Virtual
Gateway By Home Teachers India
Note:
Note:
Note:
The default gateway
IP address of the default gateway channel through SSL VPN. The shape of the
physical unit functions of the Port Replicator logically independent use of
technology with the default gateway configuration and service for all the
logical gateway independently of each other. In this way, the device of an
institution to meet the requirements of several companies or departments.
·
1. Overview
Overview This section describes the basic concepts of the default gateway, IT concepts.
Overview This section describes the basic concepts of the default gateway, IT concepts.
·
2. Application scenarios
Application scenarios This section describes the actual application scenarios intranet gateway unarmed systems
Application scenarios This section describes the actual application scenarios intranet gateway unarmed systems
·
3. Mechanism
·
The mechanism of this section of the
principles of the default gateway Intranet unarmed systems
·
Configuration Flow
The composition of this section describes the configuration of default gateways. The application can be flexibly on the basis of networks.
The composition of this section describes the configuration of default gateways. The application can be flexibly on the basis of networks.
·
2. Virtual Gateway generation
The establishment of the default gateways in this section describes how to create a virtual gateway status information.
The establishment of the default gateways in this section describes how to create a virtual gateway status information.
·
6 Virtual Gateway System
Virtual Gateway system configuration of the default gateway system covers the default gateway DNS server is configured, the default gateway Default Gateway SSL, director of policy at the level of the page to specify default gateway
Virtual Gateway system configuration of the default gateway system covers the default gateway DNS server is configured, the default gateway Default Gateway SSL, director of policy at the level of the page to specify default gateway
·
7 Configure Intranet Insulation Items
The composition of the INTRANET INSULATION during the configuration of the default gateway, the function of the intranet to allow isolation. Only after specifying the function, you can configure, Network Address Translation The actual source of the Gateway router default gateway. If the function is disabled, you can configure Network Address Translation The actual source of the Gateway router of the layer.
The composition of the INTRANET INSULATION during the configuration of the default gateway, the function of the intranet to allow isolation. Only after specifying the function, you can configure, Network Address Translation The actual source of the Gateway router default gateway. If the function is disabled, you can configure Network Address Translation The actual source of the Gateway router of the layer.
This section
describes the basic concepts of the default gateway, IT concepts. From the
logically independent gate on svn called Virtual
Gateway. The Entity physical svn can have multiple independent logic
gates work with virtual gateway, and is designed to address the needs of
several companies or branches of an institution. Configure the default gateway
all services to make available, regardless of any other
The virtual gateway
is a module on the SVN the SSL VPN function. The Client is a terminal by SSL
VPN user is used. The data is transferred between the client and the Virtual
Gateway via an SSL encrypted.
Note:
If you select the SSL VPN Gateway, the image does
not include devices such as the firewall.
This section
describes the application scenarios of Virtual Gateway and intranet insulation
systems.
The SVN can be divided into several logically independent
SSL VPN gateways, namely virtual gateways. You can configure separate services
and information about this virtual gateways refined management and deployment
to implement.
Note:
The number of virtual
gateways from the SVN is supported by the license. By default, the SVN supports
a virtual gateway.
To mark the Virtual Gateway, the image does not
include devices such as the firewall.
Individual Virtual
Gateway
You can configure
only one virtual gateway on the SVN, so that all users can access this virtual
gateway. Figure 1-2 Shows the typical networking of the
individual virtual gateway. Users can access from the Internet or enterprise
intranet.
Multiple Virtual Gateways
You can configure
multiple virtual gateways in the SVN so that various departments have different
virtual gateways. For example, different ACLs are required if the employees in
different departments have different resources and services. In this case, you
can assign a virtual gateway to each department and independently to configure
users, resources and guidance for you.
Figure 1-3 Shows the
typical networking of multiple virtual gateways. Virtual Gateways A, B and C
offer services for Divisions 1, 2 and 3.
Note:
Multiple Virtual
Gateways implement service isolation (different Virtual Gateways offers a
variety of services), but not physical network isolation. For example, in Figure 1-3the various departments
, IP addresses must be unique.
Intranet Insulation Gateway
Intranet insulation
is a special application, physical network isolation (IP address reuse) into
multiple virtual gateway scenario is implemented. If the SVN is rented to
various companies, the IP address conflicts may occur, because every company
has its own network plan. The traditional multiple virtual gateways cannot
solve the problem. The Intranet insulation function is required.
The Intranet
insulation function splits the SVN into multiple virtual gateways. Of common
multiple Virtual Gateways, this virtual gateways are independent. Each of
them has its own forwarding of information such as IP addresses and routes. In
this way, each virtual gateway has its own forwarding paths and IP-address is
the re-use is implemented.
Figure 1-4 Shows the
networking of the Intranet isolation. IP addresses of the companies A and B
overlap is planned. After the intranet insulation function is on the SVN, the networks
of companies A and B are enabled. Packages are on the routes for the
corresponding virtual gateways configured.
Note:
The SVN supports the
function of the Intranet isolation. In addition, when in virtual desktop
solutions provided, the SVN functions as a desktop cloud agent (ICA agent) and
ensures that the communication between clients and servers. How desktop cloud
agent, the SVN attachments especially the functions of the
load-balancing-Gateway and Secure Cloud Gateway. For more information, see 8.7
Desktop Cloud.
This section describes
the principles of the Virtual Gateway and intranet insulation systems.
Virtual Gateway
As a physical entity, the SVN as several logically
stand-alone gateway using the virtual gateway technology, and therefore the
needs of several businesses or branch offices of a company. The configuration
of each virtual gateway and services provided are independent of each other. The
Virtual Gateways are in the following types of IP addresses and domain names
are classified:
Intranet Insulation
Systems
In the process of
creating a virtual gateway, if the intranet of the current virtual gateway must
be isolated from the intranets of the other virtual gateways, the Intranet
isolation function can be activated. The source then NAT and routes under the
virtual gateway configuration.
As in Figure 1-5companies A and B share a SVN. The Intranets are
separated as follows:
1.
Virtual Gateways A and B separately on
the SVN for companies A and B. The Intranet insulation function is enabled on
both virtual gateways.
2.
VPN create VPN Instance_A and connect
it with Virtual Gateway A. Then VPN VPN Instance_B and connect it to create
Virtual Gateway Example
3.
If the user of the enterprise access to
the intranet of the company, a request is sent first to the SVN. The package
then goes through the VPN_a route. Also, if the user of the enterprise B access
to the intranet from company B, the packet to the VPN_B route leads.
4.
After that, the SVN sends the packet
from the enterprise to the intranet of the company and the package from the
enterprise B on the intranet of the company B.
5.
Finally react on both intranet server.
The reply packets pass through the VPN VPN_B_A route and route separately.
In this way, the
exchange of data packets between different virtual gateways and intranets
through different routes. Packets are sent and received without interference.
Therefore, the Intranet is isolated.
Note:
The IP addresses of the virtual gateways can
coexist in the same network segment or different network segments can be
configured. For all virtual gateways, IP addresses, the exchange packets with
external networks to the interfaces to the root-bound firewall are configured.
If a virtual gateway is not equipped with a VPN instance bound, the exchange
packages in the intranet via the routes of the root-Firewall.
SSL
The SSL connection is
established if the client sends requests to the SVN. The SSL handshake
procedure is shown in Figure 1-6.
The procedures for the transmission of
each message in Figure 1-6 are as follows:
1.
The client sends a message to the
client hello server. This message contains all versions of SSL and encryption
algorithm supported by the customer lists. This encryption algorithm lists are
sorted by their priorities. The encryption algorithm, the list with the highest
priority is the one that the customer recommends that the server to use.
2.
The server sends a message to the client-server
hello. This message contains the definitive SSL version and encryption
algorithm from the client list and a random value selected.
3.
The server sends its certificate to the
client via a certificate message, so that the client can confirm the identity
of the communicated peer the certificate sent by the server. his public key and
digitally signed with the private key must contain. The client uses the certificate
in accordance with the server certificate to verify the authenticity of the
certificate. The public key in the certificate is used to verify the signature
and to confirm the identity of the server. Then the public key of the server is
used to encrypt information. In other words, data encryption and protection
against this step.
4.
The server sends an empty server
hello done message to the client, indicating that the server all
information sent in this phase will be sent.
5.
The client sends a message to the Server
Client keyex change by the public key is encrypted. In the SSL implementation,
the public key is used for encryption is used only when the authentication of
identity on the peer end is executed with the certificate. In the actual data
transfer, the efficient share key is used for encryption. This information will
be encrypted with the public key in the certificate.
6.
The client sends a message to the
server change cipher spec, the encryption with the negotiated encryption
method.
7.
The client sends a message to the
server, the new encryption parameters used for the encryption and notifies the
server, the information is sent. Also, make sure that no message is being
manipulated by an attacker.
8.
The server sends a change cipher
spec message to the client, which is the encryption with the negotiated
encryption method.
9.
The server sends a message to the
client, notification of the client, the information is sent.
This section
describes the process for the configuration of virtual gateways. The flow can
be applied flexibly to networks.
Table 1-1 Shows the basic configuration for virtual
gateways. The basic configurations of virtual gateways are valid for all
gateways. After the administrator configures the virtual gateway, authorized
users can the virtual gateway after entering the IP address of the Virtual
Gateway in the browser.
"Configuration
task
|
Task Task
|
Description
|
Create a virtual gateway
|
2.1 Creating a Virtual Gateway
|
This task is mandatory. You need to create a
virtual gateway, before other configurations.
|
Configure the virtual gateway products
|
3.1 Configuring DNS
|
This task is optional. If you configure it,
Intranet access to resources by domain names.
|
3.2.2 Configuring CFCA
|
This task is optional. Configure it, if the cfca
server is required to issue user certificates.
|
|
3.3 Configuring SSL
|
This task is optional. Configure it, if the SSL
parameters need to be changed. The default value is recommended.
|
|
3. 1 Creating a Virtual
Gateway Administrator
|
This task is optional. The virtual gateway
administrators can only manage their own virtual gateways. First of all, the
account of a Virtual Gateway Administrator is not planned. After logging in
as a virtual gateway administrator manage current account is displayed.
|
|
3.5 Configuring Policy
|
This task is optional. Configure it, when users
to specific IP addresses or address segments allowed or denied, the virtual
gateway need to access. If no other measures, work on the default policy measures.
|
|
3.6 Customizing Virtual
Gateway Web Page
|
This task is optional. Configure it, if you
customize the logo, welcome, the title and the resource on the login page,
click the icon of the virtual gateways.
|
|
3.7 Configuring Schedule
|
This task is optional. If you configure it, at
the time of registration of the user with the virtual gateways.
|
|
3.8 Configuring User-Defined
Browser Type
|
This task is optional. You can use the browser to
obtain enter the optimized web page.
|
|
Configure Intranet insulation items
|
4.1 Configuring Source NAT
|
This task is optional. Configure it, if you have
a source IP address is an IP address for private networks to a valid IP
address of the public networks.
|
4.2 Configuring Static Route
|
This task is optional. Configure it, if the SVN
server is on a different subnet from the intranet.
|
Note:
Before you create the virtual gateway, determine if
the insulation with the intranet. To enable this feature, select Intranet
isolation to create the virtual gateway. In this case, Source
NAT and static route can be configured for intranet
insulation.
This section
describes how to create a virtual gateway and its status information.
This section
describes how to create, modify, or delete a virtual gateway. In order to
enable SSL VPN services, you need to create a virtual gateway.
When you create a
virtual gateway, to be sure, whether you are a intranet insulation for
the virtual gateway to activate. As soon as the virtual gateway was created
successfully, you can click on "Cancel" to the existing Intranet Intranet-bound
or new insulation insulation system.
1.
SSL Virtual Gateway > Virtual
Gateway.
2.
Click on the Add button.
3.
Set the following parameters.
Description
|
|
Name
|
Displays the virtual gateway name.
|
Type
|
Exclusive.
An exclusive Virtual Gateway, the IP address and
domain name exclusively. Users can use an exclusive Virtual Gateway through
the domain name or IP address.
|
HTTP-Redirect
|
Redirects users requests to the home page of the
virtual gateway via HTTP. The home page of the Virtual Gateway is https://domain
name (or IP address). If the HTTP redirect feature is enabled, enter
only domain name (or IP address) of the virtual gateway or http://domain
name (or IP address) to access the home page of the virtual gateway.
For example, the home page and the domain name of the Virtual Gateway
Are https://10.10.1.22 or Www.example.com. If
the HTTP redirect feature is on the home page enter http://Www.example.com
www.example.com 10.10.1.22 http://10.10.1.22 , or the home page of
the Virtual Gateway.
The HTTP redirect function uses the HTTP
port (the default value is 80) The Virtual Gateway. Therefore, the
Virtual Gateway IP address must be different from the SVN-Gateway, HTTP
port may be used.
In the mobile work scenarios that enable
users to download the AnyOffice Client Software from the
self-service web page, you must enable the HTTP redirect function.
|
HTTP access
|
The HTTP access, select the virtual gateway.
By default, the HTTPS protocol is used to access
the virtual gateway.
|
Backup Link
|
Specifies whether the backup link feature is enabled:
·
Shared: Indicates that the backup link feature is enabled.
The power plant expansion client dynamically
selects the fastest connection of links to the SVN-Gateway.
·
Disabled: indicates that the backup link function is deactivated.
The power plant expansion client does not
dynamically select the fastest connection of links to the SVN-Gateway.
|
GSLB acceleration
|
You need to function and the global IP address in
the DNS load balancing scenario to configure.
|
Intranet insulation
|
You must select this option if the Intranets in
accordance with the current Virtual Gateway and other virtual gateways are
isolated from one another.
|
IP address
|
Displays the IP address of the Virtual Gateway.
Users can access the virtual gateway using this IP address.
In hot standby networks, use the VRRP group
address as the address of the virtual gateway. In other scenarios, use an
interface IP address as the IP address of the Virtual Gateway.
The external IP address is only required in the
DNS load balancing scenario. The external IP address is the IP address of the
Virtual Gateway input by NAT in external IP address.
Click to select
 multiple IP addresses (a
maximum of four IP addresses) for the exclusive Virtual Gateway add. Exclusive
virtual gateway allows users to access the virtual gateway via these IP
addresses.
Note:
Deleting or Changing an IP-address
of the Virtual Gateway has reported all the user's IP address.
|
Load Balancing Gateway IP Address
|
The user can load balance gateway using this IP
address.
The IP address must match the interface via which
the Client Gateway connects with the load balance.
You must configure this parameter only in desktop
cloud agent.
If the device is used as a Load Balance Gateway,
you need to enable HTTP-Redirect.
|
Secure Cloud Gateway IP Address
|
Users can access the secure cloud gateway using
this IP address.
The IP address must match the interface via which
the client with the Secure Cloud Gateway connects.
You must configure this parameter only in desktop
cloud agent.
|
Virtual Gateway Domain Name
|
Optional.
Users can access the Virtual Gateway Via this
domain name.
The domain name must be legitimate, and a DNS
server, the domain name into an IP address is on the Extranet.
For example, www.example.com.
|
Secure Cloud Gateway Domain Name
|
Users can access the Virtual Gateway Via this
domain name.
The domain name must be legitimate, and a real
server, the domain name into an IP address is on the Extranet.
|
HTTP Port
|
This connection is used in the following scenarios:
·
HTTP is used to access the virtual gateway.
·
With the HTTP Forwarding is enabled.
·
Android users in the self-service terminal side of
the AnyOffice download client login.
·
PC users in the self-service side of the AnyOffice download
client login.
|
SSL Port
|
This connection is used in the following scenarios:
·
SSL is used to access the virtual gateway.
·
IOS terminal users in the self-service side of
the AnyOffice download client login.
·
Android users download enterprise applications on the
AnyOffice Client.
·
The SVN provides multimedia tunnel with Android devices.
Note:
Modify an SSL port of the virtual gateway logs all users who use the
port.
|
Rapid port
|
Indicates the port for UDP communication is used.
This port is used by Virtual Gateway Services
including network extension and multimedia tunnel.
|
Max. Number of users via MTM
|
For only an exclusive Virtual Gateway.
Specifies the number of simultaneous users online
the virtual gateway via the multimedia tunnel.
The value is determined by the license.
|
Max. Number of users over SSL VPN
|
Specifies the number of simultaneous online SSL
VPN user of the virtual gateway.
The online SSL VPN user refers to the SSL VPN
user that the Virtual Gateway accesses through the SSL VPN.
The value is determined by the license.
|
Max. Number of users via IPSec VPN
|
Specifies the number
of simultaneous online IPSec VPN users of
the virtual gateway.
The on-line- IPSec VPN user
refers to the IPSec VPN user that the Virtual
Gateway accesses through the IPSec VPN.
The value is determined by the license.
|
Max. Number of users on cloud
|
Specifies the number of simultaneous users online
the virtual gateway via the cloud.
The value is determined by the license.
|
Maximum virtual desktop user
|
Specifies the number of simultaneous users online
the virtual gateway via the virtual desktop.
The value is determined by the license.
|
Maximum registered terminals
|
Indicates that the maximum number of terminals
through the Virtual Gateway Login E-Mail address.
The value is determined by the license.
|
Registered Maximum Security Browser Terminals
|
Indicates that the maximum number of terminals
through the virtual security gateway allows the browser to register.
The value is determined by the license.
|
Maximum registered MDM terminals
|
Indicates that the number of users, from the
virtual firewall allows to MDM to register.
The value is determined by the license.
|
Maximum registered SDK terminals
|
Indicates that the number of users who sign in by
the virtual firewall SDK.
The value is determined by the license.
|
Max. Number of Users
|
Specifies the maximum number of users online on
the virtual gateway.
The maximum number of users on the new virtual
gateway must be less than or equal to the number of remaining users with
licenses.
|
Maximum administrators
|
Specifies the maximum number of administrators on
the Virtual Gateway.
The maximum number of administrators on the new
virtual gateway must be less than or equal to the number of remaining
administrators with licenses.
|
Maximum Resource
|
Specifies the maximum number of resources on the
Virtual Gateway.
The maximum number of resources on the new
virtual gateway must be less than or equal to the number of available
resources.
|
4.
Click Apply.
Other Operations
· Modify a virtual gateway: Click on the virtual gateway to
change parameters. Name, type, and time are
immutable. Deleting or Changing an IP-address of the Virtual Gateway has reported
all the user's IP address.
· Deleting a virtual gateway: Select the virtual gateway that you want to
delete and click Delete. Note that existing services may be cut off
when the virtual gateway is deleted.
You can view the details
of the current virtual gateway and the online-view monitoring information.
1.
SSL Virtual Gateway > Virtual
Gateway.
2.
Click on the virtual gateway to be
configured.
3.
Virtual Gateway System > Virtual
Gateway Status > Virtual Gateway select status.
Configure the Virtual
Gateway System includes the display of the Virtual Gateway Status, the DNS
server by configuring the SSL, Virtual Gateway Administrator, Virtual Gateway
level political and individual adjustment of the Virtual Gateway page.
After the DNS server
is configured, users can access the Virtual Gateway through domain name. After
the domain name to use for the DNS server is specified, users can access the
intranet server without entering the distinguishing number of the domain name.
After the DNS server is configured,
users can access the Virtual Gateway through domain name. After the domain name
to use for the DNS server is configured, you can user the Intranet server
without entering the suffix of the Internet address to access. A prerequisite
1.
SSL Virtual Gateway > Virtual
Gateway.
2.
Click on the virtual gateway to be
configured.
3.
Virtual Gateway System >
> DNS DNS Select.
4.
Set the following parameters.
Note:
·
The configuration of the Preferred DNS Server
and the alternate DNS server should not be the same.
·
To ensure the reliability of the DNS
service, it is recommended that both the preferred DNS server and the alternate
DNS server to configure.
·
The DNS servers are configured in the
following order: the preferred DNS server and Alternate DNS Server 1 and
Alternate DNS Server 2.
Description
|
|
Primary DNS Server
|
Displays the IP address of the primary DNS
server.
|
Secondary DNS Server 1.
|
Displays the IP address of the secondary DNS
server if the primary DNS server is invalid.
|
Secondary DNS Server 2
|
Displays the IP address of the secondary DNS
server when both the primary DNS server and the secondary DNS server 1 has
become invalid.
|
Server Domain Name
|
After the domain name to use for the DNS server
is configured, you can user the Intranet server without entering the suffix
of the Internet address to access.
A domain consists of letters, digits and hyphens.
Assume that the Domain Name format x.x.x each string must not be more
than 63 characters long and cannot begin or end with a
hyphen. The last string must contain at least one character.
For example, if the Virtual Gateway Administrator
configures the domain names like server.com, users can access the
URL http://oa.server.com only by entering OA.
This is an invalid configuration, if the SVN
access by the name of the domain.
|
5.
Click Apply.
The SVN virtual
gateway can automatically connect the SCEP and cfca servers and WLAN
certificates for users.
The SVN Virtual
Gateway uses the Simple Certificate Enrollment Protocol (SCEP) WLAN
certificates for users.
For WLAN certificates from the SCEP server, the SVN
virtual gateway offers the certificates to mobile devices. If the user using the
WLAN certificates for access to Enterprise Wireless LAN Wireless LAN, the
authentication server authenticates the validity of certificates.
The SCEP server is
used by companies. Each company with a SCEP Server can use SCEP Wi-Fi issue
certificates.
In the provision of a SCEP server on an enterprise
intranet, set the RSA key to 2048 bytes and the hash algorithm the signing
certificate to SHA256 or be adjusted later.
Configure the SCEP
server
You can configure the URL and the
authentication code of the SCEP server. Make sure that the SVN, the SCEP server
is reachable.
1.
SSL Virtual Gateway > Virtual
Gateway.
2.
Click on 
the virtual gateway to be
configured.
the virtual gateway to be
configured.
3.
Select Virtual Gateway System > Settings
> Mobile Terminal CA.
4.
Select the SCEP- to choose
the CA server.
5.
To configure certificate server,
information of the SCEP server.
Description
|
|
SCEP server URL
|
Specifies the URL of the SCEP server to connect
for the SVN. It can be accessed by the administrator of the SCEP server.
|
Challenge Code
|
Indicates that the challenges posed by the SVN
uses for a WLAN Certificate from the SCEP server. It can be accessed by the
administrator of the SCEP server.
|
Automatic Renewal ahead of time
|
In front of the existing WLAN Certificate
expires, the SVN requests a new Wi-fi certificate from the SCEP server and
returns the certificate to a specific mobile device.
For example, if the automatic renewal
before the time is set to one week, the SVN requests a new Wi-fi
certificate within one week, as long as a user when
AnyOffice Client.
|
Domain Account
|
Indicates that the account and the password for
logging in to the SCEP server. The domain account to request the
authorization for a certificate. You must use the domain account and password
to obtain the administrator of the SCEP server only if the Windows
authentication on the SCEP server is enabled.
If Windows authentication on the SCEP server is
enabled, the SVN needs to use the domain account and the password for a WLAN
Certificate from the SCEP server.
|
Password
|
Configure the CA
certificate of the SCEP server
For a WLAN Certificate, the svn, a CA
certificate which can be obtained in two modes.
· Local Upload Upload: local the CA certificate from the administrator of
the SCEP server.
1.
Click Upload.
2.
Click Browse to appear
on the page, and select the local CA certificate.
3.
Click on Confirm.
· Of the SCEP server download: The certificate from a configured SCEP
Server URL download.
1.
Click on Download of SCEP
server.
2.
The downloaded certificate in the list of
certificates.
Certificate fields
configuration
Certificate fields include user
information for wi-fi certificate application are necessary. After connecting
to the SVN,
the AnyOffice client receives the certificate
request template from the SVN, and creates and sends a Certificate Signing
Request (CSR) for the SVN. The forwards the CSR to the SCEP server for WLAN
certificates are valid.
1.
To configure certificate,
enter the certificate information on certificate DN is based.
The Wi-FI
certificate has the parameters listed in the following table. Each
parameter shows a function of a certificate.
These parameters are
optional. For example, if a wireless authentication server is not OE in
a WLAN certificate check whether the parameter is not set.
Description
|
|
CN
|
Indicates that a common name.
|
DC
|
Indicates that a domain controller.
|
OU
|
Indicates that the department.
|
O
|
Displays the organization.
|
C
|
Indicates that the country.
|
DNS
|
Indicates the domain name of a server. Since this
parameter is rarely used, it is not in a DN template.
|
2.
Click Apply.
China Financial
Certification Authority (CFCA) is a state-level security certification
organization and relevant certificates to companies by the cfca server. If an Administrator
Certificate Server address and the CFCA - Supplemental Information on the SVN
virtual gateway is configured, the administrator can access the CFCA Server and
applies for a certificate.
After you install the certificate from the CFCA
Server, the SVN virtual gateway offers the certificate on the mobile device. If
the user uses the certificate for access to Enterprise Wireless LAN Wireless
LAN, the authentication server authenticates the validity of certificates.
A company provides the CFCA Server. The company
buys services of cfca and register information about the cfca server.
Configure the CFCA
Server
Configure the IP address and port of
the CFCA Server. Make sure that routes between the SVN and the cfca server can
be reached. Otherwise, the SVN server and the cfca cannot communicate with each
other.
1.
SSL Virtual Gateway > Virtual
Gateway.
2.
Click on the virtual gateway to be
configured.
3.
Virtual Gateway System >
> Mobile Terminal, you can take settings from.
4.
Select the cfca in select
the CA server.
5.
To configure certificate server,
you can set the parameter for the cfca server.
The IP address and
port of the CFCA servers are for the business plan data. Determine the IP
address and port of network administrators.
Description
|
|
Cfca Server IP Address
|
Specifies the IP address of the CFCA Server.
|
Port
|
Specifies the port number of the CFCA Server.
|
Certificate fields
configuration
Certificate fields contain information
for the certification required. If a client on the SVN-virtual gateway is
connected, the client receives the certificate fields from the SVN virtual
gateway, Generate Certificate Signing Request (CSR), and sends the CSR to the
SVN virtual gateway. The SVN virtual gateway transfers the CSR to the CFCA
server for the user certificate.
1.
To configure certificate fields, enter
information in the certificate DN template.
Description
|
|
CN
|
Specifies the name of a user logs into the SVN
virtual gateway.
The user name must be no configurations. The
client is automatically given the name of a user who logs in to the Virtual
Gateway.
|
T
|
Indicates that the device ID of a mobile
terminals.
The Device ID no configurations are required. The client receives the
device ID of a mobile terminal automatically.
·
The ID of an Android terminal is the IMEI. Choose Settings > About
Phone/Tablet > Status, in order to check the
IMEI.
·
The ID of an iOS-Terminal is Udid. The terminal to an iTunes-installed
PC. Choose Devices > Summary of the UDID
in iTunes on the PC.
|
OU
|
Indicates that the department information.
The configurations must be the same as the
registered information on the CFCA Server.
|
O
|
Indicates that an organization.
The configurations must be the same as the registered
information on the CFCA Server.
|
C
|
Indicates that a country.
The configurations must be the same as the
registered information on the CFCA Server.
|
2.
Click Apply.
This section
describes how to configure the SSL version, SSL encryption, and timeout period
and life-cycle of SSL sessions on the device. The configuration is optional.
You can use the default values.
1.
SSL Virtual Gateway > Virtual
Gateway.
2.
Click on the virtual gateway to be
configured.
3.
Virtual Gateway System > SSL
configuration > SSL configuration.
4.
Set the following parameters.
Description
|
|
SSL Version
|
Shows the supported SSL versions. The client must
have these versions support the virtual gateway.
|
Encryption Suite
|
Shows the supported encryption Suite. The
Encryption Suite encrypts the data that the client sends the virtual gateway.
On the basis of the supported encryption suites, the device automatically
selects a cipher suite with the highest density of the encryption of the data
that the client sends the virtual gateway to encrypt it.
The 253-bit AES encryption with RSA and SHA
algorithm has the highest encryption density. It is recommended to select it.
|
Session Timeout
|
Returns the session timeout, also called the
storage period. It refers to the time in which a zero traffic connection is
closed. If the session is complete, the client and the server to authenticate
each other.
If the session has ended, but the entire life
cycle is not time out, must re-authenticate the client, but not log in again.
To allow the user in the virtual gateways in
multiple locations with the same account, you'll want to make the default
value of the Session Timeout.
Note:
The session timeout must
be greater than the UDP Keepalive Interval and send
keep-alive packet cycle in the Multimedia Tunnel.
|
Full life cycle
|
Indicates that the life expectancy is not
limited. After logging in to the Virtual Gateway, the user will always be in
the connected state.
|
Life Cycle
|
If the life cycle of the user session has
expired, the connection to the virtual gateway is automatically closed. The
access to the Virtual Gateway, the user must log in again.
If full life cycle is
selected, life cannot be set.
|
SSL compression
|
Indicates whether the data transfer SSL sessions
together, to improve efficiency.
|
5.
Click Apply.
The Virtual Gateway
Administrator refers to the administrator of the Virtual Gateway.
Virtual Gateway
administrators manage only the virtual gateway to which they belong. No Virtual
Gateway Administrator account exists in the system.
Background
Virtual Gateway allows administrators
to manage permissions be classified as follows:
· Virtual Gateway administrators whose management scope is all: Virtual
Gateway Administrator in this document are of this type. These virtual
gateway allows administrators to manage all assets of each virtual gateway.
· Virtual Gateway administrators whose scope is Asset
Management: These Administrators Administrators are described in this
document.
A asset managers can
view only the Web-UI of the SVN log and only the functions on the asset >
Asset page. An administrator can only belong to an organization and an
organization can have multiple asset administrators. An asset can the
administrator the assets in the specified asset group in this organization and
by the asset managers on the Web-UI of the SVN, were created.
Create a Virtual
Gateway Administrator
1.
SSL Virtual Gateway > Virtual
Gateway.
2.
Click on the virtual gateway to be
configured.
3.
Virtual Gateway System > Virtual
Gateway Administrator > Virtual Gateway Administrator
select.
4.
Click Add to create a
Virtual Gateway administrator.
a.
Set the necessary parameters to
configure basic virtual gateway administrator information.
Description
|
|
Account
|
Indicates that the account of the Virtual Gateway
administrator.
Account is the account that the Virtual Gateway Administrator
enters on the login page.
|
New Password
|
Shows the password of the Virtual Gateway
administrator.
This password is the password that the Virtual
Gateway Administrator enters on the login page.
|
Confirm Password
|
Indicates that the password for the account of
the Virtual Gateway Administrator enter again.
|
Name
|
Displays the name of the Virtual Gateway
administrator.
|
Telephone
|
Displays the phone number of the Virtual Gateway
administrator.
|
E-Mail
|
Specifies the E-mail address of the Virtual Gateway
administrator.
|
b.
Click Permissions Permissions
for the administrator to set up virtual gateway.
Description
|
|
Administrative Area
|
·
Select All when creating a virtual gateway
administrator.
·
Select Asset when creating an asset administrator.
|
Permission Control
|
·
Read and Write: An administrator has permission to view and edit
certain functions.
·
Read-only: An administrator only has the authorization of certain
functions.
|
Organization
|
The organization to which an asset belongs
administrator set.
|
Tying Asset Group
|
The asset groups, which can be managed by an
asset administrator.
|
5.
Click Apply.
You can use this
function to adjust the strength, validity period, and policy expiration prompt
modification of the Virtual Gateway Administrator Authentication List
Administrator Password.
1.
SSL Virtual Gateway > Virtual
Gateway.
2.
Click on the virtual gateway to be
configured.
the virtual gateway to be
configured.
3.
Virtual Gateway System > Options
> Virtual Gateway Administrator Password.
4.
Set the following parameters.
Note:
To ensure system
security, it is recommended to configure a rule, a complex passwords and change
the passwords on a regular basis.
Description
|
|
Minimum Password Length
|
Specifies the minimum length of the Virtual
Gateway Administrator Authentication List Administrator Password.
|
Maximum Password Length
|
Specifies the maximum length of the Virtual
Gateway Administrator password.
|
Minimum number of digits
|
Specifies the minimum number of digits in the
password.
|
Minimum number of alphabetic characters
|
Specifies the minimum number of letters in the
password.
|
Mixture of uppercase and lowercase letters
|
Indicates that the password should contain both
uppercase and lowercase letters.
This element is required, if the password is not
less than two bytes.
|
The password for the old
|
Indicates that the new password must differ from
the old password, if the administrator changed.
|
The password for the account name or any
reverse speed
|
Indicates that the new password must be from the
account of the administrator or the reverse, if the administrator changes the
password.
|
Password validity period
|
Indicates that the time, in which the password is
valid.
|
Prompt Period Expires
|
Specifies the number of days before the password
expires, if the system administrator to change the password.
The value is less than the password the validity
period. It is recommended that you set the value to 7 days or 15 days.
|
5.
Click Apply.
This section
describes how to reset the password for a virtual gateway administrator.
Note:
The administrator's
account currently log in to the virtual gateway is the default administrator
account and cannot be changed.
1.
Virtual Gateway System > Virtual
Gateway Administrator > Manage current account.
2.
Set the following parameters.
Description
|
|
Old Password
|
Shows the old password of the Virtual Gateway administrator.
This password is the password that the Virtual
Gateway Administrator enters on the login page.
|
New Password
|
Specifies the new password of the Virtual Gateway
administrator.
|
Confirm Password
|
Indicates that the password for the account of the
Virtual Gateway Administrator enter again.
|
3.
Click Apply.
By adding a virtual
gateway source IP address-based policy, you can control access to a virtual
gateway on the client IP address. The administrator can allow users to specific
IP addresses or address segments to be able to access access to the Virtual
Gateway or to ban them.
The matching rule is on the basis of
the type. The appropriate sequence is as follows:
1.
Source IP address of the Virtual
Gateway
2.
Source IP addresses of users
3.
Destination IP addresses of users or
the URLs of the user
The appropriate
sequence for the policies of the individual-specific type is as follows:
1.
Depth - first: the policy with the most
long mask has a higher priority than the other. For a policy, with the same
mask length, the policy for a firm surface has a higher priority than the
policy for a random interface.
2.
Policy whose actions toward the
standard actions
3.
Default Policy
Configure the default
settings for action
1.
SSL Virtual Gateway > Virtual
Gateway.
2.
Click on the virtual gateway to be
configured.
the virtual gateway to be
configured.
3.
Virtual Gateway System > Virtual
Gateway Level select Action > Default Policy Policy.
4.
Configure the default action for a
policy.
Description
|
|
Refuse
|
User does not have access to the Virtual Gateway
found, if no policy is prohibited.
|
Allow
|
Users can access the Virtual Gateway, if no
policy is found.
|
Download
|
The users have permission to download to the
security of the data transmission. Download the permission of the users on
the security of the data transfer cannot be closed.
|
Upload
|
The users have the permission to upload the
security of data transmission. The user can upload, rename or delete a file
and create directories.
|
5.
Click Apply.
Configure the Virtual
Gateway source IP address-based policy
1.
SSL Virtual Gateway > Virtual
Gateway.
2.
Click on the virtual gateway to be
configured.
3.
Virtual Gateway System > Virtual
Gateway Level Policy > Virtual Gateway source IP
address-based policy choices.
4.
Click Add to add a virtual
gateway source IP address-based policy.
Description
|
|
Type
|
Specifies the IP address or IP address segment
that require political control.
|
IP Address, Subnet Mask
|
Specifies the source IP address and subnet mask
that require political control.
You can configure the IP address and subnet
mask only if you select the IP address for .
|
Start IP Address and End IP Address
|
Indicates the start and end IP addresses of the
IP segment that requires political control.
You can adjust the starting IP address and ending
IP address only, if you select the IP address range for type.
|
Action
|
Specifies the action for the policy.
·
Allow: Allows the client whose source IP address corresponds to the
previous IP addresses of the virtual gateways.
·
Deny: prohibits the client whose source IP address corresponds to the
previous IP addresses to access the Virtual Gateway.
|
5.
Click on the OK button.
The device provides
the virtual gateway adaptation options for the function. By customizing the web
page, you can select the desired virtual gateway login page for corporate
users.
Adjust the Virtual
Gateway Logo
1.
SSL Virtual Gateway > Virtual
Gateway.
2.
Click on the virtual gateway to be configured.
the virtual gateway to be configured.
3.
Virtual Gateway System > Virtual
Gateway website > Fit Virtual Gateway select logo.
4.
Click Browse to select
the logo graphic file.
5.
Click Upload to upload
the logo graphic file.
Adjust the virtual
gateway link
The Virtual Gateway desktop shortcut,
simplification of the procedure for logging on to the Virtual Gateway.
1.
SSL Virtual Gateway > Virtual
Gateway.
2.
Click on the virtual gateway to be
configured.
3.
Virtual Gateway System > Virtual
Gateway website > Fit Virtual Gateway Select link.
4.
Select Enable to Create
Desktop Shortcut.
5.
Click Apply to
activate the shortcut on the desktop.
6.
Click Browse to select
the logo file.
7.
Click Upload to upload
the logo file.
Change the Virtual
Gateway Welcome Message
1.
SSL Virtual Gateway > Virtual
Gateway.
2.
Click on the virtual gateway to be
configured.
3.
Choose Virtual Gateway System > Virtual
Gateway website > Fit Virtual Gateway
Message Welcome .
4.
Click Browse to locate
the Welcome Message Select the graphic file.
5.
Click Upload to upload
the welcome message graphic file.
Adjust the Virtual
Gateway Title
1.
SSL Virtual Gateway > Virtual
Gateway.
2.
Click on the virtual gateway to be
configured.
3.
Virtual Gateway System > Virtual
Gateway website > Fit Virtual Gateway title from.
4.
Click " Browse" to select
the title graphic file.
5.
Click Upload to upload
the title graphic file.
Upload the customized
page
Customized pages includes:
· Current Login page.
· Current home page. After the user has logged on virtual gateway and
displays the page.
· External website. If you have specified the external website, the page
appears after the user in the virtual gateway is redirected to the specified
external website.
Note:
If the file to be
uploaded in .txt format, save the file in UTF-8 format before uploading the
file.
If the administrator
does not have files after download login customizing the template, the custom
page should be in the form of login information (including user name, password,
and selected language) and click "Login". The template type and
target URL of the form and are post./login.html. Other information can be
individually adjusted.
The size of all the files for the customization of
virtual gateway can not be more than 4MB and the size of all the files for the
user-defined customization of the entire device must not be more than 32MB.
Otherwise, the file upload will fail.
Due to the difference
in the performance of the device, PC and mobile terminal users have different
experiences when accessing the same virtual gateway page. Therefore, the
SVN virtual gateway provides the functionality of customizing virtual gateway
pages for PCs and mobile devices, which improves the user experience.
For example, the
procedure for the adaptation of a virtual gateway page for PCs is as follows:
1.
SSL Virtual Gateway > Virtual
Gateway.
2.
Click on the virtual gateway to be
configured.
3.
Virtual Gateway System > Virtual
Gateway Web Site Customization customization > Virtual Gateway
Web Page.
4.
The upload customized page
a.
Click on Download PC Login Page
Template Download PC Home Page Template or download GPS
orientation of the template.
b.
Requirements for the adaptation of a
page will be included in the template file. You can only change the custom
content.
c.
Save the page.
d.
In the customized page file ,
click Upload.
e.
Select the page file, such as the login
page and click Not Configured. Select the file type in the page
that appears.
f.
Click on the OK button.
The procedure for the
adaptation of a virtual gateway page for mobile devices is similar to the
adaptation of a virtual gateway page for PCs.
Upload custom
resource icons of the Virtual Gateway
Note:
The icon for the
user-defined adjustment is used for port-forwarding and file sharing is not
available.
It is recommended that a .bmp, .gif, .jpeg, .jpg or
.png file with transparent background.
1.
SSL Virtual Gateway > Virtual
Gateway.
2.
Click Next to display the Virtual
Gateway to be configured.
3.
Virtual Gateway System > Virtual
Gateway website > Virtual Gateway Resource Adjustment
Adjustment dial.
4.
Click below to get resource
customization file list of resource custom icons for the virtual
gateway upload.
5.
Upload the file in the dialog that
appears, click Browse.
6.
In the Select File
dialog box, select a picture and click Open.
7.
Click on Confirm.
A schedule specifies
the time range for users or groups of users in the virtual gateway. If a role
is with a time plan, users or user groups to this role can log in only in the
virtual gateway within the scheduled time.
The device has the following plans:
· Default Schedule
Each virtual gateway
has only a standard schedule. The default schedule can be changed, but not
deleted. All users or user groups are assigned to the default schedule name,
unless you specify otherwise.
· User-defined schedule
A maximum of 63
custom schedules can be created on each virtual gateway. Custom schedules are
created, modified, and deleted.
All new users or user
groups are assigned to the default schedule name, unless you specify otherwise.
Create a schedule
1.
SSL Virtual Gateway > Virtual
Gateway.
2.
Click Next to display the Virtual
Gateway to be configured.
3.
Virtual Gateway System > Schedule > Schedule.
4.
Click on the Add button.
5.
The name for a new schedule in
the name.
By default , the name of the default schedule. The name
for a new schedule can not be set to Default.
6.
In the table "Schedule for the
time in which the users are allowed to access the Virtual Gateway.
7.
Click Apply.
The Virtual Gateway
offers for web pages to the browser on the value of the User-agent field
in the request packet.
Matching Rule
The Web resources for PCs may not be for mobile
devices. Therefore, two sets of web resources are available on the virtual
gateway: one for PC users and the other for mobile subscribers. The Virtual Gateway
uses the value of the UA field in the request package to determine the set of
web resources. The values of the UA-fields with browsers.
The matching rule is described as
follows:
· The virtual gateway corresponds to the value of the UA field in the request
packets with the predefined keywords: Mobile, SymbianOS, BlackBerryand UCWEB.
· If the UA field corresponds to either of the preceding four keywords,
the Virtual Gateway offers Web resources for mobile devices.
· If the UA field corresponds to neither of the preceding four keywords,
the Virtual Gateway offers Web resources for PCs.
In some cases, users may not be for web
resources using the above rules. You need to define browser types for these
users, the defined matching rule is described as follows:.
· After you specify, terminal type and Match
String, the virtual gateway the UA field corresponds with the given string.
· If a match is found, the Virtual Gateway provides the sources on the web
for the specified type.
· If no matches are found, the virtual gateway offers web resources on the
matching rule is based.
Note:
Custom matching rules
enjoy a higher priority than the pre-defined rules. If you have multiple
user-defined rules are configured, the earlierly
defined rule is a priority.
Creating Custom Browser
Each virtual gateway supports 16 custom
browser configuration rules.
1.
SSL Virtual Gateway > Virtual
Gateway.
2.
Click Next to display the Virtual
Gateway to be configured.
3.
Virtual Gateway System > Custom
Browser Type > Configure the custom browser type select.
4.
Click Add to create a
custom browser.
Description
|
|
Terminal Type
|
The type of the terminal.
Currently, the device only supports PC and mobile
phone.
|
Match-string
|
The keyword that the Virtual Gateway uses the UA
field in the request packet for the provision of the web resources to be
delivered to the requesting browser.
When specifying this parameter, you need to know
the keywords in the Browser UA.
For example, when terminal type is PC and match
string is chrome, a match is found, if a user is using
the mobile Chrome browser uses the web resources on the Virtual Gateway. Then
the mobile device, the user receives the web resources for PCs. To avoid such
cases, will give you a clear idea of the difference between the
UA-fields of the PC and mobile browsers before the actual configuration.
|
5.
Click Apply.
You can choose
whether you want the Intranet to enable isolation function in the configuration
of a virtual gateway. But only if the function is enabled, you can configure
Source NAT and the virtual gateway router for the virtual gateway. If the
function is disabled, you can configure Source NAT and the virtual gateway
router at the system layer.
With the power of the
Source NAT function, the source IP address of an IP packet from a private to a
legitimate public a translated. By configuring a NAT pool you can enter a range
of IP addresses for Source NAT configuration will be referenced.
A prerequisite
The Intranet
insulation - enabled Virtual Gateway will be created.
Create a Source NAT
The NAT function translates the source IP address
of the IP packet, by a private into a legitimate public without the translation
of the source TCP/UDP port number. Basic NAT is also known as one-to-one
translation. In other words, a private address corresponds to a public, and a
public address is not by several private network user can be used at the same
time.
Network Address and
Port Translation (NAPT) translates the source port number of TCP/UDP as well as
the source IP address of the packets. Private IP addresses can be distinguished
by your sender port numbers. NAPT is far more than one-to-one translation is
used. A public address that can be used by multiple private network, the user
realizes the multiplexing of public addresses and overcomes the lack of public
address can be used.
Simple IP is also
more than one-to-one translation. The NAT pool is not needed, but directly
replaces the source IP address of packets with the public IP address of the
interface. Easy IP is mainly suitable for small networks, there are a few private
network hosts and the power plant of the egress lighting, a connection to the
Internet, the public IP address via dial-up or DHCP. All private users have
access to the Internet via the public IP address of the outgoing interface that
simplifies network configuration, saves the cost of purchasing the public
address and reduces the construction costs.
Similar to basic, NAT
and NAPT, intra-zone NAT translates the information of
the source of the packages, such as, for example, the source IP address or source
IP address and port. But intra-zone NAT applies only to
packets in the intra-zone.
The previous NAT
functions can be realized through the creation of the Source NAT. If you have
more than one source for an inter-zone NATs are configured, depending on your
priorities. If a Source NAT, the other source NATs no longer matched. By
default, the earliest Source NAT configured the highest priority. You can use
the commands of the priorities of the source NATs.
1.
Virtual Gateway system > Select
> > Source NAT NAT Source NAT.
2.
Click Add Source NAT-list.
3.
Set the following parameters.
Description
|
|
Source Zone
|
Indicates that the network a zone in which the
private IP address in front of the NAT.
|
The Zone
|
Indicates that the network a zone in which the public
IP address for NAT.
|
Sender address
|
Specifies the source IP address of the Source
NAT.
The value is usually a private IP address before
the NAT. If this parameter is not specified, the default value of each accepted,
indicating that all IP addresses in the Source Network Zone.
|
Destination Address
|
Specifies the destination IP address of the
Source NAT.
If this parameter is not specified, the default
value of each accepted, indicating that the destination IP
address is not restricted.
|
Action
|
Configured
whether Source NAT over coordinated packages to implement.
·
Approval: Implements Source NAT over coordinated packages.
·
Deny: does not implement Source NAT over coordinated packages.
|
Compile source address in
|
Compile
source address in the Address field in a pool of addresses or the address of
an interface.
·
Address in an address pool: indicates that the private IP address in a
public IP address in the NAT address pool is being translated.
·
Address of an interface: indicates that the private IP address in the IP
address of an interface is translated.
|
Address Pool
|
Creates or selects a NAT pool. When compiling
the source address in the address in an address pool,
the configuration element is set, displayed on the page. For more
information, see Creating a NAT
Address Pool.
|
PAT
|
PAT allows multiple private IP addresses in the
public IP address to translate.
When compiling the source address in the address
in an address pool, the configuration element is set, displayed on the
page.
|
Interface
|
Indicates that the interface on the destination
network zone. The public IP address must be configured.
When compiling the source address in the address
of an Interface, the configuration item is set to on, appears on the
page.
|
4.
Click Apply.
1.
Virtual Gateway system > Select
> > Source NAT NAT NAT Pool.
2.
In the NAT Address Pool list,
click Add.
3.
Set the following parameters.
Description
|
|
ID
|
Specifies the number of a NAT pool, which clearly
identifies the NAT address pool.
|
Name
|
Displays the name of the NAT pool.
|
Starting IP Address.
|
Specifies the starting IP address of the NAT
pool.
The NAT pool contains a maximum of 256 IP
addresses.
|
End IP Address
|
Indicates that the End IP address of the NAT
pool.
The NAT pool contains a maximum of 256 IP
addresses.
|
VRRP
|
Displays the VRRP-ID.
According to the Dual System Hot Backup feature
is configured, the configuration item is displayed on the page. 2.2.2.1 HRPdetails the configuration of
the Dual System Hot Backup function.
In the Dual System Hot Backup networking, if the
addresses in the NAT pool are located on different network segments from the
virtual IP address of the VRRP backup group, this parameter is not required.
On the contrary, this parameter is required, and the value is the Management
Group of the VRRP backup group according to the NAT outbound interface.
|
4.
Click Apply.
Other Operations
· A Source NAT NAT: Once a source is created, it is activated. A disabled
Source NAT is not effective.
· Duplicating a Source NAT: When duplicating a Source NAT, you can
fine-tune the original Source NAT in a new one. The New Source NAT numbered in
ascending order on the basis of the current source NATs. NATs to several
similar source, click the Source NAT to Configure
Source NAT policy be duplicated list.
· Move a Source NAT: You can adjust the positions of the source NATs in
the inter-zone, so that their matching order. The Source NAT with a higher
location, give it a higher priority, and it is already voted. To move a Source
NAT, click the Source NAT NAT
policy be moved in Source List.
· Insert a Source NAT NAT: In Source liston an existing source NAT a New
Source NAT for the inter-zone. The New Source NAT is inserted before the
current one.
· Changing a NAT pool: a referenced NAT Address Pool can not be changed.
You first need to remove it.
A static route is in
the rule for a power plant with a simple topology. The correct configuration
and application of static routes to control exactly the route selection, the
power plant to improve performance and ensure sufficient bandwidth for critical
applications.
A prerequisite
Create a static route
1.
Virtual Gateway System > Virtual
Gateway Route > Static Route.
2.
In the static route from,
click Add.
3.
Set the following parameters.
Description
|
|
Destination Address
|
Specifies the destination IP address.
|
Mask
|
Displays the IP mask.
|
The Next Hop
|
Specifies the IP address of the next hop.
Each route entry has a specified next-hop
address. When a packet is sent, the route to reach the destination address
can be searched in the routing table. The Link Layer You can find the
corresponding MAC address (Media Access Control) and forward the packet.
If you configure a static route, you can use the
outgoing interface or the next-hop address.
|
Interface
|
Displays the name of the outgoing interface.
If you configure a static route, an indication of
the outgoing interface or the next-hop address as follows:
·
If the outbound interface is a PPP interface, specify the outgoing
interface.
For a point-to-point interface, specifying an
outbound interface also refers to a next-hop address. In this case, the IP
address of the Peer interface with the interface with the IP address of the
next hop.
·
If the outbound interface is a broadcast interface exists, the next
hop IP address must be specified.
For the static route configuration, it is
recommended that an Ethernet interface as a sender port. Because the Ethernet
interface is a broadcast interface across multiple addresses for the next
hop, the address of the next hop cannot be specified. In some specific
applications, if only a broadcast interface such as an Ethernet interface can
be specified as the transmitter interface, you should use the next-hop
address for packets on this interface will be transmitted.
|
Priority
|
Specifies the priority of the static routing
protocol.
Configuring Static Routes realized the priorities
for flexible route. Example: Configuring the same priority for several routes
the nine on the same IP address, load balance achieved during the
configuration of the various priorities for it reaches route backup.
|
4.
Click Apply.
Hope your virtual gateway has been setup successfully .
Posts
Welcome you to Home Teachers Organization,Our aim is to provide free online education with the help of this website.
No comments:
Post a Comment
Thank you for Contacting Us.