manualshive.com logo in svg

Amit IWP87DAM-07151, User Manual

Share
Download
Amit IWP87DAM-07151 User Manual Download Page 161

PoE

 

AP

 

Router

 

 

161 

 

also

 

imports

 

the

 

certificates

 

of

 

the

 

root

 

CA

 

of

 

the

 

Gateway

 

1

 

into

 

the

 

Gateway

 

2

 

as

 

the

 

trusted

 

ones.

 

(Please

 

also

 

refer

 

to

 

"My

 

Certificate"

 

and

 

"Trusted

 

Certificate"

 

sections).

 

Establish

 

an

 

IPSec

 

VPN

 

tunnel

 

with

 

IKE

 

and

 

X.509

 

protocols

 

by

 

starting

 

from

 

either

 

peer,

 

so

 

that

 

all

 

client

 

hosts

 

in

 

these

 

both

 

subnets

 

can

 

communicate

 

with

 

each

 

other.

 

 

Parameter

 

Setup

 

Example

 

(same

 

as

 

the

 

one

 

described

 

in

 

"My

 

Certificate"

 

section)

 

For

 

Network

A

 

at

 

HQ

 

Following

 

tables

 

list

 

the

 

parameter

 

configuration

 

as

 

an

 

example

 

for

 

the

 

"Issue

 

Certificate"

 

function

 

used

 

in

 

the

 

user

 

authentication

 

of

 

IPSec

 

VPN

 

tunnel

 

establishing,

 

as

 

shown

 

in

 

above

 

diagram.

 

The

 

configuration

 

example

 

must

 

be

 

combined

 

with

 

the

 

ones

 

in

 

"My

 

Certificate"

 

and

 

"Trusted

 

Certificate"

 

sections

 

to

 

complete

 

the

 

setup

 

for

 

whole

 

user

 

scenario.

 

 

Configuration

 

Path

 

[Issue

 

Certificate]

[Certificate

 

Signing

 

Request

 

Import

 

from

 

a

 

File]

 

Browse

 

C:/BranchCSR

 

Command

 

Button

 

Sign

 

 

Configuration

 

Path

 

[Issue

 

Certificate]

[Signed

 

Certificate

 

View]

Command

 

Button

 

Download

 

(default

 

name

 

is

 

"issued.crt")

 

Scenario

 

Operation

 

Procedure

 

(same

 

as

 

the

 

one

 

described

 

in

 

"My

 

Certificate"

 

section)

 

In

 

above

 

diagram,

 

the

 

"Gateway

 

1"

 

is

 

the

 

gateway

 

of

 

Network

A

 

in

 

headquarters

 

and

 

the

 

subnet

 

of

 

its

 

Intranet

 

is

 

10.0.76.0/24.

 

It

 

has

 

the

 

IP

 

address

 

of

 

10.0.76.2

 

for

 

LAN

 

interface

 

and

 

203.95.80.22

 

for

 

WAN

1

 

interface.

 

The

 

"Gateway

 

2"

 

is

 

the

 

gateway

 

of

 

Network

B

 

in

 

branch

 

office

 

and

 

the

 

subnet

 

of

 

its

 

Intranet

 

is

 

10.0.75.0/24.

 

It

 

has

 

the

 

IP

 

address

 

of

 

10.0.75.2

 

for

 

LAN

 

interface

 

and

 

118.18.81.33

 

for

 

WAN

1

 

interface.

 

They

 

both

 

serve

 

as

 

the

 

NAT

 

security

 

gateways.

 

Gateway

 

1

 

generates

 

the

 

root

 

CA

 

and

 

a

 

local

 

certificate

 

(HQCRT)

 

that

 

is

 

signed

 

by

 

itself.

 

Import

 

the

 

certificates

 

of

 

the

 

root

 

CA

 

and

 

HQCRT

 

into

 

the

 

"Trusted

 

CA

 

Certificate

 

List"

 

and

 

"Trusted

 

Client

 

Certificate

 

List"

 

of

 

Gateway

 

2.

 

Gateway

 

2

 

generates

 

a

 

Certificate

 

Signing

 

Request

 

(BranchCSR)

 

for

 

its

 

own

 

certificate

 

BranchCRT

 

to

 

be

 

signed

 

by

 

root

 

CA

 

(Please

 

generate

 

one

 

not

 

self

signed

 

certificate

 

in

 

the

 

Gateway

 

2,

 

and

 

click

 

on

 

the

 

"View"

 

button

 

for

 

that

 

CSR.

 

Just

 

downloads

 

it).

 

Take

 

the

 

CSR

 

to

 

be

 

signed

 

by

 

the

 

root

 

CA

 

of

 

the

 

Gateway

 

1

 

and

 

obtain

 

the

 

BranchCRT

 

certificate

 

(you

 

need

 

rename

 

it).

 

Import

 

the

 

certificate

 

into

 

the

 

"Trusted

 

Client

 

Certificate

 

List"

 

of

 

the

 

Gateway

 

1

 

and

 

the

 

"Local

 

Certificate

 

List"

 

of

 

the

 

Gateway

 

2.

 

Gateway

 

2

 

can

 

establish

 

an

 

IPSec

 

VPN

 

tunnel

 

with

 

"Site

 

to

 

Site"

 

scenario

 

and

 

IKE

 

and

 

X.509

 

protocols

 

to

 

Gateway

 

1.

 

Finally,

 

the

 

client

 

hosts

 

in

 

two

 

subnets

 

of

 

10.0.75.0/24

 

and

 

10.0.76.0/24

 

can

 

communicate

 

with

 

each

 

other.

 

Summary of Contents for IWP87DAM-07151

Page 1: ...PoE AP Router IWP87DAM 07151 User Manual...

Page 2: ...NG 13 1 5 3 HOT SURFACE CAUTION 14 1 6 Hardware Installation 15 1 6 1 Mount the Unit 15 1 6 2 Connecting Power 15 1 6 3 Power Supply Installation 16 1 6 5 Connecting DI DO Devices 18 1 6 6 Connecting...

Page 3: ...uration 103 2 5 2 Virtual Server Virtual Computer 104 2 5 3 DMZ Pass Through 110 2 6 Routing 113 2 6 1 Static Routing 114 2 5 2 Dynamic Routing 117 2 6 3 Routing Information 125 2 7 DNS DDNS not suppo...

Page 4: ...4 2 1 Data Logging Configuration 186 4 2 2 Scheme Setup 188 4 2 3 Log File Management 190 Chapter 5 Security 192 5 1 VPN 192 5 1 1 IPSec 193 5 1 2 OpenVPN 208 5 2 Firewall 221 5 2 1 Packet Filter not...

Page 5: ...6 3 FTP 269 6 3 1 Server Configuration 270 6 3 2 User Account 272 6 4 Diagnostic 273 6 4 1 Diagnostic Tools 273 6 4 2 Packet Analyzer 274 Chapter 7 Service 277 7 1 Cellular Toolkit not supported 277...

Page 6: ...y 304 8 3 1 VPN Status 304 8 3 2 Firewall Status 307 8 4 Administration 310 8 4 1 Configure Manage Status 310 8 4 2 Log Storage Status 312 8 5 Statistics Report 313 8 5 1 Connection Session 313 8 5 2...

Page 7: ...DHCP server and many other powerful features for outdoor IP surveillance applications The redundancy design in fallback 24 56 VDC power terminal and dual SIM cards make the data transmission and netw...

Page 8: ...1 2 1 Package Contents Standard Package Items Description Contents Quantity 1 IWP87DAM 07151 PoE AP Router 1pcs 2 8 pin Terminal Block 1pcs 3 4 pin Terminal Block 1pcs 4 CD Manual 1pcs 5 DIN Rail Bra...

Page 9: ...Items Description Contents Comments 1 Power Supply SDR 120 48 INPUT 100 240VAC 1 4A 50 60Hz OUTPUT 48V 2 5A Total Watt 120W 2 Power Supply SDR 240 48 INPUT 100 240VAC 2 6A 50 60Hz OUTPUT 48V 5A Total...

Page 10: ...will restore to factory default settings WiFi Antenna All the 2 4G 5GHz and 5GHz WiFi antennas are optional accessory and not included in the standard package You need to purchase the suitable antenn...

Page 11: ...PoE AP Router 11 Left View DC Power Terminal Block Earth Ground Screw DI DO Terminal Block...

Page 12: ...lowly there could be power issue Please check the Power Supply voltage or the connected devices LAN 1 LAN 4 WAN Green Steady ON Ethernet connection of LAN or WAN is established Flash Data packets are...

Page 13: ...h or Linux based operating system An installed Ethernet adapter Browser Requirements Internet Explorer 6 0 or higher Chrome 2 0 or higher Firefox 3 0 or higher Safari 3 0 or higher 1 5 2 WARNING Only...

Page 14: ...temperature for the metallic enclosure can be very high Especially after operating for a long time installed at a close cabinet without air conditioning support or in a high ambient temperature space...

Page 15: ...nd PWR2 If the voltage difference between PWR1 and PWR2 is greater than 5 0 volt this is the case for using two power supplys with the different external spec such as 48V and 24V the power control cir...

Page 16: ...power to the gateway Hereunder is an example for the Industrial power supply installation AC Power Cable Installation The power supply unit power requirement is 100 240V AC 50 60Hz with power input l...

Page 17: ...connect to PWR and then V connect to GND After that pulg in the terminal block to the socket at the side of the gateway Finally connect the power plug of the power supply cable to an outlet then the p...

Page 18: ...Please refer to following specification to connect DI and DO devices Mode Specification Digital Input Trigger Voltage high Logic level 1 5V 30V Normal Voltage low Logic level 0 0V 2V Digital Output V...

Page 19: ...GND RXD TXD GND RS 485 GND DATA DATA GND 1 6 7 Connecting to the Network or a Host The IWP87D series provides RJ45 ports to connect 10 100 1000Mbps Ethernet It can auto detect the transmission speed o...

Page 20: ...ss http 192 168 123 254 1 When you see the login page enter the password admin 2 and then click Login button 1 The default LAN IP address of this gateway is 192 168 123 254 If you change it you need t...

Page 21: ...rious connection protocols to let gateways or user s devices dial in ISPs and then link to the Internet via different kinds of transmit media So the WAN Connection lets you specify the WAN Physical In...

Page 22: ...ion windows Physical Interface List and Interface Configuration Physical Interface List window shows all the available physical interfaces After clicking on the Edit button for the interface in Physic...

Page 23: ...ilover A failover interface is a backup connection to the primary That means only when its primary WAN connection is broken the backup connection will be started up to substitute the primary connectio...

Page 24: ...heckbox is activated it can allow the Failover interface to be connected continuously from system booting up Failover WAN interface just keeps connecting without data traffic The purpose is to shorten...

Page 25: ...nfiguration Item Value setting Description Physical Interface 1 A Must fill setting 2 WAN 1 is the primary interface and is factory set to Always on Select one expected interface from the available in...

Page 26: ...this WAN interface Select Failover to make this WAN a Failover WAN when the primary or the secondary WAN link failed Then select the primary or the existed secondary WAN interface to switch Failover...

Page 27: ...iguration and related configuration windows for each WAN type For the Internet setup of each WAN interface you must specify its WAN type of physical interface first and then its related parameter conf...

Page 28: ...ss network you can setup a WiFi Uplink connection by using the gateway device This gateway can support 802 11ac n g b data connection and it can connect to a wireless network access point under the re...

Page 29: ...eless Uplink connection The supporting of bridge mode depends on the product specification if the purchased device doesn t support the bridge mode it will be greyed out from selection When NAT Disable...

Page 30: ...tatus Check Interval defines the transmitting interval between two DNS Query or ICMP checking packets Check Timeout defines the timeout of each DNS query ICMP Latency Threshold defines the tolerance t...

Page 31: ...is more expensive but very importat for cooperate requirement Dynamic IP The assigned IP address for the WAN by a DHCP server is different every time It is cheaper and usually for consumer use PPP ove...

Page 32: ...er the host name provided by your Service Provider ISP Registered MAC Address An optional setting Enter the MAC address that you have registered with your service provider Or Click the Clone button to...

Page 33: ...address given by your Service Provider WAN Type PPPoE When you select it PPPoE WAN Type Configuration will appear Items and setting is explained below PPPoE WAN Type Configuration Item Value setting...

Page 34: ...lled setting Enter the WAN subnet mask given by your Service Provider WAN Gateway A Must filled setting Enter the WAN gateway IP address given by your Service Provider When Dynamic IP is selected ther...

Page 35: ...WAN gateway IP address given by your Service Provider When Dynamic IP is selected there are no above settings required Server IP Address Name A Must filled setting Enter the L2TP server name or IP Ad...

Page 36: ...tically once it has been booted up and try to reconnect once the connection is down It s recommended to choose this scheme if for mission critical applications to ensure full time Internet connection...

Page 37: ...tor connection status continuous To do it ICMP Check and FQDN Query are used to check When there is trafiic of connection checking packet will waste bandwidth Response time of replied packets may also...

Page 38: ...ts the best MTU for best Internet connection performance NAT 1 An optional setting 2 NAT is enabled by default Enable NAT to apply NAT on the WAN connection Uncheck the box to disable NAT function Net...

Page 39: ...filled setting 2 Disable is set by default Enable IGMP Internet Group Management Protocol would enable the router to listen to IGMP packets to discover which interfaces are connected to which device...

Page 40: ...elect strategy according to application requirement and environment status The strategies are explained as below By Smart Weight If based on By Smart Weight strategy gateway will take the line speed s...

Page 41: ...dress is not only a single IP but also a subnet or IP range Destination port can be a single port or port range You can select one target for one mapping to setup IP address and leave others just left...

Page 42: ...PoE AP Router 42 If packets no belong to user policy rule the gateway just routes those packets based on smart weight algorithm...

Page 43: ...Load Balance Strategy Configuration Item Value setting Description Load Balance Unchecked by default Check the Enable box to activate Load Balance function Load Balance Strategy 1 A Must filled setti...

Page 44: ...alue Range 1 99 Note The sum of all weights can t be greater than 100 Save NA Click the Save button to save the configuration Undo NA Click the Undo button to restore what you just configured back to...

Page 45: ...s Single IP Specify a unique IP Address for the traffics come to the IP Input format is xxx xxx xxx xxx e g 192 168 123 101 Domain Name Specify the domain name for the traffics come to the domain Dest...

Page 46: ...his device The network device s on your network must use the LAN IP address of this device as their Default Gateway You can change it if necessary Note It s also the IP address of web UI If you change...

Page 47: ...ed setting 2 lo is set by default Specify the Interface type It can be lo or br0 IP Address 1 An Optional setting 2 192 168 123 254 is set by default Enter the addition IP address for this device Subn...

Page 48: ...Port based VLAN function can group Ethernet ports Port 1 Port 4 and WiFi Virtual Access Points VAP 1 VAP 8 together for differentiated services like Internet surfing multimedia enjoyment VoIP talking...

Page 49: ...ts VAP 1 VAP 8 together with different VLAN tags for deploying subnets in Intranet All packet flows can carry with different VLAN tags even at the same physical Ethernet port for Intranet These flows...

Page 50: ...s equipped with DHCP 3 server to construct a 192 168 12 x subnet He also configure Meeting Rooms segment with VLAN ID 11 The VLAN group is equipped with DHCP 2 server to construct a 192 168 11 x subne...

Page 51: ...cify members of one VLAN group to be able to access Internet or not Following is an example that VLAN groups of VID is 2 and 3 can access Internet but the one with VID is 1 cannot access Internet That...

Page 52: ...mmunication pair and one VLAN group can join many communication pairs But communication pair doesn t have the transitive property That is A can communicate with B and B can communicate with C it doesn...

Page 53: ...VLAN ID Tag based Tag based VLAN allows you to add VLAN ID and select member and DHCP Server for this VLAN ID Go to Tag based VLAN List table Save NA Click the Save button to save the configuration Po...

Page 54: ...xts Define the Name of this rule It has a default text and cannot be modified VLAN ID A Must filled setting Define the VLAN ID number range is 1 4094 VLAN Tagging Disable is selected by default The ru...

Page 55: ...function for the VLAN group DHCP Server IP Address for DHCP Relay only A Must filled setting If you select Relay type of DHCP Server assign a DHCP Server IP Address that the gateway will relay the DHC...

Page 56: ...CP Server wants to match IP Address A Must filled setting Define the IP Address that the DHCP Server will assign If there is a request from the MAC Address filled in the above field the DHCP Server wi...

Page 57: ...ace If uncheck a certain VLAN ID box it means the VLAN ID member can t access Internet anymore Note VLAN ID 1 is available always it is the default VLAN ID of LAN rule The other VLAN IDs are available...

Page 58: ...ed setting Define the VLAN ID number range is 6 4094 Internet Access The box is checked by default Click Enable box to allow the members in the VLAN group access to internet Port The box is unchecked...

Page 59: ...ay LAN interface with its default Subnet Mask setting as 255 255 255 0 and its default IP Pool ranges is from 100 to 200 as shown at the DHCP Server List page on gateway s WEB UI User can add more DHC...

Page 60: ...xed IP address to map the specific client MAC address by select them then copy when targets were already existed in the DHCP Client List or to add some other Mapping Rules by manually in advance once...

Page 61: ...o assign IP Addresses to the devices on the local area network LAN Create Edit DHCP Server Policy The gateway allows you to custom your DHCP Server Policy If multiple LAN ports are available you can d...

Page 62: ...Server Primary DNS IPv4 format The Primary DNS of this DHCP Server Secondary DNS IPv4 format The Secondary DNS of this DHCP Server Primary WINS IPv4 format The Primary WINS of this DHCP Server Seconda...

Page 63: ...vious setting Back N A When the Back button is clicked the screen will return to the DHCP Server Configuration page View Copy DHCP Client List When DHCP Client List button is applied DHCP Client List...

Page 64: ...uration Item Value setting Description Option Name 1 String format can be any text 2 A Must filled setting Enter a DHCP Server Option name Enter a name that is easy for you to understand DHCP Server S...

Page 65: ...P list 4 URL format 5 A Must filled setting Should conform to Type Type Value 66 Single IP Address IPv4 format Single FQDN FQDN format 72 IP Addresses List separated by IPv4 format separated by 114 Si...

Page 66: ...tput power per cable is 15 4W for IEEE 802 3af PD device and 30W for IEEE802 3at PD device However to make the PoE cellular gateway provide required power through the Ethernet cables you have to prepa...

Page 67: ...can be 120Watts 60Watts or Manual If you select Manaual you have to enter the power budget With specified power budget the PoE gateway can monitor whether the connected PD devices caused power overfl...

Page 68: ...No Action or Power off on Select Power off on to restart the PD device if required PD Power Overload No Action by default Specify the the action to take when the PD Power overflow occurs for a certai...

Page 69: ...al bands of operation There are several wireless operation modes provided by this device They are AP Router Mode WDS Only Mode and WDS Hybrid Mode You can choose the expected mode from the wireless op...

Page 70: ...face tab the WiFi uplink function is activated However for the wireless LAN function of the module worked under WiFi uplink operation it also provide AP Router function for local wireless clients to c...

Page 71: ...i gateways as a WiFi repeater chain with all gateways setup as WDS Only mode All gateways can communicate with each other through WiFi All wired client hosts within each gateway can also communicate e...

Page 72: ...gateways and AP are under WDS hybrid mode To setup WDS hybrid mode it need to fill all configuration items similar to that of AP router and WDS modes Multiple VAPs VAP Virtual Access Point is functio...

Page 73: ...ed wirelessly over the air The wireless gateway supports Shared WPA PSK WPA2 PSK and WPA WPA2 authentication You can select one authentication scheme to validate the wireless clients while they are co...

Page 74: ...on band for the WiFi module Basically this setting is fixed and cannot be changed once the module is integrated into the product However there is some module with selectable band for user to choose ac...

Page 75: ...is function By default the box is checked it means that stations which associated to different VAPs cannot communicate with each other Multiple AP Names 1 A Must filled setting 2 VAP1 and VAP8 are act...

Page 76: ...security there are several authentication methods supported Client stations should provide the key when associate with this device When Open is selected The check box named 802 1x shows up next to th...

Page 77: ...WEP without upgrading hardware Enter a Pre shared Key for it The length of key is from 8 to 63 characters AES The newest encryption system in WiFi it also designed for the fast 802 11n high bitrates...

Page 78: ...authentication methods supported Client stations should provide the key when associate with this device When Open is selected The check box named 802 1x shows up next to the dropdown list 802 1x The b...

Page 79: ...it The length of key is from 8 to 63 characters AES The newest encryption system in WiFi it also designed for the fast 802 11n high bitrates schemes Enter a Pre shared Key for it The length of key is...

Page 80: ...P to configure its setting at a time Enable Check the enable box to activate the selected VAP Max STA Limit the maximum number of client station Check this box and enter a limitation The box is unchec...

Page 81: ...t The default value is 1812 RADIUS Shared Key When Shared is selected The pre shared WEP key should be set for authenticating When Auto is selected The device will select Open or Shared by requesting...

Page 82: ...it The length of key is from 8 to 63 characters You are recommended to use AES encryption instead of any others for security Save N A Click the Save button to save the current configuration Undo N A C...

Page 83: ...ever there is some module with selectable band for user to choose according to his network environment Under such situation you can specify which operation band is suitable for the application Multipl...

Page 84: ...s device Rate N A It shows the data rate between client and this device RSSI0 RSSI1 N A It shows the RX sensitivity RSSI value for each radio path Signal N A The signal strength between client and thi...

Page 85: ...asic Network WiFi Advanced Configuration Tab Select Target WiFi Target Configuration Item Value setting Description Module Select A Must filled setting Select the WiFi module to check the information...

Page 86: ...jitter when transmitting multimedia content over a wireless connection Short GI By default 400ns is selected Short GI Guard Interval is defined to set the sending interval between each packet Note th...

Page 87: ...d operation band for the WiFi module Basically this setting is fixed and cannot be changed once the module is integrated into the gaye product However there are some module with selectable band for us...

Page 88: ...and decide whether to broadcast the SSID or not The SSID is used for identifying from another AP and client stations will associate with AP according to SSID If the broadcast SSID option is enabled i...

Page 89: ...on system in WiFi it also designed for the fast 802 11n high bitrates schemes Enter a Preshared Key for it The length of key is from 8 to 63 characters You are recommended to use AES encryption instea...

Page 90: ...0 Once you selected an AP from the AP list the channel SSID Authentication Encryption and MAC address will be automatically filled into the profile you just have to enter a key for the uplink connecti...

Page 91: ...fies aspects of address assignment stateless address auto configuration network renumbering and router announcements when changing Internet connectivity providers 2 4 1 IPv6 Configuration The IPv6 Con...

Page 92: ...dressing type in the information provided by your ISP to setup the IPv6 network DHCPv6 DHCP in IPv6 does the same function as DHCP in IPv4 The DHCP server sends IP address DNS server addresses and oth...

Page 93: ...DSLAM on the ISP side provides IPv6 configuration upon receiving PPPoEv6 client request When PPPoEv6 server gets client request and successfully authenticates it the server sends IP address DNS server...

Page 94: ...net IPv4 to IPv6 migration 6in4 uses tunneling to encapsulate IPv6 traffic over explicitly configured IPv4 links As defined in RFC 4213 the 6in4 traffic is sent over the IPv4 Internet inside IPv4 pack...

Page 95: ...ust filled setting Define the selected IPv6 WAN Connection Type to establish the IPv6 connectivity Select Static IPv6 when your ISP provides you with a set IPv6 addresses Then go to Static IPv6 WAN Ty...

Page 96: ...Secondary DNS An optional setting Enter the WAN secondary DNS Server MLD Snooping The box is unchecked by default Enable Disable the MLD Snooping function LAN Configuration LAN Configuration Item Val...

Page 97: ...ed by default Enter the WAN secondary DNS Server MLD The box is unchecked by default Enable Disable the MLD Snooping function LAN Configuration LAN Configuration Item Value setting Description Global...

Page 98: ...onnection If you want more information please contact your ISP Value Range 0 45 characters Connection Control Fixed value The value is Auto reconnect Always on MTU A Must filled setting Enter the MTU...

Page 99: ...optional setting Enter the WAN secondary DNS Server MLD The box is unchecked by default Enable Disable the MLD Snooping function LAN Configuration LAN Configuration Item Value setting Description Glob...

Page 100: ...Must filled setting Filled Client IPv6 Address gotten from tunnel broker in this field Primary DNS An optional setting Enter the WAN primary DNS Server Secondary DNS An optional setting Enter the WAN...

Page 101: ...rtisement Lifetime A Must filled setting Enter the Router Advertisement Lifetime in seconds 200 is set by default Value Range 0 65535 Select Stateful to manage the Local Area Network to be Stateful DH...

Page 102: ...nd activates the NAT function You also can disable the NAT function in Basic Network WAN Uplink Internet Setup WAN Type Configuration page Usually all local hosts or servers behind corporate gateway a...

Page 103: ...ther side are you in accessing the email server at the LAN side or at the WAN side you don t need to change the IP address of the mail server Configuration Setting Go to Basic Network Port Forwarding...

Page 104: ...ehind office gateway You can set up those servers by using Virtual Server feature After trip if want to access those servers from LAN side by global IP without change original setting NAT Loopback can...

Page 105: ...ou to access the WAN global IP address from your inside NAT local network It is useful when you run a server inside your network For example if you set a mail server at LAN side your local devices can...

Page 106: ...o activate this port forwarding function Virtual Computer The box is checked by default Check the Enable box to activate this port forwarding function Save N A Click the Save button to save the settin...

Page 107: ...tting above Protocol A Must filled setting When ICMPv4 is selected It means the option Protocol of packet filter rule is ICMPv4 Apply Time Schedule to this rule otherwise leave it as Always refer to S...

Page 108: ...rt range and Private Port can be selected Single Port or Port Range Value Range 1 65535 for Public Port Private Port When GRE is selected It means the option Protocol of packet filter rule is GRE When...

Page 109: ...d Virtual Computer Rule Configuration screen will appear Virtual Computer Rule Configuration Item Value setting Description Global IP A Must filled setting This field is to specify the IP address of t...

Page 110: ...not expected to receive by applications in the gateway or by other client hosts in the Intranet Certainly the DMZ host is also protected by the gateway firewall Activate the feature and specify the DM...

Page 111: ...he corresponding checkbox to activate it DMZ Pass Through Setting Go to Basic Network Port Forwarding DMZ Pass Through tab The DMZ host is a host that is exposed to the Internet cyberspace but still w...

Page 112: ...number of WAN interfaces for the product Pass Through Enable The boxes are checked by default Check the box to enable the pass through function for the IPSec PPTP and L2TP With the pass through functi...

Page 113: ...to various network destinations Thus constructing routing tables which are held in the router s memory is very important for efficient routing Most routing algorithms use only one network path at a ti...

Page 114: ...packets to be transferred via which gateway interface and which peer gateway to their destination It can be carried out by the Static Routing feature Dedicated packet flows from the Intranet will be r...

Page 115: ...one When Add or Edit button is applied the Static Routing Rule Configuration window will appear to let you define a static routing rule Enable Static Routing Just check the Enable box to activate the...

Page 116: ...Format 2 A Must filled setting Specify the Gateway IP of this static routing rule Interface Auto is set by default Select the Interface of this static routing rule It can be Auto or the available WAN...

Page 117: ...upports dynamic routing protocols including RIPv1 RIPv2 Routing Information Protocol OSPF Open Shortest Path First and BGP Border Gateway Protocol for you to establish routing table automatically The...

Page 118: ...ting protocol that uses link state routing algorithm It is the most widely used interior gateway protocol IGP in large enterprise networks It gathers link state information from available routers and...

Page 119: ...within one AS will links with some other border gateways for exchanging routing information It will distribute the collected data in AS to all routers in other AS As shown in the diagram BGP 0 is gat...

Page 120: ...individually The RIP Configuration window lets you choose which version of RIP protocol to be activated or disable it The OSPF Configuration window can let you activate the OSPF dynamic routing protoc...

Page 121: ...OSPF configuration setting allows user to customize OSPF protocol through the router based on their office setting OSPF Configuration Item Value setting Description OSPF Disable is set by default Clic...

Page 122: ...st rules It supports up to a maximum of 32 rule sets When Add button is applied OSPF Area Rule Configuration screen will appear OSPF Area Configuration Item Value setting Description Area Subnet 1 Cla...

Page 123: ...d setting The ASN Number of this router on BGP protocol Value Range 1 4294967295 Router ID 1 IPv4 Format 2 A Must filled setting The Router ID of this router on BGP protocol Create Edit BGP Network Ru...

Page 124: ...to a maximum of 32 rule sets When Add button is applied BGP Neighbor Rule Configuration screen will appear BGP Neighbor Configuration Item Value setting Description Neighbor IP 1 IPv4 Format 2 A Must...

Page 125: ...IPv4 Format Subnet Mask N A Routing record of Subnet Mask IPv4 Format Gateway IP N A Routing record of Gateway IP IPv4 Format Metric N A Routing record of Metric Numeric String Format Interface N A R...

Page 126: ...PoE AP Router 126 2 7 DNS DDNS not supported Not supported feature for the purchased product leave it as blank...

Page 127: ...cess It is indeed required that an access gateway satisfies the requirements of latency critical applications minimum access right guarantee fair bandwidth usage for same subscribed condition and flex...

Page 128: ...can be based on VLAN ID MAC Address IP Address Host Name or Packet Length Differentiated Services Specify the service type in a QoS rule for the target packets to be applied on Differentiated services...

Page 129: ...e depends on model Outbound Inbound Control One QoS rule can be applied to the outbound or inbound direction of packet flow even them both This feature depends on model Two QoS rule examples are liste...

Page 130: ...to the code value AF Class2 High Drop he can use the Rule based QoS function to carry out this rule by defining an QoS rule as shown in above configuration Under such configuration all packets from W...

Page 131: ...nction Configuration Item Value Setting Description QoS Type 1 Software is selected by default 2 The box is unchecked by default Select the QoS Type from the dropdown list and then click Enable box to...

Page 132: ...n the following WAN Interface Resource screen will show the related resources for configuration Bandwidth of Upstream Downstream Specify total upload download bandwidth of the selected WAN Value Range...

Page 133: ...WAN interface to apply the QoS rule Select All WANs or a certain WAN n to filter the packets entering to or leaving from the interface s Group 1 A Must filled setting 2 Src MAC Address is selected by...

Page 134: ...min rate max rate and rate unit as the bandwidth settings in the Control Function Set MINR MAXR field Connection Sessions Select Connection Sessions as the resource type for the QoS Rule and you have...

Page 135: ...oup will have his own QoS service resource as specified in the rule Group Control If Group Control is selected all the group hosts share the same QoS service resource Time Schedule 1 A Must filled set...

Page 136: ...ription Item Value setting Description Add N A Click the Add button to configure time schedule rule Delete N A Click the Delete button to delete selected rule s When Add button is applied Time Schedul...

Page 137: ...ect everyday or one of weekday Start Time Time format hh mm Start time in selected weekday End Time Time format hh mm End time in selected weekday Save N A Click Save to save the settings Undo N A Cli...

Page 138: ...PoE AP Router 138 3 2 User not supported Not supported feature for the purchased product leave it as blank...

Page 139: ...Name 1 String format can be any text 2 A Must filled setting Enter a group name for the rule It is a name that is easy for you to understand Member List NA This field will indicate the hosts members c...

Page 140: ...Add the members to the group in this field You can enter the member information as specified in the Member Type above and press the Join button to add Only one member can be add at a time so you have...

Page 141: ...Server Go to Object Definition External Server External Server tab The External Server setting allows user to add external server Create External Server When Add button is applied External Server Con...

Page 142: ...t 1 The values must be between 1 and 60 Idle Timeout By default 1 The values must be between 1 and 15 Secondary Shared Key String format any text Authentication Protocol By default CHAP is selected Se...

Page 143: ...r the external server Server Port A Must filled setting Specify the Port used for the external server If you selected a certain server type the default server port number will be set For Email Server...

Page 144: ...endorsements whom the person examining the certificate might know and trust The device also plays as a CA role Certificates are an important component of Transport Layer Security TLS sometimes called...

Page 145: ...fier in the signature algorithm identifier of certificates Subject Name A Must filled setting This field is to specify the information of certificate Country C is the two letter ISO code for the count...

Page 146: ...omatically re enroll aging certificates The box is unchecked by default When SCEP is activated check the Enable box to activate this function It will be automatically check which certificate is aging...

Page 147: ...ients In addition since it has the root CA it also can sign Certificate Signing Requests CSR to form corresponding certificates for others These certificates can be used for two remote peers to make s...

Page 148: ...Name Country C TW State ST Taiwan Location L Tainan Organization O AMITHQ Organization Unit OU HQRD Common Name CN HQRootCA E mail hqrootca amit com tw Configuration Path My Certificate Local Certific...

Page 149: ...ons to complete the whole user scenario Use default value for those parameters that are not mentioned in the tables Configuration Path My Certificate Local Certificate Configuration Name BranchCRT Sel...

Page 150: ...nterface They both serve as the NAT security gateways Gateway 1 generates the root CA and a local certificate HQCRT that is signed by itself Import the certificates of the root CA and HQCRT into the T...

Page 151: ...es or CSRs for representing the gateway The Local Certificate Configuration window can let you fill required information necessary for corresponding certificate to be generated by itself or correspond...

Page 152: ...Attributes A Must filled setting This field is to specify the extra information for generating a certificate Challenge Password for the password you can use to request certificate revocation in the fu...

Page 153: ...format can be any text 2 A Must filled setting This is an alternative approach to import a certificate You can directly fill in Copy and Paste the PEM encoded certificate string and click the Apply bu...

Page 154: ...be used for two remote peers to make sure their identity during establishing a VPN tunnel Scenario Description same as the one described in My Certificate section Gateway 1 generates the root CA and a...

Page 155: ...sued Certificate sections to complete the setup for the whole user scenario Configuration Path Trusted Certificate Trusted CA Certificate List Command Button Import Configuration Path Trusted Certific...

Page 156: ...into the Trusted Client Certificate List of the Gateway 1 and the Local Certificate List of the Gateway 2 For more details refer to the Network B operation procedure in My Certificate section of this...

Page 157: ...port the specified CA certificate file to the gateway Import from a PEM 1 String format can be any text 2 A Must filled setting This is an alternative approach to import a CA certificate You can direc...

Page 158: ...n to generate CA Identifier 1 String format can be any text Fill in optional CA Identifier to identify which CA could be used for signing certificates Save N A Click Save to save the settings Close N...

Page 159: ...Import Trusted Client Key When Import button is applied a Trusted Client Key Import screen will appear You can import a Trusted Client Key from an existed file or directly paste a PEM encoded string a...

Page 160: ...sage Scenario Scenario Application Timing same as the one described in My Certificate section When the enterprise gateway owns the root CA and VPN tunneling function it can generate its own local cert...

Page 161: ...the gateway of Network A in headquarters and the subnet of its Intranet is 10 0 76 0 24 It has the IP address of 10 0 76 2 for LAN interface and 203 95 80 22 for WAN 1 interface The Gateway 2 is the...

Page 162: ...em Value setting Description Certificate Signing Request CSR Import from a File A Must filled setting Select a certificate signing request file you re your computer for importing to the gateway Certif...

Page 163: ...y They can be Virtual COM and Modbus 4 1 1 Port Configuration Before using the supported field communication function like Virtual COM or Modbus you need to configure the physical communication port f...

Page 164: ...OM or Modbus Interface RS 232 is set by default Select RS 232 or RS 485 physical interface for connecting to the access device s with the same interface specification Baud Rate 19200 is set by default...

Page 165: ...17 modes for remote accessing the connected serial device These operation modes are illustrated as below TCP Client Mode When the administrator expects the gateway to actively establish a TCP connecti...

Page 166: ...TCP connection will be automatically disconnected from the host computer by using the TCP alive check timeout or idle timeout settings UDP Mode If both the Remote Host Computer and the serial device...

Page 167: ...it is required to specify the IP address of the host computers to establish connection with Any 3rd party driver supporting RFC2217 can be used to install in the host computer the driver establishes...

Page 168: ...a specified period You may also enable full time connection with the TCP server Enable TCP Client Mode Window Item Value setting Description Operation Mode A Must filled setting Select TCP Client Conn...

Page 169: ...ting 2 Default value is 4001 Enter the TCP port number This is the listen port of the remote TCP server Value Range 1 65535 Serial Port SPort 0 is set by default Apply the TCP server connection for a...

Page 170: ...to allow any TCP clients to connect Otherwise choose Specific IP to limit certain TCP clients Max Connection 1 Max 4 connections 2 1 is set by default Set the maximum number of concurrent TCP connect...

Page 171: ...Check the box to specify the rule for selected Serial Port Definition Enable The box is unchecked by default Check the Enable box to enable the rule Save N A Click Save to save the settings Undo N A C...

Page 172: ...ancel the settings Specify Remote UDP Specify Remote UDP hosts Window Item Value setting Description Host A Must filled setting Press Edit button to enter IP address range of remote UDP hosts Remote P...

Page 173: ...of RFC 2217 connection Value Range 1 65535 Trust Type Allow All is set by default Choose Allow All to allow any clients to connect Otherwise choose Specific IP to limit certain clients Connection Idle...

Page 174: ...2217 Clients for Access Window Item Value setting Description Host A Must filled setting Enter the IP address range of allowed clients Serial Port The box is unchecked by default Check the box to spec...

Page 175: ...truments over RS 485 without additional programming or effort NOTE When Modbus devices are connected to under the same serial port of IoT Modbus Gateway those Modbus devices must use the same protocol...

Page 176: ...atus like Cellular Network Status device DI DO status to remote Modbus Master via Modbus communication With the Slave option enabled the Modbus Master device can request the information or sending con...

Page 177: ...e in Port Configuration screen to enable Modbus communication on the serial port Enable Modbus Gateway Gateway Configuration Item Value setting Description Modbus Gateway The box is checked by default...

Page 178: ...nsmitters off and their receivers back on Setup TCP IP Connection for Receiving Modbus Master Request The following Modbus TCP Configuration items allow user to set up the TCP connection settings so t...

Page 179: ...k Enable box to enable this rule Serial Port Unchecked by default Check the Enable box to enable the rule in chosen Serial Port Enable Unchecked by default Check the Enable box to enable this rule Ena...

Page 180: ...0 2G 1 none 2 3G 3 3 5G 4 6 3 75G 7 LTE 4 DI_STATUS_1 R 0 OFF 1 ON 5 DI_STATUS_2 R 0 OFF 1 ON 6 DO_STATUS_1 R W 0 OFF 1 ON 7 DO_STATUS_2 R W 0 OFF 1 ON Modbus Priority Definition Message Buffering mus...

Page 181: ...ave N A Click the Save button to save the settings Specify the definition of attached serial device s Press Edit Button to select serial mode and other configuration in the following setting Modbus Se...

Page 182: ...ange 1 to 247 Enter the Modbus ID range for the Modbus TCP Slave s that will respond to the Master s request In addition to specify the Slave IP and Port for accessing those Remote Modbus RTU Salve s...

Page 183: ...he collected data in local storage in CSV file format When the network connection recovered admin user can download the data log files manually via FTP or web UI for further reference and maintenance...

Page 184: ...its data acquisition process and if required the administrator can also get the stored data log files to tell if everything goes well or not Under the Data Logging Proxy mode user has to create some...

Page 185: ...roxy function and execute the pre defined data acquisition task by itself The Modbus request issued by the Modbus Gateway Data Logging Proxy The response data that sent out from the polled Slave devic...

Page 186: ...or Internal depends on the product specification Save NA Click the Save button to save the settings Note 1 If there is no available storage device the Enable checkbox will be grayed and you can t ena...

Page 187: ...cify a certain read function for the Data Logging Proxy to issue and record the responses from device s Start Address 1 A Must filled setting 2 Range 0 to 65535 Specify the Start Address of registers...

Page 188: ...tting Specify a name as the identifier of the data logging rule Value Range 1 16 characters Mode Sniffer is selected by default Select an expected data logging scheme for the data logging rule There a...

Page 189: ...cify the timeout value for querying Modbus Master If no response from the master for the specified timeout setting selected proxy rule will be triggered and applied with the data logging rule Note If...

Page 190: ...owing Log File list screen The default Log File management settings will be applied if user didn t change it via the Edit button When the Edit button is applied Log File Configuration screen will appe...

Page 191: ...n Delete File After Upload 1 An Optional filled setting 2 The box is unchecked by default If Auto Upload is activated user can further specify whether to delete the transferred log from the gateway st...

Page 192: ...on or a combination of the two The tunnel technology supports data confidentiality data origin authentication and data integrity of network information by utilizing encapsulation protocols encryption...

Page 193: ...ient as the initiator and the IPSec VPN server as the responder This gateway can be configured as different roles and establish number of tunnels with various remote devices Before going to setup the...

Page 194: ...routed via this IPSec tunnel including HQ server access and Internet access you can just enable the Full Tunnel setting As a result every time users surfs web or searching data on Internet checking p...

Page 195: ...PoE AP Router 195...

Page 196: ...and it must have a Static IP or FQDN It can allow many VPN clients initiators to connect to with various tunnel scenarios In short with a simple Dynamic VPN server setting many VPN clients can connect...

Page 197: ...Product specification The specified value will limit the maximum number of simultaneous IPSec tunnel connection The default value can be different for the purchased model Save N A Click Save to save...

Page 198: ...s in tunnel mode The difference among them is the number of subnets With Host to Host IPSec operates in transport mode Hub and Spoke 1 An optional setting 2 None is set by default Select from the drop...

Page 199: ...or Delete button to add or delete a Local Subnet Note_1 When Dynamic VPN option in Tunnel Scenario is selected there will be only one subnet available Note_2 When Host to Site or Host to Host option...

Page 200: ...agement section Local ID An optional setting Specify the Local ID for this IPSec tunnel to authenticate Select User Name for Local ID and enter the username The username may include but can t be all n...

Page 201: ...erver Client or None Selected None no X Auth authentication is required Selected Server this gateway will be an X Auth server Click on the X Auth Account button to create remote X Auth client account...

Page 202: ...ES 256 Specify the Authentication method It can be None MD5 SHA1 SHA2 256 Specify the DH Group It can be None Group1 Group2 Group5 Group14 Group15 Group16 Group17 Group18 Check Enable box to enable th...

Page 203: ...set as ESP they are not available for AH Encapsulation Specify the PFS Group It can be None Group1 Group2 Group5 Group14 Group15 Group16 Group17 Group18 Click Enable to enable this setting Save N A C...

Page 204: ...er the Key ID English alphabet or number Local Remote Configuration Window Item Value setting Description Local Subnet A Must fill setting Specify the Local Subnet IP address and Subnet Mask Local Net...

Page 205: ...y Available encryptions are None MD5 SHA1 SHA2 256 The key length for MD5 is 32 SHA1 is 40 and SHA2 256 is 64 Note When AH option in Encapsulation Protocol is selected None option in Authentication wi...

Page 206: ...selected by default The IPSec tunneling scenario is fixed to Dynamic VPN Operation Mode 1 A Must fill setting 2 Alway on is selected by default The available operation mode is Always On Failover opti...

Page 207: ...and enter the Key ID English alphabet or number Remote ID An optional setting Specify the Remote ID for this IPSec tunnel to authenticate Select User Name for Remote ID and enter the username The use...

Page 208: ...upports both OpenVPN Server and OpenVPN Client features to meet different application requirements There are two OpenVPN connection scenarios They are the TAP and TUN scenarios The product can create...

Page 209: ...and operates with layer 2 packets In bridge mode the VPN client is given an IP address on the same subnet as the LAN resided under the OpenVPN server Under such configuration the OpenVPN client can di...

Page 210: ...or the gateway to operate Configuration Item Value setting Description OpenVPN The box is unchecked by default Check the Enable box to activate the OpenVPN function Server Client Server Configuration...

Page 211: ...guration window can let you enable the OpenVPN server function specify the virtual IP address of OpenVPN server when remote OpenVPN clients dial in and the authentication protocol OpenVPN Server Confi...

Page 212: ...is chosen in Tunnel Scenario Local Endpoint IP Address A Must filled setting Specify the virtual Local Endpoint IP Address of this OpenVPN gateway Value Range The IP format is 10 8 0 x the range of x...

Page 213: ...default Blowfish is selected Specify the Encryption Cipher from the dropdown list It can be Blowfish AES 256 AES 192 AES 128 None Hash Algorithm By default SHA 1 is selected Specify the Hash Algorithm...

Page 214: ...at any text Specify the TLS Auth Key Note TLS Auth Key will be available only when TLS is chosen in Authorization Mode Client to Client The box is checked by default Check the Enable box to enable the...

Page 215: ...Fix will be available only when UDP is chosen in Protocol CCD Dir Default File 1 An Optional setting 2 String format any text Specify the CCD Dir Default File Value Range 0 256 characters Client Conn...

Page 216: ...pplied OpenVPN Client Configuration screen will appear OpenVPN Client Configuration window let you specify the required parameters for an OpenVPN VPN client such as OpenVPN Client Name Interface Proto...

Page 217: ...ver for this OpenVPN Client tunnel Fill in the remote subnet address and remote subnet mask Redirect Internet Traffic 1 An Optional setting 2 The box is unchecked by default Check the Enable box to ac...

Page 218: ...sh Algorithm It can be SHA 1 MD5 MD4 SHA2 256 SHA2 512 None Disable LZO Compression By default Adaptive is selected Specify the LZO Compression scheme It can be Adaptive YES NO Default Persis Key 1 An...

Page 219: ...E DSS AES256 SHA Note TLS Cipher will be available only when TLS is chosen in Authorization Mode TLS Auth Key 1 An Optional setting 2 String format any text Specify the TLS Auth Key for connecting to...

Page 220: ...s 1500 by default Specify the value of Tunnel UDP Fragment Value Range 0 1500 Note Tunnel UDP Fragment will be available only when UDP is chosen in Protocol Tunnel UDP MSS Fix The box is unchecked by...

Page 221: ...ket Filter URL Blocking Content Filter MAC Control Application Filter IPS and some firewall options The supported function can be different for the purchased gateway 5 2 1 Packet Filter not supported...

Page 222: ...PoE AP Router 222 5 2 2 URL Blocking not supported Not supported feature for the purchased product leave it as blank...

Page 223: ...ddresses he can use the MAC Control function to reject with the black list configuration MAC Control with Black List Scenario As shown in the diagram enable the MAC control function and specify the MA...

Page 224: ...st Deny MAC Address Below is set by default When Deny MAC Address Below is selected as the name suggest packets specified in the rules will be blocked black listed In contrast with Allow MAC Address B...

Page 225: ...s easy for you to remember MAC Address Use to Compose 1 MAC Address string Format 2 A Must fill setting Specify the Source MAC Address to filter rule Time Schedule A Must fill setting Apply Time Sched...

Page 226: ...PoE AP Router 226 5 2 4 Content Filter not supported Not supported feature for the purchased product leave it as blank...

Page 227: ...PoE AP Router 227 5 2 5 Application Filter not supported Not supported feature for the purchased product leave it as blank...

Page 228: ...bout this activity attempt to block stop it and report it You can enable the IPS function and check the listed intrusion activities when needed You can also enable the log alerting so that system will...

Page 229: ...ion IPS The box is unchecked by default Check the Enable box to activate IPS function Log Alert The box is unchecked by default Check the Enable box to activate to activate Event Log Save N A Click Sa...

Page 230: ...traffic threshold in this field ICMP Flood Defense Click Enable box to activate this intrusion prevention rule and enter the traffic threshold in this field Value Range 10 10000 Port Scan Defection 1...

Page 231: ...nchecked by default 3 Traffic threshold is set to 300 by default 4 The value range can be from 10 to 10000 Click Enable box to activate this intrusion prevention rule and enter the traffic threshold i...

Page 232: ...ord the packet information like IP address port address ACK SEQ number and so on while they pass through the gateway and the gateway checks every incoming packet to detect if this packet is valid Disc...

Page 233: ...h packets from unknown users Discard Ping from WAN Remote Administrator Hosts Scenario Discard Ping from WAN makes any host on the WAN side can t ping this gateway reply any ICMP packets Enable the Di...

Page 234: ...uter allows network administrator to manage router remotely The network administrator can assign specific IP address and service port to allow accessing the router Remote Administrator Host Definition...

Page 235: ...field is to specify a Service Port to HTTP or HTTPS connection Value Range 1 65535 Enabling the rule The box is unchecked by default Click Enable box to activate this rule Save N A Click Enable box t...

Page 236: ...practice computer systems Centralized management has a time and effort trade off that is related to the size of the company the expertise of the IT staff and the amount of technology being used This...

Page 237: ...can edit the plain text configuration settings in the configuration screen as above Plain Text Configuration Item Value setting Description Clean NA Clean text area You should click Save button to fur...

Page 238: ...Must filled Setting Specify the Trusted CA certificate for the OpenVPN client It will go through Base64 Conversion OPENVPN_LOCAL_CERT A Must filled Setting Specify the local certificate for OpenVPN cl...

Page 239: ...s a configuration file ex txtConfig clone tmp config The contents in the configuration file are the same as the plain text commands mentioned above This action is exactly the same as performing the Ba...

Page 240: ...ith your ISP or the ACS provider for help At the right upper corner of TR 069 Setting screen one Help command let you see the same message about that Scenario Managing deployed gateways through an ACS...

Page 241: ...peration Procedure In above diagram the ACS server can manage multiple gateways in the Internet The Gateway 1 is one of them and has 118 18 81 33 IP address for its WAN 1 interface When all remote gat...

Page 242: ...service port and the account information for connection requesting from the ACS server and the time interval for job inquiry Except the inquiry time there are no activities between the ACS server and...

Page 243: ...ssword and manually set ConnectionRequest Port 1 A Must filled setting 2 By default 8099 is set You can ask ACS manager provide ACS ConnectionRequest Port and manually set Value Range 0 65535 Connecti...

Page 244: ...ata on the managed systems as variables The protocol also permits active management tasks such as modifying and applying a new configuration through remote modification of these variables The variable...

Page 245: ...ege IP address can manage the devices but other remote NMS can t Parameter Setup Example Following tables list the parameter configuration as an example for the Gateway 1 in above diagram with SNMP en...

Page 246: ...he manager uses SNMPv3 protocol for configuring the Gateway 1 Only the UserName1 account can let the Gateway 1 accept the configuration from the NMS since the authority of the account is Read Write On...

Page 247: ...ault Select the version for the SNMP When Check the v1 box It means you can access SNMP by version 1 When Check the v2c box It means you can access SNMP by version 2c When Check the v3 box It means yo...

Page 248: ...Specify this version 1 or version v2c user s community that will be allowed Read Only GET and GETNEXT or Read Write GET GETNEXT and SET access respectively The maximum length of the community is 32 En...

Page 249: ...Password 1 String format any text When your Privacy Mode is authNoPriv or authPriv you must specify the Password for this version 3 user Value Range 8 64 characters Authentication 1 None is selected b...

Page 250: ...any legal OID The OID Filter Prefix restricts access for this version 3 user to the sub tree rooted at the given OID Value Range 1 2080768 Enable 1 The box is checked by default Click Enable to enabl...

Page 251: ...Value setting Description Server IP 1 A Must filled setting 2 String format any Ipv4 address Specify the trap Server IP The DUT will send trap to the server IP Server Port 1 String format any port num...

Page 252: ...the authNoPriv You must specify the Authentication and Password Selected the authPriv You must specify the Authentication Password Encryption and Privacy Key Authentication 1 A v3 Must filled setting...

Page 253: ...mber 2 A Must filled setting 3 String format any number Specify the Enterprise Number for the particular private MIB Value Range 1 2080768 Enterprise OID 1 The default value is 1 3 6 1 4 1 12823 4 4 9...

Page 254: ...ice supports both Telnet and SSH Secure Shell CLI with default service port 23 and 22 respectively Telnet SSH Scenario Scenario Application Timing When the administrator of the gateway wants to manage...

Page 255: ...nable Scenario Operation Procedure In above diagram Local Admin or Remote Admin can manage the Gateway in the Intranet or Internet The Gateway is the gateway of Network A and the subnet of its Intrane...

Page 256: ...CLI 1 The LAN Enable box is checked by default 2 The WAN Enable box is unchecked by default Check the Enable box to activate the Telnet with CLI function for connecting from WAN LAN interfaces Connect...

Page 257: ...2 The default password for telnet is m2mamit Type old password and specify new password to change root password Note You are highly recommended to change the default telnet password with yours before...

Page 258: ...gateway Change Password Item Value Setting Description Old Password 1 String any text 2 The default password for web based MMI is admin Enter the current password to enable you unlock to change passwo...

Page 259: ...the counting value an warning message Already reaching maximum Password Guessing times please wait a few seconds will be displayed and ignore the following login trials Login Timeout The Enable box i...

Page 260: ...the system name for identification purpose It can be the manufacture or any name for a device deployment System Information Item Value Setting Description WAN Type N A It displays the WAN Type of WAN...

Page 261: ...auto mode so that the available server will be used for time synchronization one by one Daylight Saving Time 1 It is an optional item 2 Un checked by default Check the Enable button to activate the d...

Page 262: ...P Protocol to get system date and time after you click on the Sync with Timer Server button Note Remember to select a correct time zone for the device otherwise you will just get the UTC Coordinated U...

Page 263: ...ystem Log tab View Email Log History View button is provided for network administrator to view log history on the gateway Email Now button enables administrator to send instant Email for analysis View...

Page 264: ...the First button to jump to the first page Last N A Click the Last button to jump to the last page Download N A Click the Download button to download log to your PC in tar file format Clear N A Click...

Page 265: ...Setting Window Item Value Setting Description Enable Un checked by default Check Enable box to enable sending event log messages to destined Email account defined in the E mail Addresses blank space...

Page 266: ...Debug Log to Storage Log to Storage screen allows network administrator to select the type of events to log and be stored at an internal or an external storage Log to Storage Setting Window Item Value...

Page 267: ...to specify the file name of new firmware by using Browse button and then click Upgrade button to start the FW upgrading process on this device If you want to upgrade a firmware which is from GPL polic...

Page 268: ...this device by clicking the Reboot button and reset this device to default settings by clicking the Reset button System Operation Window Item Value Setting Description Reboot Now is selected by defau...

Page 269: ...echnologically different This gateway embedded FTP SFTP server for administrator to download the log files to his computer or database In the following two sections you can configure the FTP server an...

Page 270: ...downloading so no any write permission is implemented for user file upload to the storage FTP Port Port 21 is set by default Specify a port number for FTP connection The gateway will listen for incomi...

Page 271: ...Transfer Mode Optional setting Check the Enable box to activate the support of ASCII mode data transfers Binary mode is supported by default FTPS FTP over SSL TLS Optional setting Check the Enable bo...

Page 272: ...e String non blank string Enter the user account for login to the FTP server Value Range 1 15 characters Password String no blank Enter the user password for login to the FTP server Directory N A Sele...

Page 273: ...to test whether it is alive after clicking on the Ping button A test result window will appear beneath it Tracert Test Optional setting Trace route tracert command is a network diagnostic tool for di...

Page 274: ...e to save the captured packets in log storage If Split Files option is also enabled the file name will be appended with an index code _ index The extension file name is pcap Split Files 1 An optional...

Page 275: ...further specify some filter rules to capture the packets which matched the rules Capture Fitters Item Value setting Description Filter Optional setting Check Enable box to activate the Capture Filter...

Page 276: ...Cs which means the destination MAC address of packets Packets which match the rule will be captured Up to 10 MACs are supported but they must be separated with e g AA BB CC DD EE FF 11 22 33 44 55 66...

Page 277: ...PoE AP Router 277 Chapter 7 Service 7 1 Cellular Toolkit not supported Not supported feature for the purchased product leave it as blank...

Page 278: ...ific functionality of the gateway On receiving the managing event the gateway will take action to change the functionality collect the required status for administration and also change the status of...

Page 279: ...cted Modbus devices Notifying Events Trigger Type Digital Input Power Change Connection Change WAN LAN VLAN WiFi DDNS Administration Modbus and Data Usage Actions Notify the administrator with SMS Sys...

Page 280: ...to activate the Event Management function Enable SMS Management To use the SMS management function you have to configure some important settings first SMS Configuration Item Value setting Description...

Page 281: ...Account for managing the gateway through the SMS It supports up to a maximum of 5 accounts You can click the Add Edit button to configure the SMS account SMS Account Configuration Item Value setting...

Page 282: ...ail Service Configuration Item Value setting Description Email Server Option Select an Email Server profile from External Server setting for the email account setting Email Addresses 1 Internet E mail...

Page 283: ...haracters Description 1 Any text 2 An Optional setting Specify a brief description for the profile DI Source ID1 by default Specify the DI Source It could be ID1 or ID2 The number of available DI sour...

Page 284: ...on for the profile DO Source ID1 by default Specify the DO Source It could be ID1 Normal Level Low by default Specify the Normal Level It could be Low or High Total Signal Period 1 Numberic String for...

Page 285: ...dit button to configure the profile Modbus Notifying Events Profile Item Value setting Description Modbus Name 1 String format 2 A Must filled setting Specify the Modbus profile name Value Range 1 32...

Page 286: ...ify the Device ID of the modbus device It could be from 1 to 247 Register 1 Numberic String format 2 A Must filled setting Specify the Register number of the modbus device Value Range 0 65535 Logic Co...

Page 287: ...ting Description Modbus Name 1 String format 2 A Must filled setting Specify the Modbus profile name Value Range 1 32 characters Description 1 Any text 2 An Optional setting Specify a brief descriptio...

Page 288: ...the modbus device Value Range 1 247 Register 1 Numberic String format 2 A Must filled setting Specify the Register number of the modbus device Value Range 0 65535 Value 1 Numberic String format 2 A M...

Page 289: ...naging Events function Create Edit Managing Event Rules Setup the Managing Event rules It supports up to a maximum of 128 rules When Add button is applied the Managing Event Configuration screen will...

Page 290: ...ngs as the action for the event VPN Select VPN Checkbox and the interested sub items IPSec Tunnel ON Off PPTP Client On Off L2TP Client On Off OpenVPN Client On Off the gateway will change the setting...

Page 291: ...gger and handlers Enable Notifying Events Configuration Item Value setting Description Notifying Events The box is unchecked by default Check the Enable box to activate the Notifying Events function C...

Page 292: ...ased product Description String format any text Enter a brief description for the Notifying Event Action All box is unchecked by default Specify at least one action to take when the expected event is...

Page 293: ...n status for the gateway They are the System Information System Information History and Network Interface Status The display will be refreshed once per second From the menu on the left select Status D...

Page 294: ...atistic graphs for the CPU and memory Network Interface Status The Network Interface Status screen shows the statistic information for each network interface of the gateway The statistic information i...

Page 295: ...et WAN Type N A It displays the method which public IP address is obtained from your ISP Depending on the model purchased it can be Uplink Static IP Dynamic IP PPPoE PPTP or L2TP IP Addr N A It displa...

Page 296: ...s user to manually disconnect the device from the Internet Note Connect button is available when Connection Control in WAN Type setting is set to Connect Manually Refer to Edit button in Basic Network...

Page 297: ...sk of the subnet IPv6 Link local Address N A It displays the current LAN IPv6 Link Local address This is also the IPv6 IP Address user use to access Router s Web based Utility IPv6 Global Address N A...

Page 298: ...ace N A It displays the type of WAN physical interface Depending on the model purchased it can be Ethernet 3G 4G etc Received Packets N A It displays the downstream packets It is reset when the device...

Page 299: ...gateway LAN Client List Item Value setting Description LAN Interface N A Client record of LAN Interface String Format IP Address N A Client record of IP Address Type and the IP Address Type is String...

Page 300: ...er the VAP wireless signal is enabled or disabled Op Mode N A The Wi Fi Operation Mode of VAP Depends of device model modes are AP Router WDS Only and WDS Hybrid Universal Repeater and Client SSID N A...

Page 301: ...ic Network WAN Uplink Internet Setup tab WiFi IDS Status The WiFi Traffic Statistic shows all the received and transmitted packets on WiFi network WiFi IDS Status Item Value setting Description Authen...

Page 302: ...s all the received and transmitted packets on WiFi network WiFi Traffic Statistic Item Value setting Description Op Band N A It displays the Wi Fi Operation Band 2 4G or 5G of VAP ID N A It displays t...

Page 303: ...PoE AP Router 303 8 2 4 DDNS Status not supported Not supported feature for the purchased product leave it as blank...

Page 304: ...status IPSec Tunnel Status Item Value setting Description Tunnel Name N A It displays the tunnel name you have entered to identify Tunnel Scenario N A It displays the Tunnel Scenario specified Local...

Page 305: ...the connection status of the corresponding OpenVPN tunnel The status can be Connected or Disconnected OpenVPN Client Status OpenVPN Client Status Item Value setting Description OpenVPN Client Name N...

Page 306: ...PoE AP Router 306...

Page 307: ...Packet Filter Status Packet Filter Status Item Value setting Description Activated Filter Rule N A This is the Packet Filter Rule name Detected Contents N A This is the logged packet information inclu...

Page 308: ...stamp of the logged packet Date time format Month Day Hours Minutes Seconds Note Ensure IPS Log Alert is enabled Refer to Security Firewall IPS tab Check Log Alert and save the setting Firewall Option...

Page 309: ...e and the login time Format IP Source IP User Name Login User Name Time Date time Example IP 192 168 127 39 User Name admin Time Mar 3 01 34 13 Note Ensure Firewall Options Log Alert is enabled Refer...

Page 310: ...entication This is only available for SNMP version 3 IP Address N A It displays the IP address of SNMP manager Port N A It displays the port number used to maintain connection with the SNMP manager Co...

Page 311: ...ection status with the TR 068 server TR 069 Status Item Value setting Description Link Status N A It displays the current connection status with the TR 068 server The connection status is either On wh...

Page 312: ...Storage tab The Log Storage Status screen shows the status for selected device storage Log Storage Status Log Storage Status screen shows the status of current the selected device storage The status i...

Page 313: ...s button you will see the previous page of track list Next N A Click the Next button you will see the next page of track list First N A Click the First button you will see the first page of track list...

Page 314: ...fic Go to Status Statistics Reports Network Traffic tab Network Traffic Statistics screen shows the historical graph for the selected network interface You can change the interface drop list and selec...

Page 315: ...in statistics Next N A Click the Next button you will see the next page of login statistics First N A Click the First button you will see the first page of login statistics Last N A Click the Last but...

Page 316: ...1998 Eric Young eay cryptsoft com GPL License https www openssl org brctl ethernet bridge administration Stephen Hemminger shemminger osdl org Lennert Buytenhek buytenh gnu org version 1 1 GNU GENERAL...

Page 317: ...02111 1307 USA https sourceforge net projects mrts Openswan Version v2 6 38 GNU GENERAL PUBLIC LICENSE Version 2 June 1991 Copyright C 1989 1991 Free Software Foundation Inc 59 Temple Place Suite 330...

Page 318: ...PServ Version 1 3 4 GNU GENERAL PUBLIC LICENSE Version 2 June 1991 Copyright C 1989 1991 Free Software Foundation Inc 675 Mass Ave Cambridge MA 02139 USA Everyone is permitted to copy and distribute v...

Page 319: ...on the network Version 1 7 Copyright c 2006 2011 Thomas BERNARD CoovaChilli is an open source software access controller for captive portal UAM and 802 1X access provisioning Version 1 3 0 Copyright...

Page 320: ...h Floor Boston MA 02110 1301 USA mysql 5_1_72 a release of MySQL a dual license SQL database server Version 5 1 72 Copyright c 2000 2013 Oracle and or its affiliates FreeRadius a high performance and...

Reviews:

No comments

Brands by name

Popular brands

Load more brands