Contents:

Introduction

Hardware Installation

Overview of the Web-based Management

Using the Connection Wizard

Security

Web Filtering

Advanced

System Monitoring

Tutorials >

Troubleshooting

Regulatory Information

Frequently Asked Questions

U.S. Robotics Corporation Limited Warranty

Glossary

USR8200 Firewall/VPN/NAS User Guide

Tutorials

This section is a series of illustrated procedures for some of the more complex or commonly-used features. Just click on a link to find out how to do it.

Firewall

How do I configure dynamic DNS?

How do I set up advanced filters?

How do I set up a virtual server?

How do I configure access control?

How do I set up a DMZ?

One-to-One NAPT

How do I set up One-to-One NAPT address translation to a local IP address?

VPN

How do I enable and configure PPTP?

How do I set up an IPSec point-to-point tunnel?

How do I configure a VPN connection in Mac OSX Panther?

Miscellaneous

How do I add a user to the system?

How do I set up a file server?

How do I set up the print server?

How do I set up a computer to use the shared printer?

How do I set up the 8200's built-in FTP server?

How do I set up remote administration?

 

How do I configure dynamic DNS?

  1. Click the Advanced icon on the left side of the main page.
  2. Click the Dynamic DNS option.
  3. Enter your dynamic DNS information in the space provided. Click OK at the bottom of the page, and click OK again to confirm the setting change.
  4. Note: If you do not have a Dynamic DNS user name you can register at http://www.dyndns.org/ for no charge.

 

How do I set up advanced filtering?

Advanced filtering is designed to allow comprehensive control over the USR8200's firewall. It does this by letting you define Input and Output Rules, Initial Rules, WAN Rules, LAN Rules, and Final Rules. The USR8200 Firewall/VPN/NAS applies rules in this order:

  1. Initial rules
  2. WAN/LAN rules
  3. Final rules

Example: Suppose your company has a Web server that is constantly receiving vicious attacks from the same IP address. With the USR8200 Firewall/VPN/NAS, you can set up an initial rule to block all traffic from that address. Then you could define a WAN rule that allows all other addresses to access the Web server. Here's how you can do it.

  1. Click the Security option on the left side of the screen.
  2. In the Security page, click the Advanced Filtering tab.
  3. The first thing to set up is the initial rule that will block all traffic from that specific IP address. Click Initial Rules in the input rule sets.
  4. Click the New Entry option to add a new rule.
  5. Select Single from the Source IP Address line and enter the IP address you want to block. Under Operation, select the Drop button. Scroll down to the service you would like to block.
  6. Note: If you are receiving unwanted requests from multiple IP addresses, you can specify a range of IP addresses in the Source IP Address field.

  7. In this example, we want to block all traffic from an address. Click the checkbox for All Traffic and scroll down.
  8. Click OK.
  9. Click OK to confirm the addition of the new rule.
  10. With the input rule defined, the next step is to set up the WAN rule. Click OK again to go back to the Advanced Filtering page.
  11. To add the rule, click WAN Ethernet Rules in the input rule set.
  12. Next, click New Entry.
  13. Select Single from the Destination IP Address drop-down menu, and enter the IP address of your Web server. Click the button next to Accept.
  14. In the Basic Web Utilities section, check the box labeled HTTP - Web Server.
  15. At the bottom of the page, click OK.
  16. Click OK to confirm the addition of the new rule.
  17. Click OK again to go back to the Advanced Filtering page.

 

 

How do I set up a virtual server?

A virtual server allows access to a local computer network from the Internet, while still allowing it to take advantage of the router's firewall protection. Special applications and services require certain ports to be opened and routed to specific internal computers.

To make your virtual server work properly, the host machine must have a static IP address.

  1. Click the Security icon in the main menu.
  2. Click the Local Servers tab.
  3. Click New Entry.
  4. In Local Host, enter the IP address of the machine you want to expose to the outside world, and select the services and port numbers to support. Then click New User-Defined Service.
  5. Click New Server Ports.
  6. Select the appropriate protocol from the Protocol list. Click OK.
  7. Type in a name for the service in Service Name and enter an application description in Service Description. Click OK.
  8. Type in the server's IP address into Local Host. Check the box next to your user-defined service located under User Defined Services.
  9. Scroll down to the bottom of the page and click OK.

  10. The following screen shows a successful virtual server configuration for the user-defined services.

 

How do I configure access control?

Use this procedure to limit access to various services.

  1. Click the Security icon in the main menu.
  2. Click the Access Control tab.
  3. Click New Entry to create a new access control rule.
  4. In the Applied To list, select who the rule will affect (Entire LAN or Individual Computers).
  5. Note: By default, Schedule is set to Always (so it's always applied), with the option of creating a custom schedule by clicking the New option. A custom schedule allows you to specify when you want a rule to take effect and then terminate.

  6. Select the service(s) you want to block from the list of pre-made services, or click on New User-Defined Service to create a custom rule. Scroll down to the bottom of the page and click OK.
  7. The new rule appears on the Access Control page after clicking OK. If this is the only rule you wish to configure, click OK. To add another rule, repeat the process.

 

How do I set up a DMZ?

DMZ is short for "demilitarised zone." It's a USR8200 Firewall/VPN/NAS feature that exposes computers to the Internet for two-way communications, for Internet gaming, video conferencing, VPN connections, etc. If you have a local client PC that cannot run an Internet application properly from behind the NAT firewall, you can open the client up to unrestricted two-way Internet access by defining a virtual DMZ host.

  1. Click the Security icon in the main menu.
  2. Click DMZ Host.
  3. Check the box next to DMZ Host IP Address and type in the IP address of the computer you want to be the DMZ host. Click OK.

 

How do I set up One-to-One NAPT address translation to a local IP address?

  1. Click the Security icon on the left side of the screen.
  2. Click the Advanced Filtering tab.
  3. Click WAN Ethernet Rules.
  4. Click New Entry.
  5. Set the operation mode to Redirect.
  6. In Source IP Address, specify the user(s) who will use the address. Your choices include letting anyone use it, giving access to a single IP address, or entering a range of addresses.
  7. In Destination IP Address, specify the local IP address to redirect to.
  8. In Redirect to a local server (below), enter the external IP address.
  9. Next you need to specify a port for your application. Scroll down the list of applications and port numbers and check the corresponding box. For instance, if you want to redirect FTP traffic on port 21, you would check the FTP box.
  10. Finally, scroll down to the bottom of the page and click OK to save your changes.

 

How do I enable and configure PPTP?

  1. Click the Advanced option in the main menu on the left. Then click on PPTP.
  2. Click Enabled to enable the PPTP server option. Click OK.
  3. Click New Connection.
  4. In the field labeled Host Name or IP Address of Destination, type the IP address or host name of the network you want to connect to. Type the login user name and password in the corresponding fields. Click Next.
  5. Note: This user name and password are created and supplied by the administrator of the network you want to connect to.

  6. Click Finish to complete the setup.

 

 

How do I set up an IPSec point-to-point tunnel?

  1. Click the Advanced icon on the left side of the screen.
  2. Click the IPSec option.
  3. Click New Connection to begin setting up a new IPSec point-to-point VPN tunnel.
  4. Click the Network-to-Network button. Then click Next.
  5. Verify that the Remote Gateway Address and Remote Subnet buttons are selected. Click Next.
  6. Type the remote network's IP address in the Remote Tunnel Endpoint Address. Type the Remote Subnet IP Address and Subnet Mask in their respective fields. Enter a pass-phrase in Shared Secret.
  7. Note: The shared secret pass-phrase must be identical on both sides of the VPN tunnel.

  8. Click Finish to create the connection.

 

How do I configure a VPN connection in Mac OSX Panther?

  1. From the desktop, click on Go >>> Applications.
  2. In the Applications window, double-click on Internet Connect.
  3. In the top section of the Internet Connect window, click on the VPN (PPTP) button.
  4. Expand the Configuration drop-down menu and select Edit Configurations.
  5. In Description field, enter a name for your connection. In Server Address, enter the VPN server's IP address. In the Account Name field, type in your VPN user name.
  6. Note: By default, authentication is password-based. If you use RSA SecurID instead, click the RSA SecurID button. Encryption is set to Automatic by default and can be adjusted or disabled if necessary.

  7. Click OK to complete the VPN configuration.
  8. Click the Connect button to begin a VPN session.

 

How do I add a user to the system?

  1. Click Advanced in the main menu.
  2. Click the Users icon.
  3. Click New User.
  4. Fill in the blank fields with the appropriate information and select the permissions level to grant the user. Click OK when done.
  5. Note: The e-mail section is optional.

 

How do I set up a file server?

Follow this procedure to attach and configure an external hard drive (such as the USR8800) to the USR8200 Firewall/VPN/NAS.

  1. Connect the external hard drive to the USR8200. Then click the Home icon on the left side of the screen.
  2. Select the new disk drive in the network map.
  3. Click the "edit partition" icon located under Action.
  4. The next step is to format the drive. If the drive is already formatted as FAT32 (see the list below Type), skip ahead to the next step. Otherwise, click Format Partition and select Windows (FAT32) from the drop-down list. Then click OK.
  5. To allow the computers on your network to use the drive, you need to map a network drive. On each local computer that needs access to the drive, right-click My Computer and select Map Network Drive.
  6. Select the drive letter you would like to assign to the drive (e.g., E, F, etc.). In Folder, type in the share name of the drive or enter a name for the drive. Then click Finish.

 

How do I set up the print server?

  1. Connect your printer to one of the USB ports on the back of the USR8200 Firewall/VPN/NAS. Turn the printer on.
  2. Click the Advanced option in the main menu on the left side of the screen.
  3. Click Print Server.
  4. Check the Enabled box in the print server window. Then click Apply and OK.
  5. Click Print Server again to view the print server configuration.
  6. Note: If your printer does not appear in the Printer column, try these troubleshooting steps:

    • Make sure the printer is turned on and connected to one of the router's USB ports.
    • Verify that your printer works when connected directly to a computer.
    • Connect the printer to a different USB port on the USR8200 Firewall/VPN/NAS.
    • Try another USB cable.
    • Cycle the power on the USR8200 Firewall/VPN/NAS (turn it off, wait a minute, and turn it back on again).
    • Cycle the power on the printer.

    If the printer is still not appearing in the list, contact U.S. Robotics technical support.

Now that the print server is set up, you need to configure printer support on the computers that will send use the printer. Click here to learn about this.

 

How do I set up a computer to use the shared printer?

After you set up the USR8200's print server, follow this procedure on every local computer you want to give printer access to. For non-Windows operating systems: Adapt this to follow the printer installation process for your operating system.

  1. Windows XP users: Click Windows Start and then Printers and Faxes. Windows 2000, Me, and 98 users: Click Windows Start, Settings, and then Printers.
  2. Double-click Add Printer. This opens the installation wizard. Click Next.
  3. If the wizard asks where the printer is located, select Network printer and click Next.
  4. Use the USR8200's Web configuration utility to find the printer name. To do this, open the Web interface, log in, and click the Home icon. Find the printer in the network diagram and make a note of its name.
  5. Click the radio button next to Type the printer name, or click Next to browse for a printer. In Name, type \\usr8200\"PrinterName". Substitute the printer name from the previous step for PrinterName.
  6. If the following message appears, click OK to continue.
  7. Select the manufacturer and model of your printer and click Next. If you can't find either the manufacturer or model in the lists, you will have to install the software that came with your printer. (If you do not have the installation software, you can visit the manufacturer's Web site to download the latest version.) To install the software, click Have Disk and browse to the location of the printer setup information.
  8. Click the Finish button when it appears.
  9. Now you need to test the setup by printing a test page from this machine. Windows XP users: Click Windows Start and then Printers and Faxes. Windows 2000, Me, and 98 users: Click Windows Start, Settings, and then Printers.
  10. Select the shared printer, go to the File menu and select Properties.
  11. Click Print Test Page. If the printer completes the test page, click OK. Otherwise, click Troubleshoot for assistance on printer troubleshooting.

 

How do I set up the 8200's built-in FTP server?

  1. Click on the Advanced icon in the main menu.
  2. Click on Local FTP Server.
  3. In the local FTP server screen, check the Enable FTP Server box. In Total FTP Sessions Allowed, select a limit on the number of simultaneous FTP sessions. A value of 5 means that up to 5 users can connect at the same time.
  4. In the Anonymous User Access section, Read Access allows anonymous users to read and download files on the FTP server. (An anonymous user is anyone who connects to the server who is not listed as a user in the User screen.) Write Access lets anonymous users upload files to the FTP server. Anonymous Home Directory is the folder an anonymous user will have access to. If you DO NOT want anonymous users to access the FTP server, clear both the Read Access and Write Access checkboxes in the Anonymous User Access section.
  5. Click Apply to enable the FTP server.
  6. At this point, the FTP server is configured and running, but only the users on the local network can see it. To make it accessible outside the local network, you need to configure a WAN Ethernet rule that will allow outside FTP traffic to get past the firewall. Start by clicking on Security in the main menu.
  7. Click on the Advanced Filtering tab.
  8. Click the WAN Ethernet Rules link in the input rule sets.
  9. In the Rule ID column, click New Entry.
  10. Select Any from the Source IP Address and Destination IP Address pick lists. Under Operation, click Accept.
  11. In the Service Name section, check FTP - File Transfer. Then scroll down to the bottom of the page and click OK.

  12. Click OK to apply the new rule.
  13. This screen shows a successfully created WAN Ethernet rule. The FTP server is now ready for use for internal and external users.

 

How do I set up remote administration?

WARNING: Enabling remote administration is a security risk because it gives other Internet users a way to log in to your system. We suggest that you change the admin account's password from the default (admin). (To change the password, go to the advanced options and open the User link. Click here for more information on this.

  1. Click the Advanced icon in the main menu.
  2. Click Remote Administration in the advanced options window.
  3. Check the boxes indicating the type of remote administration access you want to set up. Click OK. In this example, the Using Secondary HTTP Port (8080) box is checked. This gives a user with Internet access the ability to log in to the USR8200 Firewall/VPN/NAS remotely, while still hosting a Web site on the primary HTTP port number 80.
  4. To access the administrative software from a remote system, you can it from a Web browser by opening the WAN IP address of your device followed by a colon and the port number selected in the previous step. In the above example, if the IP address of your USR8200 Firewall/VPN/NAS was 12.34.56.78, you could start the administrative software by opening this address: http://12.34.56.78:8080 .

 

USRobotics