Amit ODG851-0TCP001 User Manual Download Page 1

 

 
 
 
 

 
 

 

 

 

Outdoor

 

Cellular

 

Gateway

ODG851

0TCP001

 

 

User

 

Manual

 

Summary of Contents for ODG851-0TCP001

Page 1: ...Outdoor Cellular Gateway ODG851 0TCP001 User Manual...

Page 2: ...r CE RED Requirements 16 1 6 Hardware Installation 18 1 6 1 Mount the Unit 18 1 6 2 Insert the SIM Card 19 1 6 3 Connecting PoE Power 20 1 6 4 Connecting to the Network or a Host 21 1 6 5 Setup by Con...

Page 3: ...ion 104 2 8 QoS 110 2 8 1 QoS Configuration 110 Chapter 3 Object Definition 119 3 1 Scheduling 119 3 1 1 Scheduling Configuration 119 3 2 User 121 3 2 1 User List 121 3 2 2 User Profile 123 3 2 3 User...

Page 4: ...Authentication 226 5 3 1 Captive Portal 226 5 3 2 MAC Authentication 230 Chapter 6 Administration 232 6 1 Configure Manage 232 6 1 1 Command Script 233 6 1 2 TR 069 236 6 1 3 SNMP 240 6 1 4 Telnet wi...

Page 5: ...Notifying Events 296 Chapter 8 Status 298 8 1 Dashboard 298 8 1 1 Device Dashboard 298 8 2 Basic Network 300 8 2 1 WAN Uplink Status 300 8 2 2 LAN VLAN Status 304 8 2 3 WiFi Status 305 8 2 4 DDNS Sta...

Page 6: ...Outdoor Cellular Gateway 6 8 5 5 Portal Usage 325 Appendix A GPL WRITTEN OFFER 326...

Page 7: ...y and flexible to install in various outdoor sites Built in an 802 3at standard compliant PoE Power over Ethernet PD it s easy to power up this outdoor gateway via an Ethernet cable and a standard PoE...

Page 8: ...ems Description Contents Quantity 1 ODG851 0TCP00A Outdoor Cellular Gateway 1pcs 2 CD Manual 1pcs 3 Mount Kits Bracket 1pcs Mount Kits Metal Ring 2pcs Screw M6 L16 Washer ID6 6 OD11 8 T1 5 Sprlng ID6...

Page 9: ...Items Description Contents Comments 1 802 3at Compliant PoE Power Injector Gigabit 30W Standard 802 3 af at compliant 2 Compatible Passive PoE Power Injector Gigabit 30W Passive PoE Injector AMIT ODG...

Page 10: ...k and easy way to resort the default setting Press the RESET button continuously for 6 seconds and then release it The device will reset settings to factory default SIM Card Board LED Indicators Reset...

Page 11: ...Outdoor Cellular Gateway 11 Front View LTE main Antenna LTE aux Antenna WiFi 2 5GHz Antenna...

Page 12: ...Outdoor Cellular Gateway 12 Bottom View Wall Mounting Kit...

Page 13: ...WiFi WiFi 1 WiFI 2 Status Green Red Amber OFF WiFi is disabled Green and Steady ON WiFi Module 1 2 4 5GHz and WiFi Module 2 5GHz are enabled Red and Steady ON WiFi Module 1 2 4 5GHz is enabled and Wi...

Page 14: ...s Macintosh or Linux based operating system An installed Ethernet adapter Browser Requirements Internet Explorer 6 0 or higher Chrome 2 0 or higher Firefox 3 0 or higher Safari 3 0 or higher 1 5 2 WAR...

Page 15: ...rface temperature for the metallic enclosure can be very high Especially after operating for a long time installed at a close cabinet without air conditioning support or in a high ambient temperature...

Page 16: ...1 Uplink 1920 1980 MHz Downlink 2110 2170 MHz 24 1 3 dBm WCDMA BAND 8 Uplink 880 915 MHz Downlink 925 960 MHz E GSM Uplink 880 915 MHz Downlink 925 960 MHz 33 2 dBm DCS Uplink 1710 1785 MHz Downlink 1...

Page 17: ...EFTA countries AT BE BG CH CY CY DK DE EE EL ES FI FR HR HU IE IT LT LU LV MT NL NO PL PT RO SI SK SE TR UK 4 DoC Information You can get the DoC information of this product from the following URL htt...

Page 18: ...to install and configure the hardware 1 6 1 Mount the Unit The ODG87A series products can be mounted on a wall or pole It is designed with wall mount bracket for attaching to the wall or fixing on a p...

Page 19: ...the outer SIM card cover There are two SIM slots in the SIM card board The SIM slots in the Bottom side un marked are for the LTE module and the SIM slots in the top side marked as TOP are reserved ju...

Page 20: ...o the device Please follow instructions below to connect PoE power to this device Step 1 Remove RJ45 cover Step 2 Plug Ethernet cable into RJ 45 connector and under the cable gland Step 3 Insert RJ45...

Page 21: ...port of PoE Injector to your computer s network port In this way you can use two RJ45 Ethernet cables to provide power source for the device and connect it to the host PC s Ethernet port for configuri...

Page 22: ...in the world apply various connection protocols to let gateways or user s devices dial in ISPs and then link to the Internet via different kinds of transmit media So the WAN Connection lets you specif...

Page 23: ...ll the available physical interfaces After clicking on the Edit button for the interface in Physical Interface List window the Interface Configuration window will appear to let you configure a WAN int...

Page 24: ...e inserted into the WAN packets from Gateway for specific services Please enable VLAN tagging and specify tag in the WAN physical interface Please be noted that only Ethernet and ADSL physical interfa...

Page 25: ...ected interface from the available interface dropdown list Operation Mode A Must fill setting Define the operation mode of the interface Select Always on to make this WAN always active Note for WAN 1...

Page 26: ...Configuration and related configuration windows for each WAN type For the Internet setup of each WAN interface you must specify its WAN type of physical interface first and then its related parameter...

Page 27: ...one WAN interface This device has featured by using dual SIM cards for one module with special fail over mechanism It is called Dual SIM Failover This feature is useful for ISP switch over when locat...

Page 28: ...SIM A or SIM B card first And when the connection is broken the gateway will switch to use the other SIM card for an alternate automatically and will not switch back to use original SIM card except c...

Page 29: ...terface Physical Interface N A Physical Interface i e 3G 4G shows the type of interface configured to map with Interface Name Operation Mode N A Operation Mode shows the current setting of Connection...

Page 30: ...ult Choose which SIM card you want to use for the connection When SIM A First or SIM B First is selected it means the connection is built first by using SIM A SIM B And if the connection is failed it...

Page 31: ...ly to register the 2G network only Select 2G Prefer to register the 2G network first if it is available Select 3G only to register the 3G network only Select 3G Prefer to register the 3G network first...

Page 32: ...ynamic IP is selected When Dynamic IP is selected it means it will get all IP configurations from the carrier s server and set to the device directly If you have specific application provided by the c...

Page 33: ...authentication Authentication 1 A Must filled setting 2 By default Auto is selected Select the Authentication method for the 3G 4G connection It can be Auto PAP CHAP or None Priority 1 A Must filled s...

Page 34: ...Network WAN Uplink tab for details Note This field is available only when Basic Network WAN Physical Interface Operation Mode is selected to Always on Maximum Idle Time 1 An Optional setting 2 By defa...

Page 35: ...pecified destination Loading Check Enable Loading Check allows the router to ignore unreturned DNS Queries or ICMP requests when WAN bandwidth is fully occupied This is to prevent false link down stat...

Page 36: ...of this device The network device s on your network must use the LAN IP address of this device as their Default Gateway You can change it if necessary Note It s also the IP address of web UI If you c...

Page 37: ...filled setting 2 lo is set by default Specify the Interface type It can be lo or br0 IP Address 1 An Optional setting 2 192 168 123 254 is set by default Enter the addition IP address for this device...

Page 38: ...VLAN Port based VLAN function can group Ethernet ports Port 1 Port 4 and WiFi Virtual Access Points VAP 1 VAP 8 together for differentiated services like Internet surfing multimedia enjoyment VoIP ta...

Page 39: ...s Points VAP 1 VAP 8 together with different VLAN tags for deploying subnets in Intranet All packet flows can carry with different VLAN tags even at the same physical Ethernet port for Intranet These...

Page 40: ...oup is equipped with DHCP 3 server to construct a 192 168 12 x subnet He also configure Meeting Rooms segment with VLAN ID 11 The VLAN group is equipped with DHCP 2 server to construct a 192 168 11 x...

Page 41: ...an specify members of one VLAN group to be able to access Internet or not Following is an example that VLAN groups of VID is 2 and 3 can access Internet but the one with VID is 1 cannot access Interne...

Page 42: ...a communication pair and one VLAN group can join many communication pairs But communication pair doesn t have the transitive property That is A can communicate with B and B can communicate with C it...

Page 43: ...g based Tag based VLAN allows you to add VLAN ID and select member and DHCP Server for this VLAN ID Go to Tag based VLAN List table Save NA Click the Save button to save the configuration Port based V...

Page 44: ...4094 VLAN Tagging Disable is selected by default The rule is activated according to VLAN ID and Port Members configuration when Enable is selected The rule is activated according Port Members configu...

Page 45: ...ver assign a DHCP Server IP Address that the gateway will relay the DHCP requests to the assigned DHCP server DHCP Server Name A Must filled setting Define name of the DHCP Server IP Pool A Must fille...

Page 46: ...the DHCP Server wants to match IP Address A Must filled setting Define the IP Address that the DHCP Server will assign If there is a request from the MAC Address filled in the above field the DHCP Ser...

Page 47: ...nterface If uncheck a certain VLAN ID box it means the VLAN ID member can t access Internet anymore Note VLAN ID 1 is available always it is the default VLAN ID of LAN rule The other VLAN IDs are avai...

Page 48: ...t filled setting Define the VLAN ID number range is 6 4094 Internet Access The box is checked by default Click Enable box to allow the members in the VLAN group access to internet Port The box is unch...

Page 49: ...gateway LAN interface with its default Subnet Mask setting as 255 255 255 0 and its default IP Pool ranges is from 100 to 200 as shown at the DHCP Server List page on gateway s WEB UI User can add mo...

Page 50: ...gn fixed IP address to map the specific client MAC address by select them then copy when targets were already existed in the DHCP Client List or to add some other Mapping Rules by manually in advance...

Page 51: ...ies to assign IP Addresses to the devices on the local area network LAN Create Edit DHCP Server Policy The gateway allows you to custom your DHCP Server Policy If multiple LAN ports are available you...

Page 52: ...DHCP Server Primary DNS IPv4 format The Primary DNS of this DHCP Server Secondary DNS IPv4 format The Secondary DNS of this DHCP Server Primary WINS IPv4 format The Primary WINS of this DHCP Server S...

Page 53: ...e previous setting Back N A When the Back button is clicked the screen will return to the DHCP Server Configuration page View Copy DHCP Client List When DHCP Client List button is applied DHCP Client...

Page 54: ...Configuration Item Value setting Description Option Name 1 String format can be any text 2 A Must filled setting Enter a DHCP Server Option name Enter a name that is easy for you to understand DHCP Se...

Page 55: ...t 3 IP list 4 URL format 5 A Must filled setting Should conform to Type Type Value 66 Single IP Address IPv4 format Single FQDN FQDN format 72 IP Addresses List separated by IPv4 format separated by 1...

Page 56: ...nt dual bands of operation There are several wireless operation modes provided by this device They are AP Router Mode WDS Only Mode and WDS Hybrid Mode You can choose the expected mode from the wirele...

Page 57: ...ices with the wireless gateway make sure your application scenario for WiFi network and choose the most adequate operation mode AP Router Mode This mode allows you to get your wired and wireless devic...

Page 58: ...local Gateway 1 through WDS Both gateways connected by WDS need to setup the remote AP MAC for each other All client hosts under gateway 2 3 can request IP address from the DHCP server at gateway 1 Be...

Page 59: ...nt VAPs As shown in the diagram the clients in VAP 1 and VAP 2 can communicate to each other when VAP Isolation is disabled Wi Fi Security Authentication Encryption Wi Fi security provides complete au...

Page 60: ...e the module is integrated into the product However there is some module with selectable band for user to choose according to his network environment Under such situation you can specify which operati...

Page 61: ...rred WiFi System The dropdown list of WiFi system is based on IEEE 802 11 standard 2 4G Wi Fi can select b g and n only or mixed with each other 5G Wi Fi can select a n and ac only or mixed with each...

Page 62: ...e default value is 1812 RADIUS Shared Key When Shared is selected The pre shared WEP key should be set for authenticating When Auto is selected The device will select Open or Shared by requesting of c...

Page 63: ...key is from 8 to 63 characters You are recommended to use AES encryption instead of any others for security TKIP AES TKIP AES mixed mode It means that the client stations can associate with this devi...

Page 64: ...selected The device will select Open or Shared by requesting of client automatically The check box named 802 1x shows up next to the dropdown list 802 1x The box is unchecked by default When 802 1x is...

Page 65: ...g Apply N A Click the Apply button to apply the saved configuration WDS Hybrid Mode For the WDS Hybrid mode the device bridges all the wired LAN and WLAN clients to another WDS or WDS hybrid enabled W...

Page 66: ...ed by default Enter the SSID for the VAP and decide whether to broadcast the SSID or not The SSID is used for identifying from another AP and client stations will associate with AP according to SSID I...

Page 67: ...lect one as current key The key type can set to HEX or ASCII If HEX is selected the key should consist of 0 to 9 and A to F If ASCII is selected the key should consist of ASCII table TKIP TKIP was pro...

Page 68: ...odule with selectable band for user to choose according to his network environment Under such situation you can specify which operation band is suitable for the application Multiple AP Names 1 A Must...

Page 69: ...shows the data rate between client and this device RSSI0 RSSI1 N A It shows the RX sensitivity RSSI value for each radio path Signal N A The signal strength between client and this device Interface N...

Page 70: ...o to Basic Network WiFi Advanced Configuration Tab Select Target WiFi Target Configuration Item Value setting Description Module Select A Must filled setting Select the WiFi module to check the inform...

Page 71: ...cy and jitter when transmitting multimedia content over a wireless connection Short GI By default 400ns is selected Short GI Guard Interval is defined to set the sending interval between each packet N...

Page 72: ...Outdoor Cellular Gateway 72 2 4 IPv6 not supported Not supported feature for the purchased product leave it as blank...

Page 73: ...eds and activates the NAT function You also can disable the NAT function in Basic Network WAN Uplink Internet Setup WAN Type Configuration page Usually all local hosts or servers behind corporate gate...

Page 74: ...On either side are you in accessing the email server at the LAN side or at the WAN side you don t need to change the IP address of the mail server Configuration Setting Go to Basic Network Port Forwar...

Page 75: ...ers behind office gateway You can set up those servers by using Virtual Server feature After trip if want to access those servers from LAN side by global IP without change original setting NAT Loopbac...

Page 76: ...ows you to access the WAN global IP address from your inside NAT local network It is useful when you run a server inside your network For example if you set a mail server at LAN side your local device...

Page 77: ...box to activate this port forwarding function Virtual Computer The box is checked by default Check the Enable box to activate this port forwarding function Save N A Click the Save button to save the s...

Page 78: ...ed setting When ICMPv4 is selected It means the option Protocol of packet filter rule is ICMPv4 Apply Time Schedule to this rule otherwise leave it as Always refer to Scheduling setting under Object D...

Page 79: ...selected Single Port or Port Range Value Range 1 65535 for Public Port Private Port When GRE is selected It means the option Protocol of packet filter rule is GRE When ESP is selected It means the opt...

Page 80: ...pplied Virtual Computer Rule Configuration screen will appear Virtual Computer Rule Configuration Item Value setting Description Global IP A Must filled setting This field is to specify the IP address...

Page 81: ...are not expected to receive by applications in the gateway or by other client hosts in the Intranet Certainly the DMZ host is also protected by the gateway firewall Activate the feature and specify t...

Page 82: ...activate it DMZ Pass Through Setting Go to Basic Network Port Forwarding DMZ Pass Through tab The DMZ host is a host that is exposed to the Internet cyberspace but still within the protection of fire...

Page 83: ...the product Pass Through Enable The boxes are checked by default Check the box to enable the pass through function for the IPSec PPTP and L2TP With the pass through function enabled the VPN hosts beh...

Page 84: ...ent SIP RTSP file transfer in IM applications etc In order for these protocols to work through NAT or a firewall either the application has to know about an address port number combination that allows...

Page 85: ...lowing diagram The NAT Gateway enables the SIP ALG feature so it will monitor the SIP Phone 1 actions open up the required ports and make the address and port translation in a SIP voice communication...

Page 86: ...cial AP The box is checked by default Check the Enable box to activate the Special AP function ALG Enable The box is checked by default Check the Enable box to activate the SIP ALG function Save N A C...

Page 87: ...Range 1 65535 Incoming Ports 1 A Must filled setting Enter the expected Incoming ports if User defined is selected in the Trigger Port dropdown list If you select other popular application from the d...

Page 88: ...d a private IP address of a local host In addition admin users also map a private IP address range to a public IP address range of equal instances This feature offers another way to make systems behin...

Page 89: ...tton to save the settings Create Edit IP Translation Rule When Add button is applied IP Translation Configuration screen will appear IP Translation Configuration Item Value setting Description Mapping...

Page 90: ...r the required subnet mask if Destination IP is specified above It can be a single IP with 255 255 255 255 32 subnet mask or an IP group limited with proper subnet setting Physical Interface 1 A Must...

Page 91: ...lly directs forwarding on the basis of routing tables which maintain a record of the routes to various network destinations Thus constructing routing tables which are held in the router s memory is ve...

Page 92: ...s of packets to be transferred via which gateway interface and which peer gateway to their destination It can be carried out by the Static Routing feature Dedicated packet flows from the Intranet will...

Page 93: ...c Routing Rule Configuration window will appear to let you define a static routing rule Enable Static Routing Just check the Enable box to activate the Static Routing feature Static Routing Item Value...

Page 94: ...y IP of this static routing rule Interface Auto is set by default Select the Interface of this static routing rule It can be Auto or the available WAN LAN interfaces Metric 1 Numberic String Format 2...

Page 95: ...way supports dynamic routing protocols including RIPv1 RIPv2 Routing Information Protocol OSPF Open Shortest Path First and BGP Border Gateway Protocol for you to establish routing table automatically...

Page 96: ...a routing protocol that uses link state routing algorithm It is the most widely used interior gateway protocol IGP in large enterprise networks It gathers link state information from available routers...

Page 97: ...teway within one AS will links with some other border gateways for exchanging routing information It will distribute the collected data in AS to all routers in other AS As shown in the diagram BGP 0 i...

Page 98: ...e OSPF Configuration window can let you activate the OSPF dynamic routing protocol and specify its backbone subnet Moreover the OSPF Area List window lists all defined areas in the OSPF network Howeve...

Page 99: ...OSPF protocol Select Text will enable Text Authentication with entered the Key in this field on OSPF protocol Select MD5 will enable MD5 Authentication with entered the ID and Key in these fields on...

Page 100: ...ubnet Mask Notation Ex 192 168 1 0 24 2 A Must filled setting The Area Subnet of this router on OSPF Area List Area ID 1 IPv4 Format 2 A Must filled setting The Area ID of this router on OSPF Area Lis...

Page 101: ...st filled setting The ASN Number of this router on BGP protocol Value Range 1 4294967295 Router ID 1 IPv4 Format 2 A Must filled setting The Router ID of this router on BGP protocol Create Edit BGP Ne...

Page 102: ...orts up to a maximum of 32 rule sets When Add button is applied BGP Neighbor Configuration screen will appear BGP Neighbor Configuration Item Value setting Description Neighbor IP 1 IPv4 Format 2 A Mu...

Page 103: ...formation Tab Routing Table Item Value setting Description Destination IP N A Routing record of Destination IP IPv4 Format Subnet Mask N A Routing record of Subnet Mask IPv4 Format Gateway IP N A Rout...

Page 104: ...amic DNS you can refer to Wikipedia website4 5 2 7 1 DNS DDNS Configuration DNS The gateway supports DNS server function for the connected local clients which get the LAN IP from dynamic IP scheme So...

Page 105: ...address to a static domain name allowing the gateway to be more easily accessed from various locations on the Internet As shown in the diagram user registered a domain name to a third party DDNS servi...

Page 106: ...een will appear Pre defined Domain Name Configuration Item Value setting Description Domain Name 1 String format can be any text 2 A Must filled setting Enter a domain name that mapping the IP Address...

Page 107: ...et by default Select your DDNS provider of Dynamic DNS It can be DynDNS org Dynamic DynDNS org Custom NO IP com etc Host Name 1 String format can be any text 2 A Must filled setting Your registered ho...

Page 108: ...irect The box is unchecked by default Check the Enable box to activate this function LAN Interface The box is unchecked by default Select the expected source Interface that can be applied with this fu...

Page 109: ...filled setting 2 Always is selected by default Specify when will the DNS redirect action can be applied It can be Always or WAN Block Always The DNS redirect function can be applied to matched DNS all...

Page 110: ...to access It is indeed required that an access gateway satisfies the requirements of latency critical applications minimum access right guarantee fair bandwidth usage for same subscribed condition and...

Page 111: ...egory can be based on VLAN ID MAC Address IP Address Host Name or Packet Length Differentiated Services Specify the service type in a QoS rule for the target packets to be applied on Differentiated se...

Page 112: ...eature depends on model Outbound Inbound Control One QoS rule can be applied to the outbound or inbound direction of packet flow even them both This feature depends on model Two QoS rule examples are...

Page 113: ...6 199 to the code value AF Class2 High Drop he can use the Rule based QoS function to carry out this rule by defining an QoS rule as shown in above configuration Under such configuration all packets f...

Page 114: ...oS Function Configuration Item Value Setting Description QoS Type 1 Software is selected by default 2 The box is unchecked by default Select the QoS Type from the dropdown list and then click Enable b...

Page 115: ...d then the following WAN Interface Resource screen will show the related resources for configuration Bandwidth of Upstream Downstream Specify total upload download bandwidth of the selected WAN Value...

Page 116: ...le Select All WANs or a certain WAN n to filter the packets entering to or leaving from the interface s Group 1 A Must filled setting 2 Src MAC Address is selected by default Specify the Group categor...

Page 117: ...t MINR MAXR field Connection Sessions Select Connection Sessions as the resource type for the QoS Rule and you have to assign supported session number in the Control Function Set Session Limitation fi...

Page 118: ...pecified in the rule Group Control If Group Control is selected all the group hosts share the same QoS service resource Time Schedule 1 A Must filled setting 2 0 Always is selected by default Apply Ti...

Page 119: ...n description Item Value setting Description Add N A Click the Add button to configure time schedule rule Delete N A Click the Delete button to delete selected rule s When Add button is applied Time S...

Page 120: ...u Select everyday or one of weekday Start Time Time format hh mm Start time in selected weekday End Time Time format hh mm End time in selected weekday Save N A Click Save to save the settings Undo N...

Page 121: ...roups to own common properties Support the exporting and importing of user profiles User groups with their owned name can be bound with multiple services like X Auth NAS RADIUS VPN Accounting Billing...

Page 122: ...k the button to show additional detail information except the ones in User List about the user account including Last Login Time Lease Time Expired Time Idle Timeout and current Idle Time Select Selec...

Page 123: ...for the user account There are 4 available user levels for you to select including Admin Staff Guest and Passenger Admin level of user account can let the user configure the device with fully control...

Page 124: ...ut Group to 1 String format can be any text 2 An Optional setting Enter a group name if you would like to collect the user in a certain user group Profile 1 The box is checked by default 2 A Must fill...

Page 125: ...least 1 character A Z a z and 0 9 are valid Multiple User Members N A Click the Choice button to select multiple user accounts to join the group Multiple Bound Services N A Check the available service...

Page 126: ...ault Specify the routing interface All packets from the group members will be routed via the specified interface Group 1 The box is checked by default 2 A Must filled setting Check the Enable box to a...

Page 127: ...roup Name 1 String format can be any text 2 A Must filled setting Enter a group name for the rule It is a name that is easy for you to understand Member List NA This field will indicate the hosts memb...

Page 128: ...in N A Add the members to the group in this field You can enter the member information as specified in the Member Type above and press the Join button to add Only one member can be add at a time so yo...

Page 129: ...ternal Server Go to Object Definition External Server External Server tab The External Server setting allows user to add external server Create External Server When Add button is applied External Serv...

Page 130: ...efault 1 The values must be between 1 and 60 Idle Timeout By default 1 The values must be between 1 and 15 Secondary Shared Key String format any text Authentication Protocol By default CHAP is select...

Page 131: ...sed for the external server Server Port A Must filled setting Specify the Port used for the external server If you selected a certain server type the default server port number will be set For Email S...

Page 132: ...users endorsements whom the person examining the certificate might know and trust The device also plays as a CA role Certificates are an important component of Transport Layer Security TLS sometimes c...

Page 133: ...identifier in the signature algorithm identifier of certificates Subject Name A Must filled setting This field is to specify the information of certificate Country C is the two letter ISO code for the...

Page 134: ...on Automatically re enroll aging certificates The box is unchecked by default When SCEP is activated check the Enable box to activate this function It will be automatically check which certificate is...

Page 135: ...nd Clients In addition since it has the root CA it also can sign Certificate Signing Requests CSR to form corresponding certificates for others These certificates can be used for two remote peers to m...

Page 136: ...bject Name Country C TW State ST Taiwan Location L Tainan Organization O AMITHQ Organization Unit OU HQRD Common Name CN HQRootCA E mail hqrootca amit com tw Configuration Path My Certificate Local Ce...

Page 137: ...sections to complete the whole user scenario Use default value for those parameters that are not mentioned in the tables Configuration Path My Certificate Local Certificate Configuration Name BranchC...

Page 138: ...N 1 interface They both serve as the NAT security gateways Gateway 1 generates the root CA and a local certificate HQCRT that is signed by itself Import the certificates of the root CA and HQCRT into...

Page 139: ...ficates or CSRs for representing the gateway The Local Certificate Configuration window can let you fill required information necessary for corresponding certificate to be generated by itself or corre...

Page 140: ...xtra Attributes A Must filled setting This field is to specify the extra information for generating a certificate Challenge Password for the password you can use to request certificate revocation in t...

Page 141: ...ring format can be any text 2 A Must filled setting This is an alternative approach to import a certificate You can directly fill in Copy and Paste the PEM encoded certificate string and click the App...

Page 142: ...can be used for two remote peers to make sure their identity during establishing a VPN tunnel Scenario Description same as the one described in My Certificate section Gateway 1 generates the root CA...

Page 143: ...setup for the whole user scenario Configuration Path Trusted Certificate Trusted CA Certificate List Command Button Import Configuration Path Trusted Certificate Trusted CA Certificate Import from a F...

Page 144: ...of the Gateway 1 and the Local Certificate List of the Gateway 2 For more details refer to the Network B operation procedure in My Certificate section of this manual Gateway 2 can establish an IPSec V...

Page 145: ...to import the specified CA certificate file to the gateway Import from a PEM 1 String format can be any text 2 A Must filled setting This is an alternative approach to import a CA certificate You can...

Page 146: ...te CA Identifier 1 String format can be any text Fill in optional CA Identifier to identify which CA could be used for signing certificates Save N A Click Save to save the settings Close N A Click the...

Page 147: ...sted Client Key When Import button is applied a Trusted Client Key Import screen will appear You can import a Trusted Client Key from an existed file or directly paste a PEM encoded string as the key...

Page 148: ...ate Usage Scenario Scenario Application Timing same as the one described in My Certificate section When the enterprise gateway owns the root CA and VPN tunneling function it can generate its own local...

Page 149: ...1 is the gateway of Network A in headquarters and the subnet of its Intranet is 10 0 76 0 24 It has the IP address of 10 0 76 2 for LAN interface and 203 95 80 22 for WAN 1 interface The Gateway 2 is...

Page 150: ...ile Item Value setting Description Certificate Signing Request CSR Import from a File A Must filled setting Select a certificate signing request file you re your computer for importing to the gateway...

Page 151: ...Outdoor Cellular Gateway 151 Chapter 4 Field Communication not supported Not supported feature for the purchased product leave it as blank...

Page 152: ...connection through the use of dedicated connections encryption or a combination of the two The tunnel technology supports data confidentiality data origin authentication and data integrity of network...

Page 153: ...umber of tunnels with various remote devices Before going to setup the VPN connections you may need to decide the scenario type for the tunneling IPSec Tunnel Scenarios To build IPSec tunnel you need...

Page 154: ...searching data on Internet checking personal emails or HQ server access all traffics will go through the secure IPSec tunnel and route by the Security Gateway in control center Site to Site with Hub...

Page 155: ...DN It can allow many VPN clients initiators to connect to with various tunnel scenarios In short with a simple Dynamic VPN server setting many VPN clients can connect to the server But in comparison t...

Page 156: ...ds on Product specification The specified value will limit the maximum number of simultaneous IPSec tunnel connection The default value can be different for the purchased model Save N A Click Save to...

Page 157: ...mong them is the number of subnets With Host to Host IPSec operates in transport mode Hub and Spoke 1 An optional setting 2 None is set by default Select from the dropdown box to setup your gateway fo...

Page 158: ...k Enable box to activate the Redirect Traffic function Note Redirect Traffic is available only for Host to Site specified in Tunnel Scenario By default it is disabled so it can prevent the un expected...

Page 159: ...ey Management section Local ID An optional setting Specify the Local ID for this IPSec tunnel to authenticate Select User Name for Local ID and enter the username The username may include but can t be...

Page 160: ...ect Server Client or None Selected None no X Auth authentication is required Selected Server this gateway will be an X Auth server Click on the X Auth Account button to create remote X Auth client acc...

Page 161: ...192 AES 256 Specify the Authentication method It can be None MD5 SHA1 SHA2 256 Specify the DH Group It can be None Group1 Group2 Group5 Group14 Group15 Group16 Group17 Group18 Check Enable box to enab...

Page 162: ...P they are not available for AH Encapsulation Specify the PFS Group It can be None Group1 Group2 Group5 Group14 Group15 Group16 Group17 Group18 Click Enable to enable this setting Save N A Click Save...

Page 163: ...ote Configuration Window Item Value setting Description Local Subnet A Must fill setting Specify the Local Subnet IP address and Subnet Mask Local Netmask A Must fill setting Specify the Local Subnet...

Page 164: ...D5 SHA1 SHA2 256 The key length for MD5 is 32 SHA1 is 40 and SHA2 256 is 64 Note When AH option in Encapsulation Protocol is selected None option in Authentication will not be available Save N A Click...

Page 165: ...rio is fixed to Dynamic VPN Operation Mode 1 A Must fill setting 2 Alway on is selected by default The available operation mode is Always On Failover option is not available for the Dynamic IPSec scen...

Page 166: ...er Remote ID An optional setting Specify the Remote ID for this IPSec tunnel to authenticate Select User Name for Remote ID and enter the username The username may include but can t be all numbers Sel...

Page 167: ...nt features to meet different application requirements There are two OpenVPN connection scenarios They are the TAP and TUN scenarios The product can create either a layer 3 based IP tunnel TUN or a la...

Page 168: ...mode the VPN client is given an IP address on the same subnet as the LAN resided under the OpenVPN server Under such configuration the OpenVPN client can directly access to the resources in LAN If yo...

Page 169: ...ent for the gateway to operate Configuration Item Value setting Description OpenVPN The box is unchecked by default Check the Enable box to activate the OpenVPN function Server Client Server Configura...

Page 170: ...will appear OpenVPN Server Configuration window can let you enable the OpenVPN server function specify the virtual IP address of OpenVPN server when remote OpenVPN clients dial in and the authenticat...

Page 171: ...Local Endpoint IP Address Remote Endpoint IP Address and Static Key will be displayed Note Static Key will be available only when TUN is chosen in Tunnel Scenario Local Endpoint IP Address A Must fil...

Page 172: ...Default Gateway function Encryption Cipher 1 A Must filled setting 2 By default Blowfish is selected Specify the Encryption Cipher from the dropdown list It can be Blowfish AES 256 AES 192 AES 128 Non...

Page 173: ...Key Note TLS Auth Key will be available only when TLS is chosen in Authorization Mode Client to Client The box is checked by default Check the Enable box to enable the traffics among different OpenVPN...

Page 174: ...DP is chosen in Protocol CCD Dir Default File 1 An Optional setting 2 String format any text Specify the CCD Dir Default File Value Range 0 256 characters Client Connection Script 1 An Optional settin...

Page 175: ...n is applied OpenVPN Client Configuration screen will appear OpenVPN Client Configuration window let you specify the required parameters for an OpenVPN VPN client such as OpenVPN Client Name Interface...

Page 176: ...mask Redirect Internet Traffic 1 An Optional setting 2 The box is unchecked by default Check the Enable box to activate the Redirect Internet Traffic function NAT 1 An Optional setting 2 The box is un...

Page 177: ...efault Adaptive is selected Specify the LZO Compression scheme It can be Adaptive YES NO Default Persis Key 1 An Optional setting 2 The box is checked by default Check the Enable box to activate the P...

Page 178: ...TLS DHE DSS AES256 SHA Note TLS Cipher will be available only when TLS is chosen in Authorization Mode TLS Auth Key 1 An Optional setting 2 String format any text Specify the TLS Auth Key for connecti...

Page 179: ...lue is 1500 by default Specify the value of Tunnel UDP Fragment Value Range 0 1500 Note Tunnel UDP Fragment will be available only when UDP is chosen in Protocol Tunnel UDP MSS Fix The box is unchecke...

Page 180: ...P tunnels It also maintains User Account list user name password for client login authentication There is a virtual IP pool to assign virtual IP to each connected L2TP client L2TP Client It can be mob...

Page 181: ...be transferred based on current routing policy of the gateway at L2TP client peer But if you entered 0 0 0 0 0 in the Remote Subnet field it will be treated as a Default Gateway setting for the L2TP c...

Page 182: ...L2TP Unchecked by default Click the Enable box to activate L2TP function Client Server A Must filled setting Specify the role of L2TP Select Server or Client role your gateway will take Below are the...

Page 183: ...n to L2TP client Value Range Starting Address and Starting Address 8 or 254 Authentication Protocol A Must filled setting Select single or multiple Authentication Protocols for the L2TP server with wh...

Page 184: ...k the enable box to enable the user Click Save button to save new user account The selected user account can permanently be deleted by clicking the Delete button Value Range 1 32 characters As a L2TP...

Page 185: ...ar You can add up to 8 L2TP Clients L2TP Client Configuration Item Setting Value setting Description Tunnel Name A Must filled setting Enter a tunnel name Enter a name that is easy for you to identify...

Page 186: ...server The Remote Subnet format must be IP address netmask e g 10 0 0 2 24 It is for the Intranet of L2TP VPN server So at L2TP client peer the packets whose destination is in the dedicated subnet wil...

Page 187: ...The system determines the service port 1701 for Cisco The system use port 1701 for connecting with CISCO L2TP Server User defined Enter the service port The default value is 0 Value Range 0 65535 Tun...

Page 188: ...res of the Windows PPTP stack The security gateway can play either PPTP Server role or PPTP Client role for a PPTP VPN tunnel or both at the same time for different tunnels PPTP tunnel process is near...

Page 189: ...r a Remote Subnet item is required It is for the Intranet of PPTP server peer So at PPTP client peer the packets whose destination is in the dedicated subnet will be transferred via the PPTP tunnel Ot...

Page 190: ...le box to activate PPTP function Client Server A Must fill setting Specify the role of PPTP Select Server or Client role your gateway will take Below are the configuration windows for PPTP Server and...

Page 191: ...y the last IP address for the subnet from which the PPTP client s IP address will be assigned Value Range Starting Address and Starting Address 8 or 254 Authentication Protocol 1 A Must fill setting 2...

Page 192: ...Save button to save new user account The selected user account can permanently be deleted by clicking the Delete button Value Range 1 32 characters As a PPTP Client When select Client in Client Server...

Page 193: ...to further select a primary tunnel from which to failover to Note Failover mode is not available for the gateway with single WAN Remote IP FQDN 1 A Must fill setting 2 Format can be a ipv4 address or...

Page 194: ...P CHAP MS CHAP MS CHAP v2 MPPE Encryption 1 Unchecked by default 2 an optional setting Specify whether PPTP server supports MPPE Protocol Click the Enable box to enable MPPE Note when MPPE Encryption...

Page 195: ...client or a server even using the same set of configuration rule GRE Tunnel Scenario To setup a GRE tunnel each peer needs to setup its global IP as tunnel IP and fill in the other s global IP as remo...

Page 196: ...GRE Enable GRE Window Item Value setting Description GRE Tunnel Unchecked by default Click the Enable box to enable GRE function Max Concurrent GRE Tunnels Depends on Product specification The specif...

Page 197: ...ays On or Failover If this tunnel is set as a failover tunnel you need to further select a primary tunnel from which to failover to Note Failover mode is not available for the gateway with single WAN...

Page 198: ...server peer controls the flow of any packets from the GRE client peer Certainly those packets come through the GRE tunnel DMVPN Spoke Unchecked by default Specify whether the gateway will support DMV...

Page 199: ...2 Firewall The firewall functions include Packet Filter URL Blocking Content Filter MAC Control Application Filter IPS and some firewall options The supported function can be different for the purchas...

Page 200: ...ite list Allow those match the following rules and define the rules Rule 1 is to allow HTTP packets to pass and Rule 2 is to allow HTTPS packets to pass Under such configuration the gateway will allow...

Page 201: ...cked Log Alert The box is unchecked by default Check the Enable box to activate Event Log Save N A Click Save to save the settings Undo N A Click Undo to cancel the settings Create Edit Packet Filter...

Page 202: ...ned before this option become available Refer to Object Definition Grouping Host grouping You may also access to create a group by the Add Rule shortcut button Destination IP 1 A Must filled setting 2...

Page 203: ...d otherwise select User defined Service and specify a port range Then for Destination Port select a predefined port dropdown box when Well known Service is selected otherwise select User defined Servi...

Page 204: ...ts listed in the rule list will be blocked if one pattern in the requests matches to one rule Other Web requests can pass through the gateway In contrast when you choose Deny all to pass except those...

Page 205: ...URL Domain Name Keyword the destination service ports the integrated time schedule rule and the rule activation Enable URL Blocking Configuration Item Value setting Description URL Blocking The box is...

Page 206: ...ecome available Refer to Object Definition Grouping Host grouping Source MAC 1 A Must filled setting 2 Any is set by default This field is to specify the Source MAC address Select Any to filter packet...

Page 207: ...Schedule Rule A Must filled setting Apply a specific Time Schedule to this rule otherwise leave it as 0 Always If the dropdown list is empty ensure Time Schedule is pre configured Refer to Object Defi...

Page 208: ...MAC addresses he can use the MAC Control function to reject with the black list configuration MAC Control with Black List Scenario As shown in the diagram enable the MAC control function and specify t...

Page 209: ...ite List Deny MAC Address Below is set by default When Deny MAC Address Below is selected as the name suggest packets specified in the rules will be blocked black listed In contrast with Allow MAC Add...

Page 210: ...hat is easy for you to remember MAC Address Use to Compose 1 MAC Address string Format 2 A Must fill setting Specify the Source MAC Address to filter rule Time Schedule A Must fill setting Apply Time...

Page 211: ...enario When the administrator of the gateway wants to block the Web requests for dedicated contents or objects he can use the Web Content Filters function to carry out such request blocking As shown i...

Page 212: ...ate this filter function as the name suggests this pattern matching rule define as the packet with the keyword Cookie Check the Java box to activate this filter function as the name suggests this patt...

Page 213: ...lect IP Range to filter packets coming from a specified range of IP address entered in this field Select IP Address based Group to filter packets coming from a pre defined group selected Note Group mu...

Page 214: ...a rule by using the delimiter If a matching rule is found the packets with http header will be dropped Time Schedule 1 A Must filled setting 2 0 Always is selected by default Apply Time Schedule to th...

Page 215: ...teway is the gateway as a NAT router Specify IP Range 192 168 123 200 250 and enable the Application filters function BT BitTorrent BitSpirit BitComet eDonkey eMule Shareaza MMS RTSP PPStream PPSLive...

Page 216: ...String format can be any text 2 A Must filled setting Enter an application filter rule name that is easy for you to understand Source IP 1 A Must filled setting 2 Any is selected by default Specify th...

Page 217: ...the application filter function you want on this rule The available chat applications include QQ Skype Facebook Aliww and Line P2P Software All boxes are unchecked by default Check the box es to activ...

Page 218: ...ion about this activity attempt to block stop it and report it You can enable the IPS function and check the listed intrusion activities when needed You can also enable the log alerting so that system...

Page 219: ...scription IPS The box is unchecked by default Check the Enable box to activate IPS function Log Alert The box is unchecked by default Check the Enable box to activate to activate Event Log Save N A Cl...

Page 220: ...r the traffic threshold in this field ICMP Flood Defense Click Enable box to activate this intrusion prevention rule and enter the traffic threshold in this field Value Range 10 10000 Port Scan Defect...

Page 221: ...is unchecked by default 3 Traffic threshold is set to 300 by default 4 The value range can be from 10 to 10000 Click Enable box to activate this intrusion prevention rule and enter the traffic thresh...

Page 222: ...to record the packet information like IP address port address ACK SEQ number and so on while they pass through the gateway and the gateway checks every incoming packet to detect if this packet is vali...

Page 223: ...k such packets from unknown users Discard Ping from WAN Remote Administrator Hosts Scenario Discard Ping from WAN makes any host on the WAN side can t ping this gateway reply any ICMP packets Enable t...

Page 224: ...he router allows network administrator to manage router remotely The network administrator can assign specific IP address and service port to allow accessing the router Remote Administrator Host Defin...

Page 225: ...t This field is to specify a Service Port to HTTP or HTTPS connection Value Range 1 65535 Enabling the rule The box is unchecked by default Click Enable box to activate this rule Save N A Click Enable...

Page 226: ...tion to ask guests or passengers to pass the authentication process before they can surf the Internet via the gateway There are two approaches including external captive portal and internal captive po...

Page 227: ...ded one an external LDAP server or an external AD server from the pre defined external server object list NOTE All Internet Packets will be forwarded to Captive Portal Web site of the gateway when Cap...

Page 228: ...ration Item Value setting Description Captive Portal The box is unchecked by default Check the Enable box to activate the Captive Portal function WAN Interface 1 A Must filled setting 2 WAN 1 is selec...

Page 229: ...Optional setting Specify the host IP s for the devices that will not be subjected to the captive portal authentication function The IP s filled in this field can access Internet directly instead of b...

Page 230: ...s unchecked by default Check the Enable box to activate the MAC Authentication function Radius Server A Must filled setting Specify an external RADIUS server for authentication When the MAC Authentica...

Page 231: ...Description Nickname 1 A Must filled setting 2 String format can be any text max 64 characters Enter a nickname for the user that is easy for you to understand Value Range 1 64 characters User Name 1...

Page 232: ...ly in practice computer systems Centralized management has a time and effort trade off that is related to the size of the company the expertise of the IT staff and the amount of technology being used...

Page 233: ...t Check the Enable box to activate the Command Script function Backup Script N A Click the Via Web UI or Via Storage button to backup the existed command script in a txt file Upload Script N A Click t...

Page 234: ...ING_TOUT seconds Specify the timeout value for OpenVPN Client keep alive checking OPENVPN_COMP Adaptive Specify the LZO Compression algorithm for OpenVPN client OPENVPN_AUTH Static Key TLS Specify the...

Page 235: ...system configuration The command format is txtConfig action option Action Option Description clone Output file Duplicate the configuration content from database and stored as a configuration file ex...

Page 236: ...r ISP or the ACS provider for help At the right upper corner of TR 069 Setting screen one Help command let you see the same message about that Scenario Managing deployed gateways through an ACS Server...

Page 237: ...on Procedure In above diagram the ACS server can manage multiple gateways in the Internet The Gateway 1 is one of them and has 118 18 81 33 IP address for its WAN 1 interface When all remote gateways...

Page 238: ...iry Except the inquiry time there are no activities between the ACS server and the gateways until the next inquiry cycle But if the ACS server has new jobs that are expected to do by the gateways urge...

Page 239: ...ovide ACS ConnectionRequest Port and manually set Value Range 0 65535 ConnectionRequest UserName A Must filled setting You can ask ACS manager provide ACS ConnectionRequest Username and manually set C...

Page 240: ...ment data on the managed systems as variables The protocol also permits active management tasks such as modifying and applying a new configuration through remote modification of these variables The va...

Page 241: ...ices but other remote NMS can t Parameter Setup Example Following tables list the parameter configuration as an example for the Gateway 1 in above diagram with SNMP enabling at LAN and WAN interfaces...

Page 242: ...or configuring the Gateway 1 Only the UserName1 account can let the Gateway 1 accept the configuration from the NMS since the authority of the account is Read Write Once a managed device has an urgent...

Page 243: ...by default Select the version for the SNMP When Check the v1 box It means you can access SNMP by version 1 When Check the v2c box It means you can access SNMP by version 2c When Check the v3 box It me...

Page 244: ...text Specify this version 1 or version v2c user s community that will be allowed Read Only GET and GETNEXT or Read Write GET GETNEXT and SET access respectively The maximum length of the community is...

Page 245: ...cters Password 1 String format any text When your Privacy Mode is authNoPriv or authPriv you must specify the Password for this version 3 user Value Range 8 64 characters Authentication 1 None is sele...

Page 246: ...format any legal OID The OID Filter Prefix restricts access for this version 3 user to the sub tree rooted at the given OID Value Range 1 2080768 Enable 1 The box is checked by default Click Enable to...

Page 247: ...Item Value setting Description Server IP 1 A Must filled setting 2 String format any Ipv4 address Specify the trap Server IP The DUT will send trap to the server IP Server Port 1 String format any por...

Page 248: ...ected the authNoPriv You must specify the Authentication and Password Selected the authPriv You must specify the Authentication Password Encryption and Privacy Key Authentication 1 A v3 Must filled se...

Page 249: ...se Number 2 A Must filled setting 3 String format any number Specify the Enterprise Number for the particular private MIB Value Range 1 2080768 Enterprise OID 1 The default value is 1 3 6 1 4 1 12823...

Page 250: ...ng The device supports both Telnet and SSH Secure Shell CLI with default service port 23 and 22 respectively Telnet SSH Scenario Scenario Application Timing When the administrator of the gateway wants...

Page 251: ...Port 22 Enable Scenario Operation Procedure In above diagram Local Admin or Remote Admin can manage the Gateway in the Intranet or Internet The Gateway is the gateway of Network A and the subnet of i...

Page 252: ...with CLI 1 The LAN Enable box is checked by default 2 The WAN Enable box is unchecked by default Check the Enable box to activate the Telnet with CLI function for connecting from WAN LAN interfaces Co...

Page 253: ...racter 2 The default password for telnet is m2mamit Type old password and specify new password to change root password Note You are highly recommended to change the default telnet password with yours...

Page 254: ...iption Old Password 1 String any text 2 The default password for web based MMI is admin Enter the current password to enable you unlock to change password New Password String any text Enter new passwo...

Page 255: ...aching maximum Password Guessing times please wait a few seconds will be displayed and ignore the following login trials Login Timeout The Enable box is unchecked by default Check the Enable box to ac...

Page 256: ...nter the system name for identification purpose It can be the manufacture or any name for a device deployment System Information Item Value Setting Description WAN Type N A It displays the WAN Type of...

Page 257: ...h time server by NTP Protocol to get system date and time after you click on the Synchronize immediately button The second one is Sync with my PC Select the method and the system will synchronize its...

Page 258: ...ll just get the UTC Coordinated Universal Time time not the local time for the device Synchronize with Manually Setting System Time Information Item Value Setting Description Synchronization method 1...

Page 259: ...lect PC as the synchronization method for the system time to let system synchronize its date and time to the time of the administration PC Synchronize immediately N A Click the Active button to synchr...

Page 260: ...System Log tab View Email Log History View button is provided for network administrator to view log history on the gateway Email Now button enables administrator to send instant Email for analysis Vi...

Page 261: ...k the First button to jump to the first page Last N A Click the Last button to jump to the last page Download N A Click the Download button to download log to your PC in tar file format Clear N A Clic...

Page 262: ...Alert Setting Window Item Value Setting Description Enable Un checked by default Check Enable box to enable sending event log messages to destined Email account defined in the E mail Addresses blank...

Page 263: ...e and Debug Log to Storage Log to Storage screen allows network administrator to select the type of events to log and be stored at an internal or an external storage Log to Storage Setting Window Item...

Page 264: ...need to specify the file name of new firmware by using Browse button and then click Upgrade button to start the FW upgrading process on this device If you want to upgrade a firmware which is from GPL...

Page 265: ...eboot this device by clicking the Reboot button and reset this device to default settings by clicking the Reset button System Operation Window Item Value Setting Description Reboot Now is selected by...

Page 266: ...t is technologically different This gateway embedded FTP SFTP server for administrator to download the log files to his computer or database In the following two sections you can configure the FTP ser...

Page 267: ...oading so no any write permission is implemented for user file upload to the storage FTP Port Port 21 is set by default Specify a port number for FTP connection The gateway will listen for incoming FT...

Page 268: ...sfer Mode Optional setting Check the Enable box to activate the support of ASCII mode data transfers Binary mode is supported by default FTPS FTP over SSL TLS Optional setting Check the Enable box to...

Page 269: ...r Name String non blank string Enter the user account for login to the FTP server Value Range 1 15 characters Password String no blank Enter the user password for login to the FTP server Directory N A...

Page 270: ...device to test whether it is alive after clicking on the Ping button A test result window will appear beneath it Tracert Test Optional setting Trace route tracert command is a network diagnostic tool...

Page 271: ...e name to save the captured packets in log storage If Split Files option is also enabled the file name will be appended with an index code _ index The extension file name is pcap Split Files 1 An opti...

Page 272: ...e packets which matched the rules Capture Fitters Item Value setting Description Filter Optional setting Check Enable box to activate the Capture Filter function Source MACs Optional setting Define th...

Page 273: ...packets Packets which match the rule will be captured Up to 10 MACs are supported but they must be separated with e g AA BB CC DD EE FF 11 22 33 44 55 66 The packets will be captured when match any on...

Page 274: ...mmunicating with carrier ISP by USSD command or doing a cellular network scan for diagnostic purpose In Cellular Toolkit section it includes several useful features that are related to cellular config...

Page 275: ...switch to secondary SIM and establish another cellular data connection with secondary SIM automatically If Data Usage feature is enabled all history of cellular data usage can be viewed at Status Stat...

Page 276: ...M Select 3G 4G 1 and SIM A by default Choose a cellular interface 3G 4G 1 or 3G 4G 2 and a SIM card bound to the selected cellular interface to configure its data usage profile Note 3G 4G 2 is only av...

Page 277: ...Restrict Un Checked by default Check the Enable box to activate the connection restriction function During the specified cycle period if the actual data usage exceeds the allowable data limitation th...

Page 278: ...guration Configuration Item Value setting Description Physical Interface The box is 3G 4G 1 by default Choose a cellular interface 3G 4G 1 or 3G 4G 2 for the following SMS function configuration Note...

Page 279: ...received the new SMS this value plus one Remaining SMS N A This value is SMS capacity minus received SMS When received the new SMS this value minus one New SMS N A Click New SMS button a New SMS scre...

Page 280: ...S Inbox List You can read or delete SMS reply SMS or forward SMS from this screen SMS Inbox List Item Value setting Description ID N A The number or SMS From Phone Number N A What the phone number fro...

Page 281: ...and manage PIN code on a SIM card through its web GUI Activate PIN code on SIM Card This gateway device allows you to activate PIN code on SIM card This example shows how to activate PIN code on SIM A...

Page 282: ...nge the SIM PIN setting for the selected SIM Card Note 3G 4G 2 is only available for for the product with dual cellular module SIM Status N A Indication for the selected SIM card and the SIM card stat...

Page 283: ...led the Change PIN code button is disabled In the case if you still want to change the PIN code you have to enable the SIM Lock function first fill in the PIN code and then click the Save button to en...

Page 284: ...ock As mentioned earlier the SIM card will be locked by PUK code after too many trials of failure PIN code In this case the PUK Status will turns to PUK Lock In a normal situation it will display PUK...

Page 285: ...182 alphanumeric characters in length Unlike Short Message Service SMS messages USSD messages create a real time connection during an USSD session The connection remains open allowing a two way excha...

Page 286: ...in the correct pre command and then click on the Send button for the session The responses from the USSD server will be displayed beneath the USSD Command line When commands typed in the USSD Command...

Page 287: ...h your service provider for the details Comments N A Enter a brief comment for the profile Send USSD Request When send the USSD command the USSD Response screen will appear When click the Clear button...

Page 288: ...nning one after another You can also specify the connection sequence of the targeted generation of mobile system 2G 3G LTE Network Scan Configuration Configuration Item Value setting Description Physi...

Page 289: ...appears when the Manually Scan Approach is selected in the Configuration window By clicking on the Scan button and wait for 1 to 3 minutes the found mobile operator system will be displayed for you to...

Page 290: ...ing the devices for some advanced useful purposes For example sending receiving remote managing SMS for the gateway s routine maintaining and so on All of such management and notification function can...

Page 291: ...e box to activate the Event Management function Enable SMS Management To use the SMS management function you have to configure some important settings first SMS Configuration Item Value setting Descri...

Page 292: ...he SMS Account for managing the gateway through the SMS It supports up to a maximum of 5 accounts You can click the Add Edit button to configure the SMS account SMS Account Configuration Item Value se...

Page 293: ...nt Email Service Configuration Item Value setting Description Email Server Option Select an Email Server profile from External Server setting for the email account setting Email Addresses 1 Internet E...

Page 294: ...te the Managing Events function Create Edit Managing Event Rules Setup the Managing Event rules It supports up to a maximum of 128 rules When Add button is applied the Managing Event Configuration scr...

Page 295: ...nistrator Host ID On Off the gateway will change the settings as the action for the event VPN Select VPN Checkbox and the interested sub items IPSec Tunnel ON Off PPTP Client On Off L2TP Client On Off...

Page 296: ...t trigger and handlers Enable Notifying Events Configuration Item Value setting Description Notifying Events The box is unchecked by default Check the Enable box to activate the Notifying Events funct...

Page 297: ...Enter a brief description for the Notifying Event Action All box is unchecked by default Specify at least one action to take when the expected event is triggered SMS Select SMS and the gateway will s...

Page 298: ...ration status for the gateway They are the System Information System Information History and Network Interface Status The display will be refreshed once per second From the menu on the left select Sta...

Page 299: ...the statistic graphs for the CPU and memory Network Interface Status The Network Interface Status screen shows the statistic information for each network interface of the gateway The statistic informa...

Page 300: ...rom your ISP Depending on the model purchased it can be Static IP Dynamic IP PPPoE PPTP L2TP 3G 4G IP Addr N A It displays the public IP address obtained from your ISP for Internet connection Default...

Page 301: ...ally Refer to Edit button in Basic Network WAN Uplink Internet Setup and WAN connection status is connected WAN interface IPv6 Network Status WAN interface IPv6 Network Status screen shows status info...

Page 302: ...y your ISP for your Internet connection Action N A This area provides functional buttons Edit IPv4 Button when press web based utility will take you to the Ethernet LAN configuration page Basic Networ...

Page 303: ...is pressed 3G 4G modem information windows such as Modem Information SIM Status Service Information and Signal Strength Quality will appear Interface Traffic Statistics Interface Traffic Statistics s...

Page 304: ...will be refreshed on every five seconds LAN Client List Item Value setting Description LAN Interface N A Client record of LAN Interface String Format IP Address N A Client record of IP Address Type an...

Page 305: ...whether the VAP wireless signal is enabled or disabled Op Mode N A The Wi Fi Operation Mode of VAP Depends of device model modes are AP Router WDS Only and WDS Hybrid Universal Repeater and Client SSI...

Page 306: ...tatistic shows all the received and transmitted packets on WiFi network WiFi IDS Status Item Value setting Description Authentication Frame N A It displays the receiving Authentication Frame count Ass...

Page 307: ...kets on WiFi network WiFi Traffic Statistic Item Value setting Description Op Band N A It displays the Wi Fi Operation Band 2 4G or 5G of VAP ID N A It displays the VAP ID Received Packets N A It disp...

Page 308: ...dentify DDNS service provider Provider N A It displays the DDNS server of DDNS service provider Effective IP N A It displays the public IP address of the device updated to the DDNS server Last Update...

Page 309: ...tatus Item Value setting Description Tunnel Name N A It displays the tunnel name you have entered to identify Tunnel Scenario N A It displays the Tunnel Scenario specified Local Subnets N A It display...

Page 310: ...of the corresponding OpenVPN tunnel The status can be Connected or Disconnected OpenVPN Client Status OpenVPN Client Status Item Value setting Description OpenVPN Client Name N A It displays the Clie...

Page 311: ...Outdoor Cellular Gateway 311...

Page 312: ...ity VPN L2TP tab L2TP Client Status Item Value setting Description Client Name N A It displays Name for the L2TP Client specified Interface N A It displays the WAN interface with which the gateway wil...

Page 313: ...rity VPN PPTP tab PPTP Client Status Item Value setting Description Client Name N A It displays Name for the PPTP Client specified Interface N A It displays the WAN interface with which the gateway wi...

Page 314: ...ge Packet Filter Status Packet Filter Status Item Value setting Description Activated Filter Rule N A This is the Packet Filter Rule name Detected Contents N A This is the logged packet information in...

Page 315: ...og Alert and save the setting Web Content Filter Status Web Content Filter Status Item Value setting Description Activated Filter Rule N A Logged packet of the rule name String format Detected Content...

Page 316: ...nabled Refer to Security Firewall MAC Control tab Check Log Alert and save the setting Application Filters Status Application Filters Status Item Value setting Description Filtered Application Categor...

Page 317: ...e on Firewall Options String Format Disable or Enable SPI N A Enable or Disable setting status of SPI on Firewall Options String Format Disable or Enable Discard Ping from WAN N A Enable or Disable se...

Page 318: ...authentication This is only available for SNMP version 3 IP Address N A It displays the IP address of SNMP manager Port N A It displays the port number used to maintain connection with the SNMP manag...

Page 319: ...t connection status with the TR 068 server TR 069 Status Item Value setting Description Link Status N A It displays the current connection status with the TR 068 server The connection status is either...

Page 320: ...Log Storage tab The Log Storage Status screen shows the status for selected device storage Log Storage Status Log Storage Status screen shows the status of current the selected device storage The sta...

Page 321: ...revious button you will see the previous page of track list Next N A Click the Next button you will see the next page of track list First N A Click the First button you will see the first page of trac...

Page 322: ...k Traffic Go to Status Statistics Reports Network Traffic tab Network Traffic Statistics screen shows the historical graph for the selected network interface You can change the interface drop list and...

Page 323: ...of login statistics Next N A Click the Next button you will see the next page of login statistics First N A Click the First button you will see the first page of login statistics Last N A Click the La...

Page 324: ...324 8 5 4 Cellular Usage Go to Status Statistics Reports Cellular Usage tab Cellular Usage screen shows data usage statistics for the selected cellular interface The cellular data usage can be accumul...

Page 325: ...se Time of user account is empty the remaining lease time field is shown empty It means that the user account can be used all the time Time Used N A It displays the Time Used since the user login to t...

Page 326: ...tephen Hemminger shemminger osdl org Lennert Buytenhek buytenh gnu org version 1 1 GNU GENERAL PUBLIC LICENSE Version 2 June 1991 tc show manipulate traffic control settings Stephen Hemminger shemming...

Page 327: ...cument but changing it is not allowed https www openswan org Opennhrp Version v0 14 1 OpenNHRP is an NHRP implementation for Linux It has most of the RFC2332 and Cisco IOS extensions Project homepage...

Page 328: ...roaringpenguin com L2TPServ Version v 1 3 1 GNU GENERAL PUBLIC LICENSEVersion 2 June 1991 Copyright C 1989 1991 Free Software Foundation Inc 59 Temple Place Suite 330 Boston MA 02111 1307 USA Everyone...

Page 329: ...lient an NTP RFC 1305 RFC 4330 client for unix alike computers Version 2007_365 Copyright 1997 1999 2000 2003 2006 2007 Larry Doolittle exFAT FUSE based exFAT implementation Version 0 9 8 Copyright C...

Page 330: ...Outdoor Cellular Gateway 330 Version 20080615 Copyright C 1998 2004 WIDE Project BSD License https sourceforge net projects wide dhcpv6...

Reviews: