background image

Industry Cellular Gateway

 

 

get “user name”, “password” and server’s global IP. In addition, it is required to identify the operation mode 

for each tunnel as main  connection, failover for another tunnel, or load balance tunnel to increase overall 

bandwidth. It needs to decide “Default Gateway” or “Remote Subnet” for packet flow. Moreover, you can also 

define what kind of traffics will pass through the PPTP tunnel in the “Default Gateway / Remote Subnet” 

parameter.  

Besides, for the PPTP client peer, a Remote 

Subnet item is required. It is for the Intranet of 

PPTP  server  peer. So, at PPTP  client peer, the 

packets whose destination is in the dedicated 

subnet will be transferred via the PPTP tunnel. 

Others will be transferred based on current 

routing policy of the gateway at PPTP  client 

peer. But, if you entered 0.0.0.0/0 in the 

Remote Subnet field, it will be treated as a 

"Default Gateway"  setting for the PPTP client 

peer,  all packets, including the Internet 

accessing of PPTP client peer,  will  go through 

the established PPTP  tunnel.  That means the 

remote  PPTP  server  peer  controls the flow  of 

any packets from the PPTP client peer. Certainly, those packets come through the PPTP tunnel. 
 
 

 

 

251 

 

Summary of Contents for IOG761

Page 1: ...Industry Cellular Gateway IOG761 0TV21 User Manual ...

Page 2: ...re Installation 17 1 6 1 Mount the Unit 17 1 6 2 Insert the SIM Card 17 1 6 3 Connecting Power 18 1 6 4 Connecting DI DO Devices 19 1 6 5 Connecting Serial Devices 20 1 6 6 Connecting to the Network or a Host 20 1 6 7 Setup by Configuring WEB UI 21 Chapter 2 Basic Network 22 2 1 WAN Uplink 22 2 1 1 Physical Interface 23 2 1 2 Internet Setup 28 2 1 3 Load Balance 59 2 2 LAN VLAN 64 2 2 1 Ethernet L...

Page 3: ... 2 6 3 Routing Information 137 2 7 DNS DDNS 138 2 7 1 DNS DDNS Configuration 138 2 8 QoS 142 2 8 1 QoS Configuration 142 2 9 Redundancy 151 2 9 1 VRRP 151 Chapter 3 Object Definition 154 3 1 Scheduling 154 3 1 1 Scheduling Configuration 154 3 2 User not supported 156 3 3 Grouping 157 3 3 1 Host Grouping 157 3 4 External Server 159 3 5 Certificate 162 3 5 1 Configuration 162 3 5 2 My Certificate 16...

Page 4: ...5 1 3 L2TP 242 5 1 4 PPTP 250 5 1 5 GRE 257 5 2 Firewall 261 5 2 1 Packet Filter 261 5 2 2 URL Blocking 266 5 2 3 MAC Control 270 5 2 4 Content Filter not supported 273 5 2 5 Application Filter not supported 274 5 2 6 IPS 275 5 2 7 Options 279 Chapter 6 Administration 283 6 1 Configure Manage 283 6 1 1 Command Script 284 6 1 2 TR 069 288 6 1 3 SNMP 293 6 1 4 Telnet SSH 304 6 2 System Operation 308...

Page 5: ...1 1 Data Usage 332 7 1 2 SMS 335 7 1 3 SIM PIN 338 7 1 4 USSD 342 7 1 5 Network Scan 345 7 2 Event Handling 347 7 2 1 Configuration 349 7 2 2 Managing Events 358 7 2 3 Notifying Events 361 Chapter 8 Status 364 8 1 Dashboard not supported 364 8 2 Basic Network 365 8 2 1 WAN Uplink Status 365 8 2 2 LAN VLAN Status 371 8 2 3 WiFi Status 372 8 2 4 DDNS Status 375 8 3 Security 376 8 3 1 VPN Status 376 ...

Page 6: ...teway 8 4 2 Log Storage Status 386 8 5 Statistics Report 387 8 5 1 Connection Session 387 8 5 2 Network Traffic not supported 388 8 5 3 Device Administration 389 8 5 4 Cellular Usage 390 Appendix A GPL WRITTEN OFFER 391 6 ...

Page 7: ... powerful features for complex and demanding business and M2M Machine to Machine applications The redundancy design in fallback 9 48 VDC power terminal dual SIM cards and VRRP function makes the device as a back up in power network connection and data transmission without lost Main Features Provide various and configurable WAN connection Support dual SIMs for the redundant wireless WAN connection ...

Page 8: ... Description Contents Quantity 1 IOG761 0TV21 Industry Cellular Gateway 1pcs 2 Cellular Antenna 2pcs 3 WiFi Antenna 2pcs 4 Power Adapter DC 12V 2A 1 1pcs 5 8 Pin Terminal Block 1pcs 6 CD Manual 1pcs 7 DIN Rail Bracket 1pcs 1 The maximum power consumption of IOG761 series product is 15 5W 8 ...

Page 9: ... easy way to resort the default setting Press the RESET button continuously for 6 seconds and then release it The device will restore to factory default settings Reset Button USB Port RS 232 485 Port LED Indicators 3G 4G Aux Antenna Auto MDI MDIX RJ45 Ports 4x FE LAN to connect local devices Console Port 3G 4G Main Antenna 9 ...

Page 10: ...Industry Cellular Gateway Bottom View Left View SIM B Slot SIM A Slot 2 4GHz WiFi Antenna 2 4GHz WiFi Antenna Power Terminal Block PWR1 GND PWR2 GND DI DI DO DO 10 ...

Page 11: ...Industry Cellular Gateway Right View LED Indicators xDSL Port 11 ...

Page 12: ...d A is used SIM B Green Steady ON SIM card B is used LAN 1 LAN 4 Green Steady ON Ethernet connection of LAN is established Flash Data packets are transferred High Cellular Signal Green Steady ON The cellular signal strength is strong Low Cellular Signal Green Steady ON The cellular signal strength is weak USB Green Steady ON If USB device is attached Serial Port Green Steady ON If serial device is...

Page 13: ...ting system An installed Ethernet adapter Browser Requirements Internet Explorer 6 0 or higher Chrome 2 0 or higher Firefox 3 0 or higher Safari 3 0 or higher 1 5 2 WARNING Only use the power adapter that comes with the package Using a different voltage rating power adaptor is dangerous and may damage the product Do not open or repair the case yourself If the product is too hot turn off the power ...

Page 14: ...ace temperature for the metallic enclosure can be very high Especially after operating for a long time installed at a closed cabinet without air conditioning support or in a high ambient temperature space DO NOT touch the hot surface with your fingers while servicing 14 ...

Page 15: ... 915 MHz Downlink 925 960 MHz E GSM Uplink 880 915 MHz Downlink 925 960 MHz 33 2 dBm DCS Uplink 1710 1785 MHz Downlink 1805 1880 MHz 30 2 dBm 1 b Frequency Band for Cellular Connection for EC25 E version Band number Operating Frequency Max output power LTE FDD BAND 1 Uplink 1920 1980 MHz Downlink 2110 2170 MHz 23 1 dBm LTE FDD BAND 3 Uplink 1710 1785 MHz Downlink 1805 1880 MHz 23 0 dBm LTE FDD BAN...

Page 16: ...perating Frequency Max output power WCDMA BAND 1 Uplink 1922 4 1977 6 MHz Downlink 2112 4 2167 6 MHz 22 47 dBm WCDMA BAND 8 Uplink 882 4 912 6 MHz Downlink 927 4 957 6 MHz 22 48 dBm E GSM Uplink 880 2 914 8 MHz Downlink 925 2 959 8 MHz 32 1 dBm DCS Uplink 1710 2 1784 8 MHz Downlink 1805 2 1879 8 MHz 28 9 dBm 1 d Frequency Band for WiFi Connection Band Operating Frequency Max Output Power EIRP 2 4G...

Page 17: ... bracket on the product first 1 6 2 Insert the SIM Card WARNING BEFORE INSERTING OR CHANGING THE SIM CARD PLEASE MAKE SURE THAT POWER OF THE DEVICE IS SWITCHED OFF The SIM card slots are located at the bottom side of IOG761 housing You need to unscrew and remove the outer SIM card cover before installing or removing the SIM card Please follow the instructions to insert a SIM card After SIM card is...

Page 18: ...TRIAL GRADE POWER SUPPLY FOR POWERING UP THE DEVICE For the dual power supply design on PWR1 and PWR2 the primary backup power mode is implemented If there is only one power source no matter it is connected to PWR1 or PWR2 the device can be powered up with the power source However if there are two power sources available and connected to both PWR1 and PWR2 simutaneously the device will choose PWR1...

Page 19: ...se refer to following specification to connect DI and DO devices Mode Specification Digital Input Trigger Voltage high Logic level 1 5V 30V Normal Voltage low Logic level 0 0V 2 0V Digital Output Voltage Relay Mode Depends on external device maximum voltage is 30V Maximum Current 1A Example of Connection Diagram DO DO DI DI 19 ...

Page 20: ...work or a Host The IOG761 series provides four RJ45 ports to connect 10 100Mbps Ethernet It can auto detect the transmission speed on the network and configure itself automatically Connect the Ethernet cable to the RJ45 ports of the device Plug one end of an Ethernet cable into your computer s network port and the other end into one of the LAN ports on the front panel If you need to configure or t...

Page 21: ...me and password and then click Login button The default setting for both username and password is admin 7 6 The default LAN IP address of this gateway is 192 168 123 254 If you change it you need to type the new IP address 7 For security consideration you are strongly recommended to change the login username and password from default values Refer to Section 6 1 2 for how to change the setting 21 ...

Page 22: ...evices dial in ISPs and then link to the Internet via different kinds of transmit media So the WAN Connection lets you specify the WAN Physical Interface WAN Internet Setup and WAN Load Balance for Intranet to access Internet For each WAN interface you must specify its physical interface first and then its Internet setup to connect to ISP Besides since the gateway has multiple WAN interfaces you c...

Page 23: ... Interface List window shows all the available physical interfaces After clicking on the Edit button for the interface in Physical Interface List window the Interface Configuration window will appear to let you configure a WAN interface Physical Interface Ethernet WAN The gateway has one or more RJ45 WAN ports that can be configured to be WAN connections You can directly connect to external DSL mo...

Page 24: ...en its primary WAN connection is broken the backup connection will be started up to substitute the primary connection As shown in the diagram WAN 2 is backup WAN for WAN 1 WAN 1 serves as the primary connection with operation mode Always on WAN 2 won t be activated until WAN 1 disconnected When WAN 1 connection is recovered back with a connection it will take over data traffic again At that time W...

Page 25: ...le checkbox is activated it can allow the Failover interface to be connected continuously from system booting up Failover WAN interface just keeps connecting without data traffic The purpose is to shorten the switch time during failover process So when primary connection is disconnected failover interface will take over the data transfer mission instantly by only changing routing path to the failo...

Page 26: ...erface Configuration Interface Configuration Item Value setting Description Physical Interface 1 A Must fill setting 2 WAN 1 is the primary interface and is factory set to Always on Select one expected interface from the available interface dropdown list Depending on the gateway model Disable and Failover options will be available only to multiple WAN gateways WAN 2 WAN 4 interfaces are only avail...

Page 27: ...n select the primary or the existed secondary WAN interface to switch Failover from Note for WAN 1 only Always on option is available VLAN Tagging Optional setting Check Enable box to enter tag value provided by your ISP Otherwise uncheck the box Value Range 1 4095 Note This feature is NOT available for 3G 4G WAN connection 27 ...

Page 28: ...Configuration and related configuration windows for each WAN type For the Internet setup of each WAN interface you must specify its WAN type of physical interface first and then its related parameter configuration for that WAN type After clicking on the Edit button of a physical interface in Internet Setup List window the Internet Connection Configuration window will appear to let you specify whic...

Page 29: ...his option if ISP provides a fixed IP to you when you subsribe the service Usually is more expensive but very importat for cooperate requirement Dynamic IP The assigned IP address for the WAN by a DHCP server is different every time It is cheaper and usually for consumer use PPP over Ethernet As known as PPPoE This WAN type is widely used for ADSL connection IP is usually different for every dial ...

Page 30: ... Enter the host name provided by your Service Provider ISP Registered MAC Address An optional setting Enter the MAC address that you have registered with your service provider Or Click the Clone button to clone your PC s MAC to this field Usually this is the PC s MAC address assigned to allow you to connect to Internet WAN Type Static IP When you select it Static IP WAN Type Configuration will app...

Page 31: ...S IP address given by your Service Provider WAN Type PPPoE When you select it PPPoE WAN Type Configuration will appear Items and setting is explained below PPPoE WAN Type Configuration Item Value setting Description PPPoE Account A Must filled setting Enter the PPPoE User Name provided by your Service Provider PPPoE Password A Must filled setting Enter the PPPoE password provided by your Service P...

Page 32: ...t filled setting Enter the WAN subnet mask given by your Service Provider WAN Gateway A Must filled setting Enter the WAN gateway IP address given by your Service Provider When Dynamic IP is selected there are no above settings required Server IP Address Name A Must filled setting Enter the PPTP server name or IP Address PPTP Account A Must filled setting Enter the PPTP username provided by your S...

Page 33: ... the WAN gateway IP address given by your Service Provider When Dynamic IP is selected there are no above settings required Server IP Address Name A Must filled setting Enter the L2TP server name or IP Address L2TP Account A Must filled setting Enter the L2TP username provided by your Service Provider L2TP Password A Must filled setting Enter the L2TP connection password provided by your Service P...

Page 34: ...on automatically once it has been booted up and try to reconnect once the connection is down It s recommended to choose this scheme if for mission critical applications to ensure full time Internet connection Connect on demand This gateway won t start to establish Internet connection until local data is going to be sent to WAN side After normal data transferring between LAN and WAN sides this gate...

Page 35: ...monitor connection status continuous To do it ICMP Check and FQDN Query are used to check When there is trafiic of connection checking packet will waste bandwidth Response time of replied packets may also increase To avoid Network Monitoring work abnormally enabling Checking Loading option will stop connection check when there is traffic It will wait for another Check Interval and then check loadi...

Page 36: ...sion Unit limit and specify the MTU for the 3G 4G connection MTU refers to Maximum Transmission Unit It specifies the largest packet size permitted for Internet transmission Value Range 1200 1500 MTU Setup 1 A Must filled setting 2 Auto value zero is set by default 3 Manual set range 1200 1500 MTU refers to Maximum Transmission Unit It specifies the largest packet size permitted for Internet trans...

Page 37: ...ault Specify a time interval as the DNS Query Interval Query Interval defines the transmitting interval between two DNS Query or ICMP checking packets With DNS Query the system checks the connection by sending DNS Query packets to the destination specified in Target 1 and Target 2 Value Range 2 14400 Check Interval 1 An Optional setting 2 5 seconds is selected by default Specify a time interval as...

Page 38: ... Current gateway to be the target Other Host enter an IP address to be the target Target 2 1 An Optional filled setting 2 None is selected by default Target1 specifies the second target of sending DNS query ICMP request None no second target is required DNS1 set the primary DNS to be the target DNS2 set the secondary DNS to be the target Gateway set the Current gateway to be the target Other Host ...

Page 39: ...ne WAN interface This device has featured by using dual SIM cards for one module with special fail over mechanism It is called Dual SIM Failover This feature is useful for ISP switch over when location is changed Within Dual SIM Failover there are various usage scenarios including SIM A First SIM B First with Failback enabled or not and SIM A Only and SIM B Only 39 ...

Page 40: ...SIM A or SIM B card first And when the connection is broken the gateway will switch to use the other SIM card for an alternate automatically and will not switch back to use original SIM card except current SIM connection is also broken That is SIM A and SIM B are used iteratively but either one will keep being used for data transfer when current connection is still alive SIM A SIM B first with Fai...

Page 41: ...elected it will failback to the main SIM and try to establish the connection periodically Note_1 For the product with single SIM design only SIM A Only option is available Note_2 Failback is available only when SIM A First or SIM B First is selected Auto Flight Mode The box is unchecked by default Check the Enable box to activate the function By default if you disabled the Auto Flight Mode the cel...

Page 42: ...on Network Type 1 A Must filled setting 2 By default Auto is selected Select Auto to register a network automatically regardless of the network type Select 2G Only to register the 2G network only Select 2G Prefer to register the 2G network first if it is available Select 3G only to register the 3G network only Select 3G Prefer to register the 3G network first if it is available Select LTE only to ...

Page 43: ... provided such settings to you Note These settings are only displayed when Manual configuration is selected Authentication 1 A Must filled setting 2 By default Auto is selected Select PAP Password Authentication Protocol and use such protocol to be authenticated with the carrier s server Select CHAP Challenge Handshake Authentication Protocol and use such protocol to be authenticated with the carr...

Page 44: ... this profile APN String format any text Enter the APN you want to use to establish the connection IP Type 1 A Must filled setting 2 By default IPv4 is selected Specify the IP type of the network serveice provided by your 3G 4G network It can be IPv4 IPv6 or IPv4 6 Account String format any text Enter the Account you want to use for the authentication Value Range 0 53 characters Password String fo...

Page 45: ...onnection on all the time whenever the physical link is connected When Connect on demand is selected it means the Internet connection will be established only when detecting data traffic When Connect Manually is selected it means you need to click the Connect button to dial up the connection manually Please go to Status Basic Network WAN Uplink tab for details Note If the WAN interface serves as t...

Page 46: ... a non zero value it means only the client with this MAC address can get the WAN IP address Note When the IP Pass through is on NAT and WAN IP Alias will be unavailable until the function is disabled again NAT Check by default Uncheck the box to disable NAT Network Address Translation function IGMP By default Disable is selected Select Auto to enable IGMP function Check the Enable box to enable IG...

Page 47: ...400 Latency Threshold 1 An Optional setting 2 3000 ms is set by default Enter a number of detecting disconnection times to be the threshold before disconnection is acknowledged Latency Threshold defines the tolerance threshold of responding time Value Range 2000 3000 seconds Fail Threshold 1 An Optional setting 2 5 times is set by default Enter a number of detecting disconnection times to be the t...

Page 48: ... Edit button is applied Internet Connection Configuration screen will appear WAN 3 interface is used in this example Internet Connection Configuration Item Value setting Description WAN Type 1 A Must filled setting 2 Ethernet Over ATM with NAT is set by default From the dropdown box select Internet connection method for ADSL WAN Connection Detail settings are described in the next few pages Ethern...

Page 49: ...ered with your service provider Or Click the Clone button to clone your PC s MAC to this field Usually this is the PC s MAC address assigned to allow you to connect to Internet MTU 1 An Optional setting 2 Uncheck by default Check the Enable box to enable the MTU Maximum Transmission Unit limit and specify the MTU for the WAN connection MTU refers to Maximum Transmission Unit It specifies the large...

Page 50: ...an be UBR Unspecified Bit Rate CBR Constant Bit Rate VBR Variable Bit Rate GFR Guaranteed Frame Rate IGMP 1 A Must filled setting 2 Disable is selected by default Enable IGMP Internet Group Management Protocol would enable the router to listen to IGMP packets to discover which interfaces are connected to which device The router uses the interface information generated by IGMP to reduce bandwidth c...

Page 51: ...clone your PC s MAC to this field Usually this is the PC s MAC address assigned to allow you to connect to Internet MTU 1 An Optional setting 2 Uncheck by default Check the Enable box to enable the MTU Maximum Transmission Unit limit and specify the MTU for the WAN connection MTU refers to Maximum Transmission Unit It specifies the largest packet size permitted for Internet transmission Value Rang...

Page 52: ... Rate CBR Constant Bit Rate VBR Variable Bit Rate GFR Guaranteed Frame Rate IGMP 1 A Must filled setting 2 Disable is selected by default Enable IGMP Internet Group Management Protocol would enable the router to listen to IGMP packets to discover which interfaces are connected to which device The router uses the interface information generated by IGMP to reduce bandwidth consumption in a multi acc...

Page 53: ... IP Address An optional setting Enter the IP address assigned by your Service Provider MTU 1 An Optional setting 2 Uncheck by default Check the Enable box to enable the MTU Maximum Transmission Unit limit and specify the MTU for the WAN connection MTU refers to Maximum Transmission Unit It specifies the largest packet size permitted for Internet transmission Value Range 1200 1500 NAT 1 An optional...

Page 54: ...tting It can be UBR Unspecified Bit Rate CBR Constant Bit Rate VBR Variable Bit Rate GFR Guaranteed Frame Rate IGMP 1 A Must filled setting 2 Disable is selected by default Enable IGMP Internet Group Management Protocol would enable the router to listen to IGMP packets to discover which interfaces are connected to which device The router uses the interface information generated by IGMP to reduce b...

Page 55: ...igned IP Address An optional setting Enter the IP address assigned by your Service Provider MTU 1 An Optional setting 2 Uncheck by default Check the Enable box to enable the MTU Maximum Transmission Unit limit and specify the MTU for the WAN connection MTU refers to Maximum Transmission Unit It specifies the largest packet size permitted for Internet transmission Value Range 1200 1500 NAT 1 An opt...

Page 56: ...tting It can be UBR Unspecified Bit Rate CBR Constant Bit Rate VBR Variable Bit Rate GFR Guaranteed Frame Rate IGMP 1 A Must filled setting 2 Disable is selected by default Enable IGMP Internet Group Management Protocol would enable the router to listen to IGMP packets to discover which interfaces are connected to which device The router uses the interface information generated by IGMP to reduce b...

Page 57: ...equests when WAN bandwidth is fully occupied This is to prevent false link down status Query Interval 1 An Optional setting 2 3 seconds is selected by default Specify a time interval as the DNS Query Interval Query Interval defines the transmitting interval between two DNS Query or ICMP checking packets With DNS Query the system checks the connection by sending DNS Query packets to the destination...

Page 58: ... of sending DNS query ICMP request DNS1 set the primary DNS to be the target DNS2 set the secondary DNS to be the target Gateway set the Current gateway to be the target Other Host enter an IP address to be the target Target 2 1 An Optional filled setting 2 None is selected by default Target1 specifies the second target of sending DNS query ICMP request None no second target is required DNS1 set t...

Page 59: ...an select strategy according to application requirement and environment status The strategies are explained as below By Smart Weight If based on By Smart Weight strategy gateway will take the line speed settings of all WAN interfaces specified in Physical Interface configuration page as default ratio for data transfer Based on the ratio of packet bytes via these WAN interfaces in past period maybe...

Page 60: ...IP range Destination port can be a single port or port range You can select one target for one mapping to setup IP address and leave others just left as any All Besides this you can also set protocol as TCP UDP or both Diagrams shown on left side are examples user policy The first diagram illustrates example for mapping various source IP subnets to different WAN interface All packets from differen...

Page 61: ...etting Description Load Balance Unchecked by default Check the Enable box to activate Load Balance function Load Balance Strategy 1 A Must filled setting 2 By Smart Weight is selected by default There are up to three load balance strategies Select the preferred one By Smart Weight System will operate load balance function automatically based on the embedded Smart Weight algorithm By Specific Weigh...

Page 62: ...lt Value Range 1 99 Note The sum of all weights can t be greater than 100 Save NA Click the Save button to save the configuration Undo NA Click the Undo button to restore what you just configured back to the previous setting When By User Policy is selected a User Policy List screen will appear With properly configured your policy rules system will route traffics through available WAN interface bas...

Page 63: ...e IPs Single IP Specify a unique IP Address for the traffics come to the IP Input format is xxx xxx xxx xxx e g 192 168 123 101 Domain Name Specify the domain name for the traffics come to the domain Destination Port 1 A Must filled setting 2 All is selected by default There are four options can be selected All No specific destination port is provided Port Range Specify the Destination Port Range ...

Page 64: ...onfiguration Static IP If there is at least one WAN interface activated the LAN IP mode is fixed in Static IP mode Dynamic IP If all the available WAN inferfaces are disabled the LAN IP mode can be Dynamic IP mode LAN IP Address 1 A Must filled setting 2 192 168 123 254 is set by default Enter the local IP address of this device The network device s on your network must use the LAN IP address of t...

Page 65: ... the additional IP When Add button is applied Additional IP Configuration screen will appear Configuration Item Value setting Description Name 1 An Optional Setting Enter the name for the alias IP address Interface 1 A Must filled setting 2 lo is set by default Specify the Interface type It can be lo or br0 IP Address 1 An Optional setting 2 192 168 123 254 is set by default Enter the addition IP ...

Page 66: ...Industry Cellular Gateway network Value Range 255 0 0 0 8 255 255 255 255 32 Save NA Click the Save button to save the configuration 66 ...

Page 67: ...LAN Port based VLAN function can group Ethernet ports Port 1 Port 4 and WiFi Virtual Access Points VAP 1 VAP 8 together for differentiated services like Internet surfing multimedia enjoyment VoIP talking and so on Two operation modes NAT and Bridge can be applied to each VLAN group One DHCP server can be allocated for a NAT VLAN group to let group host member get its IP address Thus each host can ...

Page 68: ...Points VAP 1 VAP 8 together with different VLAN tags for deploying subnets in Intranet All packet flows can carry with different VLAN tags even at the same physical Ethernet port for Intranet These flows can be directed to different destination because they have differentiated tags The approach is very useful to group some hosts at different geographic location to be in the same workgroup Tag base...

Page 69: ...up is equipped with DHCP 3 server to construct a 192 168 12 x subnet He also configure Meeting Rooms segment with VLAN ID 11 The VLAN group is equipped with DHCP 2 server to construct a 192 168 11 x subnet for Intranet only That is any client host in VLAN 11 group can t access the Internet At last he configures Lab segment with VLAN ID 10 The VLAN group is equipped with DHCP 1 server to construct ...

Page 70: ... specify members of one VLAN group to be able to access Internet or not Following is an example that VLAN groups of VID is 2 and 3 can access Internet but the one with VID is 1 cannot access Internet That is visitors in meeting room and staffs in office network can access Internet But the computers servers in data center cannot access Internet since security consideration Servers in data center on...

Page 71: ...a communication pair and one VLAN group can join many communication pairs But communication pair doesn t have the transitive property That is A can communicate with B and B can communicate with C it doesn t imply that A can communicate with C An example is shown at following diagram VLAN groups of VID is 1 and 2 can access each other but the ones between VID 1 and VID 3 and between VID 2 and VID 3...

Page 72: ... based Tag based VLAN allows you to add VLAN ID and select member and DHCP Server for this VLAN ID Go to Tag based VLAN List table Save NA Click the Save button to save the configuration Port based VLAN Create Edit VLAN Rules The port based VLAN allows you to custom each LAN port There is a default rule shows the configuration of all LAN ports Also if your device has a DMZ port you will see DMZ co...

Page 73: ...094 VLAN Tagging Disable is selected by default The rule is activated according to VLAN ID and Port Members configuration when Enable is selected The rule is activated according Port Members configuration when Disable is selected NAT Bridge NAT is selected by default Select NAT mode or Bridge mode for the rule Port Members These box is unchecked by default Select which LAN port s and VAP s that yo...

Page 74: ...P Server IP Address that the gateway will relay the DHCP requests to the assigned DHCP server DHCP Server Name A Must filled setting Define name of the DHCP Server for the specified VLAN group IP Pool A Must filled setting Define the IP Pool range There are Starting Address and Ending Address fields If a client requests an IP address from this DHCP Server it will assign an IP address in the range ...

Page 75: ...e DHCP Server wants to match IP Address A Must filled setting Define the IP Address that the DHCP Server will assign If there is a request from the MAC Address filled in the above field the DHCP Server will assign this IP Address to the client whose MAC Address matched the rule Enable The box is unchecked by default Click Enable box to activate this rule Save NA Click the Save button to save the c...

Page 76: ...terface If uncheck a certain VLAN ID box it means the VLAN ID member can t access Internet anymore Note VLAN ID 1 is available always it is the default VLAN ID of LAN rule The other VLAN IDs are available only when they are enabled Inter VLAN Group Routing The box is unchecked by default Click the expected VLAN IDs box to enable the Inter VLAN access function By default members in different VLAN I...

Page 77: ...filled setting Define the VLAN ID number range is 6 4094 Internet Access The box is checked by default Click Enable box to allow the members in the VLAN group access to internet Port The box is unchecked by default Check the LAN port box es to join the VLAN group VAP The box is unchecked by default Check the VAP box es to join the VLAN group Note Only the wireless gateway has the VAP list DHCP Ser...

Page 78: ...ateway LAN interface with its default Subnet Mask setting as 255 255 255 0 and its default IP Pool ranges is from 100 to 200 as shown at the DHCP Server List page on gateway s WEB UI User can add more DHCP server configurations by clicking on the Add button behind DHCP Server List or clicking on the Edit button at the end of each DHCP Server on list to edit its current settings Besides user can se...

Page 79: ...n fixed IP address to map the specific client MAC address by select them then copy when targets were already existed in the DHCP Client List or to add some other Mapping Rules by manually in advance once the target s MAC address was not ready to connect 79 ...

Page 80: ...es to assign IP Addresses to the devices on the local area network LAN Create Edit DHCP Server Policy The gateway allows you to custom your DHCP Server Policy If multiple LAN ports are available you can define one policy for each LAN or VLAN group and it supports up to a maximum of 4 policy sets When Add button is applied DHCP Server Configuration screen will appear 80 ...

Page 81: ...HCP Server Primary DNS IPv4 format The Primary DNS of this DHCP Server Secondary DNS IPv4 format The Secondary DNS of this DHCP Server Primary WINS IPv4 format The Primary WINS of this DHCP Server Secondary WINS IPv4 format The Secondary WINS of this DHCP Server Gateway IPv4 format The Gateway of this DHCP Server Server The box is unchecked by default Click Enable box to activate this DHCP Server ...

Page 82: ... previous setting Back N A When the Back button is clicked the screen will return to the DHCP Server Configuration page View Copy DHCP Client List When DHCP Client List button is applied DHCP Client List screen will appear When the DHCP Client is selected and Copy to Fixed Mapping button is applied The IP and MAC address of DHCP Client will apply to the Mapping Rule List on specific DHCP Server au...

Page 83: ...lue setting Description Option Name 1 String format can be any text 2 A Must filled setting Enter a DHCP Server Option name Enter a name that is easy for you to understand DHCP Server Select Dropdown list of all available DHCP servers Choose the DHCP server this option should apply to Option Select 1 A Must filled setting 2 Option 66 is selected by default Choose the specific option from the dropd...

Page 84: ... 5 A Must filled setting Should conform to Type Type Value 66 Single IP Address IPv4 format Single FQDN FQDN format 72 IP Addresses List separated by IPv4 format separated by 114 Single URL URL format Enable The box is unchecked by default Click Enable box to activate this setting Save NA Click the Save button to save the setting Undo NA When the Undo button is clicked the screen will return back ...

Page 85: ...ace 1 A Must filled setting 2 WAN 1 is selected by default Choose a WAN Interface for the dropdown list to apply with the DHCP Relay function It can be the available WAN interface s and L2TP connection Server IP 1 A Must filled setting 2 null by default Assign a DHCP Server IP Address that the gateway will relay the DHCP requests to the assigned DHCP server via specified WAN interface Enable The b...

Page 86: ... dual bands of operation There are several wireless operation modes provided by this device They are AP Router Mode WDS Only Mode and WDS Hybrid Mode You can choose the expected mode from the wireless operation mode list There are some sub sections for you to configure the WiFi function including Basic Configuration and Advanced Configuration In Basic Configuration section you have to finish almos...

Page 87: ...ces with the wireless gateway make sure your application scenario for WiFi network and choose the most adequate operation mode AP Router Mode This mode allows you to get your wired and wireless devices connected to form the Intranet of the wireless gateway and the Intranet will link to the Internet with NAT mechanism of the gateway So this gateway is working as a WiFi AP but also a WiFi hotspot fo...

Page 88: ...cal Gateway 1 through WDS Both gateways connected by WDS need to setup the remote AP MAC for each other All client hosts under gateway 2 3 can request IP address from the DHCP server at gateway 1 Besides wireless Gateway 1 also execute the NAT mechanism for all client hosts Internet accessing WDS Hybrid Mode WDS hybrid mode includes both WDS and AP Router mode WDS Hybrid mode can act as an access ...

Page 89: ... VAPs As shown in the diagram the clients in VAP 1 and VAP 2 can communicate to each other when VAP Isolation is disabled Wi Fi Security Authentication Encryption Wi Fi security provides complete authentication and encryption mechanisms to enhance the data security while your data is transferred wirelessly over the air The wireless gateway supports Shared WPA PSK WPA2 PSK and WPA WPA2 authenticati...

Page 90: ...d and cannot be changed once the module is integrated into the product However there is some module with selectable band for user to choose according to his network environment Under such situation you can specify which operation band is suitable for the application Configure WiFi Setting Configuring Wi Fi Settings Item Value setting Description WiFi Module The box is checked by default Check the ...

Page 91: ...tion description for each WiFi operation mode is given AP Router Mode VAPs Configuration For the AP Router mode the device not only supports stations connection but also the router function The WAN port and the NAT function are enabled AP Router Mode Item Value setting Description Green AP The box is unchecked by default Check the Enable box to activate Green AP function VAP Isolation The box is c...

Page 92: ...th this device When Open is selected The check box named 802 1x shows up next to the dropdown list 802 1x The box is unchecked by default When 802 1x is enabled it means the client stations will be authenticated by RADIUS server RADIUS Server IP The default IP is 0 0 0 0 RADIUS Server Port The default value is 1812 RADIUS Shared Key When Shared is selected The pre shared WEP key should be set for ...

Page 93: ...s selected the key should consist of 0 to 9 and A to F If ASCII is selected the key should consist of ASCII table TKIP TKIP was proposed instead of WEP without upgrading hardware Enter a Pre shared Key for it The length of key is from 8 to 63 characters AES The newest encryption system in WiFi it also designed for the fast 802 11n high bitrates schemes Enter a Pre shared Key for it The length of k...

Page 94: ...ured Refer to Object Definition Scheduling Configuration tab Scan Remote AP s MAC List N A Press the Scan button to scan the spatial AP information and then select one from the AP list the MAC of selected AP will be auto filled in the following Remote AP MAC table Remote AP MAC 1 4 A Must filled setting Enter the remote AP s MAC manually or via auto scan approach The device will bridge the traffic...

Page 95: ... default Check the Enable box to activate this function By default the box is checked it means that stations which associated to different VAPs cannot communicate with each other Time Schedule A Must filled setting Apply a specific Time Schedule to this rule otherwise leave it as 0 Always If the dropdown list is empty ensure Time Schedule is pre configured Refer to Object Definition Scheduling Con...

Page 96: ... the required VAP settings for connecting with wireless client devices Click Add Edit button in the VAL List screen to create or edit the settings for a VAP A VAP Configuration screen will appear For the detail description about VAP configuration please refer to the description stated in AP Router section 96 ...

Page 97: ...dule with selectable band for user to choose according to his network environment Under such situation you can specify which operation band is suitable for the application Multiple AP Names 1 A Must filled setting 2 All is selected by default Specify the VAP to show the associated clients information in the following Client List By default All VAP is selected Show Client List The following Client ...

Page 98: ...hows the data rate between client and this device RSSI0 RSSI1 N A It shows the RX sensitivity RSSI value for each radio path Signal N A The signal strength between client and this device Interface N A It shows the VAP ID that the client associated with Refresh N A Click the Refresh button to update the Client List immediately 98 ...

Page 99: ...to Basic Network WiFi Advanced Configuration Tab Select Target WiFi Target Configuration Item Value setting Description Module Select A Must filled setting Select the WiFi module to check the information of connected clients For those single WiFi module products this option is hidden Operation Band A Must filled setting Specify the intended operation band for the WiFi module Basically this setting...

Page 100: ... and jitter when transmitting multimedia content over a wireless connection Short GI By default 400ns is selected Short GI Guard Interval is defined to set the sending interval between each packet Note that lower Short GI could increase not only the transition rate but also error rate TX Rate By default Best is selected It means the data transition rate When Best is selected the device will choose...

Page 101: ...Pv4 It simplifies aspects of address assignment stateless address auto configuration network renumbering and router announcements when changing Internet connectivity providers 2 4 1 IPv6 Configuration The IPv6 Configuration setting allows user to set the IPv6 connection type to access the IPv6 network This gateway supports various types of IPv6 connection including Static IPv6 DHCPv6 and PPPoEv6 N...

Page 102: ...P addressing type in the information provided by your ISP to setup the IPv6 network DHCPv6 DHCP in IPv6 does the same function as DHCP in IPv4 The DHCP server sends IP address DNS server addresses and other possible data to the DHCP client to configure automatically The server also sends a lease time of the address and time to re contact the server for IPv6 address renewal The client has then to r...

Page 103: ... When PPPoEv6 server gets client request and successfully authenticates it the server sends IP address DNS server addresses and other required parameters to automatically configure the client The diagram above depicts the IPv6 addressing through PPPoE PPPoEv6 server DSLAM on the ISP side provides IPv6 configuration upon receiving PPPoEv6 client request When PPPoEv6 server gets client request and s...

Page 104: ...ted when IPv6 Enable 2 A Must filled setting Define the selected IPv6 WAN Connection Type to establish the IPv6 connectivity Select Static IPv6 when your ISP provides you with a set IPv6 addresses Then go to Static IPv6 WAN Type Configuration Select DHCPv6 when your ISP provides you with DHCPv6 services Select PPPoEv6 when your ISP provides you with PPPoEv6 account settings Select IPv6 when you wa...

Page 105: ... An optional setting Enter the WAN secondary DNS Server MLD Snooping The box is unchecked by default Enable Disable the MLD Snooping function LAN Configuration LAN Configuration Item Value setting Description Global Address A Must filled setting Enter the LAN IPv6 Address for the router Link local Address Value auto created Show the link local address for LAN interface of router Then go to Address...

Page 106: ...ified by default Enter the WAN secondary DNS Server MLD The box is unchecked by default Enable Disable the MLD Snooping function LAN Configuration LAN Configuration Item Value setting Description Global Address Value auto created Enter the LAN IPv6 Address for the router Link local Address Value auto created Show the link local address for LAN interface of router Then go to Address Auto configurat...

Page 107: ... your ISP Value Range 0 45 characters Connection Control Fixed value The value is Auto reconnect Always on MTU A Must filled setting Enter the MTU for setting up PPPoEv6 connection If you want more information please contact your ISP Value Range 1280 1492 MLD Snooping The box is unchecked by default Enable Disable the MLD Snooping function LAN Configuration LAN Configuration Item Value setting Des...

Page 108: ...lected by default Define the selected IPv6 WAN Connection Type to establish the IPv6 connectivity Select Stateless to manage the Local Area Network to be SLAAC RDNSS Router Advertisement Lifetime A Must filled setting Enter the Router Advertisement Lifetime in seconds 200 is set by default Value Range 0 65535 Select Stateful to manage the Local Area Network to be Stateful DHCPv6 IPv6 Address Range...

Page 109: ...Industry Cellular Gateway IPv6 Address Lifetime A Must filled setting Enter the DHCPv6 lifetime for your local computers 36000 is set by default Value Range 0 65535 109 ...

Page 110: ...s and activates the NAT function You also can disable the NAT function in Basic Network WAN Uplink Internet Setup WAN Type Configuration page Usually all local hosts or servers behind corporate gateway are protected by NAT firewall NAT firewall will filter out unrecognized packets to protect your Intranet So all local hosts are invisible to the outside world Port forwarding or port mapping is func...

Page 111: ... either side are you in accessing the email server at the LAN side or at the WAN side you don t need to change the IP address of the mail server Configuration Setting Go to Basic Network Port Forwarding Configuration tab The NAT Loopback allows user to access the WAN IP address from inside your local network Enable NAT Loopback Configuration Item Value setting Description NAT Loopback The box is c...

Page 112: ...s behind office gateway You can set up those servers by using Virtual Server feature After trip if want to access those servers from LAN side by global IP without change original setting NAT Loopback can achieve it Virtual computer is a host behind NAT gateway whose IP address is a global one and is visible to the outside world Since it is behind NAT it is protected by gateway firewall To configur...

Page 113: ...s you to access the WAN global IP address from your inside NAT local network It is useful when you run a server inside your network For example if you set a mail server at LAN side your local devices can access this mail server through gateway s global IP address when enable NAT loopback feature On either side are you in accessing the email server at the LAN side or at the WAN side you don t need ...

Page 114: ...x to activate this port forwarding function Virtual Computer The box is checked by default Check the Enable box to activate this port forwarding function Save N A Click the Save button to save the settings Undo N A Click the Undo button to cancel the settings Create Edit Virtual Server The gateway allows you to custom your Virtual Server rules It supports up to a maximum of 20 rule based Virtual S...

Page 115: ... setting When ICMPv4 is selected It means the option Protocol of packet filter rule is ICMPv4 Apply Time Schedule to this rule otherwise leave it as Always refer to Scheduling setting under Object Definition Then check Enable box to enable this rule When TCP is selected It means the option Protocol of packet filter rule is TCP Public Port selected a predefined port from Well known Service and Priv...

Page 116: ...lected Single Port or Port Range Value Range 1 65535 for Public Port Private Port When GRE is selected It means the option Protocol of packet filter rule is GRE When ESP is selected It means the option Protocol of packet filter rule is ESP When SCTP is selected It means the option Protocol of packet filter rule is SCTP When User defined is selected It means the option Protocol of packet filter rul...

Page 117: ...lied Virtual Computer Rule Configuration screen will appear Virtual Computer Rule Configuration Item Value setting Description Global IP A Must filled setting This field is to specify the IP address of the WAN IP Local IP A Must filled setting This field is to specify the IP address of the LAN IP Enable N A Then check Enable box to enable this rule Save N A Click the Save button to save the settin...

Page 118: ...re not expected to receive by applications in the gateway or by other client hosts in the Intranet Certainly the DMZ host is also protected by the gateway firewall Activate the feature and specify the DMZ host with a host in the Intranet when needed DMZ Scenario When the network administrator wants to set up some service daemons in a host behind NAT gateway to allow remote users request for servic...

Page 119: ...ctivate it DMZ Pass Through Setting Go to Basic Network Port Forwarding DMZ Pass Through tab The DMZ host is a host that is exposed to the Internet cyberspace but still within the protection of firewall by gateway device Enable DMZ and Pass Through Configuration Item Value setting Description DMZ 1 A Must filled setting 2 Default is ALL Check the Enable box to activate the DMZ function Define the ...

Page 120: ...he product Pass Through Enable The boxes are checked by default Check the box to enable the pass through function for the IPSec PPTP and L2TP With the pass through function enabled the VPN hosts behind the gateway still can connect to remote VPN servers Save N A Click the Save button to save the settings Undo N A Click the Undo button to cancel the settings 120 ...

Page 121: ...Industry Cellular Gateway 2 5 4 Special AP ALG not supported Not supported feature for the purchased product leave it as blank 121 ...

Page 122: ...a private IP address of a local host In addition admin users also map a private IP address range to a public IP address range of equal instances This feature offers another way to make systems behind a firewall and configured with private IP addresses appear to have public IP addresses As shown in above configuration settings for the VPN gateway at Control Center the Admin user can access the DNS ...

Page 123: ...on to save the settings Create Edit IP Translation Rule When Add button is applied IP Translation Configuration screen will appear IP Translation Configuration Item Value setting Description Mapping Source IP Domain Name 1 A Must filled setting 2 IP is selected by default Specify the mapped IP Domain Name that will be issued from the hosts behind the NAT gateway The NAT gateway will translate the ...

Page 124: ...the required subnet mask if Destination IP is specified above It can be a single IP with 255 255 255 255 32 subnet mask or an IP group limited with proper subnet setting Physical Interface 1 A Must filled setting 2 All is selected by default Specify the interface to apply the translation rule The enabled WAN Interface will be available in the dropdown list By default All is selected and the transl...

Page 125: ...es to various network destinations Thus constructing routing tables which are held in the router s memory is very important for efficient routing Most routing algorithms use only one network path at a time The routing tables record your pre defined routing paths for some specific destination subnets It is static routing However if the contents of routing tables record the obtained routing paths fr...

Page 126: ...of packets to be transferred via which gateway interface and which peer gateway to their destination It can be carried out by the Static Routing feature Dedicated packet flows from the Intranet will be routed to their destination via the pre defined peer gateway and corresponding gateway interface that are defined in the system routing table by manual As shown in the diagram when the destination i...

Page 127: ...Routing Rule Configuration window will appear to let you define a static routing rule Enable Static Routing Just check the Enable box to activate the Static Routing feature Static Routing Item Value setting Description Static Routing The box is unchecked by default Check the Enable box to activate this function Create Edit Static Routing Rules The Static Routing Rule List shows the setup parameter...

Page 128: ...IP of this static routing rule Interface Auto is set by default Select the Interface of this static routing rule It can be Auto or the available WAN LAN interfaces Metric 1 Numberic String Format 2 A Must filled setting The Metric of this static routing rule Value Range 0 255 Rule The box is unchecked by default Click Enable box to activate this rule Save NA Click the Save button to save the confi...

Page 129: ...y supports dynamic routing protocols including RIPv1 RIPv2 Routing Information Protocol OSPF Open Shortest Path First and BGP Border Gateway Protocol for you to establish routing table automatically The feature of dynamic routing will be very useful when there are lots of subnets in your network Generally speaking RIP is suitable for small network OSPF is more suitable for medium network BGP is mo...

Page 130: ...routing protocol that uses link state routing algorithm It is the most widely used interior gateway protocol IGP in large enterprise networks It gathers link state information from available routers and constructs a topology map of the network The topology is presented as a routing table which routes datagrams based solely on the destination IP address Network administrator can deploy OSPF gateway...

Page 131: ...way within one AS will links with some other border gateways for exchanging routing information It will distribute the collected data in AS to all routers in other AS As shown in the diagram BGP 0 is gateway to dominate AS0 self IP is 10 100 0 1 and self ID is 100 It links with other BGP gateways in the Internet The scenario is like Subnet in one ISP to be linked with the ones in other ISPs By ope...

Page 132: ...OSPF Configuration window can let you activate the OSPF dynamic routing protocol and specify its backbone subnet Moreover the OSPF Area List window lists all defined areas in the OSPF network However the BGP Configuration window can let you activate the BGP dynamic routing protocol and specify its self ID The BGP Neighbor List window lists all defined neighbors in the BGP network RIP Configuration...

Page 133: ...SPF protocol Select Text will enable Text Authentication with entered the Key in this field on OSPF protocol Select MD5 will enable MD5 Authentication with entered the ID and Key in these fields on OSPF protocol Backbone Subnet 1 Classless Inter Domain Routing CIDR Subnet Mask Notation Ex 192 168 1 0 24 2 A Must filled setting The Backbone Subnet of this router on OSPF protocol Create Edit OSPF Ar...

Page 134: ...net Mask Notation Ex 192 168 1 0 24 2 A Must filled setting The Area Subnet of this router on OSPF Area List Area ID 1 IPv4 Format 2 A Must filled setting The Area ID of this router on OSPF Area List Area The box is unchecked by default Click Enable box to activate this rule Save N A Click the Save button to save the configuration 134 ...

Page 135: ...filled setting The ASN Number of this router on BGP protocol Value Range 1 4294967295 Router ID 1 IPv4 Format 2 A Must filled setting The Router ID of this router on BGP protocol Create Edit BGP Network Rules The gateway allows you to custom your BGP Network rules It supports up to a maximum of 32 rule sets When Add button is applied BGP Network Configuration screen will appear Item Value setting ...

Page 136: ...s up to a maximum of 32 rule sets When Add button is applied BGP Neighbor Configuration screen will appear BGP Neighbor Configuration Item Value setting Description Neighbor IP 1 IPv4 Format 2 A Must filled setting The Neighbor IP of this router on BGP Neighbor List Remote ASN 1 Numberic String Format 2 A Must filled setting The Remote ASN of this router on BGP Neighbor List Value Range 1 42949672...

Page 137: ... IP IPv4 Format Subnet Mask N A Routing record of Subnet Mask IPv4 Format Gateway IP N A Routing record of Gateway IP IPv4 Format Metric N A Routing record of Metric Numeric String Format Interface N A Routing record of Interface Type String Format Policy Routing Information Item Value setting Description Policy Routing Source N A Policy Routing of Source String Format Source IP N A Policy Routing...

Page 138: ...your current IP address which changes each time you connect your Internet service provider The Dynamic DNS service allows the gateway to alias a public dynamic IP address to a static domain name allowing the gateway to be more easily accessed from various locations on the Internet As shown in the diagram user registered a domain name to a third party DDNS service provider NO IP to use DDNS functio...

Page 139: ...WAN Interface IP Address of the gateway Provider DynDNS org Dynamic is set by default Select your DDNS provider of Dynamic DNS It can be DynDNS org Dynamic DynDNS org Custom NO IP com etc Host Name 1 String format can be any text 2 A Must filled setting Your registered host name of Dynamic DNS Value Range 0 63 characters User Name E Mail 1 String format can be any text 2 A Must filled setting Ente...

Page 140: ...le box to activate this function Save N A Click Save to save the settings Undo N A Click Undo to cancel the settings If you enabled the DNS Redirect function you have to further specify the redirect rules According to the rules the gateway can redirect the traffic that matched the DNS to corresponding pre defined IP address When Add button is applied Redirect Rule screen will appear Redirect Rule ...

Page 141: ...e Always or WAN Block Always The DNS redirect function can be applied to matched DNS all the time WAN Block The DNS redirect function can be applied to matched DNS only when the WAN connection is disconneced or un reachable Description 1 String format can be any text 2 A Must filled setting Enter a brief description for this rule Value Range 0 63 characters Enable The box is unchecked by default C...

Page 142: ... access It is indeed required that an access gateway satisfies the requirements of latency critical applications minimum access right guarantee fair bandwidth usage for same subscribed condition and flexible bandwidth management AMIT Security Gateway provides a Rule based QoS to carry out the requirements 2 8 1 QoS Configuration This gateway provides lots of flexible rules for you to set QoS polic...

Page 143: ...ry can be based on VLAN ID MAC Address IP Address Host Name or Packet Length Differentiated Services Specify the service type in a QoS rule for the target packets to be applied on Differentiated services can be based on 802 1p DSCP TOS VLAN ID User defined Services and Well known Services Well known services include FTP 21 SSH TCP 22 Telnet 23 SMTP 25 DNS 53 TFTP UDP 69 HTTP TCP 80 POP3 110 Auth 1...

Page 144: ...ture depends on model Outbound Inbound Control One QoS rule can be applied to the outbound or inbound direction of packet flow even them both This feature depends on model Two QoS rule examples are listed as below QoS Rule Example 1 Connection Sessions When administrator wants to limit maximum connection sessions from some client hosts IP 10 0 75 16 31 to 20000 to avoid resource unbalanced he can ...

Page 145: ...199 to the code value AF Class2 High Drop he can use the Rule based QoS function to carry out this rule by defining an QoS rule as shown in above configuration Under such configuration all packets from WAN interfaces to LAN IP address 10 0 75 196 10 0 75 199 which have DiffServ code points with IP Precedence 4 CS4 value will be modified by DSCP Marking control function with AF Class 2 High Drop va...

Page 146: ... Function Configuration Item Value Setting Description QoS Type 1 Software is selected by default 2 The box is unchecked by default Select the QoS Type from the dropdown list and then click Enable box to activate the QoS function The default QoS type is set to Software QoS For some models there is another option for Hardware QoS Flexible Bandwidth Management The box is unchecked by default Click E...

Page 147: ...then the following WAN Interface Resource screen will show the related resources for configuration Bandwidth of Upstream Downstream Specify total upload download bandwidth of the selected WAN Value Range For Gigabit Ethernet 1 1024000Kbps or 1 1000Mbps For Fast Ethernet 1 102400Kbps or 1 100Mbps For 3G 4G 1 153600Kbps or 1 150Mbps Total Connection Sessions Specify total connection sessions of the ...

Page 148: ...he WAN interface to apply the QoS rule Select All WANs or a certain WAN n to filter the packets entering to or leaving from the interface s Group 1 A Must filled setting 2 Src MAC Address is selected by default Specify the Group category for the QoS rule It can be Src MAC Address IP or Host Name Select Src MAC Address to prioritize packets based on MAC Select IP to prioritize packets based on IP a...

Page 149: ...the min rate max rate and rate unit as the bandwidth settings in the Control Function Set MINR MAXR field Connection Sessions Select Connection Sessions as the resource type for the QoS Rule and you have to assign supported session number in the Control Function Set Session Limitation field Priority Queues Select Priority Queues as the resource type for the QoS Rule and you have to specify a prior...

Page 150: ... group will have his own QoS service resource as specified in the rule Group Control If Group Control is selected all the group hosts share the same QoS service resource Time Schedule 1 A Must filled setting 2 0 Always is selected by default Apply Time Schedule to this rule otherwise leave it as 0 Always refer to Object Definition Scheduling Configuration settings Rule Enable The box is unchecked ...

Page 151: ...The protocol achieves this by creation of virtual routers which are an abstract representation of multiple routers i e master and backup routers acting as a group The default gateway of a participating host is assigned to the virtual router instead of a physical router If the physical router that is routing packets on behalf of the virtual router fails another physical router is selected to automa...

Page 152: ... gateway At first stage all data from the Intranet go through the master gateway that has the highest priority Once the master Internet connection is broken the backup gateway will take over the data transmitting job and serve as the master gateway When a gateway with higher priority recovers from broken connection it will take over data transmitting again VRRP Setting The Virtual Router Redundanc...

Page 153: ...2 A Must filled setting Specify the Priority of Virtual Server on VRRP of the gateway Value Range 1 254 and 254 is the highest priority Virtual Server IP Address 1 IPv4 Format 2 A Must filled setting Specify the Virtual Server IP Address on VRRP of the gateway Save N A Click the Save button to save the configuration Undo N A Click the Undo button to restore what you just configured back to the pre...

Page 154: ...escription Item Value setting Description Add N A Click the Add button to configure time schedule rule Delete N A Click the Delete button to delete selected rule s When Add button is applied Time Schedule Configuration and Time Period Definition screens will appear Time Schedule Configuration Item Value Setting Description Rule Name String any text Set rule name Rule Policy Default Inactivate Inac...

Page 155: ...Select everyday or one of weekday Start Time Time format hh mm Start time in selected weekday End Time Time format hh mm End time in selected weekday Save N A Click Save to save the settings Undo N A Click Undo to cancel the settings Refresh N A Click the Refresh button to refresh the time schedule list 155 ...

Page 156: ...Industry Cellular Gateway 3 2 User not supported Not supported feature for the purchased product leave it as blank 156 ...

Page 157: ...chased product When Add button is applied Host Group Configuration screen will appear Host Group Configuration Item Value setting Description Group Name 1 String format can be any text 2 A Must filled setting Enter a group name for the rule It is a name that is easy for you to understand Group Type 1 IP Address based is selected by default 2 A Must filled setting Select the group type for the host...

Page 158: ... members to the group one by one Member List NA This field will indicate the hosts members contained in the group Bound Services The boxes are unchecked by default Binding the services that the host group can be applied If you enable the Firewall the produced group can be used in firewall service Same as by enable QoS or other available service types Note The supported service type can be differen...

Page 159: ...nal Server Go to Object Definition External Server External Server tab The External Server setting allows user to add external server Create External Server When Add button is applied External Server Configuration screen will appear 159 ...

Page 160: ...ault 1 The values must be between 1 and 60 Idle Timeout By default 1 The values must be between 1 and 15 Secondary Shared Key String format any text Authentication Protocol By default CHAP is selected Session Timeout By default 1 The values must be between 1 and 60 Idle Timeout By default 1 The values must be between 1 and 15 Active Directory Server A Must filled setting When Active Directory Serv...

Page 161: ... for the external server Server Port A Must filled setting Specify the Port used for the external server If you selected a certain server type the default server port number will be set For Email Server 25 will be set by default For Syslog Server port 514 will be set by default For RADIUS Server port 1812 will be set by default For Active Directory Server port 389 will be set by default For LDAP S...

Page 162: ...ers endorsements whom the person examining the certificate might know and trust The device also plays as a CA role Certificates are an important component of Transport Layer Security TLS sometimes called by its older name SSL where they prevent an attacker from impersonating a secure website or other server They are also used in other important applications such as email encryption and code signin...

Page 163: ...ntifier in the signature algorithm identifier of certificates Subject Name A Must filled setting This field is to specify the information of certificate Country C is the two letter ISO code for the country where your organization is located State ST is the state where your organization is located Location L is the location where your organization is located Organization O is the name of your organ...

Page 164: ...Automatically re enroll aging certificates The box is unchecked by default When SCEP is activated check the Enable box to activate this function It will be automatically check which certificate is aging If certificate is aging it will activate SCEP function to re enroll automatically Save N A Click Save to save the settings Undo N A Click Undo to cancel the settings 164 ...

Page 165: ... Clients In addition since it has the root CA it also can sign Certificate Signing Requests CSR to form corresponding certificates for others These certificates can be used for two remote peers to make sure their identity during establishing a VPN tunnel Scenario Description Gateway 1 generates the root CA and a local certificate HQCRT signed by itself Import a trusted certificate BranchCRT a Bran...

Page 166: ...ct Name Country C TW State ST Taiwan Location L Tainan Organization O AMITHQ Organization Unit OU HQRD Common Name CN HQRootCA E mail hqrootca amit com tw Configuration Path My Certificate Local Certificate Configuration Name HQCRT Self signed Key Key Type RSA Key Length 1024 bits Subject Name Country C TW State ST Taiwan Location L Tainan Organization O AMITHQ Organization Unit OU HQRD Common Nam...

Page 167: ...ctions to complete the whole user scenario Use default value for those parameters that are not mentioned in the tables Configuration Path My Certificate Local Certificate Configuration Name BranchCRT Self signed Key Key Type RSA Key Length 1024 bits Subject Name Country C TW State ST Taiwan Location L Tainan Organization O AMITBranch Organization Unit OU BranchRD Common Name CN BranchCRT E mail br...

Page 168: ...1 interface They both serve as the NAT security gateways Gateway 1 generates the root CA and a local certificate HQCRT that is signed by itself Import the certificates of the root CA and HQCRT into the Trusted CA Certificate List and Trusted Client Certificate List of Gateway 2 Gateway 2 generates a Certificate Signing Request BranchCSR for its own certificate BranchCRT Please generate one not sel...

Page 169: ...cates or CSRs for representing the gateway The Local Certificate Configuration window can let you fill required information necessary for corresponding certificate to be generated by itself or corresponding CSR to be signed by other CAs Create Local Certificate When Add button is applied Local Certificate Configuration screen will appear The required information to be filled for the certificate or...

Page 170: ...ra Attributes A Must filled setting This field is to specify the extra information for generating a certificate Challenge Password for the password you can use to request certificate revocation in the future Unstructured Name for additional information SCEP Enrollment A Must filled setting This field is to specify the information of SCEP If user wants to generate a certificate signing request CSR ...

Page 171: ...ng format can be any text 2 A Must filled setting This is an alternative approach to import a certificate You can directly fill in Copy and Paste the PEM encoded certificate string and click the Apply button to import the specified certificate to the gateway Apply N A Click the Apply button to import the certificate Cancel N A Click the Cancel button to discard the import operation and the screen ...

Page 172: ...an be used for two remote peers to make sure their identity during establishing a VPN tunnel Scenario Description same as the one described in My Certificate section Gateway 1 generates the root CA and a local certificate HQCRT signed by itself Import a trusted certificate BranchCRT a BranchCSR certificate of Gateway 2 signed by root CA of Gateway 1 Gateway 2 creates a CSR BranchCSR to let the roo...

Page 173: ...up for the whole user scenario Configuration Path Trusted Certificate Trusted CA Certificate List Command Button Import Configuration Path Trusted Certificate Trusted CA Certificate Import from a File File HQRootCA crt Configuration Path Trusted Certificate Trusted Client Certificate List Command Button Import Configuration Path Trusted Certificate Trusted Client Certificate Import from a File Fil...

Page 174: ...the Gateway 1 and the Local Certificate List of the Gateway 2 For more details refer to the Network B operation procedure in My Certificate section of this manual Gateway 2 can establish an IPSec VPN tunnel with Site to Site scenario and IKE and X 509 protocols to Gateway 1 Finally the client hosts in two subnets of 10 0 75 0 24 and 10 0 76 0 24 can communicate with each other 174 ...

Page 175: ... import the specified CA certificate file to the gateway Import from a PEM 1 String format can be any text 2 A Must filled setting This is an alternative approach to import a CA certificate You can directly fill in Copy and Paste the PEM encoded CA certificate string and click the Apply button to import the specified CA certificate to the gateway Apply N A Click the Apply button to import the cert...

Page 176: ... CA Identifier 1 String format can be any text Fill in optional CA Identifier to identify which CA could be used for signing certificates Save N A Click Save to save the settings Close N A Click the Close button to return to the Trusted Certificates page Import Trusted Client Certificate When Import button is applied a Trusted Client Certificate Import screen will appear You can import a Trusted C...

Page 177: ...d Client Key When Import button is applied a Trusted Client Key Import screen will appear You can import a Trusted Client Key from an existed file or directly paste a PEM encoded string as the key Trusted Client Key List Item Value setting Description Import from a File A Must filled setting Select a certificate key file from user s computer and click the Apply button to import the specified key f...

Page 178: ...e Usage Scenario Scenario Application Timing same as the one described in My Certificate section When the enterprise gateway owns the root CA and VPN tunneling function it can generate its own local certificates by being signed by itself Also imports the trusted certificates for other CAs and Clients These certificates can be used for two remote peers to make sure their identity during establishin...

Page 179: ... is the gateway of Network A in headquarters and the subnet of its Intranet is 10 0 76 0 24 It has the IP address of 10 0 76 2 for LAN interface and 203 95 80 22 for WAN 1 interface The Gateway 2 is the gateway of Network B in branch office and the subnet of its Intranet is 10 0 75 0 24 It has the IP address of 10 0 75 2 for LAN interface and 118 18 81 33 for WAN 1 interface They both serve as the...

Page 180: ... Item Value setting Description Certificate Signing Request CSR Import from a File A Must filled setting Select a certificate signing request file you re your computer for importing to the gateway Certificate Signing Request CSR Import from a PEM 1 String format can be any text 2 A Must filled setting Enter copy paste the certificate signing request PEM encoded certificate to the gateway Sign N A ...

Page 181: ...er for the serial port The number of ports and type of the supported protocols could be different for the purchased gateway model Port Configuration Setting Go to Field Communication Bus Protocol Port Configuration tab In Port Configuration page there is only one configuration window for the serial port settings The Configuration window can let you specify serial port parameters including the oper...

Page 182: ...environment The longer cable the lower baud rate for it Data Bits 8 is set by default Select 8 or 7 for data bits Stop Bits 1 is set by default Select 1 or 2 for stop bits Flow Control None is set by default Select None RTS CTS DTS DSR for Flow Control in RS 232 mode The supporting of Flow Control depends on the purchased model Parity None is set by default Select None Even Odd for Parity bit Acti...

Page 183: ...d RFC2217 modes for remote accessing the connected serial device These operation modes are illustrated as below TCP Client Mode When the administrator expects the gateway to actively establish a TCP connection to a pre defined host computer when serial data arrives the operation mode for the Virtual COM function is required to be TCP Client and when the connection control of virtual COM is On dema...

Page 184: ...the TCP connection will be automatically disconnected from the host computer by using the TCP alive check timeout or idle timeout settings UDP Mode If both the Remote Host Computer and the serial device are expected to initiate a data transfer when it requires doing that the operation mode for the Virtual COM function in the gateway is required to be UDP In this mode the UDP data can be transferre...

Page 185: ...ted it is required to specify the IP address of the host computers to establish connection with Any 3rd party driver supporting RFC2217 can be used to install in the host computer the driver establishes a transparent connection between host and serial device by mapping the IP Port of the gateway s serial port to a virtual local COM port on the host computer The host computer can directly send data...

Page 186: ...ay also enable full time connection with the TCP server Enable TCP Client Mode Window Item Value setting Description Operation Mode A Must filled setting Select TCP Client Connection Control Always on is set by default Choose Always on for a TCP full time connection Otherwise choose On Demand to initiate TCP connection only when required to transmit and disconnect at idle timeout Connection Idle T...

Page 187: ...Industry Cellular Gateway 187 ...

Page 188: ...eout Transmit 1 An optional filled setting 2 Default value is 0 Enter the data timeout interval for transmitting serial data through the port By default it is set to 0 and the timeout function is disabled Value Range 0 1000ms Save N A Click the Save button to save the configuration Specify Remote TCP Server Specify TCP Server Window Item Value setting Description To Remote Host A Must filled setti...

Page 189: ... Allow All to allow any TCP clients to connect Otherwise choose Specific IP to limit certain TCP clients Max Connection 1 Max 128 connections 2 1 is set by default Set the maximum number of concurrent TCP connections Up to 128 simultaneous TCP connections can be established Value Range 1 128 Connection Idle Timeout 1 0 is set by default 2 Range 0 to 3600 sec Enter the idle timeout in minutes The i...

Page 190: ...lt Check the box to specify the rule for selected Serial Port Definition Enable The box is unchecked by default Check the Enable box to enable the rule Save N A Click Save to save the settings Undo N A Click Undo to cancel the settings Enable UDP Mode UDP User Datagram Protocol enables applications using UDP socket programs to communicate with the serial ports on the serial server The UDP mode pro...

Page 191: ...o cancel the settings Specify Remote UDP Specify Remote UDP hosts Window Item Value setting Description Host A Must filled setting Press Edit button to enter IP address range of remote UDP hosts Remote Port 4001 is set by default Indicate the UDP port of peer UDP hosts Value Range 1 65535 Serial Port SPort 0 is set by default Apply the UDP hosts for a selected serial port Up to 4 UDP servers can b...

Page 192: ...o connect Otherwise choose Specific IP to limit certain clients Connection Idle Timeout 1 0 is set by default 2 Range 0 to 3600 sec Enter the idle timeout in minutes The idle timeout is used to disconnect the TCP connection when idle time elapsed Idle timeout is only available when On Demand is selected in the Connection Control field Value Range 0 3600 seconds Alive Check Timeout 1 0 is set by de...

Page 193: ...FC 2217 Clients for Access Window Item Value setting Description Host A Must filled setting Enter the IP address range of allowed clients Serial Port The box is unchecked by default Check the box to specify the rule for selected Serial Port Definition Enable The box is unchecked by default Check the Enable box to enable the rule Save N A Click Save to save the settings Undo N A Click Undo to cance...

Page 194: ...instruments over RS 485 without additional programming or effort NOTE When Modbus devices are connected to under the same serial port of IoT Modbus Gateway those Modbus devices must use the same protocol with the same configuration i e either Modbus RTU or Modbus ASCII with same Baud Rate setting Modbus Gateway Scenario The IoT Gateway serves as a Modbus gateway to communicate with the Modbus TCP ...

Page 195: ... status like Cellular Network Status device DI DO status to remote Modbus Master via Modbus communication With the Slave option enabled the Modbus Master device can request the information or sending control commands to the IoT Gateway the Modbus TCP RTU Slave device And IoT Gateway executes corresponding processes and replies the Modbus Master devices 195 ...

Page 196: ...ted serial port It can be Disable Serial as Slave or Serial as Master A serial port can be attached with one Modbus Master or daisy chained a group of Modbus Salve devices Disable Select this to disable the respective Modbus gateway function for the selected serial port Serial as Slave Select this when the attached serial device s are all Modbus Slave devices Serial as Master Select this when the ...

Page 197: ...ms is set by default This sets the response timeout of the slave after master request sent If the slave does not response within the specified time data would be discarded This applies to the serially attached Master sent request over to the remote Slave or requests send from the remote Master sent to the serially attached Slave Value Range 1 65535 Timeout Retries 0 is set by default If the slave ...

Page 198: ...ccess to the Modbus gateway Besides it also allows user to specify authorized masters on the TCP network Item Value setting Description TCP Connection Idle Time 1 300 is set by default 2 Range 1 to 65535 Enter the idle timeout in seconds If the gateway does not receive another TCP request before the idle timeout elapsed the TCP session will be terminated automatically Value Range 1 65535 Maximum T...

Page 199: ...attached Slave s Note group must be pre defined before this selection become available Refer to Object Definition Grouping Host grouping You may also access to create a group by the Add Rule shortcut button Setting done through the Add Rule button will also appear in the Host grouping setting screen Then check Enable box to enable this rule Enable Unchecked by default Check the Enable box to enabl...

Page 200: ...h given priority The Modbus Master requests can be buffered to a certain priority queue according to the Master s IP address if requests are coming from remote Master or the remote Slave s device ID if requests are coming from serially attached Master or the specific Function Code that issued by Master Enable Unchecked by default Check the Enable box to enable the priority settings Save N A Click ...

Page 201: ...t In addition to specify the Slave IP and Port for accessing those Remote Modbus RTU Salve s located behind another Modbus Gateway user has to specify the Modus ID range of the Modbus RTU Slave s Value Range 1 247 Enable It is unchecked by default Check the Enable box to enable this rule Save N A Click the Save button to save the settings 201 ...

Page 202: ...2 Connected 3 Disconnecting 5 Wait for Traffic 6 Diconnected 3 WAN 4 Connection Status R 0 6 0 Disconnected 1 Connecting 2 Connected 3 Disconnecting 5 Wait for Traffic 6 Diconnected 10 3G 4G_SERVICE_TYPE R 0 7 0 2G 1 none 2 3G 3 3 5G 4 6 3 75G 7 LTE 11 3G 4G_LINK_STATUS R 0 6 0 Disconnected 1 Connecting 2 Connected 3 Disconnecting 5 Wait for Traffic 6 Diconnected 12 3G 4G_SIGNAL_STRENGTH R 0 100 1...

Page 203: ...nected 2 Wait for traffic 3 Disconnected 9 Connecting 104 VPN IPSec tunnel 4 status R 1 Connected 2 Wait for traffic 3 Disconnected 9 Connecting 105 VPN IPSec tunnel 5 status R 1 Connected 2 Wait for traffic 3 Disconnected 9 Connecting 106 VPN IPSec tunnel 6 status R 1 Connected 2 Wait for traffic 3 Disconnected 9 Connecting 107 VPN IPSec tunnel 7 status R 1 Connected 2 Wait for traffic 3 Disconne...

Page 204: ... 232 3 RS 485 212 Serial Port 1_Baud Rate R Baud Rate Value 213 Serial Port 1_Data Bits R 7 or 8 214 Serial Port 1_Stop Bits R 1 or 2 215 Serial Port 1_Flow Control R 0 None 2 RTS CTS 3 DTR DSR 216 Serial Port 1_Parity R 0 None 1 Odd 2 Even 221 Serial Port 2_Interface R 1 RS 232 3 RS 485 222 Serial Port 2_Baud Rate R Baud Rate Value 223 Serial Port 2_Data Bits R 7 or 8 224 Serial Port 2_Stop Bits ...

Page 205: ...g the collected data in local storage in CSV file format When the network connection recovered admin user can download the data log files manually via FTP or web UI for further reference and maintenance The Modbus Cellular Gateway provides a complete data logging function for collecting the Modbus transaction data for application requirements There are some data logging schemes to meet different m...

Page 206: ...eep its data acquisition process and if required the administrator can also get the stored data log files to tell if everything goes well or not Under the Data Logging Proxy mode user has to create some data acquisition rules via Proxy Mode Rule Configuration for collecting the Slave devices data by the Gateway when required Once the network connection to remote SCADA was lost unexpectedly the Dat...

Page 207: ...g proxy function and execute the pre defined data acquisition task by itself The Modbus request issued by the Modbus Gateway Data Logging Proxy The response data that sent out from the polled Slave device ID 3 Repeat above data acquisition and data logging activities on every 5 sec interval until the connection recovered IP 172 16 99 160 207 ...

Page 208: ...nal or Internal depends on the product specification Save NA Click the Save button to save the settings Note 1 If there is no available storage device the Enable checkbox will be grayed and you can t enable it for the data logging That is if you selected External Storage plug in the storage first and then enable the function and also make the required configuration 2 Make sure the Modbus Operation...

Page 209: ...Specify a certain read function for the Data Logging Proxy to issue and record the responses from device s Start Address 1 A Must filled setting 2 Range 0 to 65535 Specify the Start Address of registers to apply with the specified function code Value Range 0 65535 Number of Coils Registers 1 A Must filled setting 2 Range 1 to 125 Specify the number of coils registers to apply with the specified fu...

Page 210: ...f the data logging rule Value Range 1 16 characters Mode Sniffer is selected by default Select an expected data logging scheme for the data logging rule There are five available schemes Sniffer The Modbus gateway will record all the Modbus transcations between the Master and Slave devices Off Line Proxy When the connection between the Modbus gateway and Master is lost the pre defined proxy rule wi...

Page 211: ...us Master If no response from the master for the specified timeout setting selected proxy rule will be triggered and applied with the data logging rule Note If Off Line proxy scheme is selected the timeout setting will be used to check Otherwise it is a don t care value Proxy Rules An Optional setting Select the Proxy rule to be applied with the data logging rule Note If any proxy scheme is select...

Page 212: ...og File list screen The default Log File management settings will be applied if user didn t change it via the Edit button When the Edit button is applied Log File Configuration screen will appear Log File Configuration Item Value setting Description Name N A The name of corresponding data log rule will be displayed The default log file name will be named as Name_yyyyMMddHHmmSS csv File Content For...

Page 213: ...e File After Upload 1 An Optional filled setting 2 The box is unchecked by default If Auto Upload is activated user can further specify whether to delete the transferred log from the gateway storage or not Check the Enable button to activate the function When Storage Full Remove the Oldest is selected by default Specify the operation to take when the storage is full It can be Remove the Oldest log...

Page 214: ...int connection through the use of dedicated connections encryption or a combination of the two The tunnel technology supports data confidentiality data origin authentication and data integrity of network information by utilizing encapsulation protocols encryption algorithms and hashing algorithms The product series supports different tunneling technologies to establish secure tunnels between multi...

Page 215: ... responder This gateway can be configured as different roles and establish number of tunnels with various remote devices Before going to setup the VPN connections you may need to decide the scenario type for the tunneling IPSec Tunnel Scenarios To build IPSec tunnel you need to fill in remote gateway global IP and optional subnet if the hosts behind IPSec peer can access to remote site or hosts Un...

Page 216: ...cess and Internet access you can just enable the Full Tunnel setting As a result every time users surfs web or searching data on Internet checking personal emails or HQ server access all traffics will go through the secure IPSec tunnel and route by the Security Gateway in control center Site to Site with Hub and Spoke mechanism For a control center to manage the secure Intranet among all its remot...

Page 217: ...er and it must have a Static IP or FQDN It can allow many VPN clients initiators to connect to with various tunnel scenarios In short with a simple Dynamic VPN server setting many VPN clients can connect to the server But in comparison to the Hub and Spoke mechanism it is not allowed to directly communicate between any two clients via the Dynamic VPN server For the purchased gateway you can config...

Page 218: ... on Product specification The specified value will limit the maximum number of simultaneous IPSec tunnel connection The default value can be different for the purchased model Save N A Click Save to save the settings Undo N A Click Undo to cancel the settings Create Edit IPSec tunnel Ensure that the IPSec enable box is checked to enable before further configuring the IPSec tunnel settings When Add ...

Page 219: ...erence among them is the number of subnets With Host to Host IPSec operates in transport mode Tunel TCP MSS 1 An optional setting 2 Auto is set by default Select from the dropdown box to define the size of Tunel TCP MSS Select Auto and all devices will adjust this parameter automatically Select Manual and specify an expected vaule for Tunel TCP MSS Value Range 64 1500 bytes Hub and Spoke 1 An opti...

Page 220: ...ly one subnet available Note_2 When Host to Site or Host to Host option in Tunnel Scenario is selected Local Subnet will not be available Note_3 When Hub and Spoke option in Hub and Spoke is selected there will be only one subnet available Redirect Traffic Unchecked by default Click Enable box to activate the Redirect Traffic function Note Redirect Traffic is available only for Host to Site specif...

Page 221: ...d utility Manually user needs to enter key ID to authenticate Manual key configuration will be explained in the following Manual Key Management section Local ID An optional setting Specify the Local ID for this IPSec tunnel to authenticate Select User Name for Local ID and enter the username The username may include but can t be all numbers Select FQDN for Local ID and enter the FQDN Select User F...

Page 222: ...t Server Client or None Selected None no X Auth authentication is required Selected Server this gateway will be an X Auth server Click on the X Auth Account button to create remote X Auth client account Selected Client this gateway will be an X Auth client Enter User name and Password to be authenticated by the X Auth server gateway Note X Auth Client will not be available for Dynamic VPN option s...

Page 223: ...2 AES 256 Specify the Authentication method It can be None MD5 SHA1 SHA2 256 Specify the DH Group It can be None Group1 Group2 Group5 Group14 Group15 Group16 Group17 Group18 Check Enable box to enable this setting IPSec Phase Window Item Value setting Description Phase2 Key Life Time 1 A Must fill setting 2 28800s is set by default 3 Max 86400s Specify the Phase2 Key Life Time in second Value Rang...

Page 224: ...they are not available for AH Encapsulation Specify the PFS Group It can be None Group1 Group2 Group5 Group14 Group15 Group16 Group17 Group18 Click Enable to enable this setting Save N A Click Save to save the settings Undo N A Click Undo to cancel the settings Back N A Click Back to return to the previous page Manual Key Management When the Manually option is selected for Key Management as descri...

Page 225: ...e Configuration Window Item Value setting Description Local Subnet A Must fill setting Specify the Local Subnet IP address and Subnet Mask Local Netmask A Must fill setting Specify the Local Subnet Mask Remote Subnet A Must fill setting Specify the Remote Subnet IP address Remote Netmask A Must fill setting Specify the Remote Subnet Mask Remote Gateway 1 A Must fill setting 2 An IPv4 address or FQ...

Page 226: ... SHA1 SHA2 256 The key length for MD5 is 32 SHA1 is 40 and SHA2 256 is 64 Note When AH option in Encapsulation Protocol is selected None option in Authentication will not be available Save N A Click Save to save the settings Undo N A Click Undo to cancel the settings Back N A Click Back to return to the previous page Create Edit Dynamic VPN Server List Similar to create an IPSec VPN Tunnel for sit...

Page 227: ...o is fixed to Dynamic VPN Operation Mode 1 A Must fill setting 2 Alway on is selected by default The available operation mode is Always On Failover option is not available for the Dynamic IPSec scenario Encapsulation Protocol 1 A Must fill setting 2 ESP is selected by default Select the Encapsulation Protocol from the dropdown box for this IPSec tunnel Available encapsulations are ESP and AH Local...

Page 228: ...Remote ID An optional setting Specify the Remote ID for this IPSec tunnel to authenticate Select User Name for Remote ID and enter the username The username may include but can t be all numbers Select FQDN for Local ID and enter the FQDN Select User FQDN for Remote ID and enter the User FQDN Select Key ID for Remote ID and enter the Key ID English alphabet or number Note Remote ID will be not avai...

Page 229: ... features to meet different application requirements There are two OpenVPN connection scenarios They are the TAP and TUN scenarios The product can create either a layer 3 based IP tunnel TUN or a layer 2 based Ethernet TAP that can carry any type of Ethernet traffic In addition to configuring the device as a Server or Client you have to specify which type of OpenVPN connection scenario is to be ad...

Page 230: ...de the VPN client is given an IP address on the same subnet as the LAN resided under the OpenVPN server Under such configuration the OpenVPN client can directly access to the resources in LAN If you want to offer remote access to the entire remote LAN for VPN client s you have to setup OpenVPN in TAP bridge mode As shown in the diagram the M2M IoT Gateway is configured as an OpenVPN TAP Client and...

Page 231: ...t for the gateway to operate Configuration Item Value setting Description OpenVPN The box is unchecked by default Check the Enable box to activate the OpenVPN function Server Client Server Configuration is selected by default When Server is selected as the name indicated server configuration will be displayed below for further setup When Client is selected you can specify the client settings in an...

Page 232: ...ll appear OpenVPN Server Configuration window can let you enable the OpenVPN server function specify the virtual IP address of OpenVPN server when remote OpenVPN clients dial in and the authentication protocol The OpenVPN Server supports up to 4 TUN TAP tunnels at the same time OpenVPN Server Configuration 232 ...

Page 233: ...ocal Endpoint IP Address Remote Endpoint IP Address and Static Key will be displayed Note Static Key will be available only when TUN is chosen in Tunnel Scenario Local Endpoint IP Address A Must filled setting Specify the virtual Local Endpoint IP Address of this OpenVPN gateway Value Range The IP format is 10 8 0 x the range of x is 1 254 Note Local Endpoint IP Address will be available only when...

Page 234: ...fault Gateway function Encryption Cipher 1 A Must filled setting 2 By default Blowfish is selected Specify the Encryption Cipher from the dropdown list It can be Blowfish AES 256 AES 192 AES 128 None Hash Algorithm By default SHA 1 is selected Specify the Hash Algorithm from the dropdown list It can be SHA 1 MD5 MD4 SHA2 256 SHA2 512 None Disable LZO Compression By default Adaptive is selected Spe...

Page 235: ... Note TLS Auth Key will be available only when TLS is chosen in Authorization Mode Client to Client The box is checked by default Check the Enable box to enable the traffics among different OpenVPN Clients Note Client to Client will be available only when TLS is chosen in Authorization Mode Duplicate CN The box is checked by default Check the Enable box to activate the Duplicate CN function Note D...

Page 236: ... is chosen in Protocol CCD Dir Default File 1 An Optional setting 2 String format any text Specify the CCD Dir Default File Value Range 0 256 characters Client Connection Script 1 An Optional setting 2 String format any text Specify the Client Connection Script Value Range 0 256 characters Additional Configuration 1 An Optional setting 2 String format any text Specify the Additional Configuration ...

Page 237: ...s applied OpenVPN Client Configuration screen will appear OpenVPN Client Configuration window let you specify the required parameters for an OpenVPN VPN client such as OpenVPN Client Name Interface Protocol Tunnel Scenario Remote IP FQDN Remote Subnet Authorization Mode Encryption Cipher Hash Algorithm and tunnel activation 237 ...

Page 238: ... and specify Remote Subnet of the peer OpenVPN Server for this OpenVPN Client tunnel Fill in the remote subnet address and remote subnet mask Redirect Internet Traffic 1 An Optional setting 2 The box is unchecked by default Check the Enable box to activate the Redirect Internet Traffic function NAT 1 An Optional setting 2 The box is unchecked by default Check the Enable box to activate the NAT fun...

Page 239: ... Hash Algorithm It can be SHA 1 MD5 MD4 SHA2 256 SHA2 512 None Disable LZO Compression By default Adaptive is selected Specify the LZO Compression scheme It can be Adaptive YES NO Default Persis Key 1 An Optional setting 2 The box is checked by default Check the Enable box to activate the Persis Key function Persis Tun 1 An Optional setting 2 The box is checked by default Check the Enable box to a...

Page 240: ...ify the TLS Cipher from the dropdown list It can be None TLS RSA WITH RC4 MD5 TLS RSA WITH AES128 SHA TLS RSA WITH AES256 SHA TLS DHE DSS AES128 SHA TLS DHE DSS AES256 SHA Note TLS Cipher will be available only when TLS is chosen in Authorization Mode TLS Auth Key 1 An Optional setting 2 String format any text Specify the TLS Auth Key for connecting to an OpenVPN server if the server required it N...

Page 241: ...agment The value is 1500 by default Specify the value of Tunnel UDP Fragment Value Range 0 1500 Note Tunnel UDP Fragment will be available only when UDP is chosen in Protocol Tunnel UDP MSS Fix The box is unchecked by default Check the Enable box to activate the Tunnel UDP MSS Fix function Note Tunnel UDP MSS Fix will be available only when UDP is chosen in Protocol nsCerType Verification The box ...

Page 242: ...unnels It also maintains User Account list user name password for client login authentication There is a virtual IP pool to assign virtual IP to each connected L2TP client L2TP Client It can be mobile users or gateways in remote offices with dynamic IP To setup tunnel it should get user name password and server s global IP In addition it is required to identify the operation mode for each tunnel a...

Page 243: ...transferred based on current routing policy of the gateway at L2TP client peer But if you entered 0 0 0 0 0 in the Remote Subnet field it will be treated as a Default Gateway setting for the L2TP client peer all packets including the Internet accessing of L2TP client peer will go through the established L2TP tunnel That means the remote L2TP server peer controls the flow of any packets from the L2...

Page 244: ...2TP Unchecked by default Click the Enable box to activate L2TP function Client Server A Must filled setting Specify the role of L2TP Select Server or Client role your gateway will take Below are the configuration windows for L2TP Server and for Client Save N A Click Save button to save the settings As a L2TP Server When select Server in Client Server the L2TP server Configuration will appear 244 ...

Page 245: ...to L2TP client Value Range Starting Address and Starting Address 8 or 254 Authentication Protocol A Must filled setting Select single or multiple Authentication Protocols for the L2TP server with which to authenticate L2TP clients Available authentication protocols are PAP CHAP MS CHAP MS CHAP v2 MPPE Encryption A Must filled setting Specify whether to support MPPE Protocol Click the Enable box to...

Page 246: ...he enable box to enable the user Click Save button to save new user account The selected user account can permanently be deleted by clicking the Delete button Value Range 1 32 characters As a L2TP Client When select Client in Client Server a series L2TP Client Configuration will appear L2TP Client Configuration Item Setting Value setting Description L2TP Client The box is unchecked by default Chec...

Page 247: ... You can add up to 8 L2TP Clients L2TP Client Configuration Item Setting Value setting Description Tunnel Name A Must filled setting Enter a tunnel name Enter a name that is easy for you to identify Value Range 1 32 characters Interface A Must filled setting Define the selected interface to be the used for this L2TP tunnel 247 ...

Page 248: ...rver The Remote Subnet format must be IP address netmask e g 10 0 0 2 24 It is for the Intranet of L2TP VPN server So at L2TP client peer the packets whose destination is in the dedicated subnet will be transferred via the L2TP VPN tunnel Others will be transferred based on current routing policy of the security gateway at L2TP client peer If you entered 0 0 0 0 0 in the Remote Subnet field it wil...

Page 249: ...e system determines the service port 1701 for Cisco The system use port 1701 for connecting with CISCO L2TP Server User defined Enter the service port The default value is 0 Value Range 0 65535 Tunnel Unchecked by default Check the Enable box to enable this L2TP tunnel Save N A Click Save button to save the settings Undo N A Click Undo button to cancel the settings Back N A Click Back button to re...

Page 250: ...s of the Windows PPTP stack The security gateway can play either PPTP Server role or PPTP Client role for a PPTP VPN tunnel or both at the same time for different tunnels PPTP tunnel process is nearly the same as L2TP PPTP Server It must have a static IP or a FQDN for clients to create PPTP tunnels It also maintains User Account list user name password for client login authentication There is a vi...

Page 251: ... Remote Subnet item is required It is for the Intranet of PPTP server peer So at PPTP client peer the packets whose destination is in the dedicated subnet will be transferred via the PPTP tunnel Others will be transferred based on current routing policy of the gateway at PPTP client peer But if you entered 0 0 0 0 0 in the Remote Subnet field it will be treated as a Default Gateway setting for the...

Page 252: ... box to activate PPTP function Client Server A Must fill setting Specify the role of PPTP Select Server or Client role your gateway will take Below are the configuration windows for PPTP Server and for Client Save N A Click Save button to save the settings As a PPTP Server The gateway supports up to a maximum of 10 PPTP user accounts When Server in the Client Server field is selected the PPTP serv...

Page 253: ...he last IP address for the subnet from which the PPTP client s IP address will be assigned Value Range Starting Address and Starting Address 8 or 254 Authentication Protocol 1 A Must fill setting 2 Unchecked by default Select single or multiple Authentication Protocols for the PPTP server with which to authenticate PPTP clients Available authentication protocols are PAP CHAP MS CHAP MS CHAP v2 MPP...

Page 254: ...e button to save new user account The selected user account can permanently be deleted by clicking the Delete button Value Range 1 32 characters As a PPTP Client When select Client in Client Server a series PPTP Client Configuration will appear PPTP Client Configuration Item Value setting Description PPTP Client Unchecked by default Check the Enable box to enable PPTP client role of the gateway Sa...

Page 255: ...further select a primary tunnel from which to failover to Note Failover mode is not available for the gateway with single WAN Remote IP FQDN 1 A Must fill setting 2 Format can be a ipv4 address or FQDN Enter the public IP address or the FQDN of the PPTP server User Name A Must fill setting Enter the User Name for this PPTP tunnel to be authenticated when connect to PPTP server Value Range 1 32 cha...

Page 256: ...CHAP MS CHAP MS CHAP v2 MPPE Encryption 1 Unchecked by default 2 an optional setting Specify whether PPTP server supports MPPE Protocol Click the Enable box to enable MPPE Note when MPPE Encryption is enabled the Authentication Protocol PAP CHAP options will not be available LCP Echo Type Auto is set by default Specify the LCP Echo Type for this PPTP tunnel It can be Auto User defined or Disable A...

Page 257: ...ent or a server even using the same set of configuration rule GRE Tunnel Scenario To setup a GRE tunnel each peer needs to setup its global IP as tunnel IP and fill in the other s global IP as remote IP Besides each peer must further specify the Remote Subnet item It is for the Intranet of GRE server peer So at GRE client peer the packets whose destination is in the dedicated subnet will be transf...

Page 258: ...RE Enable GRE Window Item Value setting Description GRE Tunnel Unchecked by default Click the Enable box to enable GRE function Max Concurrent GRE Tunnels Depends on Product specification The specified value will limit the maximum number of simultaneous GRE tunnel connection The default value can be different for the purchased model Save N A Click Save button to save the settings Undo N A Click Un...

Page 259: ...s On or Failover If this tunnel is set as a failover tunnel you need to further select a primary tunnel from which to failover to Note Failover mode is not available for the gateway with single WAN Tunnel IP An Optional setting Enter the Tunnel IP address and corresponding subnet mask Remote IP A Must fill setting Enter the Remote IP address of remote GRE tunnel gateway Normally this is the public...

Page 260: ...erver peer controls the flow of any packets from the GRE client peer Certainly those packets come through the GRE tunnel DMVPN Spoke Unchecked by default Specify whether the gateway will support DMVPN Spoke for this GRE tunnel Check Enable box to enable DMVPN Spoke IPSec Pre shared Key A Must fill setting Enter a DMVPN spoke authentication Pre shared Key 8 32 characters Note Pre shared Key is avai...

Page 261: ...Firewall The firewall functions include Packet Filter URL Blocking Content Filter MAC Control Application Filter IPS and some firewall options The supported function can be different for the purchased gateway 5 2 1 Packet Filter 261 ...

Page 262: ...e list Allow those match the following rules and define the rules Rule 1 is to allow HTTP packets to pass and Rule 2 is to allow HTTPS packets to pass Under such configuration the gateway will allow only HTTP and HTTPS packets issued from the IP range 192 168 123 200 to 250 which are targeted to TCP port 80 or 443 to pass the WAN interface Packet Filter Setting Go to Security Firewall Packet Filte...

Page 263: ...d Log Alert The box is unchecked by default Check the Enable box to activate Event Log Save N A Click Save to save the settings Undo N A Click Undo to cancel the settings Create Edit Packet Filter Rules The gateway allows you to customize your packet filtering rules It supports up to a maximum of 20 filter rule sets When Add button is applied Packet Filter Rule Configuration screen will appear Pac...

Page 264: ... before this option become available Refer to Object Definition Grouping Host grouping You may also access to create a group by the Add Rule shortcut button Destination IP 1 A Must filled setting 2 By default Any is selected This field is to specify the Destination IP address Select Any to filter packets that are entering to any IP addresses Select Specific IP Address to filter packets entering to...

Page 265: ...otherwise select User defined Service and specify a port range Then for Destination Port select a predefined port dropdown box when Well known Service is selected otherwise select User defined Service and specify a port range Value Range 1 65535 for Source Port Destination Port For Protocol select GRE to filter GRE packets For Protocol select ESP to filter ESP packets For Protocol select SCTP to f...

Page 266: ... listed in the rule list will be blocked if one pattern in the requests matches to one rule Other Web requests can pass through the gateway In contrast when you choose Deny all to pass except those match the following rules for the URL Blocking Rule List you are setting the defined packet filtering rules to belong to the white list The Web requests listed in the rule will be allowed if one pattern...

Page 267: ... Domain Name Keyword the destination service ports the integrated time schedule rule and the rule activation Enable URL Blocking Configuration Item Value setting Description URL Blocking The box is unchecked by default Check the Enable box to activate URL Blocking function Black List White List Deny those match the following rules is set by default Specify the URL Blocking Policy either Black List...

Page 268: ... group must be pre defined before this option become available Refer to Object Definition Grouping Host grouping Source MAC 1 A Must filled setting 2 Any is set by default This field is to specify the Source MAC address Select Any to filter packets coming from any MAC addresses Select Specific MAC Address to filter packets coming from a MAC address entered in this field Select MAC Address based Gr...

Page 269: ...ific range of Ports entered in this field Time Schedule Rule A Must filled setting Apply a specific Time Schedule to this rule otherwise leave it as 0 Always If the dropdown list is empty ensure Time Schedule is pre configured Refer to Object Definition Scheduling Configuration tab Rule The box is unchecked by default Click the Enable box to activate this rule Save NA Click the Save button to save...

Page 270: ...C addresses he can use the MAC Control function to reject with the black list configuration MAC Control with Black List Scenario As shown in the diagram enable the MAC control function and specify the MAC Control Rule List is a black list and configure one MAC control rule for the gateway to deny the connection request from the JP NB with its own MAC address 20 6A 6A 6A 6A 6B System will block the...

Page 271: ... List Deny MAC Address Below is set by default When Deny MAC Address Below is selected as the name suggest packets specified in the rules will be blocked black listed In contrast with Allow MAC Address Below you can specifically white list the packets to pass and the rest will be blocked Log Alert The box is unchecked by default Check the Enable box to activate to activate Event Log Known MAC from...

Page 272: ...t is easy for you to remember MAC Address Use to Compose 1 MAC Address string Format 2 A Must fill setting Specify the Source MAC Address to filter rule Time Schedule A Must fill setting Apply Time Schedule to this rule otherwise leave it as 0 Always If the dropdown list is empty ensure Time Schedule is pre configured Refer to Object Definition Scheduling Configuration tab Enable The box is unchec...

Page 273: ...Industry Cellular Gateway 5 2 4 Content Filter not supported Not supported feature for the purchased product leave it as blank 273 ...

Page 274: ...Industry Cellular Gateway 5 2 5 Application Filter not supported Not supported feature for the purchased product leave it as blank 274 ...

Page 275: ...n about this activity attempt to block stop it and report it You can enable the IPS function and check the listed intrusion activities when needed You can also enable the log alerting so that system will record Intrusion events when corresponding intrusions are detected IPS Scenario As shown in the diagram the gateway serves as an E mail server Web Server and also provides TCP port 8080 for remote...

Page 276: ...iption IPS The box is unchecked by default Check the Enable box to activate IPS function Log Alert The box is unchecked by default Check the Enable box to activate to activate Event Log Save N A Click Save to save the settings Undo N A Click Undo to cancel the settings Setup Intrusion Prevention Rules The router allows you to select intrusion prevention rules you may want to enable Ensure that the...

Page 277: ...the traffic threshold in this field ICMP Flood Defense Click Enable box to activate this intrusion prevention rule and enter the traffic threshold in this field Value Range 10 10000 Port Scan Defection 1 A Must filled setting 2 The box is unchecked by default 3 Traffic threshold is set to 200 by default 4 The value range can be from 10 to 10000 Click Enable box to activate this intrusion preventio...

Page 278: ...s unchecked by default 3 Traffic threshold is set to 300 by default 4 The value range can be from 10 to 10000 Click Enable box to activate this intrusion prevention rule and enter the traffic threshold in this field Value Range 10 10000 Save NA Click Save to save the settings Undo NA Click Undo to cancel the settings 278 ...

Page 279: ...record the packet information like IP address port address ACK SEQ number and so on while they pass through the gateway and the gateway checks every incoming packet to detect if this packet is valid Discard Ping from WAN makes any host on the WAN side can t ping this gateway And finally Remote Administrator Hosts enables you to perform administration task from a remote host If this feature is enab...

Page 280: ...such packets from unknown users Discard Ping from WAN Remote Administrator Hosts Scenario Discard Ping from WAN makes any host on the WAN side can t ping this gateway reply any ICMP packets Enable the Discard Ping from WAN function to prevent security leak when local users surf the internet Remote administrator knows the gateway s global IP and he can access the Gateway GUI via TCP port 8080 Firew...

Page 281: ... router allows network administrator to manage router remotely The network administrator can assign specific IP address and service port to allow accessing the router Remote Administrator Host Definition Item Value setting Description Protocol HTTP is set by default Select HTTP or HTTPS method for router access IP A Must filled setting This field is to specify the remote host to assign access righ...

Page 282: ...his field is to specify a Service Port to HTTP or HTTPS connection Value Range 1 65535 Enabling the rule The box is unchecked by default Click Enable box to activate this rule Save N A Click Enable box to activate this rule then save the settings Undo N A Click Undo to cancel the settings 282 ...

Page 283: ... in practice computer systems Centralized management has a time and effort trade off that is related to the size of the company the expertise of the IT staff and the amount of technology being used This device supports many system management protocols such as Command Script TR 069 SNMP and Telnet with CLI You can setup those configurations in the Configure Manage section 283 ...

Page 284: ...to backup the existed command script in a txt file You can specify the script file name in Script Name below Upload Script N A Click the Via Web UI or Via Storage button to Upload the existed command script from a specified txt file Script Name 1 An Optional setting 2 Any valid file name Specify a script file name for script backup or display the selected upload script file name Value Range 0 32 c...

Page 285: ...iption OPENVPN_ENABLED 1 enable 0 disable Enable or disable OpenVPN Client function OPENVPN_DESCRIPTION A Must filled Setting Specify the tunnel name for the OpenVPN Client connection OPENVPN_PROTO udp tcp Define the Protocol for the OpenVPN Client Select TCP or TCP UDP The OpenVPN will use TCP protocol and Port will be set as 443 automatically Select UDP The OpenVPN will use UDP protocol and Port...

Page 286: ...s to the destination specified in PPP_PING_IPADDR PPP_PING_IPADDR IP Specify an IP address as the target for sending DNS query ICMP request PPP_PING_INTVL seconds Specify the time interval for between two DNS Query or ICMP checking packets STARTUP Script file For the configurations that can be configured with standard Linux commands you can put them in a script file and apply the script file with ...

Page 287: ...n text system config ex txtConfig disable run_immediately NA Apply the configuration content that has been committed in database ex txtConfig run_immediately run_immediately a existing file Assign a configuration file to apply ex txtConfig run_immediately tmp config 287 ...

Page 288: ...ISP or the ACS provider for help At the right upper corner of TR 069 Setting screen one Help command let you see the same message about that Scenario Managing deployed gateways through an ACS Server Scenario Application Timing When the enterprise data center wants to use an ACS server to manage remote gateways geographically distributed elsewhere in the world the gateways in all branch offices mus...

Page 289: ...ocedure In above diagram the ACS server can manage multiple gateways in the Internet The Gateway 1 is one of them and has 118 18 81 33 IP address for its WAN 1 interface When all remote gateways have booted up they will try to connect to the ACS server Once the connections are established successfully the ACS server can configure upgrade with latest FW and monitor these gateways Remote gateways in...

Page 290: ...ormation to login the ACS server the service port and the account information for connection requesting from the ACS server and the time interval for job inquiry Except the inquiry time there are no activities between the ACS server and the gateways until the next inquiry cycle But if the ACS server has new jobs that are expected to do by the gateways urgently it will ask these gateways by using c...

Page 291: ...an ask ACS manager provide ACS ConnectionRequest Port and manually set Value Range 0 65535 ConnectionRequest UserName A Must filled setting You can ask ACS manager provide ACS ConnectionRequest Username and manually set ConnectionRequest Password A Must filled setting You can ask ACS manager provide ACS ConnectionRequest Password and manually set Inform 1 The box is checked by default 2 The Interv...

Page 292: ... item Specify the IP address for the expected STUN Server Server Port 1 An optional setting 2 3478 is set by default Specify the port number for the expected STUN Server Value Range 1 65535 Keep Alive Period 1 An optional setting 2 0 is set by default Specify the keep alive time period for the connection with STUN Server Value Range 0 65535 Save N A Click Save to save the settings Undo N A Click U...

Page 293: ...t data on the managed systems as variables The protocol also permits active management tasks such as modifying and applying a new configuration through remote modification of these variables The variables accessible via SNMP are organized in hierarchies These hierarchies and other metadata such as type and description of the variable are described by Management Information Bases MIBs The device su...

Page 294: ...es but other remote NMS can t Parameter Setup Example Following tables list the parameter configuration as an example for the Gateway 1 in above diagram with SNMP enabling at LAN and WAN interfaces Use default value for those parameters that are not mentioned in the tables Configuration Path SNMP Configuration SNMP Enable LAN WAN Supported Versions v1 v2c v3 Get Set Community ReadCommunity WriteCo...

Page 295: ... configuring the Gateway 1 Only the UserName1 account can let the Gateway 1 accept the configuration from the NMS since the authority of the account is Read Write Once a managed device has an urgent event to send the device will issue a trap to the Trap Event Receivers The NMS itself could be one among them If you want to secure the transmitted SNMP commands and responses between the NMS and the m...

Page 296: ... host can access to the device By default All WANs is selected and there is no limitation for the WAN inferface Supported Versions 1 A Must filled setting 2 The boxes are unchecked by default Select the version for the SNMP When Check the v1 box It means you can access SNMP by version 1 When Check the v2c box It means you can access SNMP by version 2c When Check the v3 box It means you can access ...

Page 297: ...le Community Rule Configuration Item Value setting Description Community 1 Read Only is selected by default 2 A Must filled setting 3 String format any text Specify this version 1 or version v2c user s community that will be allowed Read Only GET and GETNEXT or Read Write GET GETNEXT and SET access respectively The maximum length of the community is 32 Enable 1 The box is checked by default Click ...

Page 298: ...version 3 user Value Range 1 32 characters Password 1 String format any text When your Privacy Mode is authNoPriv or authPriv you must specify the Password for this version 3 user Value Range 8 64 characters Authentication 1 None is selected by default When your Privacy Mode is authNoPriv or authPriv you must specify the Authentication types for this version 3 user Selected the authentication type...

Page 299: ...s 1 2 A Must filled setting 3 String format any legal OID The OID Filter Prefix restricts access for this version 3 user to the sub tree rooted at the given OID Value Range 1 2080768 Enable 1 The box is checked by default Click Enable to enable this version 3 user Save N A Click the Save button to save the configuration But it does not apply to SNMP functions When you return to the SNMP main page ...

Page 300: ... Rule Configuration Item Value setting Description Server IP 1 A Must filled setting 2 String format any IPv4 address or FQDN Specify the trap Server IP or FQDN The DUT will send trap to the server IP FQDN Server Port 1 String format any port number 2 The default SNMP trap port is 162 3 A Must filled setting Specify the trap Server Port You can fill in any port number But you must ensure the port ...

Page 301: ...s and encryption protocols Selected the authNoPriv You must specify the Authentication and Password Selected the authPriv You must specify the Authentication Password Encryption and Privacy Key Authentication 1 A v3 Must filled setting 2 None is selected by default When your Privacy Mode is authNoPriv or authPriv you must specify the Authentication types for this version 3 trap Selected the authen...

Page 302: ...tting 2 String format any text Specify the location information forMIB 2 system Value Range 0 64 characters Edit SNMP Options If you use some particular private MIB you must fill the enterprise name number and OID Options Item Value setting Description Enterprise Name 1 The default value is AMIT 2 A Must filled setting 3 String format any text Specify the Enterprise Name for the particular private...

Page 303: ...st filled setting 3 String format any legal OID Specify the Enterprise OID for the particular private MIB The range of the each OID number is 1 2080768 The maximum length of the enterprise OID is 31 The seventh number must be identical with the enterprise number Save N A Click the Save button to save the configuration and apply your changes to SNMP functions Undo N A Click the Undo button to cance...

Page 304: ...vice supports both Telnet and SSH Secure Shell CLI with default service port 23 and 22 respectively Telnet SSH Scenario Scenario Application Timing When the administrator of the gateway wants to manage it from remote site in the Intranet or Internet he may use Telnet with CLI function to do that by using Telnet or SSH utility Scenario Description The Local Admin or the Remote Admin can manage the ...

Page 305: ...rio Operation Procedure In above diagram Local Admin or Remote Admin can manage the Gateway in the Intranet or Internet The Gateway is the gateway of Network A and the subnet of its Intranet is 10 0 75 0 24 It has the IP address of 10 0 75 2 for LAN interface and 118 18 81 33 for WAN 1 interface It serves as a NAT gateway The Local Admin in the Intranet uses Telnet utility with privileged account ...

Page 306: ...t 1 The LAN Enable box is checked by default 2 By default Service Port is 23 Check the Enable box to activate the Telnet function for connecting from LAN or WAN interfaces You can set which number of Service Port you want to provide for the corresponding service Value Range 1 65535 SSH 3 The LAN Enable box is checked by default 4 By default Service Port is 22 Check the Enable box to activate the S...

Page 307: ... specify new password to change root password Note_1 You are highly recommended to change the default telnet password with yours before the device is deployed Note_2 If you have trouble for the default password for previous FW version please check the corresponding User Manual to get the correct one Save N A Click Save to save the settings Undo N A Click Undo to cancel the settings 307 ...

Page 308: ...cess gateway Click the Modify button and provide the new username setting Username Configuration Item Value setting Description Username 1 The default Username for web based MMI is admin Display the current MMI login account Username New Username String any text Enter new Username to replace the current setting Password String any text Enter current password to verify if you have the permission to...

Page 309: ...assword again to confirm Save N A Click Save button to save the settings Undo N A Click Undo button to cancel the settings Change MMI Setting for Accessing This is the gateway s web based MMI access which allows administrator to access the gateway for management The gateway s web based MMI will automatically logout when the idle time has elapsed The setting allows administrator to enable automatic...

Page 310: ...ion will be available for further configuration You can leave it as default or select a expected certificate and key from the drop down list Refer to Object Definition Certificate Section for the Certificate configuration http Compression The box is unchecked by default Check the box gzip or deflate if any comprerssion method is preferred System Boot Mode Normal Mode is selected by default Select ...

Page 311: ...It displays the serial number of this product Kernel Version N A It displays the Linux kernel version of the product FW Version N A It displays the firmware version of the product CPU Usage N A It displays the percentage of CPU utilization Memory Usage N A It displays the percentage of device memory utilization System Time N A It displays the current system time that you browsed this web page Devi...

Page 312: ... with time server by NTP Protocol to get system date and time after you click on the Synchronize immediately button The second one is Sync with my PC Select the method and the system will synchronize its date and time to the time of the administration PC Go to Administration System Operation System Time tab Synchronize with Time Server System Time Information Item Value Setting Description Synchro...

Page 313: ...dinated Universal Time time not the local time for the device Synchronize with Manually Setting System Time Information Item Value Setting Description Synchronization method 1 A Must filled item 2 Time Server is selected by default Select the Manual as the synchronization method for the system time It means administrator has to set the Date Time manually Time Zone 1 A Must filled item 2 GMT 00 00 ...

Page 314: ...ronize its date and time to the time of the administration PC NTP Service 1 It is an optional item 2 Un checked by default Check the Enable button to activate the NTP Service function When you enabled this function the gateway can provide NTP server service for its local connected devices Synchronize immediately N A Click the Active button to synchronize the system time with specified time server ...

Page 315: ... with Cellular WAN interface Time Zone 1 A Must filled item 2 GMT 00 00 is selected by default Select a time zone where this device locates NTP Service 1 It is an optional item 2 Un checked by default Check the Enable button to activate the NTP Service function When you enabled this function the gateway can provide NTP server service for its local connected devices Synchronize immediately N A Clic...

Page 316: ... GNSS interface Time Zone 1 A Must filled item 2 GMT 00 00 is selected by default Select a time zone where this device locates NTP Service 1 It is an optional item 2 Un checked by default Check the Enable button to activate the NTP Service function When you enabled this function the gateway can provide NTP server service for its local connected devices Synchronize immediately N A Click the Active ...

Page 317: ...ystem Log tab View Email Log History View button is provided for network administrator to view log history on the gateway Email Now button enables administrator to send instant Email for analysis View Email Log History Item Value setting Description View button N A Click the View button to view Log History in Web Log List Window Email Now button N A Click the Email Now button to send Log History v...

Page 318: ...the First button to jump to the first page Last N A Click the Last button to jump to the last page Download N A Click the Download button to download log to your PC in tar file format Clear N A Click the Clear button to clear all log Back N A Click the Back button to return to the previous page Web Log Type Category Web Log Type Category screen allows network administrator to select the type of ev...

Page 319: ...ert Setting Window Item Value Setting Description Enable Un checked by default Check Enable box to enable sending event log messages to destined Email account defined in the E mail Addresses blank space Server N A Select one email server from the Server dropdown box to send Email If none has been available click the Add Object button to create an outgoing Email server You may also add an outgoing ...

Page 320: ...nd Debug Log to Storage Log to Storage screen allows network administrator to select the type of events to log and be stored at an internal or an external storage Log to Storage Setting Window Item Value Setting Description Enable Un checked by default Check to enable sending log to storage Select Device Internal is selected by default Select internal or external storage Log file name Un checked b...

Page 321: ...ed to specify the file name of new firmware by using Browse button and then click Upgrade button to start the FW upgrading process on this device If you want to upgrade a firmware which is from GPL policy please check Accept unofficial firmware Backup Configuration Settings Download is selected by default You can backup or restore the device configuration settings by clicking the Via Web UI button...

Page 322: ...oot this device by clicking the Reboot button and reset this device to default settings by clicking the Reset button System Operation Window Item Value Setting Description Reboot Now is selected by default Chick the Reboot button to reboot the gateway immediately or on a pre defined time schedule Now Reboot immediately Time Schedule Select a pre defined auto reboot time schedule rule to reboot the...

Page 323: ...s technologically different This gateway embedded FTP SFTP server for administrator to download the log files to his computer or database In the following two sections you can configure the FTP server and create the user accounts that can login to the server After login to the FTP server you can browse the log directory and have the permission to download the stored log files and delete the files ...

Page 324: ...ing so no any write permission is implemented for user file upload to the storage FTP Port Port 21 is set by default Specify a port number for FTP connection The gateway will listen for incoming FTP connections on the specified port Value Range 1 65535 Timeout 300 seconds is set by default Specify the maximum timeout interval for the FTP connection Supported range is 60 to 7200 seconds Max Connect...

Page 325: ...er Mode Optional setting Check the Enable box to activate the support of ASCII mode data transfers Binary mode is supported by default FTPS FTP over SSL TLS Optional setting Check the Enable box to activate the support of secure connections via SSL TLS Enable SFTP Server Configuration Item Value setting Description SFTP The box is unchecked by default Check Enable box to activate the embedded SFTP...

Page 326: ...Name String non blank string Enter the user account for login to the FTP server Value Range 1 15 characters Password String no blank Enter the user password for login to the FTP server Directory N A Select a root directory after user login Permission Read Write is selected by default Select the Read write permission Note The embedded FTP Server is only for log downloading so no any write permissio...

Page 327: ...ice to test whether it is alive after clicking on the Ping button A test result window will appear beneath it Tracert Test Optional setting Trace route tracert command is a network diagnostic tool for displaying the route path and measuring transit delays of packets across an IP network Trace route proceeds until all three sent packets are lost for more than twice then the connection is lost and t...

Page 328: ...name to save the captured packets in log storage If Split Files option is also enabled the file name will be appended with an index code _ index The extension file name is pcap Split Files 1 An optional setting 2 The default value of File Size is 200 KB Check enable box to split file whenever log file reaching the specified limit If the Split Files option is enabled you can further specify the Fil...

Page 329: ...on specific Interface s you can further specify some filter rules to capture the packets which matched the rules Capture Fitters Item Value setting Description Filter Optional setting Check Enable box to activate the Capture Filter function Source MACs Optional setting Define the filter rule with Source MACs which means the source MAC address of packets Packets which match the rule will be capture...

Page 330: ... MACs which means the destination MAC address of packets Packets which match the rule will be captured Up to 10 MACs are supported but they must be separated with e g AA BB CC DD EE FF 11 22 33 44 55 66 The packets will be captured when match any one MAC in the rule Destination IPs Optional setting Define the filter rule with Destination IPs which means the destination IP address of packets Packet...

Page 331: ...nicating with carrier ISP by USSD command or doing a cellular network scan for diagnostic purpose In Cellular Toolkit section it includes several useful features that are related to cellular configuration or application You can configure settings of Data Usage SMS SIM PIN USSD and Network Scan here Please note at least a valid SIM card is required to be inserted to device before you continue setti...

Page 332: ...tch to secondary SIM and establish another cellular data connection with secondary SIM automatically If Data Usage feature is enabled all history of cellular data usage can be viewed at Status Statistics Reports Cellular Usage tab 3G 4G Data Usage Data Usage feature enabling gateway device to continuously monitor cellular data usage and take actions In the diagram quota limit of SIM A is 1Gb per m...

Page 333: ...ng Value setting Description SIM Select 3G 4G 1 and SIM A by default Choose a cellular interface 3G 4G 1 or 3G 4G 2 and a SIM card bound to the selected cellular interface to configure its data usage profile Carrier Name It is an optional item Fill in the Carrier Name for the selected SIM card for identification Cycle Period Days by default The first box has three types for cycle period They are D...

Page 334: ...ct Un Checked by default Check the Enable box to activate the connection restriction function During the specified cycle period if the actual data usage exceeds the allowable data limitation the cellular connection will be forced to disconnect Enable Un Checked by default Check the Enable box to activate the data usage profile 334 ...

Page 335: ... on a cellular phone Setup SMS Configuration Configuration Item Value setting Description Physical Interface The box is 3G 4G 1 by default Choose a cellular interface 3G 4G 1 or 3G 4G 2 for the following SMS function configuration SMS The box is checked by default This is the SMS switch If the box checked that the SMS function enable if the box unchecked that the SMS function disable SIM Status N ...

Page 336: ...eceived the new SMS this value plus one Remaining SMS N A This value is SMS capacity minus received SMS When received the new SMS this value minus one New SMS N A Click New SMS button a New SMS screen appears User can set the SMS setting from this screen Refer to New SMS in the next page SMS Inbox N A Click SMS Inbox button a SMS Inbox List screen appears User can read or delete SMS reply SMS or f...

Page 337: ...nbox List You can read or delete SMS reply SMS or forward SMS from this screen SMS Inbox List Item Value setting Description ID N A The number or SMS From Phone Number N A What the phone number from SMS Timestamp N A What time receive SMS SMS Text Preview N A Preview the SMS text Click the Detail button to read a certain message Action The box is unchecked by default Click the Detail button to rea...

Page 338: ...d manage PIN code on a SIM card through its web GUI Activate PIN code on SIM Card This gateway device allows you to activate PIN code on SIM card This example shows how to activate PIN code on SIM A for 3G 4G 1 with default PIN code 0000 Change PIN code on SIM Card This gateway device allows you to change PIN code on SIM card Following the example above you need to type original PIN code 0000 and ...

Page 339: ...nge the SIM PIN setting for the selected SIM Card The number of physical modems depends on the gateway model you purchased SIM Status N A Indication for the selected SIM card and the SIM card status The status could be Ready Not Insert or SIM PIN Ready SIM card is inserted and ready to use It can be a SIM card without PIN protection or that SIM card is already unlocked by correct PIN code Not Inse...

Page 340: ... the Change PIN code button is disabled In the case if you still want to change the PIN code you have to enable the SIM Lock function first fill in the PIN code and then click the Save button to enable After that You can click the Change PIN code button to change the PIN code When Change PIN Code button is clicked the following screen will appear Item Value Setting Description Current PIN Code A M...

Page 341: ... As mentioned earlier the SIM card will be locked by PUK code after too many trials of failure PIN code In this case the PUK Status will turns to PUK Lock In a normal situation it will display PUK Unlock Remaining times Depend on SIM card Represent the remaining trial times for the PUK unlocking Note DO NOT make the remaining times down to zero it will damage the SIM card FOREVER Call for your ISP...

Page 342: ...2 alphanumeric characters in length Unlike Short Message Service SMS messages USSD messages create a real time connection during an USSD session The connection remains open allowing a two way exchange of a sequence of data This makes USSD more responsive than services that use SMS USSD Scenario USSD allows you to have an instant bi directional communication with carrier ISP In the diagram the USSD...

Page 343: ...in the correct pre command and then click on the Send button for the session The responses from the USSD server will be displayed beneath the USSD Command line When commands typed in the USSD Command field are sent received responses will be displayed in the USSD Response blank space User can communicate with the USSD server by sending USSD commands and getting USSD responses via the gateway USSD ...

Page 344: ... Comments N A Enter a brief comment for the profile Send USSD Request When send the USSD command the USSD Response screen will appear When click the Clear button the USSD Response will disappear USSD Request Item Value setting Description USSD Profile N A Select a USSD profile name from the dropdown list USSD Command N A The USSD Command string of the selected profile will be shown here USSD Respo...

Page 345: ...terface by executing the network scanning one after another You can also specify the connection sequence of the targeted generation of mobile system 2G 3G LTE Network Scan Configuration Configuration Item Value setting Description Physical Interface The box is 3G 4G 1 by default Choose a cellular interface 3G 4G 1 or 3G 4G 2 for the network scan function SIM Status N A Show the connected cellular ...

Page 346: ...ears when the Manually Scan Approach is selected in the Configuration window By clicking on the Scan button and wait for 1 to 3 minutes the found mobile operator system will be displayed for you to choose Click again on the Apply button to drive system to connect to that mobile operator system for the dedicated 3G 4G interface 346 ...

Page 347: ...pecific functionality of the gateway On receiving the managing event the gateway will take action to change the functionality collect the required status for administration and also change the status of a certain connected field bus device simultaneously The notifying events are the events that some related objects have been triggered and take corresponding actions on the occurrence of the events ...

Page 348: ...nnected Modbus devices Notifying Events Trigger Type Digital Input Power Change Connection Change WAN LAN VLAN WiFi DDNS Administration Modbus and Data Usage Actions Notify the administrator with SMS Syslog SNMP Trap or Email Alert Change the status of connected Digital Output or Modbus devices To use the event handling function First of all you have to enable the event management setting and conf...

Page 349: ...box to activate the Event Management function Enable SMS Management To use the SMS management function you have to configure some important settings first SMS Configuration Item Value setting Description Message Prefix The box is unchecked by default Click the Enable box to enable the SMS prefix for validating the received SMS Once the function is enabled you have to enter the prefix behind the ch...

Page 350: ...nt Configuration Item Value setting Description Phone Number 1 Mobile phone number format 2 A Must filled setting Select the Phone number policy from the drop list and specify a mobile phone number as the SMS account identifier if required It can be Specific Number or Allow Any If Specific Number is selected you have to specify the phone number as the SMS account identifier Value Range 1 32 digits...

Page 351: ...ccount for event notification It supports up to a maximum of 5 accounts You can click the Add Edit button to configure the Email account Email Service Configuration Item Value setting Description Email Server Option Select an Email Server profile from External Server setting for the email account setting Email Addresses 1 Internet E mail address format 2 A Must filled setting Specify the Destinati...

Page 352: ... purchased product Normal Level Low by default Specify the Normal Level It could be Low or High Signal Active Time 1 Numberic String format 2 A Must filled setting Specify the Signal Active Time It could be from 1 to 10 seconds Value Range 1 10 seconds Check Interval 1 Numberic String format 2 A Must filled setting 3 0 is set by default Specify the check interval for the DI event It could be from ...

Page 353: ...ption for the profile DO Source ID1 by default Specify the DO Source It could be ID1 Normal Level Low by default Specify the Normal Level It could be Low or High Total Signal Period 1 Numberic String format 2 A Must filled setting Specify the Total Signal Period Value Range 10 10000 ms Repeat Counter The box is unchecked by default Check the Enable box to activate the repeated Digital Output and s...

Page 354: ...odbus Notifying Events Profile Item Value setting Description Modbus Name 1 String format 2 A Must filled setting Specify the Modbus profile name Value Range 1 32 characters Description 1 Any text 2 An Optional setting Specify a brief description for the profile Read Function Read Holding Registers by default Specify the Read Function for Notifying Events Modbus Mode Serial by default Specify the ...

Page 355: ...e It could be from 1 to 247 Register 1 Numberic String format 2 A Must filled setting Specify the Register number of the modbus device Value Range 0 65535 Logic Comparator Logic Comparator by default Specify the Logic Comparator for Notifying Events It could be or Value 1 Numberic String format 2 A Must filled setting Specify the Value Value Range 0 65535 Enable The box is unchecked by default Cli...

Page 356: ...tting Description Modbus Name 1 String format 2 A Must filled setting Specify the Modbus profile name Value Range 1 32 characters Description 1 Any text 2 An Optional setting Specify a brief description for the profile Write Function Write Single Registers by default Specify the Write Function for Managing Events Modbus Mode Serial by default Specify the Modbus Mode It could be Serial or TCP IP 1 ...

Page 357: ... the modbus device Value Range 1 247 Register 1 Numberic String format 2 A Must filled setting Specify the Register number of the modbus device Value Range 0 65535 Value 1 Numberic String format 2 A Must filled setting Specify the Value Value Range 0 65535 Enable The box is unchecked by default Click Enable box to activate this profile setting Save NA Click the Save button to save the configuratio...

Page 358: ...nd response Go to Service Event Handling Managing Events Tab Enable Managing Events Configuration Item Value setting Description Managing Events The box is unchecked by default Check the Enable box to activate the Managing Events function Create Edit Managing Event Rules Setup the Managing Event rules It supports up to a maximum of 128 rules 358 ...

Page 359: ...I profile you defined to specify a certain Digital Input Event Note The available Event Type could be different for the purchased product Description String format any text Enter a brief description for the Managing Event Action All box is unchecked by default Specify Network Status or at least one rest action to take when the expected event is triggered Network Status Select Network Status Checkb...

Page 360: ...69 On Off the gateway will change the settings as the action for the event Administration Select Administration Checkbox and the interested sub items Backup Config Restore Config Reboot Save Current Setting as Default the gateway will change the settings as the action for the event Digital Output Select Digital Output checkbox and a DO profile you defined as the action for the event Modbus Select ...

Page 361: ...ine the relationship rule between event trigger and handlers Enable Notifying Events Configuration Item Value setting Description Notifying Events The box is unchecked by default Check the Enable box to activate the Notifying Events function Create Edit Notifying Event Rules Setup your Notifying Event rules It supports up to a maximum of 128 rules 361 ...

Page 362: ...ger condition to specify a certain LAN VLAN Event WiFi Select WiFi and a trigger condition to specify a certain WiFi Event DDNS Select DDNS and a trigger condition to specify a certain DDNS Event Administration Select Administration and a trigger condition to specify a certain Administration Event Modbus Select Modbus and a Modbus Notifying Event profile you defined to specify a certain Modbus Eve...

Page 363: ... action for the event Modbus Select Modbus and a Modbus Notifying Event profile you defined as the action for the event Note The available Event Type could be different for the purchased product Time Schedule 0 Always is selected by default Select a time scheduling rule for the Notifying Event Notifying Events The box is unchecked by default Click Enable box to activate this Notifying Event settin...

Page 364: ...Industry Cellular Gateway Chapter 8 Status 8 1 Dashboard not supported Not supported feature for the purchased product leave it as blank 364 ...

Page 365: ...ddress is obtained from your ISP Depending on the model purchased it can be Static IP Dynamic IP PPPoE PPTP L2TP 3G 4G Network Type N A It displays the network type for the WAN interface s Depending on the model purchased it can be NAT Routing Bridge or IP Pass through IP Addr N A It displays the public IP address obtained from your ISP for Internet connection Default value is 0 0 0 0 if left unco...

Page 366: ...nected Disconnect button allows user to manually disconnect the device from the Internet Note Connect button is available when Connection Control in WAN Type setting is set to Connect Manually Refer to Edit button in Basic Network WAN Uplink Internet Setup and WAN connection status is connected WAN interface IPv6 Network Status WAN interface IPv6 Network Status screen shows status information for ...

Page 367: ... local Address N A It displays the current LAN IPv6 Link Local address This is also the IPv6 IP Address user use to access Router s Web based Utility IPv6 Global Address N A It displays the current IPv6 global IP address assigned by your ISP for your Internet connection MAC Address N A It displays the LAN MAC Address of the gateway Action N A This area provides functional buttons Edit IPv4 Button ...

Page 368: ... information will appear They are the Modem Information SIM Status and Service Information Refer to next page for more When the Detail button is pressed 3G 4G modem information windows such as Modem Information SIM Status Service Information Signal Strength Quality and Error Message will appear ADSL Modem Status ADSL Modem Status screen shows status information for embedded ADSL modem ADSL Modem S...

Page 369: ...gnal SNR of the ADSL line VDSL Modem Status VDSL Modem Status screen shows status information for embedded VDSL modem VDSL Modem Status Item Value setting Description Firmware Version N A It displays the firmware version of the embedded VDSL modem Profile N A It displays the profile used for the VDSL line Link Status N A It displays the link status of the VDSL WAN VDSL Basic Status VDSL Basic Stat...

Page 370: ...ys the Interface s total transmitted packets Interface Traffic Statistics Item Value setting Description ID N A It displays corresponding WAN interface WAN IDs Interface N A It displays the type of WAN physical interface Depending on the model purchased it can be Ethernet 3G 4G etc Received Packets Mb N A It displays the downstream packets Mb It is reset when the device is rebooted Transmitted Pac...

Page 371: ...is gateway LAN Client List Item Value setting Description LAN Interface N A Client record of LAN Interface String Format IP Address N A Client record of IP Address Type and the IP Address Type is String Format and the IP Address is IPv4 Format Host Name N A Client record of Host Name String Format MAC Address N A Client record of MAC Address MAC Address Format Remaining Lease Time N A Client recor...

Page 372: ...ether the VAP wireless signal is enabled or disabled Op Mode N A The Wi Fi Operation Mode of VAP Depends of device model modes are AP Router WDS Only and WDS Hybrid Universal Repeater and Client SSID N A It displays the network ID of VAP Channel N A It displays the wireless channel used WiFi System N A The WiFi System of VAP Auth Security N A It displays the authentication and encryption type used...

Page 373: ...istic shows all the received and transmitted packets on WiFi network WiFi IDS Status Item Value setting Description Authentication Frame N A It displays the receiving Authentication Frame count Association Request Frame N A It displays the receiving Association Request Frame count Re association Request Frame N A It displays the receiving Re association Request Frame count Probe Request Frame N A ...

Page 374: ...s on WiFi network WiFi Traffic Statistic Item Value setting Description Op Band N A It displays the Wi Fi Operation Band 2 4G or 5G of VAP ID N A It displays the VAP ID Received Packets N A It displays the number of reveived packets Transmitted Packet N A It displays the number of transmitted packets Action N A Click the Reset button to clear individual VAP statistics Refresh Button N A Click the ...

Page 375: ...tify DDNS service provider Provider N A It displays the DDNS server of DDNS service provider Effective IP N A It displays the public IP address of the device updated to the DDNS server Last Update Status N A It displays whether the last update of the device public IP address to the DDNS server has been successful Ok or failed Fail Last Update Time N A It displays time stamp of the last update of p...

Page 376: ...entify Tunnel Scenario N A It displays the Tunnel Scenario specified Local Subnets N A It displays the Local Subnets specified Remote IP FQDN N A It displays the Remote IP FQDN specified Remote Subnets N A It displays the Remote Subnets specified Conn Time N A It displays the connection time for the IPSec tunnel Status N A It displays the Status of the VPN connection The status displays are Connec...

Page 377: ...ted OpenVPN Client Status OpenVPN Client Status Item Value setting Description OpenVPN Client Name N A It displays the Client name you have entered for identification Interface N A It displays the WAN interface specified for the OpenVPN client connection Remote IP FQDN N A It displays the peer OpenVPN Server s Public IP address the WAN IP address or FQDN Remote Subnet N A It displays the Remote Su...

Page 378: ... VPN L2TP tab L2TP Client Status Item Value setting Description Client Name N A It displays Name for the L2TP Client specified Interface N A It displays the WAN interface with which the gateway will use to request PPTP tunneling connection to the PPTP server Virtual IP N A It displays the IP address assigned by Virtual IP server of L2TP server Remote IP FQDN N A It displays the L2TP Server s Publi...

Page 379: ...y VPN PPTP tab PPTP Client Status Item Value setting Description Client Name N A It displays Name for the PPTP Client specified Interface N A It displays the WAN interface with which the gateway will use to request PPTP tunneling connection to the PPTP server Virtual IP N A It displays the IP address assigned by Virtual IP server of PPTP server Remote IP FQDN N A It displays the PPTP Server s Publ...

Page 380: ... setting Description Activated Filter Rule N A This is the Packet Filter Rule name Detected Contents N A This is the logged packet information including the source IP destination IP protocol and destination port the TCP or UDP String format Source IP to Destination IP Destination Protocol TCP or UDP IP N A The Source IP IPv4 of the logged packet Time N A The Date and Time stamp of the logged packe...

Page 381: ...Web Content Filter Status Web Content Filter Status Item Value setting Description Activated Filter Rule N A Logged packet of the rule name String format Detected Contents N A Logged packet of the filter rule String format IP N A Logged packet of the Source IP IPv4 format Time N A Logged packet of the Date Time Date time format Month Day Hours Minutes Seconds Note Ensure Web Content Filter Log Ale...

Page 382: ...bled Refer to Security Firewall MAC Control tab Check Log Alert and save the setting Application Filters Status Application Filters Status Item Value setting Description Filtered Application Category N A The name of the Application Category being blocked Filtered Application Name N A The name of the Application being blocked IP N A The Source IP IPv4 of the logged packet Time N A The Date and Time...

Page 383: ...n Firewall Options String Format Disable or Enable SPI N A Enable or Disable setting status of SPI on Firewall Options String Format Disable or Enable Discard Ping from WAN N A Enable or Disable setting status of Discard Ping from WAN on Firewall Options String Format Disable or Enable Remote Administrator Management N A Enable or Disable setting status of Remote Administrator If Remote Administra...

Page 384: ... available for SNMP version 3 IP Address N A It displays the IP address of SNMP manager Port N A It displays the port number used to maintain connection with the SNMP manager Community N A It displays the community for SNMP version 1 or version 2c only Auth Mode N A It displays the authentication method for SNMP version 3 only Privacy Mode N A It displays the privacy mode for version 3 only SNMP V...

Page 385: ...onnection status with the TR 068 server TR 069 Status Item Value setting Description Link Status N A It displays the current connection status with the TR 068 server The connection status is either On when the device is connected with the TR 068 server or Off when disconnected 385 ...

Page 386: ...og Storage tab The Log Storage Status screen shows the status for selected device storage Log Storage Status Log Storage Status screen shows the status of current the selected device storage The status includes Device Select Device Description Usage File System Speed and status 386 ...

Page 387: ...ious button you will see the previous page of track list Next N A Click the Next button you will see the next page of track list First N A Click the First button you will see the first page of track list Last N A Click the Last button you will see the last page of track list Export xml N A Click the Export xml button to export the list to xml file Export csv N A Click the Export csv button to expo...

Page 388: ...Industry Cellular Gateway 8 5 2 Network Traffic not supported Not supported feature for the purchased product leave it as blank 388 ...

Page 389: ...login statistics Next N A Click the Next button you will see the next page of login statistics First N A Click the First button you will see the first page of login statistics Last N A Click the Last button you will see the last page of login statistics Export xml N A Click the Export xml button to export the login statistics to xml file Export csv N A Click the Export csv button to export the log...

Page 390: ...y 8 5 4 Cellular Usage Go to Status Statistics Reports Cellular Usage tab Cellular Usage screen shows data usage statistics for the selected cellular interface The cellular data usage can be accumulated per hour or per day 390 ...

Page 391: ...hen Hemminger shemminger osdl org Lennert Buytenhek buytenh gnu org version 1 1 GNU GENERAL PUBLIC LICENSE Version 2 June 1991 tc show manipulate traffic control settings Stephen Hemminger shemminger osdl org Alexey Kuznetsov kuznet ms2 inr ac ru version iproute2 ss050330 GNU GENERAL PUBLIC LICENSE Version 2 June 1991 dhcp fwd starts the DHCP forwarding agent Enrico Scholz enrico scholz informatik...

Page 392: ...ment but changing it is not allowed https www openswan org Opennhrp Version v0 14 1 OpenNHRP is an NHRP implementation for Linux It has most of the RFC2332 and Cisco IOS extensions Project homepage http sourceforge net projects opennhrp Git repository git opennhrp git sourceforge net gitroot opennhrp LICENSE OpenNHRP is licensed under the MIT License See MIT LICENSE txt for additional details Open...

Page 393: ...aringpenguin com L2TPServ Version v 1 3 1 GNU GENERAL PUBLIC LICENSEVersion 2 June 1991 Copyright C 1989 1991 Free Software Foundation Inc 59 Temple Place Suite 330 Boston MA 02111 1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed http www xelerance com software xl2tpd Mpstat from sysstat system performance tools for Linux...

Page 394: ...ent an NTP RFC 1305 RFC 4330 client for unix alike computers Version 2007_365 Copyright 1997 1999 2000 2003 2006 2007 Larry Doolittle exFAT FUSE based exFAT implementation Version 0 9 8 Copyright C 2010 2012 Andrew Nayenko ONTFS_3G The NTFS 3G driver is an open source freely available read write NTFS driver for Linux FreeBSD Mac OS X NetBSD Solaris and Haiku Version 2009 4 4 Copyright C 1989 1991 ...

Page 395: ...Industry Cellular Gateway Version 20080615 Copyright C 1998 2004 WIDE Project BSD License https sourceforge net projects wide dhcpv6 395 ...

Reviews: