manualshive.com logo in svg

Air Live AirMax4GW, User Manual, Page: 117 / 171

Share
Download
Air Live AirMax4GW User Manual Download Page 117

4. 

Web Management 

 

 

        

AirLive AirMax4GW  User’s Manual 

113 

8. 

Authentication Protocol: 

You can choose authentication protocol as PAP, 

CHAP,  MS-CHAP,  or  MS-CHAP  v2.  The  protocol  you  choose  must  be 

supported by remote L2TP server. 

9. 

MPPE  Encryption: 

Check  the  “Enable”  box  to  activate  MPPE  encryption. 

Please note that MPPE needs to work with MS-CHAP or MS-CHAP  v2 

authentication methods. 

10. 

NAT before Tunneling

: Check the “Enable” box to let hosts in the Intranet 

of Business Security Gateway 

can go to access Internet via remote PPTP 

server. By  default,  it  is  enabled.  However,  if  you  want  the  remote  PPTP 

Server  to  monitor  the  Intranet  of  local  Business  Security  Gateway,  the 

option  can’t  be enabled. 

11. 

LCP Echo Type: 

Choose the way to do connection keep alive. By default, it 

is  “Auto”  option  that  means  system  will  automatically  decide  the  time 

interval between  two  LCP  echo  requests  and  the  times  that  system  can 

retry  once  system  LCP  echo  fails.  You  also  can  choose  “User-defined” 

option  to  define  the  time  interval  and  the  retry  times  by  yourself.  The  last 

option is “Disable”. 

12. 

Tunnel: 

Check the “Enable” box to activate the tunnel. 

 

4.2.3.5 

GRE

 

Generic Routing Encapsulation (GRE) is a tunneling protocol developed by  Cisco 

Systems that can encapsulate a wide variety of network layer protocols inside virtual 

point-to-point links over an Internet Protocol internetwork. 

 

4.2.3.5.1  GRE VPN Tunnel Scenario 

Generic Routing Encapsulation (GRE) is a tunneling protocol developed by  Cisco 

Systems that can encapsulate a wide variety of network layer protocols inside virtual 

point-to-point links over an Internet Protocol internetwork. 

 

4.2.3.5.2  GRE Configuration 

There is one common GRE VPN connection scenario as follows: 

 

 

GRE Server / Client Application 

 

The  Business  Security  Gateway  acts  as  GRE  Server  or  Client  role  in 

SMB Headquarters or Branch Office. 

 

 

Summary of Contents for AirMax4GW

Page 1: ...AirMax4GW 4G LTE Outdoor CPE with WiFi User s Manual ...

Page 2: ...isLink Corp has made the best effort to ensure the accuracy of the information in this user s guide However we are not liable for the inaccuracies or errors in this guide Please use with caution All information is subject to change without notice This product requires professional installation Please do not attempt to install the device without the necessary knowledge in regards to your country s ...

Page 3: ...2 2 Package Content 6 2 3 Knowing your AirMax4GW 6 2 4 Hardware Installation 9 2 4 1 Insert the SIM card 9 2 4 2 Connecting Power 9 2 4 3 Mount AirMax4GW 10 2 5 Restore Settings to Default 11 3 Configuring the AirMax4GW 12 3 1 Important Information 12 3 2 Prepare Your PC 12 3 3 Easy Setup by Web Interface 13 3 3 1 Wizard 14 3 4 Network Status 19 3 4 1 Networks Status 19 3 4 2 WiFi Status 21 3 4 3 ...

Page 4: ...twork 74 4 2 1 Firewall 74 4 2 2 QoS BWM 87 4 2 3 VPN Setup 95 4 2 4 Redundancy 115 4 2 5 System Management 116 4 2 6 Certificate 120 4 3 Application 128 4 3 1 Mobile Application 128 4 3 2 Captive Portal 136 4 4 System 137 4 4 1 System Related 138 4 4 2 Scheduling 143 4 4 3 Grouping 143 4 4 4 External Servers 147 4 4 5 MMI 149 5 Installing the AirMax4GW 150 5 1 Features 150 5 2 Specifications 150 ...

Page 5: ...ateway with 2 4 G wireless It can receive 3G 4G LTE signal and provide 802 11 b g n WiFi signal When installed in upright position it is rain and splash proof It features an integrated 10dBi patch antenna and 802 3at POE to simplify the installation It is an innovative product for IoT Internet of Things application ...

Page 6: ... the first 3 chapters before attempting to install the device Recommended Reading Chapter 2 Installation the AirMax4GW This chapter is about hardware installation You should read through the entire chapter Chapter 3 Configuration the AirMax4GW This Chapter is about how to configure each function of Airmax4GW 1 4 Firmware Upgrade and Tech Support If you encounter a technical issue that cannot be re...

Page 7: ...rMax4GW can be configured to operate in the following wireless operation modes 1 6 1 WDS Bridge Mode This mode is also known as WDS Pure MAC mode When configured to operate in the Wireless Distribution System WDS Mode the AirMax4GW provides bridging functions with remote LAN networks in the WDS system The system will support up to total of 8 bridges in a WDS network by daisy chain However each bri...

Page 8: ... AirMax4GW behaves like a wireless router Both the wireless and the PoE port of AirMax4GW becomes the LAN side and 3G 4G act as the WAN User can manage the AirMax4GW through the wireless or PoE port And if the remote management is opened user can also get to manage AirMax4GW via the WAN side ...

Page 9: ...ith exception of the PoE Ethernet Cable and PoE Injector You can use a good quality CAT 5E outdoor graded Ethernet cable shielded with anti UV according to the length you need The AirMax4GW must be installed in the upright position if the unit is located in outdoor or wet environments The use of 3G 4G LTE each country have its own telecom regulation for the frequency Please consult with your count...

Page 10: ...CPE device only it cannot operate in 5GHz 2 2 Package Content The AirMax4GW package contains the following items One AirMax4GW main unit User s Guide CD Quick Start Guide The PoE Ethernet cable and PoE injector is not included in the package You may choose an 802 3at PoE Injector such as PoE 48PB v2 or 802 3 at PoE switch 2 3 Knowing your AirMax4GW Below are descriptions and diagrams of the produc...

Page 11: ...Cellular Status Green AirMax4GW register on LTE Network Amber AirMax4GW register on 3G Network Red AirMax4GW does not register on cellular network 2 WLAN Green ON Wireless Radio ON Off Wireless Radio Off Flashing Data is transmitting or receiving on the wireless 3 Power ON Device is power on Off Device is power on ...

Page 12: ...2 Installing the AirMax4GW AirLive AirMax4GW User s Manual 8 Bottom View Back ...

Page 13: ...and remove the outer bottom over of AirMax 4GW and follow below instructions to insert SIM cards After SIM cards are well placed screw back the outer bottom cover 2 4 2 Connecting Power AirMax4GW is equipped with 802 3at compliant PoE port You can select AirLive PoE 48PB v2 or PoE switch such as POE GSH2004L 370 for the deployment of the PoE network environment The POE 48PB v2 and POE GSH2004L 370...

Page 14: ... the AirMax4GW AirLive AirMax4GW User s Manual 10 2 4 3 Mount AirMax4GW AirMax4GW can be mounted on wall or pole It has designed with wall mount bracket for attaching to the wall or fixing on a pole by metal rings ...

Page 15: ... 11 2 5 Restore Settings to Default If you have forgotten your AirMax4GW s IP address or password you can restore your AirMax4GW to the default settings by pressing on the reset button for more than 10 seconds The reset button is located on button of AirMax4GW ...

Page 16: ...d SSID are case sensitive The default IP address is 192 168 123 254 Subnet Mask 255 255 255 0 The default password is airlive The default wireless mode is AP Router Mode After power on please wait for 2 minutes for AirMax4GW to finish boot up 3 2 Prepare Your PC The AirMax4GW can be managed remotely by a PC through either the wired or wireless network The default IP address of the AirMax4GW is 192...

Page 17: ...C 3 3 Easy Setup by Web Interface The AirMax4GW can be configured using the web interfaces Web Management HTTP You can manage your AirMax4GW by simply typing its IP address in the web browser Most functions of AirMax4GW can be accessed by web management interface We recommend using this interface for initial configurations To begin simply enter AirMax4GW s IP address default is 192 168 123 254 on ...

Page 18: ...tep 1 Guideline The Network setup wizard will guide you to finish some basic settings including login password time zone WAN interface Ethernet LAN interface and WiFi LAN interface One EXIT button at the upper right corner of each window is provided for you to quit the setup process Press Next to start the wizard Step 2 Change Password Password configuration You can change the login password of We...

Page 19: ...gateway and insert SIM cards first Then you can select Auto Detection to finish dail up profile automatically Press Next to continue Step 5 Ethernet LAN interface LAN interface configuration Change the LAN IP address and subnet mask of this gateway for the Intranet You can keep the default setting and go to next step Press Next to continue Step 6 WiFi LAN 2 4G WiFi LAN interface configuration Chan...

Page 20: ...e IPSec PPTP L2TP or GRE Press Next to continue Step 3 1 IPSec If choosing IPSec there are five options of tunnel scenario can be chosen Site to Site is for two offices to create a VPN tunnel Site to Host is for one office to access one specific server via an IPSec tunnel Host to Site is for service agents in the device to access the intranet of an remote office via a tunnel Host to Host is for tw...

Page 21: ... set of username and password for PPTP clients In this wizard you only create one user account If you want to create more user accounts please go to Advanced Network VPN PPTP to add more users Press Next to continue Step 3 3 L2TP If choosing L2TP there are two options of mode can be chosen Choose Client if you want this device to connect to another L2TP server Or choose Server if you want other L2...

Page 22: ...o create more user accounts please go to Advanced Network VPN L2TP to add moreusers Press Next to continue Step 3 4 GRE If choosing GRE please input tunnel name IP address of remote GRE peer Key ID and choose default gateway remote subnet Please make sure these settings are accepted by peer GRE site Otherwise remote GRE peer will reject the connection Press Next to continue Step 4 Confirm and Appl...

Page 23: ... Status VPN Status and System Management Status 3 4 1 Networks Status In Network Status page you can review lots information of network status including a connection diagram WAN IPv4 status WAN IPv6 status LAN status and 3G 4G modem status You can also check the device time at the bottom of this page Connection Diagram 1 3G 4G Icon Indicates if 3G 4G and USB 3G 4G WAN connections are established o...

Page 24: ...of multiple WAN interfaces in IPv4 networking Press Edit button if you want to change settings WANInterface IPv6 Network Status Display WAN type IPv6 information and connection status of multiple WAN interfaces in IPv6 networking Press Edit button if you want to change settings LANInterfaceStatus Display IPv4 and IPv6 information of local network Press Edit button if you want to changesettings 3G ...

Page 25: ...n of device 3 4 2 WiFi Status WiFi Virtual AP List In order to view the basic information of WiFi virtual APs it will display operation band virtual AP ID WiFi activity operation mode SSID channel WiFi system WiFi security approach and MAC address of all virtual APs on status page Besides there is an additional Edit command button for each virtualAP to link to the configuration page of that dedica...

Page 26: ...command button for each virtual AP to clear the traffic statistics 3 4 3 LAN Client List In order to view the connection of current active wired wireless clients it will display LAN interface IP address configuration host name MAC address and remaining lease time of all client devices on status page 3 4 4 Firewall Status In Firewall Status page you can review lots information of filter status incl...

Page 27: ...ption can let you change its settings Another or button at the upper right corner can unfold or fold the blocked URLs Web Content Filters This window displays all fired rules and detected contents of firing activated Web content filter rules Besides the source IP address and firing time of these events are also shown there One Edit button in the Web Content Filters caption can let you change its s...

Page 28: ...e filtered applications IPS This window displays all events of firing activated rules of IPS Besides the source IP address and firing time of these events are also shown there One Edit button in the IPS caption can let you change its settings Another or button at the upper right corner can unfold or fold the intrusion events Options Display option settings of firewall 3 4 5 VPN Status In VPN Statu...

Page 29: ...tunnel status of all activated PPTP clients L2TPServerStatus Display the usage status of all activated accounts of L2TP server L2TP Client Status Display the tunnel status of all activated L2TP clients 3 4 6 System Management Status In System Management Status page you can review lots information of SNMP and TR 069 status SNMPLinkingStatus Display information of SNMP linking ...

Page 30: ...3 Configuring the AirMax4GW AirLive AirMax4GW User s Manual 26 SNMPTrapInformation Display information of SNMP traps TR 069 Status Display link status of TR 069 ...

Page 31: ...tion section you may want to check the connection status of the device to do Basic or Advanced Network setup or to check the system status These task buttons can be easily found in the cover page of the UI User Interface Enter the default password airlive in the Password and then click Login button After logging in select your language from the Language list The user manual uses English for the il...

Page 32: ...tatus Network Status after you logged in and the screen shows the Network Connection Status below You can also check status of WiFi at WiFi Status page connected clients at LAN Client List page and other advanced function status at Firewall Status page VPN Status page and System Management Status page ...

Page 33: ... equipped with one WAN Interface to support Internet connection You can configure it to get proper connection setup 3G 4G WAN The gateway has one 3G 4G3 modem built in please plug in SIM card and follow UI setting to setup Caution Please MUST POWER OFF the gateway before you insert or remove SIM card It will damage SIM card if you insert or remove SIM card during gateway is in operation Please fol...

Page 34: ...as the primary Internet connection WAN 1 please configure it with followingparameters 2 Operation Mode Since there is only one physical interface as primary WAN connection for the device its operation mode must be Always on 3 Line Speed You can specify the upstream downstream speed Mbps Kbps for the corresponding WAN connection Such information will be referred in QoS function to manage the traffi...

Page 35: ...spective specifications However if your 3G data plan is not with a flat rate it s recommended to set Connection Control mode to Connect on demand or Manually 4 1 1 2 1 3G 4G WAN 3G 4G Click on the Edit button for the 3G 4G WAN interface and you can get the detail WAN settings and then configure the settings as well 1 WAN Type Leave it be 3G 4G 1 Preferred SIM Card Choose SIM A First SIM B First SI...

Page 36: ...he Internet by using SIM B card first if choosing SIM B First However when SIM A Only or SIM B Only is used that means the specified SIM slot of card is the ONLY one to be used for negotiation parameters between gateway device and mobile base station When you select SIM A First or SIM A Only there will be a configuration window of Connection with SIM A Card beneath the 3G 4G WAN Type Configuration...

Page 37: ... preferred one 2 Country Service Provider When you choose Manual configuration option for the Dial up Profile you must select the country and service provider to retrieve related parameters from system for dialing up to connect to Internet Once system doesn t store related parameters or stores not matched parameters you must specify them one by onemanually 3 APN When you select the target country ...

Page 38: ...ansmit Unit Different WAN types of connection will have different value You can leave it with 0 Auto if you are not sure about this setting 4 NAT By default it is enabled If you disable this option there will be no NAT mechanism between LAN side and WANside 5 Network Monitoring You can do preferred settings by using this feature to monitor the connection status of WAN interface Checking mechanism ...

Page 39: ...o input IP address manually 6 IGMP Enable or disable multicast traffics from Internet You may enable as auto mode or select by the option list of IGMP v1 IGMP v2 IGMP v3 andAuto 7 WAN IPAlias The device supports 2 WAN IP addresses for a physical interface one is for primary connection that provides users devices in the LAN to access Internet the other is a virtual connection that let remote user t...

Page 40: ...ed to type new IP address in the browser to see web UI By default LAN IP Address is 192 168 123 254 2 Subnet Mask Input your subnet mask Subnet mask defines how many clients are allowed in one network or subnet The default subnet mask is 255 255 255 0 24 and it means maximum 254 IP addresses are allowed in this subnet However one of them is occupied by LAN IP address of this gateway so there are m...

Page 41: ...port VLAN tag for certain kinds of services e g IPTV to work properly In some cases SMB departments are separated and located at any floor of building All client hosts in same department should own common access property and QoS property You can select either one operation mode port based VLAN or tag based VLAN and then configure according to your network configuration Please be noted since there ...

Page 42: ...f application for the Port based VLAN tagging NAT or Bridge Tag based VLAN Tagging for Location free Departments Tag based VLAN function can group Ethernet port Port 1 and WiFi Virtual Access Points VAP 1 VAP 8 together with different VLAN tags for deploying department subnets in Intranet All packet flows can carry with different VLAN tags even at the same physical Ethernet port for Intranet These...

Page 43: ...VID is 3 can t That is visitors in Lobby and staffs in office can access Internet But ones in Lab can t since security issue Servers in Lab serve only for trusted staffs or are accessed in secure tunnels Inter VLAN Group Routing In Port based tagging administrator can specify member hosts of one VLAN group to be able to communicate with the ones of another VLAN group or not This is a communication...

Page 44: ... Edit button 1 Type Select NAT or Bridge to identify if the packets are directly bridged to the WAN port or processed by NATmechanism 2 LAN VID Specify a VLAN identifier for this port The ports with the same VID are in the same VLAN group 3 Tx TAG If you want to let Intranet packets to be inserted with a VLAN Tag for the VLAN group please check the Tx TAG box 4 DHCP Server Specify a DHCP server fo...

Page 45: ...efer to Basic Network WiFi section Afterwards click on Save to store your settings or click Undo to give up the changes 4 1 2 2 3 Tag Based VLAN The second type of VLAN is the tag based VLAN VLAN membership in a tagged VLAN is determined by VLAN information within the packet frames that are received on a port This differs from a port based VLAN where the port VIDs assigned to the ports determine V...

Page 46: ...or this VLAN group The ports with the same VID are in the same VLAN group 2 Internet Specify whether this VLAN group can access Internet or not If it is checked all the packet will be un tagged before it is forward to Internet and all the packets from Internet will be tagged with the VLAN ID before it is forward to the destination belongs to this configuring VLAN group in the Intranet 3 Port 1 VAP...

Page 47: ...wireless LAN configuration items When the wireless configuration is done your WiFi LAN is ready to support your local WiFi devices such as your laptop PC smart phone tablet wireless printer and some portable wireless devices 4 1 3 1 WiFi Configuration This device is equipped with IEEE802 11b g n 2Tx2R wireless radio you have to configure 2 4G Hz operation band s wireless settings and then activate...

Page 48: ...his mode allows you to get your wired and wireless devices connected with NAT In this mode this gateway is working as a WiFi AP but also a WiFi hotspot It means local WiFi clients can associate to it and go to Internet With its NAT mechanism all of wireless clients don t need to get public IP addresses from ISP 1 Operation Band Select the WiFi operation band that you want to configure But the devi...

Page 49: ... the same Network ID The factory default setting is default 7 SSID Broadcast The router will broadcast beacons that have some information including SSID so that wireless clients can know how many AP devices by scanning the network Therefore if this setting is configured as Disable the wireless clients can t find the device from beacons 8 WLAN Partition You can check the WLAN Partition function to ...

Page 50: ...her RADIUS server for user authentication You need to input IP address port and shared key of RADIUS server here In this mode you can only choose None or WEP in the encryption field Shared Shared key authentication relies on the fact that both stations taking part in the authentication process have the same shared key or passphrase The shared key is manually set on both the client station and the ...

Page 51: ...decimal 0 1 2 8 9 A B F digits or 8 to 63 ASCII characters as the shared key The key value is shared by the RADIUS server and this router This key value must be consistent with the key value in the RADIUS server The available encryption modes are TKIP AES or TKIP AES WPA PSK WPA2 PSK If some of wireless clients can only support WPA PSK but most of them can support WPA2 PSK You can choose this opti...

Page 52: ...s can communicate each other 1 Wireless Module Enable the wireless function 2 Wireless Operation Mode Choose WDS Only Mode from the drop list 3 Lazy Mode This device support the Lazy Mode to automatically learn the MAC address of WDS peers you don t have to input other peer AP s MAC address However not all the APs can be set to enable the Lazy mode simultaneously at least there must be one AP with...

Page 53: ...this mode you can enable 802 1x feature if you have another RADIUS server for user authentication You need to input IP address port and shared key of RADIUS server here In this mode you can only choose None or WEP in the encryption field Shared Shared key authentication relies on the fact that both stations taking part in the authentication process have the same shared key or passphrase The shared...

Page 54: ...by one Click on the Scan button to get the available AP s MAC list automatically and select the expected item and copy its MAC address to the Remote AP MAC 1 4 one by one 8 Remote AP MAC 1 Remote AP MAC 4 If you do not enable the Lazy mode you have to enter the wireless MAC address for each WDS peer one by one Afterwards click on Save to store your settings or click Undo to give up the changes 4 1...

Page 55: ...set to enable the Lazy Mode simultaneously at least there must be one AP with all the WDS peers MAC address filled 4 Green AP Enable the Green AP function to reduce the power consumption when there is no wireless traffic 5 Multiple AP Names This device supports up to 8 SSIDs for you to manage your wireless network You can select VAP 1 VAP 8 and configure each wireless network if it is required 6 T...

Page 56: ...uthentications to secure your wireless network Open Shared Auto WPA PSK and WPA2 PSK Open Open system authentication simply consists of two communications The first is an authentication request by the client that contains the station ID typically the MAC address This is followed by an authentication response from the AP router WiFi gateway containing a success or failure message An example of when...

Page 57: ...imal 0 1 2 8 9 A B F digits or 8 to 63 ASCII characters as the pre share key The available encryption modes are TKIP AES or TKIP AES In this mode you don t need additional RADIUS server for user authentication 11 Scan Remote AP s MAC List If you do not enable the Lazy mode you have to enter the wireless MAC address for each WDS peer one by one Or you can press the Scan button to get the available ...

Page 58: ...this function by checking Enable box WPS offers a safe and easy way to allow the wireless clients connected to your wireless network 2 Configuration Status This configuration status will be CONFIGURED or UNCONFIGURED CONFIGURED means WPS connection is following WiFi settings on this gateway If it s released to UNCONFIGURED the WPS connection will generate a new profile 3 Configuration Mode Select ...

Page 59: ...w IDLE STARTPROCESS or NOT USED The status is IDLE by default If you want to start a WPS connection you need to push Trigger button to change its status to STARTPROCESS Only one wireless client is allowed for each WPS connection If you want to start a WPS connection you can click on the Trigger button of this device to change the WPS status to STARTPROCESS and then initiate the WPS process on othe...

Page 60: ...tion for professional user to optimize the wireless performance under the specific installation environment 1 Operation Band Select the WiFi operation band that you want to configure But the device supports only 2 4G single WiFi band 2 Regulatory Domain Indicate number of WiFi channel It depends on regional government regulations ...

Page 61: ...into smaller units fragments to improve performance in the presence of RF interference and at the limits of RF coverage 7 WMM Capable WMM can help control latency and jitter when transmitting multimedia content over a wireless connection 8 Short GI Time setting of Guard Interval between two Wi Fi packets Decrease this time interval will increase Wi Fi data throughput But it may cause some side eff...

Page 62: ...or designated wireless area 4 1 4 IPv6 Setup The growth of the Internet has created a need for more addresses than are possible with IPv4 IPv6 Internet Protocol version 6 is a version of the Internet Protocol IP intended to succeed IPv4 which is the protocol currently used to direct almost all Internet traffic IPv6 also implements additional features not present in IPv4 It simplifies aspects of ad...

Page 63: ...address manually for Primary DNS address and secondary DNS address 2 Primary Secondary DNS Please enter IPv6 primary DNS address and secondary DNS address 3 MLD Snooping MLD snooping IPv6 multicast data is selectively forwarded to a list of ports that want to receive the data instead of being flooded to all ports in a VLAN This list is constructed by snooping IPv6 multicast control packets If nece...

Page 64: ... announcing the IP address of that interface Hosts discover the addresses of their neighboring routers simply by listening for advertisements When a host attached to a multicast link starts up it may multicast a Router Solicitation to ask for immediate advertisements rather than waiting for the next periodic ones to arrive if and only if no advertisements are forthcoming the host may retransmit th...

Page 65: ...in a VLAN This list is constructed by snooping IPv6 multicast control packets If necessary in your environment please enable thisfeature LAN Configuration 1 Global Address Please enter IPv6 global address for LAN interface 2 Link local Address To show the IPv6 Link local address of LAN interface Address Auto configuration 1 Auto configuration Disable or enable this auto configuration setting 2 Aut...

Page 66: ...n must desist from sending any more solicitations Any routers that subsequently start up or that were not discovered because of packet loss or temporary link partitioning are eventually discovered by reception of their periodic unsolicited advertisements 4 1 5 NAT Bridging This part includes NAT related settings such as NAT loopback Virtual Server Virtual Computer SpecialAP ALG and DMZ 4 1 5 1 Con...

Page 67: ... for Virtual Server A virtual server is defined as a Public Port and all requests to this port will be redirected to the computer specified by the Server IP Virtual Server can work with Scheduling Rules and give user more flexibility on Access control For the details pleaserefer to System Scheduling For example if you have an FTP server Service port 21 at 10 0 75 1 a Web server1 Service port 80 at...

Page 68: ...ature can protect Intranet from outside attacks but sometimes also blocks some applications such as SIP VoIP In this situation the NAT gateway needs to do special process ALG for each application This gateway can handle SIP ALG so you need to enable this option if you want to use SIP applications at LAN side of this gateway Some applications require multiple connections like Internet games Video c...

Page 69: ...to the schedule rule you specified By default it is always turned on when the rule is enabled 4 Rule Check this item to enable the Special AP rule 4 1 5 4 DMZ DMZ DeMilitarized Zone Host is a host without the protection of firewall It allows a computer to be exposed to unrestricted 2 way communication for Internet games Video conferencing Internet telephony and other special applications Otherwise...

Page 70: ...ction to allow packets to find proper routing path and allow different subnets to communicate with each other 4 1 6 1 Status Routing For static routing you can specify up to 32 routing rules The routing rules allow you to determine which physical interface addresses are utilized for outgoing IP data grams You can enter the destination IP address Subnet Mask Gateway and Metric for each routing rule...

Page 71: ...ermine the best possible route It will go in the direction of the gateway with the lowest metric 5 Rule Check the Enable box to enable this static routing rule 4 1 6 2 Dynamic Routing The feature of static route is for you to maintain routing table manually In addition this gateway also supports dynamic routing protocol such as RIPv1 RIPv2 OSPF BGP for you to establish routing table automatically ...

Page 72: ...rwise please select RIPv1 if you need this protocol 4 1 6 2 2 OSPF OSPF is an interior gateway protocol that routes Internet Protocol IP packets solely within a single routing domain autonomous system It gathers link state information from available routers and constructs a topology map of the network The topology determines the routing table presented to the Internet Layer which makes routing dec...

Page 73: ...f IP networks or prefixes which designate network reach ability among autonomous systems AS It is described as a path vector protocol BGP does not use traditional Interior Gateway Protocol IGP metrics but makes routing decisions based on path network policies and or rule sets For this reason it is more appropriately termed a reach ability protocol rather than routing protocol You can enable the BG...

Page 74: ...ccess your server if your WAN IP address changes all the time One way is to register a new domain name and maintain your own DNS server Another simpler way is to apply a domain name to 3 party DDNS service provider It can be free orcharged To host your server on a changing IP address you have to use dynamic domain name service DDNS Therefore anyone wishing to reach your host only needs to know the...

Page 75: ...E mail based on the DDNS provider you registered 5 Password Key Input password or key based on the DDNS provider you select Afterwards click on Save to store your settings or click Undo to give up the changes 4 1 7 2 DHCP Server 4 1 7 2 1 DHCP Server List The gateway supports 1 DHCP server to serve the DHCP requests from different VLAN groups And there is one default one whose LAN IP Address is th...

Page 76: ...quests from different VLANs 2 LAN IP Address Specify the local IP address of the enabled DHCP Server It s the LAN IP address of this gateway for DHCP 1 server Normally this IP address will be also the default gateway of local computers and devices 3 Subnet Mask Select the subnet mask for the specific DHCP n server Subnet Mask defines how many clients are allowed in one network or subnet The defaul...

Page 77: ...ssign DNS Servers 8 Primary WINS Secondary WINS Optional This feature allows you to assign WINS Servers 9 Gateway Optional Gateway address would be the IP address of an alternate Gateway This function enables you to assign another gateway to your local computer when DHCP server offers IP address For an example this gateway will assign IP address to local computers but local computers will go to In...

Page 78: ...anced network features such as Firewall QoS Bandwidth Management VPN Security Redundancy System Management and Certificate You can finish those configurations in this section 4 2 1 Firewall The firewall functions include Packet Filters URL Blocking Web Content Filters MAC Control Application Filters IPS and some firewall options ...

Page 79: ...packets are allowed or blocked to pass the router Outbound filters are applied to all outbound packets However inbound filters are applied to packets that destined to virtual servers or DMZ host port only 4 2 1 2 1 Configuration You can enable packet filter function here And select one of the two filtering policies as follows The first one is to define the black list System will block the packets ...

Page 80: ... add one new rule by clicking on the Add command button But also you can modify some existed packet filter rules by clicking corresponding Edit command buttons at the end of each filter rule in the Packet Filter List Besides unnecessary rules can be removed by checking the Select box for those rules and then clicking on the Delete command button at the Packet Filter Listcaption 4 2 1 2 3 Packet Fi...

Page 81: ... Destination IP Specify the Destination IP address of packets that want to be filtered out in the packet filter rule You can define a single IP address 4 3 2 1 or a range of IP addresses 4 3 2 20 30 A 0 0 0 0 implies all IP addresses 6 Destination Port Choose User defined Service to let you specify manually the destination service port of packets that want to be filtered out in the packet filter r...

Page 82: ...s always turned on when the rule is enabled For more details please refer to the System Scheduling menu 9 Rule Enable Check the enable box if you want to activate the rule Each rule can be enabled or disabled individually Afterwards click on Save to store your settings or click Undo to give up the changes 4 2 1 3 URL Blocking URL Blocking will block the webs containing pre defined key words This f...

Page 83: ...corner of screen one Help command let you see the on line help message about URL Blockingfunction 4 2 1 3 2 URL Blocking Rule List It is a list of all URL Blocking rules You can add one new rule by clicking on the Add command button But also you can modify some existed URL blocking rules by clicking corresponding Edit command buttons at the end of each blocking rule in the URL Blocking Rule List B...

Page 84: ...rt 80 or a range of ports 1000 1999 An empty or 0 implies all ports are used 4 Time Schedule The rule can be turn on according to the schedule rule you specified and give user more flexibility on access control By default it is always turned on when the rule is enabled For more details please refer to the System Scheduling menu 5 Rule Enable Check the enable box if you want to activate the rule Ea...

Page 85: ...dd one new rule by clicking on the Add command button But also you can modify some existed Web Content Filter rules by clicking corresponding Edit command buttons at the end of each filtering rule in the Web Content Filter List Besides unnecessary rules can be removed by checking the Select box for those rules and then clicking on the Delete command button at the Web Content Filter List caption 4 ...

Page 86: ...pecified and give user more flexibility on access control By default it is always turned on when the rule is enabled For more details please refer to the System Scheduling menu 4 Enable Check the box if you want to enable the rule Each rule can be enabled or disabled individually Afterwards click on Save to store your settings or click Undo to give up the changes 4 2 1 5 MAC Control MAC Control al...

Page 87: ... MAC address to the MAC Control Rule Configurationwindow below 4 2 1 5 2 MAC Control Rule List It is a list of all MAC Control rules You can add one new rule by clicking on the Add command button But also you can modify some existed MAC control rules by clicking corresponding Edit command buttons at the end of each control rule in the MAC Control Rule List Besides unnecessary rules can be removed ...

Page 88: ... please refer to the System Scheduling menu 4 Enable Check the box if you want to enable the rule Each rule can be enabled or disabled individually Afterwards click on Save to store your settings or click Undo to give up the changes 4 2 1 6 Application Filters Application Filters can categorize Internet Protocol packets based on their application layer data and allow or deny their passing of gatew...

Page 89: ...lways turned on when Application Filters function is enabled For more details please refer to the System Scheduling menu 4 2 1 7 IPS IPS Intrusion Prevention Systems are network security appliances that monitor network and or system activities for malicious activity The main functions of IPS are to identify malicious activity log information about this activity attempt to block stop it and report ...

Page 90: ...ss through the router like IP address port address ACK SEQ number and so on And the router will check every incoming packet to detect if this packet is valid 3 Discard PING from WAN If this feature is enabled this gateway won t reply any ICMP request packet from WAN side It means any remote host can t get response when ping to this gateway Ping is a useful command that we use to detect if a certai...

Page 91: ... transport e g low latency low data loss the entire network must ensure them via a connection service guarantee The main goal of QoS BWM Quality of Service and Bandwidth Management is prioritizing incoming data and preventing data loss due to factors such as jitter delay and dropping Another important aspect of QoS is ensuring that prioritizing one data flow doesn t interfere with other data flows...

Page 92: ...ces for each WAN interface You can choose one WAN interface to define its resources like available bandwidth of WAN connection and the number of total connection sessions The application of Flexible Bandwidth Management on the interface can also be specified here 1 Bandwidth of Upstream The maximum bandwidth of uplink in Mbps 2 Bandwidth of Downstream The maximum bandwidth of downlink in Mbps 3 To...

Page 93: ...t rule to be applied on Differentiated services can be base on 802 1p DSCP TOS VLAN ID User defined Services and Well known Services Well known services include FTP 21 SSH TCP 22 Telnet 23 SMTP 25 DNS 53 TFTP UDP 69 HTTP TCP 80 POP3 110 Auth 113 SFTP TCP 115 SNMP Traps UDP 161 162 LDAP TCP 389 HTTPS TCP 443 SMTPs TCP 465 ISAKMP 500 RTSP TCP 554 POP3s TCP 995 NetMeeting 1720 L2TP UDP 1701 andPPTP T...

Page 94: ...ox 4 2 2 2 2 QoS Rule List It is a list of all QoS rules You can add one new rule by clicking on the Add command button But also you can modify some existed QoS rules by clicking corresponding Edit command buttons at the end of each rule in the QoS Rule List Besides unnecessary rules can be removed by checking the Select box for those rules and then clicking on the Delete command button at the QoS...

Page 95: ...or the rule by their VLAN ID MAC Address IP Address Host Name or Group Object These base categories depend on product models Besides IP Address group can be defined as an IP range with an IP address and its subnet mask And Group Object is defined in the System Grouping menu But what kinds of groups to use depend on product models 3 Service There are 5 options for service including All DSCP TOS Use...

Page 96: ...r example When User defined Services is selected two more parameters Protocol Number and Service Port Range must be defined Protocol Number is either TCP or UDP or Both Finally when Well known Service is selected you can choose the well known from a list like 4 Resource There are 4 resources can be chosen to control in the QoS rule They are Bandwidth Connection Sessions Priority Queues and DiffSer...

Page 97: ...ed to select Group Control For example you define Control Function as Set Session Limitation and the limitedsessions are 2000 sessions You also define Sharing Method as Individual Control Then that means the maximum connection sessions of each selected host can t exceed 2000 sessions On the contrary changing to Group Control it means that group of client hosts totally can t use over 2000 connectio...

Page 98: ...d for inbound trafficonly Sharing Method Select Group Control Schedule Leave the default value of 0 Always as it is This rule means IP packets from all WAN interfaces to LAN IP address 10 0 75 196 10 0 75 199 which have DiffServ code points with IP Precedence 4 CS4 value will be modified by DSCP Marking control function with AF Class 2 High Drop value at any time Example 2 for adding a Connection ...

Page 99: ...tly connected to the private network while benefitting from the functionality security and management policies of the private network This is done by establishing a virtual point to point connection through the use of dedicated connections encryption or a combination of the two The tunnel technology supports data confidentiality data origin authentication and data integrity of network information ...

Page 100: ...s data is transferred between IPSec peers based on the IPSec parameters and keys stored in the SA database 4 2 3 2 1 IPSec VPN Tunnel Scenarios There are some common IPSec VPN connection scenarios as follows Site to Site The device establishes IPSec VPN tunnels with security gateway in headquarters or branch offices Either local or remote peer gateway which can be recognized by a static IP address...

Page 101: ...ng company servers all are done in a secure way through local Business Security Gateway 4 2 3 2 2 IPSes Configuration 1 IPSec You could trigger the function of IPSec VPN if you check Enable box 2 NetBIOS over IPSec If you would like two Intranets behind two Business Security Gateways to receive the NetBIOS packets from Network Neighborhood you have to check Enable box 3 NAT Traversal Some NAT rout...

Page 102: ...nel 3 Tunnel Scenario Support Site to Site Site to Host Host to Site Host to Host and Dynamic VPN Select one fromthem 4 Operation Mode Default is Always on and other options depend on product models 5 Encapsulation Protocol Default is ESP and other options depend on product models 6 Keep alive Check Enable box to keep alive the tunnel By default keep alive method is Ping IP and other options depen...

Page 103: ... Business Security Gateway goes over the IPSec VPN tunnel if these packets don t match the Remote Subnet of other IPSec tunnels That is both application data and Internet access packets land up at the VPN concentrator 4 Remote subnet The subnet of LAN site of remote Business Security Gateway It can be a host a partial subnet or the whole subnet of LAN site of remote gateway There are 5 entries for...

Page 104: ...Gateway must be the same as that of the local ID of the remote VPN peer There are also 4 types for Remote ID User Name FQDN User FQDN and Key ID 4 2 3 2 7 IKE Phase 1 Negotiation Mode Choose Main Mode or AggressiveMode Main Mode provides identity protection by authenticating peer identities when pre shared keys are used The IKE SA s are used to protect the security negotiations Aggressive mode wil...

Page 105: ...rd for valid user to initiate that tunnel 3 Dead Peer Detection This feature will detect if remote VPN peer still exists Delay indicates the interval between detections and Timeout indicates the timeout of detected to be dead 4 Phase 1 Key Life Time The value of life time represents the life time of the key which is dedicated at Phase 1 between both end gateways 4 2 3 2 8 IKE Proposal Definition T...

Page 106: ...ed DES 3DES AES auto AES 128 AES 192 and AES 256 2 Authentication There are five algorithms can be selected None MD5 SHA1 SHA2 256 and SHA2 512 3 PFS Group There are nine groups can be selected None Group 1 MODP768 Group 2 MODP1024 Group 5 MODP1536 and Group14 18 Once the PFS Group is selected in one IPSec proposal the one in other 3 IPSec proposals uses the same choice 4 Enable Check this box to ...

Page 107: ...here are five algorithms can be selected None MD5 SHA1 SHA2 256 and SHA2 512 Authentication key is used by the authentication algorithm and its length is 32 in hex format if authentication algorithm is MD5 or 40 if SHA1 However SHA2 256 uses 64 length of hex format Certainly its length will be 0 if no authentication algorithm is chosen The key value should be also set in hex formatted 4 2 3 3 PPTP...

Page 108: ...ares some services in Intranet for them PPTP L2TP Server ClientApplication The device acts as Server or Client role in SMB Headquarters or Branch Office The Business Security Gateway can behave as a PPTP server and a PPTP client at the sametime 1 PPTP Check the Enable box to activate PPTP client and server functions Client Server Choose Server or Client to configure corresponding role of PPTP VPN ...

Page 109: ...rityGateway 3 IP Pool Starting Address This device will assign an IP address for each remote PPTP client This value indicates the beginning of IP pool 4 IP Pool Ending Address This device will assign an IP address for each remote PPTP client This value indicates the end of IP pool 5 Authentication Protocol You can choose authentication protocol as PAP CHAP MS CHAP or MS CHAP v2 6 MPPE Encryption C...

Page 110: ... button 3 Account Check the Enable box to validate the user account 4 Edit You can edit one user account configuration by clicking on the Edit button at the end of each user account list 4 2 3 3 5 User Account Configuration Add or edit one user account will activate the UserAccount Configuration screen 1 User Name Enter the user name of user account 2 Password Enter the password of user account 3 ...

Page 111: ... the corresponding Edit button at the end of each existed tunnel 1 Add You can add one new PPTP client tunnel by clicking on the Add button 2 Delete Delete selected tunnels by checking the Select box at the end of each tunnel list and then clicking on the Delete button 3 Tunnel Check the Enable box to activate the tunnel 4 Edit You can edit one PPTP client tunnel configuration by clicking on the E...

Page 112: ...tions for users to choose when the PPTP tunnel is established You can choose Connect on Demand Auto Reconnect always on or Manually By default it is Auto Reconnect always on 8 Authentication Protocol You can choose authentication protocol as PAP CHAP MS CHAP or MS CHAP v2 The protocol you choose must be supported by remote PPTP server 9 MPPE Encryption Check the Enable box to activate MPPE encrypt...

Page 113: ...4 2 3 4 1 L2TP Server Configuration The Business Security Gateway can behave as a L2TP server and it allows remote hosts to access LAN servers behind the L2TP server The device can support four authentication methods PAP CHAP MS CHAP and MS CHAP v2 Users can also enable MPPE encryption when using MS CHAP or MS CHAP v2 1 L2TP Server Enable or disable L2TP serverfunction 2 L2TP over IPSec L2TP over ...

Page 114: ...2TP Server Status The user name and connection information for each connected L2TP client to the L2TP server of the Business Security Gateway will be shown in this table 1 Refresh To refresh the L2TP Server Status each 2 seconds by clicking on the Refresh button 2 Disconnect To terminate the connection between L2TP server and remote dialing in L2TP clients by clicking on the Disconnect button 4 2 ...

Page 115: ... the Intranet of Business Security Gateway can access LAN servers behind the L2TP server L2TP Client Configuration Enable or disable L2TP client function 4 2 3 4 6 L2TP Client List Status You can add new up to 22 different L2TP client tunnels by clicking on the Add button and modify each tunnel configuration by clicking on the corresponding Edit button at the end of each existed tunnel 1 Add You c...

Page 116: ...re When Default Gateway is chosen all traffic from Intranet of Business Security Gateway goes over this L2TP tunnel if these packets don t match the Peer Subnet of other L2TP tunnels There is only one L2TP tunnel to own the Default Gateway property However when Peer Subnet is chosen peer subnet parameter needs to be filled and it should be the LAN subnet of remote L2TP server If an Intranet packet...

Page 117: ...ecide the time interval between two LCP echo requests and the times that system can retry once system LCP echo fails You also can choose User defined option to define the time interval and the retry times by yourself The last option is Disable 12 Tunnel Check the Enable box to activate thetunnel 4 2 3 5 GRE Generic Routing Encapsulation GRE is a tunneling protocol developed by Cisco Systems that c...

Page 118: ...ress of remote peer that you want to connect 5 Key Enter the password to establish GRE tunnel with remote host 6 TTL Time To Live for packets The value is within 1 to 255 If a packet passes number of TTL routers and still can t reach the destination then this packet will be dropped 7 Default Gateway Peer Subnet You can choose Default Gateway option or Peer Subnet option here When Default Gateway i...

Page 119: ...of multiple routers i e master and backup routers acting as a group The default gateway of a participating host is assigned to the virtual router instead of a physical router If the physical router that is routing packets on behalf of the virtual router fails another physical router is selected to automatically replace it The physical router that is forwarding packets at any given time is called t...

Page 120: ... with CLI and UPnP You can finish those configurations in this sub section 4 2 5 1 TR 069 TR 069 Technical Report 069 is a Broadband Forum technical specification entitled CPE WAN Management Protocol CWMP It defines an application layer protocol for remote management of end user devices like this gateway device As a bidirectional SOAP HTTP based protocol it provides the communication between custo...

Page 121: ...ers have the task of monitoring or managing a group of hosts or devices on a computer network Each managed system executes at all times a software component called an agent which reports information via SNMP to the manager SNMP agents expose management data on the managed systems as variables The protocol also permits active management tasks such as modifying and applying a new configuration throu...

Page 122: ...NMP protocol 3 SNMP Version Supports SNMP V1 and V2c 4 Get Community The community of GetRequest that this device will respond This is a text password mechanism that is used to weakly authenticate queries to agents of managed network devices 5 Set Community The community of SetRequest that this device will accept 6 Trap Event Receiver 1 4 Enter the IP addresses or Domain Name of your SNMP Manageme...

Page 123: ...I also known as command line user interface console user interface and character user interface CUI is a means of interacting with a computer program where the user or client issues commands to the program in the form of successive lines of text command lines The interface is usually implemented with a command line shell which is a program that accepts commands as text input and converts commands ...

Page 124: ...rrect If the signature is valid and the person examining the certificate trusts the signer then they know they can use that key to communicate with its owner In a typical public key infrastructure PKI scheme the signer is a certificate authority CA usually a company such as VeriSign which charges customers to issue certificates for them In a web of trust scheme the signer is either the key s owner...

Page 125: ... other certificates Local Certificate is generated in this router it can be self signed by its Root CAor just generate a Certificate Signing Request CSR which can be signed by another external Root CA 4 2 6 1 1 Root CA The device can serves as the Root CA Root CA can sign local certificate when generate by selected self signed or the Certificate Signing Request CSR You can generate it by clicking ...

Page 126: ...nt whom the certificate authority belongs to Common Name CN The common name for certificate authority It s important as the common name for certificate authority E mail The email address of a contact for the certificate authority 4 Validity The expiration date There are four time period can be selected 3 years 5 years 10 years 20 years After successful generating the root CA you also can delete it...

Page 127: ...s located State ST The state where the certificate is located Location L The city where the certificate is located Organization O The company whom the certificate belongs to Organization Unit OU The company department whom the certificate belongs to Common Name CN The common name for certificate It s important as the common name for certificate E mail The email address of a contact for the certifi...

Page 128: ...ificate Trusted Certificates include Trusted CACertificate List and Trusted Client Certificate List The Trusted CA Certificate List which places the external trusted CA The Trusted Client Certificate List which place the certificates what you trust 4 2 6 2 1 Trusted CA Certification List The device can let you import the certificate of trusted external CA by clicking on the Import button There are...

Page 129: ...er successful importing the trusted external CA you also can delete it by checking the Select box and clicking on the Delete button You can view its PEM codes by checking the View button You can download the trusted CAfile by clicking on the Download button ...

Page 130: ...uer and valid to You can import one trusted external client certificate by clicking on the Import button There are two approaches to import it One is from a file and another is copy paste the PEM codes in Web UI and then click on the Apply button You also can delete one trusted client certificate by checking corresponding Select box and clicking on the Delete button You can view its PEM codes by c...

Page 131: ...icated by the root CA of the device you can issue the request here and let Root CA sign it There are two approaches to issue it One is from a file and another is copy paste the CSR codes in Web UI and then click on the Sign button After signing the Issuer information can be show which is Root ca subject You also can view its PEM codes by checking the View button and download the issued certificate...

Page 132: ...lso provide the SMS USSD Network Scan and Remote Management by SMS Besides it also serves as an Internet access gateway Any client host in the Intranet wants to surf the Internet the device will redirect the Internet surfing request to an external captive portal Web server for user authentication If the authentication is successful the requested client host will be allowed to access Internet by th...

Page 133: ...s gateway 1 Physical Interface Indicate which 3G LTE modem is used for SMS feature 2 SMS Indicate which SIM card is used for SMSfeature 3 SMS Storage Select storage for SMS message This gateway only supports SIM Card Only for SMS storage This gateway can forward received SMS message automatically Press Add to add new rule ...

Page 134: ...il Or enter the IP address of syslog server if choosing BySyslog 4 Enable Enable this rule SMSSummary 1 Unread SMS Indicate number of unread SMSmessage 2 Received SMS Indicate number of total received SMS message 3 Remaining SMS Indicate number of new message can be received because of SMS storage limit Create New SMS Message You can create a new SMS message on this page After finishing the conten...

Page 135: ... used by GSM cellular telephones to communicate with the service provider s computers USSD can be used for prepaid callback service mobile money services location based content services and as part of configuring the phone on the network USSD Configuration You can compose a USSD message and sends it to the service provider where it is received by a computer dedicated to USSD The answer from this c...

Page 136: ...ile Configuration 1 Profile Name Indicate name of this profile 2 USSD Command Type USSD command of thisprofile 3 Comments Add comments for this profile Send USSDCommand You can select USSD command from existed profile or type command manually Then press Send button to send out USSD command 4 3 1 3 Network Scan This part is for 3G LTE cellular network scan Usually this part would be done automatica...

Page 137: ...nually press Scan button to scan cellular network nearby in your environment and select one network provider to apply by clicking on the Apply button Note Incorrect setting here may cause 3G LTE connection problems 4 3 1 4 Remote Management This part is for remote management functions that are done by text SMS Short Message Service Users can send certain SMS to this gateway to activate some action...

Page 138: ...ng occupied continuously If SIM storage is full this gateway can t receive any new SMS 6 Security Key This security key will be used for authentication when this gateway receives SMS command Users need to type this key first and then followed by a command There should be a blank between key and command e g 1234 reboot If this field is empty users just need to type command without adding any key in...

Page 139: ...ct to start WAN connection 3 Disconnect Enable it and you can send command disconnect to disconnect WAN connection Note If this gateway receives disconnect command from SMS it won t try to connect again no matter WAN connection mode is set to auto reconnect 4 Reconnect Enable it and you can send command reconnect to disconnect WAN connection and start WAN connection againimmediately 5 Reboot Enabl...

Page 140: ...ifications when enable thisoption 2 Phone 1 5 For security concern this gateway won t deal with the command if that phone number is not in the list even the security key is correct The phone number must be with the international prefix i e 886939123456 You can also assign specific phone number can send command and or also can receive notifications 4 3 2 Captive Portal Captive Portal Configuration ...

Page 141: ... you can see system related information and system logs use system tools for system update and do some network tests About Scheduling you can define some time scheduling rules here to be applied at various applications in the device system Whatever one application needs a time schedule like the Work Hours is defined as AM8 00 PM5 00 from Monday to Friday the time schedule object can be defined in ...

Page 142: ...ice by using Web UI System Tools support system time configuration FW upgrading system rebooting system resetting to default waking on LAN and configuration settings backup You also can check the system information and system status log here 4 4 1 1 Change Password You can change the System Password here We strongly recommend you to change the system password for security reason Click on Save to s...

Page 143: ...again here It must be the same as the one in New Password otherwise an error message will be shown out 4 4 1 2 System Information You can view the System Information in this page It includes the WAN Type Display Time and Modem Information But the modem information will be existed only at the models with embedded modems likeADSLmodem and 3G LTE modem 4 4 1 3 System Status You can view the System Lo...

Page 144: ...with If you do not specify port number the default value is 25 E mail Addresses The recipients are the ones who will receive these logs You can assign more than 1 recipient by using or to separate these email addresses E mail Subject The subject of email alert is optional 4 Email Now A command button to let you email out current web logs right now instead of the email alert period 4 4 1 4 System T...

Page 145: ...to get system date and time after you click on the button The last way is Sync with my PC Click on the button to let system synchronizes its date and time to the ones of the configuration PC 2 FW Upgrade If new firmware is available you can upgrade router firmware through the WEB GUI here After clicking on the FW Upgrade command button you need to specify the file name of new firmware by using Bro...

Page 146: ...oute button A test result window will appear beneath it There is a Close command button there can let the test result windows disappear 5 Reboot You can also reboot this device by clicking the Reboot button 6 Reset to Default You can also reset this device to factory default settings by clicking the Reset button 7 Wake on LAN Wake on LAN WOL is an Ethernet networking standard that allows a compute...

Page 147: ...e of Rule Policy and set the schedule time Week day Start Time and End Time In a schedule rule it collects 8 time periods to organize it You also can specify the rule is to define the enable timing Inactive except the selected days and hours below or disable timing Active except the selected days and hours below Afterwards click save to store your settings or click Undo to give up the changes 4 4 ...

Page 148: ... But also you can modify some existed host groups by clicking corresponding Edit command buttons at the end of each group record in the Host Group List Besides unnecessary groups can be removed by checking the Select box for those groups and then clicking on the Delete command button at the Host Group Listcaption 1 Add Click on the button to add one hostgroup 2 Delete Click on the button to delete...

Page 149: ...le Extension Group List File Extension Group List can show the list of all file extension groups and their member lists and bound services in this window You can add one new grouping rule by clicking on the Add command button But also you can modify some existed file extension groups by clicking corresponding Edit command buttons at the end of each group record in the File Extension Group List Bes...

Page 150: ...plication Grouping 4 4 3 4 1 L7 Application Group List L7 Application Group List can show the list of all file extension groups and their member lists and bound services in this window You can add one new grouping rule by clicking on the Add command button But also you can modify some existed file extension groups by clicking corresponding Edit command buttons at the end of each group record in th...

Page 151: ...he Join button 5 Group Check the Enable box to activate the group definition 4 4 4 External Servers This device supports six types of external server objects to be created They are Email Server objects Syslog Server objects RADIUS Server objects Active Directory Server objects LDAP Server objects and UAM Server objects These objects can be used in other applications of system like system log email...

Page 152: ...of external serverobject 2 Server IP FQDN Specify the IP address or domain name of external server 3 Server Port Specify the service port of externalserver 4 Server Type Select one server type from the option list of Email Server Syslog Server RADIUS Server Active Directory Server LDAP Server and UAM Server Based on your selection there are several parameters need to specify When you select Email ...

Page 153: ...4 Web Management AirLive AirMax4GW User s Manual 149 4 4 5 MMI 4 4 5 1 Web UI You can set UI administration time out duration in this page If the value is 0 means the time out is unlimited ...

Page 154: ...2T2R with 10 dBi directional Antenna Fully protocol stack for both IPv4 and IPv6 VPN supported QoS and Bandwidth management SNMP Web and TR069 SMS for administrator to manage system 802 3at PoE Powered 5 2 Specifications Chipset MDM9225 3G 4G MTK RT5592 WiFi WAN Embedded LTE Module with 2 SIM slot LTE Band 800 900 1800 2600MHz 3G Band 900 2100Mhz LAN Port 10 100 1000M Auto MDI MDI X UTP Port x 1 A...

Page 155: ...ocking Web Content Filter MAC Address Control Application Filter QoS and Band Width Management VPN Tunneling IPSec PPTP L2TP GRE VPN L2TP Over IPSec VPN Scenario Site to Site Site to Host Host to Site Host to Host Dynamic VPN Redundancy VRRP Captive Portal Status Statistics Scheduling FW upgrade Backup Restore Setting Management Web Telnet SNMP SMS TR 069 WiFi Output Power EIRP ETSI 2 4GHz 19 1dBm...

Page 156: ...alling the AirMax4GW AirLive AirMax4GW User s Manual 152 Storage 40 85 Humidity Operating 10 90 Non Condensing Storage max 95 Non Condensing Certification CE Dimension 130 x 302 x 51 mm Product Weight 1120 g ...

Page 157: ... to build larger non interfering networks However the 802 11a deliver shorter distance at the same output power when comparing to 802 11g 802 3ad 802 3ad is an IEEE standard for bonding or aggregating multiple Ethernet ports into one virtual port also known as trunking to increase the bandwidth 802 3af This is the PoE Power over Ethernet standard by IEEE committee 803 af uses 48V POE standard that...

Page 158: ...ction required to operate WiFi devices in 5GHz for EU 802 11i The IEEE standard for wireless security 802 11i standard includes TKIP CCMP and AES encryption to improve wireless security It is also know as WPA2 802 11n The IEEE 802 11 standard improves network throughput over 802 11a and 802 11g with a significant increase in the maximum data rate from 54 Mbps to 600 Mbps 802 11n standardized suppo...

Page 159: ...ctions comparing to wireless routers ACK Timeout Acknowledgement Timeout Windows When a packet is sent out from one wireless station to the other it will waits for an Acknowledgement frame from the remote station The station will only wait for a certain amount of time this time is called the ACK timeout If the ACK is NOT received within that timeout period then the packet will be re transmitted re...

Page 160: ...e can be used in Point to Point or Point to Multipoint topology Bridge Infrastructure works with AP mode to form a star topology Cable and Connector Loss During wireless design and deployment it is important to factor in the cable and connector loss Cable and connector loss will reduce the output power and receiver sensitivity of the radio at connector end The longer the cable length is the more t...

Page 161: ...omputer logs onto the network it automatically gets an IP address assigned to it by DHCP server A DHCP server can either be a designated PC on the network or another network device such as a router DMZ Demilitarized Zone When a router opens a DMZ port to an internal network device it opens all the TCP UDP service ports to this particular device The feature is used commonly for setting up H 323 VoI...

Page 162: ...router or gateway Firewalls can prevent unrestricted access into a network as well as restricting data from flowing out of a network Firmware The program that runs inside embedded device such as router or AP Many network devices are firmware upgradeable through web interface or utility program FTP File Transfer Protocol A standard protocol for sending files between computers over a TCP IP network ...

Page 163: ...otocol to report IP multicast memberships to neighboring multicast switches and routers IGMP snooping is a feature that allows an Ethernet switch to listen in on the IGMP conversation between hosts and routers A switch support IGMP snooping has the possibility to avoid multicast traffic being treated as broadcast traffic therefore reducing the overall traffic on the network Infrastructure Mode A w...

Page 164: ...eature to work MAC Media Access Control MAC address provides layer 2 identification for Networking Devices Each Ethernet device has its own unique address The first 6 digits are unique for each manufacturer When a network device have MAC access control feature only the devices with the approved MAC address can connect with the network Mbps Megabits Per Second One million bits per second a unit of ...

Page 165: ...roducts POE Power over Ethernet A standard to deliver both power and data through one single Ethernet cable UTP STP It allows network device to be installed far away from power ource A POE system typically compose of 2 main component DC Injector Base Unit and Splitter Terminal Unit The DC injector combines the power and data and the splitter separates the data and power back A PoE Access Point or ...

Page 166: ...te Control Ethernet switches function to control the upstream and downstream speed of an individual port Rate Control management uses Flow Control to limit the speed of a port Therefore the Ethernet adapter must also have the flow control enabled One way to force the adapter s flow control on is to set a port to half duplex mode RADIUS Remote Authentication Dial In User Service An authentication a...

Page 167: ...r signal than 80dB For outdoor connection signal stronger than 60dB is considered as a good connection RTS Request To Send A packet sent when a computer has data to transmit The computer will wait for a CTS Clear To Send message before sending data RTS Threshold RTS Request to Send The RTS CTS clear to send packet will be send before a frame if the packet frame is larger than this value Lower this...

Page 168: ...VPN is also known as Web VPN The HTTPS and SSH management interface use SSL for data encryption Subnet Mask An address code mask that determines the size of the network An IP subnet are determined by performing a BIT wise AND operation between the IP address and the subnet mask By changing the subnet mask you can change the scope and size of a network Subnetwork or Subnet Found in larger networks ...

Page 169: ...f necessary In Static Turbo the channel binding is always on This protocol may be combined with Super A model to increase the performance even more The used of channel binding might be prohibited in EU countries TX Output Power Transmit Output Power The TX output power means the transmission output power of the radio Normally the TX output power level limit for 2 4GHz 11g b is 20dBm at the antenna...

Page 170: ...ess connection that is connected to the Internet side of the network topology WEP Wired Equivalent Privacy A wireless encryption protocol WEP is available in 40 bit 64 bit 108 bit 128 bit or 152 bit Atheros proprietary encryption modes Wi Fi Wireless Fidelity An interoperability certification for wireless local area network LAN products based on the IEEE 802 11 standards The governing body for Wi ...

Page 171: ...ndard to prioritize traffic for multimedia applications The WMM prioritize traffic on Voice over IP VoIP audio video and streaming media as well as traditional IP data over the AP WMS Wireless Management System An utility program to manage multiple wireless AP Bridges WPA Wi Fi Protected Access It is an encryption standard proposed by WiFi for advance protection by utilizing a password key TKIP or...

Reviews:

No comments