Amit IOG761AM-0P001 User Manual Download Page 1

 

 

IoT

 

Cellular

 

Gateway

 

IOG761AM

0T001

 

IOG761AM

0P001

 

 

User

 

Manual

 

Summary of Contents for IOG761AM-0P001

Page 1: ...IoT Cellular Gateway IOG761AM 0T001 IOG761AM 0P001 User Manual...

Page 2: ...1 6 1 Mount the Unit 12 1 6 2 Insert the SIM Card 12 1 6 3 Connecting Power 13 1 6 4 Connecting DI DO Devices 14 1 6 5 Connecting Serial Devices 15 1 6 6 Connecting to the Network or a Host 15 1 6 7 S...

Page 3: ...tion 132 3 7 IPv6 134 3 7 1 IPv6 Configuration 138 3 9 NAT Bridge 145 3 9 1 NAT Configuration 145 3 9 3 Virtual Server Virtual Computer 149 3 9 5 Special AP ALG 157 3 9 7 DMZ Pass Through 164 3 9 9 SD...

Page 4: ...8 5 3 3 Rule based QoS 241 5 5 VPN 254 5 5 1 Configuration 254 5 5 3 IPSec 256 5 5 5 PPTP 277 5 5 7 L2TP 289 5 5 9 GRE 301 5 5 d OpenVPN 309 5 7 Redundancy 324 5 7 1 VRRP 325 5 9 System Management 329...

Page 5: ...D 411 7 1 5 Network Scan 415 7 1 7 SMS Management 417 7 1 b SIM PIN 426 7 1 h Plain Text System Config 435 7 5 Captive Portal 438 7 5 1 Configuration 438 7 d Event Management 445 7 d 1 Configuration 4...

Page 6: ...for NFC or GPS applications This IOG761 series product is loaded with luxuriant security features including VPN firewall NAT port forwarding DHCP server and many other powerful features for complex a...

Page 7: ...dard Package Items Description Contents Quantity 1 IOG761AM 0T001 IoT Cellular Gateway 1pcs 2 Cellular Antenna 2pcs 3 WiFi Antenna 2pcs 4 Power Adapter DC 12V 2A 1 1pcs 5 RJ45 Cable 1pcs 6 Console Cab...

Page 8: ...ovides user with a quick and easy way to resort the default setting Press the RESET button continuously for 6 seconds and then release it The device will restore to factory default settings Auto MDI M...

Page 9: ...skipping is used to reserve slots for new function insertion when required 9 Bottom View Left View SIM B Slot SIM A Slot 2 4G WiFi Antenna 2 4G WiFi Antenna Power Terminal Block PWR1 GND PWR2 GND DI D...

Page 10: ...disabled SIM A Green Steady ON SIM card A is used SIM B Green Steady ON SIM card B is used LAN 1 LAN 4 Green Steady ON Ethernet connection of LAN is established Flash Data packets are transferred Hig...

Page 11: ...Macintosh or Linux based operating system An installed Ethernet adapter Browser Requirements Internet Explorer 6 0 or higher Chrome 2 0 or higher Firefox 3 0 or higher Safari 3 0 or higher Do not use...

Page 12: ...wall mount kits and DIN rail bracket on the product first 1 6 2 Insert the SIM Card WARNNING BEFORE INSERTING OR CHANGING THE SIM CARD PLEASE MAKE SURE THAT POWER OF THE DEVICE IS SWITCHED OFF The SIM...

Page 13: ...the right power requirements and polarity There are a DC converter and a DC12V 2A power adapter3 in the package for you to easily connect DC power adapter to this terminal block WARNNING This commerci...

Page 14: ...with power terminal block Please refer to following specification to connect DI and DO devices Mode Specification Digital Input Trigger Voltage high Logic level 1 5V 30V Normal Voltage low Logic level...

Page 15: ...nsmission speed on the network and configure itself automatically Connect the Ethernet cable to the RJ45 ports of the device Plug one end of an Ethernet cable into your computer s network port and the...

Page 16: ...admin 5 and then click login button After logging in select your language from the Language list The user manual uses English for the illustration of all functions in the device 4 The default LAN IP a...

Page 17: ...izard Network Setup Wizard Step 2 Item Value setting Description Old Password 1 String format any text If you want to change password Enter the current password in this item New Password 1 String form...

Page 18: ...e time zone for the system clock Detect Again NA Click the Detect Again button to detect the time zone from network Exit NA Click the Exit button to cancel Setup Wizard Back NA Click the Back button t...

Page 19: ...to Wizard Network Setup Wizard Step 4 WAN interface Step 4 WAN interface Setting Item Value setting Description Physical Interface A Must filled setting Here you specify the Physical Interface that c...

Page 20: ...ng Enter the host name provided by your Service Provider ISP Registered MAC Address An Optional setting Enter the MAC address that you have registered with your service provider Or Click the Clone but...

Page 21: ...Subnet Mask A Must filled setting Enter the WAN subnet mask given by your Service Provider WAN Gateway A Must filled setting Enter the WAN gateway IP address given by your Service Provider Primary DNS...

Page 22: ...Must filled setting Enter the PPPoE password provided by your Service Provider Primary DNS A Must filled setting Enter the IP address of Primary DNS server Secondary DNS Optional setting Enter the IP...

Page 23: ...r Service Provider WAN Subnet Mask A Must filled setting Enter the WAN subnet mask given by your Service Provider WAN Gateway A Must filled setting Enter the WAN gateway IP address given by your Servi...

Page 24: ...r Service Provider WAN Subnet Mask A Must filled setting Enter the WAN subnet mask given by your Service Provider WAN Gateway A Must filled setting Enter the WAN gateway IP address given by your Servi...

Page 25: ...e Provider WAN Gateway A Must filled setting Enter the WAN gateway IP address given by your Service Provider Primary DNS A Must filled setting Enter the primary WAN DNS IP address given by your Servic...

Page 26: ...Circuit Identifier Number Schedule Type 1 A Must filled setting 2 Default is UBR Define the Schedule Type provided by your Service Provider There are four types can be selected UBR UBR generally is u...

Page 27: ...rface Item Value setting Description LAN IP Address A Must filled setting Assign an IP Address for LAN this IP address is a gateway IP Subnet Mask By default 255 255 255 0 24 is selected Select a Subn...

Page 28: ...y step guide you through to complete VPN tunnel setup Step 1 Setup Steps In Step 1 the VPN Setup Step is a screen that displays the summary of steps for VPN setup Click Next button to begin VPN setup...

Page 29: ...PTP in the following page When L2TP is selected go to Step 3 L2TP in the following page When GRE is selected go to Step 3 GRE in the following page Step 3 IPSec When IPSec is selected in Step 2 for VP...

Page 30: ...PPTP client or server is selected the client or server configuration window will appear PPTP Client When PPTP Client is selected in Step 2 for VPN Type PPTP configuration window will appear When compl...

Page 31: ...PPTP Server configuration click Next button a setup summary will display Confirm the setting then click the Apply button to complete the setting Step 3 L2TP When L2TP is selected in Step 2 for VPN Ty...

Page 32: ...ummary will display Confirm the setting then click the Apply button to complete the setting L2TP Server When L2TP Server is selected in Step 2 for VPN Type L2TP configuration window will appear When c...

Page 33: ...n when required 33 Step 3 GRE When GRE is selected in Step 2 for VPN Type GRE configuration window will appear When complete the GRE configuration click Next button a setup summary will display Confir...

Page 34: ...purchased it can be Static IP Dynamic IP PPPoE PPTP L2TP 3G 4G IP Addr N A It displays the public IP address obtained from your ISP for Internet connection Default value is 0 0 0 0 if left unconfigur...

Page 35: ...dit button in Basic Network WAN Internet Setup and WAN connection status is connected WAN interface IPv6 Network Status WAN interface IPv6 Network Status screen shows status information for IPv6 netwo...

Page 36: ...by your ISP for your Internet connection Action N A This area provides functional buttons Edit IPv4 Button when press web based utility will take you to the Ethernet LAN configuration page Basic Netwo...

Page 37: ...splays the current mask of the subnet IPv6 Link local Address N A It displays the current LAN IPv6 Link Local address This is also the IPv6 IP Address user use to access Router s Web based Utility IPv...

Page 38: ...be 3G 4G 1 and 3G 4G 2 Card Information N A It displays the vendor s 3G 4G modem model name Link Status N A It displays the 3G 4G connection status The status can be Connecting Connected Disconnectin...

Page 39: ...erface N A It displays the type of WAN physical interface It can be 3G1 or 3G2 Note 3G2 is only for devices that support dual modules Module Name N A It displays the vendor s 3G 4G modem model name IM...

Page 40: ...lock It is probably due to the device had exceeded the allowed number of times to unlock Refer to PIN Code Remaining Times PIN Code Remaining Times N A This displays the remaining time of the counter...

Page 41: ...DMA or LTE Band N A It displays the band currently used RSSI N A It displays the RSSI Received Signal Strength Indicator in unit dBm of the signal CS Register Status N A It displays the Circuit Switch...

Page 42: ...ID of VAP WiFi Enable N A It displays whether the VAP wireless signal is enabled or disabled Op Mode N A The Wi Fi Operation Mode of VAP Depends of device model modes are AP Router WDS Only and WDS Hy...

Page 43: ...twork WiFi Advanced Configuration tab Note that the WIDS of 2 4G or 5G should be configured separately WiFi IDS Status Item Value setting Description Authentication Frame N A It displays the receiving...

Page 44: ...o to Status LAN Client List LAN Client List Item Value setting Description LAN Interface N A Client record of LAN Interface String Format IP Address N A Client record of IP Address Type and the IP Add...

Page 45: ...y log history Clicking the Edit button the screen will be switched to the configuration page From the menu on the left select Status Firewall Status Firewall Status Tab Packet Filter Status Packet Fil...

Page 46: ...e URL Blocking Log Alert is enabled Refer to Advanced Network Firewall URL Blocking tab Check Log Alert and save the setting Web Content Filter Status Web Content Filter Status Item Value setting Desc...

Page 47: ...ontrol Log Alert is enabled Refer to Advanced Network Firewall MAC Control tab Check Log Alert and save the setting Plication Filters Status Application Filters Status Item Value setting Description F...

Page 48: ...le setting status of Stealth Mode on Firewall Options String Format Disable or Enable SPI N A Enable or Disable setting status of SPI on Firewall Options String Format Disable or Enable Discard Ping f...

Page 49: ...scription Tunnel Name N A It displays the tunnel name you have entered to identify Tunnel Scenario N A It displays the Tunnel Scenario specified Local Subnets N A It displays the Local Subnets specifi...

Page 50: ...figuration page Advanced Network VPN PPTP tab PPTP Client Status Item Value setting Description Client Name N A It displays Name for the PPTP Client specified Interface N A It displays the WAN interfa...

Page 51: ...on page Advanced Network VPN L2TP tab L2TP Client Status Item Value setting Description Client Name N A It displays Name for the L2TP Client specified Interface N A It displays the WAN interface with...

Page 52: ...penVPN Client TCP UDP Read bytes N A It displays the TCP UDP Read Bytes of OpenVPN Client TCP UDP Write bytes N A It displays the TCP UDP Write Bytes of OpenVPN Client Connection Conn Time N A It disp...

Page 53: ...atus screen shows the status of current active SNMP connections SNMP Link Status Item Value setting Description User Name N A It displays the user name for authentication This is only available for SN...

Page 54: ...A It displays the timestamp of trap event Trap Event N A It displays the IP address of the trap sender and event type TR 069 Status The TR 069 Status window shows the current connection status with t...

Page 55: ...Interface WAN Internet Setup and WAN Load Balance for Intranet to access Internet For each WAN interface you must specify its physical interface first and then its Internet setup to connect to ISP If...

Page 56: ...l the available physical interfaces After clicking on the Edit button for the interface in Physical Interface List window the Interface Configuration window will appear to let you configure a WAN inte...

Page 57: ...e just some examples They vary from model to model It depends on the model purchased Interface Name The logic name of WAN interfaces is identified by WAN 1 WAN 2 and so on Physical Interface This devi...

Page 58: ...ou must specify it in the WAN physical interface Please note that only Ethernet and ADSL physical interfaces support the feature Interface Configuration The configuration of a WAN interface includes t...

Page 59: ...Cellular Network Gateway Cellular Network xDSL Modem Gateway ISP DSLAM ISP DSLAM Gateway Firewall or Ethernet WAN 3G 4G WAN USB 3G 4G WAN ADSL WAN Ethernet WAN The gateway has one or more RJ45 WAN por...

Page 60: ...s primary WAN connection is broken the backup connection will be started up to substitute the primary connection In addition there is a Seamless option for Failover operation mode When seamless option...

Page 61: ...n Data Encryption LLC VPI Number 0 VCI Number 33 Schedule Type UBR Configuration Path Internet Setup 3G 4G WAN Type Configuration Interface Name WAN 2 Dial up Profile Auto detection Connection Control...

Page 62: ...back Seamless Failover Scenario As another example all parameter configuration for WAN 1 and WAN 2 is same as above example except the Seamless box is checked as bellow in red color Configuration Path...

Page 63: ...Alive Next Failover and Failback processes are shown in following diagram Their steps are S 1 When system discovers the primary WAN connection is failed S 2 System starts the failover process S 3 Sys...

Page 64: ...alled as Dual SIM Failover In this Dual SIM Failover there are four kinds of SIM card usage scenarios including SIM A First SIM B First and SIM A Only and SIM B Only By default SIM A First scenario is...

Page 65: ...The steps are Pre state System tries to connect to mobile system for an Internet connection by using connection profile in SIM A for SIM A First scenario after system rebooting If the connection is s...

Page 66: ...100Mbps Download 100Mbps Gigabit Ethernet WAN Upload 1000Mbps Download 1000Mbps CAT4 Built in LTE Module Upload 50Mbps Download 150Mbps CAT3 LTE USB Dongle Upload 50Mbps Download 100Mbps 3G USB Dongl...

Page 67: ...Interface Interface Configuration WAN n n 1 2 Interface Name WAN 1 WAN 2 Physical Interface Ethernet ADSL Operation Mode Always on Always on Line Speed 100Mbps 100Mbps 2Mbps 22Mbps VLAN Tagging Enable...

Page 68: ...ch WAN type For the Internet setup of each WAN interface you must specify its WAN type of physical interface first and then its related parameter configuration for that WAN type Internet Setup List wi...

Page 69: ...is one Edit button for each WAN interface to let you configure its Internet connection Please see Internet Connection Configuration section beneath Following are some Internet Connection List window e...

Page 70: ...s WAN type You may choose this WAN type if you connects a cable modem or a fiber VDSL modem for Internet connection The assigned IP address for the WAN interface by a DHCP server may be different ever...

Page 71: ...is option is typically used for DSL services PPP over ATM WAN type The Point to Point Protocol over ATM PPPoA is a network protocol for encapsulating PPP frames in AAL5 It is used mainly with DSL carr...

Page 72: ...twork Monitoring IGMP and WAN IP Alias 3G 4G or USB 3G 4G interface there is only 3G 4G WAN type 3G 4G WAN Type Settings include Dial up Profile APN PIN Code Dialed Number Account Password Authenticat...

Page 73: ...ection Check Interval Indicate how often to send keep alive packet Check Timeout Set allowance of time period to receive response of keep alive packet If this gateway doesn t receive response within t...

Page 74: ...onnection Control There are three ways for connection control Auto reconnect Always on Dial on demand and Manually Auto reconnect Always on This gateway will establish Internet connection automaticall...

Page 75: ...ing 3 tables list the parameter configuration for these three WAN interfaces Configuration Path Physical Interface Interface Configuration WAN n n 1 2 3 Interface Name WAN 1 WAN 2 WAN 3 Physical Inter...

Page 76: ...DNS DHCP Servers 10110110001100 01 Request Coming Start Connecting Disconnect when idle timeout Dial on demand Its steps are Pre state After system booting up the WAN connection is disconnected S 1 Wh...

Page 77: ...ly Its steps are Pre state After system booting up the WAN connection is disconnected S 1 When administrator click on the Connect button on the Network Status configuration window S 2 System starts to...

Page 78: ...on Please be noted that By Smart Weight has not further configuration window Load Balance Configuration The Configuration window is to enable the load balance function and specify the strategy When yo...

Page 79: ...s via these WAN interfaces in past period maybe 5 minutes system decides how many sessions will be transferred via each WAN interface for current period of traffic loadings as shown in the following i...

Page 80: ...or example 5 minutes At the end of time period the new transferring ratio for each WAN interface will be changed to the ratio between its counted transferred bytes and the summary one of all interface...

Page 81: ...scribes ADSL ISP for a 22 Mbps WAN connection and 3G 4G ISP for another 11 Mbps WAN connection Administrator fills these both values in the line speed field for both WAN interfaces Please refer to sec...

Page 82: ...dule Type UBR Configuration Path Internet Setup 3G 4G WAN Type Configuration Interface Name WAN 2 Dial up Profile Auto detection Connection Control Auto reconnect Always on Configuration Path Load Bal...

Page 83: ...e one user policy for routing dedicated packet flow via one WAN interface They are shown in following diagrams Above example shows that administrator hopes the packet flow whose destination is www goo...

Page 84: ...y Priority load balance strategy Configuration Path Load Balance Configuration Load Balance Enable Load Balance Strategy By User Policy Configuration Path Load Balance User Policy Configuration ID 1 2...

Page 85: ...tically adjust traffic loading based on traffic weight of each WAN By Priority System will adjust the loading based on user defined bandwidth for each WAN By User Policy System will route traffics thr...

Page 86: ...Must filled setting There are four options can be selected Select Any for traffic from any source Subnet Traffic from the setting subnet will follow the rule Input format is xxx xxx xxx xxx xx e g 192...

Page 87: ...led setting There are three options can be selected Both Traffic with TCP or UDP protocol will follow the rule TCP Traffic to the setting port range will follow the rule UDP Traffic to specific port w...

Page 88: ...ts of a VLAN form an independent traffic domain in which the traffic generated by the nodes remains within the VLAN However in Tag based VLAN all packets with same VLAN ID will be treated as the same...

Page 89: ...n bridge mode Intranet packet flow is delivered out WAN trunk port with VLAN tag to upper link for different services A port based VLAN is a group of ports on an Ethernet or Virtual APs of Wired or Wi...

Page 90: ...ation Tag based VLAN Tagging for Location free Departments Tag based VLAN function can group Ethernet ports Port 1 Port 4 and WiFi Virtual Access Points VAP 1 VAP 8 together with different VLAN tags f...

Page 91: ...t groups based on VLAN ID Following is an example In a SMB company administrator schemes out 3 segments Lab Meeting Rooms and Office In a Security VPN Gateway administrator can configure Office segmen...

Page 92: ...roup Internet Access Administrator can specify members of one VLAN group to be able to access Internet or not Following is an example that VLAN groups of VID is 2 and 3 can access Internet but the one...

Page 93: ...her VLAN group or not This is a communication pair and one VLAN group can join many communication pairs But communication pair doesn t have the transitive property That is A can communicate with B and...

Page 94: ...w function insertion when required 94 LAN VLAN Setting The Ethernet LAN allows user to setup the LAN IP address for device Setting LAN IP address and subnet mask will affect the IP that LAN devices ca...

Page 95: ...function allows you to divide local network into different virtual LAN There are Port based and Tag based VLAN types Select one that applies For Port based VLAN Type Go to Basic Network LAN VLAN VLAN...

Page 96: ...d 96 When Add button is applied Port based VLAN Configuration screen will appear which is including 3 sections Port based VLAN Configuration DHCP Server Configuration and IP Fixed Mapping Rule List an...

Page 97: ...s selected NAT Bridge By default NAT is selected Select NAT mode or Bridge mode for the rule Port Members These box is unchecked by default Select which LAN port and VAP that you want to add to the ru...

Page 98: ...e time is 86400 seconds When your lease expires you must stop using the IP address Domain Name NA It s optional field please follow rules of CHCP Server page Go to Basic Network Client Server Proxy DH...

Page 99: ...etting Define the MAC Address target that the DHCP Server wants to filter IP Address A Must filled setting Define the IP Address that the DHCP Server will assign If there is a request from the MAC Add...

Page 100: ...it button a screen similar to this will appear VLAN Group Item Value setting Description VALN Group Internet Access Definition All boxes are checked by default By default all boxes are checked means a...

Page 101: ...ways it is the default VLAN ID of LAN rule VLAN ID 2 is available only when VLAN ID 2 is enabled The same applies to other VLAN IDs i e VLAN ID 3 Save NA Click the Save button to save the configuratio...

Page 102: ...default Define which LAN port is part of the VLAN ID VAP The box is unchecked by default Define which VAP is part of the VLAN ID Notice that a VAP is only belong to a VLAN ID Disappear VAP if the rou...

Page 103: ...WiFi specification varies from gateway to gateway based on what category of product you purchased For the wireless products WiFi settings allow you to set the WLAN Wireless LAN configuration items Wh...

Page 104: ...each other in the scenario Following diagram illustrates that there are two remote wireless gateways running at WDS Only operation mode They both use channel 3 to link to the local Wireless Gateway 1...

Page 105: ...o the Wireless Gateway 1 the WiFi server by using WiFi system However the Wireless Gateway is running at AP Router mode and has an Internet connection So the remote WiFi networks behind the Access Poi...

Page 106: ...gram illustrates that there are two remote access points running at Universal Repeater operation mode they are the Access Point 2 and the Access Point 3 They both serve as the access point for their r...

Page 107: ...r It also uses an Ethernet link to connect to an external gateway that executes IP assigning and NAT routing function for Internet accessing Client Mode The client mode it can provide connect to an ex...

Page 108: ...ng such as SSID or pre shared key Basic Configuration Go to Basic Network WiFi Configuration Tab Basic Configuration Item Value setting Description Operation Band A Must filled setting Specified the f...

Page 109: ...Select WPS configuration mode from Registrar or Enrollee When Registrar is selected It means the AP will play a role of Registrar in WPS process Allowed STA PIN Code Enter the PIN code which client g...

Page 110: ...Settings Item Value setting Description WiFi Module The box is checked by default Check the Enable box to activate Wi Fi function Selectable 2 4G 5G If selectable 2 4G 5G is supported then 2 4G enabl...

Page 111: ...adcasting The SSID used for identifying from another AP and client stations will associate with AP according to SSID Broadcast It means the SSID will be broadcasted and the stations can associate with...

Page 112: ...4 WEP keys can be set then select one of it as current key And the key type can set to HEX or ASCII If HEX is selected the key should consist of 0 to 9 and A to F If ASCII is selected the key should c...

Page 113: ...is device via TKIP or AES When WPA WPA2 is selected It owns the same setting as WPA or WPA2 The client stations can associate with this device via WPA or WPA2 When WPA PSK or WPA2 PSK is selected It o...

Page 114: ...box is checked by default The SSID used for broadcasting or associating with root AP The SSID used for broadcasting The SSID used for identifying from another AP and client stations will associate wit...

Page 115: ...Encryption There is only WEP encryption can be used in Shared authentication There are 4 WEP keys can be set then select one of it as current key And the key type can set to HEX or ASCII If HEX is sel...

Page 116: ...ociate with this device via TKIP or AES When WPA WPA2 is selected It owns the same setting as WPA or WPA2 The client stations can associate with this device via WPA or WPA2 When WPA PSK or WPA2 PSK is...

Page 117: ...setting 2 Encryption Key Size for WEP encryption 10 or 26 HEX digits 5 or 13 ASCII characters For security there are several authentication methods supported Client stations should provide the key whe...

Page 118: ...encrypting WEP There are 4 WEP keys can be set then select one of it as current key And the key type can set to HEX or ASCII If HEX is selected the key should consist of 0 to 9 and A to F If ASCII is...

Page 119: ...that the client stations can Preshared Key The length of key is from 8 to 63 characters When WPA PSK WPA2 PSK is selected It owns the same setting as WPA PSK or WPA2 PSK The client stations can associ...

Page 120: ...Select one of the schedule settings to enable disable Wi Fi service Go to System Scheduling for further setting Network ID SSID 1 String format Any text 2 The box is checked by default The SSID used f...

Page 121: ...to F If ASCII is selected the key should consist of ASCII table When Shared is selected The pre shared key should be set for authenticating Encryption There is only WEP encryption can be used in Shar...

Page 122: ...ad of any others for security TKIP AES TKIP AES mixed mode It means that the client stations can associate with this device via TKIP or AES When WPA WPA2 is selected It owns the same setting as WPA or...

Page 123: ...manually or Scan button the device will bridge the remote AP when associate successful Save N A Press Save button to save the current configuration Undo N A Press the Undo button to restore configurat...

Page 124: ...r identifying from another AP and client stations will associate with AP according to SSID Broadcast It means the SSID will be broadcasted and the stations can associate with this device by scanning S...

Page 125: ...Encryption There is only WEP encryption can be used in Shared authentication There are 4 WEP keys can be set then select one of it as current key And the key type can set to HEX or ASCII If HEX is sel...

Page 126: ...en WPA WPA2 is selected It owns the same setting as WPA or WPA2 The client stations can associate with this device via WPA or WPA2 When WPA PSK or WPA2 PSK is selected It owns the same encryption syst...

Page 127: ...Index skipping is used to reserve slots for new function insertion when required 127 when any changing saved Scan N A Press Scan button to scan the spatial Wi Fi signal...

Page 128: ...e broadcasted and the stations can associate with this device by scanning SSID The SSID used for associating In Universal Repeater Mode the device also associate with root AP according to SSID Note th...

Page 129: ...is selected the key should consist of 0 to 9 and A to F If ASCII is selected the key should consist of ASCII table When Auto is selected The device will select Open or Shared by requesting of client...

Page 130: ...ia WPA or WPA2 When WPA PSK or WPA2 PSK is selected It owns the same encryption system as WPA or WPA2 The authentication uses pre shared key instead of RADIUS server Encryption Encrypt the information...

Page 131: ...ich VAP s client stations will show in following Client List Client List Client List Item Value setting Description IP Address Configuration Address N A It shows the Client s IP address and the derivi...

Page 132: ...rget WiFi Go to Basic Network WiFi Advanced Configuration Target WiFi Item Value setting Description Operation Band A Must filled setting Specified the following Advanced Configuration will take effec...

Page 133: ...checked by default WMM Wi Fi Multimedia can help control latency and jitter when transmitting multimedia content over a wireless connection Short GI By default 400ns is selected Short GI Guard Interv...

Page 134: ...y supports various types of IPv6 connection Static IPv6 DHCPv6 PPPoEv6 6to4 6in4 Please contact your ISP the type of IPv6 is supported before you proceed with IPv6 setup Static IPv6 Static IPv6 does t...

Page 135: ...s automatically PPPoEv6 PPPoEv6 in IPv6 does the same function as PPPoE in IPv4 The PPPoEv6 server provides configuration parameters based on PPPoEv6 client request When PPPoEv6 server gets client req...

Page 136: ...d the host is responsible for encapsulation of outgoing IPv6 packets and decapsulation of incoming 6to4 packets If the host is configured to forward packets for other clients often a local network it...

Page 137: ...r new function insertion when required 137 In above diagram the 6in4 usually needs to register to a 6in4 tunnel service known as Tunnel Broker in order to use It also need end point global IPv4 addres...

Page 138: ...tting Description WAN Connection Type 1 Only can be selected when IPv6 Enable 2 A Must filled setting Define the selected IPv6 WAN Connection Type to establish the IPv6 connectivity Select Static IPv6...

Page 139: ...y DNS An optional setting Enter the WAN primary DNS Server Secondary DNS An optional setting Enter the WAN secondary DNS Server MLD Snooping The box is unchecked by default Enable Disable the MLD Snoo...

Page 140: ...NS Server Secondary DNS Can not modified by default Enter the WAN secondary DNS Server MLD The box is unchecked by default Enable Disable the MLD Snooping function LAN Configuration LAN Configuration...

Page 141: ...you want more information please contact your ISP Connection Control Fixed value The value is Auto reconnect Always on MTU A Must filled setting Enter the MTU for setting up PPPoEv6 connection If you...

Page 142: ...g Enter the WAN secondary DNS Server MLD The box is unchecked by default Enable Disable the MLD Snooping function LAN Configuration LAN Configuration Item Value setting Description Global Address An o...

Page 143: ...of this router Local IPv6 Address A Must filled setting Filled Client IPv6 Address gotten from tunnelbroker in this field Primary DNS An optional setting Enter the WAN primary DNS Server Secondary DN...

Page 144: ...t Stateless to manage the Local Area Network to be SLAAC RDNSS Router Advertisement Lifetime A Must filled setting Enter the Router Advertisement Lifetime in seconds 200 is setted by default Select St...

Page 145: ...page Normally with global IP address or FQDN of WAN interface in the gateway employees who travel outside the office can access various servers behind the office gateway You can set up those servers b...

Page 146: ...seful when you run a server inside your network For example if you set a mail server at LAN side your local devices can access this mail server through gateway s global IP address when enable NAT loop...

Page 147: ...ration NAT Loopback NAT Loopback Enable Configuration Path Virtual Server Virtual Computer Virtual Server List ID 1 2 Public Port 25 SMTP 110 POP3 Server IP 10 0 75 101 10 0 75 101 Private Port 25 SMT...

Page 148: ...ess from inside your local network Enable NAT Loopback Go to Basic Network NAT Bridging Configuration tab Configuration Item Value setting Description NAT Loopback The box is checked by default Check...

Page 149: ...This device s NAT firewall filters out unrecognized packets to protect your Intranet so all hosts behind this device gateway are invisible to the outside world If you wish you can make some of them ac...

Page 150: ...de with IP address 10 0 75 101 a remote user can access the gateway for E mail service if you defined a virtual E mail server for the gateway by using the real E mail server on the LAN side as shown i...

Page 151: ...10 0 75 101 in the Intranet of Network A including SMTP service port 25 and POP3 service port 110 So the remote user can access the E mail server in the gateway that has the global IP 118 18 81 33 at...

Page 152: ...o implement the application scenario Scenario Description A LAN host is assigned with a global IP address to be visible to outside world The host has an embedded FTP file server and is protected by th...

Page 153: ...TP file server by server s global IP address and it acts as a media between the LAN host and the outside world by using its Virtual Computer feature So remote users can request for file services from...

Page 154: ...x enabled Server IP A Must filled setting This field is to specify the IP address of the interface selected in the WAN Interface setting above Protocol A Must filled setting When ICMPv4 is selected I...

Page 155: ...number Public Port is selected Port Range and specify a port range and Private Port can be selected Single Port or Port Range Apply Time Schedule to this rule otherwise leave it as Always refer to Sc...

Page 156: ...he router allows you to custom your Virtual Computer rules The router supports up to a maximum of 20 rule based Virtual Computer sets When Add button is applied Virtual Computer Rule Configuration scr...

Page 157: ...ALG allows customized NAT traversal filters to be plugged into the gateway to support address and port translation for certain application layer control data protocols such as FTP BitTorrent SIP RTSP...

Page 158: ...ports are pb and pc once the pa port is toggled at LAN interface of gateway Scenario Application Timing When local user wants to run an application to access the server in the Internet and the applic...

Page 159: ...ctivate the rule So the local user at host with IP address 10 0 75 100 can enjoy the music by using Quick Time 4 application The media server is in the Internet ALG Configuration This gateway supports...

Page 160: ...rameter configuration for the NAT gateway in above diagram Configuration Path Special AP ALG Configuration ALG SIP ALG Enable Scenario Operation Procedure In above diagram the NAT Gateway is the gatew...

Page 161: ...Support some SIP ALG like STUN Enable Special AP and Virtual Computer Go to Basic Network NAT Bridging Special AP ALG tab Special AP ALG tab Item Value setting Description Special AP The box is checke...

Page 162: ...ular Applications is selected Battle net Port and Incoming Ports will be defined automatically Apply Time Schedule to this rule otherwise leave it as Always refer to Scheduling setting under System Th...

Page 163: ...ve it as Always refer to Scheduling setting under System Then check Rule box to enable this rule When Popular Applications is selected Quick Time 4 Port is the same with Incoming Ports Apply Time Sche...

Page 164: ...address in the Intranet to be DMZ host so that the host under DMZ function can run applications freely that would otherwise blocked by NAT mechanism of the gateway with DMZ feature disabled That is t...

Page 165: ...all normal and active packets from the Internet Remote user can access the DMZ host by using the IP address of the gateway and the gateway will skip the NAT checking on the DMZ host DMZ host is still...

Page 166: ...DMZ tab Configuration Item Value setting Description DMZ 1 A Must filled setting 2 Default is ALL Check the Enable box to activate this NAT function Define the selected interface to be the packet ente...

Page 167: ...Go to Basic Network NAT Bridging SDMZ Configuration Item Value setting Description Enable On Off setting When Enable is checked It means that SDMZ function is enabled and it will start to match the en...

Page 168: ...g When Enable is checked It means that this rule take effect Note that one rule of a WAN can be enabled at the same time Save NA Click the Save button to save the configuration Undo NA Click the Undo...

Page 169: ...routers by using some protocols such as RIP OSPF and BGP It is dynamic routing These both routing approaches will be illustrated one after one 3 b 1 Static Routing Static Routing function lets you def...

Page 170: ...n that can let you add one new static routing rule While the Edit button at the end of each static routing rule can let you modify the rule Static Routing Rule Configuration To configure one static ro...

Page 171: ...125 73 108 Subnet Mask 255 255 255 255 255 255 255 255 Gateway 118 18 81 1 203 95 80 1 Metric 255 255 Rule Enable Enable Scenario Operation Procedure In above diagram the Gateway is the gateway of Ne...

Page 172: ...tatic Routing function The box is unchecked by default Check the Enable box to activate this function Create Edit Static Routing Rules The router allows you to custom your static routing rules It supp...

Page 173: ...etting The Metric of this static routing rule Enabling the rule The box is unchecked by default Click Enable box to activate this rule Save NA Click the Save button to save the configuration Undo NA C...

Page 174: ...ynamic Routing page there are seven configuration windows for dynamic routing feature They are the RIP Configuration window OSPF Configuration window OSPF Area List OSPF Area Configuration BGP Configu...

Page 175: ...uting Information Protocol RIP is one of the oldest distance vector routing protocols which employs the hop count as a routing metric RIP prevents routing loops by implementing a limit on the number o...

Page 176: ...nstructs a topology map of the network The topology is presented as a routing table to the Internet Layer which routes datagrams based solely on the destination IP address found in IP packets OSPF det...

Page 177: ...rprise and expects the gateway to learn its routing table by using OSPF protocol from the enterprise backbone The OSPF gateway will forward its routing information to other routers that are under the...

Page 178: ...e dominated areas of the OSPF Gateway know the shortest routing path for each destination IP address of outgoing packets BGP Scenario Border Gateway Protocol BGP is a standardized exterior gateway pro...

Page 179: ...e another especially if they are multihomed Very large private IP networks use BGP internally An example would be the joining of a number of large OSPF Open Shortest Path First networks where OSPF by...

Page 180: ...103 0 1 10 104 0 1 Neighbor ID 101 102 103 104 Neighbor Enable Enable Enable Enable Scenario Operation Procedure In above diagram the BGP Gateway is one gateway of its dominated AS self IP is 10 100...

Page 181: ...amic Routing function The box is unchecked by default Check the Enable box to activate this function The RIP configuration setting allows user to customize RIP protocol through the router based on the...

Page 182: ...ation with entered the ID and Key in these fields on OSPF protocol Backbone Subnet 1 Classless Inter Domain Routing CIDR Subnet Mask Notation Ex 192 168 1 0 24 2 A Must filled setting The Backbone Sub...

Page 183: ...Index skipping is used to reserve slots for new function insertion when required 183 default Save N A Click the Save button to save the configuration...

Page 184: ...Pv4 Format 2 A Must filled setting The Router ID of this router on BGP protocol Create Edit BGP Network Rules The router allows you to custom your BGP Network rules It supports up to a maximum of 32 r...

Page 185: ...ed BGP Neighbor Rule Configuration screen will appear Item Value setting Description Neighbor IP 1 IPv4 Format 2 A Must filled setting The Neighbor IP of this router on BGP Neighbor List Remote ASN 1...

Page 186: ...stination IP N A Routing record of Destination IP IPv4 Format Subnet Mask N A Routing record of Subnet Mask IPv4 Format Gateway IP N A Routing record of Gateway IP IPv4 Format Metric N A Routing recor...

Page 187: ...main name service DDNS Therefore anyone wishing to reach your host only needs to know the domain name Dynamic DNS will map the name of your host to your current IP address which changes each time you...

Page 188: ...net world will be able to link to your gateway by using your domain name regardless of the changing global IP adress Dynamic DNS Scenario Scenario Application Timing When the IP address of the Gateway...

Page 189: ...dynamic IP address for the WAN interface the DDNS agent in the gateway tries to request the DDNS server with the mapping between the domain name and the obtained WAN IP address of the gateway The DDNS...

Page 190: ...on is applied Pre defined Domain Name Configuration screen will appear Pre defined Domain Name Configuration Item Value setting Description Domain Name 1 String format can be any text 2 A Must filled...

Page 191: ...fault Selected the WAN Interface IP Address of the router Provider DynDNS org Dynamic is set by default Your DDNS provider of Dynamic DNS Host Name 1 String format can be any text 2 A Must filled sett...

Page 192: ...N IP Address is the same one of gateway LAN interface with its default Subnet Mask setting as 255 255 255 0 and its default IP Pool ranges is from 100 to 200 as shown at the DHCP Server List page on g...

Page 193: ...ike the LAN Interface IP Address Host Name MAC Address and the Remaining Lease Time Fixed Mapping User can assign fixed IP address to map the specific client MAC address by select them then copy when...

Page 194: ...ustomize DHCP Server policies to assign IP Addresses to the devices on the local area network LAN Go to Basic Network Client Server Proxy DHCP Server Tab Create Edit DHCP Server Policy The router allo...

Page 195: ...ng The Lease Time of this DHCP Server Domain Name String format can be any text The Domain Name of this DHCP Server Primary DNS IPv4 format The Primary DNS of this DHCP Server Secondary DNS IPv4 forma...

Page 196: ...ng The IP Address of this mapping rule Enabling the Rule The box is unchecked by default Click Enable box to activate this rule Save N A Click the Save button to save the configuration Undo N A Click...

Page 197: ...its sending out DHCPOFFER DHCPACK packages Option Meaning RFC 66 TFTP server name RFC 2132 72 Default World Wide Web Server RFC 2132 114 URL RFC 3679 Go to Basic Network Client Server Proxy DHCP Serv...

Page 198: ...ption you want to set Type Dropdown list of DHCP server option value s type Each different options has different value types 66 Single IP Address Single FQDN 72 IP Addresses List separated by 114 Sing...

Page 199: ...Index skipping is used to reserve slots for new function insertion when required 199 Save Undo DHCP Server Options Click Save to restart DHCP server forcing settings to take effect immediately...

Page 200: ...check box will activate all firewall functions The firewall configuration allows user to enable or disable all functions including Packet Filters URL Blocking Web Content Filters MAC Control Applicati...

Page 201: ...tion log alerting can be enabled through an Enable checkbox to log events Second the Packet Filter Rule List window lists all your defined packet filtering rule entry At last the Packet Filter Rule Co...

Page 202: ...igure The parameters in a rule include the rule name the from and to which interface the packet enters and leaves the source and destination IP addresses the destination service port type and port num...

Page 203: ...er Rule List ID 1 2 Rule Name Access 80 Access 443 Source IP IP Range 10 0 75 200 10 0 75 250 IP Range 10 0 75 200 10 0 75 250 Destination IP Specific IP Address 0 0 0 0 Specific IP Address 0 0 0 0 De...

Page 204: ...he Enable box to activate Packet Filter function Black List White List Filter Method Selection Deny those match the following rules is set by default When Deny those match the following rules is selec...

Page 205: ...be the packet entering interface of the router If the packets to be filtered are coming from LAN to WAN then select LAN for this field Or VLAN 1 to WAN then select VLAN 1 for this field Other examples...

Page 206: ...grouping setting screen Source MAC A Must filled setting This field is to specify the Source MAC address Select Any to filter packets coming from any MAC addresses Select Specific MAC Address to filte...

Page 207: ...d port number Then enter a pot number in Protocol Number box Time Schedule A Must filled setting Apply Time Schedule to this rule otherwise leave it as Always If the dropdown list is empty ensure Time...

Page 208: ...list In URL Blocking page there are three configuration windows They are the Configuration window URL Blocking Rule List window and URL Blocking Rule Configuration window The Configuration window can...

Page 209: ...Other Web requests will be blocked URL Blocking Rule List The URL Blocking Rule List shows the setup parameters of all URL blocking rules There also be one Add button at the URL Blocking Rule List cap...

Page 210: ...URL Blocking Configuration URL Blocking Enable Black List White List Allow all to pass except those match the following rules Invalid Access Web Redirection Enable Configuration Path URL Blocking URL...

Page 211: ...e blocked black listed In contrast with Allow those match the following rules you can specifically white list the packets to pass and the rest will be blocked Log Alert The box is unchecked by default...

Page 212: ...setting screen Source MAC A Must filled setting This field is to specify the Source MAC address Select Any to filter packets coming from any MAC addresses Select Specific MAC Address to filter packet...

Page 213: ...by default Click Enable box to activate this rule Save N A Click the Save button to save the configuration Undo N A Click the Undo button to restore what you just configured back to the previous setti...

Page 214: ...activate the Web content filtering function Some popular script types like Java Applet Java Scripts cookies and Active X are in the window and you can check their boxes to enable the gateway to filte...

Page 215: ...appear when you click on the Add or Edit button to configure The parameters in a rule include the rule name the defined file extension list to be filtered out the integrated time schedule rule and th...

Page 216: ...a and ActiveX objects then define further with objects in the Web Content Filter List that may include extension exe and com System will block requests containing objects with extension exe or com The...

Page 217: ...d button is applied Filter Rule Configuration screen will appear Web Content Filter Configuration Item Value setting Description Rule Name 1 String format can be any text 2 A Must filled setting Enter...

Page 218: ...grouping setting screen User defined File Extension List Use to Concatenate A Must filled setting Specify file extension list to filtering rule It supports up to a maximum of 10 file extension names i...

Page 219: ...tool that you can use to do quick copy the known MAC address of client hosts in the Intranet to facilitate creating rules Use the Copy to button to copy Second the MAC Control Rule List window lists...

Page 220: ...control rules There also be one Add button at the MAC Control Rule List caption that can let you add and create one new MAC control rule The Edit button at the end of each MAC control rule can let you...

Page 221: ...Setup Example Following tables list the parameter configuration as an example for the gateway in above diagram with MAC Control enabling Use default value for those parameters that are not mentioned...

Page 222: ...ecked by default Check the Enable box to activate the MAC filter function Black List White List Filter Method Selection Deny MAC Address Below is set by default When Deny MAC Address Below is selected...

Page 223: ...rule name Enter a name that is easy for you to remember MAC Address Ues to Compose 1 MAC Address string Format 2 A Must fill setting Specify the Source MAC Address to filter rule Time Schedule A Must...

Page 224: ...ategorize Internet Protocol packets based on their application layer data and allow or deny their passing of gateway It supports the application filters for various Internet chat software P2P download...

Page 225: ...Log Alert Enable Configuration Path Application Filters Application Filter List Rule Name Rule 1 Source IP IP Range 192 168 123 200 192 168 123 250 P2P Software BT BitTorrent BitSpirit BitComet eDonk...

Page 226: ...checked by default Check the Enable box to activate this filter function Log Alert The box is unchecked by default Check the Enable box to activate Event Log Create Edit Filter Rules The router suppor...

Page 227: ...roup selected Note group must be pre defined before this selection become available Refer to System Grouping Host grouping You may also access to create a group by the Add Rule shortcut button Setting...

Page 228: ...enable the IPS function and check the listed intrusion activities when needed There are some intrusion prevention items need a further Threshold parameter to work properly for intrusion detection You...

Page 229: ...tion The gateway serves as an E mail server Web Server and open TCP Port 8080 allowing user to access web based utility of Gateway so remote users or unknown users can request those services from the...

Page 230: ...k lots of packets in seconds IPS Setting The Intrusion Prevention System IPS setting allows user to customize intrusion prevention rules to prevent malicious packets Enabling IPS Firewall Go to Advanc...

Page 231: ...ctivate this intrusion prevention rule and enter the traffic threshold in this field UDP Flood Defense Click Enable box to activate this intrusion prevention rule and enter the traffic threshold in th...

Page 232: ...ock Fraggle Attack ARP Spoofing Defence 1 A Must filled setting 2 The box is unchecked by default 3 traffic threshold is set to 300 by default 4 The value range can be from 10 to 10000 Click Enable bo...

Page 233: ...rom WAN makes any host on the WAN side can t ping this product It means this device won t reply any ICMP packet from Internet Remote Administrator Hosts enables only the LAN users to browse the web ba...

Page 234: ...the parameter configuration as an example for the gateway in above diagram with SPI enabling Configuration Path Options Firewall Options SPI Enable Scenario Operation Procedure In above diagram the G...

Page 235: ...s surf the internet Following tables list the parameter configuration as an example for the gateway in above diagram Configuration Path Options Firewall Options Discard Ping from WAN Enable Remote Adm...

Page 236: ...lue setting Description Enable Stealth mode function The box is unchecked by default Check the Enable box to activate Stealth Mode function Enable SPI function The box is checked by default Check the...

Page 237: ...s Select Any IP to allow any remote hosts Select Specific IP to allow the remote host coming from a specific subnet An IP address entered in this field and a selected Subnet Mask to compose the subnet...

Page 238: ...g packets QoS determines which queue the packets enter based on priority This is useful when there are certain types of data you want to give higher priority to such as voice packets given higher prio...

Page 239: ...ameters for the QoS BWM function Incorrect information will result in poor bandwidth utilization System Resource Configuration The gateway system needs to know some system resource status for QoS BWM...

Page 240: ...also related to default banwidth of WANs WAN Interface By default WAN 1 is selected Select WAN 1 and then the following will show setting function that you can configure WAN 1 is available only when W...

Page 241: ...w and QoS Rule Configuration window The Configuration window can let you activate the Rule based QoS function In addition you can also enable the Flexible Bandwidth Management FBM feature for better u...

Page 242: ...ou want to add a new QoS rule or edit one already existed the QoS Rule Configuration window shows up for you to configure The parameters in a rule include the applied WAN interfaces the dedicated host...

Page 243: ...fined Services and Well known Services Well known services include FTP 21 SSH TCP 22 Telnet 23 SMTP 25 DNS 53 TFTP UDP 69 HTTP TCP 80 POP3 110 Auth 113 SFTP TCP 115 SNMP Traps UDP 161 162 LDAP TCP 389...

Page 244: ...op for incoming packets from some client hosts in the Intranet Parameter Setup Example Following tables list the parameter configuration as an example for the gateway in above diagram with Rule based...

Page 245: ...mit the connection sessions from some client hosts IP 10 0 75 16 31 to 20000 sessions totally for accessing the Internet he can use the Rule based QoS function to carry out it by defining an QoS rule...

Page 246: ...access the Internet via WAN 1 interface under the limitation of the maximum 20000 connection sessions totally at any time The Rule Based QoS allows user to configure QoS and bandwidth to set the limit...

Page 247: ...e WAN 2 Group A Must filled setting This field is to specify the Group of the interface selected in the Interface setting above Select Src MAC Address to prioritize packets based on MAC Configure Ser...

Page 248: ...ax rate and rate unit for this rule QoS Direction A Must filled setting When Outbound is selected It means the option QoS Direction of rule based QoS Rule is outbound Outbound means the Group option i...

Page 249: ...option is a destination group When Both is selected It means the option QoS Direction of rule based QoS Rule is both Time Schedule A Must filled setting Apply Time Schedule to this rule otherwise leav...

Page 250: ...ing Method of rule based QoS Rule is Individual Control When Group Control is selected It means the option Sharing Method of rule based QoS Rule is Group Control Time Schedule A Must filled setting Ap...

Page 251: ...he Group option is a destination group When Both is selected It means the option QoS Direction of rule based QoS Rule is both Time Schedule A Must filled setting Apply Time Schedule to this rule other...

Page 252: ...When Individual Control is selected It means the option Sharing Method of rule based QoS Rule is Individual Control When Group Control is selected It means the option Sharing Method of rule based QoS...

Page 253: ...A Must filled setting Apply Time Schedule to this rule otherwise leave it as Always refer to Scheduling setting under System Enabling the rule Click Enable box to activate this rule Click the Save bu...

Page 254: ...hnology supports data confidentiality data origin authentication and data integrity of network information by utilizing encapsulation protocols encryption algorithms and hashing algorithms The product...

Page 255: ...lots for new function insertion when required 255 VPN Configuration Item Value setting Description VPN The box is unchecked by default Check the Enable box to enable all VPN functions Save N A Click t...

Page 256: ...egotiates IKE SAs Security Association to set up a secure channel for negotiating IPSec SAs in phase 2 At IPSec phase IKE negotiates IPSec SA parameters and sets up matching IPSec SAs in the peers Aft...

Page 257: ...shows the maximum number of concurrent IPSec VPN tunnels that are running in system Tunnel List Status The Tunnel List shows the setup parameters of all IPSec VPN tunnels and their connection status...

Page 258: ...have their own subnet and the Site to Site tunnel scenario is used Site means a subnet of client hosts Scenario Description Both Initiator and Responder of IPSec tunnel must have a Static IP or a FQD...

Page 259: ...k B Configuration Path IPSec IKE Phase Negotiation Mode Aggressive Mode X Auth None DPD Enable For Network B at Branch Office Following 5 tables list the parameter configuration for above example diag...

Page 260: ...Phase Negotiation Mode Aggressive Mode X Auth None DPD Enable Scenario Operation Procedure In above diagram Network A is in the headquarters and the subnet of its Intranet is 10 0 76 0 24 The security...

Page 261: ...application scenario Scenario Application Timing If the gateway in Control Center wants to access remote sites with public IP even if private IP Address in cellular Network the Dynamic VPN connection...

Page 262: ...Enable Configuration Path IPSec Tunnel Configuration Tunnel Enable Tunnel Name dvpn 101 Interface WAN 1 Tunnel Scenario Dynamic VPN Operation Mode Always on Configuration Path IPSec Local Remote Conf...

Page 263: ...t 10 0 76 0 Remote Netmask 255 255 255 0 Remote Gateway 203 95 80 22 or www abc com Configuration Path IPSec Authentication Key Management IKE Pre shared Key 12345678 Remote ID User Name Network B Con...

Page 264: ...tiation packets It must be noted that the remote peer has to initiate the tunnel establishing process first in this application scenario Scenario Application Timing If the gateway in Control Center wa...

Page 265: ...example diagram of IPSec VPN tunnel in Network A Use default value for those parameters that are not mentioned in these 5 tables Configuration Path IPSec Configuration IPSec Enable NAT Traversal Enab...

Page 266: ...e dvpn 201 Interface WAN 1 Tunnel Scenario Host to Site Operation Mode Always on Configuration Path IPSec Local Remote Configuration Remote Subnet 10 0 76 0 Remote Netmask 255 255 255 0 Remote Gateway...

Page 267: ...onfigure via VPN Tunnel Scenario Application Timing If Both gateways are global IP Address and Admin user in Control Center wants to manage remote sites or serial based access devices with public IP i...

Page 268: ...al Netmask 255 255 255 0 Remote Subnet 118 18 81 33 Remote Netmask 255 255 255 255 Remote Gateway 118 18 81 33 Configuration Path IPSec Authentication Key Management IKE Pre shared Key 12345678 Local...

Page 269: ...ath IPSec Authentication Key Management IKE Pre shared Key 12345678 Local ID User Name Network B Remote ID User Name Network A Configuration Path IPSec IKE Phase Negotiation Mode Aggressive Mode X Aut...

Page 270: ...scenario Scenario Application Timing If the security gateway in headquarters wants to allow any remote devices to securely and always access the enterprise operation systems to access office resources...

Page 271: ...ive Mode Aggressive Mode X Auth None None For Network B at Mobile Office or Remote Site Following 5 tables list the parameter configuration for above example diagram of IPSec VPN tunnel in Network B U...

Page 272: ...IP address of 10 0 76 2 for LAN interface and 203 95 80 22 or FQDN www abc com for WAN interface However Network B is in the mobile office and the subnet of its Intranet is 192 168 1 0 24 The security...

Page 273: ...ssing HQ servers all are done on a secured connection through HQ Business Security Gateway Following diagram illustrates this application scenario It is the same as the one for the Site to Site scenar...

Page 274: ...sferred via the established VPN tunnel Parameter Setup Example For Network A at HQ Following 5 tables list the parameter configuration for above example diagram of IPSec VPN tunnel in Network A Use de...

Page 275: ...in IKE Phase configuration window should be also matched in both peers And there is at least one proposal entity in IKE Proposal Definition and at least one proposal entity in IPSec Proposal Definitio...

Page 276: ...k B has the IP address of 10 0 75 2 for LAN interface and 118 18 81 33 for WAN interface Establish an IPSec VPN tunnel with Site to Site scenario by starting from either site So both Intranets of 10 0...

Page 277: ...nd remote access levels comparable with typical VPN products Deploy a security gateway for local office and establish a virtual private network with the remote gateway of another office by using PPTP...

Page 278: ...Enable box In the Client Server field of the Configuration window choose either Server or Client Choose Server to define the gateway as the PPTP VPN server for remote clients to initiate the connectio...

Page 279: ...address and call ID of all PPTP clients User Account List User Account List lists your defined user accounts that can be accepted by the PPTP server User Account Configuration User Account Configurat...

Page 280: ...ng the PPTP tunnel connection with its account password PPTP protocol is used for establishing a PPTP VPN tunnel Parameter Setup Example For Network A at HQ Following 3 tables list the parameter confi...

Page 281: ...r defined PPTP clients and their tunnel connection status Only some important information for all tunnels are shown in the list as following diagram Configuration for A PPTP Client Configuration for A...

Page 282: ...Usually these hosts at PPTP client peer access the Internet directly via the WAN interface of Security Gateway 2 Only the packets whose destination is in the dedicated subnet to Network A will be tran...

Page 283: ...Subnet Default Gateway Authentication Protocol MS CHAP MPPE Encryption Enable Tunnel Enable Scenario Operation Procedure In above diagram Network A is in the headquarters and the subnet of its Intran...

Page 284: ...figuration tab Enabling PPTP Go to Advanced Network VPN PPTP tab Enable PPTP Window Item Value setting Description PPTP Unchecked by default Click the Enable box to activate PPTP function Client Serve...

Page 285: ...t fill setting 2 Default is 100 This is the PPTP server s Virtual IP DHCP server User can specify the last IP address for the subnet from which the PPTP client s IP address will be assigned Authentica...

Page 286: ...dd user account Enter User name and password Then check the enable box to enable the user Click Save button to save new user account The selected user account can permanently be deleted by clicking th...

Page 287: ...u will need to select a primary IPSec tunnel from which to failover to Load Balance Define whether the PPTP tunnel connection will take part in load balance function of the gateway You will not need t...

Page 288: ...fy whether PPTP server supports MPPE Protocol Click the Enable box to enable MPPE Note when MPPE Encryption is enabled the Authentication Protocol PAP CHAP options will not be available NAT before Tun...

Page 289: ...eling So all client hosts behind local security gateway can make data communication with others behind remote gateway Or when you are a mobile user with your notebook or carrying along a security gate...

Page 290: ...erver for remote clients to initiate the connection to establish VPN tunnels Or choose Client to create multiple L2TP VPN clients to establish VPN tunnels to remote gateways Moreover the security gate...

Page 291: ...unt List User Account List lists your defined user accounts that can be accepted by the L2TP server User Account Configuration User Account Configuration window can let you specify the required parame...

Page 292: ...an L2TP VPN tunnel Parameter Setup Example For Network A at HQ Following 3 tables list the parameter configuration for above example diagram of L2TP VPN server in Network A Use default value for thos...

Page 293: ...tatus window shows your defined L2TP clients and their tunnel status Only some important information for all tunnels are shown in the list as following diagram Configuration for A L2TP Client Configur...

Page 294: ...eway 2 or the mobile device can access the resources in the Intranet of Network A at headquarters via this established L2TP tunnel Usually these hosts at L2TP client peer access the Internet directly...

Page 295: ...les Configuration Path L2TP Configuration L2TP Enable Client Server Client Configuration Path L2TP L2TP Client Configuration L2TP Client Enable Configuration Path L2TP Configuration for A L2TP Client...

Page 296: ...rk A at HQ in a secured link However if the Default Gateway Remote Subnet parameter in the Security Gateway 2 is configured to Default Gateway the Internet accessing of L2TP Client peer also go throug...

Page 297: ...set as the starting IP which assign to L2TP client IP Pool Ending Address A Must filled setting Specify the L2TP server ending IP of virtual IP pool It will set as the ending IP which assign to L2TP c...

Page 298: ...button to enable user account Specify Username Fill in the username Specify Password Fill in the password Click save button to save user account When select Client in Client Server a series L2TP Clien...

Page 299: ...mote LNS IP FQDN for this L2TP tunnel Fill in the IP address or FQDN Remote LNS Port A Must filled setting Specify the Remote LNS Port for this L2TP tunnel Fill in the value for LNS port Username A Mu...

Page 300: ...is L2TP tunnel LCP Echo Type A Must filled setting Specify the LCP Echo Type for this L2TP tunnel Select Auto Auto setting the Interval and Max Failure Time Selected User defined Fill in the Interval...

Page 301: ...ecurity gateway can establish a GRE VPN tunnel with remote gateway in headquarters Client hosts in these both Intranets of branch office and headquarters can make data communication each other In GRE...

Page 302: ...illustrates the security gateway in headquarters playing the GRE server role In fact the GRE tunnel establishment can be started from either site The GRE tunnel is established by starting from GRE cl...

Page 303: ...emote Subnet 10 0 75 0 24 Tunnel Enable Scenario Operation Procedure In above diagram Network A is in the headquarters and the subnet of its Intranet is 10 0 76 0 24 The security gateway for Network A...

Page 304: ...via the GRE tunnel as shown in the diagram by configuring the GRE tunnel is the default gateway at GRE client peer the Internet accessing packets will be also sent to the Security Gateway 1 in Network...

Page 305: ...ress of 10 0 76 2 for LAN interface and 203 95 80 22 for WAN interface It serves as a GRE server However Network B is in the branch office and the subnet of its Intranet is 10 0 75 0 24 The security g...

Page 306: ...ption GRE Unchecked by default Click the Enable box to enable GRE function Max Concurrent GRE Tunnels 1 32 is set by default 2 Max of 32 connections It specifies the maximum number of simultaneous GRE...

Page 307: ...ess of remote GRE tunnel gateway Normally this is the public IP address of the remote GRE gateway TTL 1 A Must fill setting 2 1 to 255 range Specify TTL hop count value for this GRE tunnel Keep alive...

Page 308: ...Encapsulation Mode will not be available when DMVPN is not enabled Tunnel Unchecked by default Check Enable box to enable this GRE tunnel Save N A Click Save button to save the settings Undo N A Clic...

Page 309: ...ing signature and Certificate authority It uses the OpenSSL encryption library extensively as well as the SSLv3 TLSv1 protocol and contains many security and control features Deploy a security gateway...

Page 310: ...Index skipping is used to reserve slots for new function insertion when required 310...

Page 311: ...urity gateway can play either OpenVPN Server role or OpenVPN Client role or they both You can define the both roles one after one Choose one role in the Configuration window and configure all required...

Page 312: ...OpenVPN server for remote clients to establish VPN tunnels to it Or you can create multiple OpenVPN clients for the gateway to establish VPN tunnels to remote gateways The security gateway serves as t...

Page 313: ...penVPN in TAP bridge mode OpenVPN TAP Server Configuration OpenVPN Server Configuration window can let you enable the OpenVPN server function define the pool of virtual IP addresses that will assign t...

Page 314: ...way can be accessed from Network A at Control Center via this established OpenVPN tunnel Scenario Description OpenVPN Tunneling is a Client and Server based tunneling technology The OpenVPN Server mus...

Page 315: ...ddress 10 0 76 200 IP Pool Ending Address 10 0 76 220 Gateway 10 0 76 253 Netmask 255 255 255 0 24 Encryption Cipher Blowfish Hash Algorithm SHA 1 LZO Compression Adaptive Scenario Operation Procedure...

Page 316: ...ndow can let you enable the OpenVPN client function by checking the Enable box OpenVPN TAP Client List OpenVPN Client List window shows your defined OpenVPN clients and their tunnel status Only some i...

Page 317: ...es as the OpenVPN VPN server Once the tunnel has been established Cellular Gateway or Serial based access devices can be accessed the resources in the Intranet of Network A at Control Center via this...

Page 318: ...76 0 24 Authorization Mode TLS CA Cert RootCA Client Cert local Client key localkey Encryption Cipher Blowfish NAT Disable Hash Algorithm SHA 1 LZO Compression Adaptive Scenario Operation Procedure I...

Page 319: ...hich is different from the local LAN Remote Hosts that dial in will get an IP address inside the Virtual network and will have access only to the server where OpenVPN resides If you want to give remot...

Page 320: ...way can be accessed from Network A at Control Center via this established OpenVPN tunnel Scenario Description OpenVPN Tunneling is a Client and Server based tunneling technology The OpenVPN Server mus...

Page 321: ...Blowfish Hash Algorithm SHA 1 LZO Compression Adaptive Scenario Operation Procedure In above diagram Network A is in the Control Center and the subnet of its Intranet is 10 0 76 0 24 The security gate...

Page 322: ...ndow can let you enable the OpenVPN client function by checking the Enable box OpenVPN TAP Client List OpenVPN Client List window shows your defined OpenVPN clients and their tunnel status Only some i...

Page 323: ...enVPN VPN server Once the tunnel has been established Cellular Gateway and Serial based access devices can be accessed the resources in the Intranet of Network A at Control Center via this established...

Page 324: ...l Center and the subnet of its Intranet is 10 0 76 0 24 The security gateway for Network A has the IP address of 10 0 76 2 for LAN interface and 203 95 80 22 for WAN interface It serves as a OpenVPN s...

Page 325: ...s assigned to the virtual router instead of a physical router If the physical router that is routing packets on behalf of the virtual router fails another physical router is selected to automatically...

Page 326: ...cription When the master gateway is disabled of its Internet connection the backup gateway whose priority is the highest among the ones with alive Internet connection will take over the data communica...

Page 327: ...re the redundant gateway group of Network A and the subnet of its Intranet is 10 0 75 0 24 The master gateway has the IP address of 10 0 75 1 for LAN interface 203 95 80 22 for WAN 1 interface However...

Page 328: ...2 A Must filled setting Define the Virtual Server ID on VRRP of the router The value range is from 1 to 255 Priority of Virtual Server 1 Numberic String Format 2 A Must filled setting Define the Prior...

Page 329: ...col it provides the communication between customer premises equipment CPE and Auto Configuration Servers ACS The Security Gateway is such CPE TR 069 is a customized feature for ISP It is not recommend...

Page 330: ...elsewhere in the world the gateways in all branch offices must have an embedded TR 069 agent to communicate with the ACS server So that the ACS server can configure FW upgrade and monitor these gatew...

Page 331: ...Gateway 1 is one of them and has 118 18 81 33 IP address for its WAN 1 interface When all remote gateways have booted up they will try to connect to the ACS server Once the connections are established...

Page 332: ...rovide ACS password and manually set ConnectionRequest Port A Must filled setting You can ask ACS manager provide ACS ConnectionRequest Port and manually set ConnectionRequest Username A Must filled s...

Page 333: ...nd applying a new configuration through remote modification of these variables The variables accessible via SNMP are organized in hierarchies These hierarchies and other metadata such as type and desc...

Page 334: ...n for user authentication and data hashing and encryption In SNMPv3 SNMP protocol supports user privacy feature additionally By referring to above setting diagram there are 3 privacy modes authPriv au...

Page 335: ...age some devices and they all have supported SNMP protocol use either one application scenario especially the management of devices in the Intranet In managing devices in the Internet the TR 069 is th...

Page 336: ...reachable network The Gateway 1 is one of the managed devices and it has the IP address of 10 0 75 2 for LAN interface and 118 18 81 33 for WAN 1 interface It serves as a NAT router At first stage th...

Page 337: ...The v1 box is checked by default 2 The v2c box is checked by default Select the version for the SNMP When Check the v1 box It means you can access SNMP by version 1 When Check the v2c box It means yo...

Page 338: ...illed setting 3 String format any text Specify this version 1 or version v2c user s community that will be allowed Read Only GET and GETNEXT or Read Write GET GETNEXT and SET access respectively The m...

Page 339: ...ode is authNoPriv or authPriv you must specify the Password for this version 3 user The minimum length of the password is 8 The maximum length of the password is 64 Authentication 1 None is selected b...

Page 340: ...ess for this version 3 user to the subtree rooted at the given OID The range of the each OID number is 1 2080768 Enable 1 The box is checked by default Click Enable to enable this version 3 user Save...

Page 341: ...led setting 2 String format any Ipv4 address Specify the trap Server IP The DUT will send trap to the server IP Server Port 1 String format any port number 2 The default SNMP trap port is 162 3 A Must...

Page 342: ...thNoPriv You must specify the Authentication and Password Selected the authPriv You must specify the Authentication Password Encryption and Privacy Key Authentication 1 A v3 Must filled setting 2 None...

Page 343: ...erprise Number 2 A Must filled setting 3 String format any number Specify the Enterprise Number for the particular private mib The range of the enterprise number is 1 2080768 Enterprise OID 1 The defa...

Page 344: ...automate via scripting The device supports both Telnet and SSH Secure Shell CLI with default service port 23 and 22 respectively In Telnet with CLI page there are two configuration windows for the Tel...

Page 345: ...lnet or SSH utility with privileged user name and password The data packets between the Local Admin and the Gateway or between the Remote Admin and the Gateway can be plain texts or encrypted texts Su...

Page 346: ...1 33 for WAN 1 interface It serves as a NAT gateway The Local Admin in the Intranet uses Telnet utility with privileged account to login the Gateway Or the Remote Admin in the Internet uses SSH utilit...

Page 347: ...y default Service Port is 22 Check the Telnet Enable box to activate telnet service Check the SSH Enable box to activate SSH service You can set which number of Service Port you want to provide for th...

Page 348: ...rks multiplayer gaming and remote assistance programs need a way to communicate through home and business gateways Without IGD one has to manually configure the gateway to allow traffic through a proc...

Page 349: ...teway of Network A and the subnet of its Intranet is 10 0 75 0 24 It has the IP address of 10 0 75 2 for LAN interface and 118 18 81 33 for WAN 1 interface There is one gaming station in the Intranet...

Page 350: ...ew function insertion when required 350 UPnP Configuration Item Name Value Setting Description UPnP Default checked Check to enable UPnP functionality Save N A Click the Save button to save changes Un...

Page 351: ...rs to issue certificates for them In a web of trust scheme the signer is either the key s owner a self signed certificate or other users endorsements whom the person examining the certificate might kn...

Page 352: ...r organization is located State ST is the state where your organization is located Location L is the location where your organization is located Organization O is the name of your organization Organiz...

Page 353: ...tes function The Root CA window can let you generate or delete the certificate of root CA Root CA Configuration window can let you fill required information necessary for generating the root CA Howeve...

Page 354: ...cenario Application Timing When the enterprise gateway owns the root CA and VPN tunneling function it can generate its own local certificates by being signed by itself or import any local certificates...

Page 355: ...he tables Configuration Path My Certificates Root CA Certificate Configuration Name HQRootCA Key Key Type RSA Key Length 1024 bits Subject Name Country C TW State ST Taiwan Location L Tainan Organizat...

Page 356: ...e the whole user scenario Use default value for those parameters that are not mentioned in the tables Configuration Path My Certificates Local Certificate Configuration Name BranchCRT Self signed Key...

Page 357: ...at is signed by itself Import the certificates of the root CA and HQCRT into the Trusted CA Certificate List and Trusted Client Certificate List of Gateway 2 Gateway 2 generates a Certificate Signing...

Page 358: ...ion Organization Unit OU is the name of your organization unit Common Name CN is the name of your organization Email is the email of your organization It has to be email address setting only Extra Att...

Page 359: ...om user s computer and click the Apply button to import the specified certificate file to the gateway PEM Encoded 1 String format can be any text 2 A Must filled setting This is an alternative approac...

Page 360: ...let you copy the contents of dedicated CA certificate and paste them in the window to be a trusted one for the gateway Similarly the Trusted Client Certificate List window the Trusted Client Certifica...

Page 361: ...x of those certificates and clicking on the Delete button The View button allows you to view the contents of the dedicated certificate and download them to the management PC by using the Download butt...

Page 362: ...that all client hosts in these both subnets can communicate with each other Parameter Setup Example same as the one described in My Certificates section For Network A at HQ Following tables list the p...

Page 363: ...teway 1 into the Trusted CA Certificate List and Trusted Client Certificate List of Gateway 2 Import the obtained BranchCRT certificate the derived BranchCSR certificate after Gateway 1 s root CA sign...

Page 364: ...ard the import operation and the screen will return to the Trusted Certificates page Instead of importing a Trusted CA certificate with mentioned approaches you can also get the CA certificate from th...

Page 365: ...ort the specified certificate file to the gateway Import from a PEM 1 String format can be any text 2 A Must filled setting This is an alternative approach to import a certificate You can directly fil...

Page 366: ...the gateway Import from a PEM 1 String format can be any text 2 A Must filled setting This is an alternative approach to import a certificate key You can directly fill in Copy and Paste the PEM encode...

Page 367: ...window let you browse the directories and file list of the managing PC to choose a CSR file and import it as the certificate signing request The gateway will generates the certificate based on the de...

Page 368: ...d button The default name of the saved certification file is issued crt You need to change to a preferred file name Certificate Signing Request CSR Import from a PEM Copy the contents of one CSR in PE...

Page 369: ...of the Gateway 1 sign it to be the BranchCRT certificate Import the certificate into the Gateway 2 as a local certificate In addition also imports the certificates of the root CA of the Gateway 1 int...

Page 370: ...tificates of the root CA and HQCRT into the Trusted CA Certificate List and Trusted Client Certificate List of Gateway 2 Gateway 2 generates a Certificate Signing Request BranchCSR for its own certifi...

Page 371: ...uest CSR Import from a File A Must filled setting It could select a certificate signing request file from user s computer for importing to DUT Certificate Signing Request CSR Import from a PEM 1 Strin...

Page 372: ...ly one configuration window for the serial port settings The Configuration window can let you specify serial port parameters including the operation mode being Virtual COM Modbus or disabled the inter...

Page 373: ...efault Select the appropriate baud rate for serial device communication RS 232 9600 19200 38400 57600 115200 RS 485 9600 19200 38400 57600 115200 230400 460800 Data Bits 8 is set by default Select 8 o...

Page 374: ...user to access serial data remotely There are TCP Client TCP Server UDP and RFC2217 modes for remote accessing the connected serial device These operation modes are illustrated as below TCP Client Mod...

Page 375: ...settings Finally the host computer can process the collected serial data and make further decisions Parameter Setup Example Following tables list the parameter configuration as an example for TCP Cli...

Page 376: ...l try to establish a TCP connection to the gateway if the connection is off After the data has been transferred the TCP connection will be automatically disconnected from the host computer by using th...

Page 377: ...vice via the gateway Scenario Description A remote Internet host computer whose IP address is 140 116 82 98 has a management system in it to collect the serial data from or send data to the serial dev...

Page 378: ...RFC2217 can be used to install in the host computer the driver establishes a transparent connection between host and serial device by mapping the IP Port of the gateway s serial port to a virtual loca...

Page 379: ...DP and RFC2217 modes for remote accessing the connected serial device To use the Virtual COM function you have to specify the operation mode for the multi function serial port first Go to Advanced Net...

Page 380: ...Range 0 to 60 min Enter the idle timeout in minutes The idle timeout is used to disconnect the TCP connection when idle time elapsed Idle timeout is only available when On Demand is selected in the C...

Page 381: ...d access control The TCP Server supports up to 4 simultaneous connections to receive serial data from multiple TCP clients Enable TCP Server Mode Window Item Value setting Description Operation Mode A...

Page 382: ...specify the rule for selected Serial Port Enable The box is unchecked by default Check the Enable box to enable the rule Save N A Click Save button to save the settings Enable UDP Mode UDP User Datagr...

Page 383: ...ess range of remote UDP hosts Remote Port 4001 is set by default Indicate the UDP port of peer UDP hosts Serial Port SPort 0 is set by default Apply the UDP hosts for a selected serial port Up to 4 UD...

Page 384: ...Alive Check Timeout 0 is set by default Input the time period of alive check timeout The connection will be terminated if it doesn t receive response of alive check longer than this timeout setting E...

Page 385: ...ial based protocols In order to integrate Modbus networks the IoT Gateway including a serial port that support RS 232 and RS 485 communication interface can automatically and intelligently translate b...

Page 386: ...rs including the Slave ID the Ethernet or Serial type of interface and the serial protocol if Serial interface is chosen The third window Modbus TCP Configuration can let you specify related parameter...

Page 387: ...d to the IoT Gateway the Modbus gateway And IoT Gateway executes corresponding processes and replies the Modbus TCP Master with the results Scenario Description The IoT Gateway serves as the Modbus ga...

Page 388: ...ration Path Modbus Modbus Priority Priority 1 2 Settings IP Address 203 95 80 22 IP Address 203 95 80 23 Enable Enable Enable Scenario Operation Procedure In above diagram the IoT Gateway is the gatew...

Page 389: ...r executing some actions and making responses then the scenario is adequate for the application The Modbus TCP Master requests the information of or sending control commands to the IoT Gateway the Mod...

Page 390: ...mal operating the Modbus TCP Master sends requests to the IoT Gateway for obtaining information from or controlling to it via the general Internet accessing approach The IoT Gateway collects its own s...

Page 391: ...dbus Slave Device Mode the AMIT gateway would act as a standalone Modbus slave role in a Modbus network Gateway information can be requested by the existed SCADA network for Modbus device Management A...

Page 392: ...s gateway function Response Timeout 1000 in ms is set by default This sets the response timeout of the slave after master request sent If the slave does not response within the specified time data wou...

Page 393: ...nd a 0Bh exception code message to Modbus Master to indicate that the slave device does not respond before the timeout has been reached Tx Delay Unchecked by default Check the Enable box to activate t...

Page 394: ...o initiate a TCP connection Press Edit Button to select Master mode and other configuration in the following setting Modbus Serial Definition Window Item Value setting Description Serial Port N A It d...

Page 395: ...nge 1 to 247 Enter the Modbus ID range of the remote Modbus Slave s that will respond to the Master s request Local Serial Port Unchecked by default Select the Serial port from which the Master s requ...

Page 396: ...ble Slave attached Mode Note When operates in Slave attached mode the AMIT gateway will run in TCP server mode to wait for a TCP connection request Press Edit Button to select Slave mode and other con...

Page 397: ...ters on the TCP network TCP Connection Configuration Window Item Value setting Description TCP Connection Idle Time 1 300 is set by default 2 Range 1 to 65535 Enter the idle timeout in seconds If the...

Page 398: ...checked by default Check the Enable box to enable the rule in chosen Serial Port Enable Unchecked by default Check Enable box to enable this rule Save N A Click the Save button to save the settings Le...

Page 399: ...ugh the settings described in the Modbus attached Mode section and the Legacy Modbus Slave Device Mode section 5 d 9 Data Logging Data Logging function is a very useful and also important feature for...

Page 400: ...defined rules via Proxy Mode Rule Configuration to do the Data Acquisition by IoT Gateway itself automatically once the network connection between remote SCADA was lost unexpectedly the Proxy Mode wil...

Page 401: ...and WEB UI admin user can download the resulting data over the internet intranet by FTP service or from WEB UI for further analysis Only when the FTP download item was checked as Enable then user can...

Page 402: ...Logging function and ensure that storage media was ready to use on the IoT Gateway e g to plug an USB Stick in USB port or insert a microSD Card then click and check to enable the FTP download option...

Page 403: ...ata Logging rule don t forget to choose the suitable rules for Proxy Mode enabling Once the rules adding finished we still can do further modification by clicking on the Edit button of those existing...

Page 404: ...e to data logging function Export File Format CSV is set by default Choose the file format FTP download The box is unchecked by default Check the Enable box to activate to FTP download function It can...

Page 405: ...y rules if the proxy mode is activated Slave ID Range 1 A Must filled setting 2 Range 1 to 247 Enter the Slave ID Range to send the proxy rules if the proxy mode is activated Proxy Mode The box is unc...

Page 406: ...g list Function Name Code Read Coils is set by default The modbus protocol for read function Start Address 1 A Must filled setting 2 Range 0 to 65535 The modbus protocol for Start Address Start Addres...

Page 407: ...ervice component of phone Web or mobile communication systems It uses standardized communications protocols to allow fixed line or mobile phone devices to exchange short text messages 14 SMS as used o...

Page 408: ...isplays information such as the numbers of unread SMS messages total received SMS messages and SMS messages in free space Moreover a New SMS button can let you compose and send a new SMS message The S...

Page 409: ...New SMS N A Click New SMS button a New SMS screen appears User can set the SMS setting from this screen Refer to New SMS in the next page SMS Inbox N A Click SMS Inbox button a SMS Inbox List screen a...

Page 410: ...number from SMS Timestamp N A What time receive SMS SMS Text Preview N A Preview the SMS text Action The box is unchecked by default User can check the box then click Delete button to delete SMS User...

Page 411: ...on The connection remains open allowing a two way exchange of a sequence of data This makes USSD more responsive than services that use SMS 1 In USSD page there are four windows for the USSD function...

Page 412: ...ssion Scenario Scenario Application Timing When the administrator wants to uses the Voice Gateway to ask for some ISP s services through an USSD session the scenario is adequate for the application Fo...

Page 413: ...ming setting profile and the USSD Command field shows 135 Click on the Send button to send out the USSD request via the gateway and the recevied response will appear at USSD Response line As you type...

Page 414: ...e Comments is this profile comment USSD Request When send the USSD command the USSD Response screen will appear When click the Clear button the USSD Response will disappear USSD Request Item Value set...

Page 415: ...re two windows for the Network Scan function The Configuration window can let you select which 3G 4G module physical interface is used to perform Network Scan and system will show the current used SIM...

Page 416: ...dule and user need to select option at least one for all network type Scan Approach The box is Auto by default When Auto selected cellular module register automatically If the Manually selected Networ...

Page 417: ...ateway via the SMS system Only these phones can SMS control the gateway Furthermore the SMS messages can be removed after being processed by the system to clear up the memory to receive more other man...

Page 418: ...ssaging access control From which phone number the gateway will receive the management SMS messages or to which phone the gateway can issue the notification SMS messages A SMS based Remote Management...

Page 419: ...iguration Path Remote Management Specific Phone Number Definition ID 1 Phone Number 8869116xxxxx Granted Functions Management Notification Enable Scenario Operation Procedure In above diagram the Cell...

Page 420: ...ent Item Value setting Description SMS Remote Management The box is unchecked by default Check the Enable box to activate SMS Remote Management function Managing Events The box is unchecked by default...

Page 421: ...fter it has been processed Delete All Received SMS N A Press the Active button to delete all the received SMS Security Key The box is unchecked by default Click the Enable box to enable the security k...

Page 422: ...nt Definition Item Value setting Description Phone Number 1 Mobile telephone numbers format 2 A Must filled setting Specify the phone number that will issuing the SMS as the account identifier Applica...

Page 423: ...tion to specify Modbus Event Handlers All box is unchecked by default Specify the related Handlers for the managing event Select Power Checkbox and select the handlers you want to specify Power Handle...

Page 424: ...select profile from Digital Output DO Profile List to specify the DO Response Select SMS to specify the SMS Response Select SNMP Trap to specify the SNMP Trap Response Select Modbus and select profil...

Page 425: ...n to specify WiFi Event Select Client Server Proxy and select the event condition to specify Client Server Proxy Event Select System Related and the event condition to specify System Related Event Han...

Page 426: ...iber As SIM card plays an important role between service providers and subscribers some security mechanisms are required on SIM card to prevent any unauthorized access Imagining you are not aware that...

Page 427: ...ower nearby and start to provide cellular related services After understanding the potential risk and purpose of SIM lock you should know how important and easy to finish this job Speaking of the purc...

Page 428: ...ay model you purchased SIM Status It shows current status of selected SIM The status could be Ready Not Insert or SIM PIN Hereafter is the definition for each status Ready SIM card is inserted and rea...

Page 429: ...get a PUK code to unlock SIM card SIM Lock Enable or disable SIM lock function Please always enter correct PIN code whenever you enable or disable SIM lock function If it s the first time to enable S...

Page 430: ...re PIN code In this case the PUK Status will turns to PUK Lock In a normal situation it will display PUK Unlock Remaining Times Indicate the remaining times of failure trial for PUK code This number w...

Page 431: ...inserted in SIM A slot for 3G 4G 1 WAN connection Configuration Configuration Path Mobile Applications SIM PIN Configuration Physical Interface 3G 4G 1 SIM Status SIM PIN SIM Selection SIM A SIM Func...

Page 432: ...tting Sim Pin is the application of that allows user to enable disable or change sim card password It can also unlock the PUK when password is locked Configuration setting Go to Applications Mobile Ap...

Page 433: ...w PIN Code that afresh configure the sim card Save N A Click the Save button to save the configuration SIM function Application Enable or Disable pin code password function even the change pin code fu...

Page 434: ...setting Description Current PIN Code N A It need you fill in the current pin code password then you can change the pin code New PIN Code N A Fill in the PIN Code you want to change Verified New PIN Co...

Page 435: ...ation Item Value setting Description Clean NA Clean text area You should click Save button to further clean the configuration already saved in the system Backup NA Backup and download configuration Sa...

Page 436: ...The OpenVPN will use TLS authorization mode and the following items CA Cert Client Cert and Client Key need to specify as well OPENVPN_CA_CERT A Must filled Setting Specify the Trusted CA certificate...

Page 437: ...ion Action Option Description clone Output file Duplicate the configuration content from database and stored as a configuration file ex txtConfig clone tmp config The contents in the configuration fil...

Page 438: ...some gateways can whitelist TCP ports The MAC address of attached clients can also be set to bypass the login process This technique has occasionally been referred to as UAM Universal Access Method i...

Page 439: ...from the pre defined external server object list Internal Captive Portal Before enabling internal Captive Portal function please go to System External Servers to define some external server objects l...

Page 440: ...those parameters that are not mentioned in the tables Configuration Path DHCP Server DHCP Server Configuration DHCP Server Name DHCP 2 LAN IP Address 10 0 76 2 Subnet Mask 255 255 255 0 24 IP Pool 10...

Page 441: ...t group hasn t been authenticated by the gateway So the gateway redirects the request to the UAM web page and asks the user to input correct account and password Once the user authentication process c...

Page 442: ...Index skipping is used to reserve slots for new function insertion when required 442...

Page 443: ...tions can be added by enable WAN interface in Basic Network WAN Physical Interface LAN Subnet A Must filled setting This field is to specify the LAN subnet of captive portal When DHCP 1 is selected me...

Page 444: ...tional setting The domain names filled in this field can be accessed directly without direct to login page Authentication Server A Must filled setting This field is to specify the authentication serve...

Page 445: ...dbus devices and D O devices which are already well connected to The supported events are categorized into two groups the notifying events and managing events The notifying events are the events that...

Page 446: ...everal items they are the SMS Account Definition Email Service Definition Digital Input DI Profile Configuration Digital Output DO Profile Configuration and Modbus Definition Then you have to configur...

Page 447: ...profile Managing Events Trigger Type SMS SNMP Trap DI and Modbus Handlers WAN behavior LAN VLAN behavior WIFI behavior NAT behavior Firewall behavior System Management System Related D O profile Resp...

Page 448: ...a maximum of 5 accounts You can click the Edit button for each ID to edit the account SMS Account Definition Item Value setting Description Phone Number 1 Mobile telephone numbers format 2 A Must fill...

Page 449: ...pply Email Server profile from External Server settings Email Addresses 1 Internet E mail address format 2 A Must filled setting Specify the Destination Email Addresses Enable The box is unchecked by...

Page 450: ...e DI Profile Name DI Source ID1 by default Specify the DI Source It could be ID1 Normal Level Low by default Specify the Normal Level It could be Low or High Signal Active Time 1 Numberic String forma...

Page 451: ...tal Signal Period 1 Numberic String format 2 A Must filled setting Specify the Total Signal Period It could be from 10 to 10000 milliseconds Repeat Counter The box is unchecked by default Check the En...

Page 452: ...Read Function for Managing Events Write Function Write Single Registers by default Specify the Write Function for Notifying Events Modbus Mode Serial by default Specify the Modbus Mode It could be Se...

Page 453: ...the configuration Undo NA Click the Undo button to restore what you just configured back to the previous setting Please note that the restored setting may not be the factory default setting but a ret...

Page 454: ...tion to specify Modbus Event Handlers All box is unchecked by default Specify the related Handlers for the managing event Select Power Checkbox and select the handlers you want to specify Power Handle...

Page 455: ...ult Click Enable box to activate this Managing Event setting Save NA Click the Save button to save the configuration Undo NA Click the Undo button to restore what you just configured back to the previ...

Page 456: ...Proxy Event Select System Related and the event condition to specify System Related Event Handlers All box is unchecked by default Specify the Handlers to take reaction when the event is triggered Se...

Page 457: ...rades Email alert and system log Go to System System Related tab Change Password Change password screen allows network administrator to change the web based utility login password to access gateway Go...

Page 458: ...been upgraded and system configuration file has been loaded Go to System System Related System Information tab System Information Item Value Setting Description WAN Type N A It displays WAN Type of W...

Page 459: ...og History Item Value setting Description View button N A Click on the View button to view Log History in Web Log List Window Email Now button N A Click on the Email Now button to send Log History via...

Page 460: ...elect the type of event to log and be displayed in the Web Log List Window as described in the previous section Click on the View button to view Log History in the Web Log List window Web Log Type Cat...

Page 461: ...pient s Email account Separate Email accounts with comma or semicolon Enter the Email account in the format of myemail domain com Subject String any text Enter an Email subject that is easy for you to...

Page 462: ...one syslog server from the Server dropdown box to sent event log to If none has been available press Add Object button to create a syslog server Log type category Default unchecked Select the type of...

Page 463: ...ternal is selected by default Select internal or external storage Log file name Default unchecked Set file name to save logs in storage Split file Enable Default unchecked Check to enable split file w...

Page 464: ...Date _ index Define the output filename If left blank the device automatically assigns a name in the format of File Name _ index pcap Split Files 1 Optional setting 2 The default value of File Size is...

Page 465: ...s to filter packets That means Packet Analyzer will only capture packets which match rules Capture Fitters Item Value setting Description Filter Optional setting When Enable is checked It means that P...

Page 466: ...lter rule with Destination MACs which means the destination MAC address of packets Packets which match rules will be captured Multiple input is accepted but it must be seperated by e g AA BB CC DD EE...

Page 467: ...which can be applied to other functionality Go to System Scheduling Schedule Settings Button description Item Value setting Description Add N A Click the Add button to configure time schedule rule De...

Page 468: ...ate the function been applied to in the time period below Time Period Definition Item Value Setting Description Week Day Select from menu Select everyday or one of weekday Start Time Time format hh mm...

Page 469: ...n will appear Host Group Configuration Item Value setting Description Group Name 1 String format can be any text 2 A Must filled setting Enter a group rule name Enter a name that is easy for you to un...

Page 470: ...l appear File Extension Group Configuration Item Value setting Description Group Name 1 String format can be any text 2 A Must filled setting Enter a group rule name Enter a name that is easy for you...

Page 471: ...an be added Include ace ari bzip2 bz2 cab gz gzip rar sit and zip When Execution is selected there are total eight file extension names about execution can be added Include bas bat com exe inf pif reg...

Page 472: ...P2P is selected there are total seven P2P application can be added Include BT eDonkey eMule Shareaza HTTP Multiple Thread Download Thunder Baofeng When Proxy is selected there are three proxy applica...

Page 473: ...text Then check Enable box to add this server Syslog Server A Must filled setting When Syslog Server is selected it means the option External Servers is set Syslog Server Server Port will be set 514 b...

Page 474: ...ormat any text N AS Gateway ID String format any text Location ID String format any text Location Name String format any text Then check Enable box to add this server TACACS Server A Must filled setti...

Page 475: ...he setting allows administrator to enable automatic logout and set the logout idle time When the Time out is disabled the system will not logout the administrator automatically Go to System MMI Web UI...

Reviews: