN ports.
Mode: In Intelligent Balancer (Auto Mode), it will show auto which means that
QVM1000 will automatically calculate the maximum Bandwidth of all WAN
ports.
Config.: Click on the Edit with underline in Config. Column to do the further settings.
Apply: Click the Apply button to save the settings.
Cancel: Click the Cancel button to undo the change.
第 28 頁，共 118 頁
Interface: The WAN port number that users are editing is shown here.
The Max. Bandwidth Enter The Max. Bandwidth of Upstream and Downstream for WAN1 ~
provided by ISP: WAN4 provided by ISP. It is between 0~100 Mbits.
Network Services This tool can detect the network connection status of ISP by pinging Default
Detection: Gateway, ISP Host, Remote Host, and DNS Lookup Host. If you check this
Detection, you have to choose at least one option from the following four
items.
Retry Count: The count of ping. The default is 5. If there is no response during the retry
count setting, the network connection is down.
Retry Timeout: The interval between two ping actions. The default is 30 seconds. If there is
no response during the retry timeout setting, the network connection is
down.
When Fail Generate the Error Condition in the System Log: The Router will generate
the System Log when ping fails to inform users that the ISP connection is
disconnected.
Remove the Connection: This WAN Interface will be suspended when the
network connection to ISP is not active. The traffic on this WAN will be
dispatched to the other WAN port. Once ISP returns to connect, the traffic
will be dispatched back.
Default Gateway: To ping the default gateway in the LAN. For example, the IP address of the
ADSL Router.
ISP Host: To ping the remote IP address of ISP. For example, DNS IP address of ISP
Remote Host: To ping URL. For example, www.yahoo.com.
DNS Lookup Host: To Ping DNS IP address.
第 29 頁，共 118 頁
Protocol Binding
This device supports the Protocol Binding functionality. It allows users to specify the internal IP or/and Service going
through the specified WAN port.
Service: Users can choose the Service from the drop-down menu (ex: all traffic
(TCP&UDP) is 1-65535, www is 80(80~80).Or click the service
management to add new Service. The default Service is SMTP.
Source IP: Users can specify the internal IP to go through the specific WAN port. If
users need the Service Binding only, entering zero in Source IP field is
suggested.
Destination IP: Users can specify the specific Service from the internal Source IP to
Destination IP going through the specific WAN port, and enter the
Destination IP. If users need the Service Binding only, entering zero in
Source and Destination IP field is suggested.
Enable: Users can click on the box to enable this Protocol Binding rule.
Add to list: Click Add to list button to add the Protocol Binding rule to list, and users
can set up to 30 rules
Delete selected Click Delete selected application button to delete the selected rule.
application:
Back: Click on the Back button to the previous page.
Apply: Click on the Apply button to save the settings.
Cancel: Click on the Cancel button to undo the change.
If the Service you need is not listed in menu, please click the Service Management button to add new Service and enter
the Protocol and Port Range. Then click the Save Setting button. It is described as follows:
第 30 頁，共 118 頁
Service Management:
Services Name: Enter the name that you want the Internet users to access. For example,
Edonky.
Protocol: Enter the protocol. The default is TCP protocol.
Port Range: Enter the port range of the protocol. For example, HTTP is 80(80~80).
Add to List: Click the Add to List button, and configure as many entries as you would
like.
Delete Selected Services: Delete the selected entry.
Apply: Click the Apply button to save the settings
Cancel: Click the Cancel button to undo the changes.
Exit: Exit the service management
第 31 頁，共 118 頁
IP Group (By Users)

IP Group (By Users) enables the administrator to define traffic into different priority levels or classes of service (CoS). It can ensure
the bandwidth and higher priority for the specific IP or important users, and the IP Group users do not need to share the bandwidth
with lower classification users who are with Intelligent Balancer mode. If specified IP group users have chosen services, the rest of
services will be dispatched into other WAN ports.
This port (WAN1) always uses Intelligent Balancer (Auto Mode): QVM1000 reserves at least one WAN port for non- IP Group
Users and WAN1 will always use Intelligent Balancer mode.
Mode: Users choose the IP Group (By Users) mode.
Interface Setting: Users can choose the selected interface to do the further settings.
Interface: It will display how many WAN ports are shown here. The default is four
WAN ports.
Mode: It shows the result after settings. After users configure further settings, the
mode will show “Dispatched by user”. If not, the mode will show
“Dispatched by system”. However, QVM1000 reserves at least one WAN
port for non- IP Group Users and WAN1 will always use Intelligent Balancer
mode. The WAN1 mode will always be “Dispatched by system”.
第 32 頁，共 118 頁
Config.: Click on the Edit with underline in Config. Column to do the further settings.
Apply: Click the Apply button to save the settings.
Cancel: Click the Cancel button to undo the change.
If users want to change the Mode from Intelligent Balancer (Auto Mode) to IP Group (By users) to edit the interface, the confirm
message will be shown. Users have to save settings for the change before edit the interface.
Interface: Users choose the IP Group (By Users) mode.
The Max. Bandwidth Users can choose the selected interface to do the further settings.
provided by ISP::
Network Service The explanation here is the same as Multi-WAN. Users can see the details
detection in Multi-WAN.
第 33 頁，共 118 頁
IP Group IP Group (By Users) enables the administrator to define traffic into different
priority levels or classes of service (CoS).
Services: Users can choose the Service from the drop-down menu (ex: all traffic
management to add new Service.
Services Management: Add or delete new entries in the service Management.
Source IP: Users can define specific LAN IP address to transfer packets through the
selected WAN port. For example, enter LAN IP address from 192.168.1.150
to 200. If Users do not use it, please enter zero.
Destination IP User can define WAN IP address to transfer packets to the destination. For
example, enter WAN IP 210.11.1.1. If Users do not use it, please enter
zero.
Enable: Users can click on the box to enable this rule.
Delete selected Delete the selected entry.

application :
Add New: Re-configure a new rule.
Back: Click on the Back button to the previous page.
Apply: Click the Apply button to save the Password settings
IP Balance
All WAN ports will be IP balance Mode. QVM1000 will equally distribute new IP addresses to each WAN port.
第 34 頁，共 118 頁
Quality of Service (QoS)

QVM1000 provides QoS for users to transmit packets through WAN ports. QoS includes tow two types of functionality.
One of the functionality is Rate Control for guarantee/ minimum bandwidth and maximum bandwidth; the other of
functionality is priority for different services. Users can only choose one of the functionality.
Rate Control
QVM1000 provides specific service and IP address to transfer sensitive data through WAN ports with guarantee bandwidth.
第 35 頁，共 118 頁
The Maximum Users can enter Upstream/Downstream bandwidth and those settings will update
Bandwidth provided simultaneously in Multi WAN page.
by ISP:
Type: Click on the rate Control.
Interface: Click on the square box to apply the rule to the WAN port users choose.
Service: Users can choose the Service from the drop-down menu (ex: all traffic
(TCP&UDP) is 1-65535, www is 80(80~80).Or click the service management
to add new Service. The default is SMTP.
第 36 頁，共 118 頁
Services Management: Add or delete new entries in the service Management
IP: Enter the IP address.
Direction: Select Uplink (for outbound Traffic) or downlink (for inbound traffic) from the
pull-down menu. If users would like to download data, please choose the
downlink from the pull-down menu.
Minimum Rate (Min. Enter the guarantee/minimum bandwidth. For example, enter 200 in the
square box and the device will guarantee 200kbit/Sec for the specific service
Rate):
Maximum Rate (Max. Enter the Maximum bandwidth. For example, enter 700 in the square box
and the specific service will not exceed 700kbit/Sec.
Rate):
Bandwidth Sharing: Select Share total bandwidth with all IP addresses if mini/Max. Rate
users configure is used for all IP addresses. Select Assign bandwidth for
each IP address if Mini/Max. Rate users configure is used for separate IP
addresses.
Enable: If users click on the square box, the settings will be enabled. Otherwise,
users are only adding the services to the list but not enabling them.
Add to List: Click this icon and configure as many entities as you like. The maximum
entry is 100. The settings of the last rule will be applied first when QoS is
enabled. The applied ordering of rules is from bottom to top. Therefore, if
some settings of the last rule are overlapped with those of the previous rule,
the last rule will be dominant.
Delete Selected Delete the selected entry.

Services:
Show Tables: Click the Show Tables button and it will show the rules that are configured
on the list of QoS. Users can search and configure the rules more easily on
this page. The default is by interface and the ordering of settings will show
according to the order of WAN port. Users can click on Rule and all the
ordering of settings will show based on service.
Apply Click the Apply button to save the Password settings
Cancel Click the Cancel button to undo the changes.
Priority
QVM1000 provides specific service transferring sensitive data through WAN ports with three different types of priorities. They are
high, middle, and low priorities. The default is middle priority.
第 37 頁，共 118 頁
The Maximum Users can enter Upstream/Downstream bandwidth and those settings will update
Bandwidth provided simultaneously in Multi WAN page.
by ISP:
Type: Click on the Priority.
Interface: Click on the square box to apply the rule to the WAN port users choose.
(TCP&UDP) is 1-65535, www is 80(80~80).Or click the service management
to add new Service. The default is SMTP.
第 38 頁，共 118 頁
Direction: Select Uplink (for outbound Traffic) or downlink (for inbound traffic) from the
pull-down menu. If users would like to download data, please choose the
downlink from the pull-down menu.
Priority: Users can just select two levels of priority, including high (60%), Low (10%).
Services in the high priority list will share 60% of total system bandwidth,
and the low priority list will share 10% of total bandwidth. Services that are
not included in the list will share the middle priority (30%).
Add to List: Click this icon and configure as many entities as you like. The maximum
entry is 50. The settings of the last rule will be applied first when QoS is
enabled. The applied ordering of rules is from bottom to top. Therefore, if
some settings of the last rule are overlapped with those of the previous rule,
the last rule will be dominant.
Enable: If users click on the square box, the settings will be enabled. Otherwise,
users are only adding the services to the list but not enabling them.

application:
on the list of QoS. Users can search and configure the rules more easily on
this page. The default is by interface and the ordering of settings will show
according to the order of WAN port. Users can click on Rule and the
ordering of settings will show based on service.
Password
The Router's default password is “admin”, and it is strongly recommended that you change the Router's password. After
users set up password, please remember to click on the apply button to save the settings.
第 39 頁，共 118 頁
User Name: The default is admin.
Old Password: Enter an original password.
New Password: Enter a new password.
Confirm New Password: Re-enter the password for confirmation.
Time
QVM1000 uses the time settings to time stamp log events, to automatically update the Content Filter List, and for other
internal purposes. Set the local time using Network Time Protocol (NTP) automatically or manually. The setting will help
users correctly understanding when the events happed, access rule is denied or enabled.
Automatically:
Select the Time Zone and enter the Daylight Saving and NTP Server. The default Time Zone is Greenwich Mean Time.
第 40 頁，共 118 頁
Manually:
Enter the Hours, Minutes, Seconds, Month, Day and Year.
第 41 頁，共 118 頁
Click the Apply button to save the Time settings or click the Cancel button to undo the changes.
第 42 頁，共 118 頁
Advanced Setting
DMZ Host-(Demilitarized Zone)
The DMZ (Demilitarized Zone) Host feature allows one local user to be exposed to the Internet to use a
special-purpose service such as Internet gaming and video-conferencing.
Enter the DMZ Private IP Address to access DMZ Host settings. The Default value zero (0) will deactivate DMZ Host.
Click the Apply button to save the DMZ Host setting or click the Cancel button to undo the changes.
Forwarding
Port forwarding can be used to set up public services on your network. When users from the Internet make certain
requests on your network, the Router can forward those requests to computers equipped to handle the requests. If, for
example, you set the port number 80 (HTTP) to be forwarded to IP Address 192.168.1.50, then all HTTP requests
from outside users will be forwarded to 192.168.1.50.
You may use this function to establish a Web server or FTP server via an IP Gateway. Be sure that you enter a valid
第 43 頁，共 118 頁
IP Address. (You may need to establish a static IP address in order to properly run an Internet server.) For added
security, Internet users will be able to communicate with the server, but they will not actually be connected. The
packets will simply be forwarded through the Router.
management to add new Service.
IP Address: Please enter internal IP address in the LAN. For example, 192.168.1.100.
Enable: Users can click on the box to enable this Port Range Forwarding rule.
Service Management: Add or delete new entries in the service Management
like.
If the Service you need is not listed in menu, please click the Service Management button to add new Service and enter
the Protocol and Port Range. Then click the Save Setting button. It is described as follows:
Service Management:
Edonky.
第 44 頁，共 118 頁
like.
Exit: Exit the service management
Port Triggering
第 45 頁，共 118 頁
Some Internet applications or games use alternate ports to communicate between server and LAN host. When you
want to use those applications, enter the triggering (outgoing) port and alternate incoming port in this table. The
Router will forward the incoming packets to the LAN host.
Application name: Enter the specific application name.
Trigger Port Range: Enter the outgoing port numbers. For example, 9000~10000)
Incoming Port Range: Enter the incoming port number from the Internet. For example,
2004~2005.
like.

Application:
Show Tables: Click the Show Tables to see the details of settings.
There are common applications and port numbers used in the Port Triggering.
Application Outgoing Control Incoming Data

Battle.net 6112 6112
DialPad 7175 51200, 51201,51210
ICU II 2019 2000-2038, 2050-2051
2069, 2085,3010-3030
MSN Gaming Zone 47624 2300-2400, 28800-29000
第 46 頁，共 118 頁
UPnP
UPnP (Universal Plug and Play) forwarding can be used to set up public services on your network. Windows XP can
modify those entries via UPnP when UPnP function is enabled by selecting” Yes”.
Services: Users can choose the Service from the drop-down menu (ex: www is
80(80~80), FTP is 21(21~21).Or click the service management to add new
Service.
IP Address: Please enter internal IP address in the LAN. For example, 192.168.1.100.
Enable: Users can click on the box to enable this UPnP rule.
like.

Show Tables: Click the Show Tables to see the details of settings.
第 47 頁，共 118 頁
Routing
Dynamic Routing
The Router's dynamic routing feature can be used to automatically adjust to physical changes in the network's layout.
The Router uses the dynamic RIP protocol. It determines the route that the network packets take based on the fewest
number of hops between the source and the destination. The RIP protocol regularly broadcasts routing information to
other routers on the network.
Working Mode: Select Gateway mode if your Router is hosting your network’s connection
to the Internet. Select Router mode if the Router exists on a network with
other routers, including a separate network gateway that handles the
Internet connection.
RIP: The Router, using the RIP protocol, calculates the most efficient route for
the network’s data packets to travel between the source and the
destination, based upon the shortest paths.
Transmit RIP Version: Choose the TX protocol you want for transmitting data on the network.
(None, RIPv1, RIPv2-Broadcast, RIPv2-Multicast)
Receive RIP Version: Choose the RX protocol you want for receiving data from the network.
(None, RIPv1, RIPv2, Both RIPv1 and v2).
Show Routing Table: It will show the latest routing table
Static Routing
You will need to configure Static Routing if there are multiple routers installed on your network. The static routing
function determines the path that data follows over your network before and after it passes through the Router. You can
第 48 頁，共 118 頁
use static routing to allow different IP domain users to access the Internet through this device. This is an advanced
feature. Please proceed with caution.
This Router is also capable of dynamic routing (see the Dynamic Routing tab). In many cases, it is better to use
dynamic routing because the function will allow the Router to automatically adjust to physical changes in the network's
layout. In order to use static routing, the Router's DHCP settings must be disabled.
To set up static routing, you should add routing entries in the Router's table that tells the device where to send all
incoming packets. All of your network routers should direct the default route entry to this Router.
Select Route entry: Enter the static routing table. Users can choose up to 30 entries.
Delete this entry Delete a selected routing table.
Destination IP and Subnet Enter the remote IP address and subnet Mask. For example,
Mask: 192.168.2.0/255.255.255.0
Default Gateway: Enter the default gateway for the static routing. For example, 192.168.2.1.
Hop Count: This value gives the number of nodes that a data packet passes through
before reaching its destination. A node is any device on the network, such
as switches, PCs, etc. The default is one and the max. is fifteen.
Interface Interface tells you whether your network is on the LAN or the WAN, or the
Internet. If you’re connecting to a sub-network, select LAN. If you’re
connecting to another network through the Internet, select WAN.
Delete Selected IP: Delete a selected routing table.
第 49 頁，共 118 頁
Show Routing Table: It shows the latest routing table.
One-to-One NAT
When users apply for 8 static IP addresses, QVM1000 will use one Public IP address, and one public IP address will
be used for ATU-R. There will be four public IP addresses left. Left four public IP addresses will be correspondent to
four private IP addresses.
Method:
When users choose some internet games which do not support some application in the LAN, users can use
one-to-one NAT to solve this problem.
For example: If you have 5 public IP addresses, 210.11.1.1~6, 210.11.1.1 has been used for WAN IP address,
there are still four public IP addresses for one-to-NAT settings described as follows:
210.11.1.4 Æ　 192.168.1.3
210.11.1.5Æ　 192.168.1.4
210.11.1.6Æ　 192.168.1.5
210.11.1.7Æ　 192.168.1.6
Note: QVM1000 WAN IP address (WAN IP -NAT Public) can not be included in this setting.
第 50 頁，共 118 頁
One-to-One NAT: If you check the box, One-to-One NAT will be enabled.
Private Range Begin: Enter the beginning IP address of the private address range being
mapped in the Private Range Begin field. This will be the IP address of the
first machine being made accessible from the Internet.
Public Range Begin: Enter the beginning IP address of the public address range being mapped
in the Public Range Begin field. This address assigned by the ISP.
QVM1000 Router’s WAN IP (NAT Public) Address may not be included in
the range.
Range Length: Enter the number of IP addresses for the range. The range length may not
exceed the number of valid IP address. Up to 64 ranges may be added.
To map a single address, use a Range Length of 1.
like.
Delete selected range: Delete the selected entry.
Note: One-to-One NAT does change the way the firewall functions work. Access to machines on the LAN from the
Internet will be allowed, and the local IP will be exposed to the internet unless Network Access Rules are set. You can
click Add to List button or Delete selected range.
第 51 頁，共 118 頁
DDNS
DNS (Dynamic DNS) service allows you to assign a fixed domain name to a dynamic WAN IP address. This allows you
to host your own Web, FTP or other type of TCP/IP server in your LAN.
Before configuring DDNS, you need to visit www.dyndns.org or www.3322.org and register a domain name.
The table shown above is according to the number of WAN port settings on General Setting or Port Management page.
Click Edit with underline in the Config. Column to edit DDNS of selected WAN port.
第 52 頁，共 118 頁
Interface: The WAN port users choose to do the further settings.
DDNS Service: Users can choose three types of DDNS,Disable,DDNS.org and 3322.org.
Username: Enter the registered username from DDNS.
Password: Enter the registered Password from DDNS.
Host Name: Enter the Host Name of DDNS. For example:abc.dyndns.org
Internet IP Address The Router's current Internet IP Address is displayed here. Because it is
dynamic, this will change.
Status: When you finish entering the Username, Password and Host Name, click
the Save Settings button, and the Status will be updated. It will
show "DDNS is updated successfully" once DDNS is updated
successfully. If it shows "The hostname does not exist", "Username is not
correct", "Hostname is not correct", please make sure you enter the
correct information of the account you set up with DynDNS.org.
Back: Click on the Back button to the previous page
第 53 頁，共 118 頁
MAC Clone
Some ISPs require that you register a MAC address. This "clones" your network adapter's MAC address onto the
Cable/DSL Firewall Router, and prevents you from having to call your ISP to change the registered MAC address to the
Cable/DSL Firewall Router's MAC address. The Cable/DSL Firewall Router's MAC address is a 12-digit code assigned
to a unique piece of hardware for identification, like a social security number.
The table shown above is according to your number of WAN port settings on General Setting or Port Management page.
Click Edit in the Config. Column to edit MAC Clone of selected WAN port.
第 54 頁，共 118 頁
Interface: The WAN port users choose to do the further settings.
User Defined WAN1 MAC Enter the MAC address defined by users.
Address:
MAC Address From this Enter the MAC address of this PC.
PC:
Back: Click on the Back button to the previous page
DHCP
Setup
The Router can be used as a DHCP (Dynamic Host Configuration Protocol) server on your network. A DHCP server
assigns available IP addresses to each computer on your network automatically. If you choose to enable the DHCP
server option, you must configure all of the PCs on your LAN to connect to a DHCP server
第 55 頁，共 118 頁
Enable DHCP Server

Check the box to enable the DHCP Server. If you already have a DHCP server on your network, leave the box blank.
Dynamic IP
Client Lease Time: This is the lease time assigned if the computer (DHCP client) requests
one. The range is 5 ~ 43,200 Minutes.
Range Start: Enter a starting IP address. The default is 100.
Range End: Enter the ending IP address. The default is 149.
IP & MAC binding
QVM1000 provides the feature of IP&MAC binding which will check the packet whether it is with correct MAC and/or IP
address on the list or not. If the packet is not with correct MAC and/or IP address, the packet will be blocked by
QVM1000.
There are some situations here to describe how to use IP&MAC binding.
First, Users enter static IP address in the Static IP Address and one PC’s MAC address in the MAC address. At the
same time, users configure to get IP address automatically in this PC. After these settings, this PC will be assigned with
the Static IP address by QVM1000 and use this IP address to transit packets through QVM1000.
Second, Users enter static IP address in the Static IP Address and one PC’s MAC address in the MAC address. At the
same time, users configure the same static IP address in one PC as it is in the static IP Address. Therefore, the PC will
use this static IP address to transit packets through QVM1000.
第 56 頁，共 118 頁
Third, Users enter static IP address, 0.0.0.0, in the Static IP Address and one PC’s MAC address in the MAC address.
No matter IP address of this PC is static IP or dynamic IP address, users can transit packets through QVM1000.
Fourth, if the packet is with the correct MAC address but with wrong IP address that is not on the list, users can also
click the square box in front of Block MAC address on the list with wrong IP address to block the packet.
Fifth, users can also block MAC address that is not included on the list. Please click the square box in front of Block
MAC address not on the list to enable this function.
Finally, if users do not need some of the functions, please do not click the square box.
Static IP Address: Please enter static IP address. Users can enter 0.0.0.0 of IP address in the
blank. It will be dispatched and get IP address by DHCP server.
MAC address: Please enter static MAC address.
第 57 頁，共 118 頁
Enable: Click on the square box to enable this rule.
Block MAC address on Please click the square box to enable this function if users would like to block
the list with wrong IP the traffic that includes the MAC address on the list but do not user the exact
address: IP address for this MAC on the list.
Block MAC address Please click the square box to enable this function if users would like to block
not on the list: the traffic that includes the wrong MAC on the list.
Show new IP user Click Show new IP user button and it will show real time’s all new IP
addresses with corresponding MAC addresses. If some rules are already on
the Add to list, the IP addresses of these rules will not be shown on IP&MAC
binding list. Users can transfer all IP/MAC information to Add to list table after
this rule is enabled.
Click check box in the column of Enable to enable this rule. Click Select All
button to enable all the rules; click Refresh button to update the latest IP/MAC
information; click Apply button and all enabled rules will be transferred to Add
to list table; Click Close button to close this page. Users can also type 12
alphabet characters in the Name column for users easily to remember.
DNS Server
You can assign the DNS server(s) to the DHCP clients. This is optional, and the Router will use these for quicker
access to functioning DNS service.

DNS Server (Required)1 Enter the IP address of DNS Server. The default is zero.
2 Enter the IP address of DNS Server. The default is zero.
第 58 頁，共 118 頁
WINS
Windows Internet Naming Service (WINS) is a service that resolves NetBIOS names to IP addresses. The WINS is
assigned if the computer (DHCP client) requests one. If you do not know the WINS, leave it as 0.
WIN Server: Enter the IP address of WIN Server. The default is Zero.
on the list of IP&MAC binding. Users can search and configure the rules
more easily on this page.
Disable DHCP Server
If the Router's DHCP server function is disabled, you have to carefully configure the IP address, Mask, and DNS settings
of every computer on your network. Be careful not to assign the same IP Address to different computers.
第 59 頁，共 118 頁
IP & MAC binding
QVM1000 also provides the feature of IP&MAC binding which will check the packet whether it is with correct MAC and/or
IP address on the list or not. If the packet is not with correct MAC and/or IP address, the packet will be blocked by
QVM1000.
There are some situations here to describe how to use IP&MAC binding
First, Users enter static IP address in the Static IP Address and one PC’s MAC address in the MAC address. At the
same time, users configure the same static IP address in one PC as it is in the static IP Address. Therefore, the PC will
use this static IP address to transit packets through QVM1000.
Second, Users enter static IP address, 0.0.0.0, in the Static IP Address and one PC’s MAC address in the MAC address.
At the same time, users configure the static IP address in one PC. Therefore, users can transit packets through
QVM1000 with the IP address.
Third, if the packet is with the correct MAC address but with wrong IP address that is not on the list, users can also click
the square box in front of Block MAC address on the list with wrong IP address to block the packet.
Fourth, users can also block MAC address that is not included on the list. Please click on the square box in front of Block
MAC address not on the list to enable this function.
Finally, if users do not need some of the functions, please do not click the square box.
Static IP Address: Please enter static IP address. Users can enter 0.0.0.0 IP address in the
black. It will be dispatched and get IP address by DHCP server.
MAC address: Please enter static MAC address.
Enable: Click on the square box to enable this rule.
Block MAC address on Please click the square box to enable this function if users would like to
the list with wrong IP block the traffic that includes the MAC address on the list but do not user
address: the exact IP address for this MAC on the list.
Block MAC address not Please click the square box to enable this function if users would like to
on the list: block the traffic that includes the wrong MAC on the list.
第 60 頁，共 118 頁
on the list of IP&MAC binding. Users can search and configure the rules
more easily on this page. The default is by interface and the ordering of
settings will show according to the order of WAN port. Users can click on
Rule and all the ordering of settings will show based on service.
Show new IP user Click Show new IP user button and it will show real time’s all new IP
addresses with corresponding MAC addresses. If some rules are already
on the Add to list, the IP addresses of these rules will not be shown on
IP&MAC binding list. Users can transfer all IP/MAC information to Add to
list table after this rule is enabled.
Click check box in the column of Enable to enable this rule. Click Select All
button to enable all the rules; click Refresh button to update the latest
IP/MAC information; click Apply button and all enabled rules will be
transferred to Add to list table; Click Close button to close this page. Users
can also type 12 alphabet characters in the Name column for users easily
to remember.
第 61 頁，共 118 頁
Status
The status table shows the status and record as a reference for network manager. It is described as follows.
DHCP Server: The current IP address of DHCP server.
Dynamic IP Used: It show how many dynamic IP released by DHCP Server.
Static IP Used: It show how many static IP released by DHCP Server.
DHCP Available: It shows how many IP address left that can be released by DHCP server.
Total: It shows how many IP addresses that can be released by DHCP server.
Client Host Name: The name of one computer which get one IP address from DHCP server.
IP Address: The IP address of one computer which get one IP address from DHCP
server.
MAC Address: The MAC address of one computer which get one IP address from DHCP
server.
Leased Time: This is the lease time assigned if the computer (DHCP client) requests
one.
Delete: Delete the selected record.
第 62 頁，共 118 頁
Tool
SNMP
Simple Network Management Protocol is a network protocol that provides network administrators with the ability to
monitor the status of the QVM1000 and receive notification of any critical events as they occur on the network. The
QVM1000 supports SNMP v1/v2c and all relevant Management Information Base II (MIBII) groups. The appliance
replies to SNMP Get commands for MIBII via any interface and supports a custom MIB for generating trap messages.
Enable SNMP: SNMP is enabled by default. To disable the SNMP agent, leave the box
blank.
System Name: Enter the name of this router. For example,QVM1000
System Contact: Enter the name of the network administrator, For example, John.
System Location: The network administrator's contact information is placed into this field.
Type in an E-mail address, telephone number, or pager number.
Get Community Name: Create a name for a group or community of administrators who can view
SNMP data. The default value is "Public".
Set Community Name: Create a name for a group or community of administrators who can
receive SNMP traps. A name must be entered. The default is private.
第 63 頁，共 118 頁
Trap Community Name: Enter the Trap Community Name, which is the password sent with each
trap to the SNMP manager.
Send SNMP Trap to: Enter the IP or Domain Name in this filed and QVM1000 will send traps to.
Delete: Click the Cancel button to undo the changes.
Diagnostic
QVM1000 has two built-in tools, DNS Name Lookup and Ping, which will help with trouble shooting network problems.
DNS Name Lookup

Enter the host name to lookup in the Look up the name field, for example, www.abc.com, and click the Go button. Do
not add the prefix http://; otherwise the result will be Address Resolving Failed. QVM1000 will then query the DNS
server and display the result at the bottom of the screen.
Ping
第 64 頁，共 118 頁
The Ping test bounces a packet off a machine on the Internet back to the sender. This test shows if QVM1000 is able
to contact the remote host. If users on the LAN are having problems accessing services on the Internet, try pinging the
DNS server, or other machine at the ISP’s location. If this test is successful, try pinging devices outside the ISP. This
will show if the problem lies with the ISP’s connection.
Restart
第 65 頁，共 118 頁
The recommended method of restarting your QVM1000 is to use this "Restart" tool. Restarting with this button will send
out your log file before the box is reset.
Factory Default
第 66 頁，共 118 頁
The "Factory Default" button can be used to clear all of your configuration information and restore QVM1000 to its
factory state. Only use this feature if you wish to discard all other configuration preferences.
第 67 頁，共 118 頁
Firmware Upgrade
Firmware Upgrade
Users can use the following download function to download the new version of firmware into computer in advance, and
then select the file. Finally, click the Firmware Upgrade Right Now button. Pease take a look at the warning messages
during the firmware upgrade process.
第 68 頁，共 118 頁
Setting Backup
Import Configuration File:

You will need to specify where your preferences file is located. When you click "Browse", your browser will bring up a
dialog which will allow you to select a file which you had previously saved using the "Export Settings" button. After you
have selected the file, click the "Import" button. This process may take up to a minute. You will then need to restart
your QVM1000 in order for the changes to take effect.
Export Configuration File:

When you click the "Export" button, your browser will bring up a dialog asking you where you would like to store your
preferences file. This file will be called "config.exp" by default, but you may rename it if you wish. This process may take
up to a minute.
第 69 頁，共 118 頁
Port Management
In this router, users can choose the number of WAN ports and configure the connection status for each port, such as
Priority, Speed, Duplex, and Auto-Negotiation.
Port Setup
Basic Per Port Config.

Port ID: It shows the sequence of every interface.
Interface: There are LAN1~LAN 11, WAN1~WAN4, and DMZ .The interface shown
here will be changed automatically according to your number of WAN port
setting.
Port Disable: Check the box, the port will be disabled. It is a per-port setting. The default
is enabled.
Priority: Select High or Normal for Port-based QoS (Quality of Service). QoS is
used to maximize a network’s performance and this setting allows you to
prioritize performance on eight LAN ports.
第 70 頁，共 118 頁
Speed: Users can manually configure the per-port speed as 10Mbps or 100Mbps.
Duplex: Users can manually configure the per-port duplex as half-duplex or

full-duplex.
Auto-negotiation: If enable this function, every port can be set as auto-negotiation. Users
will not need to set up speed and duplex.
Delete: Click the Cancel button to undo the changes.
Port Status
Users can choose the port number from pull down menu to see the status of the selected port, shown as follows.
In Summary table, it will show the setting for the port selected by users, such as Type, Link Status(up or down), Port
Activity (on or off), Priority (High or Normal), Speed Status(10Mbps or 100Mbps), Duplex Status(half or full), and Auto
negotiation(on or off).
In Statistics table, it will show the port receive/transmit packet count/packet byte count and Port Packet Error Count
of the selected port. Click Refresh button to refresh the port status.
第 71 頁，共 118 頁
Firewall
General
From the Firewall Tab, you can configure the Router to deny or allow specific internal users from accessing the Internet.
You can also configure the Router to deny or allow specific Internet users from accessing the internal servers. You can
set up different packet filters for different users that are located on internal (LAN) side or external (WAN) side based on
their IP addresses or their network Port number.
Firewall: The default is enabled. If users disable the Firewall function, SPI, DoS,
Block WAN Request will be disabled, Remote Management will be
enabled and Access Rules and Content Filter will be disabled.
SPI(Stateful Packet The Router's Firewall uses Stateful Packet Inspection to maintain
connection information that passes through the firewall. It will inspect all
Inspection): packets based on the established connection, prior to passing the packets
for processing through a higher protocol layer.
DoS(Denial of Service): Protect internal networks from Internet attacks, such as SYN Flooding,
Smurf, LAND, Ping of Death, IP Spoofing and reassembly attacks.
Block WAN Request: This feature is designed to prevent attacks through the Internet. When it is
第 72 頁，共 118 頁
enabled, the Router will drop both the unaccepted TCP request and ICMP
packets from the WAN side. The hacker will not find the Router if he tries
to ping the WAN IP address. If DMZ is enabled, this function will be
disabled.
Remote Management: This Router supports remote management. If you want to manage this
Router through the WAN connection, you have to 'Enable' this option.
Users can enter port number for remote management, and the default is
80.
Multicast Pass Through: IP Multicasting occurs when a single data transmission is sent to multiple
recipients at the same time. Using this feature, the Router allows IP
multicast packets to be forwarded to the appropriate computers.
MTU(Maximum This feature specifies the largest packet size permitted for network
Transmission Unit): transmission. It is recommended that you enable this feature, and the
default of MTU size is 1500 bytes.
Access Rules
Network Access Rules evaluate network traffic's Source IP address, Destination IP address, and IP protocol type to
decide if the IP traffic is allowed to pass through the firewall.
The ability to define Network Access Rules is a very powerful tool. Using custom rules, it is possible to disable all
firewall protection or block all access to the Internet. Use extreme caution when creating or deleting Network Access
Rules.
QVM1000 has the following Default Rules.
* All traffic from the LAN to the WAN is allowed.

* All traffic from the WAN to the LAN is denied.
* All traffic from the LAN to the DMZ is allowed.
* All traffic from the DMZ to the LAN is denied.
* All traffic from the WAN to the DMZ is allowed.
* All traffic from the DMZ to the WAN is allowed.
Custom rules can be created to override the above QVM1000 default rules, but there are four additional default rules
that will be always active, and custom rule can not override the four rules.
* HTTP service from LAN side to QVM1000 is always allowed. (For the use of managing QVM1000)
* DHCP service from LAN side is always allowed. (For the use of getting IP address from QVM1000 automatically)
* DNS service from LAN side is always allowed. (For the use of resolving DNS)
* Ping service from LAN side to QVM1000 is always allowed. (For the use of detecting the connection)
第 73 頁，共 118 頁
Besides the Default Rules, all configured Network Access Rules are listed in the table, and you can choose the Priority
for each custom rule. Click the Edit button to edit the rule, and click the Trash Can icon to delete the rule.
Click Add New Rule button to add new Access Rules, or click the Restore to Default Rules button to restore to the
default rules, and all custom rules will be deleted.
Add a new Rule
第 74 頁，共 118 頁
Services: Users can evaluate network traffic's Source IP address, Destination IP address,
and IP protocol type to decide if the IP traffic is allowed to pass through the
firewall.
Action: Select the Allow or Deny button depending on the intent of the rule.
Service: Select the service from the drop-down menu.
Service Management: Add or delete new entries in the service Management If the service you
need is not listed in the menu, click the Service Management button to
add new Service. Enter Service Name, Protocol and Prot Range, and click
Add to list and Save Setting.
Log: Users can select Log packet to match this rule or Not log.
Source Interface: Select the Source Interface (LAN, WAN1~4, DMZ, Any) from the
pull-down menu.
Source IP: Select Any, Single or Range, and enter IP Address for single and range.
Destination IP: Select Any, Single or Range, and enter IP Address for single and range.
Scheduling: Decide when users will enforce this rule. There are two types of
scheduling: always and from.
Apply this rule (time Select the time range and the day of the week for this rule to be enforced.
parameter): The default condition for any new rule is always to enforce.
第 75 頁，共 118 頁
Services Management:
Edonky.
like.
Exit: Click on the Exit button to exit the service management.
第 76 頁，共 118 頁
Content Filter
Block Forbidden When the Block Forbidden Domains check box is selected, QVM1000
Domains: will forbid web access to sites on the Forbidden Domains list.
Add: Add the rule. For examp,www.playboy.com
like.
Delete Selected Domain: Delete the selected entry.
第 77 頁，共 118 頁
Website Blocking by When the Website Blocking by keyword button check box is selected,
Keyword FVR9208 will forbid web access to sites on the website blocking list.
Add: Enter keyword
like.
Delete Selected Keyword: Delete the selected entry.
Scheduling
The Time of Day feature allows you to define specific times when Content Filtering is enforced. For example, you could
configure QVM1000 to filter employee Internet access during normal business hours, but allow unrestricted access at
night and on weekends.
Apply this rule:
第 78 頁，共 118 頁
Time parameter: Always: When selected, Content Filtering is enforced at all times.
…From….: When selected, Content Filtering is enforced during the time

and days specified. Enter the time period in 24-hour format, and select the
day of the week that Content Filtering is enforced.
Day: Click on each square button to enforce the rule.
第 79 頁，共 118 頁
VPN
Summary
The VPN Summary displays the Summary, Tunnel Status and GroupVPN Status.
Summary:
It shows the number of Tunnel(s) Used and Tunnel(s) Available. QVM1000 supports up to 200 tunnels.
Detail: lick the Detail button to see the detail of VPN Summary as below, and users can use the tools on the top to save,
export or print the details of VPN Summary.
第 80 頁，共 118 頁
Tunnel Status:
Add New Tunnel:

QVM1000 can add Gateway to Gateway Tunnel or add Client to Gateway Tunnel
Gateway to Gateway:
The following figure illustrates the Gateway to Gateway tunnel, a tunnel created between two VPN Routers. When click
“Add Now”, it will show Gateway to Gateway page.
Client to Gateway:
The following figure illustrates the Client to Gateway tunnel, a tunnel created between the VPN Router and the Client
user using VPN client software that supports IPSec. When click “Add Now”, it will show Client to Gateway page.
第 81 頁，共 118 頁
We will describe the Tunnel Status of VPN tunnels as follows.

Page: Previous page, You can click Previous page and Next page button to jump to the tunnel that
Next page, Jump to you want to see. You can also enter the page number into “Jump to page”
page / pages and entries directly and choose the item number that you want to see per page (3, 5,
per page 10, 20, All).
Tunnel No: It shows the used Tunnel No. 1~200, and the tunnels defined in GroupVPN
are also included.
Status: It shows Connected, Hostname Resolution Failed, Resolving Hostname or
Waiting for Connection. If users select Manual in IPSec Setup page, the
Status will show Manual and no Tunnel Test function for Manual Keying
Mode.
Name: It shows the Tunnel Name that you enter in Gateway to Gateway page,
Client to Gateway page or Group ID Name.
Phase2 It shows the Encryption (DES/3DES), Authentication (MD5/SHA1) and
Encrypt/Auth/Group: Group (1/2/5) that you chose in IPSec Setup field. If you chose Manual
mode, there will be no Phase 2 DH Group, and it will show the Encryption
and Authentication method that you set up in Manual mode.
Local Group: It shows the IP and subnet of Local Group.
Remote Group: It shows the IP and subnet of Remote Group.
Remote Gateway: It shows the IP of Remote Gateway.
Tunnel Test: Click the Connect button to verify the tunnel status. The test result will be
updated in Status.
Configure: Edit and Delete : If you click Edit button, it will link to the original setup
page. You can change the settings. If you click , all settings of this tunnel
will be deleted, and this tunnel will be available.
Tunnel(s) Enable and It shows the number of Tunnel(s) Enabled and Tunnel(s) Defined. The
Tunnel(s) Defined: number of Tunnel Enabled may be fewer than the number of Tunnel
Defined once the Defined Tunnels are disabled.
GroupVPN Status:
If you did not enable GroupVPN, it will be blank in GroupVPN Status.
第 82 頁，共 118 頁
Group ID Name: It shows the name you enter in Add new client to gateway tunnel page.
Connected Tunnels: It shows the number of connected tunnels.
Phase2 It shows the Encryption (DES/3DES), Authentication (MD5/SHA1) and

Encrypt/Auth/Group: Group (1/2/5) that you chose in IPSec Setup field.
Local Group: It shows the IP address and Subnet of Local Group you set up.
Remote Client: It shows the number of Remote Client of this GroupVPN.
Remote Clients Status: If you click the Detail List button, it shows the details of Group Name, IP
address and Connection Time of this Group VPN.
Tunnel Test: Click the Connect button to verify the tunnel status. The test result will be
updated in Status.
Config: Edit and Delete : If you click Edit button, it will link to the original setup
page, and you can change the settings. If you click , all settings of this
tunnel will be deleted, and this tunnel will be available.
Add New Tunnel

Gateway to Gateway
By setting this page, users can add the new tunnel between two VPN devices.
Tunnel No.: The tunnel number will be generated automatically from 1~200.
Interface: You can select the Interface from the pull-down menu. When Multi WAN is
enabled, there will be four two options. (WAN1~WAN4). The options of
WAN ports will be generated by WAN port number settings on General
Setting or Port Management page.
Tunnel Name: Enter the Tunnel Name, such as LA Office, Branch Site, Corporate Site, etc.
This is to allow you to identify multiple tunnels and does not have to match
the name used at the other end of the tunnel.
Enable: Check the box to enable VPN. The default is enabled.
第 83 頁，共 118 頁
第 84 頁，共 118 頁
Local Group Setup: The settings of Local Group Setup should match with the settings of the Remote Group setup in
the other end of tunnel.
Local Security Gateway There are five types.

Type: IP Only
IP + Domain Name (FQDN) Authentication,
IP + E-mail Addr. (USER FQDN) Authentication,
Dynamic IP + Domain Name (FQDN) Authentication,
Dynamic IP + E-mail Addr. (USER FQDN) Authentication.
(1) IP Only: If you select IP Only, only the specific IP Address will be able to
access the tunnel. The WAN IP of QVM1000 will come out in this filed
automatically, and you don’t need to enter.
(2) IP + Domain Name (FQDN) Authentication: If you select this type,

enter the FQDN (Fully Qualified Domain Name), and IP address will
come out automatically. The FQDN is the host name and domain name
for a specific computer on the Internet, for example,
vpn.myvpnserver.com. The IP and FQDN must be same with the
Remote Security Gateway type of the remote VPN device, and the
same IP and FQDN can be only for one tunnel connection.
(3) IP + E-mail Addr. (USER FQDN) Authentication: If you select this

type, enter the E-mail address, and IP address will come out
automatically.
(4) Dynamic IP + Domain Name (FQDN) Authentication: If the Local

Security Gateway is with a dynamic IP, you can select this type. When
the Remote Security Gateway requests to create a tunnel with
QVM1000, and QVM1000 will work as a responder. If you select this
type, just enter the Domain Name for Authentication, and the Domain
Name must be same with the Remote Security Gateway of the remote
VPN device. The same Domain Name can be only for one tunnel
connection, and users cannot use the same Domain Name to create a
new tunnel connection.
(5) Dynamic IP + E-mail Addr. (USER FQDN) Authentication: If the Local

第 85 頁，共 118 頁
type, just enter the E-mail address for Authentication.
Local Security Group Select the local LAN user(s) behind the router that can use this VPN tunnel.
Type Local Security Group Type may be a single IP address and a Subnet
(1)IP Address
If you select IP Address, only the computer with the specific IP Address
that you enter will be able to access the tunnel. The default IP is
192.168.1.0.
(2)Subnet
If you select Subnet (which is the default), this will allow all computers on
the local subnet to access the tunnel. Enter the IP Address and the Subnet
Mask. The default IP is 192.168.1.0, and default Subnet Mask is
255.255.255.192.
Remote Group Setup: The settings of Remote Group Setup should match with the settings of the Local Group of
VPN device in the other end of tunnel.
Remote Security There are five types.

Gateway Type: IP Only
IP + E-mail Addr. (USER FQDN) Authentication,
Dynamic IP + Domain Name (FQDN) Authentication,
(1) IP Only: If you select IP Only, only the specific IP Address that you enter
will be able to access the tunnel. It’s the IP Address of the remote VPN
Router or device which you wish to communicate. The remote VPN
device can be another VPN Router or a VPN Server. If you know the
static IP address of remote VPN device, select IP address from
drop-down menu. If you don’t know the static IP address of remote VPN
device, but the domain name of remote VPN device is known, you can
select IP by DNS Resolved, and enter the real domain name on the
Internet. QVM1000 will get the IP address of remote VPN device by DNS
Resolved, and IP address of remote VPN device will be displayed on
VPN Status of Summary page.
第 86 頁，共 118 頁

enter the FQDN (Fully Qualified Domain Name) and IP address of the
VPN device at the other end of the tunnel. If you know the static IP
address of remote VPN device, select IP address from drop-down menu.
If you don’t know the static IP address of remote VPN device, but the
domain name of remote VPN device is known, you can select IP by DNS
Resolved, and enter the real domain name on the Internet. QVM1000 will
get the IP address of remote VPN device by DNS Resolved, and IP
address of remote VPN device will be displayed on VPN Status of
Summary page. Then, enter the Domain Name as an ID; it can be not a
real domain name on Internet. The IP and Domain Name ID must be
same with the Local Gateway of the remote VPN device, and the same
IP and Domain Name ID can be only for one tunnel connection.
(3) IP + E-mail Addr. (USER FQDN) Authentication: If you know the static
IP address of remote VPN device, select IP address from drop-down
menu. If you don’t know the static IP address of remote VPN device, but
the domain name of remote VPN device is known, you can select IP by
DNS Resolved, and enter the real domain name on the Internet.
QVM1000 will get the IP address of remote VPN device by DNS
VPN Status of Summary page. Then, enter the E-mail Address as an ID.
(4) Dynamic IP + Domain Name (FQDN) Authentication: If you select this

type, the Remote Security Gateway will be a dynamic IP, so you don’t
need to enter the IP address. When the Remote Security Gateway
requests to create a tunnel with QVM1000, and QVM1000 will work as a
第 87 頁，共 118 頁
responder. If you select this type, just enter the Domain Name for
Authentication, and the Domain Name must be same with the Local
Gateway of the remote VPN device. The same Domain Name can be
only for one tunnel connection, and users cannot use the same Domain
Name to create a new tunnel connection.
(5) Dynamic IP + E-mail Addr. (USER FQDN) Authentication: If you

select this type, the Remote Security Gateway will be a dynamic IP, so
you don’t need to enter the IP address. When the Remote Security
Gateway requests to create a tunnel with QVM1000, and the QVM1000
will work as a responder. If you select this type, just enter the E-mail
address for Authentication.
Remote Security Group Select the Remote Security Group that behind the above Remote Gateway
Type: Type you chose that can use this VPN tunnel. Remote Security Group Type
may be a single IP address and a Subnet
(1)IP Address
If you select IP Address, only the remote computer with the specific IP
Address that you enter will be able to access the tunnel.
.
(2)Subnet
If you select Subnet (which is the default), this will allow all computers
on the remote subnet to access the tunnel. Enter the remote IP Address
and the Subnet Mask. The default Subnet Mask is 255.255.255.0.
IPSec Setup
In order for any encryption to occur, the two ends of the tunnel must agree on the type of encryption and the way the
data will be decrypted. This is done by sharing a “key” to the encryption code. There are two Keying Modes of key
management, Manual and IKE with Preshared Key (automatic).
If you select Manual, it allows you to generate the key yourself, and no key negotiation is needed. Basically, manual key
management is used in small static environments or for troubleshooting purposes. Both sides must use the same Key
Management method.
第 88 頁，共 118 頁
Key Management: There are two Keying Modes of key management, Manual and IKE with
Preshared Key (automatic).
IKE with Preshared Key (automatic): IKE is an Internet Key Exchange

protocol that used to negotiate key material for SA (Security Association).
IKE uses the Pre-shared Key field to authenticate the remote IKE peer. If
PFS is enabled, IKE Phase 2 negotiation will generate a new key material
for IP traffic encryption and authentication. If PFS (Perfect Forward
Secrecy) is enabled, a hacker using brute force to break encryption keys is
not able to obtain other or future IPSec keys.
Phase1/Phase2 DH Group:
There are three groups of different prime key lengths. Group1 is 768 bits,
Group2 is 1,024 bits and Group 5 is 1,536 bits.
Phase1/Phase2 Encryption:
This is used to create one or more IPSec SAs, which are then used to key
IPSec sessions. There are two methods of encryption, DES and 3DES. The
Encryption method determines the length of the key used to encrypt/decrypt
ESP packets. DES is 56-bit encryption and 3DES is 168-bit encryption. Both
sides must use the same Encryption method.
Phase1/Phase2 Authentication:
There are two methods of authentication, MD5 and SHA. The
Authentication method determines a method to authenticate the ESP
packets. Both sides must use the same Authentication method.
Phase1 SA Lifetime This field allows you to configure the length of time a
VPN tunnel is active in Phase 1. The default value is 28,800 seconds.
第 89 頁，共 118 頁
Manual: If you select Manual, it allows you to generate the key yourself, and
no key negotiation is needed.
Incoming &outgoing SPI: SPI is carried in the ESP (Encapsulating

Security Payload Protocol) header and enables the receiver and sender to
select the SA, under which a packet should be processed. The hexadecimal
value is acceptable, and the valid range is 100~ffffffff. Each tunnel must
have a unique Inbound SPI and Outbound SPI. No two tunnels share the
same SPI. The Incoming SPI here must match the Outgoing SPI value at
the other end of the tunnel, and vice versa
Encryption Key: This field specifies a key used to encrypt and decrypt IP
traffic, and the Encryption Key is generated yourself. The hexadecimal
value is acceptable in this field. Both sides must use the same Encryption
Key. If DES is selected, the Encryption Key is 16-bit. If users do not fill up to
16-bit, this filed will be filled up to 16-bit automatically by 0. If 3DES is
selected, the Encryption Key is 48-bit. If users do not fill up to 48-bit, this
filed will be filled up to 48-bit automatically by 0.
Authentication Key: This field specifies a key used to authenticate IP

traffic and the Authentication Key is generated by users. The hexadecimal
value is acceptable in this field. Both sides must use the same
Authentication key. If MD5 is selected, the Authentication Key is 32-bit. If
users do not fill up to 32-bit, this filed will be filled up to 32-bit automatically
by 0. If SHA1 is selected, the Authentication Key is 40-bit. If users do not fill
up to 40-bit, this filed will be filled up to 40-bit automatically by 0.
Advanced-IKE with preshared key only

Advanced settings are Advance Mode
only for IKE with
Preshared Key mode of
IPSec.
There are two types of Phase 1 exchanges: Main mode and Aggressive
mode. Aggressive Mode requires half of the main mode messages to be
exchanged in Phase 1 of the SA exchange. If network security is preferred,
select Main mode. When users select the Dynamic IP in Remote Security
第 90 頁，共 118 頁
Gateway Type, it will be limited as Aggressive Mode.
Compress:
QVM1000 supports IP Payload compression Protocol. IP Payload
Compression is a protocol to reduce the size of IP datagrams. If Compress is
enabled, QVM1000 will propose compression when initiating a connection. If
the responders reject this propose, QVM1000 will not implement the
compression. When QVM1000 works as a responder, QVM1000 will always
accept compression even without enabling compression.
Keep-Alive:
This mechanism helps to keep up the connection of IPSec tunnels.
Whenever a connection is dropped and detected, it will be re-established
immediately.
AH Hash Algorithm:
AH (Authentication Header) protocol describe the packet format and the
default standards for packet structure. With the use of AH as the security
protocol, protected is extended forward into IP header to verify the integrity of
the entire packet by use of portions of the original IP header in the hashing
process. There are two algorithms, MD5 and SHA1. MD5 produces a 128-bit
digest to authenticate packet data and SHA1 produces a 160-bit digest to
authenticate packet data. Both sides of tunnel should use the same
algorithm.
NetBIOS Broadcast:
Check the box to enable NetBIOS traffic to pass through the VPN tunnel. By
default, the Router blocks these broadcasts.
Dead Peer Detection(DPD):
When DPD is enabled, QVM1000 will send the periodic HELLO/ACK
messages to prove the tunnel liveliness when both peers of a VPN tunnel
provide DPD mechanism. Once a dead peer is detected, QVM1000 will
disconnect the tunnel so the connection can be re-established. The Interval
is the number of seconds between DPD messages. The default is DPD
enabled, and default Interval is 10 seconds.
Client to Gateway
By setting this page, you can create a new tunnel between Local VPN device and mobile user.
You can select Tunnel to create tunnel for single mobile user, or select Group VPN to create tunnels for multiple VPN
clients. Group VPN feature facilitates the setup and it’s not necessary to individually configure remote VPN clients.
In Tunnel condition
Tunnel No.: The tunnel no. will be generated automatically from 1~200.
第 91 頁，共 118 頁
Tunnel Name: Once the tunnel is enabled, enter the Tunnel Name field. Such as, Sales
Name. This is to allow you to identify multiple tunnels and does not have to
match the name used at the other end of the tunnel.
Enable: Check the box to enable VPN. The default is enabled.
Local Group Setup: The Settings of Local Security Gateway Type should match with the
Remote Security Gateway Type of VPN devices in the other end of tunnel.
Local Security Gateway There are five types.
Type: IP Only
IP + Domain Name (FQDN) Authentication
IP + E-mail Addr. (USER FQDN) Authentication
Dynamic IP + Domain Name (FQDN) Authentication
(1) IP Only: If you select IP Only, only the specific IP Address will be able to
access the tunnel. The WAN IP of QVM1000 will come out in this filed
automatically, and you don’t need to enter.

enter the FQDN (Fully Qualified Domain Name), and IP address will
come out automatically. The FQDN is the host name and domain name
for a specific computer on the Internet, for example,
vpn.myvpnserver.com. The IP and FQDN must be same with the
Remote Security Gateway type of the remote VPN device, and the
same IP and FQDN can be only for one tunnel connection.
(3) IP + E-mail Addr. (USER FQDN) Authentication: If you select this

type, enter the E-mail address, and IP address will come out
automatically.
(4) Dynamic IP + Domain Name (FQDN) Authentication: If the Local

type, just enter the Domain Name for Authentication, and the Domain
第 92 頁，共 118 頁
Name must be same with the Remote Security Gateway of the remote
VPN device. The same Domain Name can be only for one tunnel
connection, and users cannot use the same Domain Name to create a
new tunnel connection.
(5) Dynamic IP + E-mail Addr. (USER FQDN) Authentication: If the Local

type, just enter the E-mail address for Authentication.
Local Security Group Select the local LAN user(s) behind the router that can use this VPN tunnel.
Type Local Security Group Type may be a single IP address and a Subnet
(1)IP Address
If you select IP Address, only the computer with the specific IP Address
that you enter will be able to access the tunnel. The default IP is
192.168.1.0.
(2)Subnet
If you select Subnet (which is the default), this will allow all computers on
the local subnet to access the tunnel. Enter the IP Address and the Subnet
Mask. The default IP is 192.168.1.0, and default Subnet Mask is
255.255.255.192.
Remote Client Setup: The type of Remote Security Gateway should match with the Local Security Gateway Type of
VPN devices in the other end of tunnel
Remote Client: There are five types.
IP Only
IP + E-mail Addr. (USER FQDN) Authentication
Dynamic IP + Domain Name (FQDN) Authentication
(1) IP Only: If you select IP Only, only the specific IP Address that you
enter will be able to access the tunnel. It’s the IP Address of the remote
VPN Router or device which you wish to communicate. The remote VPN
device can be another VPN Router or a VPN Server. If you know the
static IP address of remote VPN device, select IP address from
第 93 頁，共 118 頁
drop-down menu. If you don’t know the static IP address of remote VPN
device, but the domain name of remote VPN device is known, you can
select IP by DNS Resolved, and enter the real domain name on the
Internet. QVM1000 will get the IP address of remote VPN device by DNS
VPN Status of Summary page.

enter the FQDN (Fully Qualified Domain Name) and IP address of the
VPN device at the other end of the tunnel. If you know the static IP
address of remote VPN device, select IP address from drop-down menu.
If you don’t know the static IP address of remote VPN device, but the
domain name of remote VPN device is known, you can select IP by DNS
Resolved, and enter the real domain name on the Internet. QVM1000 will
get the IP address of remote VPN device by DNS Resolved, and IP
address of remote VPN device will be displayed on VPN Status of
Summary page. Then, enter the Domain Name as an ID; it can be not a
real domain name on Internet. The IP and Domain Name ID must be
same with the Local Gateway of the remote VPN device, and the same
IP and Domain Name ID can be only for one tunnel connection.
(3) IP + E-mail Addr. (USER FQDN) Authentication: If you know the static
IP address of remote VPN device, select IP address from drop-down
menu. If you don’t know the static IP address of remote VPN device, but
the domain name of remote VPN device is known, you can select IP by
DNS Resolved, and enter the real domain name on the Internet.
QVM1000 will get the IP address of remote VPN device by DNS
VPN Status of Summary page. Then, enter the E-mail Address as an ID.
第 94 頁，共 118 頁
(4) Dynamic IP + Domain Name (FQDN) Authentication: If you select this

type, the Remote Security Gateway will be a dynamic IP, so you don’t
need to enter the IP address. When the Remote Security Gateway
requests to create a tunnel with QVM1000, and QVM1000 will work as
a responder. If you select this type, just enter the Domain Name for
Authentication, and the Domain Name must be same with the Local
Gateway of the remote VPN device. The same Domain Name can be
only for one tunnel connection, and users cannot use the same
Domain Name to create a new tunnel connection.
(5) Dynamic IP + E-mail Addr. (USER FQDN) Authentication: If you

select this type, the Remote Security Gateway will be a dynamic IP, so
you don’t need to enter the IP address. When the Remote Security
Gateway requests to create a tunnel with QVM1000, and the
QVM1000 will work as a responder. If you select this type, just enter
the E-mail address for Authentication.
IPSec Setup
management, Manual and IKE with Preshared Key (automatic).
If you select Manual, it allows you to generate the key yourself, and no key negotiation is needed. Basically, manual key
management is used in small static environments or for troubleshooting purposes. Both sides must use the same Key
Management method.
第 95 頁，共 118 頁
Key Management: There are two Keying Modes of key management, Manual and IKE with
Preshared Key (automatic).

PFS is enabled, IKE Phase 2 negotiation will generate a new key material
for IP traffic encryption and authentication. If PFS (Perfect Forward
Secrecy) is enabled, a hacker using brute force to break encryption keys is
not able to obtain other or future IPSec keys.
Manual
第 96 頁，共 118 頁
Manual: If you select Manual, it allows you to generate the key yourself, and
no key negotiation is needed.
Incoming &outgoing SPI: SPI is carried in the ESP (Encapsulating

Security Payload Protocol) header and enables the receiver and sender to
select the SA, under which a packet should be processed. The hexadecimal
value is acceptable, and the valid range is 100~ffffffff. Each tunnel must
have a unique Inbound SPI and Outbound SPI. No two tunnels share the
same SPI. The Incoming SPI here must match the Outgoing SPI value at
the other end of the tunnel, and vice versa
Encryption Key: This field specifies a key used to encrypt and decrypt IP
traffic, and the Encryption Key is generated yourself. The hexadecimal
value is acceptable in this field. Both sides must use the same Encryption
Key. If DES is selected, the Encryption Key is 16-bit. If users do not fill up to
16-bit, this filed will be filled up to 16-bit automatically by 0. If 3DES is
selected, the Encryption Key is 48-bit. If users do not fill up to 48-bit, this
filed will be filled up to 48-bit automatically by 0.
Authentication Key: This field specifies a key used to authenticate IP

traffic and the Authentication Key is generated by users. The hexadecimal
value is acceptable in this field. Both sides must use the same
Authentication key. If MD5 is selected, the Authentication Key is 32-bit. If
users do not fill up to 32-bit, this filed will be filled up to 32-bit automatically
by 0. If SHA1 is selected, the Authentication Key is 40-bit. If users do not fill
up to 40-bit, this filed will be filled up to 40-bit automatically by 0.
Advanced- IKE Preshared Key Only

Advanced settings are Advance Mode
only for IKE with
IPSec.
select Main mode. When users select the Dynamic IP in Remote Security
第 97 頁，共 118 頁
Gateway Type, it will be limited as Aggressive Mode.
Compress:
Keep-Alive:
immediately.
AH Hash Algorithm:
algorithm.
NetBIOS Broadcast:
Dead Peer Detection(DPD):
When DPD is enabled, QVM1000 will send the periodic HELLO/ACK
messages to prove the tunnel liveliness when both peers of a VPN tunnel
provide DPD mechanism. Once a dead peer is detected, QVM1000 will
disconnect the tunnel so the connection can be re-established. The Interval
is the number of seconds between DPD messages. The default is DPD
enabled, and default Interval is 10 seconds.
In Group VPN Condition:
Group No.: The group no. will be generated automatically from 1~2. Two GroupVPNs
are supported by QVM1000.
Group Name: Enter the Group ID Name. Such as, American Sales Group.
Enable: Check the box to enable GroupVPN. The default is enabled.
第 98 頁，共 118 頁
Local Group Setup: Select the local LAN user(s) behind the router that can use this VPN tunnel.
Local Security Group Type may be a single IP address, a Subnet. The Local
Local Security Group Secure Group must match Remote VPN Client’s Remote Secure Group.
Type: (1)IP Address
If you select IP Address, only the computer with the specific IP Address that
you enter will be able to access the tunnel. The default IP is 192.168.1.0.
(2)Subnet
If you select Subnet (which is the default), this will allow all computers
on the local subnet to access the tunnel. Enter the IP Address and the
Subnet Mask. The default IP is 192.168.1.0, and default Subnet Mask
is 255.255.255.192.
Remote Client Setup:

Remote Client: There are three types of Remote Client
Domain Name(FQDN)
E-mail Address(USER FQDN)
Microsoft XP/2000 VPN Client
(1) Domain Name(FQDN):

If you select FQDN, enter the FQDN of the Remote Client. When the
Remote Client requests to create a tunnel with QVM1000, and QVM1000
will work as a responder. The Domain Name must match with the local
settings of remote client
(2) E-mail Addr.(USER FQDN):

If you chose this type of settings, only enter your email address to
connect the tunnel.
第 99 頁，共 118 頁
(3) Microsoft XP/2000 VPN Client:
This option is used for Dynamic IP users which use Microsoft VPN client.
The difference between Microsoft and other VPN client is that Microsoft
client does not support Aggressive mode and FQDN/USER FQDN ID
options.
IPSec Setup
management, Manual and IKE with Preshared Key (automatic). If GroupVPN is enabled, the key management will
be IKE with Preshared Key only.
Key Management: IKE with Preshared Key (automatic)

PFS (Perfect Forward Secrecy) is enabled, IKE Phase 2 negotiation will
generate a new key material for IP traffic encryption and authentication. If
PFS is enabled, a hacker using brute force to break encryption keys is not
able to obtain other or future IPSec keys.
第 100 頁，共 118 頁

Advanced-IKE Preshared Key Only

Advanced settings are Advance Mode:
only for IKE with
IPSec.
select Main mode. If network speed is preferred, select Aggressive mode.
When Group VPN is enabled, it will be limited as Aggressive Mode. If you
select Dynamic IP in Remote Client Type in tunnel mode, it will be also
limited as Aggressive Mode.
Compress:
Keep-Alive:
immediately.
AH Hash Algorithm:
algorithm.
NetBIOS Broadcast:
第 101 頁，共 118 頁

PPTP
QVM1000 supports Windows XP/2000 for remote users using PPTP to create VPN connections.
Enable PPTP Server: Click on the square box to enable PPTP Server.
PPTP IP Address Range: Enter the internal IP Address Range for remote users entering to Local
Area Network.QVM1000 supports up to 5 PPTP connections. The default
IP range is start from 200 to 209.
User Name: Enter the user name of the remote client.
New Password Enter a new password.
Confirm New Password: Re-enter the new password you just entered.
Add to list: Click the Add to List button, and configure as many entries as you would
like.
Delete selected User: Delete the selected entry
Connection List: It shows related information of PPTP connection.
User Name: The name of the remote client after the PPTP tunnel is connected.
Remote Address: The IP address of the remote client after the PPTP tunnel is connected.
第 102 頁，共 118 頁

PPTP IP Address: The IP address of PPTP server after the PPTP tunnel is connected
Refresh: Click Refresh button to update the latest information in the list
Apply: Click Apply button to save the PPTP settings.
Cancel Click Cancel button to undo your changes.
VPN Pass Through
IPSec Pass Through: Internet Protocol Security (IPSec) is a suite of protocols used to
implement secure exchange of packets at the IP layer. To allow IPSec
tunnels to pass through the Router, IPSec Pass Through is enabled by
default.
PPTP Pass Through: Point to Point Tunneling Protocol (PPTP) Pass Through is the method
used to enable VPN sessions. PPTP Pass Through is enabled by default
L2TP Pass Through: Layer 2 Tunneling Protocol (L2TP) Pass Through is the method used to
enable VPN sessions. PPTP Pass Through is enabled by default.
第 103 頁，共 118 頁

QVM Server
The device provides the unique, simpler and faster functionality called QVM (Qno VPN Management), to establish a
virtual private tunnel and transmit sensitive and important data, mainly for headquarters and branch offices. It supports
not only the quick connection mechanism but also the backup mechanism. If the main connection is down, it will switch
to anther WAN port and reconnect again. The QVM server of QVM1000/FVR9416 should comply with QVM client of
QVM330 to fully use this functionality.
Setup
Account ID: Enter a specific ID for authentication between QVM server and client.
New Password: Enter a new password.
Confirm New Password: Reenter the password again.
IP Address: This is device’s LAN IP address. The default is 192.168.1.0.
Subnet Mask: This is device’s Subnet Mask. The default is 255.255.255.0.
Active: Enable this rule.
第 104 頁，共 118 頁

Add to List: Click the Add to List button, and configure as many entries as users would
like.
Delete Selected account: Delete the selected entry.

Add New: Add a new rule.
Status
No: It shows sequence of QVM connection.
Account ID: It shows the account ID in QVM’s Setup page.
Status: It shows the status of connection, including connection and disconnection.
Start time: It shows the time when the connection is once established.
End time: It shows the time when the connection is disconnected.
Duration: It shows the time when the connection is alive.
第 105 頁，共 118 頁

Log
System Log
There are three parts in System Log- Syslog, E-mail and Log Setting.
Syslog
Enable Syslog: If check the box, Syslog will be enabled.
Syslog Server: In addition to the standard event log, the QVM1000 can send a detailed
log to an external Syslog server. Syslog is an industry-standard protocol
used to capture information about network activity. QVM1000 Syslog
captures all log activities and includes every connection source and
destination IP address, IP service, and number of bytes transferred. Enter
the Syslog server name or IP address in the Syslog Server field. Restart
the QVM1000 for the change to take effect.
E-mail
Enable E-Mail Alert: If check the box, E-Mail Albert will be enabled.
Mail Server If you wish to have any log or alert information E-mailed to you, then you
must enter the name or numerical IP address of your SMTP server. Your
Internet Service Provider can provide you with this information.
Send E-mail To: This is the E-mail address to which your log files will be sent. You may
leave this field blank if you do not want to receive copies of your log
information.
Log Queue Length The default is 50 entries. QVM1000 will e-mail log when Log entries is
(entries): over 50.
第 106 頁，共 118 頁

Log Time Threshold The default is 10 minutes. QVM1000 will e-mail log every 10 minutes.
(minutes): QVM1000 will e-mail log when meet any one of Log Queue Length or Log
Time Threshold settings
E-mail Log Now: Click E-mail Log Now to immediately send the log to the address in the
Send E-mail to Filed.
Log Setting
Alert Log
By clicking on the check box located besides the items, users can add the specified alert logs to be
displayed in the System Log Table.
Syn Flooding: It will cause servers to stop responding to requests of opening new
connections with clients
IP Spoofing: It is used to gain unauthorized access to PCs.
Win Nuke: It will affect the Microsoft Window 95 operating system.
Ping of Death: It will generate crashes, auto reboot and cause damages to your
systems by sending a ping of a certain sizes from a remote
machine.
Unauthorized Login It will capture logs whenever an unsuccessful login attempt
Attempt: happens.
第 107 頁，共 118 頁

General Log
Check the following event boxes for receiving logs in the System Log Table, including System Error Messages, Deny
Policies, Allow Policies, Content Filtering, Data Inspection, Authorized Login, and Configuration Changes.
System Error Message: It will capture logs for various kinds of errors in the system, such
as incorrect settings and malfunctioning of features.
Deny Policies: It will capture logs when the router detects remote devices denied
from gaining access to itself with the method of matching the deny
policies.
Allow Policies: It will capture logs if the router detects any devices are allowed to
access it with the methods matching the allow policies
Configuration Changes It will capture logs when any router configurations are changed.
Authorized Login It will capture logs whenever a successful login attempt happens.
There are four buttons following Log Setting section.
View System Log: Once you press this button, the new window will pop up the Log, and user can choose ALL,
System Log, Access Log, Firewall Log and VPN Log.
Outgoing Log Table: Once you press this button, the new window will pop up and show you the outgoing packet
information including LAN IP, Destination URL/IP and Service/Port number.
Incoming Log Table: Once you press this button, the new window will pop up and show you the incoming packet
information including Source IP and Destination Port number.
第 108 頁，共 118 頁

Clear Log Now: This button will clear out your log without E-mailing it. Only use this button if you don't mind losing
your log information.
System Statistics
QVM1000 is able to perform the system statistics includes the Device Name, Status, IP Address, MAC Address, Subnet
Mask, Default Gateway, DNS, Network Service Detection, Received Packets, Sent Packets, Total Packets, Received
Bytes, Sent Bytes, Total Bytes, Received Bytes/Sec, Sent Bytes/Sec, Error Packets Received and ,Dropped Packets
第 109 頁，共 118 頁

Received, Sessions, New Session/Sec Up, Upstream Bandwidth Usage(%), and Downstream Bandwidth Usage(%) for
LAN, WAN1~4,and DMZ.
Users can click Next page with underline to see the system statistics on next page or click Previous page to see the
system statistics on previous page when the number of WAN port is 3~4. Click on the Refresh button to update the
statistics.
Traffic Statistic:
There are six traffic information displayed in the Traffic Statistic page.
Inbound IP Source Address:
In this table, it will display the Source IP, bytes/sec and %.
第 110 頁，共 118 頁

Outbound IP Source Address:
In this table, it will display Source IP, bytes/sec, and %.
Inbound IP Service:
In this table, it will display Protocol, destination Port, bytes/sec and %.
Outbound IP Service:
In this table, it will display Protocol, Destination Port, bytes/sec, and %.
Inbound IP session:
In this table, it will display Source IP, Protocol, Source Port, Destination IP, Destination Port, bytes/sec, and
%.
Outbound IP Session:
第 111 頁，共 118 頁

In this table, it will display Source IP, Protocol, Source Port, Destination IP, Destination Port, bytes/sec, and
%.
Specific IP/Port Status:
The device provides functionality for uses to lookup specific IP/Port statue when massive down/updown files are shown
up. User can comply this with that in Traffic statistic together to find out some abnormal traffic.
The default is IP address. Enter IP address to search a specific IP with related information. When users select Port,
enter port number to search a specific port with related information. After clicking on search button, all related
第 112 頁，共 118 頁

information will shown in the bellow table, including Source IP, Protocol, Source Port, Interface(WAN), Destination IP,
Destination Port, Downstream Bytes/Sec, and Upstream Bytes/Sec.
Logout
The Logout button is located on the upper right corner of the Web Interface. This button will terminate the management
session and the Authentication window will be displayed. You will need to re-enter your User Name and Password to
login and continue to manage QVM1000.
第 113 頁，共 118 頁

5. Troubleshooting
6. FAQ
7. Appendix A: VPN Configuration Sample

Sample VPN Environment 1: Gateway to Gateway
Firewall Setting: FirewallÎGeneralÎBlock WAN Request = Disable

VPN Setting: VPNÎSummaryÎAdd New TunnelÎGateway to Gateway
QVM1000 VPN Configuration for Head Office A Head Office B
Tunnel Name HOB HOA
Interface WAN1 WAN
Enable Checked Checked
Local Security Group Type Subnet Subnet
Local Security Group TypeÎ IP Address 20.20.20.0 10.10.10.0
Local Security Group TypeÎ Subnet 255.255.255.0 255.255.255.0
Mask
Remote Security Gateway Type IP IP
Remote Security Gateway TypeÎ IP 100.100.100.100 200.200.200.200
Address
Remote Security Group Type Subnet Subnet
Remote Security Group TypeÎ IP 10.10.10.0 20.20.20.0
Address
Remote Security Group TypeÎ Subnet 255.255.255.0 255.255.255.0
Mask
Keying Mode IKE with preshared key IKE with preshared key
Phase 1 DH Group Group 1 Group 1
Phase 1 Encryption DES DES
Phase 1 Authentication MD5 MD5
第 114 頁，共 118 頁

Phase 1 SA Life Time 28,800 Seconds 28,800 Seconds

Perfect Forward Secrecy Checked Checked
Phase 2 SA Life Time 3600 Seconds 3600 Seconds
Preshared Key Both sides should use the same key.
Sample VPN Environment 2: Gateway to Gateway
VPN Setting: VPNÎSummaryÎAdd New TunnelÎGateway to Gateway

Head Office A Home1 (VPN Client SW)
Tunnel Name Home1 HOA
Interface WAN1 WAN
Local Security Group Type Subnet IP
Local Security Group TypeÎ Subnet Mask 255.255.255.0 255.255.255.0
Remote Security Gateway Type Domain Name IP
Remote Security Gateway TypeÎ Domain Company domain Name
Name
Local IDÎ Domain Name Company domain Name
Remote Security Gateway TypeÎ IP 100.100.100.100 200.200.200.200
Address
Remote Security Group Type IP Subnet
Remote Security Group TypeÎ IP Address 10.10.10.10 20.20.20.0
Remote Security Group TypeÎ Subnet 255.255.255.0
Mask
第 115 頁，共 118 頁


Preshared Key Your tunnel password
Sample VPN Environment 3: Client to Gateway (Tunnel)
VPN Setting: VPNÎSummaryÎAdd New TunnelÎClient to GatewayÎTunnel

Head Office A Home1 (VPN Client SW)
Tunnel Name Home1 HOA
Interface WAN1 WAN
Remote Security Gateway Type IP
Remote Security Gateway TypeÎIP 200.200.200.200
Address
Remote Client Email Address
Remote ClientÎ Email Address User Email Address
Local IDÎ Email Address User Email Address
Remote ClientÎ IP Address 100.100.100.100
Remote Security Group Type Subnet
Remote Security Group TypeÎ IP Address 20.20.20.0
Mask
第 116 頁，共 118 頁


Sample VPN Environment 4: Client to Gateway (GroupVPN)
VPN Setting: VPNÎSummaryÎAdd New TunnelÎClient to GatewayÎGroup VPN

Head Office A Home (VPN Client SW)
Group Name/Tunnel Name GroupVPN1 HOA
Interface WAN1 WAN
Local Security Group TypeÎ IP Address 20.20.20.0 Client IP Address
Remote Security Gateway Type IP
Remote Security Gateway TypeÎIP 200.200.200.200
Address
Remote Client Domain Name
Remote ClientÎ Email Address Company Domain Name
Local IDÎ Email Address Company Domain Name
Remote Security Group Type Subnet
Remote Security Group TypeÎ IP Address 20.20.20.0
Mask
第 117 頁，共 118 頁


Advanced Aggressive Mode
Note: All Clients can sign up into one Group VPN simultaneously
第 118 頁，共 118 頁

QVM1000

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

QVM1000

Transféré par

Droits d'auteur :

Formats disponibles

QVM1000 4WAN QoS VPN Management Router

QVM1000 QoS VPN Management Router

3. How To Install QVM1000...............................................................................................................................11

7. Appendix A: VPN Configuration Sample ..................................................................................................114

Sample VPN Environment 1: Gateway to Gateway.............................................114

 WAN: DHCP client, static IP, PPPoE

 DMZ: DHCP client, static IP, PPPoE

 LAN: DHCP auto-assignment, Mac-assignment DHCP static IP, Static IP.

 NSD for Intelligent Balancer and IP Group by Users

 Classes of service (CoS) (IP Group by Users)

 IP&MAC binding (support class B)

 NAT with popular ALG support

 NAT with port forwarding

 NAT with port triggers

 Password protected configuration or management sessions for web access

 Intelligent Balancer (Auto Mode)

 Classes of service (CoS)

 NTP Time Server

 Gateway/ Routing Mode Support

 SNMP v1/v2c support

 Monitoring, Logging, Alarms of system activities

 Supports filter capability (Service and IP)

 Support Syslog & E-Mail Alert.

 IP filtering; allows you to configure IP address filters

 Port filtering; allows you to configure TCP/UDP port filters

 Support Hardware DMZ to protect your network

 Denial of Service (DoS) prevention Dos attack prevention

 Support user defined Port No. for Remote management

 Inappropriate URL command line filter

 Set Internet accessing time schedule

 Syn Flooding/IP Spoofing/Win Nuke/Ping Of Death

 Allow Website by Domain Name

 Support up to 200 VPN tunnels

 Up to 2 Group VPNs support

 Friendly VPN Tunnel Management

 Support IKE : Pre-Shared keys

 Support IPSec Encryption DES/3DES/AES

 Support IPSec Authentication MD5/SHA1

 Support PMTU Key management: IKE

 Support DNS Resolve

 Support DPD detection

 Support PPTP server

 Support VPN Pass-through

 Support Software DMZ.

 One to One NAT Support.

 MAC Clone Change Support

 Diagnostic with DNS Lookup & Ping.

 Setting Backup with Import & Export.

 3DES 168bit VPN: Up to 70Mbps.

 Flash Memory: 16Mbyte

 IEEE 802.3u 100Base-TX

Ethernet Physical Interface:

 DMZ : One 10/100Base-T/TX RJ-45 port

 LAN1~11: 11 Port 10/100Base-T/TX RJ-45 ports

 One reset button for factory default setting

 Speed, Link/Activity, WAN, Connect

 Storage Temperature: -200 ~ 600C (-40 ~ 1400F)

 Humidity: 0 ~ 90% non-condensing

 19” Rack- Mount Tools Kit

3. How To Install QVM1000

Orange On: System not ready

Link/Act Green On: Ethernet Link

Green On: Obtain IP address

Green On: Ethernet Link

WAN: DHCP client, static IP, PPPoE

DMZ: DHCP client, static IP, PPPoE

LAN: DHCP auto-assignment, Mac-assignment DHCP static IP, Static IP.

NSD for Intelligent Balancer and IP Group by Users

Classes of service (CoS) (IP Group by Users)

IP&MAC binding (support class B)

NAT with popular ALG support

NAT with port forwarding

NAT with port triggers

Password protected configuration or management sessions for web access

Intelligent Balancer (Auto Mode)

Classes of service (CoS)

NTP Time Server

Gateway/ Routing Mode Support

SNMP v1/v2c support

Monitoring, Logging, Alarms of system activities

Supports filter capability (Service and IP)

Support Syslog & E-Mail Alert.

IP filtering; allows you to configure IP address filters

Port filtering; allows you to configure TCP/UDP port filters

Support Hardware DMZ to protect your network

Denial of Service (DoS) prevention Dos attack prevention

Support user defined Port No. for Remote management

Inappropriate URL command line filter

Set Internet accessing time schedule

Syn Flooding/IP Spoofing/Win Nuke/Ping Of Death

Allow Website by Domain Name

Support up to 200 VPN tunnels

Up to 2 Group VPNs support

Friendly VPN Tunnel Management

Support IKE : Pre-Shared keys

Support IPSec Encryption DES/3DES/AES

Support IPSec Authentication MD5/SHA1

Support PMTU Key management: IKE

Support DNS Resolve

Support DPD detection

Support PPTP server

Support VPN Pass-through

Support Software DMZ.

One to One NAT Support.

MAC Clone Change Support

Diagnostic with DNS Lookup & Ping.

Setting Backup with Import & Export.

3DES 168bit VPN: Up to 70Mbps.

Flash Memory: 16Mbyte

IEEE 802.3u 100Base-TX

DMZ : One 10/100Base-T/TX RJ-45 port

LAN1~11: 11 Port 10/100Base-T/TX RJ-45 ports

One reset button for factory default setting

Speed, Link/Activity, WAN, Connect

Storage Temperature: -200 ~ 600C (-40 ~ 1400F)

Humidity: 0 ~ 90% non-condensing

19” Rack- Mount Tools Kit