manualshive.com logo in svg

EtherWAN EW50, User Manual

The EtherWAN EW50 is a high-performance industrial-grade Ethernet switch designed for demanding networking applications. Easily configure and setup the device with the included User Manual, available for free download from our website. Empower your network with the EtherWAN EW50.

Share
Download
background image

EW50 Industrial LTE Cellular Gateway

 

 

174 

 

5.1.2  OpenVPN  

OpenVPN  is  an  application  that  implements  virtual  private  network  (VPN)  techniques  for  creating  secure 
point-to-point  or  site-to-site  connections  in  routed  or  bridged  configurations  and  remote  access  facilities.  It 
uses  a  custom  security  protocol  that  utilizes  SSL/TLS  for  key  exchange.  It  is  capable  of  traversing  network 
address translators (NATs) and firewalls.  

OpenVPN  allows  peers  to  authenticate  each  other  using  a  Static  Key  (pre-shared  key)  or  certificates.  When 
used  in  a  multi-client-server  configuration,  it  allows  the  server  to  release  an  authentication  certificate  for 
every  client,  using  signature  and  certificate  authority.  It  uses  the  OpenSSL  encryption  library  extensively,  as 
well as the SSLv3/TLSv1 protocol, and contains many security and control features. 

OpenVPN  Tunneling  is  a  Client  and  Server  based  tunneling  technology.  The  OpenVPN  Server  must  have  a 
Static IP or a FQDN, and maintain a Client list. The OpenVPN Client may be a mobile user or mobile site with 
public IP or private IP, and requesting the OpenVPN tunnel connection.  The product supports both OpenVPN 
Server and OpenVPN Client features to meet different application requirements.  

There are two OpenVPN connection scenarios. They are the TAP and TUN scenarios. The product can create 
either 

layer-3

 based  IP  tunnel  (TUN),  or  a  layer-2 based  Ethernet  TAP  that  can  carry  any  type  of  Ethernet 

traffic

. In addition to configuring the device as a Server or Client, specify which type of OpenVPN connection 

scenario is to be adopted. 

 

OpenVPN TUN Scenario 

The  term  "TUN"  mode  is  referred  to  routing  mode  and 
operates with layer 3 packets. In routing mode, the VPN 
client  is  given  an  IP  address  on  a  different  subnet  than 
the  local  LAN  under  the  OpenVPN  server.  This  virtual 
subnet  is  created  for  connecting  to  any  remote  VPN 
computers.  In  routing  mode,  the  OpenVPN  server 
creates  a  "TUN"  interface  with  its  own  IP  address  pool 
which  is  different  to  the  local  LAN.  Remote  hosts  that 
dial-in  will  get  an  IP  address  inside  the  virtual  network 
and will have access only to the server where OpenVPN 
resides.  

If you want to offer remote access to a VPN server from 
client(s), and inhibit the access to remote LAN resources 
under  VPN  server,  OpenVPN  TUN  mode  is  the  simplest 

solution. 

As shown in the diagram, the M2M-IoT Gateway is configured as an OpenVPN TUN Client, and connects to an 
OpenVPN  UN  Server.  Once  the  OpenVPN  TUN  connection  is  established,  the  connected  TUN  client  will  be 

Summary of Contents for EW50

Page 1: ...Industrial LTE Cellular Gateway EW50 User Manual...

Page 2: ...der has moderate hardware computer and Internet skills Document Revision Level This section provides a history of the revision changes to this document Revision Document Version Date Description A Ver...

Page 3: ...ACE CAUTION 13 1 5 4 Product Information for CE RED Requirements 14 1 6 Hardware Installation 15 1 6 1 Mount the Unit 15 1 6 2 Insert the SIM Card 15 1 6 3 Connecting Power 16 1 6 4 Connecting DI DO D...

Page 4: ...3 Object Definition 103 3 1 Scheduling 103 3 1 1 Scheduling Configuration 103 3 2 Grouping 105 3 2 1 Host Grouping 105 3 3 External Server 107 3 4 Certificates 110 3 4 1 Configuration 110 3 4 2 My Ce...

Page 5: ...6 1 Configure Manage 221 6 1 1 Command Script 222 6 1 2 TR 069 225 6 1 3 SNMP 230 6 1 4 Telnet with CLI 241 6 1 5 LLDP 245 6 2 System Operation 246 6 2 1 Password MMI 246 6 2 2 System Information 248...

Page 6: ...8 Status 298 8 1 Dashboard 298 8 1 1 Device Dashboard 298 8 2 Basic Network 300 8 2 1 WAN Uplink Status 300 8 2 2 LAN VLAN Status 304 8 2 3 DDNS Status 305 8 3 Security 306 8 3 1 VPN Status 306 8 3 2...

Page 7: ...to respond in real time to events detected by sensors This EW50 is equipped with a host of security features including VPN firewall NAT port forwarding DHCP server and other features for outdoor IP su...

Page 8: ...Description Contents Quantity 1 EW50 Industry LTE Cellular Gateway 1pcs 2 Cellular Antenna 2pcs 3 Power Adapter DC 12V 2A 1 1pcs 3 2 pin Terminal Block 1pcs 4 4 pin Terminal Block 1pcs 5 6 pin Termina...

Page 9: ...utton provides a quick and easy way to restore the default settings Press the RESET button continuously for 6 seconds and then release it The device will reset to factory default settings Reset Button...

Page 10: ...EW50 Industrial LTE Cellular Gateway 10 Bottom View Left View SIM A Slot SIM B Slot 3G 4G Aux Antenna 3G 4G Main Antenna USB Port DI DO Terminal Block MicroSD Slot Power Terminal Block...

Page 11: ...llular connection successfully established under SIM A B Cellular Signal Blue Steady On Signal Strength is 61 100 Slow Flash per Second Signal Strength is 31 60 Fast Flash per 0 5 second Signal Streng...

Page 12: ...inux based operating system An installed Ethernet adapter Browser Requirements Internet Explorer 6 0 or higher Chrome 2 0 or higher Firefox 3 0 or higher Safari 3 0 or higher 1 5 2 WARNING Only use th...

Page 13: ...TION CAUTION The surface temperature for the metallic enclosure can be very high Especially after long periods of operation when installed in a closed cabinet without air conditioning or in a location...

Page 14: ...2500 2570 MHz Downlink 2620 2690 MHz LTE FDD BAND 8 Uplink 880 915 MHz Downlink 925 960 MHz LTE FDD BAND 20 Uplink 832 862 MHz Downlink 791 821 MHz WCDMA BAND 1 Uplink 1920 1980 MHz Downlink 2110 217...

Page 15: ...the SIM Card WARNING BEFORE INSERTING OR CHANGING THE SIM CARD PLEASE MAKE SURE THAT DEVICE POWER IS SWITCHED OFF The SIM card slots are located at the bottom side of the housing Unscrew and remove th...

Page 16: ...right power requirements and polarity There is a DC12V 1A power adapter3 in the package for you to easily connect DC power adapter to this terminal block WARNNING This commercial grade power adapter...

Page 17: ...r terminal block Refer to the following specification for connection of DI and DO devices Mode Specification Digital Input Trigger Voltage high Logic level 1 5V 30V Normal Voltage low Logic level 0 0V...

Page 18: ...RS 232 RXD TXD GND GND RXD TXD RS 485 DATA DATA GND GND DATA DATA 1 6 7 Connecting to the Network or a Host The EW50 series provides RJ45 ports to connect 10 100 1000Mbps Ethernet It can auto detect...

Page 19: ...dress is http 192 168 123 254 4 When you see the login page enter the password admin 5 and then click the Login button 4 The default LAN IP address of this gateway is 192 168 123 254 If you change it...

Page 20: ...user s devices dial in to ISPs and then link to the Internet via different kinds of media So the WAN Connection lets you specify the WAN Physical Interface WAN Internet Setup and WAN Load Balance for...

Page 21: ...Physical Interface page In the Physical Interface page there are two configuration windows Physical Interface List and Interface Configuration The Physical Interface List window shows all the availab...

Page 22: ...rimary That means only when the primary WAN connection is broken the backup connection will be started up to substitute the primary connection As shown in the diagram WAN 2 is backup WAN for WAN 1 WAN...

Page 23: ...e connected continuously from the time the system boots up The failover WAN interface maintains the connection without transferring data traffic This is to shorten the switch time during failover proc...

Page 24: ...tab The Physical Interface allows for the setup of the physical WAN interface and adjustment of WAN s behavior Note Number of available WAN Interfaces varies by model When the Edit button is applied...

Page 25: ...to multiple WAN gateways Operation Mode Required setting Define the operation mode of the interface Select Always on to make this WAN always active Select Disable to disable this WAN interface Select...

Page 26: ...N Type Configuration and related configuration windows for each WAN type For the Internet setup of each WAN interface you must specify its WAN type of physical interface first and then the related par...

Page 27: ...s more expensive but important for cooperate requirements Dynamic IP The assigned IP address for the WAN by a DHCP server is different every time This is cheaper and usually for consumer use PPP over...

Page 28: ...etting Enter the host name provided by your service provider ISP Registered MAC Address Optional setting Enter the MAC address that you have registered with your service provider Or Click the Clone bu...

Page 29: ...PPoE When selected PPPoE WAN Type Configuration will appear Items and settings are explained below PPPoE WAN Type Configuration Item Value setting Description IPv6 Dual Stack 1 Optional setting 2 Unch...

Page 30: ...Subnet Mask Required setting Enter the WAN subnet mask given by your service provider WAN Gateway Required setting Enter the WAN gateway IP address given by your service provider When Dynamic IP is se...

Page 31: ...red setting Enter the WAN gateway IP address given by your service provider When Dynamic IP is selected the above settings are not required Server IP Address Name Required setting Enter the L2TP serve...

Page 32: ...ce it has been booted up and try to reconnect once the connection is down It is recommended to choose this scheme for mission critical applications to ensure full time Internet connection Connect on d...

Page 33: ...ously ICMP Check and FQDN Query are used When there is high connection traffic checking packets will waste bandwidth and the response time of replied packets may also increase To prevent Network Monit...

Page 34: ...When set to Auto value 0 the router selects the best MTU for best Internet connection performance NAT 1 Optional setting 2 NAT is enabled by default Enable NAT Network Address Translation on the WAN c...

Page 35: ...1 Optional setting 2 Box is checked by default Check the Enable box to activate the network monitoring function Checking Method 1 Optional setting 2 DNS Query is set by default Choose either DNS Quer...

Page 36: ...fies the second target of sending DNS query ICMP requests None no second target is required DNS1 set the primary DNS to be the target DNS2 set the secondary DNS to be the target Gateway set the Curren...

Page 37: ...n create only one WAN interface This device features dual SIM cards for one module with special fail over mechanism It is called Dual SIM Failover This feature is useful for ISP switch over when locat...

Page 38: ...witch to use the other SIM card as an alternate and will not switch back to use original SIM card except when the current SIM connection is also broken That is SIM A and SIM B are used iteratively but...

Page 39: ...en SIM A only or SIM B only is selected it will try to dial up only using the SIM card you selected When Failback is checked it means if the connection is dialed up not using the main SIM you selected...

Page 40: ...is likely to connect to an improper network or fail to find a valid APN for your ISP APN 1 Required setting 2 String format any text Enter the APN you want to use to establish the connection This is...

Page 41: ...profile for the connection or modify the contents of an APN profile you have added It is available only when you select Dial Up Profile as APN Profile List This lists all the APN profiles you created...

Page 42: ...p 3G 4G Connection Common Configuration Here you can change common configurations for 3G 4G WAN 3G 4G Connection Common Configuration Item Value setting Description Connection Control By default Auto...

Page 43: ...a non zero value it means only the client with this MAC address can get the WAN IP address Note When the IP Pass through is on NAT and WAN IP Alias will be unavailable until the function is disabled a...

Page 44: ...ected disconnection times to be the threshold before disconnection is acknowledged Target 1 1 Optional setting 2 DNS1 is selected by default Target1 specifies the first target of sending DNS query ICM...

Page 45: ...LAN IP mode is fixed in Static IP mode Dynamic IP If all the available WAN inferfaces are disabled the LAN IP mode can be Dynamic IP mode LAN IP Address 1 Required setting 2 192 168 123 254 is set by...

Page 46: ...iguration Item Value setting Description Name 1 Optional setting Enter the name for the alias IP address Interface 1 Required setting 2 lo is set by default Specify the Interface type It can be lo or...

Page 47: ...ort based VLAN Port based VLANs can group Ethernet ports Port 1 Port 4 and Wi Fi Virtual Access Points VAP 1 VAP 8 together for differentiated services like Internet surfing multimedia enjoyment VoIP...

Page 48: ...nd Wi Fi Virtual Access Points VAP 1 VAP 8 together with different VLAN tags for deployment in subnets All packet flows can carry different VLAN tags even at the same physical Ethernet port These flow...

Page 49: ...equipped with DHCP 3 server to construct a 192 168 12 x subnet He also configures the Meeting Rooms segment with VLAN ID 11 The VLAN group is equipped with DHCP 2 server to construct a 192 168 11 x su...

Page 50: ...n specify members of one VLAN group to be able to access Internet or not Following is an example that VLAN groups of VID is 2 and 3 can access Internet but the one with VID 1 cannot access Internet Th...

Page 51: ...is a communication pair and one VLAN group can join many communication pairs But communication pairs do not have a transitive property That is if A can communicate with B and B can communicate with C...

Page 52: ...d VLAN allows you to add VLAN ID and select members and DHCP Server for this VLAN ID Go to Tag based VLAN List table Save NA Click the Save button to save the configuration Port based VLAN Create Edit...

Page 53: ...ule It has default text and cannot be modified VLAN ID Required setting Define the VLAN ID number range is 1 4094 VLAN Tagging Disable is selected by default The rule is activated according to VLAN ID...

Page 54: ...N group DHCP Server IP Address for DHCP Relay only Required setting If you select Relay type of DHCP Server assign a DHCP Server IP Address that the gateway will relay the DHCP requests to the assigne...

Page 55: ...dress target that the DHCP Server wants to match IP Address Required setting Define the IP Address that the DHCP Server will assign If there is a request from the MAC Address filled in the above field...

Page 56: ...rs are allowed to access WAN interface If a VLAN ID box is unchecked it means the VLAN ID member can t access the Internet Note VLAN ID 1 is always available it is the default VLAN ID of the LAN Other...

Page 57: ...ption VALN ID Required setting Define the VLAN ID number range is 6 4094 Internet Access The box is checked by default Click Enable box to allow the members in the VLAN group access to internet Port U...

Page 58: ...N interface with its default Subnet Mask setting as 255 255 255 0 and its default IP Pool range is from 100 to 200 as shown at the DHCP Server List page on gateway s Web UI More DHCP server configurat...

Page 59: ...strial LTE Cellular Gateway 59 Fixed Mapping User can assign fixed IP address to a specific client MAC address when targets already exist in the DHCP Client List or add other Mapping Rules manually in...

Page 60: ...r policies to assign IP Addresses to the devices on the local area network LAN Create Edit DHCP Server Policy The gateway allows you to customize your DHCP Server Policy If multiple LAN ports are avai...

Page 61: ...rmat The Primary DNS of this DHCP Server Secondary DNS IPv4 format The Secondary DNS of this DHCP Server Primary WINS IPv4 format The Primary WINS of this DHCP Server Secondary WINS IPv4 format The Se...

Page 62: ...k N A When the Back button is clicked the screen will return to the DHCP Server Configuration page View Copy DHCP Client List When DHCP Client List button is applied DHCP Client List screen will appea...

Page 63: ...Option Configuration Item Value setting Description Option Name 1 String format any text 2 Required setting Enter a DHCP Server Option name DHCP Server Select Dropdown list of all available DHCP serv...

Page 64: ...format 3 IP list 4 URL format 5 Required setting Should conform to Type 66 66 72 72 114 114 Enable Unchecked by default Click Enable box to activate this setting Save NA Click the Save button to save...

Page 65: ...lmost all Internet traffic IPv6 also implements additional features not present in IPv4 It simplifies aspects of address assignment stateless address auto configuration network renumbering and router...

Page 66: ...esses and IPv6 DNS The above diagram depicts IPv6 IP addressing Use the information provided by your ISP to setup the IPv6 network DHCPv6 DHCP in IPv6 performs the same function as DHCP in IPv4 The DH...

Page 67: ...oE PPPoEv6 server DSLAM on the ISP side provides IPv6 configuration upon receiving PPPoEv6 client request When PPPoEv6 server gets client request and successfully authenticates it the server sends IP...

Page 68: ...rnet IPv4 to IPv6 migration 6in4 uses tunneling to encapsulate IPv6 traffic over explicitly configured IPv4 links As defined in RFC 4213 the 6in4 traffic is sent over the IPv4 Internet inside IPv4 pac...

Page 69: ...nabled 2 Required setting Define the selected IPv6 WAN Connection Type to establish the IPv6 connectivity Select Static IPv6 when your ISP provides you with a set IPv6 addresses Then go to Static IPv6...

Page 70: ...DNS Server Secondary DNS Optional setting Enter the WAN secondary DNS Server MLD Snooping Unchecked by default Enable Disable the MLD Snooping function LAN Configuration LAN Configuration Item Value s...

Page 71: ...DNS Cannot be modified by default Enter the WAN secondary DNS Server MLD Unchecked by default Enable Disable the MLD Snooping function LAN Configuration LAN Configuration Item Value setting Descripti...

Page 72: ...act your ISP Value Range 0 45 characters Connection Control Fixed value The value is Auto reconnect Always on MTU Required setting Enter the MTU for setting up PPPoEv6 connection If you need more info...

Page 73: ...ry DNS Server MLD Unchecked by default Enable Disable the MLD Snooping function LAN Configuration LAN Configuration Item Value setting Description Global Address Optional setting Enter the LAN IPv6 Ad...

Page 74: ...Client IPv6 Address from tunnel broker in this field Primary DNS Optional setting Enter the WAN primary DNS Server Secondary DNS Optional setting Enter the WAN secondary DNS Server MLD Unchecked by de...

Page 75: ...Router Advertisement Lifetime Required setting Enter the Router Advertisement Lifetime in seconds 200 is set by default Value Range 0 65535 Select Stateful to manage the Local Area Network to be Stat...

Page 76: ...eds and activates the NAT function You also can disable the NAT function in Basic Network WAN Uplink Internet Setup WAN Type Configuration page Usually all local hosts or servers behind corporate gate...

Page 77: ...pback feature is enabled When accessing the email server from the LAN side or at the WAN side you don t need to change the IP address of the mail server Configuration Setting Go to Basic Network Port...

Page 78: ...gateway from outside the network Those servers can be set up by using Virtual Server feature NAT Loopback can allow access to servers from the LAN side with a global IP address and no change in settin...

Page 79: ...ort forwarder for E mail service NAT Loopback allows you to access the WAN global IP address from your inside NAT local network It is useful when you run a server inside your network For example if yo...

Page 80: ...o activate this port forwarding function Virtual Computer The box is checked by default Check the Enable box to activate this port forwarding function Save N A Click the Save button to save the settin...

Page 81: ...cheduling setting under Object Definition Check Enable box to enable this rule When TCP is selected the protocol of packet filter rule is TCP Public Port is a predefined port from Well known Service a...

Page 82: ...packet filter rule is GRE When ESP is selected the protocol of packet filter rule is ESP When SCTP is selected the protocol of packet filter rule is SCTP When User defined is selected the protocol of...

Page 83: ...er sets When the Add button is applied the Virtual Computer Rule Configuration screen will appear Virtual Computer Rule Configuration Item Value setting Description Global IP Required setting Specify...

Page 84: ...ackets are not expected to be received by applications in the gateway or by other client hosts in the Intranet The DMZ host is also protected by the gateway firewall Activate the feature and specify t...

Page 85: ...red setting 2 Default is ALL Check the Enable box to activate the DMZ function Define the selected interface to be the packet entering interface of the gateway and fill in the IP address of Host LAN I...

Page 86: ...hich maintain a record of the routes to various network destinations Thus constructing routing tables which are held in the router s memory is very important for efficient routing Most routing algorit...

Page 87: ...pecify what kinds of packets will be transferred via which gateway interface and which peer gateway to their destination It can be carried out by the Static Routing feature Dedicated packet flows from...

Page 88: ...ow will appear to let you define a static routing rule Enable Static Routing Check the Enable box to activate the Static Routing feature Static Routing Item Value setting Description Static Routing Th...

Page 89: ...IP of this static routing rule Interface Auto is set by default Select the Interface of this static routing rule It can be Auto or the available WAN LAN interfaces Metric 1 Numeric String Format 2 Re...

Page 90: ...tions This gateway supports dynamic routing protocols including RIPv1 RIPv2 Routing Information Protocol OSPF Open Shortest Path First and BGP Border Gateway Protocol to establish the routing table au...

Page 91: ...routing protocol that uses link state routing algorithm It is the most widely used interior gateway protocol IGP in large enterprise networks It gathers link state information from available routers...

Page 92: ...The major BGP gateway within one AS will link with other border gateways for exchanging routing information It will distribute the collected data in AS to all routers in other AS As shown in the diagr...

Page 93: ...configured individually The RIP Configuration window lets you choose which version of RIP protocol to be activated or to disable it The OSPF Configuration window lets you activate the OSPF dynamic rou...

Page 94: ...otocol OSPF Configuration OSPF Configuration Item Value setting Description OSPF Disable is set by default Click Enable box to activate the OSPF protocol Router ID 1 IPv4 Format 2 Required setting The...

Page 95: ...o a maximum of 32 rule sets When the Add button is applied the OSPF Area Rule Configuration screen will appear OSPF Area Configuration Item Value setting Description Area Subnet 1 Classless Inter Doma...

Page 96: ...IPv4 Format 2 Required setting The Router ID of this router on BGP protocol Create Edit BGP Network Rules The gateway allows you to customize your BGP Network rules It supports up to a maximum of 32 r...

Page 97: ...ation screen will appear BGP Neighbor Configuration Item Value setting Description Neighbor IP 1 IPv4 Format 2 Required setting The Neighbor IP of this router on BGP Neighbor List Remote ASN 1 Numeric...

Page 98: ...estination IP IPv4 Format Subnet Mask N A Routing record of Subnet Mask IPv4 Format Gateway IP N A Routing record of Gateway IP IPv4 Format Metric N A Routing record of Metric Numeric String Format In...

Page 99: ...address which changes each time you connect your Internet service provider The Dynamic DNS service allows the gateway to alias a public dynamic IP address to a static domain name allowing the gateway...

Page 100: ...default Select the WAN Interface IP Address of the gateway Provider DynDNS org Dynamic is set by default Select your DDNS provider of Dynamic DNS It can be DynDNS org Dynamic DynDNS org Custom NO IP...

Page 101: ...DNS Redirect Unchecked by default Check the Enable box to activate this function LAN Interface Unchecked by default Select the expected source Interface that can be applied with this function Save N A...

Page 102: ...tion 1 Required setting 2 Always is selected by default Specify when the DNS redirect action can be applied It can be Always or WAN Block Always The DNS redirect function can be applied to matching DN...

Page 103: ...ton description Item Value setting Description Add N A Click the Add button to configure time schedule rule Delete N A Click the Delete button to delete selected rule s When the Add button is applied...

Page 104: ...from menu Select every day or a weekday Start Time Time format hh mm Start time in selected weekday End Time Time format hh mm End time in selected weekday Save N A Click Save to save the settings Und...

Page 105: ...service types may differ by product type When the Add button is applied the Host Group Configuration screen will appear Host Group Configuration Item Value setting Description Group Name 1 String for...

Page 106: ...he Join button to add Only one member can be added at a time Member List NA This field will indicate the hosts members contained in the group Bound Services The boxes are unchecked by default Binding...

Page 107: ...ternal Server Go to Object Definition External Server External Server tab The External Server setting allows the user to add external server Create External Server When the Add button is applied the E...

Page 108: ...nd 60 Idle Timeout By default 1 The values must be between 1 and 15 Secondary Shared Key String format any text Authentication Protocol By default CHAP is selected Session Timeout By default 1 The val...

Page 109: ...ernal server Server Port Required setting Specify the Port used for the external server If you selected a certain server type the default server port number will be set For Email Server 25 will be set...

Page 110: ...f signed certificate or other users endorsements whom the person examining the certificate might know and trust The device also plays as a CA role Certificates are an important component of Transport...

Page 111: ...set identifier in the signature algorithm identifier of certificates Subject Name Required setting This field is to specify the information of certificate Country C is the two letter ISO code for the...

Page 112: ...CEP function Automatically re enroll aging certificates Unchecked by default When SCEP is activated check the Enable box to activate this function It will automatically check for certificate aging If...

Page 113: ...her CAs and Clients In addition since it has the root CA it also can sign Certificate Signing Requests CSR to form corresponding certificates for others These certificates can be used for two remote p...

Page 114: ...ts Subject Name Country C TW State ST Taiwan Location L Taipei Organization O EWANHQ Organization Unit OU HQRD Common Name CN HQRootCA E mail hqrootca etherwan com tw Configuration Path My Certificate...

Page 115: ...owing two sections to complete the whole user scenario Use the default value for parameters that are not mentioned in the tables Configuration Path My Certificate Local Certificate Configuration Name...

Page 116: ...for WAN 1 interface They both serve as the NAT security gateways Gateway 1 generates the root CA and a local certificate HQCRT that is signed by itself It imports the certificates of the root CA and...

Page 117: ...ificates or CSRs for representing the gateway The Local Certificate Configuration window lets you enter the required information necessary for corresponding certificate to be generated by itself or co...

Page 118: ...ess format Extra Attributes Required setting This field is to specify the extra information for generating a certificate Challenge Password for the password you can use to request certificate revocati...

Page 119: ...coded 1 String format any text 2 Required setting This is an alternative approach to import a certificate You can directly fill in Copy and Paste the PEM encoded certificate string and click the Apply...

Page 120: ...These certificates can be used for two remote peers to confirm their identity when establishing a VPN tunnel Scenario Description same as described in My Certificate section Gateway 1 generates the ro...

Page 121: ...mplete the setup for the whole user scenario Configuration Path Trusted Certificate Trusted CA Certificate List Command Button Import Configuration Path Trusted Certificate Trusted CA Certificate Impo...

Page 122: ...te List of the Gateway 1 and the Local Certificate List of the Gateway 2 For more details refer to the Network B operation procedure in My Certificate section of this manual Gateway 2 can establish an...

Page 123: ...Apply button to import the specified CA certificate file to the gateway Import from a PEM 1 String format any text 2 Required setting This is an alternative approach to importing a CA certificate You...

Page 124: ...nerate CA Identifier 1 String format any text Fill in optional CA Identifier to identify which CA could be used for signing certificates Save N A Click Save to save the settings Close N A Click the Cl...

Page 125: ...ort Trusted Client Key When the Import button is applied the Trusted Client Key Import screen will appear You can import a Trusted Client Key from an existed file or directly paste a PEM encoded strin...

Page 126: ...ned Certificate Usage Scenario Scenario Application Timing same as described in My Certificate section When the enterprise gateway owns the root CA and VPN tunneling function it can generate its own l...

Page 127: ...ateway of Network A in headquarters and the subnet of its Intranet is 10 0 76 0 24 It has the IP address of 10 0 76 2 for LAN interface and 203 95 80 22 for WAN 1 interface Gateway 2 is the gateway of...

Page 128: ...R Import from a File Item Value setting Description Certificate Signing Request CSR Import from a File Required setting Select a certificate signing request file from your computer for importing to th...

Page 129: ...AN or the Internet They can be Virtual COM and Modbus 4 1 1 Port Configuration Before using the supported field communication function like Virtual COM or Modbus you need to configure the physical com...

Page 130: ...modes can be Virtual COM Modbus and IEC 60870 5 Interface RS 232 is set by default Select RS 232 or RS 485 physical interface for connecting to the access device s with the same interface specificatio...

Page 131: ...ver UDP and RFC2217 modes for remote accessing of the connected serial device These operation modes are illustrated below TCP Client Mode When the administrator expects the gateway to actively establi...

Page 132: ...P connection will be automatically disconnected from the host computer by using the TCP alive check timeout or idle timeout settings UDP Mode If both the Remote Host Computer and the serial device are...

Page 133: ...is being created it is required to specify the IP address of the host computers to establish connection with Any 3rd party driver supporting RFC 2217 can be installed in the host computer The driver e...

Page 134: ...e device disconnects from the server when the connection is Idle for a specified period You may also enable full time connection with the TCP server Enable TCP Client Mode Window Item Value setting De...

Page 135: ...imeout Transmit 1 Optional setting 2 Default value is 0 Enter the data timeout interval for transmitting serial data through the port By default it is set to 0 and the timeout function is disabled Val...

Page 136: ...TCP connection Value Range 1 65535 Trust Type Allow All is set by default Choose Allow All to allow any TCP clients to connect Otherwise choose Specific IP to limit certain TCP clients Max Connection...

Page 137: ...default Check the box to specify the rule for selected Serial Port Definition Enable Unchecked by default Check the Enable box to enable the rule Save N A Click Save to save the settings Undo N A Cli...

Page 138: ...k Undo to cancel the settings Specify Remote UDP Specify Remote UDP hosts Window Item Value setting Description Host Required setting Press Edit button to enter IP address range of remote UDP hosts Re...

Page 139: ...e listening port of RFC 2217 connection Value Range 1 65535 Trust Type Allow All is set by default Choose Allow All to allow any clients to connect Otherwise choose Specific IP to limit certain client...

Page 140: ...C 2217 modes Specify RFC 2217 Clients for Access Window Item Value setting Description Host Required setting Enter the IP address range of allowed clients Serial Port Unchecked by default Check the bo...

Page 141: ...o control instruments over RS 485 without additional programming or effort NOTE When Modbus devices are connected to under the same serial port of IoT Modbus Gateway those Modbus devices must use the...

Page 142: ...ding device status such as Cellular Network and DI DO status to remote Modbus Master via Modbus communication With the Slave option enabled the Modbus Master device can request the information or send...

Page 143: ...lected serial port Serial as Slave For when attached serial device s are all Modbus Slave devices Serial as Master When the attached serial device is a Modbus Master device Device Slave Mode Unchecked...

Page 144: ...equests If a value other than zero is specified the gateway will store the Master request in the buffer and retry sending the request the number of specified times Once the retries are exhausted the g...

Page 145: ...odbus Master IP Access Allow All is selected by default Specify authorized masters on the TCP network Select Allow All to allow any Modbus Master to reach the attached Slave s Otherwise limit only spe...

Page 146: ...nfigured to prioritize the request queue to transmit to Slave based on Master s IP address if requests are coming from remote Master or based on remote Slave ID if requests are coming from serially at...

Page 147: ...IP address of the remote Modbus TCP Slave device Port 1 Required setting 2 Range 1 to 65535 Enter the TCP port on which the remote Modbus TCP Slave device listens to the TCP client session request Val...

Page 148: ...Wait for Traffic 6 Diconnected 3 WAN 4 Connection Status R 0 6 0 Disconnected 1 Connecting 2 Connected 3 Disconnecting 5 Wait for Traffic 6 Diconnected 10 3G 4G_SERVICE_TYPE R 0 7 0 2G 1 none 2 3G 3...

Page 149: ...Connecting 104 VPN IPSec tunnel 4 status R 1 Connected 2 Wait for traffic 3 Disconnected 9 Connecting 105 VPN IPSec tunnel 5 status R 1 Connected 2 Wait for traffic 3 Disconnected 9 Connecting 106 VPN...

Page 150: ...RS 485 212 Serial Port 1_Baud Rate R Baud Rate Value 213 Serial Port 1_Data Bits R 7 or 8 214 Serial Port 1_Stop Bits R 1 or 2 215 Serial Port 1_Flow Control R 0 None 2 RTS CTS 3 DTR DSR 216 Serial P...

Page 151: ...ng of the collected data in local storage in CSV file format When the network connection is recovered admin user can download the data log files manually via FTP or web UI for further reference and ma...

Page 152: ...ta log proxy function The remote Modbus server can continue its data acquisition process and if required the administrator can also retrieve the stored data log files Under the Data Logging Proxy mode...

Page 153: ...teway will activate the data logging proxy function and execute the pre defined data acquisition task by itself The Modbus request issued by the Modbus Gateway Data Logging Proxy The response data sen...

Page 154: ...can be External or Internal depending on the product specification Save NA Click the Save button to save the settings Note 1 If there is no available storage device the Enable checkbox will be grayed...

Page 155: ...ted by default Specify a certain read function for the Data Logging Proxy to issue and record the responses from device s Start Address 1 Required setting 2 Range 0 to 65535 Specify the Start Address...

Page 156: ...data logging rule Value Range 1 16 characters Mode Sniffer is selected by default Select an expected data logging scheme for the data logging rule There are five available schemes Sniffer The Modbus g...

Page 157: ...the Modbus Master If there is no response from the master within the specified timeout setting the selected proxy rule will be triggered and applied with the data logging rule Note If Off Line proxy...

Page 158: ...nt settings will be applied if they have not been changed via the Edit button When the Edit button is applied Log File Configuration screen will appear Log File Configuration Item Value setting Descri...

Page 159: ...to Upload is activated user can further specify whether to delete the transferred log from the gateway storage or not Check the Enable button to activate the function When Storage Full Remove the Olde...

Page 160: ...nt to point connection through the use of dedicated connections encryption or a combination of the two The tunnel technology supports data confidentiality data origin authentication and data integrity...

Page 161: ...he responder This gateway can be configured as different roles and establish a number of tunnels with various remote devices Before going to set up the VPN connections you may need to decide on the sc...

Page 162: ...regular WAN connection If you want all packets from remote site to be routed via this IPsec tunnel including HQ server access and Internet access enable the Full Tunnel setting Site to Site with Hub...

Page 163: ...of server responder and it must have a Static IP or FQDN It can allow many VPN clients initiators to connect with various tunnel scenarios In short with a simple Dynamic VPN server setting many VPN cl...

Page 164: ...nnels Depends on Product specification The specified value will limit the maximum number of simultaneous IPsec tunnel connections The default valuea may differ depending on the device model Save N A C...

Page 165: ...subnets With Host to Host IPsec operates in transport mode Hub and Spoke 1 Optional setting 2 None is set by default Select from the dropdown box to set up your gateway for Hub and Spoke IPsec VPN Dep...

Page 166: ...by default Click Enable box to activate the Redirect Traffic function Note Redirect Traffic is available only for Host to Site specified in Tunnel Scenario By default it is disabled to prevent unexpec...

Page 167: ...Manual Key Management section Local ID Optional setting Specify the Local ID for this IPsec tunnel to authenticate Select User Name for Local ID and enter the username The username may include but ca...

Page 168: ...r this IPsec tunnel Select Server Client or None Selected Server for this gateway will be an X Auth server Click on the X Auth Account button to create a remote X Auth client account Selected Client f...

Page 169: ...2 28800s is default 3 Max 86400s Specify the Phase2 Key Life Time in seconds Value Range 30 86400 IPSec Proposal Definition Window Item Value setting Description IPSec Proposal Definition Required set...

Page 170: ...tion Key Management Required setting Select Key Management from the dropdown box for this IPsec tunnel In this section Manually is the option selected Local ID Optional setting Specify the Local ID fo...

Page 171: ...tting 2 Hexadecimal format Specify the Encryption Method and Encryption key Available encryption methods are DES 3DES AES 128 AES 192 AES 256 The key length for DES is 16 3DES is 48 AES 128 is 32 AES...

Page 172: ...the Enable box to activate the Dynamic IPsec VPN tunnel Tunnel Name 1 Required setting 2 String format any text Enter a tunnel name Value Range 1 19 characters Interface 1 Required setting 2 WAN 1 is...

Page 173: ...be all numbers Select FQDN for Local ID and enter the FQDN Select User FQDN for Local ID and enter the User FQDN Select Key ID for Local ID and enter the Key ID letter or number Remote ID Optional set...

Page 174: ...OpenVPN Client features to meet different application requirements There are two OpenVPN connection scenarios They are the TAP and TUN scenarios The product can create either a layer 3 based IP tunnel...

Page 175: ...s In bridge mode the VPN client is given an IP address on the same subnet as the LAN resided under the OpenVPN server Under such configuration the OpenVPN client can directly access resources on the L...

Page 176: ...on either server or client for the gateway to operate Configuration Item Value setting Description OpenVPN Unchecked by default Check the Enable box to activate the OpenVPN function Server Client Serv...

Page 177: ...Configuration screen will appear OpenVPN Server Configuration window lets you enable the OpenVPN server function and specify the virtual IP address of OpenVPN server when remote OpenVPN clients dial i...

Page 178: ...be available only when TUN is chosen in Tunnel Scenario Local Endpoint IP Address Required setting Specify the virtual Local Endpoint IP Address of this OpenVPN gateway Value Range The IP format is 1...

Page 179: ...the Encryption Cipher from the dropdown list Select from Blowfish AES 256 AES 192 AES 128 None Hash Algorithm By default SHA 1 is selected Specify the Hash Algorithm from the dropdown list Select fro...

Page 180: ...le only when TLS is chosen in Authorization Mode Client to Client The box is checked by default Check the Enable box to enable the traffic among different OpenVPN Clients Note Client to Client will be...

Page 181: ...Optional setting 2 String format any text Specify the CCD Dir Default File Value Range 0 256 characters Client Connection Script 1 Optional setting 2 String format any text Specify the Client Connecti...

Page 182: ...tton is applied the OpenVPN Client Configuration screen will appear OpenVPN Client Configuration window lets you specify the required parameters for an OpenVPN VPN client such as OpenVPN Client Name I...

Page 183: ...default Check the Enable box to activate the Redirect Internet Traffic function NAT 1 Optional setting 2 Unchecked by default Check the Enable box to activate the NAT function Authorization Mode 1 Req...

Page 184: ...the LZO Compression scheme Select from Adaptive YES NO Default Persis Key 1 Optional setting 2 The box is checked by default Check the Enable box to activate the Persis Key function Persis Tun 1 Optio...

Page 185: ...S128 SHA TLS DHE DSS AES256 SHA Note TLS Cipher will be available only when TLS is chosen in Authorization Mode TLS Auth Key 1 Optional setting 2 String format any text Specify the TLS Auth Key for co...

Page 186: ...alue is 1500 by default Specify the value of Tunnel UDP Fragment Value Range 0 1500 Note Tunnel UDP Fragment will be available only when UDP is chosen in Protocol Tunnel UDP MSS Fix Unchecked by defau...

Page 187: ...FQDN for clients to create L2TP tunnels It also maintains User Account list user name password for client login authentication There is a virtual IP pool to assign virtual IP to each connected L2TP cl...

Page 188: ...be transferred based on current routing policy of the gateway at L2TP client peer But if 0 0 0 0 0 is entered in the Remote Subnet field it will be treated as a Default Gateway setting for the L2TP c...

Page 189: ...iption L2TP Unchecked by default Click the Enable box to activate L2TP function Client Server Required setting Specify the role of L2TP Select Server or Client role for the gateway to take Below are t...

Page 190: ...ocol Required setting Select single or multiple Authentication Protocols for the L2TP server with which to authenticate L2TP clients Available authentication protocols are PAP CHAP MS CHAP MS CHAP v2...

Page 191: ...Then check the enable box to enable the user Click Save button to save the new user account The selected user account can permanently be deleted by clicking the Delete button Value Range 1 32 charact...

Page 192: ...of configuration screen will appear You can add up to 8 L2TP Clients L2TP Client Configuration Item Setting Value setting Description Tunnel Name Required setting Enter a tunnel name Value Range 1 32...

Page 193: ...e Intranet of L2TP VPN server So at L2TP client peer the packets whose destination is in the dedicated subnet will be transferred via the L2TP VPN tunnel Others will be transferred based on current ro...

Page 194: ...ing with CISCO L2TP Server User defined Enter the service port The default value is 0 Value Range 0 65535 Tunnel Unchecked by default Check the Enable box to enable this L2TP tunnel Save N A Click Sav...

Page 195: ...rd features of the Windows PPTP stack The security gateway can play either PPTP Server role or PPTP Client role for a PPTP VPN tunnel or both at the same time for different tunnels PPTP tunnel process...

Page 196: ...PPTP client peer a Remote Subnet item is required It is for the Intranet of PPTP server peer At PPTP client peer the packets whose destination is in the dedicated subnet will be transferred via the PP...

Page 197: ...ault Click the Enable box to activate PPTP function Client Server Required setting Specify the role of PPTP Select Server or Client role Below are the configuration windows for PPTP Server and for Cli...

Page 198: ...specify the last IP address for the subnet from which the PPTP client s IP address will be assigned Value Range Starting Address and Starting Address 8 or 254 Authentication Protocol 1 Required settin...

Page 199: ...Save button to save new user account The selected user account can permanently be deleted by clicking the Delete button Value Range 1 32 characters As a PPTP Client When Client is selected in Client S...

Page 200: ...t a primary tunnel from which to failover to Note Failover mode is not available for gateways with a single WAN Remote IP FQDN 1 Required setting 2 Format can be a ipv4 address or FQDN Enter the publi...

Page 201: ...2 MPPE Encryption 1 Unchecked by default 2 Optional setting Specify whether PPTP server supports MPPE Protocol Click the Enable box to enable MPPE Note when MPPE Encryption is enabled the Authenticati...

Page 202: ...r a server even using the same set of configuration rules GRE Tunnel Scenario To setup a GRE tunnel each peer needs to setup its global IP as tunnel IP and enter the other s global IP as remote IP Eac...

Page 203: ...g allows user to create and configure GRE tunnels Enable GRE Enable GRE Window Item Value setting Description GRE Tunnel Unchecked by default Click the Enable box to enable GRE function Max Concurrent...

Page 204: ...over tunnel you need to further select a primary tunnel from which to failover to Note Failover mode is not available for gateways with a single WAN Tunnel IP Optional setting Enter the Tunnel IP addr...

Page 205: ...erver peer controls the flow of any packets from the GRE client peer DMVPN Spoke Unchecked by default Specify whether the gateway will support DMVPN Spoke for this GRE tunnel Check Enable box to enabl...

Page 206: ...eway 206 5 2 Firewall The firewall functions include Packet Filter URL Blocking Content Filter MAC Control Application Filter IPS and some firewall options Supported functions vary depending on the ga...

Page 207: ...pass and Rule 2 is to allow HTTPS packets to pass Under such configuration the gateway will allow only HTTP and HTTPS packets issued from the IP range 192 168 123 200 to 250 which are targeted to TCP...

Page 208: ...rules It supports up to a maximum of 20 filter rule sets When Add button is applied Packet Filter Rule Configuration screen will appear Packet Filter Rule Configuration Item Name Value setting Descrip...

Page 209: ...s that are entering to any IP addresses Select Specific IP Address to filter packets entering to an IP address entered in this field Select IP Range to filter packets entering to a specified range of...

Page 210: ...hen Well known Service is selected otherwise select User defined Service and specify a port range Value Range 1 65535 for Source Port Destination Port For Protocol select GRE to filter GRE packets For...

Page 211: ...fic MAC addresses the MAC Control function can be used to reject according to the blacklist configuration MAC Control with Blacklist Scenario As shown in the diagram enable the MAC control function an...

Page 212: ...List White List Deny MAC Address Below is set by default When Deny MAC Address Below is selected as the name suggest packets specified in the rules will be blocked blacklisted In contrast with Allow...

Page 213: ...ntrol rule name MAC Address Use to Compose 1 MAC Address string Format 2 Required setting Specify the Source MAC Address to filter rule Time Schedule Required setting Apply Time Schedule to this rule...

Page 214: ...formation about this activity attempt to block stop it and report it You can enable the IPS function and check the listed intrusion activities when needed You can also enable the log alerting so that...

Page 215: ...em Value setting Description IPS Unchecked by default Check the Enable box to activate IPS function Log Alert Unchecked by default Check the Enable box to activate to activate Event Log Save N A Click...

Page 216: ...ule and enter the traffic threshold in this field ICMP Flood Defense Click Enable box to activate this intrusion prevention rule and enter the traffic threshold in this field Value Range 10 10000 Port...

Page 217: ...2 Unchecked by default 3 Traffic threshold is set to 300 by default 4 The value range can be from 10 to 10000 Click Enable box to activate this intrusion prevention rule and enter the traffic threshol...

Page 218: ...way to record the packet information like IP address port address ACK SEQ number and so on while they pass through the gateway and the gateway checks every incoming packet to detect if the packet is v...

Page 219: ...t will block such packets from unknown users Discard Ping from WAN Remote Administrator Hosts Scenario Discard Ping from WAN makes any host on the WAN side unable to ping this gateway and receive ICMP...

Page 220: ...allow access to the router Remote Administrator Host Definition Item Value setting Description Protocol HTTP is set by default Select HTTP or HTTPS method for router access IP Required setting Specifi...

Page 221: ...nd commonly in practice computer systems Centralized management has a time and effort trade off that is related to the size of the company the expertise of the IT staff and the amount of technology be...

Page 222: ...tton to back up the existing command script in a txt file You can specify the script file name in Script Name below Upload Script N A Click the Via Web UI or Via Storage button to Upload the existing...

Page 223: ...D 1 enable 0 disable Enable or disable OpenVPN Client function OPENVPN_DESCRIPTION Required Setting Specify the tunnel name for the OpenVPN Client connection OPENVPN_PROTO udp tcp Define the Protocol...

Page 224: ...ets STARTUP Script file For the configurations that can be configured with standard Linux commands you can put them in a script file and apply the script file with the STARTUP command For example STAR...

Page 225: ...th your ISP or the ACS provider for help At the right upper corner of TR 069 Setting screen one Help command let you see the same message about that Scenario Managing deployed gateways through an ACS...

Page 226: ...hen all remote gateways have booted up they will try to connect to the ACS server Once the connections are established successfully the ACS server can configure upgrade with latest FW and monitor thes...

Page 227: ...ACS server the account information to login the ACS server the service port and the account information for connection requesting from the ACS server and the time interval for job inquiry Except the...

Page 228: ...efault 8099 is set You can ask ACS manager provide ACS ConnectionRequest Port and manually set Value Range 0 65535 ConnectionRequest UserName Required setting You can ask ACS manager provide ACS Conne...

Page 229: ...It is an optional item Specify the IP address for the expected STUN Server Server Port 1 An optional setting 2 3478 is set by default Specify the port number for the expected STUN Server Value Range...

Page 230: ...nagement tasks such as modifying and applying a new configuration through remote modification of these variables The variables accessible via SNMP are organized in hierarchies These hierarchies and ot...

Page 231: ...118 18 81 11 WAN Access IP Address 118 18 81 11 Configuration Path SNMP User Privacy Definition ID 1 2 3 User Name UserName1 UserName2 UserName3 Password Password1 Password2 Disable Authentication MD...

Page 232: ...evice has an urgent event to send the device will issue a trap to the Trap Event Receivers The NMS itself could be one among them If you want to secure the transmitted SNMP commands and responses betw...

Page 233: ...Ns is selected and there is no limitation for the WAN interface Supported Versions 1 Required setting 2 The boxes are unchecked by default Select the version for the SNMP When v1 box is checked you ca...

Page 234: ...selected by default 2 Required setting 3 String format any text Specify this version 1 or version v2c user s community that will be allowed Read Only GET and GETNEXT or Read Write GET GETNEXT and SET...

Page 235: ...Range 1 32 characters Password 1 String format any text When your Privacy Mode is authNoPriv or authPriv specify the Password for this version 3 user Value Range 8 64 characters Authentication 1 None...

Page 236: ...x restricts access for this version 3 user to the sub tree rooted at the given OID Value Range 1 2080768 Enable 1 The box is checked by default Click Enable to enable this version 3 user Save N A Clic...

Page 237: ...Trap Event Receiver Rule Configuration Item Value setting Description Server IP 1 Required setting 2 String format any IPv4 address or FQDN Specify the trap Server IP or FQDN Trap will be sent to the...

Page 238: ...ocols Selected the authNoPriv You must specify the Authentication and Password Selected the authPriv You must specify the Authentication Password Encryption and Privacy Key Authentication 1 v3 Require...

Page 239: ...cify the location information for MIB 2 system Value Range 0 64 characters Edit SNMP Options If you use some particular private MIB you must enter the enterprise name number and OID Options Item Value...

Page 240: ...y the Enterprise OID for the particular private MIB The range of the each OID number is 1 2080768 The maximum length of the enterprise OID is 31 The seventh number must be identical with the enterpris...

Page 241: ...scripting The device supports both Telnet and SSH Secure Shell CLI with default service port 23 and 22 respectively Telnet SSH Scenario Scenario Application Timing When the administrator of the gatewa...

Page 242: ...ion Type Telnet Service Port 23 Enable SSH Service Port 22 Enable Scenario Operation Procedure In the above diagram Local Admin or Remote Admin can manage the Gateway from the Intranet or Internet The...

Page 243: ...Telnet with CLI 1 The LAN Enable box is checked by default 2 The WAN Enable box is unchecked by default Check the Enable box to activate the Telnet with CLI function for connecting from WAN LAN inter...

Page 244: ...blank characters 2 The default password for Telnet is wirelessm2m Type old password and specify new password to change the root password Note It is highly recommended to change the default Telnet pass...

Page 245: ...ames and the information received from other agents in IEEE defined Management Information Bases MIB modules LLDP significantly aids in the deployment of any network device that supports the protocol...

Page 246: ...n password Change Password Item Value Setting Description Old Password 1 String any text 2 Default password is admin Enter the current password New Password String any text Enter new password New Pass...

Page 247: ...e used for GUI access It can be http https http only or https only HTTPs Certificate Setup The default box is selected by default If the https Access Protocol is selected the HTTPs Certificate Setup o...

Page 248: ...e Serial Number N A Displays the serial number of this product Kernel Version N A Displays the Linux kernel version of the product FW Version N A Displays the firmware version of the product CPU Usage...

Page 249: ...w the system will communicate with time server by NTP Protocol to get system date and time after you click on the Synchronize immediately button The second one is Sync with my PC Select the method and...

Page 250: ...time zone for the device otherwise you will just get the UTC Coordinated Universal Time time not the local time for the device Synchronize with Manually Setting System Time Information Item Value Set...

Page 251: ...ult Select PC as the synchronization method for the system time to let the system synchronize its date and time to the time of the administration PC Synchronize immediately N A Click the Active button...

Page 252: ...ration System Log tab View Email Log History The View button allows for the viewing of log history The Email Now button enables administrator to send instant Email for analysis View Email Log History...

Page 253: ...ck the First button to jump to the first page Last N A Click the Last button to jump to the last page Download N A Click the Download button to download log to your PC in tar file format Clear N A Cli...

Page 254: ...Window Item Value Setting Description Enable Unchecked by default Check Enable box to enable sending event log messages to designated Email account defined in the E mail Addresses blank space Server N...

Page 255: ...age and Debug Log to Storage Log to Storage screen allows the network administrator to select the type of events to log and be stored at an internal or an external storage device Log to Storage Settin...

Page 256: ...nd button specify the file name of new firmware by using the Browse button and then click the Upgrade button to start the FW upgrading process If you want to upgrade firmware which is from a GPL polic...

Page 257: ...you can reboot this device by clicking the Reboot button and reset this device to default settings by clicking the Reset button System Operation Window Item Value Setting Description Reboot Now is sel...

Page 258: ...instead but is technologically different This gateway has an embedded FTP SFTP server for administrator to download log files to his computer or database In the following two sections you can configur...

Page 259: ...for log downloading so no write permission is implemented FTP Port Port 21 is set by default Specify a port number for FTP connection The gateway will listen for incoming FTP connections on the specif...

Page 260: ...d ASCII Transfer Mode Optional setting Check the Enable box to activate the support of ASCII mode data transfers Binary mode is supported by default FTPS FTP over SSL TLS Optional setting Check the En...

Page 261: ...iguration Item Value setting Description User Name String non blank string Enter the user account name Value Range 1 15 characters Password String no blank Enter the user password Directory N A Select...

Page 262: ...will appear beneath it Tracert Test Optional setting Trace route tracert command is a network diagnostic tool for displaying the route path and measuring transit delays of packets across an IP network...

Page 263: ...name will be appended with an index code _ index The file extension is pcap Split Files 1 Optional setting 2 Default value of File Size is 200 KB Check enable box to split file whenever log file reach...

Page 264: ...match the rule will be captured Up to 10 MACs are supported but they must be separated with e g AA BB CC DD EE FF 11 22 33 44 55 66 The packets will be captured when matching any one MAC in the rule S...

Page 265: ...any MAC address is matched Destination IPs Optional setting Define the filter rule with Destination IPs which means the destination IP address of packets Packets which match the rule will be captured...

Page 266: ...th carrier ISP by USSD Unstructured Supplementary Service Data command or perform a cellular network scan for diagnostic purposes The Cellular Toolkit section includes several useful features that are...

Page 267: ...her cellular data connection automatically If Data Usage feature is enabled the entire history of cellular data usage can be viewed at Status Statistics Reports Cellular Usage tab 3G 4G Data Usage The...

Page 268: ...ular modules Carrier Name Optional item Fill in the Carrier Name for the selected SIM card for identification Cycle Period Days by default The three types of cycle period are Days Weekly and Monthly D...

Page 269: ...SMS messages as you usually do on a cellular phone Setup SMS Configuration Configuration Item Value setting Description Physical Interface 3G 4G 1 by default Choose a cellular interface 3G 4G 1 or 3G...

Page 270: ...s value increases Received SMS N A This value records the number of SMS from SIM card Remaining SMS N A This value is SMS capacity minus received SMS New SMS N A Click New SMS button a New SMS screen...

Page 271: ...nbox List You can read or delete SMS reply SMS or forward SMS from this screen SMS Inbox List Item Value setting Description ID N A The number of SMS From Phone Number N A From phone number of SMS Tim...

Page 272: ...age PIN code son a SIM card through the web GUI Activate PIN code on SIM Card This gateway device allows you to activate a PIN code on SIM card This example shows how to activate PIN code on SIM A for...

Page 273: ...cellular interface 3G 4G 1 or 3G 4G 2 to change the SIM PIN setting for the selected SIM Card Note 3G 4G 2 is only available for products with dual cellular modules SIM Status N A Indication for the...

Page 274: ...the SIM Lock function is not enabled the Change PIN code button is disabled If you still want to change the PIN code enable the SIM Lock function first fill in the PIN code and then click the Save bu...

Page 275: ...will be locked by PUK code after too many access attempts with an incorrect PIN code In this case the PUK Status will turns to PUK Lock In a normal situation it will display PUK Unlock Remaining times...

Page 276: ...up to 182 alphanumeric characters in length Unlike Short Message Service SMS messages USSD messages create a real time connection during an USSD session The connection remains open allowing a two way...

Page 277: ...in the correct pre command and then click on the Send button for the session The responses from the USSD server will be displayed beneath the USSD Command line When commands typed in the USSD Command...

Page 278: ...check with your service provider for details Comments N A Enter a brief comment for the profile Send USSD Request When you send the USSD command the USSD Response screen will appear When click the Cl...

Page 279: ...ction sequence of the targeted generation of mobile system 2G 3G LTE Network Scan Configuration Configuration Item Value setting Description Physical Interface The box is 3G 4G 1 by default Choose a c...

Page 280: ...nually Scan Approach is selected in the Configuration window By clicking on the Scan button and waiting for 1 to 3 minutes the found mobile operator systems will be displayed for you to choose from Cl...

Page 281: ...he gateway will take action to change the functionality collect the required status for administration and also change the status of a connected field bus device Notifying events are events in which s...

Page 282: ...ital Input Power Change Connection Change WAN LAN VLAN Wi Fi DDNS Administration Modbus and Data Usage Actions Notify the administrator with SMS Syslog SNMP Trap or Email Alert Change the status of co...

Page 283: ...fault Check the Enable box to activate the Event Management function Enable SMS Management To use the SMS management function configure these settings first SMS Configuration Item Value setting Descri...

Page 284: ...e number format 2 Required setting Select the Phone number policy from the dropdown list and specify a mobile phone number as the SMS account identifier if required It can be Specific Number or Allow...

Page 285: ...m of 5 accounts You can click the Add Edit button to configure the Email account Email Service Configuration Item Value setting Description Email Server Option Select an Email Server profile from Exte...

Page 286: ...The number of available DI sources will depend on the product model Normal Level Low by default Specify the Normal Level Low or High Signal Active Time 1 Numeric String format 2 Required setting Spec...

Page 287: ...ional setting Specify a brief description for the profile DO Source ID1 by default Specify the DO Source Normal Level Low by default Specify the Normal Level Low or High Total Signal Period 1 Numeric...

Page 288: ...e the profile Modbus Notifying Events Profile Item Value setting Description Modbus Name 1 String format 2 Required setting Specify the Modbus profile name Value Range 1 32 characters Description 1 An...

Page 289: ...e Modbus device It can be from 1 to 247 Register 1 Numeric String format 2 Required setting Specify the Register number of the Modbus device Value Range 0 65535 Logic Comparator Logic Comparator by de...

Page 290: ...ofile Item Value setting Description Modbus Name 1 String format 2 Required setting Specify the Modbus profile name Value Range 1 32 characters Description 1 Any text 2 Optional setting Specify a brie...

Page 291: ...tting Specify the Device ID of the Modbus device Value Range 1 247 Register 1 Numeric String format 2 Required setting Specify the Register number of the Modbus device Value Range 0 65535 Value 1 Nume...

Page 292: ...ggers handlers and response Go to Service Event Handling Managing Events Tab Enable Managing Events Configuration Item Value setting Description Managing Events Unchecked by default Check the Enable b...

Page 293: ...lect Digital Input and a DI profile you defined to specify a certain Digital Input Event Note The available Event Types will depend on product model Description String format any text Enter a brief de...

Page 294: ...levant sub items WAN SSH Service On Off the gateway will change the settings as the action for the event Administration Select Administration Checkbox and the relevant sub items Backup Config Restore...

Page 295: ...dministrator to define the relationship rule between event trigger and handlers Enable Notifying Events Configuration Item Value setting Description Notifying Events Unchecked by default Check the Ena...

Page 296: ...ify a certain LAN VLAN Event Wi Fi Select Wi Fi and a trigger condition to specify a certain Wi Fi Event DDNS Select DDNS and a trigger condition to specify a certain DDNS Event Administration Select...

Page 297: ...e action for the event Modbus Select Modbus and a Modbus Notifying Event profile you defined as the action for the event Note The available Event Types will depend on product model Time Schedule 0 Alw...

Page 298: ...raph or table format for quickly understanding the operation status of the gateway The display will be refreshed once per second From the menu on the left select Status Dashboard Device Dashboard tab...

Page 299: ...shows statistical graphs for the CPU and memory Network Interface Status The Network Interface Status screen shows the statistic information for each network interface of the gateway The statistical i...

Page 300: ...ng on the model purchased it can be Static IP Dynamic IP PPPoE PPTP L2TP 3G 4G Network Type N A Displays the network type for the WAN interface s Depending on the model purchased it can be NAT Routing...

Page 301: ...en Connection Control in WAN Type setting is set to Connect Manually Refer to Edit button in Basic Network WAN Uplink Internet Setup and WAN connection status is connected WAN interface IPv6 Network S...

Page 302: ...Displays the current IPv6 global IP address assigned by your ISP for your Internet connection MAC Address N A This area provides functional buttons Edit IPv4 Button when press web based utility will...

Page 303: ...SIM Status and Service Information Refer to next page for more When the Detail button is pressed 3G 4G modem information windows such as Modem Information SIM Status Service Information and Signal St...

Page 304: ...ted to this gateway LAN Client List Item Value setting Description LAN Interface N A Client record of LAN Interface String Format IP Address N A Client record of IP Address Type and the IP Address Typ...

Page 305: ...tered to identify DDNS service provider Provider N A Displays the DDNS server of DDNS service provider Effective IP N A Displays the public IP address of the device updated to the DDNS server Last Upd...

Page 306: ...Name N A Displays the tunnel name you have entered Tunnel Scenario N A Displays the Tunnel Scenario specified Local Subnets N A Displays the Local Subnets specified Remote IP FQDN N A Displays the Rem...

Page 307: ...tem Value setting Description OpenVPN Client Name N A Displays the Client name you have entered for identification Interface N A Displays the WAN interface specified for the OpenVPN client connection...

Page 308: ...cription Client Name N A Displays Name for the L2TP Client specified Interface N A Displays the WAN interface with which the gateway will use to request PPTP tunneling connection to the PPTP server Vi...

Page 309: ...Security VPN PPTP tab PPTP Client Status Item Value setting Description Client Name N A Displays the Name for the PPTP Client specified Interface N A Displays the WAN interface with which the gateway...

Page 310: ...figuration page Packet Filter Status Packet Filter Status Item Value setting Description Activated Filter Rule N A The Packet Filter Rule name Detected Contents N A The logged packet information inclu...

Page 311: ...ime format Month Day Hours Minutes Seconds Note Ensure IPS Log Alert is enabled Refer to Security Firewall IPS tab Check Log Alert and save the setting Firewall Options Status Firewall Options Status...

Page 312: ...at IP Source IP User Name Login User Name Time Date time Example IP 192 168 127 39 User Name admin Time Mar 3 01 34 13 Note Ensure Firewall Options Log Alert is enabled Refer to Security Firewall Opti...

Page 313: ...user name for authentication This is only available for SNMP version 3 IP Address N A Displays the IP address of SNMP manager Port N A Displays the port number used to maintain connection with the SNM...

Page 314: ...ration Log Storage tab The Log Storage Status screen shows the status for selected device storage Log Storage Status Log Storage Status screen shows the status of current the selected device storage T...

Page 315: ...us N A Click the Previous button to see the previous page of track list Next N A Click the Next button to see the next page of track list First N A Click the First button to see the first page of trac...

Page 316: ...evious page of login statistics Next N A Click the Next button to see the next page of login statistics First N A Click the First button to see the first page of login statistics Last N A Click the La...

Page 317: ...teway 317 8 5 4 Cellular Usage Go to Status Statistics Reports Cellular Usage tab Cellular Usage screen shows data usage statistics for the selected cellular interface The cellular data usage can be a...

Page 318: ...WCDMA 2G GSM EDGE Antenna connectors 2 x SMA Male SIM Slots 2 Ethernet Standard IEEE 802 3 10Base T IEEE802 3u 100BASE TX 100BASE FX IEEE802 3ab 1000BASE T Ports 2 x RJ45 GE Physical Layer 10 100 100...

Page 319: ...Access VPN IPSec OpenVPN PPTP L2TP GRE Firewall SPI Firewall with Stealth Mode IPS Event Handling Managing Notifying Events DI DO Modbus SMS Syslog SNMP Trap Email Alert Reboot Device Management Solut...

Page 320: ...AN shall not be held liable to anyone for any indirect special or consequential damages due to omissions or errors The information and specifications in this document are subject to change without not...

Reviews:

No comments

Related manuals for EW50

ISYGLT RS232-GW-02 Instruction Manual preview
RS232-GW-02
Brand: ISYGLT Pages: 7
GE POWER LEADER GEH-6505A User Manual preview
POWER LEADER GEH-6505A
Brand: GE Pages: 24
GE ProBridge User Manual preview
ProBridge
Brand: GE Pages: 16
GE PACSystems RX3i Genius User Manual preview
PACSystems RX3i Genius
Brand: GE Pages: 79
Cisco DDR2200 Series Installation And Operation Manual preview
DDR2200 Series
Brand: Cisco Pages: 276
Technicolor - Thomson SpeedTouch 510 Quick Installation Manual preview
SpeedTouch 510
Brand: Technicolor - Thomson Pages: 21
3Com VCX V7122 Installation Manual preview
VCX V7122
Brand: 3Com Pages: 58
3Com OfficeConnect 3CRWE41196 User Manual preview
OfficeConnect 3CRWE41196
Brand: 3Com Pages: 88
Dwyer Instruments UHH-BTG Specifications-Installation And Operating Instructions preview
UHH-BTG
Brand: Dwyer Instruments Pages: 4
TelcoBridges Tmedia TMG800 Installation Manual preview
Tmedia TMG800
Brand: TelcoBridges Pages: 80
Juniper SRX220 Hardware Manual preview
SRX220
Brand: Juniper Pages: 182
Romutec 00003192 Technical Documentation/Instruction Manual preview
00003192
Brand: Romutec Pages: 11
KBR multisys D2-MSMT-1 User Manual preview
multisys D2-MSMT-1
Brand: KBR Pages: 16
Yeastar Technology NeoGate TA810 User Manual preview
NeoGate TA810
Brand: Yeastar Technology Pages: 63
HALLER + ERNE BG02-EIP Manual preview
BG02-EIP
Brand: HALLER + ERNE Pages: 19
Nortel BSG12 Regulatory And Safety Information preview
BSG12
Brand: Nortel Pages: 2
Nortel BSG12aw Quick Start Manual preview
BSG12aw
Brand: Nortel Pages: 12
Nortel BSG12aw Installation Manual preview
BSG12aw
Brand: Nortel Pages: 66

Brands by name

Popular brands

Load more brands