Multi-Tech RF550VPN SOHO Internet Security Appliance ****************************************************************************************** WARNING: Upgrading the Firmware from V4.63 or below to V4.67 or above MIGHT WIPE OUT ALL THE CURRENT SETTINGS. After the upgrade, ALL SETTINGS WILL BE PUT BACK TO THE FACTORY DEFAULT -- INCLUDING THE LAN IP ADDRESS which is defaulted to 192.168.2.1 In some cases, after you upgrade the firmware, you will require to press and hold the reset button in back for 5 seconds to put everything back to factory defaults After upgrading firmware, please check carefully and make sure ALL settings are configured properly. ******************************************************************************************* Notepad Printing Suggestion: Click the middle screen-control button located in the upper right corner of the screen before you print. It reduces the screen size. A reduced screen size prevents the text from breaking in the wrong places. If desired, change the font to Arial (Western) by highlighting the whole document and selecting Format from the Menu Bar > Font > Arial (Western) -- this change helps to improve the appearance of the printed document. Wordpad: Whenever possible, open and print this document in Wordpad. Wordpad does not create so many text wrapping problems. Change the font to Arial by highlighting all of the text, selecting Edit from the Menu Bar > Set Font > Arial. CONTENTS ----------------- - Upgrade the Firmware - Revision History - Technical Support - Copyrights and Trademarks UPGRADE THE FIRMWARE: ------------------------------------------ ****************************************************************************************** WARNING: Upgrading the Firmware from V4.63 or below to V4.66 or above MIGHT WIPE OUT ALL THE CURRENT SETTINGS. After the upgrade, ALL SETTINGS WILL BE PUT BACK TO THE FACTORY DEFAULT -- INCLUDING THE LAN IP ADDRESS which is defaulted to 192.168.2.1 In some cases, after you upgrade the firmware, you will require to press and hold the reset button in back for 5 seconds to put everything back to factory defaults After upgrading firmware, please check carefully and make sure ALL settings are configured properly. ****************************************************************************************** 1. Bring up the browser and enter the IP address of the RF550VPN (ie http://192.168.2.1). 2. Click the System Tools button and login as admin and enter the admin password (no password is defaulted -- to use the default, you can leave the password field blank). 3. Click the Upgrade Firmware button on the left. 4. Click the Browse button and select the firmware file (ie rf550x.xxx). 5. Click the Start button. 6. When the upgrade is completed, the program will return to the main page. 7. Click on Device Information and make sure the Firmware Version is correct. If the version nubmer is not the latest one, repeat Step 2 to 6. 8. If there are any setup, configuration or operational problems after upgrading to the new firmware, press the reset button on the back of the RouteFinder and hold the button until the serial LEDs blink. This will return all the settings to the factory defaults. REVISION HISTORY: ------------------------------ Firmware Version V4.68: (Dated 8/10/2005) --------------------------------------------------------------- ******************************************************************************************* WARNING: Upgrading the Firmware to V4.68 MIGHT WIPE OUT ALL THE CURRENT SETTINGS. After the upgrade, ALL SETTINGS WILL BE PUT BACK TO THE FACTORY DEFAULT -- INCLUDING THE LAN IP ADDRESS which is defaulted to 192.168.2.1 In some cases, after you upgrade the firmware, you will require to press and hold the reset button in back for 5 seconds to put everything back to factory defaults After upgrading firmware, please check carefully and make sure ALL settings are configured properly. ******************************************************************************************* (Bug Fixes) - Fixed no IP addresses returned to the pool when DHCP client power off or move on. - Fixed DHCP log lease time shows "-" negative lease times. - Fixed Async port dialup when using with ISDN. It must send out "reply reject" when it gets a BACP request from the ISP - Fixed PPPoE can not reconnect problem - Fixed Async port dialup PPP which can't connect correctly due to MRU value. Firmware Version V4.67: (Dated 3/22/2005) --------------------------------------------------------------- ******************************************************************************************* WARNING: Upgrading the Firmware to V4.67 MIGHT WIPE OUT ALL THE CURRENT SETTINGS. After the upgrade, ALL SETTINGS WILL BE PUT BACK TO THE FACTORY DEFAULT -- INCLUDING THE LAN IP ADDRESS which is defaulted to 192.168.2.1 In some cases, after you upgrade the firmware, you will require to press and hold the reset button in back for 5 seconds to put everything back to factory defaults After upgrading firmware, please check carefully and make sure ALL settings are configured properly. ******************************************************************************************* (Bug Fixes) - Fixed the DHCP client function so it responds to some Acknowledgment packets correctly - Fixed some ISP PPPoE connect problem - Fixed PPPoE connection problem when using MS-CHAPV2 - Fixed port redirection mapping problem when mapping from port 222 to 22. It keeps disconnect when hold down the key using putty to login to linux server - Fixed port mapping with 22 to 22 and port redirection mapping with port 222 to 22 does not allow - Fixed virtual Server LoopBack problem - Fixed value "seconds elapsed" is set to zero in DHCP offer/ack packets - Fixed A default DOMAIN NAME in DHCP client offer. Default "admin" will be offered - Fixed ddns will not do update when wan is using static ip - Fixed some DDNS update issue New Features and Changes ------------------------ - Support DDNS "user name" and "password" with upto 63 characters - Add DDNS auto update every 7 days, even the wan ip does not change - Add syslog messeages when DDNS is performing update - Add the lease time setting in the DHCP sever function - Add syslog messages during PPPoE negoiation - Add DHCP relay function - Add option to customize the default gateway field in the DHCP server setup Firmware Version V4.66: (Dated 5/27/2004) --------------------------------------------------------------- ******************************************************************************************* WARNING: Upgrading the Firmware to V4.66 MIGHT WIPE OUT ALL THE CURRENT SETTINGS. After the upgrade, ALL SETTINGS WILL BE PUT BACK TO THE FACTORY DEFAULT -- INCLUDING THE LAN IP ADDRESS which is defaulted to 192.168.2.1 In some cases, after you upgrade the firmware, you will require to press and hold the reset button in back for 5 seconds to put everything back to factory defaults After upgrading firmware, please check carefully and make sure ALL settings are configured properly. ******************************************************************************************* (Bug Fixes) - Fixed problem with port 1998. This port is now close - Fixed problem when trying to ping IP address ending with 255 (i.e = f4.grp.yahoofs.com (ip = 66.218.66.255)) - Fixed Async dialup PPP problem when ISP is requesting BACP protocol. - Fixed Internet access problem when ISP assigns Wan IP address = x.x.x.255 - Fixed problem when async dialup modem does not disconnect even when there are no LAN devices connected - Fixed CDMA / GSM modems compatibility problem. - Fixed DDNS username and password so it allows 63 bytes Firmware Version V4.65: (Dated 11/11/2003) --------------------------------------------------------------- ******************************************************************************************* WARNING: Upgrading the Firmware to V4.65 MIGHT WIPE OUT ALL THE CURRENT SETTINGS. After the upgrade, ALL SETTINGS WILL BE PUT BACK TO THE FACTORY DEFAULT -- INCLUDING THE LAN IP ADDRESS which is defaulted to 192.168.2.1 In some cases, after you upgrade the firmware, you will require to press and hold the reset button in back for 5 seconds to put everything back to factory defaults After upgrading firmware, please check carefully and make sure ALL settings are configured properly. ******************************************************************************************* (Bug Fixes) - Fixed problem with VPN connection when switching between Wan ethernet port using PPPoE and Async dialback port - Fixed problem with PPPoE reconnect after dial backup is active and PPPoE connection is back online. - Fixed problem with VPN tunnel reconnect when PPPoE connection is back from dial backup - Fixed When WAN port in DHCP mode and get different IP address after it reconnects, VPN will not re-establish, VPN still show active connection for the dialup link even the dialup link already disconnected. - Fixed UK ADSL problem where WAN ethernet IP and gateway are the same and netmask is 255.255.255.255 - Fixed some mistake in the text messages within the logout page - Fixed problem when using Windows 2000 load balancing - Fixed display problem in Renew IP address within the DHCP log display - Fixed loopback problem when using port redirection mapping for virtual server - Fixed VPN status display problem when using IPsec manual mode, the TX / RX pkts does not show the correct values in VPN status. It always show ZERO. - Fixed problem with manual DDNS update in Device Status - Fixed problem with external modem that does not supply DSR signal to the async port. - Fixed PPPoE compatibility issue with some ISP ( it is about receive LCP request after authentication ) - Fixed PPPoE connect problems with some ISP New Features and Changes ------------------------ - Support custom DDNS function when using customer DNS from Www.dyndns.org - Increse the DDNS update server,host name fields length from 15 character to 64 character and domanin name field length from 15 character to 31 character" Firmware Version V4.64: (Dated 4/14/2003) --------------------------------------------------------------- ******************************************************************************************* WARNING: Upgrading the Firmware from V4.63 or below to V4.64 or above MIGHT WIPE OUT ALL THE CURRENT SETTINGS. After the upgrade, ALL SETTINGS WILL BE PUT BACK TO THE FACTORY DEFAULT -- INCLUDING THE LAN IP ADDRESS which is defaulted to 192.168.2.1 In some cases, after you upgrade the firmware, you will require to press and hold the reset button in back for 5 seconds to put everything back to factory defaults After upgrading firmware, please check carefully and make sure ALL settings are configured properly. ******************************************************************************************* (Bug Fixes) - Fixed VPN disconnection when DHCP renewing and it gets the same IP address. When DHCP client renew on the Wan ethernet port, VPN connetion was dropping even when the new IP address is the same. - Fixed if you have a public static IP address on the Wan port and you setup virtual server mapping by entering the public static IP in the external IP field, then on the LAN, if you try to access the public static IP, it will NOT work, it can NOT handle loopback when external IP field is enter with public static IP in virtual server mapping. - Fixed the uptime dipslay in VPN status. It was counting too fast. - Fixed acessing inbox within mail.yahoo.com after URL filter is enabled - Fixed UK ADSL problem when WAN is setup for DHCP. There is a problem when ISP gives out the same IP for WAN ethernet IP and gateway and netmask is 255.255.255.255 - Fixed RF550VPN reboot in every 1 min after RIP receiving is Enabled. - Fixed when setting WAN IP address as LAN segement will cause the router to hang up. - Fixed set multiple public IP address in virtual server,the LAN can not resolve domain name for the internal servers that are assign with the public IP address. - Fixed VPN tunnel establish problem when one of the private LAN is using subnet 10.10.10.x - Fixed the intrusion log time stamp display when async port is use as the main internet connection. - Fixed disabling of vpn tunnel problem. When the tunnel is disable, the vpn tunnel will not negotiate - Fixed the time stamp display problem in VPN log when the Wan link is using the Async port. - Fixed a DoS attack in Webadmin that cause buffer overflow problem. - Fixed a virtual server problem when multiple public IP is used. When mapping multiple public IP to multiple internal IP, the public IP must correspond to the internal IP virtual server setting when making outbound requests. New Features and Changes ------------------------ - Add support for the Australia Special login protocol on the Wan ethernet (Telstra BPA) - Add a new option in the main VPN setup to block all local internet access and only allow VPN traffics - Add a new second DNS entry in the ISP Additional Settings. This will allow DHCP server passes two DNS addresses to the client. - Add two WINS server entries in the DHCP Server Settings. This will allow DHCP server passes two WINS addresses to the client. - Add a option to enable / disable Microsoft UPnP. It is disabled by default - Add options in the Device Status to manual control the modem for dialing and hangup - DHCP Log will show the correct information which IP is static and which IP is DHCP, if it is from DHCP, it will show the DHCP lease time. - Improved the ISP Settings screen so it has selection for different service types such as Static, Cable / DHCP, PPPoE, PPTP and Telstra. - Add support in VPN connection so remote gateway IP can be entered using name (FQDN). This will allow dynamic IP on both sides when setting up VPN tunnels - Change the keep alive on the Wan port so it can ping a specific IP address that is configure in the Webadmin. This function is for better detection when doing Dial backup - When DNS is configured in the webadmin, DHCP client will not get the LAN ip of the router as the DNS server ip address. - Changed the Ipsec default Key Life = 28800 and IKE Life time = 3600 - Allow more characters (upto 31) in the Dynamic DNS domain name field - Added AES encryption support for VPN Firmware Version v4.63: (Dated 8/26/2002) --------------------------------------------------------------- ******************************************************************************************* WARNING: Upgrading the Firmware from V4.63 or below to V4.64 or above MIGHT WIPE OUT ALL THE CURRENT SETTINGS. After the upgrade, ALL SETTINGS WILL BE PUT BACK TO THE FACTORY DEFAULT -- INCLUDING THE LAN IP ADDRESS which is defaulted to 192.168.2.1 In some cases, after you upgrade the firmware, you will require to press and hold the reset button in back for 5 seconds to put everything back to factory defaults After upgrading firmware, please check carefully and make sure ALL settings are configured properly. ******************************************************************************************* (Bug Fixes) - Fixed DoS attack that caused the router to reboot. When Remote Web Admin was enabled, some DoS attacks via HTTP caused the router to reboot. - Fixed the problem that occurred when adding more than 2 manual IPsec connections. When adding more than 2 manual IPSec connections, the router would not operate at all. It now flashes the new firmware via the async port in order for the router to operate normally again. - Fixed the URL redirect error page so that it provides the link for user to go to a different Web site. - Fixed the Checkpoint IPSec client pass-thru problem. When running checkpoint IPsec client behind the router, it was not able to connect to the checkpoint VPN gateway on the Internet. - Fixed some PPPoE connect problems. With some ISPs, there were problems connecting when using PPPoE. - Fixed virtual server mapping when using port 113 (Ident). Port 113 (Ident) was not passing to the internal mapped server when the virtual server was enabled with this port open. - Fixed the Webadmin problem when using Netscape Browser. Webadmin would not work when using Netscape browser to configure the device. - Fixed a crashing problem when adding the fifth VPN connection. After adding the fifth VPN connection and you performed a save & restart, all the settings were wiped out and returned to the factory default settings. - Fixed the problem that occurred when adding \ character in the modem initialize string. When entering \ character in the async modem initialization string, it was showing double \\ after save & restart. - Fixed the IPsec manual keys so Webadmin only allows 8 characters for DES, 24 characters for 3DES, 16 characters for MD5, and 20 characters for SHA-1. - Fixed the dynamic DNS so it will update in 28 days even if the Wan IP address does not change. This prevents termination on the dynamic DNS account. - Fixed VPN status screen when VPN is setup to do manual mode. VPN statistics were not showing the information properly when the VPN connection was doing manual mode. - Fixed the async redialing too-quick problem. Some V.90 and V.92 modems take a long time to connect and the Async port was hanging up and redialing too quickly. New Features ----------------------- - Added an option to configure a TCP session timeout. This will prevent telnet or SSH sessions from disconnecting after sitting idle for a long period of time. - Added a VPN option for keep-alive. When this is enabled, it will automatically establish the VPN connection after power up or after a save & restart. This will eliminate the initial ping from a workstation in order to make the VPN tunnel active. - Added a VPN option for Netbios Broadcast. When setup as peer-to-peer network, this will allow the Network Neighborhood to see the other computers on the other side of the VPN tunnel. You MUST enable NetBIOS over TCP/IP in Windows TCP/IP setup in order for this to work. - Added port redirection support in the virtual server. This will cause the virtual server mapping to use an external port number that is different from the internal port number. Example: External port number on the Internet is port 80, but the internal Web server port number is 81. - Added support for multiple public IP address mapping in the virtual server. You can now map multiple public IP addresses to multiple internal servers. It supports up to 30 entries. - Added a startup syslog message to be sent when the device boots up or restarts. - Added a manual update button for Dynamic DNS in the Device Status page. This will allow the administrator to perform a manual update on the dynamic DNS account. - Allow #, $ and % characters in the VPN preshare key setup. Firmware Version V4.62: (Dated 6/6/2002) ------------------------------------------------------------- ****************************************************************************************** WARNING: Upgrading the Firmware from V4.63 or below to V4.64 or above MIGHT WIPE OUT ALL THE CURRENT SETTINGS. After the upgrade, ALL SETTINGS WILL BE PUT BACK TO THE FACTORY DEFAULT -- INCLUDING THE LAN IP ADDRESS which is defaulted to 192.168.2.1 In some cases, after you upgrade the firmware, you will require to press and hold the reset button in back for 5 seconds to put everything back to factory defaults After upgrading firmware, please check carefully and make sure ALL settings are configured properly. ******************************************************************************************* (Bug Fixes) - Fixed the WAN filter block problem. LAN clients could NOT access the Internet when the Wan filter was setup to block everything and only allowed a certain public IP from accessing virtual servers. - Fixed the Virtual server mapping and Async port problem. Virtual server mapping was not working when Async Port was in use as a Wan link. - Fixed the Watchguard Internet folder sharing problem. Watchguard has a feature which allows accessing shared folder from a browser. Our RF550VPN was not working properly with the Watchguard setup. - Fixed the Remote Webadmin that occurred when the Wan ethernet was using PPTP client. The Remote Webadmin was not working when the Wan ethernet was setup as a PPTP client. - Fixed the IPsec VPN problem that occurred when the Wan ethernet was using PPTP client. There was a problem setting the IPsec VPN when the Wan ethernet was using PPTP client. - Fixed the Sentinel reconnect problem that occurred when Webadmin drop the connection. After Sentinel connected to the RF550VPN via IPSec VPN and the tunnel was up and running, if you went into Webadmin and manually dropped the connection, Sentinel would not reconnect. - Fixed the Sentinel reconnect problem that occurred after it was active for 1 hour. After Sentinel connected to the RF550VPN via IPSec VPN and the tunnel was up and running, it would not reconnect after one hour. - Fixed the timeout and reconnect problem between the RF550VPN and the RF650VPN. After the IPSec tunnel was idle for more than an hour, the initial ping from the RF550VPN would timeout. - Fixed the DDNS dynamic problem that occurred when contacting dyndns.org for update. Update server now uses name instead of static IP address. - Fixed the DHCP problem so it works with Comcast in certain areas. New Features -------------------- - Added IPsec support connecting to Windows 2000 / XP. This allows Windows 2000 / XP to establish an IPsec tunnel with the RF550VPN without using the Sentinal client. Windows 2000 / XP MUST have a public static IP in order for this to work. - Added DDNS Dynamic DNS support from sites such as orgdns.org and dyndns.org. This allows static-host-name mapping to a dynamic public IP address. - Added a VPN log button in the Device Status. This option will display all the IPsec negotiation messages without having to run the Syslog server on the LAN. - Added IPSec Unique Identifier support in the IPsec setup. This feature allows Sentinel client to run behind a NAT box that supports IPsec pass-through while Sentinel is connected to a RF550VPN. Added an alert email to be sent when someone tries to login to Webadmin using the wrong username and password. Firmware Version V4.61: (Dated 3/22/2002) -------------------------------------------------------------- - Fixed the VPN status so it will show the correct status when VPN connections drop. - Fixed the login security problem. The program will not show the main screen until the correct username and password are provided. - Fixed the Remote Webadmin problem that occureed when accessing the public IP address of the Async port. - Fixed the Rlogin protocol NATTing problem. - Fixed the Virtual server problem that occurred when hosting a PPTP server on the internal network. You need to open only port 1723 instead of DMZ. - Fixed the PPPoE reconnect problem that occurred after power up or after Save & restart. - Added Uptime and Send/Receive Packets to the VPN Connections Status screen. - Added an option to configure 3DES or DES for IPSec. - Added support for PPTP client on the WAN Ethernet port. - Added support for Windows UpnP. - Added Dynamic DNS support using dyndns.org. Go to www.dyndns.org to sign up for free service. - Added URL blocking. - Added an Email Alert to be sent when users try to access blocked URL sites. - Added a logout option in the Webadmin. - Added support for multiple remote IPsec LAN-to-LAN tunnels when all are using dyanmic IP. Note: all IPsec tunnels must use the same preshare key in this case. Firmware Version V4.60: (Dated 2/2/2002) ------------------------------------------------------------ - Fixed the problem that occurred when using Nortel VPN client passthrough. - Simplified the IPSec syslog messages. - Device status page now requires a login. - Added an option to adjust the MTU value. This will fix some sending as well as sites access problems. - Changed the default Key life time = 3600 and IKE life time = 28800. - Users are now prevented from entering a Wan MAC address that is the same as the LAN MAC address. - TCP/IP connections are now increased to 256. TECHNICAL SUPPORT ----------------------------------- For technical support, you may contact your authorized Multi-Tech Systems distributor, dealer or the following Multi-Tech Systems branch offices. Country By Email By Phone France: support@multitech.fr (33) 1-64 61 09 81 India: support@multitechindia.com (91) 124 6340778 U.K.: support@multitech.co.uk (44) 118 959 7774 U.S. & Canada: support@multitech.com (800) 972-2439 Rest of World: support@multitech.com (763) 717-5863 Internet Address: http://www.multitech.com FTP Site: ftp://ftp.multitech.com COPYRIGHTS AND TRADEMARKS ---------------------------------------------------- All documents and software provided herewith are Copyright (c) 2000 Multi-Tech Systems. All rights reserved. MS, Windows, Windows 95, Windows NT are tradenames of Microsoft Corporation. Other trademarks or tradenames used herein are properties of the respective owners.