background image

CM685V-4 User Manual

75

www.comset.com.au

3.6.8 Firewall

3.6.8.1 General Settings

3.6.8.2 Port Forwards

This page includes the “Port Forwards” list and how to add new “Port Forwards” rules.

Summary of Contents for CM685V-4

Page 1: ...CM685V 4 User Manual 1 www comset com au Industrial Grade 3G 4G 4GX Cellular Router User Manual CM685V 4 Comset 37 125 Highbury Rd Burwood VIC 3125 Australia...

Page 2: ...re configuration 14 3 1 Overview 14 3 2 How to log into the Router 14 3 3 Router status 17 3 3 1 Status overview 17 3 3 2 Network status 18 3 3 3 Firewall status 21 3 3 4 Routes 21 3 3 5 System log 22...

Page 3: ...3 6 4 LAN settings 63 3 6 5 Wired WAN 66 3 6 6 WiFi Settings 67 3 6 6 1 Wifi General configuration 68 3 6 6 2 WiFi Advanced Configuration 69 3 6 6 3 WiFi Interface Configuration 70 3 6 6 4 WiFi AP cl...

Page 4: ...ered holders Specifications are subject to change without notice No part of this manual may be reproduced without the consent of Comset All rights reserved WARNING Keep at least a 20 cm distance betwe...

Page 5: ...rt for fixed internet connection and one Ethernet LAN port as well as a GPIO with two digital output ports Other features include VPN IPSEC PPTP L2TP and Open VPN to establish a secure connection over...

Page 6: ...DS bridging WEP WPA WPA2 Personal Enterprise TKIP AES Authenticated encryption mode RS232 interface data transparent transmission and protocol conversion On demand dialing including time on off line v...

Page 7: ...CM685V 4 User Manual 7 www comset com au Chapter 2 2 Hardware Installation 1 Overall Dimensions 2 Accessories 3 Installation 2 1 Overall Dimensions...

Page 8: ...RJ45 Ethernet port RST sys reset button PWR DC power socket DC5 40V standard DC5 50V optional VCC DC wire positive pole GND DC wire ground GND Serial ground RX Serial receive TX Serial transmit RST R...

Page 9: ...i 2 antenna GPS for GPS antenna optional 2 3 Powering up the CM685V 4 Please ensure the SIM card is inserted and the antennas are connected before powering up the router 2 4 SIM UIM card If your route...

Page 10: ...nd PIN 1 is power input Vin DC5 40V I O Terminal on router Serial port RS485 or RS232 PIN Signal Description Note 1 VCC 5 40V DC Input 5 50V optional Current 12V 1A 2 GND Ground 3 GND Ground 4 RX Rece...

Page 11: ...Pin 4 and Pin 5 2 6 Grounding To ensure a safe operation the cabinet where the router is installed should be grounded properly 2 7 Power Supply The CM685V 4 supports a wide range of DC voltage between...

Page 12: ...r power up Blink System set up normally Off or still on after 25 seconds System set up failure LAN Blink Ethernet data transmission Off No Ethernet connection On Ethernet is connected VPN On VPN tunne...

Page 13: ...transmission Off No Ethernet connection On Ethernet is connected Signal Off No signal or signal checking is not ready Blinks once every 4s Signal bar is 1 Blinks once every 3s Signal bar is 2 Blinks...

Page 14: ...are instructions on how to access the web interface and configure the router 3 2 How to log into the Router 3 2 1 Network Configuration The router s default parameters are Default IP 192 168 1 1 Subne...

Page 15: ...CM685V 4 User Manual 15 www comset com au 2 DHCP settings Choose Obtain an IP address automatically and Obtain DNS server address automatically Then click the OK button...

Page 16: ...192 168 1 1 into the address field then press Enter Type in the username and password Both User Name and Password are admin Then click on the Login button To configure the router you can skip the foll...

Page 17: ...CM685V 4 User Manual 17 www comset com au 3 3 Router status 3 3 1 Status overview Click Status in the navigation bar and then click Overview...

Page 18: ...CM685V 4 User Manual 18 www comset com au 3 3 2 Network status The Network status page consists of 3 tabs detailing information about the cell mobile interface WAN and LAN Cell mobile interface page...

Page 19: ...CM685V 4 User Manual 19 www comset com au WAN status page...

Page 20: ...CM685V 4 User Manual 20 www comset com au LAN status page...

Page 21: ...atus The Firewall status page shows the IPv4 and IPv6 rules and counters Here you can reset the counters and restart the firewall functionality 3 3 4 Routes The Routes page shows rules which are curre...

Page 22: ...m boot up The system log resets when the router is restarted You can export the system log by clicking the button Export Syslog 3 3 6 Kernel log This page shows the kernel log from system boot up This...

Page 23: ...CM685V 4 User Manual 23 www comset com au 3 3 7 Realtime graphs The realtime graphs page shows the system load and interfaces traffic in realtime...

Page 24: ...System Configuration 3 4 1 Setup wizard When you login to the router for the first time you will need to configure the Setup Wizard page This page consists of 4 sections General Mobile LAN WiFi Fill i...

Page 25: ...your carrier or SIM Card Provider Authentication method There are three options to choose from None PAP CHAP Please confirm with your carrier the type of authentication Default is None Username Fill...

Page 26: ...imum Transmission Unit It is the maximum size of packets transmitted on the network The default value is 1500 Please configure it to optimise your own network When finished click Save Next Fill in par...

Page 27: ...l in parameters as required then press Finish Note pressing the button Save Next will save the configuration of the current page and jump to the next page All configurations will be applied when you c...

Page 28: ...ngs Local Time This page shows the system time You can sync the time with the browser by clicking the button Sync with browser Hostname It is the router s name The default name is CM685V_W Time zone S...

Page 29: ...g server Here you enter the IP address of the external log server You can setup a Linux machine with syslogd run as a log server External system log server port This is the UDP port of the external lo...

Page 30: ...s password for accessing the device Click the eye button to show the new password you entered 3 4 4 NTP NTP is Network Timing Protocol Enable NTP client The default value is checked The router acts as...

Page 31: ...ckup the configuration files click the button Download Then an archive file will be generated and downloaded to your PC automatically To restore the configuration files click the button Choose File an...

Page 32: ...ettings to prevent conflicting parameters after the firmware upgrade Click the button Choose File and select a compatible firmware then click the button Upload image The router will run a basic check...

Page 33: ...m au 3 4 7 Reset This button resets all configurations to factory default After clicking the button Reset a message will appear prompting you to confirm By clicking OK the router will reset to factory...

Page 34: ...the button Reboot and the system will restart 3 5 Services configuration 3 5 1 ICMP check For a stable operation we suggest you enable ICMP check With this feature the router will periodically ping a...

Page 35: ...t received before the timeout then this ping has failed Max retries When the number of failed pings reaches the Max retries this will trigger the action configured in item Action when failed Interval...

Page 36: ...or LAN s VRRP cluster IP address entry can be deleted by clicking the button or added by clicking the button Virtual ID Routers with the same IDs will be grouped in the same VRRP cluster The legal num...

Page 37: ...CM685V 4 User Manual 37 www comset com au 3 5 3 Failover link backup...

Page 38: ...ere are four options to choose from Wired WAN Wifi_client Cell_mobile and None Host1 to ping Host2 to ping The domain name or IP address for checking the network connection Ping timeout After a ping p...

Page 39: ...et com au 3 5 4 DTU Notes 1 This feature is for the CM685V 4 with DTU option only 2 This feature conflicts with the Connect Radio module and GPS send to serial features Please disable DTU when using e...

Page 40: ...one odd or even Serial databits Can be 7 bits or 8 bits Serial stopbit Can be 1 bit or 2 bits Protocol Both TCP and UDP are supported Service mode Client and Server are supported Enable heartbeat The...

Page 41: ...access If it is unchecked only the LAN subnet can access SNMP Contact Set the contact information here Location Set the router s physical address Name Set the router s name in SNMP Port SNMP service...

Page 42: ...e options None Private and Authorised If it is set to None there is no password required If it is set to Authorised only Authentication method and password are required Authentication Authentication m...

Page 43: ...ing sent GPS Send to Choose between Serial and TCP IP The router will only receive the GPS signal and will not process it It will send this GPS signal to your GPS processor devices or servers If the G...

Page 44: ...M685V 4 User Manual 44 www comset com au Serial baudrate 9600 19200 38400 57600 115200bps Serial parity none odd even Serial databits 7 8 Serial stopbits 1 2 Serial flow control none hardware software...

Page 45: ...reboot operation default is reboot Get Cell Status Command Input the command for router cell status operation default is cellstatus Set cell link up Command Input the command for router cell link up o...

Page 46: ...status For SMS feature please keep the default parameters Wifi on Command input the command for turning on WiFi For SMS feature please keep the default parameters Wifi off Command input the command fo...

Page 47: ...ne number Delete Phone number Click the button Delete SMS command Enable the SMS command feature on this phone number SMS alarm This phone number can receive SMS alarms SMS Receiver Phone Number The p...

Page 48: ...ion method Client and Server Client is the machine which starts the IPSEC connection Remote VPN endpoint Domain name or IP address of the remote endpoint This needs to be accessed over the internet Pr...

Page 49: ...CM685V 4 User Manual 49 www comset com au Note All configurations in Phase 1 Proposal and Phase 2 Proposal must match with the remote endpoint to establish an IPSEC connection 3 5 8 2 PPTP...

Page 50: ...tance Server Domain name or IP address of PPTP server Username Server authentication username Password Server authentication password MTU Maximum Transmission Unit Keep Alive Number of unanswered echo...

Page 51: ...remote IP address lease start Remote IP end The remote IP address lease end ARP Proxy If the remote IP has the same subnet as the LAN check it for connecting with each other Debug For PPTP server debu...

Page 52: ...n username Password Server authentication password MTU Maximum Transmission Unit Keep Alive Number of unanswered echo requests before considering the peer dead The interval between echo requests is 5...

Page 53: ...AN IP L2TP client IP Remote LAN netmask The mask of L2TP client IP the default value is 255 255 255 0 Username Server authentication username Password Server authentication password 3 5 8 4 OpenVPN Th...

Page 54: ...omset com au Note For OpenVPN configuration help hover the cursor over the item to get more information If the item you need is not shown on the main page please check the Additional Field dropdown li...

Page 55: ...live MTU Maximum Transmission Unit Peer IP address Remote WAN IP address Remote Network IP Remote LAN subnet address Remote Netmask Remote LAN subnet mask Local Tunnel IP Virtual IP address This cann...

Page 56: ...er to be reached via a fixed domain name while having a dynamically changing IP address Enabled Enable this instance IP address version IPv4 and IPv6 supported DDNS Service provider Select a suitable...

Page 57: ...IP IP address and domain name are required Log to syslog Writes log messages to the syslog Critical errors will always be written to the syslog Log to file Writes detailed messages to the log file Fil...

Page 58: ...Connect Radio Module feature is used for exchanging data between Radio module and serial Note This feature conflicts with the DTU and GPS sent to serial functions Please make sure the other two featu...

Page 59: ...com au Connect Mode Serial only Modem to Serial Settings Serial baudrate 9600 19200 38400 57600 115200bps Serial parity none odd even Serial databits 7 bits 8 bits Serial stopbit 1 bit 2 bits Serial F...

Page 60: ...d as a WAN port The second Ethernet port and the wireless interface are bridged together and are treated as LAN ports AP Client The wireless apcli interface is treated as a WAN port and the wireless A...

Page 61: ...e a PIN number in which case you leave this field blank Dialing number Fill in the related value This can be obtained from your carrier or SIM Card Provider Authentication method There are three optio...

Page 62: ...example if you fill in 5 the router will go offline after 5 minutes if there is no data for transmission Scheduled The router will dialup or go offline depending on the schedule 3 6 3 Cell mobile data...

Page 63: ...ported IPv6 assignment length Assign a part of given length of every public IPv6 prefix to LAN interface IPv6 assignment hint Assign prefix parts using this hexadecimal sub prefix ID for LAN interface...

Page 64: ...ay metric The LAN subnet s metric to gateway Bridge interfaces LAN bridges wired LAN and WiFi in the same LAN subnet Enable STP Enable Spanning Tree Protocol on LAN The default value is unchecked Igno...

Page 65: ...tatic leases will be served Force Force DHCP on this network even if another server is detected IPv4 Netmask Override the netmask sent to clients Normally it is calculated from the subnet that is serv...

Page 66: ...unce default router Announce as default router even if no public prefix is available 3 6 5 Wired WAN Protocol The default protocol is DHCP client If you need to change it to a different protocol i e P...

Page 67: ...f then on AP Client Scan all frequencies to get the WiFi network information Add Add a new wireless network Disable Disable a wireless network Edit Modify settings of the wireless network Remove Delet...

Page 68: ...6 1 Wifi General configuration Status Shows the WiFi signal strength mode SSID Operating frequency Mode Supports 802 11b g n the Legacy means 802 11b g N means 802 11n Channel Channel 1 11 Width 20MH...

Page 69: ...l 69 www comset com au 3 6 6 2 WiFi Advanced Configuration Country Code Use ISO IEC 3166 alpha2 country codes Distance Optimization Distance to furthest network member in meters Fragmentation Threshol...

Page 70: ...rvice Set Identifier It is the broadcast name Mode Supported options Network Choose the network s you want to attach to this wireless interface or fill out the create field to define a new network Hid...

Page 71: ...ww comset com au Encryption Key It is the password to join the wireless network If the Encryption is set to No Encryption no password is needed MAC Address Filter MAC Address Access Policy Disabled di...

Page 72: ...t to join is on the list click the button Join Network accordingly If it is not click Repeat Scan until you find the WiFi that you want to join Step 3 Join Network Settings Replace wireless configurat...

Page 73: ...CM685V 4 User Manual 73 www comset com au...

Page 74: ...nual 74 www comset com au Step 5 Click the button Save Apply to start the AP client 3 6 7 Interfaces Overview The Interfaces Overview page shows all Interfaces status including uptime MAC address RX T...

Page 75: ...CM685V 4 User Manual 75 www comset com au 3 6 8 Firewall 3 6 8 1 General Settings 3 6 8 2 Port Forwards This page includes the Port Forwards list and how to add new Port Forwards rules...

Page 76: ...nal zone The recommended zone is lan Internal IP address Redirect matched incoming traffic to the specific host Internal port Redirect matched incoming traffic to the given port on the internal host 3...

Page 77: ...CM685V 4 User Manual 77 www comset com au Traffic rules list Open ports on router and create new forward rules...

Page 78: ...l 78 www comset com au Source NAT list and create source NAT rule Traffic rule configuration page This page allows you to change advanced properties of the traffic rule entry such as matched source an...

Page 79: ...rce zone It is the zone that the traffic comes from Source MAC address Traffic rule check if the incoming packet s source MAC address is matched Source address Traffic rule check if the incoming packe...

Page 80: ...on t track Extra argument Passes additional argument to the iptable 3 6 8 4 DMZ In computer networking DMZ is a firewall configuration for securing local area networks LANs IP Address Please Enter the...

Page 81: ...g from remote side to the internal LAN subnet HTTPS access from WAN Allow or deny access to the router web management page from the remote side Remote network Any IP Address Single IP address Subnet I...

Page 82: ...ddress of the next router Notice The Gateway and LAN IP of this router must belong to the same network segment If the destination IP address is that of a host then the Netmask must be 255 255 255 255...

Page 83: ...Off means this port does not belong to VLAN For default settings port 0 belongs to VLAN1 but does not belong to VLAN 2 3 6 11 DHCP and DNS Domain required Don t forward DNS requests without DNS Name A...

Page 84: ...ging Suppress logging of the routine operation of these protocols Allocate IP sequentially Allocate IP addresses sequentially starting from the lowest available address Filter private Do not forward r...

Page 85: ...allowed number of concurrent DNS queries 3 6 12 Diagnostics Ping It is a tool used to test the reachability of a host on an Internet Protocol IP network Traceroute It is a network diagnostic tool for...

Page 86: ...com au 3 6 13 Loopback Interface The default Loopback interface has IP address 127 0 0 1 You can change it if required 3 6 14 Dynamic Routing Dynamic Routing is implemented by quagga 0 99 22 4 Dynami...

Page 87: ...t Path First for IPv6 Telnet port number is 2606 RIP Routing Information Protocol Telnet port number is 2602 RIPng It is an IPv6 reincarnation of the RIP protocol Telnet port number is 2603 BGP Border...

Page 88: ...CM685V 4 User Manual 88 www comset com au Input the password of OSPF Then press key for help 3 6 15 QoS QoS Quality of Service can prioritise network traffic selected by addresses ports or services...

Page 89: ...All the packets share the bucket specified Target The four defaults are priority express normal low Source host Packets matching this source host s single IP or in CIDR notation belong to the bucket...

Reviews: