You are on page 1of 42

Part No.

322007-A
March 2006
4655 Great America Parkway
Santa Clara, CA 95054

SR1001 Web UI User Guide


Nortel Secure Routers 1001 and 1001S
Software Release 8.3.5

Copyright 2006 Nortel Networks. All rights reserved.


The information in this document is subject to change without notice. The statements, configurations, technical data, and recommendations
in this document are believed to be accurate and reliable, but are presented without express or implied warranty. Users must take full
responsibility for their applications of any products specified in this document. The information in this document is proprietary to Nortel
Networks.
The software described in this document is furnished under a license agreement and may be used only in accordance with the terms of that
license. The software license agreement is included in this document.

Trademarks
*Nortel, Nortel Networks, the Nortel logo, the Globemark, Unified Networks, and BayStack are trademarks of Nortel Networks.
Adobe and Adobe Reader are trademarks of Adobe Systems Incorporated.
Microsoft, Windows, and Windows NT are trademarks of Microsoft Corporation.
The asterisk after a name denotes a trademarked item.

Restricted rights legend


Use, duplication, or disclosure by the United States Government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights
in Technical Data and Computer Software clause at DFARS 252.227-7013.
Notwithstanding any other license agreement that may pertain to, or accompany the delivery of, this computer software, the rights of the
United States Government regarding its use, reproduction, and disclosure are as set forth in the Commercial Computer Software-Restricted
Rights clause at FAR 52.227-19.

Statement of conditions
In the interest of improving internal design, operational function, and/or reliability, Nortel Networks reserves the right to make changes to
the products described in this document without notice.
Nortel Networks does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described
herein.
Portions of the code in this software product may be Copyright 1988, Regents of the University of California. All rights reserved.
Redistribution and use in source and binary forms of such portions are permitted, provided that the above copyright notice and this
paragraph are duplicated in all such forms and that any documentation, advertising materials, and other materials related to such distribution
and use acknowledge that such portions of the software were developed by the University of California, Berkeley. The name of the
University may not be used to endorse or promote products derived from such portions of the software without specific prior written
permission.
SUCH PORTIONS OF THE SOFTWARE ARE PROVIDED AS IS AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE.
In addition, the program and information contained herein are licensed only pursuant to a license agreement that contains restrictions on use
and disclosure (that may incorporate by reference certain limitations and notices imposed by third parties).

Nortel Networks software license agreement


This Software License Agreement (License Agreement) is between you, the end-user (Customer) and Nortel Networks Corporation and
its subsidiaries and affiliates (Nortel Networks). PLEASE READ THE FOLLOWING CAREFULLY. YOU MUST ACCEPT THESE
LICENSE TERMS IN ORDER TO DOWNLOAD AND/OR USE THE SOFTWARE. USE OF THE SOFTWARE CONSTITUTES YOUR
ACCEPTANCE OF THIS LICENSE AGREEMENT. If you do not accept these terms and conditions, return the Software, unused and in the
original shipping container, within 30 days of purchase to obtain a credit for the full purchase price.
Software is owned or licensed by Nortel Networks, its parent or one of its subsidiaries or affiliates, and is copyrighted and licensed, not
sold. Software consists of machine-readable instructions, its components, data, audio-visual content (such as images, text, recordings or
pictures) and related licensed materials including all whole or partial copies. Nortel Networks grants you a license to use the Software only
in the country where you acquired the Software. You obtain no rights other than those granted to you under this License Agreement. You are
responsible for the selection of the Software and for the installation of, use of, and results obtained from the Software.
1. Licensed Use of Software. Nortel Networks grants Customer a nonexclusive license to use a copy of the Software on only one
machine at any one time or to the extent of the activation or authorized usage level, whichever is applicable. To the extent Software is
SR1001 Web UI User Guide
Version 8.3.5

furnished for use with designated hardware or Customer furnished equipment (CFE), Customer is granted a nonexclusive license to use
Software only on such hardware or CFE, as applicable. Software contains trade secrets and Customer agrees to treat Software as confidential
information using the same care and discretion Customer uses with its own similar information that it does not wish to disclose, publish or
disseminate. Customer will ensure that anyone who uses the Software does so only in compliance with the terms of this Agreement.
Customer shall not a) use, copy, modify, transfer or distribute the Software except as expressly authorized; b) reverse assemble, reverse
compile, reverse engineer or otherwise translate the Software; c) create derivative works or modifications unless expressly authorized; or d)
sublicense, rent or lease the Software. Licensors of intellectual property to Nortel Networks are beneficiaries of this provision. Upon
termination or breach of the license by Customer or in the event designated hardware or CFE is no longer in use, Customer will promptly
return the Software to Nortel Networks or certify its destruction. Nortel Networks may audit by remote polling or other reasonable means to
determine Customers Software activation or usage levels. If suppliers of third party software included in Software require Nortel Networks
to include additional or different terms, Customer agrees to abide by such terms provided by Nortel Networks with respect to such third
party software.
2. Warranty. Except as may be otherwise expressly agreed to in writing between Nortel Networks and Customer, Software is provided
AS IS without any warranties (conditions) of any kind. NORTEL NETWORKS DISCLAIMS ALL WARRANTIES (CONDITIONS)
FOR THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OF NON-INFRINGEMENT. Nortel
Networks is not obligated to provide support of any kind for the Software. Some jurisdictions do not allow exclusion of implied warranties,
and, in such event, the above exclusions may not apply.
3. Limitation of Remedies. IN NO EVENT SHALL NORTEL NETWORKS OR ITS AGENTS OR SUPPLIERS BE LIABLE FOR
ANY OF THE FOLLOWING: a) DAMAGES BASED ON ANY THIRD PARTY CLAIM; b) LOSS OF, OR DAMAGE TO,
CUSTOMERS RECORDS, FILES OR DATA; OR c) DIRECT, INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, OR
CONSEQUENTIAL DAMAGES (INCLUDING LOST PROFITS OR SAVINGS), WHETHER IN CONTRACT, TORT OR OTHERWISE
(INCLUDING NEGLIGENCE) ARISING OUT OF YOUR USE OF THE SOFTWARE, EVEN IF NORTEL NETWORKS, ITS AGENTS
OR SUPPLIERS HAVE BEEN ADVISED OF THEIR POSSIBILITY. The foregoing limitations of remedies also apply to any developer
and/or supplier of the Software. Such developer and/or supplier is an intended beneficiary of this Section. Some jurisdictions do not allow
these limitations or exclusions and, in such event, they may not apply.
4.

General
a.

If Customer is the United States Government, the following paragraph shall apply: All Nortel Networks Software available under
this License Agreement is commercial computer software and commercial computer software documentation and, in the event
Software is licensed for or on behalf of the United States Government, the respective rights to the software and software
documentation are governed by Nortel Networks standard commercial license in accordance with U.S. Federal Regulations at 48
C.F.R. Sections 12.212 (for non-DoD entities) and 48 C.F.R. 227.7202 (for DoD entities).

b.

Customer may terminate the license at any time. Nortel Networks may terminate the license if Customer fails to comply with the
terms and conditions of this license. In either event, upon termination, Customer must either return the Software to Nortel
Networks or certify its destruction.

c.

Customer is responsible for payment of any taxes, including personal property taxes, resulting from Customers use of the
Software. Customer agrees to comply with all applicable laws including all applicable export and import laws and regulations.

d.

Neither party may bring an action, regardless of form, more than two years after the cause of the action arose.

e.

The terms and conditions of this License Agreement form the complete and exclusive agreement between Customer and Nortel
Networks.

f.

This License Agreement is governed by the laws of the country in which Customer acquires the Software. If the Software is
acquired in the United States, then this License Agreement is governed by the laws of the state of New York.

How to get help


This section explains how to get help for Nortel products and services.

Getting help from the Nortel web site


The best way to get technical support for Nortel products is from the Nortel Technical Support web site:

www.nortel.com/support
This site provides quick access to software, documentation, bulletins, and tools to address issues with Nortel products. More specifically, the
site enables you to:

download software, documentation, and product bulletins


search the Technical Support web site and the Nortel Knowledge Base for answers to technical issues

SR1001 Web UI User Guide


Version 8.3.5

sign up for automatic notification of new software and documentation for Nortel equipment
open and manage technical support cases

Getting help through a Nortel distributor or reseller


If you purchased a service contract for your Nortel product from a distributor or authorized reseller, contact the technical support staff for
that distributor or reseller.

Getting help over the phone from a Nortel Solutions Center


If you do not find the information you require on the Nortel Technical Support web site, and have a Nortel support contract, you can also get
help over the phone from a Nortel Solutions Center.
In North America, call 1-800-4NORTEL (1-800-466-7835).
Outside North America, go to the following web site to obtain the phone number for your region:

www.nortel.com/callus

Getting help from a specialist by using an Express Routing Code


An Express Routing Code (ERC) is available for many Nortel products and services. When you use an ERC, your call is routed to a
technical support person who specializes in supporting that product or service. To locate the ERC for your product or service, go to:

www.nortel.com/erc

SR1001 Web UI User Guide


Version 8.3.5

TABLE OF CONTENTS

ABOUT THIS GUIDE


Organization....................................................................................................................................... 1
Conventions ....................................................................................................................................... 1
Notices ........................................................................................................................................... 2
Documentation ................................................................................................................................... 3
About the Nortel Secure Router Documentation CD..................................................................... 3
Navigation .................................................................................................................................. 3
Printing Documents.................................................................................................................... 3
Related Nortel Guides .................................................................................................................... 3

STARTING THE WEBUI


Overview ............................................................................................................................................ 5
Main Tabs ...................................................................................................................................... 7
Common Functions ........................................................................................................................ 7
Common Elements ......................................................................................................................... 8
Error Messages and Prompts.......................................................................................................... 8

THE GUIDED SETUP CONFIGURATION WIZARD


Basic Setup......................................................................................................................................... 10
Virtual Private Network (VPN) Setup ............................................................................................... 11
Firewall Setup .................................................................................................................................... 12

CONFIGURATION
LAN ................................................................................................................................................... 14
WAN .................................................................................................................................................. 15
T1/T3.................................................................................................................................................. 16
Serial .................................................................................................................................................. 18
PPPoE................................................................................................................................................. 19
Routing............................................................................................................................................... 20
Security .............................................................................................................................................. 21
Setting Up Zones............................................................................................................................ 21
Configuring VPNs.......................................................................................................................... 21
Remote Access ............................................................................................................................... 22
Configuring Security Objects......................................................................................................... 22
Schedules ................................................................................................................................... 22
Application Filters...................................................................................................................... 22
Configuring Firewalls .................................................................................................................... 24

SR1001 Web UI User Guide


Version 8.3.5

ADMINISTRATION
Administration.................................................................................................................................... 26
User Administration ....................................................................................................................... 26
Boot Administration ....................................................................................................................... 27
Save/Reboot ................................................................................................................................... 28
Host name....................................................................................................................................... 28
Date ................................................................................................................................................ 28
Licenses .......................................................................................................................................... 29
Services Administration ................................................................................................................. 29
Ping................................................................................................................................................. 30
File System Administration............................................................................................................ 30

SR1001 Web UI User Guide


Version 8.3.5

FIGURES

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

WebUI Welcome Screen............................................................................................................ 6


Status Screen .............................................................................................................................. 7
Guided Setup Tab....................................................................................................................... 9
The Three basic set up steps ...................................................................................................... 10
Site-to-Site VPN Setup Screen .................................................................................................. 11
Firewall Setup Screen (showing Inbound Policy)...................................................................... 12
The Configuration Main Screen................................................................................................. 13
LAN Configuration .................................................................................................................... 14
WAN Interface Settings ............................................................................................................. 15
WAN Bundle Details ................................................................................................................. 15
T1 Interfaces .............................................................................................................................. 16
T1 Settings ................................................................................................................................. 16
T3 Interfaces .............................................................................................................................. 16
T3 Details................................................................................................................................... 17
Serial interfaces.......................................................................................................................... 18
V.35 Settings.............................................................................................................................. 18
V.35 Configuration .................................................................................................................... 18
PPPoE interfaces ........................................................................................................................ 19
PPPoE Settings........................................................................................................................... 19
Static Routes .............................................................................................................................. 20
Configuring Zones ..................................................................................................................... 21
Configuring IKE Site-to-Site VPN Parameters ......................................................................... 21
Configuring Security ObjectsNAT Pool Example................................................................. 22
Configuring Schedules Example................................................................................................ 22
Application FilterHTTP Filter Example ............................................................................... 23
Configuring FirewallsOutbound Policy Example.................................................................. 24
Administration Tab .................................................................................................................... 26
Administration Window............................................................................................................. 27
Existing Users ............................................................................................................................ 27
Boot Parameters Window .......................................................................................................... 27
Save/Reboot Window ................................................................................................................ 28
Hostname Window..................................................................................................................... 28
Current Data and Time Window ................................................................................................ 29
Licenses Window ....................................................................................................................... 29
Services Window ....................................................................................................................... 30
Ping Window.............................................................................................................................. 30
File System Window .................................................................................................................. 31

SR1001 Web UI User Guide


Version 8.3.5

SR1001 Web UI User Guide


Version 8.3.5

TABLES

1
2

Guide Organization: Chapters..................................................................................................... 1


Text Conventions ........................................................................................................................ 1

SR1001 Web UI User Guide


Version 8.3.5

SR1001 Web UI User Guide


Version 8.3.5

ABOUT THIS GUIDE


A Web user interface is available on the Nortel Secure Router 1001 and is supported on Version 8.3.5
or higher.
The WebUI does not replace the CLI. You must still perform the basic configuration described in the
Install Guide. Furthermore, the WebUI does not enable you to do advanced configurations. However,
the WebUI allows new or inexperienced users to create basic router and security configurations
quickly and effectively.

Organization
The following tables describe the content and organization of this guide.
Table 1 Guide Organization: Chapters
Chapter

Description

About This Guidedefines the user audience, and describes the organization of this guide, use
of special notices, and other Nortel user guides.

Starting the WebUIdescribes how to access the WebUI and log onto the router. It also
describes the opening screen.

Guided Setupdescribes wizard-like configuration process best suited to network


administrators who are new to the router.

Configurationdescribes the configuration options for the SR1001. This chapter is targeted at
those network administrators who are familiar with the Nortel CLI and routers.

Administrationdescribes basic administrative tasks that can be performed with the WebUI.

Conventions
This guide uses the following typographical conventions:

Table 2 Text Conventions


Font

Description

boldface font

Used for commands that you enter, words that you type, or keyboard keys that you press.

screen font Used to display a screen capture.

SR1001 Web UI User Guide


Version 8.3.5

2 CHAPTER 1

About This Guide

Conventions

Notices
Notice paragraphs alert you about issues that require your attention. The following paragraphs describe the
types of notices used in this guide.
NOTE: Notes provide tips and useful information regarding the installation and operation of SR1001s.
ESD: ESD notices provide information about how to avoid discharge of static electricity and subsequent

damage to SR1001s.
CAUTION: Caution notices provide information about how to avoid possible service disruption or

damage to SR1001s.
WARNING: Warning notices provide information about how to avoid personal injury when working

with SR1001s.

SR1001 Web UI User Guide


Version 8.3.5

Documentation
Nortel user guides, which are provided in portable document format (PDF), are included on the
Nortel Secure Router Documentation CD-ROM that ships with the Models 1001, 1001S, 1002, and
1004 router. The PDF files are also available on the Nortel website: www.nortel.com
To view PDF files, Adobe Acrobat Reader 4.0, or newer, must be installed on your workstation.
If you do not have the Adobe Acrobat Reader installed on your system, you can obtain it free from
the Adobe website: www.adobe.com.

About the Nortel Secure Router Documentation CD


This product ships with a CD that includes the following documentation:

SR1001 Quick Start Guide


SR1001 Installation Guide
SR1001 Command Reference Guide
SR1001 Routing Guide
SR1001 Configuration Guide
SR1001 Web UI User Guide
Supported standard and enterprise MIBs
Feature summaries
SNMP trap descriptions with default configurations

Navigation
Upon inserting the Nortel Secure Router Documentation CD into your CD-ROM drive. Click a link
to open a pdf version of the target document. If you do not have Adobe Acrobat (version 4.0, or later)
or Acrobat Reader installed on your PC, click the Adobe button on the navigation screen to go to the
Adobe website, where you can download a free copy of the Acrobat Reader application.
If a browser session is not opened, click Start\Run, enter the drive letter of your CD-ROM drive in
the Open entry box, and click OK.

Printing Documents
To print any pdf document on the CD, follow this procedure.
1 Open the desired document by clicking the document link in the CD navigation window.
2 Click the Printer icon on the Adobe Acrobat tool bar.
3 In the Windows Print dialog box, select a local default printer in the Printers drop down
selection box.
4 Click OK.

Related Nortel Guides


In addition to this guide, the following list includes other available Nortel documentation:

Release Notes

Printed release notes provide the latest information. If release notes are provided with your
product, follow these instructions in addition to those provided in other documentation.

SR1001 Quick Start Guide

This guide is a condensed version of the SR1001 Installation Guide and is intended for installers
and network administrators familiar with the SR1001.

SR1001 Installation Guide

SR1001 Web UI User Guide


Version 8.3.5

4 CHAPTER 1

About This Guide

Documentation

This guide is designed to assist users with the initial installation and deployment of the SR1001.
The guide provides a brief overview of the installation and initial configuration processes.

SR1001 Command Reference Guide

This detailed guide provides a complete description of all Nortel command line interface (CLI)
commands for T1 and E1 circuits.

SR1001 Routing Guide

This guide provides descriptions of commands available for Nortel implementation of BGP,
OSPF, RIP, and other routing protocols.

SR1001 Configuration Guide

This guide provides example configurations.

SR1001 Web UI User Guide


Version 8.3.5

STARTING THE WEBUI


This chapter provides information about accessing the Web user interface (WebUI) for the SR1001.

Overview
The Web Graphical User Interface (GUI, or WebUI) allows web-based security and basic router
configuration. The traditional command line interface (CLI) is still available (as discussed in your router
Installation Guide).
To open the web user interface, you must have:

Version 8.3.5 or higher router software on the SR1001


The router IP address
The administrator username and password

If you are configuring this router for the first time, you must assign the IP address and other basic
configuration values through the CLI as described in the SR1001 Installation Guide.
NOTE: Before you try to connect to your router, make sure you can ping its IP address. If you
are not able to ping the router, you will not be able to connect to the WebUI.

Point your web browser at the router IP address by entering:


http://ipaddress of your route.r.
(In this release, the web browser must be Internet Explorer 5.5 or higher. Also, secure HTTP
(HTTPS) is not supported in this release.)
NOTE: You must enable cookies in your browser.

The Welcome screen appears as shown in Figure 1. Basic information about the WebUI is available
on the screen.

SR1001 Web UI User Guide


Version 8.3.5

6 CHAPTER 2

Starting the WebUI

Overview

Figure 1 WebUI Welcome Screen

Enter the user name and password (as configured through the CLI) and click Login.
NOTE: Users cannot log in using the WebUI (or Telnet) if the password has not already been

configured. Use the configure password command from the CLI to set the password.
The main screen displays as shown in Figure 2.

SR1001 Web UI User Guide


Version 8.3.5

Figure 2 Status Screen

The Status screen shows the basic information about your router as well as the status of your LAN
interfaces, WAN bundle status, firewall, and VPN activity.
NOTE: For the best screen viewing, Nortel recommends setting the screen resolution to
1024x768.

Main Tabs
The four main tabs allow you to access Status, Guided Setup, Configuration, and Administration from
every page. Choose Guided Setup which is a wizard-like configuration tool to help you set up VPN,
Firewall, and basic routing specifications. Use this tab if you are new to SR1001s, or if you do not have
expert-level experience configuring advanced networking options.
Or you can choose Configuration which allows you to create the basic configuration manually, and add
more complex configuration specifications.
If you create your basic router configuration using the Guided Setup tab, you can always use the
Configuration tab to make modifications.
Use the Administration tab to set up your router.

Common Functions
On all the interface screens, you will be able to click Help. Help > User Manual provides you with
additional information on a field or the location of a setting. Help > Support Information provides
contact information for getting support with your Nortel products. Help > Technical Support displays
and saves information about your router which is useful to technical support personnel. You will be
prompted to save this information in Flash or on a local PC. You can then send this data to Nortel
Technical Support for further analysis.

SR1001 Web UI User Guide


Version 8.3.5

8 CHAPTER 2

Starting the WebUI

Overview

Click Alarms to configure the slot (for example, the serial module) on which to capture alarms and to set
the refresh interval. Click Events Log to see any logs which have been recorded.
You can also click Telnet to convert your HTTP or HTTP browser-based connection to a Telnet session.
When you want to leave the WebUI, click Logout.

Common Elements
Every page displays the navigation bar which provides the current position and path and are like bread
crumbs that allow you to get back to where you started as needed.
Click titles to see more detailed status information.
You will see model information in the upper left hand portion of each screen. For example, in Figure 2 the
installed modules are 1 BRI and 1 T1.

Error Messages and Prompts


If you try to save a configuration that is not complete or is not valid, the system will prompt you to correct
the error. However, you are not prompted to fix an error or invalid configuration until you try to apply it.
The system does not prompt you entry by entry.
NOTE: If a field in the WebUI is a required field, the WebUI will prompt you to provide the
necessary information before it can proceed.
WARNING: If you reset the date or time from the WebUI, the date and time are reset on the
SR1001. This will cause your HTTP service, which hosts your WebUI, to timeout and you will
have to login again.

SR1001 Web UI User Guide


Version 8.3.5

3
THE GUIDED SETUP
CONFIGURATION WIZARD
The Guided Setup tab helps you create a basic but powerful and secure configuration for your
router. This is a practical approach to take if you are not experienced in router configurations.
The Guided Setup page is shown in Figure 3.

Figure 3 Guided Setup Tab

Notice that tips and hints are included on the lower left portion of the screen.
NOTE: You must make your VPN and Firewall selections here, BEFORE you start to create

your Virtual Private Network (VPN) Setup on page 11 or Firewall Setup on page 12.

SR1001 Web UI User Guide


Version 8.3.5

10 CHAPTER 3

The Guided Setup Configuration Wizard

Basic Setup

To start configuring your router, select the Guide you want and click Apply Settings. In this
case, the Basic Setup LAN configuration/Bundle creation/Default gateway radio button is
selected and the Basic Settings screen displays as shown in Figure 4.

Basic Setup
The basic setup screen divides configuration flow into three steps.

Figure 4 The Three basic set up steps

Fill in the fields starting with Step 1. If you make a mistake, click Reset Settings to reset the
screen to the saved settings. Click Cancel to return to the previous screen without saving any
changes. When you are finished, click Apply Settings.
If you need help on a particular field, click Help. Refer to the diagram on the left panel of the
screen for a visual explanation of what each step accomplishes.

SR1001 Web UI User Guide


Version 8.3.5

11

Virtual Private Network (VPN) Setup


After you have configured your router with a basic IP configuration, you are returned to the
main Guided Setup screen. If you want to configure your router for VPN then click Zone
Setup select a zone or create a new one from the pull down menu for each interface. When you
are finished, click Apply Settings to apply your zone configuration. You are returned to the
main Guided Setup screen.
To configure your VPN (after selecting VPN type on Figure 3), in the VPN section of the
Guided Setup screen, click the Create Site-to-Site GRE Virtual Private Network radio
button, then click Apply Settings. The VPN Setup screen displays as shown in Figure 5.

Figure 5 Site-to-Site VPN Setup Screen

Fill in the fields starting with Step 1. If you make a mistake, click Reset Settings to reset the
screen. Click Cancel to return to the previous screen without saving any changes. When you are
finished, click Apply Settings.
If you need help on a particular field, click Help. Refer to the diagram on the left panel of the
screen for a visual explanation of what each step accomplishes.

SR1001 Web UI User Guide


Version 8.3.5

12 CHAPTER 3

The Guided Setup Configuration Wizard

Firewall Setup

Firewall Setup
After you have configured your VPN configuration, click Zone Setup in the Firewall Setup
section of the Guided Setup screen. Zone Setup allows you to set the environment for your
Ethernet and WAN bundle interfaces.
NOTE: If you configured Zone Setup in the VPN setup section, you do not need to repeat zone

setup here. The values you set in the VPN setup section apply here as well.

To configure your firewall, (after selecting firewall policy on Figure 3) in the Firewall section
of the Guided Setup screen, click either Create Inbound Firewall Policy or Create Outbound
Firewall Policy radio button. Then click Apply Settings. The VPN Setup screen displays as
shown in Figure 6 (which shows an Inbound Firewall Policy screen.

Figure 6 Firewall Setup Screen (showing Inbound Policy)

Fill in the fields starting with Step 1. If you make a mistake, click Reset Settings to reset the
screen. Click Cancel to return to the previous screen without saving any changes. When you are
finished, click Apply Settings.
If you need help on a particular field, click Help. Refer to the diagram on the left panel of the
screen for a visual explanation of what each step accomplishes.

SR1001 Web UI User Guide


Version 8.3.5

13

CONFIGURATION
This chapter describes how to configure the router and users, and change the factory default
configuration.
The Configuration tab is designed for experienced network administrators. All other users should refer to
the Guided Setup tab (see The Guided Setup Configuration Wizard).
To begin manually configuring or modifying your router configuration, click the Configuration tab to
display the main configuration screen shown in Figure 7.

Figure 7 The Configuration Main Screen

While this tab has no wizard properties it is laid out in a logical, top to bottom order starting with LAN,
WAN, Routing, Security, and finishing with Administration configurations. Each of these sections is
discussed below. Explanations appear on screen for each section and online help is available (click Help).

SR1001 Web UI User Guide


Version 8.3.5

14 CHAPTER 4

Configuration

LAN

LAN
To see or modify LAN interface settings, click the link for LAN under the Categories section on the left
panel of the screen. The interface settings display as shown in Figure 8.

Figure 8 LAN Configuration

Click Apply Settings to save any changes. Click Reset Settings to reset the screen to its original
settings, or click Cancel to close the screen and return to the main Configuration screen without saving
any changes.

SR1001 Web UI User Guide


Version 8.3.5

15

WAN
To see or modify existing WAN bundle or WAN interface settings, expand the link for WAN under the
Categories section on the left panel of the screen. The bundle interface settings display as shown in
Figure 9.
To create a new bundle, click New to display the Bundle screen. To delete a bundle, click the Delete box
for that bundle.

Figure 9 WAN Interface Settings

Click Apply Settings to save any changes. Click Reset Settings to reset the screen to its original
settings, or click Cancel to close the screen and return to the main Configuration screen without saving
any changes.
To display details about a bundle, click it to display the setting details as shown in Figure 10.

Figure 10 WAN Bundle Details

SR1001 Web UI User Guide


Version 8.3.5

16 CHAPTER 4

Configuration

T1/T3

T1/T3
To see existing T1 or T3 bundle interface settings, expand the link for WAN under the Categories section
on the left panel of the screen. The T1 interface settings display as shown in Figure 9.

Figure 11 T1 Interfaces

Click Apply Settings to save any changes. Click Reset Settings to reset the screen to its original settings,
or click Cancel to close the screen and return to the main Configuration screen without saving any
changes.
To display details of a particular interface, click the appropriate entry.

Figure 12 T1 Settings

To display details of a particular interface, click the appropriate entry.


The following screens show the T3 interface details.

Figure 13 T3 Interfaces

SR1001 Web UI User Guide


Version 8.3.5

17

To display details of a particular interface, click the appropriate entry.

Figure 14 T3 Details

The T3 interface details display. You can edit the configuration and click Apply Settings or reset it to
default by clicking Reset Settings.

SR1001 Web UI User Guide


Version 8.3.5

18 CHAPTER 4

Configuration

Serial

Serial
To see existing serial bundle interface settings, expand the link for WAN under the Categories section on
the left panel of the screen. The Serial interface settings display as shown in Figure 15.

Figure 15 Serial interfaces

Click Apply Settings to save any changes. Click Reset Settings to reset the screen to its original settings,
or click Cancel to close the screen and return to the main Configuration screen without saving any
changes.
To display details of a particular interface, click the appropriate entry.

Figure 16 V.35 Settings

To display details of a particular interface, click the appropriate entry.


The following screens show the V.35 interface details.

Figure 17 V.35 Configuration

SR1001 Web UI User Guide


Version 8.3.5

19

PPPoE
To see existing PPPoE bundle interface settings, expand the link for WAN under the Categories section on
the left panel of the screen. The Serial interface settings display as shown in Figure 18.

Figure 18 PPPoE interfaces

Click Apply Settings to save any changes. Click Reset Settings to reset the screen to its original settings,
or click Cancel to close the screen and return to the main Configuration screen without saving any
changes.
To display details of a particular interface, click the appropriate entry.

Figure 19 PPPoE Settings

To display details of a particular interface, click the appropriate entry.

SR1001 Web UI User Guide


Version 8.3.5

20 CHAPTER 4

Configuration

Routing

Routing
To see or modify route settings, expand the link for Routing under the Categories section on the left panel
of the screen. The route settings display as shown in Figure 20.
To create a new route, click New to display the Routing screen. To delete a route, click the Delete box for
that route. To see route details, click the routing entry.
NOTE: In this release, only Static routing is supported from the WebUI. To configure dynamic

routing, use the Command Line Interface.

Figure 20 Static Routes

Click Apply Settings to save any changes. Click Reset Settings to reset the screen to its original
settings, or click Cancel to close the screen and return to the main Configuration screen without saving
any changes.

SR1001 Web UI User Guide


Version 8.3.5

21

Security
The security categories allow you to set zones, VPN, Security objects, and Firewall values.

Setting Up Zones
A security zone is a configuration that allows administrators to create unique rules for each zone. These
rules determine how one zone communicates with another, but these rules have no effect on traffic within
a zone.
Each zone can be created to perform specific tasks, and administrators can assign the resources and
privileges to allow these tasks to be performed.

Figure 21 Configuring Zones

Configuring VPNs
To configure a VPN, expand the Security category, then expand the VPN selection. You can configure
site-to-site and remote access policies. For example, Figure 22 shows the IKE policy configuration
window. Within each area, you can view the policies in place. You can edit a policy by selecting the policy
name. You can create a new policy by clicking New.

Figure 22 Configuring IKE Site-to-Site VPN Parameters

Click Apply Settings to save any changes. Click Reset Settings to reset the screen to its original
settings, or click Cancel to close the screen and return to the main Configuration screen without saving
any changes.

SR1001 Web UI User Guide


Version 8.3.5

22 CHAPTER 4

Configuration

Security

Remote Access
To allow access to remote users, select Security and expand VPN, then select Remote Access.

Configuring Security Objects


To configure security objects for a VPN, expand the Security category, then expand the Security Objects
selection. Here you can configure schedules, NAT pools, and application files. Figure 23 shows the NAT
pool configuration window.

Figure 23 Configuring Security ObjectsNAT Pool Example

Schedules
Schedules are used to control when a zone will be able to perform a task. For example, administrators can
set a schedule as to when the firewall security zone is active. To configure schedules, expand Security
Objects. Select New to create a schedule.

Figure 24 Configuring Schedules Example

Application Filters
To create HTTP, SMTP, or FTP filters, expand Application Filters. Select the appropriate filter type.
Figure 25 shows an example of HTTP filters.

SR1001 Web UI User Guide


Version 8.3.5

23

Figure 25 Application FilterHTTP Filter Example

SR1001 Web UI User Guide


Version 8.3.5

24 CHAPTER 4

Configuration

Security

Configuring Firewalls
To configure firewall policies, expand the Security category, then expand the Firewall selection. You can
configure firewall policies for outbound and inbound traffic. Figure 26 shows outbound policy window.
To create a new firewall policy, click New to display the Firewall screen. To delete a route, click the
Delete box for that route.

Figure 26 Configuring FirewallsOutbound Policy Example

Click a policy to view or edit it. Click Apply Settings to save your changes, click Reset Settings to
return to the original screen settings, or click Cancel to close the screen and return to the Configuration
screen without saving any changes.

SR1001 Web UI User Guide


Version 8.3.5

25

ADMINISTRATION
This chapter describes how to administer the router and users.
The Administration tab is designed for experienced network administrators. .
Click the Administration tab to display the main administration screen shown in Figure 28.

SR1001 Web UI User Guide


Version 8.3.5

26 CHAPTER 5

Administration

Administration

Administration

Figure 27 Administration Tab

Use the Administration category to:

Change passwords
Reset dates
Check the status of the boot configuration
Change the hostname or the date and time
Reboot the router
Enable or disable protocols such as TFTP, DHCP, and SNMP.
Perform connection tests by launching pings
Manage the file system

User Administration
The User Administration screen is shown in Figure 28.

SR1001 Web UI User Guide


Version 8.3.5

27

Figure 28 Administration Window

Click Apply Settings to save any changes. Click Reset Settings to reset the screen to its original
settings, or click Cancel to close the screen and return to the main Configuration screen without saving
any changes.
The existing users are shown in Figure 29:

Figure 29 Existing Users

Boot Administration
The Boot Administration screen, which displays the router boot parameter settings, is shown in Figure 28.

Figure 30 Boot Parameters Window

Click Apply Settings to save any changes. Click Reset Settings to reset the screen to its original
settings, or click Cancel to close the screen and return to the main Configuration screen without saving
any changes.
SR1001 Web UI User Guide
Version 8.3.5

28 CHAPTER 5

Administration

Administration

Save/Reboot
The Save/Reboot screen is shown in Figure 28. To save the configuration to onboard Flash, click Save
configuration to local Flash. To reboot the router, click Reboot the device.

Figure 31 Save/Reboot Window

Click Apply Settings to save any changes. Click Reset Settings to reset the screen to its original
settings, or click Cancel to close the screen and return to the main Configuration screen without saving
any changes.

Host name
The Host name screen, which shows the name configured for this device, is shown in Figure 28.

Figure 32 Hostname Window

Click Apply Settings to save any changes. Click Reset Settings to reset the screen to its original
settings, or click Cancel to close the screen and return to the main Configuration screen without saving
any changes.

Date
The Date screen, which displays the current time and date set on the router, is shown in Figure 28. To
change the time and date, enter the appropriate values in the time and date fields.

SR1001 Web UI User Guide


Version 8.3.5

29

Figure 33 Current Data and Time Window

Click Apply Settings to save any changes. Click Reset Settings to reset the screen to its original
settings, or click Cancel to close the screen and return to the main Configuration screen without saving
any changes.

Licenses
The Licenses screen is shown in Figure 34. Use this screen to install your licenses. You will need the
license key to install each license successfully.

Figure 34 Licenses Window

Click Apply Settings to save any changes. Click Reset Settings to reset the screen to its original
settings, or click Cancel to close the screen and return to the main Configuration screen without saving
any changes.

Services Administration
The Services Administration screen is shown in Figure 28. Use this screen to set the various protocols to
be supported on this router.

SR1001 Web UI User Guide


Version 8.3.5

30 CHAPTER 5

Administration

Administration

Figure 35 Services Window

Click Apply Settings to save any changes. Click Reset Settings to reset the screen to its original
settings, or click Cancel to close the screen and return to the main Configuration screen without saving
any changes.

Ping
The Ping screen is shown in Figure 28. Use this screen to send ICMP packets to the specified device.
NOTE: Sending and ping and receiving ping responses (shown in the Response field) will halt all

other traffic for the duration of the ping test


.

Figure 36 Ping Window

Click Apply Settings to save any changes. Click Reset Settings to reset the screen to its original
settings, or click Cancel to close the screen and return to the main Configuration screen without saving
any changes.

File System Administration


The File System Administration screen is shown in Figure 28. Use this screen to manage the files in Flash.
To remove a file from Flash and recover the space occupied, click the checkbox next to the file to be
deleted and click Apply Settings. Deleted files cannot be undeleted.

SR1001 Web UI User Guide


Version 8.3.5

31

Figure 37 File System Window

Click Apply Settings to save any changes. Click Reset Settings to reset the screen to its original settings,
or click Cancel to close the screen and return to the main Configuration screen without saving any
changes.

SR1001 Web UI User Guide


Version 8.3.5

32 CHAPTER 5

Administration

SR1001 Web UI User Guide


Version 8.3.5

Administration