Enter the IP address provided by your ISP.

Enter the netmask provided by your ISP. Normally use 255.255.255.0.

Enter the gateway IP address provided by your ISP.

Enter the DNS IP address provided by your ISP.

Enter alternative DNS IP address if your ISP provides it.

The normal MTU (Maximum Transmission Unit) value for most Ethernet networks is 1500 Bytes. For some ISPs you need to modify the MTU. But this is rarely required, and should not be done unless you are sure it is necessary for your ISP connection.

Specify the MAC address of WAN interface. This field displays the current MAC address of the WAN port. If your ISP requires that you register the MAC address, enter the correct MAC address into this field. The format for the MAC Address is XX-XX-XX-XX-XX-XX (X is any hexadecimal digit). Click Restore Factory MAC to restore the MAC address of WAN port to the factory default value.

Displays the MAC address of the PC that is managing the router. Some ISPs require that you should register the MAC address of your PC. If the MAC address is required, you can click Clone PC’s MAC to set the WAN MAC address the same as your management PC’s MAC address.

Specify the MTU size. The normal MTU (Maximum Transmission Unit) value for most Ethernet networks is 1500 Bytes. For some ISPs you need to modify the MTU. But this is rarely required, and should not be done unless you are sure it is necessary for your ISP connection.

If your ISP gives you one or two DNS IP addresses, select Use These DNS Servers and enter the Primary DNS and Secondary DNS into the correct fields. Otherwise, the DNS servers will be assigned from ISP dynamically.

Enter the DNS IP address provided by your ISP.

Enter another DNS IP address provided by your ISP.

Specify the WAN MAC address. This field displays the current MAC address of the WAN port. If your ISP binds the MAC address of your previous computer/router, enter the correct MAC address into this field. The format for the MAC Address is XX-XX-XX-XX-XX-XX (X is any hexadecimal digit). Click Restore Factory MAC to restore the MAC address of WAN port to the factory default value.

Displays the MAC address of the PC that is managing the router. Some ISPs require that you should register the MAC address of your PC. If the MAC address is required, you can click Clone PC’s MAC to set the WAN MAC address the same as your management PC’s MAC address.

Enter the User Name that is provided by your ISP.

Enter the Password that is provided by your ISP.

If your ISP provides an extra Connection type such as Dynamic/Static IP to connect to a local area network, you can activate this secondary connection.

Disable: The Secondary Connection is disabled by default, so there is PPPoE connection only. This is recommended.

Dynamic IP: Use dynamic IP address to connect to the local area network provided by ISP.

Static IP: Use static IP address to connect to the local area network provided by ISP.

Specify the MTU size. The default MTU (Maximum Transmission Unit) size is 1480 bytes, which is usually appropriate. For some ISPs, you need modify the MTU. This should not be done unless your ISP told you to.

Specify the Service Name provided by your ISP. Please keep it empty if your ISP doesn't provide the name.

Specify the AC Name provided by your ISP. Please keep it empty if your ISP doesn't provide the name.

Specify the Detect Interval. The default value is 0. You can input the value between 0 and 120. The device will detect Access Concentrator online every interval seconds. If the value is 0, it means not detecting.

If your service provider provides you with an IP address along with the user name and password, Enable "Use ISP-specified IP" and enter the IP address.

If the ISP provides a DNS server IP address for you, Enable Use These DNS Server, and fill the Primary DNS and Secondary DNS fields below. Otherwise, the DNS servers will obtain automatically from ISP.

Specify the WAN MAC address. This field displays the current MAC address of the WAN port. If your ISP binds the MAC address of your previous computer/router, enter the correct MAC address into this field. The format for the MAC Address is XX-XX-XX-XX-XX-XX (X is any hexadecimal digit). Click Restore Factory MAC to restore the MAC address of WAN port to the factory default value.

Displays the MAC address of the PC that is managing the router. You can click Clone PC’s MAC to set the WAN MAC address the same as your management PC’s MAC address.

Click this button to restore the WAN MAC address as factory MAC address.

Click this button to set the WAN MAC address as PC’s MAC address.

Enter the server IP address or the domain name provided by your ISP.

Enter the User Name provided by your ISP. This field is case-sensitive.

Enter the Password provided by your ISP. This field is case-sensitive.

Select the Connection Mode.

On Demand

You can configure the device to disconnect your internet connection after a specified period of inactivity (Idle Time). If your internet connection has been terminated due to inactivity, Connection on Demand enables the device to automatically re-establish your connection when you attempt to access the internet again. The default Idle Time is 15 minutes. If your internet connection is expected to remain active all the time, enter 0 in the Idle Time field. Users those pay by time for their internet access can choose this mode to save their internet-access fee.

Automatic

Connect automatically after the device is disconnected. Users those are charged a flat monthly fee can choose this mode.

Manual

You can configure the device to make it connect or disconnect manually. After a specified period of inactivity (Idle Time), the device will disconnect your internet connection, and you must click Connect manually to access the internet again. If your internet connection is expected to remain active all the times, enter 0 in the Idle Time field. Otherwise, enter the desired Idle Time in minutes you wish to use. Users charged by time for their internet access can choose this mode to save their internet-access fee.

If your ISP provides a Connection type such as Dynamic/Static IP to connect to a local area network, you can activate this secondary connection.

Dynamic IP: Use dynamic IP address to connect to the local area network provided by ISP.

Static IP: Use static IP address to connect to the local area network provided by ISP.

Specify the MTU size. The normal MTU (Maximum Transmission Unit) value for most Ethernet networks is 1500 Bytes. For some ISPs you need to modify the MTU. But this is rarely required, and should not be done unless you are sure it is necessary for your ISP connection.

Specify the WAN MAC address. This field displays the current MAC address of the WAN port. If your ISP requires that you register the MAC address, enter the correct MAC address into this field. The format for the MAC Address is XX-XX-XX-XX-XX-XX (X is any hexadecimal digit). Click Restore Factory MAC to restore the MAC address of WAN port to the factory default value.

Displays the MAC address of the PC that is managing the router. Some ISPs require that you should register the MAC address of your PC. If the MAC address is required, you can click Clone PC’s MAC to set the WAN MAC address the same as your management PC’s MAC.

Enter the LAN IP address of your device. By default, it is 192.168.0.254.

Enter the Netmask provided by your ISP. Normally use 255.255.255.0.

Enter the gateway IP address for your device.

Enter the primary DNS IP address provided by your ISP. Please consult your ISP if you don’t know the DNS value. The factory default setting is 0.0.0.0.

Enter the secondary DNS IP address of alternative DNS server if your ISP two DNS servers. The factory default setting is 0.0.0.0.

Specify the MTU size. The normal MTU (Maximum Transmission Unit) value for most Ethernet networks is 1500 Bytes. For some ISPs you need to modify the MTU. But this is rarely required, and should not be done unless you are sure it is necessary for your ISP connection.

Enable or disable IGMP (Internet Group Management Protocol) Proxy. IGMP proxy is used to process the multicast stream in the netwok. It normally works for IPTV service.

Enable or disable the DHCP server function. With this function enabled, the build-in DHCP server will assign IP address to the clients connected to the device.

Specify the first IP address of the IP address pool. By default, it is 192.168.0.100.

Specify the last IP address of the IP address pool. By default, it is 192.168.0.199.

Specify the gateway IP address for the LAN network. By default, it is 192.168.0.254.

(Optional) Specify the domain name for the DHCP server.

Enter the DNS IP address for the LAN. By default,it is 0.0.0.0.

Enter the IP address of alternative DNS server if there are two DNS servers. By default, it is 0.0.0.0.

Enter the amount time of the leased IP address assigned by the DHCP server. When the time expires, the clients will request to renew the lease automatically.

Enable Address Reservation and you can specify a reserved IP address for a PC on the local area network, so the PC will always obtain the same IP address each time when it starts up. Reserved IP addresses could be assigned to servers that require permanent IP settings.

To configure Address Reservation:

Click Add, specify the MAC address and the IP address. Enable this entry, then click Save.

Enable or disable the Fallback IP. When the device doesn’t find DHCP server, it will use the fallback IP as the LAN IP address.

Specify the fallback IP for the device. By default, it is 192.168.0.254.

Specify the fallback netmask for the device.

Enter the DNS IP address for the LAN. By default, it is 0.0.0.0.

Enter the IP address of alternative DNS server if there are two DNS servers. By default, it is 0.0.0.0.

Enable or disable IGMP (Internet Group Management Protocol) Proxy. IGMP proxy is used to process the multicast stream in the network. It normally works for IPTV service.

Enter the LAN IP address of your device. By default, it is 192.168.0.254.

Enter the Netmask provided by your ISP. Normally use 255.255.255.0.

Enable or disable IGMP (Internet Group Management Protocol) Proxy. IGMP proxy is used to process the multicast stream in the netwok. It normally works for IPTV service.

Enable or disable the DHCP server function. With this function enabled, the build-in DHCP server will assign IP address to the clients connected to the device.

Specify the first IP address of the IP address pool. By default, it is 192.168.0.100.

Specify the last IP address of the IP address pool. By default, it is 192.168.0.199.

Specify the gateway IP address for the LAN network. By default, it is 192.168.0.254.

(Optional) Specify the domain name for the DHCP server.

Enter the DNS IP address for the LAN. By default,it is 0.0.0.0.

Enter the IP address of alternative DNS server if there are two DNS servers. By default, it is 0.0.0.0.

Enter the amount time of the leased IP address assigned by the DHCP server. When the time expires, the clients will request to renew the lease automatically.

Enable Address Reservation and you can specify a reserved IP address for a PC on the local area network, so the PC will always obtain the same IP address each time when it starts up. Reserved IP addresses could be assigned to servers that require permanent IP settings.

To configure Address Reservation:

Click Add, specify the MAC address and the IP address. Enable this entry, then click Save.

Enable or disable the Management VLAN function. By default, it is disabled.

Specify the Management VLAN ID. The valid values are from 2 to 4094.

Enable or disable the DMZ function. DMZ (Demilitarized Zone) specifically allows one computer/device behind NAT to become “demilitarized”, so all packets from the external network are forwarded to this computer/device. The demilitarized host is exposed to the wide area network, which can realize the unlimited bidirectional communication between internal hosts and external hosts.

Specify the IP address of the local host network device. The DMZ host device will be completely exposed to the external network. Any PC that was used for a DMZ must have a static or reserved IP Address because its IP Address may change when using the DHCP function.

Select the type of ALG to enable the corresponding feature. Common NAT only translates the address of packets at network layer and the port number at transport layer but cannot deal with the packets with embedded source/destination information in the application layer. Application layer gateway (ALG) can deal with protocols with embedded source/destination information in the application payload. Some protocols such as FTP, TFTP, H323 and RTSP require ALG (Application Layer Gateway) support to pass through NAT.

FTP ALG: Allows FTP clients and servers to transfer data across NAT.

TFTP ALG: Allows TFTP clients and servers to transfer data across NAT.

H323 ALG: Allows Microsoft NetMeeting clients to communicate across NAT.

RTSP ALG: Allows some media player clients to communicate with some streaming media servers across NAT.

Enable or disable Virtual Server. Virtual servers can be used for setting up public services on your local area network, such as DNS, Email and FTP. A virtual server is defined as a service port, and all requests from the internet to this service port will be redirected to the LAN server. Virtual Server function not only makes the users from internet visit the local area network, but also keeps network security within the intranet as other services are still invisible from internet. The LAN server must have a static or reserved IP Address because its IP Address may change when using the DHCP function.

To configure Virtual Server:

Click Add, specify the following parameters and Enable the entry. Click Save.

IP: Enter the IP Address of the PC providing the service application.

Internal Port: Enter the Internal Port number of the PC running the service application. You can leave it blank if the Internal Port is the same as the Service Port, or enter a specific port number.

Service Port: Enter the numbers of external Service Port. You can type a service port or a range of service ports (the format is XXX – YYY, XXX is the start port, YYY is the end port). Internet users send request to the port for services.

Protocol: Choose the one of the protocols used for this application: TCP, UDP, or TCP/UDP.

Enable or disable port trigger. Due to the existence of the firewall, some applications such as online games, video conferences, VoIPs and P2P downloads need the device to configure the forwarding to work properly, and these applications require multiple ports connection, for single-port virtual server cannot meet the demand. Port trigger function comes at this time. When an application initiates a connection to the trigger port, all the incoming ports will open for subsequent connections.

To configure port trigger:

Click Add, specify the following parameters and Enable the entry. Click Save.

Incoming Port: Enter the incoming port for incoming traffic. The port or port range is used by the remote system when it responds to the outgoing request. A response to one of these ports will be forwarded to the PC that triggered this rule. You can input at most 5 groups of ports (or port section). Every group of ports must be set apart with “,”. For example, 2000-2038, 2050-2051, 2085, 3010-3030.

Trigger Port: Enter the trigger port for outgoing traffic. An outgoing connection using this port will “Trigger” this rule.

Protocol: Choose the one of the protocols used for this application: TCP, UDP, or TCP/UDP.

Enable or disable UPnP. If you use applications such as multiplayer gaming, peer-to-peer connections, or real-time communications such as instant messaging or remote assistance (a feature in Windows XP), you should enable the UPnP function. The Universal Plug and Play (UPnP) function allows the devices, such as internet computers, to access the local host resources or devices as needed. Host in the local area network can automatically open the corresponding ports on a router, and make the application of external host access the resources of the internal host through the opened ports. Therefore, the functions limited to the NAT can work properly. Compared to virtual server and port triggering, the application of UPnP doesn’t need manual settings. It is more convenient for some applications required unfixed ports.

App Description: Displays the description provided by the application in the UPnP request.

External Port: Displays the external port number that the router opened for the service application.

Protocol: Displays which type of protocol is opened.

Internal Port: Displays the internal service port number of the local host running the service application.

IP Address: Displays the IP address of the local host which initiates the UPnP request.

Status: Enabled means that port is still active. Otherwise, the port is inactive.

Check the Enable box to use the SPI Firewall function. If forwarding rules are enabled at the same time, the device will give priority to meet forwarding rules.

Select and enable the ping forbidden function.

WAN Ping Forbidden: Enable or disable this function. With this option enabled, the device will not reply the ping request originates from internet. By default, it is disabled.

LAN Ping Forbidden: Enable or disable this function. With this option enabled, the device will not reply the ping request originates from local network.

Select and enable the VPN function.

A VPN is created by establishing a virtual point-to-point connection through the use of dedicated connections, virtual tunneling protocols, or traffic encryptions. Through VPN you can access your private network over internet. A virtual private network connection across the internet is similar to a wide area network (WAN) link between sites. From a user perspective, the extended network resources are accessed in the same way as resources available within the private network. When hosts in the local area network want to visit the remote virtual private network using virtual tunneling protocols, the corresponding VPN protocol should be enabled.

PPTP Passthrough: PPTP (Point-to-Point Tunneling Protocol) allows the Point-to-Point Protocol (PPP) to be tunneled through an IP (Internet Protocol) network. Check the box to allow PPTP tunnels to pass through the Device.

L2TP Passthrough: L2TP (Layer Two Tunneling Protocol) is the method used to enable Point-to-Point connections via the internet on the Layer Two level. Check the box to allow L2TP tunnels to pass through the Device.

IPSec Passthrough: IPSec (Internet Protocol Security) is a suite of protocols for ensuring private, secure communications over IP (Internet Protocol) networks, through the use of cryptographic security services. Check the box to allow IPSec tunnels to pass through the Device.

Enable the DoS Protection and specify the parameters.

DoS (Denial of Service) Attack is to occupy the network bandwidth maliciously by the network attackers or the evil programs sending a lot of service requests to the Host, which incurs an abnormal service or even breakdown of the network. With DoS Protection function enabled, the device can analyze the specific fields of the IP packets and distinguish the malicious DoS attack packets. Upon detecting the packets, the device will discard the illegal packets directly and limit the transmission rate of the legal packets if the over legal packets may incur a breakdown of the network. The hosts sending these packets will be added into the Blocked DoS Host List. The device can defend a few types of DoS attack such as ICMP_FLOOD, UDP_FLOOD and TCP_SYN_FLOOD.

Packets Statistics Interval: Select a value between 5 and 60 seconds from the drop-down list. The default value is 10. The value indicates the time interval of the packets statistics. The result of the statistic is used for analysis by ICMP-Flood, UDP Flood and TCP-SYN Flood.

ICMP_FLOOD Attack Filter: Enter a value between 5 and 3600. The default value is 50. When the current ICMP-FLOOD Packets number is beyond the set value, the device will start up the blocking function immediately.

UDP_FLOOD Attack Filter: Enter a value between 5 and 3600. The default value is 500. When the current UPD-FLOOD Packets number is beyond the set value, the device will start up the blocking function immediately.

TCP_SYN_FLOOD Attack Filter: Enter a value between 5 and 3600. The default value is 50. When the current TCP-SYN-FLOOD Packets numbers is beyond the set value, the Device will start up the blocking function immediately.

Click Blocked DoS Host List to display the blocked DoS host table including host IP and host MAC. Click Refresh to renewal the table list. Click Clear to release all the blocked hosts. If you want to release one or some of the blocked hosts, select them and Click Unlock.

Enable or disable Access Control.

Select the filtering policy according to your need.

Allow the packets specified by any enabled access control policy to pass through the Device: The hosts listed below are allowed to access the internet under the rules. While others are forbidden to access.

Deny the packets specified by any enabled access control policy to pass through the Device: The hosts listed below are forbidden to access the internet under the rules. While others are allowed to access.

Enable or disable the desired entry.

Choose one of the protocols from the drop-down list used for the target, any of IP, TCP, UDP, or ICMP.

Enter the IP address or address range of the hosts that you need to control, for example 192.168.0.12-192.168.0.25.

Enter the IP address or address range of the targets that you need to control, for example 192.168.3.12-192.168.3.25.

Specify the port or port range for the target when protocol is TCP or UDP.

Specify the days in which the rules take effect.

Enter the time rule in HH:MM-HH:MM format, the default value is 00:00-24:00.

Enable or disable the desired entry.

Enter the Target Network IP, the address of the network or host to be visited. The IP address cannot be on the same network segment with the device’s WAN or LAN port.

Specify the netmask for the desired entry.

Enter the Gateway IP, the address of the gateway that allows for contact between the Device and the network or host

Specify the upper bandwidth for receiving packets from the WAN port. The maximum value is 100,000kbps.

Specify the upper bandwidth for sending packets from the WAN port. The maximum value is 100,000kbps.

Enable or disable the desired entry.

Enter the IP Range of the target hosts which need to be controlled of bandwidth, for example 192.168.0.12-192.168.0.25.

Enter the Port Range through which the target hosts visit external server, for example 1-63258.

Choose one of the protocols used for this application: TCP, UDP, or TCP/UDP.

Specify the minimum ingress bandwidth for the desired entry.

Specify the maximum ingress bandwidth for the desired entry.

Specify the minimum egress bandwidth for the desired entry.

Specify the maximum egress bandwidth for the desired entry.

Enter the IP address that you want to bind with the MAC address.

Enter the MAC address that you want to bind with the IP address.