Amit IOG761AM-0TDA1 User Manual Download Page 1

 

 
 
 
 

 
 
 
 

 

 

Modbus

 

Cellular Gateway

IOG761AM

0TDA1

  

 

User

 

Manual

 

Summary of Contents for IOG761AM-0TDA1

Page 1: ...Modbus Cellular Gateway IOG761AM 0TDA1 User Manual...

Page 2: ...he Unit 15 1 6 2 Insert the SIM Card 15 1 6 3 Connecting Power 16 1 6 4 Connecting DI DO Devices 17 1 6 5 Connecting Serial Devices 18 1 6 6 Connecting to the Network or a Host 18 1 6 7 Setup by Confi...

Page 3: ...ation 136 2 7 DNS DDNS 137 2 7 1 DNS DDNS Configuration 137 2 8 QoS 141 2 8 1 QoS Configuration 141 2 9 Redundancy 150 2 9 1 VRRP 150 Chapter 3 Object Definition 153 3 1 Scheduling 153 3 1 1 Schedulin...

Page 4: ...5 5 1 5 GRE 252 5 2 Firewall 256 5 2 1 Packet Filter 256 5 2 2 URL Blocking 261 5 2 3 MAC Control 265 5 2 4 Content Filter not supported 268 5 2 5 Application Filter not supported 269 5 2 6 IPS 270 5...

Page 5: ...SMS 323 7 1 3 SIM PIN 326 7 1 4 USSD 330 7 1 5 Network Scan 333 7 2 Event Handling 335 7 2 1 Configuration 337 7 2 2 Managing Events 346 7 2 3 Notifying Events 348 Chapter 8 Status 350 8 1 Dashboard n...

Page 6: ...s Cellular Gateway 6 8 5 Statistics Report 372 8 5 1 Connection Session 372 8 5 2 Network Traffic not supported 373 8 5 3 Device Administration 374 8 5 4 Cellular Usage 375 Appendix A GPL WRITTEN OFFE...

Page 7: ...powerful features for complex and demanding business and M2M Machine to Machine applications The redundancy design in fallback 9 48 VDC power terminal dual SIM cards and VRRP function makes the devic...

Page 8: ...ntity 1 IOG761AM 0TDA1 Modbus Cellular Gateway 1pcs 2 Cellular Antenna 2pcs 3 WiFi Antenna 2pcs 4 Power Adapter DC 12V 2A 1 1pcs 5 RJ45 Cable 1pcs 6 RJ11 Cable 1pcs 7 Console Cable 1pcs 8 8 Pin Termin...

Page 9: ...a quick and easy way to resort the default setting Press the RESET button continuously for 6 seconds and then release it The device will restore to factory default settings Auto MDI MDIX RJ45 Ports 4...

Page 10: ...Modbus Cellular Gateway 10 Bottom View Left View SIM B Slot SIM A Slot 2 4G WiFi Antenna 2 4G WiFi Antenna Power Terminal Block PWR1 GND PWR2 GND DI DI DO DO...

Page 11: ...ered on by power source 2 WLAN WiFi Green Steady ON Wireless radio is enabled Flash Data packets are transferred OFF Wireless radio is disabled SIM A Green Steady ON SIM card A is used SIM B Green Ste...

Page 12: ...e signal strength of 3G is strong Low 3G Signal Green Steady ON The signal strength of 3G is weak USB Green Steady ON If USB device is attached Serial Port Green Steady ON If serial device is attached...

Page 13: ...ting system An installed Ethernet adapter Browser Requirements Internet Explorer 6 0 or higher Chrome 2 0 or higher Firefox 3 0 or higher Safari 3 0 or higher 1 5 2 WARNING Only use the power adapter...

Page 14: ...face temperature for the metallic enclosure can be very high Especially after operating for a long time installed at a close cabinet without air conditioning support or in a high ambient temperature s...

Page 15: ...l bracket on the product first 1 6 2 Insert the SIM Card WARNING BEFORE INSERTING OR CHANGING THE SIM CARD PLEASE MAKE SURE THAT POWER OF THE DEVICE IS SWITCHED OFF The SIM card slots are located at t...

Page 16: ...NDUSTRIAL GRADE POWER SUPPLY FOR POWERING UP THE DEVICE For the dual power supply design on PWR1 and PWR2 the primary backup power mode is implemented If there is only one power source no matter it is...

Page 17: ...ase refer to following specification to connect DI and DO devices Mode Specification Digital Input Trigger Voltage high Logic level 1 5V 30V Normal Voltage low Logic level 0 0V 2 0V Digital Output Vol...

Page 18: ...a Host The IOG761 series provides four RJ45 ports to connect 10 100Mbps Ethernet It can auto detect the transmission speed on the network and configure itself automatically Connect the Ethernet cable...

Page 19: ...e IP Address http 192 168 123 254 4 When you see the login page enter the password admin 5 and then click Login button 4 The default LAN IP address of this gateway is 192 168 123 254 If you change it...

Page 20: ...devices dial in ISPs and then link to the Internet via different kinds of transmit media So the WAN Connection lets you specify the WAN Physical Interface WAN Internet Setup and WAN Load Balance for I...

Page 21: ...onfiguration Physical Interface List window shows all the available physical interfaces After clicking on the Edit button for the interface in Physical Interface List window the Interface Configuratio...

Page 22: ...hen its primary WAN connection is broken the backup connection will be started up to substitute the primary connection As shown in the diagram WAN 2 is backup WAN for WAN 1 WAN 1 serves as the primary...

Page 23: ...ble checkbox is activated it can allow the Failover interface to be connected continuously from system booting up Failover WAN interface just keeps connecting without data traffic The purpose is to sh...

Page 24: ...pear WAN 1 interface is used in this example Interface Configuration Interface Configuration Item Value setting Description Physical Interface 1 A Must fill setting 2 WAN 1 is the primary interface an...

Page 25: ...the primary or the secondary WAN link failed Then select the primary or the existed secondary WAN interface to switch Failover from Note for WAN 1 only Always on option is available VLAN Tagging Optio...

Page 26: ...Configuration and related configuration windows for each WAN type For the Internet setup of each WAN interface you must specify its WAN type of physical interface first and then its related parameter...

Page 27: ...ally is more expensive but very importat for cooperate requirement Dynamic IP The assigned IP address for the WAN by a DHCP server is different every time It is cheaper and usually for consumer use PP...

Page 28: ...g Enter the host name provided by your Service Provider ISP Registered MAC Address An optional setting Enter the MAC address that you have registered with your service provider Or Click the Clone butt...

Page 29: ...NS IP address given by your Service Provider WAN Type PPPoE When you select it PPPoE WAN Type Configuration will appear Items and setting is explained below PPPoE WAN Type Configuration Item Value set...

Page 30: ...st filled setting Enter the WAN subnet mask given by your Service Provider WAN Gateway A Must filled setting Enter the WAN gateway IP address given by your Service Provider When Dynamic IP is selected...

Page 31: ...r the WAN gateway IP address given by your Service Provider When Dynamic IP is selected there are no above settings required Server IP Address Name A Must filled setting Enter the L2TP server name or...

Page 32: ...utomatically once it has been booted up and try to reconnect once the connection is down It s recommended to choose this scheme if for mission critical applications to ensure full time Internet connec...

Page 33: ...monitor connection status continuous To do it ICMP Check and FQDN Query are used to check When there is trafiic of connection checking packet will waste bandwidth Response time of replied packets may...

Page 34: ...led the gateway will use DNS Query or ICMP to periodically check Internet connection connected or disconnected Choose either DNS Query or ICMP Checking to detect WAN link With DNS Query the system che...

Page 35: ...to discover which interfaces are connected to which device The router uses the interface information generated by IGMP to reduce bandwidth consumption in a multi access network environment to avoid fl...

Page 36: ...one WAN interface This device has featured by using dual SIM cards for one module with special fail over mechanism It is called Dual SIM Failover This feature is useful for ISP switch over when locati...

Page 37: ...se the other SIM card for an alternate automatically and will not switch back to use original SIM card except current SIM connection is also broken That is SIM A and SIM B are used iteratively but eit...

Page 38: ...is failed it will change to the other SIM card and try to dial again until the connection is up When SIM A only or SIM B only is selected it will try to dial up only using the SIM card you selected Wh...

Page 39: ...ration APN Profile List or Auto detection Select Manual configuration to set APN Access Point Name Dial Number Account and Password to what your carrier provides Select APN Profile List to set more th...

Page 40: ...n the server address is given by the carrier while dialing up Secondary DNS String format IP address IPv4 type Enter the IP address to change the secondary DNS Domain Name Server setting If it is not...

Page 41: ...lue Range 0 53 characters Password String format any text Enter the Password you want to use for the authentication Authentication 1 A Must filled setting 2 By default Auto is selected Select the Auth...

Page 42: ...Always is selected it means this WAN is under operation all the time Once you have set other schedule rules there will be other options to select Please go to Object Definition Scheduling for details...

Page 43: ...tion is acknowledged Value Range 2 10 seconds Target1 DNS1 set by default specifies the first target of sending DNS query ICMP request DNS1 set the primary DNS to be the target DNS2 set the secondary...

Page 44: ...n Edit button is applied Internet Connection Configuration screen will appear WAN 3 interface is used in this example Internet Connection Configuration Item Value setting Description WAN Type 1 A Must...

Page 45: ...name provided by your Service Provider ISP Registered MAC Address An optional setting Enter the MAC address that you have registered with your service provider Or Click the Clone button to clone your...

Page 46: ...onnection by sending DNS Query packets to the destination specified in Target 1 and Target 2 With ICMP Checking the system will check connection by sending ICMP request packets to the destination spec...

Page 47: ...ndo to cancel the settings IP over ATM ADSL WAN IP over ATM WAN Type Configuration Item Value setting Description IP Mode 1 A Must filled setting 2 Static IP Address is set by default Specify the IP m...

Page 48: ...ames specified by RFC 2684 Multi protocol Encapsulation over ATM These two options depend on your ISP setting VPI Number VCI Number 1 A Must filled setting 2 0 33 is set by default Enter the VPI VCI v...

Page 49: ...er the IP address of Secondary DNS server Service Name An optional setting Enter the service name if your ISP requires it Assigned IP Address An optional setting Enter the IP address assigned by your...

Page 50: ...irtual Channel Identifier Schedule Type 1 A Must filled setting 2 UBR is selected by default Select the schedule type from the dropdown list depending on your ISP setting It can be UBR Unspecified Bit...

Page 51: ...can select strategy according to application requirement and environment status The strategies are explained as below By Smart Weight If based on By Smart Weight strategy gateway will take the line sp...

Page 52: ...IP range Destination port can be a single port or port range You can select one target for one mapping to setup IP address and leave others just left as any All Besides this you can also set protocol...

Page 53: ...elect Load Balance Strategy Configuration Item Value setting Description Load Balance Unchecked by default Check the Enable box to activate Load Balance function Load Balance Strategy 1 A Must filled...

Page 54: ...ult Value Range 1 99 Note The sum of all weights can t be greater than 100 Save NA Click the Save button to save the configuration Undo NA Click the Undo button to restore what you just configured bac...

Page 55: ...he IPs Single IP Specify a unique IP Address for the traffics come to the IP Input format is xxx xxx xxx xxx e g 192 168 123 101 Domain Name Specify the domain name for the traffics come to the domain...

Page 56: ...can select strategy according to application requirement and environment status The strategies are explained as below By Smart Weight If based on By Smart Weight strategy gateway will take the line sp...

Page 57: ...IP range Destination port can be a single port or port range You can select one target for one mapping to setup IP address and leave others just left as any All Besides this you can also set protocol...

Page 58: ...elect Load Balance Strategy Configuration Item Value setting Description Load Balance Unchecked by default Check the Enable box to activate Load Balance function Load Balance Strategy 1 A Must filled...

Page 59: ...ult Value Range 1 99 Note The sum of all weights can t be greater than 100 Save NA Click the Save button to save the configuration Undo NA Click the Undo button to restore what you just configured bac...

Page 60: ...he IPs Single IP Specify a unique IP Address for the traffics come to the IP Input format is xxx xxx xxx xxx e g 192 168 123 101 Domain Name Specify the domain name for the traffics come to the domain...

Page 61: ...of this device The network device s on your network must use the LAN IP address of this device as their Default Gateway You can change it if necessary Note It s also the IP address of web UI If you c...

Page 62: ...filled setting 2 Lo is set by default Specify the Interface type It can be Lo or Br0 IP Address 1 An Optional setting 2 192 168 123 254 is set by default Enter the addition IP address for this device...

Page 63: ...VLAN Port based VLAN function can group Ethernet ports Port 1 Port 4 and WiFi Virtual Access Points VAP 1 VAP 8 together for differentiated services like Internet surfing multimedia enjoyment VoIP tal...

Page 64: ...Points VAP 1 VAP 8 together with different VLAN tags for deploying subnets in Intranet All packet flows can carry with different VLAN tags even at the same physical Ethernet port for Intranet These f...

Page 65: ...oup is equipped with DHCP 3 server to construct a 192 168 12 x subnet He also configure Meeting Rooms segment with VLAN ID 11 The VLAN group is equipped with DHCP 2 server to construct a 192 168 11 x...

Page 66: ...n specify members of one VLAN group to be able to access Internet or not Following is an example that VLAN groups of VID is 2 and 3 can access Internet but the one with VID is 1 cannot access Internet...

Page 67: ...a communication pair and one VLAN group can join many communication pairs But communication pair doesn t have the transitive property That is A can communicate with B and B can communicate with C it...

Page 68: ...g based Tag based VLAN allows you to add VLAN ID and select member and DHCP Server for this VLAN ID Go to Tag based VLAN List table Save NA Click the Save button to save the configuration Port based V...

Page 69: ...4094 VLAN Tagging Disable is selected by default The rule is activated according to VLAN ID and Port Members configuration when Enable is selected The rule is activated according Port Members configur...

Page 70: ...er assign a DHCP Server IP Address that the gateway will relay the DHCP requests to the assigned DHCP server DHCP Server Name A Must filled setting Define name of the DHCP Server IP Pool A Must filled...

Page 71: ...he DHCP Server wants to match IP Address A Must filled setting Define the IP Address that the DHCP Server will assign If there is a request from the MAC Address filled in the above field the DHCP Serv...

Page 72: ...nterface If uncheck a certain VLAN ID box it means the VLAN ID member can t access Internet anymore Note VLAN ID 1 is available always it is the default VLAN ID of LAN rule The other VLAN IDs are avai...

Page 73: ...filled setting Define the VLAN ID number range is 6 4094 Internet Access The box is checked by default Click Enable box to allow the members in the VLAN group access to internet Port The box is unche...

Page 74: ...gateway LAN interface with its default Subnet Mask setting as 255 255 255 0 and its default IP Pool ranges is from 100 to 200 as shown at the DHCP Server List page on gateway s WEB UI User can add mor...

Page 75: ...gn fixed IP address to map the specific client MAC address by select them then copy when targets were already existed in the DHCP Client List or to add some other Mapping Rules by manually in advance...

Page 76: ...ies to assign IP Addresses to the devices on the local area network LAN Create Edit DHCP Server Policy The gateway allows you to custom your DHCP Server Policy If multiple LAN ports are available you...

Page 77: ...DHCP Server Primary DNS IPv4 format The Primary DNS of this DHCP Server Secondary DNS IPv4 format The Secondary DNS of this DHCP Server Primary WINS IPv4 format The Primary WINS of this DHCP Server S...

Page 78: ...e previous setting Back N A When the Back button is clicked the screen will return to the DHCP Server Configuration page View Copy DHCP Client List When DHCP Client List button is applied DHCP Client...

Page 79: ...onfiguration Item Value setting Description Option Name 1 String format can be any text 2 A Must filled setting Enter a DHCP Server Option name Enter a name that is easy for you to understand DHCP Ser...

Page 80: ...t 3 IP list 4 URL format 5 A Must filled setting Should conform to Type Type Value 66 Single IP Address IPv4 format Single FQDN FQDN format 72 IP Addresses List separated by IPv4 format separated by 1...

Page 81: ...nt dual bands of operation There are several wireless operation modes provided by this device They are AP Router Mode WDS Only Mode and WDS Hybrid Mode You can choose the expected mode from the wirele...

Page 82: ...ices with the wireless gateway make sure your application scenario for WiFi network and choose the most adequate operation mode AP Router Mode This mode allows you to get your wired and wireless devic...

Page 83: ...teway 1 through WDS Both gateways connected by WDS need to setup the remote AP MAC for each other All client hosts under gateway 2 3 can request IP address from the DHCP server at gateway 1 Besides wi...

Page 84: ...As shown in the diagram the clients in VAP 1 and VAP 2 can communicate to each other when VAP Isolation is disabled Wi Fi Security Authentication Encryption Wi Fi security provides complete authentica...

Page 85: ...eration band for the WiFi module Basically this setting is fixed and cannot be changed once the module is integrated into the product However there is some module with selectable band for user to choo...

Page 86: ...te this function By default the box is checked it means that stations which associated to different VAPs cannot communicate with each other Multiple AP Names 1 A Must filled setting 2 VAP1 and VAP8 ar...

Page 87: ...t For security there are several authentication methods supported Client stations should provide the key when associate with this device When Open is selected The check box named 802 1x shows up next...

Page 88: ...ad of WEP without upgrading hardware Enter a Pre shared Key for it The length of key is from 8 to 63 characters AES The newest encryption system in WiFi it also designed for the fast 802 11n high bitr...

Page 89: ...ication methods supported Client stations should provide the key when associate with this device When Open is selected The check box named 802 1x shows up next to the dropdown list 802 1x The box is u...

Page 90: ...ength of key is from 8 to 63 characters AES The newest encryption system in WiFi it also designed for the fast 802 11n high bitrates schemes Enter a Pre shared Key for it The length of key is from 8 t...

Page 91: ...its setting at a time Enable Check the enable box to activate the selected VAP Max STA Limit the maximum number of client station Check this box and enter a limitation The box is unchecked unlimited b...

Page 92: ...lue is 1812 RADIUS Shared Key When Shared is selected The pre shared WEP key should be set for authenticating When Auto is selected The device will select Open or Shared by requesting of client automa...

Page 93: ...or it The length of key is from 8 to 63 characters You are recommended to use AES encryption instead of any others for security Save N A Click the Save button to save the current configuration Undo N...

Page 94: ...odule with selectable band for user to choose according to his network environment Under such situation you can specify which operation band is suitable for the application Multiple AP Names 1 A Must...

Page 95: ...shows the data rate between client and this device RSSI0 RSSI1 N A It shows the RX sensitivity RSSI value for each radio path Signal N A The signal strength between client and this device Interface N...

Page 96: ...to Basic Network WiFi Advanced Configuration Tab Select Target WiFi Target Configuration Item Value setting Description Module Select A Must filled setting Select the WiFi module to check the informa...

Page 97: ...y and jitter when transmitting multimedia content over a wireless connection Short GI By default 400ns is selected Short GI Guard Interval is defined to set the sending interval between each packet No...

Page 98: ...implifies aspects of address assignment stateless address auto configuration network renumbering and router announcements when changing Internet connectivity providers 2 4 1 IPv6 Configuration The IPv...

Page 99: ...IP addressing type in the information provided by your ISP to setup the IPv6 network DHCPv6 DHCP in IPv6 does the same function as DHCP in IPv4 The DHCP server sends IP address DNS server addresses an...

Page 100: ...erver DSLAM on the ISP side provides IPv6 configuration upon receiving PPPoEv6 client request When PPPoEv6 server gets client request and successfully authenticates it the server sends IP address DNS...

Page 101: ...Internet IPv4 to IPv6 migration 6in4 uses tunneling to encapsulate IPv6 traffic over explicitly configured IPv4 links As defined in RFC 4213 the 6in4 traffic is sent over the IPv4 Internet inside IPv...

Page 102: ...2 A Must filled setting Define the selected IPv6 WAN Connection Type to establish the IPv6 connectivity Select Static IPv6 when your ISP provides you with a set IPv6 addresses Then go to Static IPv6 W...

Page 103: ...Server Secondary DNS An optional setting Enter the WAN secondary DNS Server MLD Snooping The box is unchecked by default Enable Disable the MLD Snooping function LAN Configuration LAN Configuration It...

Page 104: ...odified by default Enter the WAN secondary DNS Server MLD The box is unchecked by default Enable Disable the MLD Snooping function LAN Configuration LAN Configuration Item Value setting Description Gl...

Page 105: ...ct your ISP Value Range 0 45 characters Connection Control Fixed value The value is Auto reconnect Always on MTU A Must filled setting Enter the MTU for setting up PPPoEv6 connection If you want more...

Page 106: ...MLD The box is unchecked by default Enable Disable the MLD Snooping function LAN Configuration LAN Configuration Item Value setting Description Global Address An optional setting Enter the LAN IPv6 A...

Page 107: ...ss A Must filled setting Filled Client IPv6 Address gotten from tunnel broker in this field Primary DNS An optional setting Enter the WAN primary DNS Server Secondary DNS An optional setting Enter the...

Page 108: ...Advertisement Lifetime A Must filled setting Enter the Router Advertisement Lifetime in seconds 200 is set by default Value Range 0 65535 Select Stateful to manage the Local Area Network to be Statef...

Page 109: ...Type Configuration page Usually all local hosts or servers behind corporate gateway are protected by NAT firewall NAT firewall will filter out unrecognized packets to protect your Intranet So all loca...

Page 110: ...On either side are you in accessing the email server at the LAN side or at the WAN side you don t need to change the IP address of the mail server Configuration Setting Go to Basic Network Port Forwar...

Page 111: ...ers behind office gateway You can set up those servers by using Virtual Server feature After trip if want to access those servers from LAN side by global IP without change original setting NAT Loopbac...

Page 112: ...ows you to access the WAN global IP address from your inside NAT local network It is useful when you run a server inside your network For example if you set a mail server at LAN side your local device...

Page 113: ...box to activate this port forwarding function Virtual Computer The box is checked by default Check the Enable box to activate this port forwarding function Save N A Click the Save button to save the s...

Page 114: ...ed setting When ICMPv4 is selected It means the option Protocol of packet filter rule is ICMPv4 Apply Time Schedule to this rule otherwise leave it as Always refer to Scheduling setting under Object D...

Page 115: ...selected Single Port or Port Range Value Range 1 65535 for Public Port Private Port When GRE is selected It means the option Protocol of packet filter rule is GRE When ESP is selected It means the opt...

Page 116: ...pplied Virtual Computer Rule Configuration screen will appear Virtual Computer Rule Configuration Item Value setting Description Global IP A Must filled setting This field is to specify the IP address...

Page 117: ...are not expected to receive by applications in the gateway or by other client hosts in the Intranet Certainly the DMZ host is also protected by the gateway firewall Activate the feature and specify t...

Page 118: ...activate it DMZ Pass Through Setting Go to Basic Network Port Forwarding DMZ Pass Through tab The DMZ host is a host that is exposed to the Internet cyberspace but still within the protection of fire...

Page 119: ...the product Pass Through Enable The boxes are checked by default Check the box to enable the pass through function for the IPSec PPTP and L2TP With the pass through function enabled the VPN hosts beh...

Page 120: ...Modbus Cellular Gateway 120 2 5 4 Special AP ALG not supported Not supported feature for the purchased product leave it as blank...

Page 121: ...d a private IP address of a local host In addition admin users also map a private IP address range to a public IP address range of equal instances This feature offers another way to make systems behin...

Page 122: ...tton to save the settings Create Edit IP Translation Rule When Add button is applied IP Translation Configuration screen will appear IP Translation Configuration Item Value setting Description Mapping...

Page 123: ...r the required subnet mask if Destination IP is specified above It can be a single IP with 255 255 255 255 32 subnet mask or an IP group limited with proper subnet setting Physical Interface 1 A Must...

Page 124: ...utes to various network destinations Thus constructing routing tables which are held in the router s memory is very important for efficient routing Most routing algorithms use only one network path at...

Page 125: ...s of packets to be transferred via which gateway interface and which peer gateway to their destination It can be carried out by the Static Routing feature Dedicated packet flows from the Intranet will...

Page 126: ...c Routing Rule Configuration window will appear to let you define a static routing rule Enable Static Routing Just check the Enable box to activate the Static Routing feature Static Routing Item Value...

Page 127: ...y IP of this static routing rule Interface Auto is set by default Select the Interface of this static routing rule It can be Auto or the available WAN LAN interfaces Metric 1 Numberic String Format 2...

Page 128: ...way supports dynamic routing protocols including RIPv1 RIPv2 Routing Information Protocol OSPF Open Shortest Path First and BGP Border Gateway Protocol for you to establish routing table automatically...

Page 129: ...a routing protocol that uses link state routing algorithm It is the most widely used interior gateway protocol IGP in large enterprise networks It gathers link state information from available routers...

Page 130: ...e AS0 self IP is 10 100 0 1 and self ID is 100 It links with other BGP gateways in the Internet The scenario is like Subnet in one ISP to be linked with the ones in other ISPs By operating with BGP pr...

Page 131: ...ured individually The RIP Configuration window lets you choose which version of RIP protocol to be activated or disable it The OSPF Configuration window can let you activate the OSPF dynamic routing p...

Page 132: ...The OSPF configuration setting allows user to customize OSPF protocol through the router based on their office setting OSPF Configuration Item Value setting Description OSPF Disable is set by default...

Page 133: ...a List rules It supports up to a maximum of 32 rule sets When Add button is applied OSPF Area Rule Configuration screen will appear OSPF Area Configuration Item Value setting Description Area Subnet 1...

Page 134: ...filled setting The ASN Number of this router on BGP protocol Value Range 1 4294967295 Router ID 1 IPv4 Format 2 A Must filled setting The Router ID of this router on BGP protocol Create Edit BGP Netwo...

Page 135: ...up to a maximum of 32 rule sets When Add button is applied BGP Neighbor Rule Configuration screen will appear BGP Neighbor Configuration Item Value setting Description Neighbor IP 1 IPv4 Format 2 A M...

Page 136: ...on IP IPv4 Format Subnet Mask N A Routing record of Subnet Mask IPv4 Format Gateway IP N A Routing record of Gateway IP IPv4 Format Metric N A Routing record of Metric Numeric String Format Interface...

Page 137: ...amic DNS you can refer to Wikipedia website6 7 2 7 1 DNS DDNS Configuration DNS The gateway supports DNS server function for the connected local clients which get the LAN IP from dynamic IP scheme So...

Page 138: ...address to a static domain name allowing the gateway to be more easily accessed from various locations on the Internet As shown in the diagram user registered a domain name to a third party DDNS servi...

Page 139: ...een will appear Pre defined Domain Name Configuration Item Value setting Description Domain Name 1 String format can be any text 2 A Must filled setting Enter a domain name that mapping the IP Address...

Page 140: ...t by default Select your DDNS provider of Dynamic DNS It can be DynDNS org Dynamic DynDNS org Custom NO IP com etc Host Name 1 String format can be any text 2 A Must filled setting Your registered hos...

Page 141: ...to access It is indeed required that an access gateway satisfies the requirements of latency critical applications minimum access right guarantee fair bandwidth usage for same subscribed condition and...

Page 142: ...gory can be based on VLAN ID MAC Address IP Address Host Name or Packet Length Differentiated Services Specify the service type in a QoS rule for the target packets to be applied on Differentiated ser...

Page 143: ...eature depends on model Outbound Inbound Control One QoS rule can be applied to the outbound or inbound direction of packet flow even them both This feature depends on model Two QoS rule examples are...

Page 144: ...6 199 to the code value AF Class2 High Drop he can use the Rule based QoS function to carry out this rule by defining an QoS rule as shown in above configuration Under such configuration all packets f...

Page 145: ...oS Function Configuration Item Value Setting Description QoS Type 1 Software is selected by default 2 The box is unchecked by default Select the QoS Type from the dropdown list and then click Enable b...

Page 146: ...d then the following WAN Interface Resource screen will show the related resources for configuration Bandwidth of Upstream Downstream Specify total upload download bandwidth of the selected WAN Value...

Page 147: ...le Select All WANs or a certain WAN n to filter the packets entering to or leaving from the interface s Group 1 A Must filled setting 2 Src MAC Address is selected by default Specify the Group categor...

Page 148: ...MINR MAXR field Connection Sessions Select Connection Sessions as the resource type for the QoS Rule and you have to assign supported session number in the Control Function Set Session Limitation fie...

Page 149: ...pecified in the rule Group Control If Group Control is selected all the group hosts share the same QoS service resource Time Schedule 1 A Must filled setting 2 0 Always is selected by default Apply Ti...

Page 150: ...k The protocol achieves this by creation of virtual routers which are an abstract representation of multiple routers i e master and backup routers acting as a group The default gateway of a participat...

Page 151: ...up gateway At first stage all data from the Intranet go through the master gateway that has the highest priority Once the master Internet connection is broken the backup gateway will take over the dat...

Page 152: ...t 2 A Must filled setting Specify the Priority of Virtual Server on VRRP of the gateway Value Range 1 254 and 254 is the highest priority Virtual Server IP Address 1 IPv4 Format 2 A Must filled settin...

Page 153: ...description Item Value setting Description Add N A Click the Add button to configure time schedule rule Delete N A Click the Delete button to delete selected rule s When Add button is applied Time Sc...

Page 154: ...u Select everyday or one of weekday Start Time Time format hh mm Start time in selected weekday End Time Time format hh mm End time in selected weekday Save N A Click Save to save the settings Undo N...

Page 155: ...Modbus Cellular Gateway 155 3 2 User not supported Not supported feature for the purchased product leave it as blank...

Page 156: ...roup Name 1 String format can be any text 2 A Must filled setting Enter a group name for the rule It is a name that is easy for you to understand Member List NA This field will indicate the hosts memb...

Page 157: ...n N A Add the members to the group in this field You can enter the member information as specified in the Member Type above and press the Join button to add Only one member can be add at a time so you...

Page 158: ...ernal Server Go to Object Definition External Server External Server tab The External Server setting allows user to add external server Create External Server When Add button is applied External Serve...

Page 159: ...CHAP is selected Session Timeout By default 1 The values must be between 1 and 60 Idle Timeout By default 1 The values must be between 1 and 26 Secondary Shared Key String format any text Authenticati...

Page 160: ...nsfer mode Select Passive or Active Server IP FQDN A Must filled setting Specify the IP address or FQDN used for the external server Server Port A Must filled setting Specify the Port used for the ext...

Page 161: ...users endorsements whom the person examining the certificate might know and trust The device also plays as a CA role Certificates are an important component of Transport Layer Security TLS sometimes c...

Page 162: ...dentifier in the signature algorithm identifier of certificates Subject Name A Must filled setting This field is to specify the information of certificate Country C is the two letter ISO code for the...

Page 163: ...n Automatically re enroll aging certificates The box is unchecked by default When SCEP is activated check the Enable box to activate this function It will be automatically check which certificate is a...

Page 164: ...nd Clients In addition since it has the root CA it also can sign Certificate Signing Requests CSR to form corresponding certificates for others These certificates can be used for two remote peers to m...

Page 165: ...ject Name Country C TW State ST Taiwan Location L Tainan Organization O AMITHQ Organization Unit OU HQRD Common Name CN HQRootCA E mail hqrootca amit com tw Configuration Path My Certificate Local Cer...

Page 166: ...sections to complete the whole user scenario Use default value for those parameters that are not mentioned in the tables Configuration Path My Certificate Local Certificate Configuration Name BranchCR...

Page 167: ...N 1 interface They both serve as the NAT security gateways Gateway 1 generates the root CA and a local certificate HQCRT that is signed by itself Import the certificates of the root CA and HQCRT into...

Page 168: ...ficates or CSRs for representing the gateway The Local Certificate Configuration window can let you fill required information necessary for corresponding certificate to be generated by itself or corre...

Page 169: ...xtra Attributes A Must filled setting This field is to specify the extra information for generating a certificate Challenge Password for the password you can use to request certificate revocation in t...

Page 170: ...ring format can be any text 2 A Must filled setting This is an alternative approach to import a certificate You can directly fill in Copy and Paste the PEM encoded certificate string and click the App...

Page 171: ...can be used for two remote peers to make sure their identity during establishing a VPN tunnel Scenario Description same as the one described in My Certificate section Gateway 1 generates the root CA...

Page 172: ...etup for the whole user scenario Configuration Path Trusted Certificate Trusted CA Certificate List Command Button Import Configuration Path Trusted Certificate Trusted CA Certificate Import from a Fi...

Page 173: ...f the Gateway 1 and the Local Certificate List of the Gateway 2 For more details refer to the Network B operation procedure in My Certificate section of this manual Gateway 2 can establish an IPSec VP...

Page 174: ...to import the specified CA certificate file to the gateway Import from a PEM 1 String format can be any text 2 A Must filled setting This is an alternative approach to import a CA certificate You can...

Page 175: ...te CA Identifier 1 String format can be any text Fill in optional CA Identifier to identify which CA could be used for signing certificates Save N A Click Save to save the settings Close N A Click the...

Page 176: ...ted Client Key When Import button is applied a Trusted Client Key Import screen will appear You can import a Trusted Client Key from an existed file or directly paste a PEM encoded string as the key T...

Page 177: ...ate Usage Scenario Scenario Application Timing same as the one described in My Certificate section When the enterprise gateway owns the root CA and VPN tunneling function it can generate its own local...

Page 178: ...1 is the gateway of Network A in headquarters and the subnet of its Intranet is 10 0 76 0 24 It has the IP address of 10 0 76 2 for LAN interface and 203 95 80 22 for WAN 1 interface The Gateway 2 is...

Page 179: ...le Item Value setting Description Certificate Signing Request CSR Import from a File A Must filled setting Select a certificate signing request file you re your computer for importing to the gateway C...

Page 180: ...or the Internet easily They can be Virtual COM and Modbus 4 1 1 Port Configuration Before using the supported field communication function like Virtual COM or Modbus you need to configure the physical...

Page 181: ...M Modbus and IEC 60870 5 Interface RS 232 is set by default Select RS 232 or RS 485 physical interface for connecting to the access device s with the same interface specification Baud Rate 19200 is se...

Page 182: ...RFC2217 modes for remote accessing the connected serial device These operation modes are illustrated as below TCP Client Mode When the administrator expects the gateway to actively establish a TCP con...

Page 183: ...d the TCP connection will be automatically disconnected from the host computer by using the TCP alive check timeout or idle timeout settings UDP Mode If both the Remote Host Computer and the serial de...

Page 184: ...eated it is required to specify the IP address of the host computers to establish connection with Any 3rd party driver supporting RFC2217 can be used to install in the host computer the driver establi...

Page 185: ...for a specified period You may also enable full time connection with the TCP server Enable TCP Client Mode Window Item Value setting Description Operation Mode A Must filled setting Select TCP Client...

Page 186: ...etting 2 Default value is 4001 Enter the TCP port number This is the listen port of the remote TCP server Value Range 1 65535 Serial Port SPort 0 is set by default Apply the TCP server connection for...

Page 187: ...w All to allow any TCP clients to connect Otherwise choose Specific IP to limit certain TCP clients Max Connection 1 Max 4 connections 2 1 is set by default Set the maximum number of concurrent TCP co...

Page 188: ...ault Check the box to specify the rule for selected Serial Port Definition Enable The box is unchecked by default Check the Enable box to enable the rule Save N A Click Save to save the settings Undo...

Page 189: ...to cancel the settings Specify Remote UDP Specify Remote UDP hosts Window Item Value setting Description Host A Must filled setting Press Edit button to enter IP address range of remote UDP hosts Rem...

Page 190: ...port of RFC 2217 connection Value Range 1 65535 Trust Type Allow All is set by default Choose Allow All to allow any clients to connect Otherwise choose Specific IP to limit certain clients Connection...

Page 191: ...RFC 2217 Clients for Access Window Item Value setting Description Host A Must filled setting Enter the IP address range of allowed clients Serial Port The box is unchecked by default Check the box to...

Page 192: ...l instruments over RS 485 without additional programming or effort NOTE When Modbus devices are connected to under the same serial port of IoT Modbus Gateway those Modbus devices must use the same pro...

Page 193: ...ce status like Cellular Network Status device DI DO status to remote Modbus Master via Modbus communication With the Slave option enabled the Modbus Master device can request the information or sendin...

Page 194: ...n Mode in Port Configuration screen to enable Modbus communication on the serial port Enable Modbus Gateway Gateway Configuration Item Value setting Description Modbus Gateway The box is checked by de...

Page 195: ...r transmitters off and their receivers back on Setup TCP IP Connection for Receiving Modbus Master Request The following Modbus TCP Configuration items allow user to set up the TCP connection settings...

Page 196: ...check Enable box to enable this rule Serial Port Unchecked by default Check the Enable box to enable the rule in chosen Serial Port Enable Unchecked by default Check the Enable box to enable this rul...

Page 197: ...0 7 0 2G 1 none 2 3G 3 3 5G 4 6 3 75G 7 LTE 4 DI_STATUS_1 R 0 OFF 1 ON 5 DI_STATUS_2 R 0 OFF 1 ON 6 DO_STATUS_1 R W 0 OFF 1 ON 7 DO_STATUS_2 R W 0 OFF 1 ON Modbus Priority Definition Message Bufferin...

Page 198: ...k the Save button to save the settings Specify the definition of attached serial device s Press Edit Button to select serial mode and other configuration in the following setting Modbus Serial Definit...

Page 199: ...7 Enter the Modbus ID range for the Modbus TCP Slave s that will respond to the Master s request In addition to specify the Slave IP and Port for accessing those Remote Modbus RTU Salve s located behi...

Page 200: ...ing the collected data in local storage in CSV file format When the network connection recovered admin user can download the data log files manually via FTP or web UI for further reference and mainten...

Page 201: ...keep its data acquisition process and if required the administrator can also get the stored data log files to tell if everything goes well or not Under the Data Logging Proxy mode user has to create...

Page 202: ...ing proxy function and execute the pre defined data acquisition task by itself The Modbus request issued by the Modbus Gateway Data Logging Proxy The response data that sent out from the polled Slave...

Page 203: ...ernal or Internal depends on the product specification Save NA Click the Save button to save the settings Note 1 If there is no available storage device the Enable checkbox will be grayed and you can...

Page 204: ...t Specify a certain read function for the Data Logging Proxy to issue and record the responses from device s Start Address 1 A Must filled setting 2 Range 0 to 65535 Specify the Start Address of regis...

Page 205: ...of the data logging rule Value Range 1 16 characters Mode Sniffer is selected by default Select an expected data logging scheme for the data logging rule There are five available schemes Sniffer The...

Page 206: ...dbus Master If no response from the master for the specified timeout setting selected proxy rule will be triggered and applied with the data logging rule Note If Off Line proxy scheme is selected the...

Page 207: ...Log File list screen The default Log File management settings will be applied if user didn t change it via the Edit button When the Edit button is applied Log File Configuration screen will appear Lo...

Page 208: ...ete File After Upload 1 An Optional filled setting 2 The box is unchecked by default If Auto Upload is activated user can further specify whether to delete the transferred log from the gateway storage...

Page 209: ...a combination of the two The tunnel technology supports data confidentiality data origin authentication and data integrity of network information by utilizing encapsulation protocols encryption algor...

Page 210: ...r as the responder This gateway can be configured as different roles and establish number of tunnels with various remote devices Before going to setup the VPN connections you may need to decide the sc...

Page 211: ...erver access and Internet access you can just enable the Full Tunnel setting As a result every time users surfs web or searching data on Internet checking personal emails or HQ server access all traff...

Page 212: ...nder and it must have a Static IP or FQDN It can allow many VPN clients initiators to connect to with various tunnel scenarios In short with a simple Dynamic VPN server setting many VPN clients can co...

Page 213: ...nds on Product specification The specified value will limit the maximum number of simultaneous IPSec tunnel connection The default value can be different for the purchased model Save N A Click Save to...

Page 214: ...erates in transport mode Hub and Spoke 1 An optional setting 2 None is set by default Select from the dropdown box to setup your gateway for Hub and Spoke IPSec VPN Deployments Select None if your dep...

Page 215: ...box to enable Keep alive function Select Ping IP to keep live and enter the IP address to ping Enter the ping time interval in seconds Value Range 30 999 seconds Note Keep alive option is not availabl...

Page 216: ...Object Definition Certificate in web based utility Manually user needs to enter key ID to authenticate Manual key configuration will be explained in the following Manual Key Management section Local...

Page 217: ...ct Server Client or None Selected None no X Auth authentication is required Selected Server this gateway will be an X Auth server Click on the X Auth Account button to create remote X Auth client acco...

Page 218: ...3DES Specify the Authentication method It can be None MD5 SHA1 SHA2 256 SHA2 512 Specify the DH Group It can be None Group1 Group2 Group5 Group14 Group15 Group16 Group17 Group18 Check Enable box to e...

Page 219: ...ion is selected for Key Management as described in Authentication Configuration Window a series of configuration windows for Manual IPSec Tunnel configuration will appear The configuration windows are...

Page 220: ...nder the Manually Key Management authentication configuration only one subnet is supported for both Local and Remote IPSec peer Manual Proposal Window Item Value setting Description Outbound SPI Hexad...

Page 221: ...l for site host to site host scenario when Edit button is applied a series of configuration screen will appear They are Tunnel Configuration Local Remote Configuration Authentication IKE Phase IKE Pro...

Page 222: ...ESP and AH Local Remote Configuration Window Item Value setting Description Local Subnet A Must fill setting Specify the Local Subnet IP address Local Netmask A Must fill setting Specify the Local Su...

Page 223: ...ers Select FQDN for Local ID and enter the FQDN Select User FQDN for Remote ID and enter the User FQDN Select Key ID for Remote ID and enter the Key ID English alphabet or number Note Remote ID will b...

Page 224: ...nt features to meet different application requirements There are two OpenVPN connection scenarios They are the TAP and TUN scenarios The product can create either a layer 3 based IP tunnel TUN or a la...

Page 225: ...mode the VPN client is given an IP address on the same subnet as the LAN resided under the OpenVPN server Under such configuration the OpenVPN client can directly access to the resources in LAN If you...

Page 226: ...ent for the gateway to operate Configuration Item Value setting Description OpenVPN The box is unchecked by default Check the Enable box to activate the OpenVPN function Server Client Server Configura...

Page 227: ...iguration window can let you enable the OpenVPN server function specify the virtual IP address of OpenVPN server when remote OpenVPN clients dial in and the authentication protocol OpenVPN Server Conf...

Page 228: ...s A Must filled setting Specify the virtual Local Endpoint IP Address of this OpenVPN gateway Value Range The IP format is 10 8 0 x the range of x is 1 254 Note Local Endpoint IP Address will be avail...

Page 229: ...Cipher from the dropdown list It can be Blowfish AES 256 AES 192 AES 128 None Hash Algorithm By default SHA 1 is selected Specify the Hash Algorithm from the dropdown list It can be SHA 1 MD5 MD4 SHA2...

Page 230: ...ey Note TLS Auth Key will be available only when TLS is chosen in Authorization Mode Client to Client The box is checked by default Check the Enable box to enable the traffics among different OpenVPN...

Page 231: ...DP is chosen in Protocol CCD Dir Default File 1 An Optional setting 2 String format any text Specify the CCD Dir Default File Value Range 0 256 characters Client Connection Script 1 An Optional settin...

Page 232: ...is applied OpenVPN Client Configuration screen will appear OpenVPN Client Configuration window let you specify the required parameters for an OpenVPN VPN client such as OpenVPN Client Name Interface...

Page 233: ...ask Redirect Internet Traffic 1 An Optional setting 2 The box is unchecked by default Check the Enable box to activate the Redirect Internet Traffic function NAT 1 An Optional setting 2 The box is unc...

Page 234: ...efault Adaptive is selected Specify the LZO Compression scheme It can be Adaptive YES NO Default Persis Key 1 An Optional setting 2 The box is checked by default Check the Enable box to activate the P...

Page 235: ...RSA WITH RC4 MD5 None Note TLS Cipher will be available only when TLS is chosen in Authorization Mode TLS Auth Key 1 An Optional setting 2 String format any text Specify the TLS Auth Key for connectin...

Page 236: ...lue is 1500 by default Specify the value of Tunnel UDP Fragment Value Range 0 1500 Note Tunnel UDP Fragment will be available only when UDP is chosen in Protocol Tunnel UDP MSS Fix The box is unchecke...

Page 237: ...col that it passes within the tunnel to provide privacy This Gateway can behave as a L2TP server and a L2TP client both at the same time L2TP Server It must have a static IP or a FQDN for clients to c...

Page 238: ...ay Remote Subnet configuration item When you choose Remote Subnet you need to specify one more setting the remote subnet It is for the Intranet of L2TP VPN server So at L2TP client peer the packets wh...

Page 239: ...n L2TP Unchecked by default Click the Enable box to activate L2TP function Client Server A Must fill setting Specify the role of L2TP Select Server or Client role your gateway will take Below are the...

Page 240: ...L2TP client Value Range 1 255 Authentication Protocol A Must filled setting Select single or multiple Authentication Protocols for the L2TP server with which to authenticate L2TP clients Available aut...

Page 241: ...the enable box to enable the user Click Save button to save new user account The selected user account can permanently be deleted by clicking the Delete button Value Range 1 32 characters As a L2TP C...

Page 242: ...tunnel name Enter a name that is easy for you to identify Value Range 1 32 characters Interface A Must filled setting Define the selected interface to be the used for this L2TP tunnel Select WAN 1 for...

Page 243: ...o authenticate Default Gateway Remote Subnet A Must filled setting Specify a gateway for this PPTP tunnel to reach PPTP server When you choose Remote Subnet you need to specify one more setting the re...

Page 244: ...the Interval and Max Failure Time Disable disable the LCP Echo Value Range 1 99999 for Interval Time 1 999 for Failure Time Service Port A Must filled setting Specify the Service Port for this L2TP t...

Page 245: ...res of the Windows PPTP stack The security gateway can play either PPTP Server role or PPTP Client role for a PPTP VPN tunnel or both at the same time for different tunnels PPTP tunnel process is near...

Page 246: ...ay Remote Subnet configuration item When you choose Remote Subnet you need to specify one more setting the remote subnet It is for the Intranet of PPTP VPN server So at PPTP client peer the packets wh...

Page 247: ...le box to activate PPTP function Client Server A Must fill setting Specify the role of PPTP Select Server or Client role your gateway will take Below are the configuration windows for PPTP Server and...

Page 248: ...rver User can specify the last IP address for the subnet from which the PPTP client s IP address will be assigned Value Range 1 255 Authentication Protocol 1 A Must fill setting 2 Unchecked by default...

Page 249: ...t The selected user account can permanently be deleted by clicking the Delete button Value Range 1 32 characters As a PPTP Client When select Client in Client Server a series PPTP Client Configuration...

Page 250: ...Always on Failover Load Balance Failover Always on Define whether the PPTP client is a failover tunnel function or an always on tunnel Note If this PPTP is a failover tunneling you will need to select...

Page 251: ...packets come through the PPTP VPN tunnel The Remote Subnet format must be IP address netmask e g 10 0 0 2 24 Authentication Protocol 1 A Must fill setting 2 Unchecked by default Specify one ore multi...

Page 252: ...r gateway can be worked as either a client or a server even using the same set of configuration rule GRE Tunnel Scenario To setup a GRE tunnel each peer needs to setup its global IP as tunnel IP and f...

Page 253: ...ng allows user to create and configure GRE tunnels Enable GRE Enable GRE Window Item Value setting Description GRE Tunnel Unchecked by default Click the Enable box to enable GRE function Max Concurren...

Page 254: ...Failover Always Define whether the GRE tunnel is a failover tunnel function or an Always on tunnel Note If this GRE is a failover tunneling you will need to select a primary GRE tunnel from which to f...

Page 255: ...subnet if the default gateway is not used to connect to the GRE server The Remote Subnet format must be IP address netmask e g 10 0 0 2 24 DMVPN Spoke Unchecked by default Specify whether the gateway...

Page 256: ...2 Firewall The firewall functions include Packet Filter URL Blocking Content Filter MAC Control Application Filter IPS and some firewall options The supported function can be different for the purchas...

Page 257: ...ite list Allow those match the following rules and define the rules Rule 1 is to allow HTTP packets to pass and Rule 2 is to allow HTTPS packets to pass Under such configuration the gateway will allow...

Page 258: ...ked Log Alert The box is unchecked by default Check the Enable box to activate Event Log Save N A Click Save to save the settings Undo N A Click Undo to cancel the settings Create Edit Packet Filter R...

Page 259: ...ed before this option become available Refer to Object Definition Grouping Host grouping You may also access to create a group by the Add Rule shortcut button Destination IP 1 A Must filled setting 2...

Page 260: ...d otherwise select User defined Service and specify a port range Then for Destination Port select a predefined port dropdown box when Well known Service is selected otherwise select User defined Servi...

Page 261: ...ts listed in the rule list will be blocked if one pattern in the requests matches to one rule Other Web requests can pass through the gateway In contrast when you choose Deny all to pass except those...

Page 262: ...RL Domain Name Keyword the destination service ports the integrated time schedule rule and the rule activation Enable URL Blocking Configuration Item Value setting Description URL Blocking The box is...

Page 263: ...te group must be pre defined before this option become available Refer to Object Definition Grouping Host grouping Source MAC 1 A Must filled setting 2 Any is set by default This field is to specify t...

Page 264: ...ecific range of Ports entered in this field Time Schedule Rule A Must filled setting Apply a specific Time Schedule to this rule otherwise leave it as 0 Always If the dropdown list is empty ensure Tim...

Page 265: ...MAC addresses he can use the MAC Control function to reject with the black list configuration MAC Control with Black List Scenario As shown in the diagram enable the MAC control function and specify t...

Page 266: ...te List Deny MAC Address Below is set by default When Deny MAC Address Below is selected as the name suggest packets specified in the rules will be blocked black listed In contrast with Allow MAC Addr...

Page 267: ...hat is easy for you to remember MAC Address Use to Compose 1 MAC Address string Format 2 A Must fill setting Specify the Source MAC Address to filter rule Time Schedule A Must fill setting Apply Time...

Page 268: ...Modbus Cellular Gateway 268 5 2 4 Content Filter not supported Not supported feature for the purchased product leave it as blank...

Page 269: ...Modbus Cellular Gateway 269 5 2 5 Application Filter not supported Not supported feature for the purchased product leave it as blank...

Page 270: ...ion about this activity attempt to block stop it and report it You can enable the IPS function and check the listed intrusion activities when needed You can also enable the log alerting so that system...

Page 271: ...cription IPS The box is unchecked by default Check the Enable box to activate IPS function Log Alert The box is unchecked by default Check the Enable box to activate to activate Event Log Save N A Cli...

Page 272: ...r the traffic threshold in this field ICMP Flood Defense Click Enable box to activate this intrusion prevention rule and enter the traffic threshold in this field Value Range 10 10000 Port Scan Defect...

Page 273: ...is unchecked by default 3 Traffic threshold is set to 300 by default 4 The value range can be from 10 to 10000 Click Enable box to activate this intrusion prevention rule and enter the traffic thresh...

Page 274: ...o record the packet information like IP address port address ACK SEQ number and so on while they pass through the gateway and the gateway checks every incoming packet to detect if this packet is valid...

Page 275: ...k such packets from unknown users Discard Ping from WAN Remote Administrator Hosts Scenario Discard Ping from WAN makes any host on the WAN side can t ping this gateway reply any ICMP packets Enable t...

Page 276: ...he router allows network administrator to manage router remotely The network administrator can assign specific IP address and service port to allow accessing the router Remote Administrator Host Defin...

Page 277: ...This field is to specify a Service Port to HTTP or HTTPS connection Value Range 1 65535 Enabling the rule The box is unchecked by default Click Enable box to activate this rule Save N A Click Enable...

Page 278: ...ly in practice computer systems Centralized management has a time and effort trade off that is related to the size of the company the expertise of the IT staff and the amount of technology being used...

Page 279: ...You can edit the plain text configuration settings in the configuration screen as above Plain Text Configuration Item Value setting Description Clean NA Clean text area You should click Save button t...

Page 280: ...RT A Must filled Setting Specify the Trusted CA certificate for the OpenVPN client It will go through Base64 Conversion OPENVPN_LOCAL_CERT A Must filled Setting Specify the local certificate for OpenV...

Page 281: ...red as a configuration file ex txtConfig clone tmp config The contents in the configuration file are the same as the plain text commands mentioned above This action is exactly the same as performing t...

Page 282: ...r ISP or the ACS provider for help At the right upper corner of TR 069 Setting screen one Help command let you see the same message about that Scenario Managing deployed gateways through an ACS Server...

Page 283: ...n Procedure In above diagram the ACS server can manage multiple gateways in the Internet The Gateway 1 is one of them and has 118 18 81 33 IP address for its WAN 1 interface When all remote gateways h...

Page 284: ...ry Except the inquiry time there are no activities between the ACS server and the gateways until the next inquiry cycle But if the ACS server has new jobs that are expected to do by the gateways urgen...

Page 285: ...ovide ACS ConnectionRequest Port and manually set Value Range 0 65535 ConnectionRequest UserName A Must filled setting You can ask ACS manager provide ACS ConnectionRequest Username and manually set C...

Page 286: ...ent data on the managed systems as variables The protocol also permits active management tasks such as modifying and applying a new configuration through remote modification of these variables The var...

Page 287: ...ices but other remote NMS can t Parameter Setup Example Following tables list the parameter configuration as an example for the Gateway 1 in above diagram with SNMP enabling at LAN and WAN interfaces...

Page 288: ...or configuring the Gateway 1 Only the UserName1 account can let the Gateway 1 accept the configuration from the NMS since the authority of the account is Read Write Once a managed device has an urgent...

Page 289: ...y default Select the version for the SNMP When Check the v1 box It means you can access SNMP by version 1 When Check the v2c box It means you can access SNMP by version 2c When Check the v3 box It mea...

Page 290: ...text Specify this version 1 or version v2c user s community that will be allowed Read Only GET and GETNEXT or Read Write GET GETNEXT and SET access respectively The maximum length of the community is...

Page 291: ...ters Password 1 String format any text When your Privacy Mode is authNoPriv or authPriv you must specify the Password for this version 3 user Value Range 8 64 characters Authentication 1 None is selec...

Page 292: ...ormat any legal OID The OID Filter Prefix restricts access for this version 3 user to the sub tree rooted at the given OID Value Range 1 2080768 Enable 1 The box is checked by default Click Enable to...

Page 293: ...Item Value setting Description Server IP 1 A Must filled setting 2 String format any Ipv4 address Specify the trap Server IP The DUT will send trap to the server IP Server Port 1 String format any por...

Page 294: ...cted the authNoPriv You must specify the Authentication and Password Selected the authPriv You must specify the Authentication Password Encryption and Privacy Key Authentication 1 A v3 Must filled set...

Page 295: ...se Number 2 A Must filled setting 3 String format any number Specify the Enterprise Number for the particular private MIB Value Range 1 2080768 Enterprise OID 1 The default value is 1 3 6 1 4 1 12823...

Page 296: ...g The device supports both Telnet and SSH Secure Shell CLI with default service port 23 and 22 respectively Telnet SSH Scenario Scenario Application Timing When the administrator of the gateway wants...

Page 297: ...Port 22 Enable Scenario Operation Procedure In above diagram Local Admin or Remote Admin can manage the Gateway in the Intranet or Internet The Gateway is the gateway of Network A and the subnet of it...

Page 298: ...with CLI 1 The LAN Enable box is checked by default 2 The WAN Enable box is unchecked by default Check the Enable box to activate the Telnet with CLI function for connecting from WAN LAN interfaces Co...

Page 299: ...acter 2 The default password for telnet is m2mamit Type old password and specify new password to change root password Note You are highly recommended to change the default telnet password with yours b...

Page 300: ...ption Old Password 1 String any text 2 The default password for web based MMI is admin Enter the current password to enable you unlock to change password New Password String any text Enter new passwor...

Page 301: ...aching maximum Password Guessing times please wait a few seconds will be displayed and ignore the following login trials Login Timeout The Enable box is unchecked by default Check the Enable box to ac...

Page 302: ...nter the system name for identification purpose It can be the manufacture or any name for a device deployment System Information Item Value Setting Description WAN Type N A It displays the WAN Type of...

Page 303: ...it as auto mode so that the available server will be used for time synchronization one by one Daylight Saving Time 1 It is an optional item 2 Un checked by default Check the Enable button to activate...

Page 304: ...by NTP Protocol to get system date and time after you click on the Sync with Timer Server button Note Remember to select a correct time zone for the device otherwise you will just get the UTC Coordina...

Page 305: ...System Log tab View Email Log History View button is provided for network administrator to view log history on the gateway Email Now button enables administrator to send instant Email for analysis Vi...

Page 306: ...k the First button to jump to the first page Last N A Click the Last button to jump to the last page Download N A Click the Download button to download log to your PC in tar file format Clear N A Clic...

Page 307: ...Alert Setting Window Item Value Setting Description Enable Un checked by default Check Enable box to enable sending event log messages to destined Email account defined in the E mail Addresses blank s...

Page 308: ...and Debug Log to Storage Log to Storage screen allows network administrator to select the type of events to log and be stored at an internal or an external storage Log to Storage Setting Window Item...

Page 309: ...need to specify the file name of new firmware by using Browse button and then click Upgrade button to start the FW upgrading process on this device If you want to upgrade a firmware which is from GPL...

Page 310: ...eboot this device by clicking the Reboot button and reset this device to default settings by clicking the Reset button System Operation Window Item Value Setting Description Reboot Now is selected by...

Page 311: ...is technologically different This gateway embedded FTP SFTP server for administrator to download the log files to his computer or database In the following two sections you can configure the FTP serv...

Page 312: ...ading so no any write permission is implemented for user file upload to the storage FTP Port Port 21 is set by default Specify a port number for FTP connection The gateway will listen for incoming FTP...

Page 313: ...sfer Mode Optional setting Check the Enable box to activate the support of ASCII mode data transfers Binary mode is supported by default FTPS FTP over SSL TLS Optional setting Check the Enable box to...

Page 314: ...r Name String non blank string Enter the user account for login to the FTP server Value Range 1 15 characters Password String no blank Enter the user password for login to the FTP server Directory N A...

Page 315: ...evice to test whether it is alive after clicking on the Ping button A test result window will appear beneath it Tracert Test Optional setting Trace route tracert command is a network diagnostic tool f...

Page 316: ...e name to save the captured packets in log storage If Split Files option is also enabled the file name will be appended with an index code _ index The extension file name is pcap Split Files 1 An opti...

Page 317: ...e packets which matched the rules Capture Fitters Item Value setting Description Filter Optional setting Check Enable box to activate the Capture Filter function Source MACs Optional setting Define th...

Page 318: ...ackets Packets which match the rule will be captured Up to 10 MACs are supported but they must be separated with e g AA BB CC DD EE FF 11 22 33 44 55 66 The packets will be captured when match any one...

Page 319: ...municating with carrier ISP by USSD command or doing a cellular network scan for diagnostic purpose In Cellular Toolkit section it includes several useful features that are related to cellular configu...

Page 320: ...witch to secondary SIM and establish another cellular data connection with secondary SIM automatically If Data Usage feature is enabled all history of cellular data usage can be viewed at Status Stati...

Page 321: ...ting Value setting Description SIM Select 3G 4G 1 and SIM A by default Choose a cellular interface 3G 4G 1 or 3G 4G 2 and a SIM card bound to the selected cellular interface to configure its data usag...

Page 322: ...rict Un Checked by default Check the Enable box to activate the connection restriction function During the specified cycle period if the actual data usage exceeds the allowable data limitation the cel...

Page 323: ...do on a cellular phone Setup SMS Configuration Configuration Item Value setting Description Physical Interface The box is 3G 4G 1 by default Choose a cellular interface 3G 4G 1 or 3G 4G 2 for the foll...

Page 324: ...received the new SMS this value plus one Remaining SMS N A This value is SMS capacity minus received SMS When received the new SMS this value minus one New SMS N A Click New SMS button a New SMS scre...

Page 325: ...Inbox List You can read or delete SMS reply SMS or forward SMS from this screen SMS Inbox List Item Value setting Description ID N A The number or SMS From Phone Number N A What the phone number from...

Page 326: ...and manage PIN code on a SIM card through its web GUI Activate PIN code on SIM Card This gateway device allows you to activate PIN code on SIM card This example shows how to activate PIN code on SIM A...

Page 327: ...hange the SIM PIN setting for the selected SIM Card The number of physical modems depends on the gateway model you purchased SIM Status N A Indication for the selected SIM card and the SIM card status...

Page 328: ...ed the Change PIN code button is disabled In the case if you still want to change the PIN code you have to enable the SIM Lock function first fill in the PIN code and then click the Save button to ena...

Page 329: ...ck As mentioned earlier the SIM card will be locked by PUK code after too many trials of failure PIN code In this case the PUK Status will turns to PUK Lock In a normal situation it will display PUK U...

Page 330: ...182 alphanumeric characters in length Unlike Short Message Service SMS messages USSD messages create a real time connection during an USSD session The connection remains open allowing a two way exchan...

Page 331: ...e in the correct pre command and then click on the Send button for the session The responses from the USSD server will be displayed beneath the USSD Command line When commands typed in the USSD Comman...

Page 332: ...ls Comments N A Enter a brief comment for the profile Send USSD Request When send the USSD command the USSD Response screen will appear When click the Clear button the USSD Response will disappear USS...

Page 333: ...interface by executing the network scanning one after another You can also specify the connection sequence of the targeted generation of mobile system 2G 3G LTE Network Scan Configuration Configuratio...

Page 334: ...ppears when the Manually Scan Approach is selected in the Configuration window By clicking on the Scan button and wait for 1 to 3 minutes the found mobile operator system will be displayed for you to...

Page 335: ...specific functionality of the gateway On receiving the managing event the gateway will take action to change the functionality collect the required status for administration and also change the statu...

Page 336: ...connected Modbus devices Notifying Events Trigger Type Digital Input Power Change Connection Change WAN LAN VLAN WiFi DDNS Administration Modbus and Data Usage Actions Notify the administrator with SM...

Page 337: ...e box to activate the Event Management function Enable SMS Management To use the SMS management function you have to configure some important settings first SMS Configuration Item Value setting Descri...

Page 338: ...through the SMS It supports up to a maximum of 5 accounts You can click the Add Edit button to configure the SMS account SMS Account Configuration Item Value setting Description Phone Number 1 Mobile...

Page 339: ...nt Email Service Configuration Item Value setting Description Email Server Option Select an Email Server profile from External Server setting for the email account setting Email Addresses 1 Internet E...

Page 340: ...32 characters Description 1 Any text 2 An Optional setting Specify a brief description for the profile DI Source ID1 by default Specify the DI Source It could be ID1 or ID2 The number of available DI...

Page 341: ...ription for the profile DO Source ID1 by default Specify the DO Source It could be ID1 Normal Level Low by default Specify the Normal Level It could be Low or High Total Signal Period 1 Numberic Strin...

Page 342: ...Modbus Notifying Events Profile Item Value setting Description Modbus Name 1 String format 2 A Must filled setting Specify the Modbus profile name Value Range 1 32 characters Description 1 Any text 2...

Page 343: ...ice It could be from 1 to 247 Register 1 Numberic String format 2 A Must filled setting Specify the Register number of the modbus device Value Range 0 65535 Logic Comparator Logic Comparator by defaul...

Page 344: ...setting Description Modbus Name 1 String format 2 A Must filled setting Specify the Modbus profile name Value Range 1 32 characters Description 1 Any text 2 An Optional setting Specify a brief descrip...

Page 345: ...of the modbus device Value Range 1 247 Register 1 Numberic String format 2 A Must filled setting Specify the Register number of the modbus device Value Range 0 65535 Value 1 Numberic String format 2 A...

Page 346: ...t Managing Event Rules Setup the Managing Event rules It supports up to a maximum of 128 rules When Add button is applied the Managing Event Configuration screen will appear Managing Event Configurati...

Page 347: ...PN Select VPN Checkbox and the interested sub items IPSec Tunnel ON Off PPTP Client On Off L2TP Client On Off OpenVPN Client On Off the gateway will change the settings as the action for the event GRE...

Page 348: ...t trigger and handlers Enable Notifying Events Configuration Item Value setting Description Notifying Events The box is unchecked by default Check the Enable box to activate the Notifying Events funct...

Page 349: ...purchased product Description String format any text Enter a brief description for the Notifying Event Action All box is unchecked by default Specify at least one action to take when the expected even...

Page 350: ...Modbus Cellular Gateway 350 Chapter 8 Status 8 1 Dashboard not supported Not supported feature for the purchased product leave it as blank...

Page 351: ...plays the method which public IP address is obtained from your ISP Depending on the model purchased it can be Static IP Dynamic IP PPPoE PPTP L2TP 3G 4G IP Addr N A It displays the public IP address o...

Page 352: ...n allows user to manually disconnect the device from the Internet Note Connect button is available when Connection Control in WAN Type setting is set to Connect Manually Refer to Edit button in Basic...

Page 353: ...dress N A It displays the current LAN IPv6 Link Local address This is also the IPv6 IP Address user use to access Router s Web based Utility IPv6 Global Address N A It displays the current IPv6 global...

Page 354: ...SIM Status and Service Information Refer to next page for more When the Detail button is pressed 3G 4G modem information windows such as Modem Information SIM Status Service Information and Signal Str...

Page 355: ...Interface Traffic Statistics Interface Traffic Statistics screen displays the Interface s total transmitted packets Interface Traffic Statistics Item Value setting Description ID N A It displays corre...

Page 356: ...this gateway LAN Client List Item Value setting Description LAN Interface N A Client record of LAN Interface String Format IP Address N A Client record of IP Address Type and the IP Address Type is St...

Page 357: ...whether the VAP wireless signal is enabled or disabled Op Mode N A The Wi Fi Operation Mode of VAP Depends of device model modes are AP Router WDS Only and WDS Hybrid Universal Repeater and Client SSI...

Page 358: ...atistic shows all the received and transmitted packets on WiFi network WiFi IDS Status Item Value setting Description Authentication Frame N A It displays the receiving Authentication Frame count Asso...

Page 359: ...ets on WiFi network WiFi Traffic Statistic Item Value setting Description Op Band N A It displays the Wi Fi Operation Band 2 4G or 5G of VAP ID N A It displays the VAP ID Received Packets N A It displ...

Page 360: ...entify DDNS service provider Provider N A It displays the DDNS server of DDNS service provider Effective IP N A It displays the public IP address of the device updated to the DDNS server Last Update S...

Page 361: ...identify Tunnel Scenario N A It displays the Tunnel Scenario specified Local Subnets N A It displays the Local Subnets specified Remote IP FQDN N A It displays the Remote IP FQDN specified Remote Subn...

Page 362: ...ected OpenVPN Client Status OpenVPN Client Status Item Value setting Description OpenVPN Client Name N A It displays the Client name you have entered for identification Interface N A It displays the W...

Page 363: ...ty VPN L2TP tab L2TP Client Status Item Value setting Description Client Name N A It displays Name for the L2TP Client specified Interface N A It displays the WAN interface with which the gateway will...

Page 364: ...ity VPN PPTP tab PPTP Client Status Item Value setting Description Client Name N A It displays Name for the PPTP Client specified Interface N A It displays the WAN interface with which the gateway wil...

Page 365: ...ue setting Description Activated Filter Rule N A This is the Packet Filter Rule name Detected Contents N A This is the logged packet information including the source IP destination IP protocol and des...

Page 366: ...g Web Content Filter Status Web Content Filter Status Item Value setting Description Activated Filter Rule N A Logged packet of the rule name String format Detected Contents N A Logged packet of the f...

Page 367: ...nabled Refer to Security Firewall MAC Control tab Check Log Alert and save the setting Application Filters Status Application Filters Status Item Value setting Description Filtered Application Categor...

Page 368: ...on Firewall Options String Format Disable or Enable SPI N A Enable or Disable setting status of SPI on Firewall Options String Format Disable or Enable Discard Ping from WAN N A Enable or Disable set...

Page 369: ...ly available for SNMP version 3 IP Address N A It displays the IP address of SNMP manager Port N A It displays the port number used to maintain connection with the SNMP manager Community N A It displa...

Page 370: ...connection status with the TR 068 server TR 069 Status Item Value setting Description Link Status N A It displays the current connection status with the TR 068 server The connection status is either...

Page 371: ...Log Storage tab The Log Storage Status screen shows the status for selected device storage Log Storage Status Log Storage Status screen shows the status of current the selected device storage The sta...

Page 372: ...evious button you will see the previous page of track list Next N A Click the Next button you will see the next page of track list First N A Click the First button you will see the first page of track...

Page 373: ...Modbus Cellular Gateway 373 8 5 2 Network Traffic not supported Not supported feature for the purchased product leave it as blank...

Page 374: ...f login statistics Next N A Click the Next button you will see the next page of login statistics First N A Click the First button you will see the first page of login statistics Last N A Click the Las...

Page 375: ...375 8 5 4 Cellular Usage Go to Status Statistics Reports Cellular Usage tab Cellular Usage screen shows data usage statistics for the selected cellular interface The cellular data usage can be accumul...

Page 376: ...ephen Hemminger shemminger osdl org Lennert Buytenhek buytenh gnu org version 1 1 GNU GENERAL PUBLIC LICENSE Version 2 June 1991 tc show manipulate traffic control settings Stephen Hemminger shemminge...

Page 377: ...cument but changing it is not allowed https www openswan org Opennhrp Version v0 14 1 OpenNHRP is an NHRP implementation for Linux It has most of the RFC2332 and Cisco IOS extensions Project homepage...

Page 378: ...roaringpenguin com L2TPServ Version v 1 3 1 GNU GENERAL PUBLIC LICENSEVersion 2 June 1991 Copyright C 1989 1991 Free Software Foundation Inc 59 Temple Place Suite 330 Boston MA 02111 1307 USA Everyone...

Page 379: ...lient an NTP RFC 1305 RFC 4330 client for unix alike computers Version 2007_365 Copyright 1997 1999 2000 2003 2006 2007 Larry Doolittle exFAT FUSE based exFAT implementation Version 0 9 8 Copyright C...

Page 380: ...Modbus Cellular Gateway 380 Version 20080615 Copyright C 1998 2004 WIDE Project BSD License https sourceforge net projects wide dhcpv6...

Reviews: