Академический Документы
Профессиональный Документы
Культура Документы
User Guide
1 - 877 - 6 - SYSWAN
www.syswan.com
Copyright and Trademarks
Copyright © 2007-2008 Syswan Technologies, Inc. All rights reserved.
Brands and product names are trademarks or registered trademarks of their respective holders.
V1/RBEN
Table of Contents
Purpose ...........................................................................................................................................................iv
Audience..........................................................................................................................................................iv
Document Layout.............................................................................................................................................iv
Documentation updates...................................................................................................................................iv
Technical Support............................................................................................................................................iv
1. INTRODUCTION ......................................................................................................................................... 1
Overview.......................................................................................................................................................... 1
Main Features.................................................................................................................................................. 3
Other Features................................................................................................................................................. 5
2. BASIC SETUP........................................................................................................................................... 11
Overview........................................................................................................................................................ 11
Configuration Procedure................................................................................................................................ 12
Overview........................................................................................................................................................ 25
Port Options................................................................................................................................................... 25
4. ADVANCED CONFIGURATION............................................................................................................... 35
Overview........................................................................................................................................................ 35
Host IP Setup................................................................................................................................................. 35
Routing .......................................................................................................................................................... 38
UPnP ............................................................................................................................................................. 48
NAT................................................................................................................................................................ 49
Advanced Features........................................................................................................................................ 53
Overview........................................................................................................................................................ 56
URL Filter....................................................................................................................................................... 56
6. VPN CONFIGURATION............................................................................................................................ 62
Overview........................................................................................................................................................ 62
Overview........................................................................................................................................................ 73
8. DNS CONFIGURATION............................................................................................................................ 76
Overview........................................................................................................................................................ 76
Configure DNS............................................................................................................................................... 77
ii
SNMP ............................................................................................................................................................ 84
Syslog ............................................................................................................................................................ 85
Overview........................................................................................................................................................ 89
Routing .......................................................................................................................................................... 89
Operation ....................................................................................................................................................... 93
System Status................................................................................................................................................ 93
Overview...................................................................................................................................................... 100
Overview...................................................................................................................................................... 107
iii
Audience
This document is intended for all users of the Duolinks SW24 Series Load Balancers, from high level
administrators to end-users having basic knowledge of computers and the Internet.
Document Layout
This documentation is the User Guide for all versions of the Duolinks SW24 Series Load Balancers.
Some of the advanced features described in this Guide are specific to certain Duolinks SW24 Series Load
Balancer models. Such as:
VPN : Duolinks SW24 VPN and Duolinks SW24 VPN Plus models only.
VPN Failover : Duolinks SW24 VPN and Duolinks SW24 VPN Plus models only.
VPN Mesh : Duolinks SW24 VPN Plus model only.
Inbound load balancing / Built-in DNS Server : Duolinks SW24 VPN Plus model only.
Depending on your Duolinks SW24 model, some parts of this documentation may not apply to you. Advanced
functionalities which are specific to certain models are clearly indicated at the beginning of the relevant
Chapter.
Documentation updates
At Syswan Techologies our R&D team works each day to provide our customers with superior quality
products.
Features and firmware versions described in this documentation may not match the current releases. New
and enhanced features may be added to the Duolinks SW24 Series Load Balancers which might not be
covered or explained in this documentation.
Please visit our web site regularly for an updated version of this User Guide and for the latest firmware
releases that may have become available after your purchase.
Technical Support
Syswan Technologies offers free technical support for all problems related to Syswan products. Technical
Support can be reached by phone, email or you may use our online knowledgebase for extensive online
information on our product range and basic networking guidelines.
Phone : USA/Canada – 1-877-7-SYSWAN
International – 1-541-393-2222
Email : support@syswan.com
Go to http://www.syswan.com/knowledgebase to access our knowledgebase.
iv
1. Introduction
Congratulations on purchasing your Syswan Duolinks SW24 Series Load Balancer. The Duolinks SW24
Series Load Balancers provides uninterrupted Internet connectivity for multiple computers for SOHO, SMB
and corporate networks.
This chapter briefly describes the features of the Duolinks SW24 Series Load Balancers with more detailed
information in the chapters ahead.
Overview
The Syswan Technologies Duolinks SW24 Series high performance Dual WAN router provides a fast, secure
and reliable connection to the Internet. Using state of the art automatic redundancy and bandwidth load
balancing technologies, it allows fast, secure and reliable Internet connectivity to all networked computers in
home offices, small offices and small-to-medium sized organizations. With the addition of a second Internet
broadband connection, the Duolinks SW24 ensures your network not only remains connected to the Internet,
but all Internet traffic is constantly managed reliably and securely even during periods of high traffic and heavy
workloads.
Page 1
Flexible configurations
The flexible network configuration capabilities of the Duolinks SW24 allows it to be used in networks which
support Static Routing, RIP or Dynamic Routing. With UPnP you can automatically open and close networking
ports as required by certain applications. QoS helps give priority to critical traffic on your network taking
advantage of the maximum available bandwidth at all times. With these powerful features, the Duolinks SW24
can be quickly and easily integrated into any network.
As more people rely on the Internet for communication, so too does the need to rely on scalable, secure and
fast Internet connectivity. This means that there is no longer the need to limit your Internet needs with just one
ISP. The Duolinks SW24 resolves this issue by maximizing the benefits of two different ISP’s whilst minimizing
the need for costly upgrades and changes in existing network infrastructure.
Page 2
Main Features
Intelligent Load Balancing
Use two WAN ports simultaneously to increase the available bandwidth. Set the load balancing values for
each WAN port individually and configure the load balancing algorithm to suit your needs.
Multiple Connection Options
Use broadband access from any broadband provider including Leased links (T1). All standard xDSL,
Cable and Satellite modems and connection methods are supported, including Fixed IP, Dynamic IP,
PPPoE, multiple-session PPPoE and PPTP.
Secure Management
Secure access to the configuration interface locally from within your network or remotely via the Internet.
SPI Firewall
The industry standard protection for any network using built-in advanced Stateful Packet Inspection
technology against malicious attacks.
Access Filters and URL Blocking
Controls Internet access and available applications for network users. Up to five user groups can be
defined with each group assigned different access rights.
Multi DMZ
Supports up to 8 Static IP Addresses per WAN port.
Virtual Servers
Allows remote users to access servers on your network. Easily enable standard services such as Web,
FTP or Email or define your own servers and services.
Special Applications
Manage applications which do not directly work behind a firewall (example: online games).
Dynamic DNS
Allows the use of a Domain Name even when a fixed IP Address is not available.
QoS (Quality of Service)
Gain control over critical applications by assigning priority to your network traffic. This function will make
specified packets with higher priority for pass-through before low priority packets. This is useful if you use
real-time applications like Internet phone, video conference,. etc.
UPnP (Universal Plug and Play)
By enabling UPnP (Universal Plug & Play), the Duolinks SW24 Series Load Balancer will become one of
the network devices. Useful for discovery and control of network devices, such as Internet gateways.
Virtual Private Network (VPN) - Duolinks SW24 VPN and SW24 VPN Plus only
Up to 25 simultaneous Remote-to-LAN or LAN-to-LAN IPSec VPN tunnels with VPN Clustering.
DNS Load Balancing (Inbound) - Duolinks SW24 VPN Plus only
Built-in authoritative Domain Name Server (DNS) with inbound load balancing and DNS failover.
Page 3
Page 4
Other Features
4-Port Ethernet Switch
The Duolinks SW24 Series Load Balancers incorporate a 4-port 10 /100BaseT switch, making it easy to
create or extend your LAN.
DHCP Server
Dynamic Host Configuration Protocol provides a dynamic IP address to PCs and other devices upon
request. The Duolinks SW24 Series Load Balancers can act as DHCP Servers and provide dynamic IP
addresses to PCs and devices on your local LAN.
Multi Segment LAN Support
LANs containing one or more segments are supported, via the Duolinks SW24 Series Load Balancer's
built-in static routing table and “LAN Any IP” options.
ARP proxy
The ARP proxy feature allows you to assign an external (Internet) IP address to the Duolinks SW24
Series Load Balancer's LAN port. This allows servers on your LAN to have external (Internet) IP
addresses.
Easy Setup
Use your favorite web browser for configuration.
Secure SSL access
The Duolinks SW24 Series Load Balancers offer secure HTTPS (SSL) encryption by defaut when
accessing the management GUI. You may optionally deactivate this feature and use a classic (HTTP)
access if needed.
Remote Management
The Duolinks SW24 Series Load Balancer can be managed from any PC on your LAN. If an Internet
connection exists, it can also (optional) be configured via the Internet.
Password protected Configuration
Optional password protection is provided to prevent unauthorized users from modifying the configuration
data and settings.
Page 5
Page 6
Package Contents
The following items should be included with your purchase:
Duolinks SW24 Series Load Balancer
External power adapter
Two 5 feet Ethernet cables
Quick Installation Guide
CD-Rom containing the user guides and tools.
Rack mounts (19”1U).
If any of the above items are damaged or missing, please contact your dealer immediately.
Product Details
Front Panel
LAN
LINK/ACT ON – Physical connection or data in/out.
OFF – No physical connection.
10M/100M ON – The corresponding LAN port is using 100BaseT.
OFF – 10BaseT connection on the corresponding LAN port or no connection.
Page 7
WAN
LINK/ACT ON – Physical connection to the Broadband modem on WAN port 1/2 established.
OFF – No physical connection on WAN port 1/2.
10M/100M ON – Physical connection using 100BaseT on WAN port 1/2 established.
OFF – 10BaseT connection or no connection on WAN port 1/2.
System
Power OFF – No power.
ON – Normal Operation
Status OFF – Normal operation.
ON – Firmware not loaded or Hardware error.
Blinking – Data in/out
Some Status and Error conditions are indicated by combinations of LEDs, as shown below
If your discover any of the above error conditions, please contact our support team for assistance.
Page 8
Rear Panel
Note:
Any port will automatically operate as an "Uplink" port if required. Just use a LAN cable
to connect to a port on another hub.
WAN 1 Connect the primary Broadband Modem here.
Default Settings
When the Duolinks SW24 Series Load Balancer has finished booting after a factory reset, all configuration
settings will be set to factory default, including:
IP Address set to its default value of 192.168.1.1, with a Network Mask of 255.255.255.0
DHCP Server is enabled
User Name: admin
Password blanked (no password)
Page 9
TFTP Download
This setting should be used only if your Duolinks SW24 Series Load Balancer is unstable and if you wish to
restore it by downloading a new firmware version.
Follow this procedure:
1. Power On your Syswan Duolinks SW24 Series Load Balancer.
2. Use the supplied Windows TFTP utility or a TFTP client program to apply the new firmware. If using the
supplied Windows TFTP program, the software screen will look like the following example.
TFTP utility
Enter the name of the firmware upgrade file on your PC, or click Browse to locate the file.
Enter the LAN IP address of the Duolinks SW24 Series Load Balancer in the Server IP field.
Click Upgrade Firmware to send the file to the Duolinks SW24 Series Load Balancer.
3. When the download is completed the Load Balancer will reboot and work as normal.
Note:
The supplied Windows TFTP utility also allows you to perform other operations:
Save the current configuration settings to your PC (use the Save Configuration button).
Restore a previously-saved configuration file to the Duolinks SW24 Series Load Balancer (use the
Upgrade Firmware button).
Set the Duolinks SW24 Series Load Balancer to its default values (use the Set to Default button).
Page 10
2. Basic Setup
Overview
The Basic Setup of your Duolinks SW24 Series Load Balancer involves the following steps:
1. Configuring the Duolinks SW24 Series Load Balancer LAN settings to suit your needs.
2. Installing the Duolinks SW24 Series Load Balancer in your LAN and connecting the Broadband Modem or
Modems.
3. Configuring your Duolinks SW24 Series Load Balancer for Internet (WAN) Access.
4. Configuring PCs on your LAN to use the Duolinks SW24 Series Load Balancer.
Requirements
One (1) or two (2) DSL or Cable modems, each with an Internet Access account subscribed with an ISP.
Network cables. Use standard 10/100BaseT network (UTP) cables with RJ45 connectors
TCP/IP network protocol must be installed on all PCs.
Page 11
Configuration Procedure
1. Configuring the Duolinks SW24 Series Load Balancer for your LAN
1. Use a standard LAN cable to connect your PC to any Hub port on the Duolinks SW24 Series Load
Balancer.
2. Connect the power adapter and power up the Duolinks SW24 Series Load Balancer. Only use the power
adapter provided; using a different one may cause hardware damage.
3. Start your PC. If your PC is already running, restart it. It will then obtain an IP address (DHCP) from the
Duolinks SW24 Series Load Balancer.
4. Start your web browser.
5. In the Address or Location box enter : https://192.168.1.1
6. Accept to continue if you receive a warning for the SSL certificate. You will then be prompted for the User
Name and password, as shown below:
7. Enter admin for the "User Name" and leave the "Password" blank.
The default "User Name" is admin. You may change this in the admin setup page.
You can and you should set a password, using the following Admin Setup screen.
Page 12
8. After the login, you will first see the Admin Setup screen, as shown below.
You can assign a new username if you wish to change it from the default and a password by entering it in the
"Password" and "Verify" Fields.
Page 13
Important Note:
If you wish to use a classic access (http) instead of a secure access (https) to manage your load balancer,
you may change the local access port from 443 (default for https) to 80 (default for http). Otherwise, you will
need to specify the TCP port in the browser address box (ie: http://192.168.1.1:443) in order to access the
management interface.
Administrator Password
User name : You may change the defaut user name here.
New Password / Confirm Password : A password prevents unauthorized people from retrieving or changing
the device's configuration. New Password and Confirm Password must be the same.
Important Note:
If you forget your new username and/or the password, you will have to perform a “Reset to Default” by
pressing the reset button on the rear panel for more than 3 seconds.
The Syswan Support team will not be able to help you find the username and/or the password once they have
been changed from the default.
User names and passwords are case sensitive. You may use any combination of letters, signs or numbers
when creating them except the semi-colon (;) as it is used as the configuration seperator within the firmware.
You may configure these options if needed (Remote access, Scheduled Events…).
Depending on your admin setup configuration changes, you may be required to re-enter your user name and
new password to proceed.
Page 14
9. Select Basic Setup > LAN & DHCP from the menu. You will see a screen like the example below.
LAN IP Configuration
This is the IP address of your Duolinks SW24 Series Load Balancer on your network (LAN). The default
values shown are suitable for any network. If your existing network configuration uses another IP address
range or if the default IP address is already in use by another device, you may change this information to suit
your needs.
The default values shown in Network Mask are suitable for a class C network and will accommodate for 253
PCs or devices (ie printers etc). This is the most common network mask configuration. You may change this
information to suit your network settings. This information should be identical on all PCs and devices on your
local network (LAN).
Optional Configuration
This setting is intended for Advanced Users. For normal usage, it is recommended that you leave these
options at their defaults.
Note : Misconfiguring the LAN Any IP options may cause security issues when used in an uncontrolled
network enviironment (ie public networks…).
DHCP Configuration
These settings allow your Duolinks SW24 Series Load Balancer to allocate dynamic IP addresses to PCs and
other network devices using DHCP (Dynamic Host Configuration Protocol).
If you already have another DHCP server on your LAN, this setting must be disabled.
Page 15
10. Ensure that all settings are suitable for your LAN:
The default settings are suitable for many situations.
See the following table for details of each setting.
11. Click Submit to save your data, then go to Step 2, Installing the Duolinks SW24 Series Load Balancer on
your LAN.
Note : If you change LAN IP Settings, the Duolinks SW24 Series Load Balancer will instantly reboot in order
to deploy the new LAN configurations.
LAN IP IP address - for the Duolinks SW24 Series Load Balancer, as seen from the
Configuration local LAN. Use the default value unless the address is already in use or your
LAN is using a different IP address range. In the latter case, enter an unused IP
Address from within the range used by your LAN.
Subnet Mask - The default value 255.255.255.0 is standard for small (class C)
networks. For other networks, use the Subnet Mask for the LAN segment to
which the Duolinks SW24 Series Load Balancer is attached (the same value as
the PCs on that LAN segment).
Optional DHCP Server Setup - If Enabled, the Duolinks SW24 Series Load Balancer will
Configuration allocate IP Addresses to PCs (DHCP clients) on your LAN when they start up.
The default and recommended value is "Enable". (Windows systems, by default,
act as DHCP clients. This setting is called Obtain an IP address automatically.) If
you are already using another DHCP Server on your LAN, the built-in DHCP
Server on the Duolinks SW24 Series Load Balancer must be Disabled, and your
existing DHCP server must be configured to provide the IP address of the
Duolinks SW24 Series Load Balancer as the Default Gateway to your users.
LAN Any IP – By default it is disabled. If enabled, this option allows packets from
any IP subnet on this device's LAN segment to be NATed to this device's WAN
segment. Otherwise, only packets from the device's LAN IP subnet are allowed.
DHCP Lease Time – A finite period of time for a DHCP server to lease an IP address to
Configuration a client.
DNS Server IP for Client – An IP address of the default DNS server for the
client requesting DHCP service.
Offered IP Range fields set the values used by the DHCP server when allocating
IP Addresses to DHCP clients. This range also determines the number of DHCP
clients supported.
Page 16
DHCP List Free Entry indicates how many DHCP entries are not currently allocated and still
available.
This table shows the IP addresses which have been allocated by the DHCP Server
function. For each address which has been allocated, the following information is
shown.
Name – The "hostname" of the PC. In some cases, this may not be known.
MAC Address – The physical address (network adapter address) of the PC.
IP Address – The IP address allocated to this PC.
Type – Indicates IP address to be dynamic or static.
Status – If Dynamic, the IP address was allocated by this DHCP Server. If
Sniffed, the IP address was detected by examining the LAN, rather than
allocated by the DHCP Server. In this case, the Name is usually not known.
Time Left – The time left until the DHCP lease expires.
Page 17
Installation Diagram
1. First, verify that your Duolinks SW24 Series Load Balancer and your cable or DSL modems are powered
OFF. You have to leave the modems connected to their data lines and assure that appropriate DSL filters
have been installed as per your ISP installation specifications.
2. Using Ethernet cables connect your Broadband modems to the Duolinks SW24 Series Load Balancer’s
WAN ports on the back panel.
If you plan to use only one (1) Broadband modem, connect it to the "WAN 1" port.
Use the cable supplied with your DSL/Cable modem. If no cable was supplied, use a standard
Ethernet cable.
3. Connect the Ethernet cables from PCs to the LAN ports of your Duolinks SW24 Series Load Balancer.
Both 10BaseT and 100BaseT connections can be used simultaneously.
If you need to connect the Duolinks SW24 Series Load Balancer to another Hub, just use a standard
LAN cable to connect any port on the Duolinks SW24 Series Load Balancer to a standard port on
another hub.
Any LAN port on the Duolinks SW24 Series Load Balancer will automatically act as an «Uplink» port
when connected to another Ethernet switch or hub.
4. Power ON the modems and wait for synchronization (approx. 30 seconds).
5. Plug in the power adapter of the Duolinks SW24 Series Load Balancer to an electrical outlet and insert the
power cord into the DC 5V input on the back panel. Immediately the Power LED of your router will light up.
6. The corresponding WAN – Link/ACT LED will be ON if the WAN port is correctly connected to a Broadband
modem.
7. For each PC or device connected to the LAN ports, the corresponding LAN – Link/ACT LED (either 10 or
100) will be ON.
Page 18
3. Configuring the Duolinks SW24 Series Load Balancer for Internet Access
Make sure you have all the setup instructions provided by your ISP. If not, contact your ISP to obtain all the
necessary instructions for accessing the Internet using your Broadband modems before proceeding.
In this section you will need to enter the information provided by your ISP.
You can configure your WAN links using the following four possibilities with the information provided by your
ISP.
a) Static IP
Select Static IP from the Connection Type drop-down menu if your ISP states that you are connecting through
Static IP. Enter the IP Address, Subnet Mask, Gateway from the Address Information section. You will need to
enter at least one DNS Server information. Submit to save your configuration.
b) Dynamic IP
Select Dynamic IP from the Connection Type drop-down menu if your ISP states that you are connecting
through Dynamic IP (DHCP). You will need to enter at least one DNS Server information (Optional for
Dynamic IP). Submit to save your configuration.
c) PPPoE
Select PPPoE from the Connection Type drop-down menu if your ISP states that you are connecting through
PPPoE. Enter the User Name, Password and other required information provided by your ISP in the PPPoE
Dialup section. Submit to save your configuration.
d) PPTP
Choose the correct connection method indicated by your ISP, enable the PPTP Connection checkbox and
enter the relevant PPTP information provided by your ISP. Submit to save your configuration.
Other information
Host Name: This information is required in certain configurations and is specified by your ISP. If you have
received a Host Name from your ISP, you will have to enter it here. By default your load balancer comes with
a host name which is suitable for common situations.
Domain Name: This information is required in certain configurations and is specified by your ISP. If you have
received a Domain Name setting from your ISP, you will have to enter it here. Otherwise, you can leave this
blank.
MAC Address: Some ISP’s require the MAC address of your connection.This is a unique identifier for
Ethernet ports. Your load balancer has three MAC addresses: One for each WAN port and one for the LAN
port switch. By default your load balancer will show the corresponding MAC address of the WAN port. This
information is suitable for all common configurations.
Repeat the above procedure for your 2nd WAN port. When both WAN links are correctly configured, select
Submit and Reboot to save and activate your configuration.
Page 19
For any of the following situations, refer to Chapter 3: Advanced Port Setup for further configuration, which
may be required.
Multiple IP addresses on either port
Multiple PPPoE sessions
Page 20
The setup of your Duolinks SW24 Series Load Balancer for dual WAN routing is now complete.
The following section details how to configure PCs and other devices on your network to use the Duolinks
SW24 Series Load Balancer as the gateway and benefit from the twin WAN installation.
Page 21
Overview
For each PC, the following may need to be configured:
TCP/IP network settings
Internet Access configuration
TCP/IP Settings
If using the default Duolinks SW24 Series Load Balancer settings and the default Windows
95/98/ME/2000/XP/Vista TCP/IP settings no changes need to be made. Just start or restart your PCs or other
networked devices (ie network printer…).
By default, the Duolinks SW24 Series Load Balancer will act as a DHCP Server, automatically providing a
suitable IP Address (and related information) to each PC when the PC boots.
For all non-Server versions of Windows, the default TCP/IP setting is to act as a DHCP client. In
Windows, this is called Obtain an IP address automatically.
Just start (or restart) your PC, and it will obtain an IP address from the Duolinks SW24 Series Load
Balancer.
If you are using fixed IP addresses on your LAN or if you wish to check your TCP/IP settings, please refer
to Appendix B – Windows TCP/IP Setup.
Page 22
For Windows XP
1. Select Start Menu - Control Panel - Network and Internet Connections.
2. Select Set up or change your Internet Connection.
3. Select the Connection tab, and click the Setup button.
4. Cancel the pop-up «Location Information» screen.
5. Click Next on the «New Connection Wizard» screen.
6. Select «Connect to the Internet» and click Next.
7. Select «Set up my connection manually» and click Next.
8. Check «Connect using a broadband connection that is always on» and click Next.
9. Click Finish to close the New Connection Wizard.
Macintosh Clients
1. Open the TCP/IP Control Panel.
2. Select Ethernet from the Connect via pop-up menu.
3. Select Using DHCP Server from the Configure pop-up menu.
The DHCP Client ID field can be left blank.
4. Close the TCP/IP panel, saving your settings.
Note:
If using manually assigned IP addresses instead of DHCP, the required changes are:
- Set the Router Address field to the IP Address of your Duolinks SW24 Series router.
- Ensure your DNS (Name Server) settings are correct.
Linux Clients
It is only necessary to set the Duolinks SW24 Series router as the «Gateway» for the Linux Client and ensure
your Name Server settings are correct.
Make sure that you are logged in as «root» before attempting any changes.
Fixed IP Address :
By default, most Linux and Unix installations use a fixed IP Address. If you wish to continue using a fixed IP
Address, make the following changes to your configuration.
1. Set your Default Gateway to the IP Address of your Duolinks SW24 Series router.
2. Ensure your DNS (Name server) settings are correct.
Page 23
Page 24
3. Advanced Port
Overview
Advanced port options permits advanced WAN link related settings and optional connection configuration as
required by your ISP and helps fine tune of the twin WAN routing capabilities of your Duolinks SW24 Series
Load Balancer.
Port Options contain options which can be set on either or both WAN ports. For most situations, the
default values are satisfactory. For connection methods other than PPPoE, you may specify connection
health check settings here.
Load Balancing screen is only functional if you are using both WAN ports. It allows you to determine the
proportion of WAN traffic sent through each port and permits traffic specific settings.
Advanced PPPoE setup is required if you wish to use multiple sessions on one or both of the WAN ports.
It can also be used to manually connect or disconnect a PPPoE session. Otherwise, this screen can be
ignored.
Advanced PPTP setup is required if using the PPTP connection method.
Port Options
Page 25
Interface
MTU (Maximum Transmission Unit): Defines the maximum size of the packets sent from this device onto
the network. The default is 1500. Sometimes you may want the MTU to be the same as the smallest MTU of
all the networks between this device and a packet's final destination to avoid the packet from being
fragmented.The default MTU allows the Duolinks SW24 Series Load Balancer to automatically determine the
correct value.
Connection Health Check: Uses the following methods to check if the WAN interfaces are still connected to
the Internet.
ICMP: If it is enabled, this device will perform ICMP echo test on the link between the WAN port and the
specified host (Alive Indicator) periodically.
If there is at least one success echo out of four tries, this link passes the ICMP test. Otherwise, it fails.
HTTP: If it is enabled, this device will build a TCP connection between the WAN port and the Alive
Indicator first. Then the device will send a HTTP HEAD packet to the Alive Indicator periodically. If the
Alive Indicator replies with an acknowledgment out of 5 tries, the link passes the HTTP test. Otherwise,
it fails.
Traffic: If it is enabled and if there are packets through the WAN port in the Interval time, the WAN link
is considered as connected. Otherwise, the device refers to an active health check method such as
HTTP or ICMP.
Alive Indicator: This field should be filled in with a host name (FQDN) or IP address for the ICMP or HTTP
methods.
Bridge Mode: If enabled, traffic from LAN hosts with real IPs can go through the specified WAN port without
NAT translation, this device will work like a bridge switch for that specified WAN port.
NetBIOS Broadcast: If enabled, NetBIOS Broadcast packets are allowed to be passed through the device.
Transparent Bridge Options (For all interfaces)
Traffic Management:
Strict binding: If enabled, the traffic from LAN hosts go only through the bridged WAN interface.
Loose binding: If enabled, the traffic from LAN hosts go through the bridged WAN interface when the
specified link is connected. Otherwise, it goes to the alternative WAN interface in NAT mode. It will then
act like a failover mechanism for Transparent Bridge mode.
Load Balancing: If enabled, the traffic from LAN hosts go through the WAN interface based on the
loading mechanism specified in the Load Balance section. It will act like a load balancing mechanism
for Transparent Bridge mode.
No IP Translation: When Bridge mode is set to Loose binding or Load Balancing and if the bridged
WAN link is down, the packets from LAN hosts can go through an alternative WAN interface with its
original source IP if checked or with the alternative WAN IP (NATed) if unchecked.
ARP Table: This ARP table is applied on the device only in bridge mode. Its size can be adjusted if
necessary.
Page 26
WAN Port – Select a particular WAN port from the pull-down menu to setup
Interface WAN port configuration.
MTU – The Maximum Transmission Unit for the Ethernet data. This field
determines the packet size used on the WAN interface. Normally, this does
not need to be changed but if your ISP advises you to use a particular MTU,
enter it here. The default MTU value is 1500 Bytes.
Connection Health Check Method – There are three methods available for checking if a WAN port is
alive or not. Multiple choices can be selected when using it.
Disable will not perform an Alive Indicator Check. By default, Health Check
is set to Enable. If the “Alive Indicator” input box is left blank, Health Check
performs an ICMP echo packet request to the specific destination. This
could be either a URL or an IP Address specified by users in the “Alive
Indicator” input box or WAN interface gateway.
Interval – The interval time for device health check. The default interval
time is 60 seconds.
Alive Indicator – Enter the FQDN or the IP address of the remote host
which is used to check if the WAN connection is operational. The Duolinks
SW24 Series Load Balancer will contact this system to check if the WAN
connection is working or not. If you do not specify any information here,
the remote ISP gateway will be checked.
Note: This option is not used for PPPoE connections. PPPoE connections
use LCP Echo mechanism to validate link availability.
Transparent Bridge Bridge Mode – If set to Enable, this WAN port will not use the NAT and
Load Balancing features. Traffic from LAN hosts with real IPs will go
Option
through the specified WAN port without NAT translation, the device will
work like a bridged switch for that specified WAN port.
NetBIOS Broadcast – If enabled, NetBIOS Broadcast packets will be
allowed to pass through the device.
Transparent Bridge Traffic Management –
Options (For all Strict Binding: Traffic from bridge hosts (eg. transparent to WAN1) can
interfaces) only go through the specified WAN interface (eg. WAN1).
Loose Binding: Acts as a failover mechanism for transparent bridge
mode. Traffic from bridge hosts (eg. transparent to WAN1) can go through
any WAN interface (eg. WAN2 or other) when bind interface (eg. WAN1) is
down.
Load Balancing: Acts as a load balancing mechanism for transparent
bridge mode. Traffic from bridge hosts (eg. transparent to WAN1) can go
through any WAN interface (eg. WAN1, 2 or other) based on the loading
mechanism specified in the load balance section.
ARP Table – Used by the device to determine the bridge hosts’ location
(e.g. inside/outside WAN and which WAN). Its size can be adjusted if
needed. View ARP Tables displays ON/OFF selection of bridge mode on
each WAN port. Clear ARP Tables disables bridge mode on all WAN
ports.
Page 27
Load Balancing
This screen is only operational if using Internet connections on both WAN ports.
When load balancing is enabled, the device will automatically assign the WAN port that has the lightest
current load based on the Loading Share ratio.
Load Balancing Base on: Select the desired option to measure traffic load.
Bytes Tx + Rx: The link with the least number of bytes transmitted through the WAN port.
Packets Tx + Rx: The link with the least number of packets transmitted through the WAN port.
Sessions Established: The link with the least number of sessions built on the WAN port.
IP Addresses: The link with the least number of Host IP addresses built on the WAN port.
Loading Share: Enter the desired percent of traffic load for each WAN port.
Page 28
The Current Statistics and the Overall Statistics sections display WAN port status, usage and bandwidth
utilization statistics.
Traffic Current Statistics – Enable current packets loading share statistics for WAN1 &
Statistics WAN2.
Configuration
Overall Statistics – Enable overall packets loading share statistics for WAN1 &
WAN2.
Accumulated Statistics – Enable Accumulated statistics for WAN1 & WAN2 for a
defined time interval.
Current Current loading share table for WAN1 & WAN2.
Statistics
Overall Overall loading share table for WAN1 & WAN2.
statistics
Page 29
Advanced PPPoE
PPPoE (Point-to-Point Protocol over Ethernet) is a network protocol which is widely used by DSL service
providers today.
You may use the Advanced PPPoE settings to open multiple PPPoE sessions on the same WAN port. This
feature is provided by some ISPs and allows you to create Multiple PPPoE sessions over the same DSL link
and allows you to obtain a different public IP address for each opened session.
You can manually connect or disconnect a PPPoE session from this page.
PPPoE Session MTU: The Maximum Transmission Unit for the PPPoE session. The default value is 1492
bytes.
Note: You can bind individual PPPoE sessions to specific PCs on the Host IP page, if desired.
Page 30
WAN IP Account :The user account information that you need to enter for connecting to the PPPoE server.
Options
Fixed IP Address: If your PPPoE IP address is static (instead of dynamic), you need to enter the static IP
address.
Assigned Host Name: This field is used by a Host to uniquely associate an access concentrator with a
particular Host request.
Disconnect After Idle: Defines timeout value for disconnecting when there is no traffic on the connection.
Enter -1 to keep the connection always alive. Enter 0 to enable 'dial on demand’ trigger.
Echo Interval: Defines how often an Echo request is sent to the PPPoE server. It is recommended to leave
this setting at its default value.
Echo Retry: Defines the maximum number of times the Echo request is allowed to be sent to the PPPoE
server until a response is received. It is recommended to leave this setting at its default value.
Options Specified Fix IP Address – If you have a fixed IP address, enter if here.
Otherwise, this field should be left at 0.0.0.0.
Assigned Host Name – This field is used by a Host to uniquely associate an
access concentrator to a particular Host request.
Page 31
PPPoE Auto Dialup Auto Dialup Connect-on-demand – To enable or disable auto dialup for a
PPPoE connection. If you decide not to use auto dialup or auto disconnect, then
you have to connect/disconnect manually.
Disconnect After Idle – To decide the timeout for disconnecting when there is
no traffic on the connection. Enter -1 to keep the connection always alive. Enter
0 to enable 'dial on demand by trigger'.
Echo Time – To determine how often an Echo request is sent to the PPPoE
server. It is recommended to leave this setting at its default value.
Echo Retry – To determine the maximum number times that the Echo request is
allowed to be sent to the PPPoE server until a response is received. It is
recommended to leave this setting at its default value.
Connection Status This displays the current connection status for each session.
Page 32
Advanced PPTP
The PPTP (Point-to-Point Tunneling Protocol) is used to implement a virtual private network (VPN) between a
DSL subscriber and a DSL service provider when opening an Internet connection.
These setttings are needed only if required by your ISP and if you have checked the PPTP check box with
Static or Dynamic IP as your connection method on the Primary Setup page. You may use PPTP manual
dialup on this page or use Port Options for auto dialup on demand or configure this setting to be always
connected.
WAN Port
PPTP MTU: The default value is 1460 (bytes), the same as the maximum PPTP MTU for this device.
WAN IP Account
Server IP Address: The PPTP server IP Address specified by ISP.
Static IP Address: Fill in the IP address assigned by your ISP if you have a Static IP PPTP account,
otherwise use the default value 0.0.0.0.
Page 33
Auto Dialup: Use to enable or disable auto dialup for a PPTP connection. If you decide not to use auto
dialup or auto disconnect, then you have to connect/disconnect manually.
Disconnect After Idle: Use to decide the timeout for disconnecting when there is no traffic on the connection.
Enter -1 to keep the connection always alive. Enter 0 to enable 'dial on demand by trigger'.
EchoTime: To determine how often an Echo request is sent to the PPTP server. It is recommended to leave
this setting at its default value.
Echo Retry: To determine the maximum times that the Echo request is allowed to be sent to the PPTP server
until a response is received. It is recommended to leave this setting at its default value.
Page 34
4. Advanced Configuration
Overview
Advanced configuration section allows you to configure various NAT 1:1 related settings and other advanced
features (ie : Dynamic DNS, Multi DMZ, UpnP..) of your Duolinks SW24 Series Load Balancer.
Network Address Translation (NAT, which is also known as Native Address Translation, IP Masquerading or
Network Masquerading) is a technique used to translate network traffic passing through a router by rewriting
the source and destination IP addresses of IP packets. NAT enables many users on a local area network
(LAN) to share an Internet (WAN) access. Sometimes the TCP/UDP port numbers of IP packets are also
translated as they pass through (PAT - Port Address Translation).
The following advanced configration settings are covered in this section.
Host IP
Routing
Virtual Servers
Special Applications
Dynamic DNS
Multi DMZ
UPnP
NAT Setup
ARP Status
Advanced Features
Host IP Setup
This feature is used in the following situations:
If you have Multi-Session PPPoE and wish to bind each session to a particular PC on your LAN.
You wish to use the Access Filter feature. This requires that each PC be identified with its MAC address
by using the Host IP Setup screen.
If you wish to have different URL Filter settings for different PCs. This requires that each PC be identified
with its MAC address by using the Host IP Setup screen. You do not have to use the Host IP feature to
apply the same URL Filter settings to all PCs on your network.
If you wish to reserve a particular (LAN) IP address for a particular PC on your LAN. This allows the PC to
still use DHCP (Windows calls this "Obtain an IP address automatically") while gaining the benefits of a
fixed IP address. The PC's IP address will never change as it will be reserved in DHCP.
Page 35
This section defines hosts on your LAN and you can assign them to groups. These group can be applied to
Access Filter and Block URL features. You can also bind multiple PPPoE link sessions to individual hosts on
the LAN.
MAC Address:
This is your host's network adapter address.
Select Group:
Select a group to assign the host to.
Reserve in DHCP:
If this is enabled, the DHCP Server will always assign the Reserved IP Address to this host on request.
Reserved IP Address:
The IP address you wish to assign to this host.
Page 36
Page 37
Routing
This section is only relevant if your LAN has other Routers or Gateways.
If you do not have other routers or gateways on your LAN, you can skip the Routing configuration page.
If your LAN has other gateways and routers, you must configure the Static Routing screen as described
below. You also need to configure the other Routers.
Routing Page
Please refer to the Advanced LAN Configuration section of this user guide for more details.
Page 38
Virtual Servers
This feature allows you to define Servers on your network (LAN) that will be accessible to users from the
Internet. Without these settings, Internet users would not be able to access a server on your LAN because:
Your Server's IP address is only valid on your LAN, not on the Internet.
Attempts to connect to devices on your LAN are automatically blocked by the SPI firewall in the Duolinks
SW24 Series Load Balancer.
The "Virtual Server" feature allows Internet users to connect to servers that you assign as servers that are
visible to users from the Internet, as illustrated below.
Virtual Servers
Note that, in this illustration, both Internet users are connecting to the same public IP Address, but are using
two different protocols (ftp and http) to connect to two different servers on your network.
Once configured, anyone on the Internet can connect to your defined Virtual Servers. They must use the
Duolinks SW24 Series Load Balancer's Internet IP Address (the IP Address allocated by your ISP) to access
the Virtual Servers.
To Internet users, all virtual Servers on your LAN have the same IP Address. This public IP Address is
allocated by your ISP.
This public IP address should be static, rather than dynamic, to make it easier for Internet users to
connect to your Servers. However, you can use the Dynamic DNS feature (explained later in this chapter)
to allow users to connect to your Virtual Servers using a FQDN (URL), instead of an IP Address.
Page 39
The provided list covers all common server settings. Click on the required Server Name to Enable the server
and to indicate the Server’s IP address on your network.
You may add your own Virtual Server by defining a new name and indicating the Protocol, the required
Server’s IP on your network, the WAN Port Range and the Interface Binding settings.
Example :
To enable your HTTP server which has 192.168.1.100 as LAN IP address :
1. Select the Server Name “HTTP”
2. Click on Enabled check box
3. Enter 192.168.1.100 in IP address box and click Update
New servers can be added to the list using the same procedure and by clicking the Add button.
Page 40
Page 41
Special Applications
If you use Internet applications which have non-standard connections or port numbers, you may find that they
do not operate correctly because they are blocked by the firewall of the Duolinks SW24 Series Load Balancer.
To overcome this problem, you can define the application as a "Special Application" to make it to work.
Note that the terms "Incoming" and "Outgoing" on the following screen refer to traffic from the client (PC)
viewpoint :
Incoming - From Internet server to LAN PC
Outgoing - From LAN PC to Internet server
Special Application List This shows details of all Special Applications which are currently defined.
Page 42
Once the Special Applications screen is correctly configured, you can start using the defined application
on your PC. Only one (1) PC within your network can use a specific Special Application at any given time.
When a PC has finished using a specific Special Application, there may be a need for a "Time-out" period
before another PC can effectivly use the same Special Application.
You may be required to use the DMZ feature if a defined specific application does not work on your PC
after configuration. The reason would be that your PC requires a full and non NATed Internet access for
the specific application to work correctly.
Note: Adding a PC to the DMZ feature requires that basic security requirements are met on that PC as DMZ
devices are totally exposed to the Internet and are not protected by your Duolinks SW24 Series Load
Balancer’s firewall.
Please refer to the Multi DMZ section of the user guide for detailed information on setting up and securing
DMZ hosts.
Page 43
Dynamic DNS
Dynamic DNS is very useful when combined with the Virtual Server feature. It allows Internet users to connect
to your Virtual Servers using a Fully Qualified Domain Name (FQDN or URL address), rather than an IP
Address.
This also solves the problem of having a dynamic IP address. With a dynamic IP address, your IP address
may change whenever you connect to your ISP or at least once in every 24 hours.
If you wish to use this feature, first you must register for the Dynamic DNS services with a Dynamic DNS
service provider (ie http://www.dyndns.org). The Duolinks SW24 Series Load Balancer supports several types
of service providers:
Standard client or DYNDNS (http://www.dyndns.org)
TZO (http://www.tzo.com)
3322 is a service available only in China (http://www.3322.org)
Other sites may offer Dynamic DNS facilities that you may implement using the “User Defined DDNS Server”
option. Note that compatibility and functionality can not be guaranteed.
Page 44
Dynamic DNS Use this to Enable/Disable the Dynamic DNS feature, and select the required service
Service provider.
Disable – Dynamic DNS is not used.
TZO – Select this to use the TZO service (www.tzo.com). You must configure the
TZO section of this screen.
Standard Client – Select this to use the standard service (from www.dyndns.org or
other provider). You must configure the Standard Client section of this screen.
3322 – 3322 is available in China. It is similar to “Standard client”
User Defined DDNS Server – This is the user define DDNS server. If the DDNS
other than TZO, dyndns.org and 3322.
Additional These options are available if using the standard client.
Settings
Enable Wildcard – If selected, traffic sent to sub-domains (of your Domain name)
will also be forwarded to you.
Enable backup MX – If enabled, you must enter the Mail Exchanger address below.
Mail Exchanger – If the setting above is enabled, enter the address of the backup
Mail Exchanger.
WAN Port Select the WAN port on which the Dynamic DNS is used. The "Force Update" button will
Binding update your record on the Dynamic DNS Server immediately.
Page 45
The Dynamic DNS implemetation on the Duolinks SW24 Series Load Balancer permits a dynamic host name
for the device and does not provide individual dynamic host names for each WAN port configuration.
The Duolinks SW24 Series Load Balancers update Dynamic DNS information on the specified WAN port. In
the event of the specified WAN link failure, Dynamic DNS is automatically updated using the second WAN
port IP address, thus providing continuous and transparent access to your remote users via the dynamic host
name (FQDN or URL).
When the specified WAN port recovers from failure, Dynamic DNS settings are immediately updated to reflect
the original WAN port settings.
Page 46
Multi DMZ
This feature allows each WAN port public IP address to be associated with a computer on your LAN. All
outgoing traffic from that PC will be associated with that WAN port IP address. Any traffic sent to that IP
address will be forwarded to the specified computer, allowing unrestricted 2-way communication between the
"DMZ PC" and other Internet users or Servers.
Important Note:
The "DMZ PC" resides outside the Duolinks SW24 Series Load Balancer’s SPI Firewall, thus making it more
vulnerable to Internet attacks. For this reason, you should only enable the DMZ feature when required and
secure the DMZ PC locally (ie OS level port restrictions, local firewall...).
Page 47
UPnP
Universal Plug and Play (UPnP) is a set of protocols that simplifies the implementation of networks in SOHO,
SMB and corporate environments. This is achieved by publishing device control protocols built on Internet
communication standards.
With UPnP you can easily setup and configure an entire network, enable discovery and control of networked
devices and services. When UPnP is enabled, you will see your Duolinks SW24 Series Load Balancer as an
icon is the Network Neighbourhood when using Windows OS on your PC.
Settings – UPnP
UPnP Option UPnP (Univeral Plug & Play) can be enabled or disabled for automatic device
configuration. If disabled (Default), the router will not allow any device to
automatically control the resources.
Advertisement Interval – The Advertisement Interval is how often the router
will broadcast its UPnP information. This value can range from 2 to 1440
minutes. The default interval is for 30 minutes. Shorter time interval will ensure
that control points have current device status at the expense of additional
network traffic. Longer time interval may compromise the freshness of the
device status but can significantly reduce network traffic.
Outgoing Interface – Select though which WAN or LAN port you want to send
out traffic from UPnP. If the WAN port you select loses its connection, the router
attempts to use the other WAN port.
UpnP Port Mapping You can set the dynamic port mappings to Internet gateway via UPnP on Windows
List XP. This will allow you make a connection between applications and the defined
device.
Page 48
NAT
Network Address Translation (NAT, which is also known as Native Address Translation, IP Masquerading or
Network Masquerading) is a technique used to translate network traffic passing through a router by rewriting
the source and destination IP addresses of IP packets. NAT enables many users on a local area network
(LAN) to share an Internet (WAN) access. Sometimes the TCP/UDP port numbers of IP packets are also
translated as they pass through (PAT - Port Address Translation).
NAT is the technology which allows one or more WAN (Internet) IP addresses of your Duolinks SW24 Series
Load Balancer to be transparently used by all LAN users.
Page 49
Settings – NAT
NAT NAT Routing – Enables or disables NAT routing by checking or un-checking the
Configuration checkbox. If you disable NAT routing, this device will act as a Bridge or Static
Router. Most features, including Load Balance, will be unavailable. If some packets
have port numbers which cannot be translated for special applications, you must
input value in port range for Disable Port Translation.
TCP Timeout – The time during which TCP expects to receive the
acknowledgement from the destination. The default is 300 seconds.
UDP Timeout – The time during which UDP expects to receive the
acknowledgement from the destination. The default is 120 seconds.
TCP Window Limit – The maximum number of outstanding packets prior to TCP
receiving an acknowledgement. The default is 0 (no limit).
TCP MSS Limit – The largest amount of data that can be transmitted in one TCP
packet. The default is 0 (no change).
NAT Port Non-Port-Translation – To keep the source port number unchanged for TCP/UDP
Option sessions on the specified Port Range. Some special applications do not allow the
source port number to be translated.
Port Range – The Source Port Number Range for TCP and UDP protocol.
Specific TCP / UDP Timeout –To define specific Timeout for TCP/UDP sessions on
the specified Port Range.
NAT Alias For each alias entry the WAN IP acts as an alias of the host with Local LAN IP accessing
the Internet via the specified WAN port for the specified protocol packets, i.e. 1-1 NAT.
Enable – To activate or deactivate current entry.
Local LAN IP – The IP address of the host in LAN that wants to use the specific
WAN IP as its source IP.
WAN IP – The IP address used as the source IP of the packets sent out from the
specified host.
Protocol – The protocol that the current rule is applied to.
WAN – The WAN port that the current rule is applied to.
Allow Inbound (Virtual Server) – Enable check box, can be used as a virtual server
through alias WAN port.
NAT Alias List The List shows NAT Alias that is currently defined.
Page 50
ARP Status
Address Resolution Protocol (ARP) is the standard method for finding a host's hardware or MAC address
when only its network layer address is known. Media Access Control address (MAC address) is a unique
identifier of any network adapter (NICs).
ARP is used to convert addresses from a layer 3 protocol such as Internet Protocol (IP) to a layer 2 MAC
address. On broadcast networks like the Ethernet, the MAC address allows each host to be uniquely identified.
Example, the MAC address of a Duolinks SW24 Series Load Balancer : 00-1C-74-00-00-01
Typical ARP usage :
- Two hosts on the same network and one host wants to send a packet to the other
- Hosts on two different networks who need a gateway/router to reach each other
- By a router to forward packets through another router
- By a router to forward packets to a destination host on the same network
The ARP status page displays all the detailed MAC/IP mapping information on the device's Arp table and
provides tools for adding static ARP entries and for searching hosts with specific MAC addresses.
Page 51
Arp Entry Add / Specify IP and MAC address to add or update a record.
Update
Arp Query Check Input LAN or WAN IP address to query ARP.
Page 52
Advanced Features
The following advanced feature configurations are covered in this section.
External Filters Configuration : Limits the packets passing through the device from WAN to LAN.
DNS Loopback : If there is any domain in your private network you can setup the Domain Name &
Private IP mapping table for DNS query.
Application Binding : This feature allows the application specific packets to be bound to the specified
WAN port.
Session Persistency : This feature allows TCP sessions on defined ports to be bound to either one of
the WAN ports.
Protocol & Port Binding : It is similar to SMTP binding but you must setup additional data such as
Protocol & Port Range. If all the checked settings are met then the specific packet will be bound on the
specified WAN port.
Page 53
Session This feature allows TCP sessions on defined ports to be bound to the specified WAN
persistency port. Some applications require session persistency (ie online banking..). The Duolinks
SW24 Series load balancers automatically provide session persistency for SSL
(HTTPS/TCP port 443) widely used today.
Protocol & Port Enable – To activate or deactivate the current rule.
Binding
Source IP – The IP address that the packet's source IP will be checked against.
(0.0.0.0 is wildcard, means all IP range)
Destination IP / IP Address – The specific IP range that the packet's destination IP
will be checked against. (0.0.0.0 is wildcard, means all IP range)
There are two forms of Destination IP: If Subnet is selected, the IP Address and
Subnet Mask fields need to be filled. If IP Range is selected, the From and To fields
need to be filled.
Protocol – The protocol that the packet's protocol will be checked against.
Port Range – The specific port number range that the packet's destination port
number will be checked against.
WAN – The specific WAN port that the packet will be bound on if all the checked
items are met.
Strict Binding – If check box is enabled, that mean once the port binding is
disconnected, it will not switch to the WAN port that are still alive.
Page 54
Protocol & Port The List shows NAT Alias that is currently defined.
Binding List
Note : Once a sesssion is bound either via Session Persistency or via Protocol & Port Binding, the device will
maintain it on the choosen WAN port during the entire session. This is useful in some situations where Load
Balancing is not permitted or will be seen as a session hijack (ie: secure banking via non standard SSL
port…).
The device is set to automatically maintain Session Persistency for SSL connections (https) made via the
default TCP Port 443.
Page 55
5. Security Management
Overview
Enhanced security settings that are available and are discussed in this chapter :
URL Filter : You can block specific web sites by configuring their IP address, URL or Key words .
Access filter : You can block all Internet access, select blocks of well-known ports or block user define
ports for previously defined groups of LAN users.
Session Limit : You can limit user access to the Internet in the event of the device detecting any new
sessions that exceed the maximum sessions setting during the given sampling time.
Firewall Exception : This option bypasses the SPI Firewall and the NAT. It permits the specified packets
to be processed directly by the system protocol stack. As any unrecognized packet to the device are
normally rejected, if you want the device to accept any specific packets, you should build the
corresponding exception rules in this section.
URL Filter
This feature allows you to block or allow access to specific Web sites. You can block or allow Internet access
by URL, IP address, or Keyword. You can also have different blocking or allow access settings for different
groups of PCs.
When in operation, every URL is searched to see if it matches or contains any of the URL or keywords
specified. A DNS lookup determines the IP address of the requested site and the site's IP address is
checked against specified IP address entries. Depending on the results and the URL filter settings, access
is either granted or denied.
Page 56
Access Item This text field is to enable/disable the URL Filter function, and input URL keyword
phrase.
Page 57
Access Filter
You can use the Access Filter settings to gain control over the Internet access and applications available to
LAN users.
Five user groups are available and each group can have different access rights.
By default all PCs (users) are in the Default group unless specifically assigned to another group on the
Host IP screen.
Page 58
User- Defined Filter List List all enabled and disabled filter and have been defined.
Page 59
Session Limit
This feature allows to drop any new session requests from the WAN or the LAN when the total new sessions
number exceedes the maximum sessions during the sampling time.
Session Limit
Outgoing New Session Session Limit – Check this to enable limiting sessions.
Sampling Time – The period to count the new sessions. Only those new
sessions which occurred in the most recently Sampling Time are counted
for limit checking. (default: 400 mili-sec., maximum: 500 mili-sec., step: 50
mili-sec.)
Maximum of Total New session – If the number of new sessions for the
system exceeds the Maximum in the Sampling Time, any new session in
the system will be dropped. (default: 65535 sess./sec., maximum: 65535
sess./sec.)
Maximum of New Sessions for Host – If the number of new sessions for
the host exceeds the Maximum in the Sampling Time, any new session of
the host will be dropped. (default: 100 sess./sec., maximum: 999
sess./sec.)
Maximum of Dropped New Sessions for Host – If the number of
dropped new sessions for the host exceeds the Maximum in the Sampling
Time, any new session of the host will be dropped for the Pause Time.
(default: 25 sess./sec., maximum: 999 sess./sec.)
Pause Time for Host while exceeding limits on dropped new sessions
– Within the Pause Time, no new session of the suspended host will be
served by the system. (default: 5 min., maximum: 65535 min.)
Page 60
SysFilter Exception
The Duolinks SW24 Series Load Balancer’s built-in SPI firewall will automatically reject any unrecognized
packets. If you want the device to accept any specific packets, you should build the corresponding exception
rules using the System Filter Exceptions.
You will not need to modify the default settings or add anything here except if you are running a specific
application which needs the default SPI firewall and security settings modified on the load balancer.
Firewall Exception
System Filter Exception Enable – To activate or deactivate this rule.
Rules
Interface – The port that the packets enter the device on.
Protocol – The protocol of the packets to be accepted.
Foreign Port Range – The source port range of the packets to be
accepted.
Device Port Range – The destination port range of the packets to be
accepted.
System Filter Exception List all system rules that have been defined.
Rule List
Important Note : Misconfiguration of this section may lead to serious security threats for your network.
Page 61
6. VPN Configuration
Overview
This chapter applies to the Duolinks SW24 VPN and the Duolinks SW24 VPN Plus Load Balancers only.
Virtual Private Network (VPN), is a connection between two end points. VPN allows private data to be sent
securely over a public network, such as the Internet using encrypted tunnels.
Like the Syswan VPN Client, your Duolinks SW24 VPN Series Load Balancer uses industry standard IPSec
VPN protocol thus making all Syswan Technologies VPN solutions 100% compatible with each other.
The Duolinks SW24 VPN Series Load Balancers provide Remote-to-LAN and LAN-to-LAN VPN
configurations. VPN Tunnels can be configured for redundancy and failover and VPN MESH GROUPS can be
created when inter connecting two Duolinks SW24 VPN Plus Load Balancers.
Although the Duolinks SW24 VPN Series Load Balancer can interoperate with many other IPSec VPN
gateways and products, it is not in the scope of Syswan Technologies support team to provide specific
technical support to any third party gateways or products involved in your network configuration.
Important Note :
Data encryption may not be permitted by law in your country. Please make sure that you comply with
all local laws and regulations before building a VPN Tunnel.
Page 62
To configure IPSec VPN on your Duolinks SW24 VPN Series Load Balancer, first enable both WAN links
(WAN1 and WAN2) on the IKE Global Setup page. You may leave the default configuration which is suitable
for most common situations. The above example shows changes in default configurations for DH Group,
Encryption Method and Authentication Method.
You may change these settings and specify other options here.
Once both WAN links are configured for IKE, click Submit and Reboot.
Page 63
Global Parameter Enable Setting – If you enable check box WAN1, WAN2 or both, this will
start IPSec Global Setting.
ISAkmp Port – Internet Security Association and Key Protocol
Management (ISAkmp) is designed to negotiate, establish, modify and
delete security associations and their attributes. In particular, it was
assigned UDP port 500 by the IANA.
Phase 1 DH Group – Use DH Group 1(768-bits),DH Group 2(1024-bits),
Group 5 (1536-bits) to generate IPSec SA keys.
Phase 1 Encryption Method – There are three data encryption methods
available : DES, 3DES,and AES.
Phase 1 Authentication Method – There are two authentication
available. MD5 and SHA1 (Secure Hash Algorithm).
Phase 1 SA Life Time – By default the Security Association lifetime is
28800 Sec.
Maxtime to complete phase 1 – The aim of phase 1 is to authenticate
and establish a secure tunnel, which will protect further IKE negotiation.
The maximum time default is 10 sec.
Maxtime to complete phase 2 – Really establish the IPSec SAs. By
default the maximum time is 300 sec.
Log Level Select a VPN log level that you like to display on the VPN logs.
Page 64
Page 65
In case the first WAN link fails, the tunnel will be automatically created using the second configuration.
VPN Mesh
A VPN Mesh configuration is achieved by creating four (4) identical VPN tunnels between two Duolinks SW24
VPN Plus Load Balancers and by pointing each local WAN link to both WAN links on the remote device.
In the event of one WAN link failure, the VPN tunnel will still be maintained between both networks.
Page 66
Traffic Binding Interface – Select WAN1 or WAN2 for binding VPN tunnel.
Local Identity Option Type – There are three local WAN identity types to choose: IP address,
domain name and distinguished name.
Traffic Selector Protocol Type – You can choose either TCP/UDP/ICMP/GRE protocol as
your connection protocol. By default the protocol type is “Any”.
Local Security Network – These entries identify the private network on
this VPN router, the hosts of which can use the LAN-to-LAN connection.
You can choose a single IP address, the subnet, or a selected IP range to
make VPN LAN-to-LAN connection.
Remote Security Network – These entries identify the private network on
the remote peer VPN router whose hosts can use the LAN-to-LAN
connection. You can choose a single IP address, the subnet, or a selected
IP range to make VPN connection
Remote Security Gateway – You can either select remote side domain
name or remote side IP address (WAN IP address) as your remote side
security gateway.
Security Level Encryption Method – It specifies the encryption mechanism to use. Data
encryption makes the data unreadable if intercepted. There are three
encryption method available; DES/3DES and AES. The default is null.
Authentication – It specifies the packets authentication mechanism to
use. Packets authentication proves that data comes from source you think
it comes from. There are three authentications available. MD5, SHA1 and
SHA2.
Page 67
Key Management Key Type – There are two key types (manual key and auto key) available
for the key exchange management.
Manual Key – If manual key is selected, no key negotiation is needed.
Encryption Key- This field specifies a key to encrypt and decrypt IP traffic.
Authentication Key – This field specifies a key use to authentication IP
traffic. Inbound/outbound SPI (Security Parameter Index) – is carried on
the ESP header. Each tunnel must have a unique inbound and outbound
SPI, and no two tunnels share the same SPI. Notice that Inbound SPI
must match the other router’s outbound SPI.
AutoKey (IKE) – There are two types of operation modes can be used.
1. Main mode accomplishes a phase 1 IKE exchange establishing a
secure channel.
2. Aggressive Mode is another way of accomplishing a phase 1
exchange. It is faster and simpler than main mode, but does not
provide identity protection for the negotiating nodes.
Perfect Forward Secrecy (PFS) – If PFS is enable, IKE phase 2
negotiation will generate a new key material for IP traffic encryption &
authentication. Preshared Key – This field is to authenticate the remote
IKE peer.
Key Lifetime- This is specified the lifetime of the IKE generated Key. If the
time expires or data is passed over this volume, a new key will be
renegotiated, By default, 0 is for no limit.
Tunnel List Lists all VPN tunnel that are configured. You can modify, update or delete VPN
records.
Page 68
Dead Peer Detection Dead Peer Detection (DPD) uses IPSec traffic patterns to minimize the number of
Feature IKE messages that are needed to confirm aliveness. DPD mechanisms, is
needed to determine when to perform IKE peer failover, and to reclaim lost
resources.
Detection – Checked will enable Dead Peer Detection.
Check Method: ICMP – use ICMP packets to prove aliveness. Heartbeat is
referring to a unidirectional (a HELLO only) message to prove aliveness.
Keep alive is referring to bi-directional (HELLO/ACK) message to prove
aliveness.
Action – Executed action after DPD failure. There are Failover, Remove
Tunnel and Keep Tunnel Alive options available for this action.
Logging – enable logging will display log on VPN log view list.
Page 69
NAT Traversal Feature NAT Traversal – Enable/Disable NAT Traversal within the VPN tunnel.
Keep Alive Interval – Time to keep NAT entries.
UDP Checksum – Enable/Disable UDP Checksum for NAT Traversal.
Page 70
This section only applies to the Duolinks SW24 VPN Plus Load Balancer.
The following section will help guide you on how to configure VPN load balancing through the mesh group
setup.
1. On the mesh group configuration page, click Create to display a configuration page similar to the “VPN
policy” setup page.
Page 71
2. Configure the Mesh group as per your LAN-to-LAN VPN network requirements.
Page 72
7. QoS Configuration
Overview
Quality of Service (QoS) offers the capability to a network to provide a better service to selected network
traffic within TCP/IP networks. The goal of QoS is to provide priority to identified network traffic including
dedicated bandwidth, controlled jitter and latency that is required by real time applications while improving
quality by reducing packet loss.
The Duolinks SW24 Series Load Balancer provides QoS based on the Type of Service (ToS) header or by
using user defined QoS policies.
Once enabled, it will classify outgoing packets based on policies and enable real-time applications to get
better response or performance.
QoS Setup
The following configuration page guides you on how to setup QoS.
Page 73
Page 75
8. DNS Configuration
Overview
This chapter only applies to the Duolinks SW24 VPN Plus Load Balancer.
The Domain Name System (DNS) associates various information to a domain name. The primary function of a
DNS server is to translate IP addresses into host names and host names into IP addresses (e.g.
www.syswan.com translates to 72.167.0.118). A DNS Server stores all information related to a given domain
name like a list of email servers, web servers or FTP servers. A DNS Server provides a name based
redirection system which is an essential component of Internet activity today.
DNS configuration is necessary if you want to use Inbound Load Balancing mechanism in your network
environment. You must know how to change IP addresses of your DNS servers at the registrar level (NIC) to
point to public IP addresses of your load balancer WAN ports as follows :
After this registrar level update, your registrar will redirect to your Duolinks SW24 VPN Plus Load Balancer all
DNS requests for your domain (e.g.A, NS, CNAME, MX). You will need to set the SOA resource records and
configure DNS & Map Host URL pages in the DNS Configuration section to enable DNS response and to
direct specific traffic to servers within your LAN.
Note that DNS propagation after a modification might take from 24 to 72 hours depending on the type of your
TLD and your registrar.
Important Note :
You will need to check with your Internet Service Provider or your ISP service agreement
documentation to make sure that there are no restrictions for hosting content on your WAN links.
Page 76
Configure DNS
In order to make inbound load balancing work, you have to accommodate for servers on the LAN side of your
Duolinks SW24 VPN Plus Load Balancer. It is also necessary for you to own or newly register at least one
domain name. You will also need fixed public IP addresses for each of your WAN ports.
The Duolinks SW24 VPN Plus Load Balancer can host upto 6 SOA records (domains) and accommodate for
30 host URLs per domain (ie: www, ftp…).
Note :
Once you have registered your domain name and have the above server hardware structure installed within
your LAN, you can configure inbound load balancing through the DNS setup pages as shown in the following
example.
Page 77
SOA (Start Of Authority) Domain Name/Primary Name Server –These are fully qualified
Record domain names (FQDN). e.g. www.mydomain.com. It should terminate
with a dot (.), otherwise the domain name will be added after it.
Admin. Mail Box – Email address for the domain administrator. You
should use dot(.) to replace the at symbol(@) in the mail address.
e.g. if Email address is super@mydomain.com. you should fill it as
super.mydomain.com.
Serial Number/Refresh Interval/Retry Interval/Expiration /Minimum
TTL – These are referenced in RFC1035 or set by the default value.
NS (Name Server) Record Pri. Name Server/Sec. Name Server – IP Address of your DNS
server.
Public WAN IP Address – By default, this is: 0.0.0.0. This device will
use the current WAN port IP address the same as DNS index. e.g.
DNS1 Pri./Sec. Name Server used WAN1/WAN2, otherwise enter a
public IP addresses provided by the ISP.
MX (Mail Exchange) Record Mail Exchange – FQDN for this mail server
Preference – Preference is the priority order, 0 being the highest
priority.
Location/IP Address – Select Private and enter IP Address with its
private address if the mail server is inside your LAN. Otherwise select
Public and enter its public IP Address.
Page 78
Page 79
Page 80
9. Management Assistant
Overview
The following settings are discussed in this chapter :
Admin Setup
Email Alert
SNMP
Syslog
Diagnostic Tools
Upgrade Firmware
Admin Setup
This page is intended for various administrator related settings. Please see “Admin Setup” section in Chapter
2 for more details.
Page 81
Email Alert
This feature will send a warning email, informing the System Administrator that one of the WAN ports has
been disconnected.
Email Alert – You can choose to enable or disable the sending of a warning email.
Email Sender Address – The email address which will send the warning email.
Email (SMTP) Server Address – The email server address that the warning email will be sent from.
Email Recipient Address – The email address of the System Administrator the email will be sent to.
Page 82
Note:
If the email server is on the LAN side, then SMTP server should be entered as an IP address ( ex.
192.168.1.x ).
If the email server is on LAN site, and the SMTP server is using domain name instead of IP address, then you
should enable “DNS loop-back” for that FQDN in the Advanced Setup > Advanced Features page.
Page 83
SNMP
SNMP (Simple Network Management Protocol) is used in network management to monitor network devices
for conditions that may requirer attention.
This section is only useful if you have installed a SNMP (Simple Network Management Protocol) software on
your PC. If so, you may use a standard MIB II file with your Duolinks SW24 Series Load Balancer to monitor
network and device activity.
Settings – SNMP
System This is the system information which will identify this device.
Information
Community A relationship between a SNMP agent and a set of SNMP managers that defines
authentication, access control and proxy characteristics.
Trap Targets Up to three IP addresses can be entered. SNMP Trap information will be sent to these
target addresses.
Page 84
Syslog
Syslog is a standard for sending log messages within a TCP/IP network and is often used for network and
security auditing purposes.
A syslog client usually sends a syslog message to the syslog server using UDP or TCP protocol.
The Duolinks SW24 Series Load Balancer can internally store the last 100 Syslog messages and/or send
them on the fly to the specified Syslog Server for real time system information updates.
Syslog Configuration – Syslog Configuration allows you to specify where to send system information. You
can define up to three remote Syslog Servers and define priority level for each.
Message Status – Messages sent will only be kept locally if “keep sent message” is checked. Only the last
100 messages are kept in device memory and are cleared during a reboot or power off.
SNTP – You can define up to 3 SNTP servers to enable the load balancer to obtain GMT. By defining your
time zone, your system and logs will show the current date and the correct time. If no time servers are defined
by the user, the system will try to obtain GMT time from a public SNTP server. DST (Daylight Saving Time) is
not available.
Syslog Page
Page 85
Syslog Configuration
Syslog Delivery Sending Out – If checked, the device will send syslog messages to other
machines (log servers).
Keep Sent Message – If checked, the sent messages will be kept on the
device, otherwise they will be deleted.
Syslog Servers –
IP Address: Up to 3 syslog servers can be used.
Enable: If checked, the log message will be sent to the server. You can
disable or enable each server temporarily.
Port: If your syslog server does not use the default port (514), change it.
Log Priority Level: The messages are grouped into 8 priority levels, from
Emergency to Debug. The lower level it is, the more messages it will
generate. Emergency is the highest priority level, and Debug is the lowest.
Setting priority to Debug will send all generated messages.
Log Priority Modules This feature displays and controls the current log priority for each module. For a
module with different priorities, the different level of messages will be generated in
Syslog. A lower level of log priority for a module will generate more messages.
DEBUG is the lowest level of log priority.
SNTP Configuration SNTP Servers – Up to 3 SNTP servers can be used for GMT. You can enter
its IP or Domain address here. You can use some servers such as time-
a.nist.gov, time.nist.gov, time-nw.nist.gov, etc.
Time Zone – This lists all time differences between GMT and the local time
selected by you.
Page 86
Diagnostic Tools
This page provides tools for troubleshooting the network connectivity, DNS name resolving and Arp lookup
problem.
IP Tools
ICMP Method :
Test network connectivity by issuing ICMP Echo Request (Ping) packets to the specified destination
(Name/IP). The detailed result will be shown in each column.
HTTP Method :
Test network connectivity by establishing HTTP (TCP Port 80) session to the specified destination (Name/IP).
The detailed result will be shown in each column.
DNS Method :
Test network connectivity by sending DNS query (UDP Port 53) packets using the specified FQDN. The
corresponding IP address will be shown in the destination column if succeeded.
Check Arp :
Lookup the MAC address by specifing the corresponding IP address, detailed result will be shown in each
column if found.
Page 87
Upgrade Firmware
The Upgrade Firmware screen allows you to upgrade firmware or to backup and restore your system
configuration.
You can backup your system configuration by clicking Save. It will save the system configuration on to
your hard drive.
You can perform firmware upgrades by inputting the correct username, password and the firmware file
location and by clicking Upgrade. If required (please see firmware release notes), you may launch a
Factory Reset by clicking Factory Settings.
Important note:
Do not Reset or Restart the device while a firmware or configuration update is in progress, as it may
cause severe and permanent damage to the load balancer.
Damage resulting in resetting your load balancer during a firmware or configuration update is NOT
covered by the standard 2 year warranty.
Page 88
Routing
This section is only relevant if your LAN has other routers or gateways.
If you do not have other routers or gateways on your LAN, you can skip the Static Routing page.
If your LAN has other gateways and routers, you must configure the Static Routing screen as described
below. You will also need to configure all the other Routers in your network in the same way.
Please refer to the constructor documentation provided with your other routers or gateways on how to
configure static routing options on those.
Page 89
Note:
If there are entries in the Routing table with an Index of zero (0), these are system specific entries. You cannot
modify or delete them.
Settings – Routing
Dynamic RIP v2 – RIP is a dynamic routing protocol which is used to direct traffic over the
Routing network. Disable it if you do not need to use it.
LAN, WAN1, WAN2 – If enabled, any WAN or LAN can execute RIP function.
Static Routing If there is more than one router on a network, this Routing table must be configured
because the router needs to know what packet goes to which router. A routing table entry
is required for each LAN segment on the network.
Network Address – Network Address is the address of the destination network
segment.
Netmask – The subnet mask used to select the bits from an IP Address that
corresponds to the subnet.
Gateway – The IP router that the packets destined for the subnet with Network
Address will be forwarded to.
Interface – The device's port that the packets destined for the subnet with Network
Address will be passed through.
Metric – The number of routers that must be traversed to reach the destination
network segment.
Page 90
All traffic for devices not on the local LAN must be forwarded to the Duolinks SW24 Series Load Balancer, so
that they can be forwarded to the Internet. This is done by configuring other routers to use the Duolinks SW24
Series Load Balancer as the Default Route or Default Gateway, as illustrated by the example below.
Routing Example
Entry 1 (Segment 1)
Destination IP Address 192.168.2.0
Network Mask 255.255.255.0
Gateway IP Address 192.168.1.100
Interface LAN
Metric 2
Entry 2 (Segment 2)
Destination IP Address 192.168.3.0
Network Mask 255.255.255.0 (Standard Class C)
Gateway IP Address 192.168.1.100
Interface LAN
Metric 3
Page 91
Page 92
System Status
Use the System Status link on the main menu to view this screen.
Page 93
Device System UpTime – The time since the system of a device was last reinitialized.
Statistics
CPU Usage – The current usage percentage of CPU.
Memory Usage – The current usage percentage of Memory Heap.
Packet Queue Usage – The current usage percentage of Packet Queue.
Page 94
When the "Factory Settings" button on the Status screen above is clicked, the following screen is displayed.
Page 95
WAN Status
Use the WAN Status link on the main menu to view this screen.
System Status
Current Current loading share for WAN1, WAN2.
Statistics
Accumulated The statistics for WAN1 & WAN2 packets with a period of time. User can define the time
Statistics period through load balancing web page setup.
Overall Overall loading share (receive & transmit) packets for WAN1 and WAN2.
statistics
Page 96
NAT Status
This screen is displayed when you click the "Check NAT Detail" button on the WAN Status screen.
Page 97
NAT Status
Active Interface IP Info Interface – LAN and WAN interface of the Duolinks SW24 Series Load
Balancer.
IP Address – The WAN (Internet) & LAN IP Address of the Duolinks SW24
Series Load Balancer.
Subnet Mask – The Network Mask (Subnet Mask) for the IP Address above.
NAT Timeouts This displays the current timeout values for TCP and UDP connections.
TCP Prosperity This displays the MSS (Maximum Segment Size) and Maximum Window size for
TCP packets.
NAT Traffic This section displays statistics for both outgoing (LAN to Internet) and Incoming
(Internet to Local) traffic.
Connections List This displays the current number of active connections. For further details, click
the "View Connection" list button.
Errors Statistics are displayed for Checksum errors, number of retries, and number of
bad packets.
Misc. This displays the total IP packets and reserved address.
Page 98
Appendix A
Specifications
Models Duolinks SW24 Load Balancer
Duolinks SW24 VPN Load Balancer
Duolinks SW24 VPN Plus Load Balancer
Dimensions 245mm (W) x 137mm (D) x 30mm (H)
Operating 0 C to 40 C
Temperature
Storage -10 C to 70 C
Temperature
Network Protocol TCP/IP
Network 6 x Ethernet :
Interfaces
4 x 10/100BaseT (RJ45) auto-Switching Hub ports for LAN devices
2 x 10/100BaseT (RJ45) for WAN
LEDs 8 x LAN
4 x WAN
1 x Status
1 x Power
External Power 5 V 1.5A DC
Adapter
FCC Statement
This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions:
1. This device may not cause harmful interference.
2. This device must accept any interference received, including interference that may cause
undesired operation.
CE Marking Warning
This is a Class A product. In a domestic environment this product may cause radio interference in which case
the user may be required to take adequate measures.
Page 99
Appendix B
Windows TCP/IP Setup
Overview
TCP/IP Settings
If using the default Duolinks SW24 Series Load Balancer settings, and the default Windows
95/98/ME/2000 TCP/IP settings, no changes need to be made.
By default, the Duolinks SW24 Series Load Balancer will act as a DHCP Server, automatically providing a
suitable IP Address (and related information) to each PC when the PC boots.
For all non server versions of Windows, the default TCP/IP setting is to act as a DHCP client.
If you wish to check your TCP/IP settings, the procedure is described in the following sections.
If your LAN already has another router, the Network Administrator must re-configure it.
1. Select Control Panel - Network. You should see a screen like the following:
Page 100
Using DHCP
To use DHCP, select the radio button Obtain an IP Address automatically. This is the default Windows
settings.
Restart your PC to ensure it obtains an IP Address from the Duolinks SW24 Series Load Balancer.
Page 101
On the DNS Configuration tab, ensure Enable DNS is selected. If the DNS Server Search Order list is
empty, enter the DNS address provided by your ISP in the fields beside the Add button, then click Add.
Page 102
Page 103
Using DHCP
To use DHCP, select the radio button Obtain an IP Address automatically. This is the default Windows
settings.
Restart your PC to ensure it obtains an IP Address from the Duolinks SW24 Series Load Balancer.
Page 104
Page 105
Using DHCP
To use DHCP, select the radio button obtain an IP Address automatically. This is the default Windows
settings.
Restart your PC to ensure it obtains an IP Address from the Duolinks SW24 Series Load Balancer.
Page 106
Appendix C
Troubleshooting
Overview
This chapter covers some common problems that may be encountered while using the Duolinks SW24 Series
Load Balancer and some possible solutions to them. If you follow the suggested steps and the Duolinks SW24
Series Load Balancer still does not function properly, contact our support team or your dealer for further
assistance.
General Problems
Problem 1: Can't connect to the Syswan Duolinks SW24 Series Load Balancer to configure it.
Solution 1: Check the following:
The Duolinks SW24 Series Load Balancer is properly installed, LAN connections are
OK, and it is powered ON.
Ensure that your PC and the Duolinks SW24 Series Load Balancer are on the same
network segment. (If you don't have a router, this must be the case.)
If your PC is set to "Obtain an IP Address automatically" (DHCP client), restart it.
If your PC uses a Fixed (Static) IP address, ensure that it is using an IP Address within
the range 192.168.1.2 to 192.168.1.254 and thus compatible with the Duolinks SW24
Series Load Balancer’s default IP Address of 192.168.1.1.
Also, the Network Mask should be set to 255.255.255.0 to match the Duolinks SW24
Series Load Balancer defaults.
In Windows, you can check these settings by using Control Panel-Network to check
the Properties for the TCP/IP protocol.
Internet Access
Problem 1: When I enter a URL or IP address I get a time out error.
Solution 1: A number of things could be causing this. Try the following troubleshooting steps.
Check if other PCs work. If they do, ensure that your PCs IP settings are correct. If
using a Fixed (Static) IP Address, check the Network Mask, Default gateway and DNS
as well as the IP Address.
If the PCs are configured correctly, but still not working, check the Duolinks SW24
Series Load Balancer. Ensure that it is connected and ON. Connect to it and check its
settings. (If you can't connect to it, check the LAN and power connections.)
If the Duolinks SW24 Series Load Balancer is configured correctly, check your Internet
connection (DSL/Cable modem etc) to see if your load balancer is connected to the
Internet and that it is working correctly.
You may use the diagnostic tools available in the Management Assistant menu to
trouble shoot Internet access problems.
Page 107
Problem 2: Some applications do not run properly when using the Duolinks SW24 Series Load
Balancer.
Solution 2: The Duolinks SW24 Series Load Balancer processes the data passing through it, so it is
not transparent.
Use the Special Applications feature to allow the use of Internet applications which do not
function correctly.
If this does not solve the problem, you may have to use the DMZ function. This should
work with most applications.
Note :
The SPI firewall is disabled for DMZ PCs.
Only one (1) PC can use this feature per public IP (WAN) address.
Page 108