manualshive.com logo in svg

i-MO 540 Series, Product Installation Manual, Page: 37 / 58

Share
Download
i-MO 540 Series Product Installation Manual Download Page 37

INSTALLATION MANUAL FOR THE EMS I-MO 540 SERIES APPLIANCE 

 

Version 

1.2

 

 

 

ELECTRONIC MEDIA SERVICES LIMITED

   

PASSFIELD BUSINESS CENTRE, LYNCHBOROUGH ROAD, LIPHOOK, HAMPSHIRE, GU30 7SB, UK

 

Tel:

 01428 751655 | 

Fax:

 01428 751654 | 

E-mail:

 [email protected]

 

Page 

37

 of 

58

 

 

With this option you can allow access to e.g. your mailserver. The machines must have valid public IP ad-
dresses.  

The format of the rule is a space separated list of  <source network>,<destination net-
work>[,protocol[,destination port[,flags]]] 

If the protocol is icmp then port is interpreted as icmp type 

The flags parameter is a comma separated list and may consist of one or more of the following: 

 

ipsec   

 

matches packets that originate from an IPsec tunnel 

 

zonein=zone name 

matches packets entering on interfaces in the specified zone 

 

zoneout=zone name 

matches packets leaving on interfaces in the specified zone 

Examples: 

 

"1.1.1.1,2.2.2.2" allow the host 1.1.1.1 to access any service on the host 2.2.2.2 

 

"3.3.3.3/16,4.4.4.4/24" allow the network 3.3.3.3/16 to access any service in the network 4.4.4.4/24 

 

"5.5.5.5,6.6.6.6,igmp" allow routing of IGMP messages from 5.5.5.5 to 6.6.6.6 

 

"0/0,0/0,udp,514" always permit udp port 514 through the firewall 

 

"192.168.1.0/24,10.10.0.0/16,,,ipsec \ 10.10.0.0/16,192.168.1.0/24,,,ipsec" permit traffic               
from 192.168.1.0/24 to 10.10.0.0/16 and vice versa provided that both networks are connected via 
an IPsec tunnel 

 

"fd76:9dbb:91a3:1::/64,fd76:9dbb:91a3:4::/64,tcp,ssh" allow ssh from one IPv6 network to another 

 

This following example shows masquerading enabled for all data from the local subnet except for the traffic 
that will be routed over the VPN tunnel to the remote 10.0.0.0/24 subnet. 

[fw] 

enabled="yes" 

masq="yes" 

masqnets="0/0" 

nomasqnets="192.168.0.0/24,10.0.0.0/24" 

# Enable routing over the VPN tunnel between the remote and local IPs 

# Note the rule includes both the forward and reverse direction! 

forward="192.168.0.0/24,10.0.0.0/24 10.0.0.0/24,192.160.0.0/24" 

 

The [tunneling] section configures one or more tunnels that are used for encrypting traffic or for bonding mul-
tiple physical links into a single logical link. 

A tunnel is defined by setting its logical name. This should match the available tunnel names on the Concen-
trator. 

The protocol version allows for communication with Concentrators running different i-MO releases. It should 
normally be configured for a value of 2. 

The IP is the internal endpoint of the tunnel on the i-MO appliance which is used on the Concentrator for 
routing and must be unique. 

The key is a shared secret used to authenticate the i-MO appliance with the Concentrator. The randomness 
and length of the key affects the quality of the encryption if enabled. For applications that require good secu-
rity you should use a 16 or 32 character key and it should consist of numbers plus upper and lower case let-
ters. Standard dictionary words should not be used. 

Summary of Contents for 540 Series

Page 1: ...Product Installation Manual i MO 540 Series Bonding Router Installation Manual for the i MO 540 Series Appliance...

Page 2: ...dware Equipment 6 Radio Frequency Interference 6 Electromagnetic Compatibility 6 AC Power Electrical Safety Guidelines 6 Hardware Installation Guide 7 1 Installing the Rack mount kit optional 7 2 Atta...

Page 3: ...tallation 31 Appendix C 33 Access Point Name File 33 Appendix D 34 Configuration File 34 Example 1 1 x WAN Link 1 X LTE for failover without a Concentrator 42 Example 2 1 x Wan Link 1 X LTE for failov...

Page 4: ...C MEDIA SERVICES LIMITED PASSFIELD BUSINESS CENTRE LYNCHBOROUGH ROAD LIPHOOK HAMPSHIRE GU30 7SB UK Tel 01428 751655 Fax 01428 751654 E mail imo ems uk com Page 4 of 58 I MO Appliance Identification Gu...

Page 5: ...properly grounded Do not open or remove chassis covers or sheet metal parts unless instructions are provided in this documentation Such an action could cause severe electrical shock Do not push or fo...

Page 6: ...pair network cabling with a good distribution of grounding conductors If you must exceed the recommended distances use a high quality twisted pair cable with one ground conductor for each data signal...

Page 7: ...nt kit includes 2 brackets and 8 screws The brackets are symmetrical and can be installed on either side See pictures below 2 Attach WiFi antennas optional The i MO appliance is supplied with a WiFi i...

Page 8: ...ch network cables optional The i MO appliance provides six Ethernet ports at the rear Each of these can be individually configured as WAN or LAN ports Network cables not provided can be connected as s...

Page 9: ...he SIM cards carefully in their slots and ensure that they are pressed in as illustrated above Note Up to six SIMs can be inserted starting with slots SIM 1 SIM 3 and SIM 5 6 Power cable The appliance...

Page 10: ...ow To switch the unit on the power switch should be set to the on position 1 The power switch at the front of the unit is used to turn the appliance on boot or off shutdown As soon as the button is pr...

Page 11: ...ill flash when the appliance is Transmitting or Receiving data Mobile Status This shows the status of each mobile channel The letter U will be displayed when the link is UP and D is displayed when the...

Page 12: ...n easily be configured and managed using the web interface Enter the default url http 192 168 0 1 and select the Login option from the top right hand side of the page This will load the Login page Ent...

Page 13: ...Tel 01428 751655 Fax 01428 751654 E mail imo ems uk com Page 13 of 58 My Profile The My profile option allows you to change your password There is no mechanism to recover a forgotten password and if...

Page 14: ...IELD BUSINESS CENTRE LYNCHBOROUGH ROAD LIPHOOK HAMPSHIRE GU30 7SB UK Tel 01428 751655 Fax 01428 751654 E mail imo ems uk com Page 14 of 58 Log out Network Section Configuration Edit Configuration The...

Page 15: ...in the firewall One or more physical interfaces can be combined into a single logical interface br0 The logical interface is like an Ethernet switch and MAC address to physical port mappings are typi...

Page 16: ...C MEDIA SERVICES LIMITED PASSFIELD BUSINESS CENTRE LYNCHBOROUGH ROAD LIPHOOK HAMPSHIRE GU30 7SB UK Tel 01428 751655 Fax 01428 751654 E mail imo ems uk com Page 16 of 58 The WiFi password shared key mu...

Page 17: ...PSHIRE GU30 7SB UK Tel 01428 751655 Fax 01428 751654 E mail imo ems uk com Page 17 of 58 Interfaces Tab Image 2 Bonding Tab The Bonding tab configures a single tunnel that is used for bonding multiple...

Page 18: ...a 16 or 32 character key and it should consist of numbers plus upper and lower case letters Standard dictionary words should not be used This is an example of a poor key thisismykey This is a much st...

Page 19: ...nrestricted access to the internet 10 0 0 0 8 allows the whole 10 0 0 0 network with unrestricted access 10 0 1 0 24 0 0 tcp 80 10 0 1 0 24 0 0 tcp 21 allows http and ftp traffic from the 10 0 1 0 net...

Page 20: ...he specified zone zoneout zone name matches packets leaving on interfaces in the specified zone Examples 1 1 1 1 2 2 2 2 allow the host 1 1 1 1 to access any service on the host 2 2 2 2 3 3 3 3 16 4 4...

Page 21: ...com Page 21 of 58 VPN Subnets Tab The local and remote subnet for the VPN tunnel and should be CIDRS for example 172 16 0 0 12 10 0 0 0 8 Advanced VPN Settings Tab Normally use can choose the auto op...

Page 22: ...5 Fax 01428 751654 E mail imo ems uk com Page 22 of 58 If the VPN forms but fails after a few hours then check the that Phase 1 and Phase 2 lifetimes match those of the remote end The default values i...

Page 23: ...upload a new configuration file See Appendix D for description of the configuration file You can also download and upload an edited Access Point Name APN file The APN is like a telephone number that...

Page 24: ...et The username is admin and the default password is i MO admin It is strongly recommend that the default password is changed using the passwd command The CLI provides access to a number of standard L...

Page 25: ...7e7bc319fc3f1f55 44 55 66 77 aa bb ad328e5f2b16bdd9b44987793ed7e09e6d7cca hostapd vlan defines vlans for the WiFi Access Point VLAN ID to network interface mapping 1 vlan1 2 vlan2 3 vlan3 100 guest Op...

Page 26: ...s ls ifconfig ip ipcalc md5sum mkdir mv more nano nslookup passwd ping ping6 poweroff pwd reboot rm rmdir route scp sed showlog ssh sync systemctl tar tail tcpdump tftp telnet time traceroute tracerou...

Page 27: ...e l less use less pager g grep STRING use grep file searcher h help this help message Valid log names messages System log file firewall Packets logged by firewall imo i MO daemon imostats i MO statist...

Page 28: ...ectromagnetic Fields 3kHz to 300 GHz National Council on Radiation Protection and Measurements NCRP Report 86 1986 Biological Effects and Exposure Criteria for Radio Frequency Electromagnetic Fields I...

Page 29: ...on International Commission on Non ionizing Radiation Protection ICNIRP and include safety margins designed to assure the protection of all persons regardless of age and health The guidelines use a un...

Page 30: ...NCHBOROUGH ROAD LIPHOOK HAMPSHIRE GU30 7SB UK Tel 01428 751655 Fax 01428 751654 E mail imo ems uk com Page 30 of 58 Optional WiFi Radio Aerial 2 x WiFi Aerial Technical Data GSM GSM 850 900 824 960 MH...

Page 31: ...MHz 1710 1990 MHz UMTS 2 1 GHz 1900 2170 GHz Gain 5 dBi Polarization vertical Rod Length 290mm Power maximum 20 W Cable length 2500 mm Cable type RG 174 Connector SMA male VSWR 1 5 Technical Data GSM...

Page 32: ...broadcast pattern To achieve this pattern the antenna should be mounted clear of any obstructions to the sides of the radiating element If the mounting location is on the side of a building or tower...

Page 33: ...s ELEMENT networks network ELEMENT network mcc mnc akaname apn username password display ELEMENT mcc PCDATA ELEMENT mnc PCDATA ELEMENT akaname PCDATA ELEMENT apn PCDATA ELEMENT username PCDATA ELEMENT...

Page 34: ...e or more name value pairs Name value pairs always start on a new line and the value part is enclosed by quote characters e g hostname imo4 xxxxxx build ems imo com Names are formed by using the devic...

Page 35: ...shared key is 12345678 lan Enable the br0 logical interface br0enabled yes Add this interface to the internal zone in firewall br0firewallzone internal IP address and netmask for the interface br0ip 1...

Page 36: ...networks are allowed to access the internet via mas querading The format of the rule is a space separated list of source network destination net work protocol port port If the protocol is icmp then p...

Page 37: ...ed that both networks are connected via an IPsec tunnel fd76 9dbb 91a3 1 64 fd76 9dbb 91a3 4 64 tcp ssh allow ssh from one IPv6 network to another This following example shows masquerading enabled for...

Page 38: ...when the tunnel is active This option is either a CIDR e g 192 168 0 1 24 or the value default which means all any traffic that does not match another routing rule with be sent over this link The hear...

Page 39: ...h0 or a tunnel e g imo When an interface becomes active the networks option is used to update the routing table This option is either a CIDR e g 192 168 0 1 24 or the value default which means all any...

Page 40: ...link mob0heartbeatrefresh 20 mob0heartbeatperiod 50 mob0hearbeataddress 1 2 3 4 mob0concentratoraddress 1 2 3 4 mob0tunnelname tunnelname mob0networks 10 11 12 13 24 mob1linkname mob1 mob1hearbeatadd...

Page 41: ...interface must down before being marked as unavailable wan0heartbeatperiod 30 Address of heart beat device used to check interface active wan0hearbeataddress 1 2 3 7 wan0concentratoraddress 1 2 3 7 wa...

Page 42: ...integrate WiFi access point and the first 5 GbE ports are bridged into a single logical interface The diagram below shows the logical network diagram Logical Network Diagram sys hostname imo Set the h...

Page 43: ...ess netmask eth5dhcp no failover enabled yes Enable failover routerrefresh 10 The failover router will be updated every routerrefresh seconds routerperiod 31 If active link is unavailable for routerpe...

Page 44: ...k com Page 44 of 58 mob0heartbeatperiod 50 If heartbeat address is unavailable for heartbeatperiod seconds it will be marked as down mob0hearbeataddress 8 8 4 4 The address of the heartbeat device Thi...

Page 45: ...private tunnel to the head office network The firewall does not masquerade any packets and no services or ports are open on the external or public side of the firewall The integrate WiFi access point...

Page 46: ...tevalue 24 wlan0wifi80211mode g Set WiFi 802 11b g mode eth5enabled yes Configure port 5 as WAN port eth5bridging no eth5firewallzone external Place in external zone eth5ip 195 74 68 4 28 Set IP addre...

Page 47: ...eing used this is normally the IP of the Concentrator wan0concentratoraddress 195 74 68 131 Address of the Concentrator mobilerouter enabled yes Enable the mobile router mob0linkname mob0 Link name fo...

Page 48: ...ailing all traffic is routed via the secondary LTE link All traffic for the head office is routed over the private tunnel and traffic for the Internet is sent out the active interface The firewall mas...

Page 49: ...an0wifichannel manual Only manual selection currently supported wlan0wifichannelvalue 6 Set WiFi Channel 1 13 1 6 11 preferred wlan0wifirate manual Set maximum bandwidth wlan0wifiratevalue 24 wlan0wif...

Page 50: ...this is normally the IP of the Concentrator wan0concentratoraddress 195 74 68 131 Address of the Concentrator mobilerouter enabled yes Enable the mobile router mob0linkname mob0 Link name for the cel...

Page 51: ...r0dhcp If enabled yes yes no br0dhcpstartip If br0dhcp 192 168 0 100 IP address within br0ip range br0dhcpendip If br0dhcp 192 168 0 199 IP address within br0ip range eth 0 9 enabled Yes yes yes no et...

Page 52: ...riable Required Default Notes enabled Yes no yes no routerrefresh No Integer 5 60 routerperiod No Integer 15 600 tunnel No Tunnel name a z 0 9 string networks If enabled optional with tunneling defaul...

Page 53: ...nel No a z string wan 0 9 networks No blank default CIDR CIDR mobilerouter Variable Required Default Notes enabled Yes yes yes no firewallzone No external internal external dmz echorequest No 15 Integ...

Page 54: ...55 Fax 01428 751654 E mail imo ems uk com Page 54 of 58 vpn Variable Required Default Notes enabled Yes no yes no TO BE CONFIRMED fw Variable Required Default Notes enabled Yes yes yes no masq Yes yes...

Page 55: ...this device is subject to the Waste from Electrical and Electronic Equipment WEEE di rective of the European Union The reason for separating WEEE and batteries from other waste is to mini mize the pot...

Page 56: ...le for paying all parts labour and shipping charges The warranty described above shall apply to all repaired or replaced Product for a period of 90 days from the date of return to you or the balance o...

Page 57: ...ATSOEVER INCLUDING BUT NOT LIM ITED TO LOSS OF REVENUE OR PROFIT DAMAGES TO PROPERTY OR PERSONS LOST OR DAM AGED DATA OR OTHER COMMERCIAL OR ECONOMIC LOSS EVEN IF ANY SUCH AFOREMEN TIONED PERSON HAS B...

Page 58: ...ms uk com Page 58 of 58 Obtaining Technical Assistance EMS Ltd provides www ems imo com as a starting point for all technical assistance Customers and partners can obtain documentation troubleshooting...

Reviews:

No comments