manualshive.com logo in svg

INSYS MLR 3G 2.0, Manual

Share
Download
INSYS MLR 3G 2.0 Manual Download Page 46

Functions 

MLR 3G 2.0 

 

10.4.6

 

Creating or Deleting a Firewall Rule 

The MLR 3G 2.0 provides a firewall for dial-out connections. A firewall is used to prevent 
unauthorized data traffic. The logic of the firewall states that any data traffic is forbid-
den, which is not explicitly permitted through a rule. 
Define which connections will be permitted by the MLR 3G 2.0. If you enable the firewall 
for the connection type "Dial-Out", only connections will be possible which are author-
ised by the firewall rules. All other connections will be blocked.  

Configuration with the web interface 

In order to 

enable the firewall for dial-out connections

, check in the menu 

"Dial-Out" on the page "Firewall" the checkbox "Activate firewall for Dial-Out 
connections". 
In order to 

create a rule for a permitted IP connection

, proceed as follows. 

Select in the menu "Dial-Out" on the page "Firewall" the 

data direction

 in the 

drop-down menu "Data direction". 
Define the 

protocol of the permitted connection

 in the drop-down menu "Pro-

tocol". 
Enter the further specifications of the connections permitted by the MLR 3G 
2.0 into the entry fields "

Source IP address

", "

Destination IP address

" and "

Des-

tination port

". Only rules can be created, which are not valid for individual 

machines (hosts), but for whole networks. In this case, the net mask must be 
entered following the "/". 

Save your settings

 by clicking "OK". 

In order to 

disable individual firewall rules temporarily

, uncheck in the menu 

"Dial-Out" on the page "Firewall" the checkbox in the column "active" in the 
firewall rule overview. Click on "OK" to confirm the settings. 
In order to 

delete one or more rules

, check the checkbox in the column "de-

lete" in the firewall rule overview. Click on "OK" to confirm the settings. 

 

10.4.7

 

Creating a Port Forwarding Rule 

When including the Internet as communication network, private and public IPs are dis-
tinguished. To be able to access the private IP addresses from the Internet, which are 
mostly used in local networks, the technologies NAT and port forwarding are used. Only 
the public IP address of the MLR 3G 2.0 can be reached in the Internet. This IP address can 
still be used to access the local end terminals in the network of the MLR 3G 2.0 from the 
Internet, if NAT and port forwarding are used. 
The MLR 3G 2.0 provides port forwarding. The MLR 3G 2.0 routes incoming packets from 
outside of the network to certain computers within the network. Outgoing packets of 
these connections from the network are being routed back to their destinations outside 
of the network. At certain ports, the MLR 3G 2.0 routes incoming data packets to one 
port of a certain destination address. You can use rules to define which packets from 
outside are routed to which addresses and ports in the network. This means that you can 
make certain services available to computers in the network, using the phone network. 

46 

 

Summary of Contents for MLR 3G 2.0

Page 1: ...Manual MLR 3G 2 0 Mar 11...

Page 2: ......

Page 3: ...om Inc IBM PC AT XT are registered trademarks of International Business Machine Corporation INSYS e Mobility LSG and e Mobility PLC are registered trademarks of INSYS MICROELECTRONICS GmbH Windows is...

Page 4: ...l Elements 16 4 1 Meaning of the Displays 18 4 2 Function of the Control Elements 19 5 Connections 20 5 1 Front Panel Connections 20 5 2 Rear Panel Connections 21 5 3 Pin Assignment of the Serial Inte...

Page 5: ...on Device 60 10 6 1 Configure Redundant Communication Device 60 10 7 Configurable Switch 61 10 7 1 Querying Configuration and Status of the Switch Ports 61 10 7 2 Configuring Switch Ports 61 10 7 3 Co...

Page 6: ...uration File 87 10 11 8 Download 88 10 11 9 Sandbox 89 10 11 10 Debugging 90 11 Waste Disposal 91 11 1 Repurchasing of Legacy Systems 91 12 Declaration of Conformity 92 13 Export Regulation 93 14 Lice...

Page 7: ...mum protection of the personnel and the environment from hazards as well as a safe and fault free operation of the product is only possible if all safety instructions are observed 1 1 Usage According...

Page 8: ...idity must not be exceeded and condensate formation must be prevented The maximum switching voltage and the maximum switching current load must not be exceeded The maximum input voltage and the maximu...

Page 9: ...ation It might cause death or severe injuries if not avoided Caution Slight injury and or material damage This symbol in conjunction with the key word Caution indicates a possibly hazardous or harmful...

Page 10: ...ently to protect it against shocks during transport and storage e g using air cushioned packing material Check product for possible damages which might have been caused by improper trans port before i...

Page 11: ...age of the product Only persons which have the training or skills of an Electronic technician for industrial engineering are authorised to open and repair the product Caution Overcurrent of the device...

Page 12: ...st approval regulations If the final product is not approved in the U S territories the application manufacturer shall take care that the 850 MHz and 190 MHz frequency bands be deactivated and that ba...

Page 13: ...please contact your distributor 1 MLR 3G 2 0 1 Quick Installation Guide 1 Support CD with operator manual in PDF format 1 Power supply connector GSM UMTS antenna The following related documents for th...

Page 14: ...5 Power consumption idle approx 3 W Power consumption connection approx 6 5 W Transmitted output UMTS 850 Class 3 UMTS 1900 Class 3 UMTS 2100 Class 3 EGSM 850 and 900 Class 4 EGSM 1800 and 1900 Class...

Page 15: ...s SMS SMS dispatch incoming SMS can be received but cannot be accessed via the web interface CSD Up to 14 4 kBit s GPRS GPRS Multislot Class 12 Coding scheme 1 bis 4 PBCCH Mobile Station Class B EDGE...

Page 16: ...lements on the front of the device Position Description 1 Power LED 2 COM LED 3 Data Signal LED 4 Status VPN LED 6 SIM card 2 eject button 7 SIM card 2 card holder 8 SIM card 1 card holder 9 SIM card...

Page 17: ...1 Link LED for Switch LAN 1 2 Link LED for Switch LAN 2 3 Link LED for Switch LAN 3 4 Link LED for Switch LAN 4 5 Activity LED for Switch LAN 4 6 Activity LED for Switch LAN 3 7 Activity LED for Switc...

Page 18: ...ed green SIM card 1 Data Signal orange SIM card 2 no signal or logged out PPP data traffic Field strength see Table 6 green VPN Client or server estab lished Status VPN red Status Initialization FW up...

Page 19: ...reset Press at least 3 seconds Resets the hardware and restarts the MLR 3G 2 0 Hard reset Reset key Press three times for a short time within 2 seconds Deletes all settings of the MLR 3G 2 0 and reset...

Page 20: ...nections 5 1 Front Panel Connections Figure 3 Connections on the front panel of the device Position Description 1 Serial interface RS232 socket V 24 V 28 Table 8 Description of the connections on the...

Page 21: ...10 100 BT 6 Ethernet port 4 RJ45 10 100 BT Table 9 Description of the connections on the rear panel of the device 5 3 Pin Assignment of the Serial Interface Figure 5 9 pin D Sub socket at the device P...

Page 22: ...uter which can also send data packets via NAT and port forwarding According to defined rules the MLR 3G 2 0 will send in coming IP packets to definable ports and port areas at IP addresses and ports i...

Page 23: ...tablish an OpenVPN connection without authentication PPTP The MLR 3G 2 0 can be used as PPTP server or client This enables machines to establish a safe connection to the LAN behind the MLR 3G 2 0 from...

Page 24: ...of the MLR 3G 2 0 can reproduce a copy of the data at another network port of the switch At these mirror ports the transmitted data can be read for analysis purposes e g for intrusion detection sys te...

Page 25: ...ation Firmware update via web interface The firmware of the MLR 3G 2 0 can be updated via the web interface An update can be performed locally or remotely Automatic daily update The MLR 3G 2 0 allows...

Page 26: ...ot An arrow will indicate prerequisites which must be fulfilled to be able to process the subsequent steps in a meaningful way You will also learn which software or which equipment you will need 1 One...

Page 27: ...5 mm 1 Press the SIM card eject button of SIM card 1 with the pointed object If only one SIM card is used this must always be inserted into the card holder of SIM card 1 The SIM card holder will be e...

Page 28: ...ard holder for SIM card 2 for this The following figure shows how to insert the SIM card into the SIM card holder for SIM card 2 Connecting the MLR 3G 2 0 to a GSM antenna and a PC How to connect the...

Page 29: ...et of the PC ne card and the other end into a network socket of the MLR 3G 2 0 Configuring the MLR 3G 2 0 The MLR 3G 2 0 is connected to the PC The power supply of the MLR 3G 2 0 is present You have t...

Page 30: ...ould now see the start page of the web interface The MLR 3G 2 0 is installed successfully and ready for configuration User name and password are set as factory defaults If the registration at the web...

Page 31: ...ation Configuring the MLR 3G 2 0 with the web interface How to configure the MLR 3G 2 0 with the web interface The MLR 3G 2 0 is connected to a network and switched on A PC which is physically connect...

Page 32: ...to change settings 5 Enter the required settings 6 Click on the button OK on the according configuration page to save the set tings After you completed the configuration changes always click the butt...

Page 33: ...ain via the HTTPS protocol the browser indicates again that the MLR 3G 2 0 uses an invalid security certificate The certifi cate is not trusted because the Common Name of the certificate differs from...

Page 34: ...which the interface can be accessed from the respective network of the MLR 3G 2 0 Configuration with the web interface User name and password are entered in the menu Basic Settings on the page Web in...

Page 35: ...the MLR 3G 2 0 can be found in the entry fields for the IP address and the network mask under MAC address on this page In order to assign a virtual network address to the local network check the check...

Page 36: ...g in the MLR 3G 2 0 not being able to log into the mobile net work When entering or changing the PIN make sure that you enter the correct PIN for the SIM card The SIM card may be unlocked using the ac...

Page 37: ...ork or exclusively into the network of a pro vider determined by you To ensure that the MLR 3G 2 0 gives preference to the network of a certain provider when logging in select in the menu UMTS the rad...

Page 38: ...igh availability Configuration with the web interface Enter the desired time for the daily logout in the menu UMTS into the entry fields Daily log out at in the format hh mm Enter the desired time for...

Page 39: ...will answer a call Enter the number of ring tones until going off hook into the entry field Num ber of rings before answer To use PPP authentication based on user names and passwords check the checkb...

Page 40: ...e radio button for After successful PPP authentication or After a call from these caller IDs If you select the latter option enter up to 5 phone numbers into the fields on the right which can trigger...

Page 41: ...he page Firewall in the drop down menu Data direction a data direction for the rule Define the protocol of the permitted connection in the drop down menu Pro tocol You can also make sure that the rule...

Page 42: ...t based connection into the field Access Point Name You can enter another APN for Target B As an alternative you may also define a GSM CSD connection with a usual phone number for Target B Enter a Use...

Page 43: ...heck in the menu Dial Out on the page Dial Out the checkbox Connect immediately and hold connection If necessary enter another time in minutes for the connection check into the entry field Interval fo...

Page 44: ...e a connection daily at a certain time check in the menu Dial Out on the page Dial Out the checkbox Disconnect automatically once a day at and enter a time for the connection termination into the entr...

Page 45: ...ows Select in the menu Dial In on the page Firewall the protocol of the permit ted connection in the drop down menu Protocol Enter the further specifications of the connections permitted by the MLR 3G...

Page 46: ...ng the Save your settings by clicking OK In order to disable individual firewall rules temporarily uncheck in the menu Dial Out on the page Firewall the checkbox in the column active in the firewall r...

Page 47: ...mple the same port is used twice only the rule which is further up in the list will be processed 10 4 8 Defining the Exposed Host As an option the MLR 3G 2 0 can forward all packets which do not compl...

Page 48: ...nt here Client as well as server can be replaced by any OpenVPN capable devices In the example a PPP connection between the two devices exists Via this PPP connection an OpenVPN connection is establis...

Page 49: ...nd key For encrypted connections from one or more clients to an OpenVPN server Solution for maximum security but the configuration is more complicated Table 11 Authentication methods for OpenVPN For d...

Page 50: ...dly any effect however if com pressible data e g text is transmitted the compression may significantly re duce the transmitted volume of data Switch the compression off if the re mote terminal does no...

Page 51: ...he authentication with certificates select the radio but ton Authentication based on certificate It is indicated under the option here whether the individual certificates and keys are present green ch...

Page 52: ...pen button If the file is encrypted you must also enter the password into the Password only with encrypted file field Click on OK then to upload the file 10 5 4 OpenVPN Client Basic Settings You can u...

Page 53: ...y significantly re duce the transmitted volume of data Switch the compression off if the re mote terminal does not support LZO compression In order to mask the packets with the virtual tunnel IP addre...

Page 54: ...me password combination can be used for the authentication with the OpenVPN server however the CA certificate is required in any case which must be possessed by every participant of this VPN Enter a u...

Page 55: ...rver check in the menu Dial In or Dial Out on the page PPTP server the checkbox Activate PPTP server In order to display the messages of the last connection select the link Display log of last connect...

Page 56: ...ion In order to define the IP address or the domain name of the remote terminal which you use to have the MLR 3G 2 0 establish the VPN connection enter an IP address or a domain name in the field IP a...

Page 57: ...secure tunnel It is possible to configure up to 10 different tunnels Configuration with the web interface In order to use the IPsec for a connection check in the menu Dial In or Dial Out on the page I...

Page 58: ...d the remote terminal enter this network with according netmask into the field Remote subnet Only data which is addressed to this network is packed in ESP packets In order to specify the ID of the rem...

Page 59: ...ensure the security of the IPsec connection for a longer period in order to send an additional ping via ICMP protocol to an IP address enter this address which must be located in the local subnet of...

Page 60: ...rial interface is reserved for the sandbox in addition the sandbox has priority i e redundant communication device and serial Ethernet gateway are disabled Configuration with the web interface If the...

Page 61: ...ch Ports You can determine which switch port is operated with which transmission rate and if it is operated in half duplex or full duplex mode You can also determine if the auto nego tiation the recog...

Page 62: ...he VLAN ID amongst others Each port that be longs to a VLAN will insert the VLAN tag automatically for the received packets if it not already contained in the packet Configuration with the web interfa...

Page 63: ...separately to a sniffer port where the network traffic can be read Configuration with the web interface To use a port as sniffer port select the according port in the menu Switch on the page Port mir...

Page 64: ...al Ethernet gateway log enter on the page Serial Ethernet gateway log into the field Refresh after the up date interval of the log in seconds as well as into the field show last lines the number of li...

Page 65: ...ion will be established if the primary target is not available If the connec tion set up fails a new connection set up cannot be performed before 5 minutes have expired In order to specify a set up of...

Page 66: ...e field Maximum block size In order to specify the maximum time until packing a TCP packet enter the time into the field Aggregation timeout in milliseconds If this time has ex pired the serially rece...

Page 67: ...been restarted ATH The serial Ethernet gateway closes the serial Internet con nection ATE n Configuring the echo behaviour ATE0 Echo disabled ATE1 Echo enabled default Puts the serial Ethernet gateway...

Page 68: ...e Browse button and locate the respective file The file will be uploaded after clicking on OK This file must be a text file which defines an associated answer for each desired AT command Each line in...

Page 69: ...he number of the SMS Service Center of your mobile phone provider in the menu Messages on the page Configuration in the section SMS into the field SCN Service Center Number SIM card 1 If you use a sec...

Page 70: ...existing tunnels will be ter minated with this pptp The PPTP connection will be restarted All existing tunnels will be ter minated with this reset The device will be restarted sandbox The sandbox wil...

Page 71: ...sword may consist of letters upper ans lower case with out umlauts numbers punctuation marks without comma parentheses underscore blank and the characters and and have a length of 20 characters In ord...

Page 72: ...efine this in the section Create new e mail Enter the e mail address of the recipient into the field Recipient for this Select from the drop down list Event the respective event for triggering the e m...

Page 73: ...r to enable SMS dispatch check in the menu Messages on the page SMS the checkbox Activate SMS In order to create an SMS message you have to define this in the section Cre ate new SMS Enter the phone n...

Page 74: ...checkbox Activate SNMP tarps In order to download the private MIB click on the link Download private MIB In order to create an SNMP trap you have to define this in the section Create new SNMP trap En...

Page 75: ...twork behind the MLR 3G 2 0 can always be reached with the same domain name from the Internet also for dynamically allocated IP addresses if the allocated IP address for incoming connections is not pr...

Page 76: ...ver of the MLR 3G 2 0 allocates addresses in the LAN The IP address range of the DHCP server must be located in the same network as the IP address of the MLR 3G 2 0 Enter into the entry field Lease Ti...

Page 77: ...Timeout for in active connections In order to avoid overloading the MLR 3G 2 0 you can restrict the number of clients which can connect to the MLR 3G 2 0 at the same time Enter the maximum number of...

Page 78: ...he firewall the access to any URLs would be possible just by bypassing the proxy The IP address of the proxy must be defined at the clients e g a web browser on a PC which establish connections via th...

Page 79: ...mpts check the check box Increase reconnection interval In this case the interval between the connection attempts will increase 1 5 15 30 60 minutes Otherwise the MLR 3G 2 0 will try to establish a co...

Page 80: ...the field Port In order to specify a contact information for the SNMP agent you can enter this into the field Contact information In order to specify a description for the SNMP agent you can enter th...

Page 81: ...ber of displayed lines and the update interval can be con figured Configuration with the web interface In order to view the detailed system messages via the web interface click on the link Show the ex...

Page 82: ...on the page Time enter the values for day month year hour and minutes in the entry fields DD MM YYYY hh mm Configure the time zone of the location of the MLR 3G 2 0 by selecting this from the drop dow...

Page 83: ...or a short time within two seconds loads the factory defaults of the MLR 3G 2 0 Configuration with the web interface In order to restart the MLR 3G 2 0 select in the menu System on the page Reset the...

Page 84: ...ss or the domain name of the server into the Server field and the respec tive port into the Port field It is also possible to specify sub directories of the server that are to be searched for the file...

Page 85: ...NSYS MICROELECTRICS Note Loss of availability Through a firmware update your MLR 3G 2 0 may loose its previous configuration Your MLR 3G 2 0 can then only be ac cessed from the local network via its s...

Page 86: ...R 3G 2 0 lights up red not perform any action at the web interface until this page is displayed 5 e 6 the System OK After the completed update a page is displayed which confirms the suc cessful update...

Page 87: ...Change in the web interface of the MLR 3G 2 0 In the menu System to the page Update 2 Click on Browse in the Manual update section and select the configura tion file e g configuration bin 3 Click on O...

Page 88: ...amp and saved as bzip2 compressed archive file Up to four of the last archive files are available for download Configuration with the web interface In order to download the binary configuration file o...

Page 89: ...nd Stored sandbox image together with its MD5 checksum The file name of the currently installed sandbox image is indicated behind Installed sandbox image together with its MD5 checksum In order to ins...

Page 90: ...the IP packet or the domain name into the field Parameter and click on OK Optionally you may increase the standard number of 3 hops by increasing the number of hops to 5 for example using the paramete...

Page 91: ...ines the repurchasing and recycling of legacy systems for our clients is regulated as follows Please send those legacy systems to the following address carriage prepaid Frankenberg Metalle Gaertnersle...

Page 92: ...the Council Directive on the Ap proximation of the Laws of the Member States relating to Electromagnetic Compatibility 2004 108 EC and the Council Directive relating to Low Voltage 2006 95 EC as well...

Page 93: ...y Group E of the docu ment http origin www gpo gov bis ear pdf 740spir pdf Address the US federal au thorities for an exception from this export regulation We explicitly point out that the US export r...

Page 94: ...te to certain responsibilities for you if you distribute copies of the software or if you modify it For example if you distribute copies of such a program whether gratis or for a fee you must give the...

Page 95: ...that work are not derived from the Program and can be reasonably considered independent and separate works in them selves then this License and its terms do not apply to those sections when you distri...

Page 96: ...efrain entirely from distribution of the Program If any portion of this section is held invalid or unenforceable under any particular circumstance the bal ance of the section is intended to apply and...

Page 97: ...plies to some specially designated Free Software Foundation software and to any other libraries whose authors decide to use it You can use it for your libraries too When we speak of free software we a...

Page 98: ...this special one TERMS AND CONDITIONS FOR COPYING DISTRIBUTION AND MODIFICATION 0 This License Agreement applies to any software library which contains a notice placed by the copy right holder or othe...

Page 99: ...that refer to this License so that they refer to the ordinary GNU General Public License version 2 instead of to this License If a newer version than version 2 of the ordinary GNU General Public Licen...

Page 100: ...e specified materials from the same place d Verify that the user has already received a copy of these materials or that you have already sent this user a copy For an executable the required form of th...

Page 101: ...in countries either by patents or by copyrighted interfaces the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding t...

Page 102: ...original SSLeay license apply to the toolkit See below for the actual license texts Actually both licenses are BSD style Open Source licenses In case of any license issues related to OpenSSL please co...

Page 103: ...tartup or in documentation online or textual provided with the package Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditio...

Page 104: ...f the device to verify that the equipment is properly shielded Pace maker patients are advised to keep their hand held mobile away from the pace maker while it is on Switch off the cellular terminal o...

Page 105: ...s for example emergency calls Remember in order to make or receive calls the cellular terminal or mobile must be switched on and in a service area with adequate cellular signal strength Some networks...

Page 106: ...arameters to DHCP clients on their request Dial In The device can be called by a switched dial up circuit and it is able to estab lish a LAN connection Dial Out The device can dial out by a switched d...

Page 107: ...always ends with 0 The net mask e g 255 255 255 0 is binary overlaid on the IP address e g 192 168 1 1 the remaining visible part of this overlapping masquerade is the network address here 192 168 1 0...

Page 108: ...he User Datagram Protocol is a transport protocol which enables the data exchange between network devices It operates connectionless i e the data transmission is unsecured URL The Uniform Resource Loc...

Page 109: ...front panel of the device 20 Table 9 Description of the connections on the rear panel of the device 21 Table 10 Description of the pin allocation of the D Sub socket 21 Table 11 Authentication methods...

Page 110: ...check 43 Connection Establishment 69 Connection log 50 53 Connection timeout 77 Control lines 66 CSD connection 42 Data direction 41 46 Data flow control 66 Data format 66 Data Signal LED 16 18 Date 2...

Page 111: ...ICMP 107 ICMP ping 57 90 Idle time 39 42 44 Internal clock 82 IP address 29 31 35 46 56 58 75 76 78 107 IP address range 76 IP packet 90 IP rating 14 IPsec 23 48 57 IPsec authentication 23 IPsec conn...

Page 112: ...ower supply 21 PPP 22 23 107 PPP authentication 22 39 40 42 PPP connection 22 39 42 43 48 55 PPP dial in server 22 PPP user 39 PPTP 23 48 55 PPTP client 23 56 PPTP connection 55 PPTP server 23 55 Prer...

Page 113: ...ta 81 System log 81 System messages 81 82 System time 24 TCP 108 TCP connection 55 TCP packet 66 Technological Features 15 Telnet protocol 66 Time 24 44 82 Time synchronisation 24 Time zone 82 Transmi...

Page 114: ......

Reviews:

No comments

Brands by name

Popular brands

Load more brands