1 Fundamental Configuration

Profiles the characteristics and functions of the security gateway and firewall. Basic VPN configuration includes introduction to user-defined interfaces (CLIs), system maintenance and management, auto detect configuration, HWPing configuration, SNMP configuration, RMON configuration, BIMS configuration, terminal service, Modem configuration and interface configuration. In the user-defined interface section, we discuss configuration environment setup, CLI characteristics and basic configurations. In the system maintenance and management section, we describe logs and debugging information center, file system and file operation, user interface, user management system and NTP configuration. In SNMP configuration section, we present the settings required when the security gateway/firewall serves as NMS agent. In the terminal service section, we list the access methods of the Console terminals which can be accessed into the security gateway and firewall. The interface configuration section involves the configuration of several types of physical and logical interfaces on the security gateway and firewall.

2 User Access

Gives several approaches for user access into the security gateway/firewall, including PPP configuration, PPPoE configuration and VLAN configuration. In PPPoE configuration section, we present PPPoE server configuration and PPPoE client configuration.

3 Network Layer Protocol

Includes overview and configuration of IP address, IP application configuration, IP performance configuration and IP unicast policy routing configuration, as well as the configuration when the security gateway/firewall serves as DHCP server, DHCP client, and DHCP relay configuration, BOOTP configuration, UDP Helper configuration.

4 Routing Protocol

Introduces overview and configuration of IP unicast routing protocols, including for static routes, RIP, OSPF, BGP, and routing policy.

5 MPLS

Introduces the basic principle and application, and the configuration of MPLS basic functions.

6 VPN

Focuses on technical principles and application categories of VPNs. The configuration details include L2TP and GRE configuration, dynamic VPN configuration, IPsec and IKE configuration. This part also briefs the configuration of BGP/MPLS VPN.

7 Security

Describes the configuration on hierarchical command protection, RADIUS/HWTACACS-based AAA, packet filtering firewall, ASPF and NAT, SSL and PKI, transparent firewall, hybrid mode, object-oriented management, Web and E-mail filtering, attack prevention and packet statistics, IDS cooperation, log maintenance, as well as ACL.

8 Reliability

Focuses on technical principles and configuration of VRRP and dual-system hot backup.

9 QoS

Presents the configuration for traffic classification, traffic policing and traffic shaping, congestion management, congestion avoidance and MPLS QoS. The congestion management configuration includes that for such queuing mechanisms as FIFO, PQ, CQ, WFQ, CBQ and RTPQ.

10 Appendix

Lists abbreviations and acronyms involved in this manual.