background image

M2M

 

Cellular

 

Gateway

 

 

Index

 

skipping

 

is

 

used

 

to

 

reserve

 

slots

 

for

 

new

 

function

 

insertion,

 

when

 

required.

 

4

 

 

5.1.h

  

Options

 

...............................................................................................................................

 

174

 

5.5

 

VPN

 

..................................................................................................................................................

 

179

 

5.5.1

  

Configuration

 

....................................................................................................................

 

179

 

5.5.3

  

IPSec

 

...................................................................................................................................

 

181

 

5.5.5

  

PPTP

 

....................................................................................................................................

 

202

 

5.5.7

  

L2TP

 

....................................................................................................................................

 

215

 

5.5.9

  

GRE......................................................................................................................................

 

227

 

5.5.d

  

OpenVPN

 

...........................................................................................................................

 

235

 

5.7

  

Redundancy

 

...................................................................................................................................

 

251

 

5.7.1

  

VRRP

 

...................................................................................................................................

 

251

 

5.9

  

System

 

Management

 

..................................................................................................................

 

255

 

5.9.1

  

TR

069

 

................................................................................................................................

 

255

 

5.9.3

  

SNMP

 

..................................................................................................................................

 

259

 

5.9.5

  

Telnet

 

with

 

CLI

 

.................................................................................................................

 

270

 

5.9.7

  

UPnP

 

...................................................................................................................................

 

274

 

5.b

 

Certificate

 

.......................................................................................................................................

 

277

 

5.b.1

  

Configuration

 

....................................................................................................................

 

277

 

5.b.3

  

My

 

Certificates

 

.................................................................................................................

 

279

 

5.b.5

  

Trusted

 

Certificates

 

.........................................................................................................

 

286

 

5.b.7

  

Issue

 

Certificates

 

..............................................................................................................

 

292

 

5.d

  

Communication

 

Bus

 

....................................................................................................................

 

297

 

5.d.1

  

Port

 

Configuration

 

...........................................................................................................

 

297

 

5.d.3

  

Virtual

 

COM

 

......................................................................................................................

 

299

 

Chapter

 

7

 

Applications

 

................................................................................................................................

 

311

 

7.1

 

Mobile

 

Application

 

.......................................................................................................................

 

311

 

7.1.1

  

SMS

 

.....................................................................................................................................

 

311

 

7.1.3

  

USSD

 

...................................................................................................................................

 

315

 

7.1.5

  

Network

 

Scan

 

...................................................................................................................

 

319

 

7.1.7

  

SMS

 

Management

 

...........................................................................................................

 

321

 

7.1.b

  

SIM

 

PIN

 

..............................................................................................................................

 

329

 

Summary of Contents for IDG500AM-0T001

Page 1: ...M2M Cellular Gateway IDG500AM 0T001 User Manual...

Page 2: ...tion 11 1 6 1 Mount the Unit 11 1 6 2 Insert the SIM Card 11 1 6 3 Connecting Power 12 1 6 4 Connecting to the Network or a Host 13 1 6 5 Setup by Configuring WEB UI 13 Chapter 2 Getting Started 14 2...

Page 3: ...87 3 9 3 Virtual Server Virtual Computer 91 3 9 5 Special AP ALG 99 3 9 7 DMZ Pass Through 106 3 b Routing 109 3 b 1 Static Routing 109 3 b 3 Dynamic Routing 114 3 b 5 Routing Information 126 3 d Clie...

Page 4: ...RRP 251 5 9 System Management 255 5 9 1 TR 069 255 5 9 3 SNMP 259 5 9 5 Telnet with CLI 270 5 9 7 UPnP 274 5 b Certificate 277 5 b 1 Configuration 277 5 b 3 My Certificates 279 5 b 5 Trusted Certifica...

Page 5: ...new function insertion when required 5 7 d Event Management 331 7 d 1 Configuration 334 7 d 3 Managing Events 340 7 d 5 Notifying Events 342 Chapter 9 System 344 9 1 System Related 344 9 1 1 System Re...

Page 6: ...ed to insert SIM card from local mobile carrier to get to Internet The redundant SIM design provides a more reliable WAN connection for critical applications Main Features Provide 3G LTE WAN connectio...

Page 7: ...Contents List 1 2 1 Package Contents Standard Package Items Description Contents Quantity 1 IDG500AM 0T001 M2M Cellular Gateway 1pcs 2 Cellular Antenna 2pcs 3 Power Adapter DC 5V 2A 1 1pcs 4 RJ45 Cabl...

Page 8: ...guration Left View Right View Reset Button The RESET button provides user with a quick and easy way to resort the default setting Press the RESET button continuously for 6 seconds and then release it...

Page 9: ...l Strength is 61 100 SIM 1 2 Internet Blue Purple Red LED Off Connection is not established Flash in Blue Connection is establishing re establishing by SIM 1 Blue steady On Uplink connection was estab...

Page 10: ...ux based operating system An installed Ethernet adapter Browser Requirements Internet Explorer 6 0 or higher Chrome 2 0 or higher Firefox 3 0 or higher Safari 3 0 or higher Do not use the product in h...

Page 11: ...MAKE SURE THAT POWER OF THE DEVICE IS SWITCHED OFF The SIM card slots are located at the right side of IDG500 series housing in order to protect the SIM card You need to unscrew and remove the outer...

Page 12: ...r you to easily connect DC power adapter to this terminal block WARNNING This commercial grade power adapter is mainly for ease of powering up the purchased device while initial configuration It s not...

Page 13: ...hernet cable to connect the IDG500 series to the host PC s Ethernet port for configuring the device 1 6 5 Setup by Configuring WEB UI You can browse web UI to configure the device First you need to la...

Page 14: ...rd Go to Wizard Network Setup Wizard Step 2 Item Value setting Description Old Password 1 String format any text If you want to change password Enter the current password in this item New Password 1 S...

Page 15: ...Select the time zone for the system clock Detect Again NA Click the Detect Again button to detect the time zone from network Exit NA Click the Exit button to cancel Setup Wizard Back NA Click the Bac...

Page 16: ...ettings Go to Wizard Network Setup Wizard Step 4 WAN interface Step 4 WAN interface Setting Item Value setting Description Physical Interface A Must filled setting Here you specify the Physical Interf...

Page 17: ...onal setting Enter the host name provided by your Service Provider ISP Registered MAC Address An Optional setting Enter the MAC address that you have registered with your service provider Or Click the...

Page 18: ...vider WAN Subnet Mask A Must filled setting Enter the WAN subnet mask given by your Service Provider WAN Gateway A Must filled setting Enter the WAN gateway IP address given by your Service Provider P...

Page 19: ...Password A Must filled setting Enter the PPPoE password provided by your Service Provider Primary DNS A Must filled setting Enter the IP address of Primary DNS server Secondary DNS Optional setting En...

Page 20: ...ven by your Service Provider WAN Subnet Mask A Must filled setting Enter the WAN subnet mask given by your Service Provider WAN Gateway A Must filled setting Enter the WAN gateway IP address given by...

Page 21: ...ven by your Service Provider WAN Subnet Mask A Must filled setting Enter the WAN subnet mask given by your Service Provider WAN Gateway A Must filled setting Enter the WAN gateway IP address given by...

Page 22: ...t LAN Interface Item Value setting Description LAN IP Address A Must filled setting Assign an IP Address for LAN this IP address is a gateway IP Subnet Mask By default 255 255 255 0 24 is selected Sel...

Page 23: ...ill step by step guide you through to complete VPN tunnel setup Step 1 Setup Steps In Step 1 the VPN Setup Step is a screen that displays the summary of steps for VPN setup Click Next button to begin...

Page 24: ...o Step 3 PPTP in the following page When L2TP is selected go to Step 3 L2TP in the following page When GRE is selected go to Step 3 GRE in the following page Step 3 IPSec When IPSec is selected in Ste...

Page 25: ...nd either PPTP client or server is selected the client or server configuration window will appear PPTP Client When PPTP Client is selected in Step 2 for VPN Type PPTP configuration window will appear...

Page 26: ...mplete the PPTP Server configuration click Next button a setup summary will display Confirm the setting then click the Apply button to complete the setting Step 3 L2TP When L2TP is selected in Step 2...

Page 27: ...a setup summary will display Confirm the setting then click the Apply button to complete the setting L2TP Server When L2TP Server is selected in Step 2 for VPN Type L2TP configuration window will app...

Page 28: ...n insertion when required 28 Step 3 GRE When GRE is selected in Step 2 for VPN Type GRE configuration window will appear When complete the GRE configuration click Next button a setup summary will disp...

Page 29: ...the model purchased it can be Static IP Dynamic IP PPPoE PPTP L2TP 3G 4G IP Addr N A It displays the public IP address obtained from your ISP for Internet connection Default value is 0 0 0 0 if left...

Page 30: ...AN connection is connected Connect button allows user to manually connect the device to the Internet Note Connect button is available when Connection Control in WAN Type setting is set to Connect Manu...

Page 31: ...be Ethernet 3G 4G USB 3G 4G WAN Type N A It displays the method which public IP address is obtained from your ISP WAN type setting can be changed from Basic Network IPv6 Configuration Link local IP A...

Page 32: ...assigned by your ISP for your Internet connection Action N A This area provides functional buttons Edit IPv4 Button when press web based utility will take you to the Ethernet LAN configuration page B...

Page 33: ...ur Internet connection Action N A This area provides functional buttons Edit IPv4 Button when press web based utility will take you to the Ethernet LAN configuration page Basic Network LAN VLAN Ethern...

Page 34: ...m Information SIM Status and Service Information Refer to next page for more Note Currently USB 3G 4G doesn t support this feature When th Detail button in the Action column is pressed 3G 4G modem inf...

Page 35: ...code to unlock It is probably due to the device had exceeded the allowed number of times to unlock Refer to PIN Code Remaining Times PIN Code Remaining Times N A This displays the remaining time of th...

Page 36: ...be GSM WCDMA or LTE Band N A It displays the band currently used RSSI N A It displays the RSSI Received Signal Strength Indicator in unit dBm of the signal CS Register Status N A It displays the Circ...

Page 37: ...s router Go to Status LAN Client List LAN Client List Item Value setting Description LAN Interface N A Client record of LAN Interface String Format IP Address N A Client record of IP Address Type and...

Page 38: ...to display log history Clicking the Edit button the screen will be switched to the configuration page From the menu on the left select Status Firewall Status Firewall Status Tab Packet Filter Status...

Page 39: ...Note Ensure URL Blocking Log Alert is enabled Refer to Advanced Network Firewall URL Blocking tab Check Log Alert and save the setting Web Content Filter Status Web Content Filter Status Item Value se...

Page 40: ...sure MAC Control Log Alert is enabled Refer to Advanced Network Firewall MAC Control tab Check Log Alert and save the setting Plication Filters Status Application Filters Status Item Value setting Des...

Page 41: ...e or Disable setting status of Stealth Mode on Firewall Options String Format Disable or Enable SPI N A Enable or Disable setting status of SPI on Firewall Options String Format Disable or Enable Disc...

Page 42: ...setting Description Tunnel Name N A It displays the tunnel name you have entered to identify Tunnel Scenario N A It displays the Tunnel Scenario specified Local Subnets N A It displays the Local Subne...

Page 43: ...server configuration page Advanced Network VPN PPTP tab PPTP Client Status Item Value setting Description Client Name N A It displays Name for the PPTP Client specified Interface N A It displays the W...

Page 44: ...onfiguration page Advanced Network VPN L2TP tab L2TP Client Status Item Value setting Description Client Name N A It displays Name for the L2TP Client specified Interface N A It displays the WAN inter...

Page 45: ...MP Link Status screen shows the status of current active SNMP connections SNMP Link Status Item Value setting Description User Name N A It displays the user name for authentication This is only availa...

Page 46: ...vel Time N A It displays the timestamp of trap event Trap Event N A It displays the IP address of the trap sender and event type TR 069 Status The TR 069 Status window shows the current connection sta...

Page 47: ...N A It displays the name you entered to identify DDNS service provider Provider N A It displays the DDNS server of DDNS service provider Effective IP N A It displays the public IP address of the devic...

Page 48: ...Go to Advanced Network System Management UPnP Tab UPnP Status Item Value setting Description Remote Host N A The field is shown remote host that connect to internal client Protocol N A This field is...

Page 49: ...Previous N A Click the Previous button you will see the previous page of track list Next N A Click the Next button you will see the next page of track list First N A Click the First button you will s...

Page 50: ...stics Network traffic statistics shows traffic of each enabled interface Go to Statistic Report Network Traffic Statistics Internet Surfing List Item Name Value Setting Description Menu WAN LAN 2 4G i...

Page 51: ...revious button you will see the previous page of login statistics Next N A Click the Next button you will see the next page of login statistics First N A Click the First button you will see the first...

Page 52: ...Physical Interface WAN Internet Setup and WAN Load Balance for Intranet to access Internet For each WAN interface you must specify its physical interface first and then its Internet setup to connect...

Page 53: ...w shows all the available physical interfaces After clicking on the Edit button for the interface in Physical Interface List window the Interface Configuration window will appear to let you configure...

Page 54: ...windows are just some examples They vary from model to model It depends on the model purchased Interface Name The logic name of WAN interfaces is identified by WAN 1 WAN 2 and so on Physical Interface...

Page 55: ...services You must specify it in the WAN physical interface Please note that only Ethernet and ADSL physical interfaces support the feature Interface Configuration The configuration of a WAN interface...

Page 56: ...Cellular Network xDSL Modem Gateway ISP DSLAM ISP DSLAM Gateway Firewall or Ethernet WAN 3G 4G WAN USB 3G 4G WAN ADSL WAN Ethernet WAN The gateway has one or more RJ45 WAN ports that can be configure...

Page 57: ...backup connection will be started up to substitute the primary connection In addition there is a Seamless option for Failover operation mode When seamless option is activated by checking on the Seamle...

Page 58: ...t Always on Data Encryption LLC VPI Number 0 VCI Number 33 Schedule Type UBR Configuration Path Internet Setup 3G 4G WAN Type Configuration Interface Name WAN 2 Dial up Profile Auto detection Connecti...

Page 59: ...lover Failback Seamless Failover Scenario As another example all parameter configuration for WAN 1 and WAN 2 is same as above example except the Seamless box is checked as bellow in red color Configur...

Page 60: ...just Keep Alive Next Failover and Failback processes are shown in following diagram Their steps are S 1 When system discovers the primary WAN connection is failed S 2 System starts the failover proce...

Page 61: ...re It is called as Dual SIM Failover In this Dual SIM Failover there are four kinds of SIM card usage scenarios including SIM A First SIM B First and SIM A Only and SIM B Only By default SIM A First s...

Page 62: ...th SIM A First scenario is shown in the following diagram The steps are Pre state System tries to connect to mobile system for an Internet connection by using connection profile in SIM A for SIM A Fir...

Page 63: ...ce functions normally If you don t know accurate line speed of your subscribed Internet service following are some suggestions High Speed Ethernet WAN Upload 100Mbps Download 100Mbps Gigabit Ethernet...

Page 64: ...r these two WAN interfaces and their scenarios are shown in the following diagram Configuration Path Physical Interface Interface Configuration WAN n n 1 2 Interface Name WAN 1 WAN 2 Physical Interfac...

Page 65: ...nfiguration and related configuration windows for each WAN type For the Internet setup of each WAN interface you must specify its WAN type of physical interface first and then its related parameter co...

Page 66: ...terface name the kinds of physical interface their operation mode and WAN connection type There is one Edit button for each WAN interface to let you configure its Internet connection Please see Intern...

Page 67: ...You will need to enter in the IP address subnet mask and gateway address provided to you by your ISP Dynamic IP Address WAN type You may choose this WAN type if you connects a cable modem or a fiber V...

Page 68: ...ddress and DNS to you to setup an ADSL Internet connection PPPoE ADSL WAN type Select this option if your ISP requires you to use a PPPoE connection for accessing Internet This option is typically use...

Page 69: ...Time Service Name Assigned IP Address MTU MPPE NAT Network Monitoring IGMP and WAN IP Alias L2TP WAN Type Settings include IP Mode Server IP Name L2TP Account Password Connection Control Maximum Idle...

Page 70: ...id keep alive feature work abnormally enable this option will stop sending keep alive packets when there are continuous incoming and outgoing data packets passing through WAN connection Check Interval...

Page 71: ...of fails Connection Control There are three ways for connection control Auto reconnect Always on Dial on demand and Manually Auto reconnect Always on This gateway will establish Internet connection au...

Page 72: ...ly Following 3 tables list the parameter configuration for these three WAN interfaces Configuration Path Physical Interface Interface Configuration WAN n n 1 2 3 Interface Name WAN 1 WAN 2 WAN 3 Physi...

Page 73: ...Secondary DNS DHCP Servers 10110110001100 01 Request Coming Start Connecting Disconnect when idle timeout Dial on demand Its steps are Pre state After system booting up the WAN connection is disconnec...

Page 74: ...out Manually Its steps are Pre state After system booting up the WAN connection is disconnected S 1 When administrator click on the Connect button on the Network Status configuration window S 2 System...

Page 75: ...ides a brief description of LAN and VLAN It also explains how to create and modify virtual LANs which are more commonly known as VLANs 3 3 1 Ethernet LAN The Local Area Network LAN can be used to shar...

Page 76: ...his gateway supports various types of IPv6 connection Static IPv6 DHCPv6 PPPoEv6 6to4 6in4 Please contact your ISP the type of IPv6 is supported before you proceed with IPv6 setup Static IPv6 Static I...

Page 77: ...v6 default gateway address and IPv6 DNS to client host s automatically PPPoEv6 PPPoEv6 in IPv6 does the same function as PPPoE in IPv4 The PPPoEv6 server provides configuration parameters based on PPP...

Page 78: ...a host it must have a global IPv4 address connected and the host is responsible for encapsulation of outgoing IPv6 packets and decapsulation of incoming 6to4 packets If the host is configured to forw...

Page 79: ...ve slots for new function insertion when required 79 In above diagram the 6in4 usually needs to register to a 6in4 tunnel service known as Tunnel Broker in order to use It also need end point global I...

Page 80: ...Value setting Description WAN Connection Type 1 Only can be selected when IPv6 Enable 2 A Must filled setting Define the selected IPv6 WAN Connection Type to establish the IPv6 connectivity Select St...

Page 81: ...ss Primary DNS An optional setting Enter the WAN primary DNS Server Secondary DNS An optional setting Enter the WAN secondary DNS Server MLD Snooping The box is unchecked by default Enable Disable the...

Page 82: ...primary DNS Server Secondary DNS Can not modified by default Enter the WAN secondary DNS Server MLD The box is unchecked by default Enable Disable the MLD Snooping function LAN Configuration LAN Confi...

Page 83: ...ction If you want more information please contact your ISP Connection Control Fixed value The value is Auto reconnect Always on MTU A Must filled setting Enter the MTU for setting up PPPoEv6 connectio...

Page 84: ...nal setting Enter the WAN secondary DNS Server MLD The box is unchecked by default Enable Disable the MLD Snooping function LAN Configuration LAN Configuration Item Value setting Description Global Ad...

Page 85: ...ed IPv4 address of this router Local IPv6 Address A Must filled setting Filled Client IPv6 Address gotten from tunnelbroker in this field Primary DNS An optional setting Enter the WAN primary DNS Serv...

Page 86: ...nectivity Select Stateless to manage the Local Area Network to be SLAAC RDNSS Router Advertisement Lifetime A Must filled setting Enter the Router Advertisement Lifetime in seconds 200 is setted by de...

Page 87: ...iguration page Normally with global IP address or FQDN of WAN interface in the gateway employees who travel outside the office can access various servers behind the office gateway You can set up those...

Page 88: ...k It is useful when you run a server inside your network For example if you set a mail server at LAN side your local devices can access this mail server through gateway s global IP address when enable...

Page 89: ...eature to do that Scenario Description Local user can access mail server by FQDN or global IP when NAT loop back is enable Global user can access mail server only when mail server is set as virtual se...

Page 90: ...virtual server to be located at a server with IP address 10 0 75 101 in the Intranet of Network A including SMTP service port 25 and POP3 service port 110 So the local user at host with IP address 10...

Page 91: ...gateway This device s NAT firewall filters out unrecognized packets to protect your Intranet so all hosts behind this device gateway are invisible to the outside world If you wish you can make some o...

Page 92: ...side For example if you set an E mail server on the LAN side with IP address 10 0 75 101 a remote user can access the gateway for E mail service if you defined a virtual E mail server for the gateway...

Page 93: ...virtual server to be located at a server with IP address 10 0 75 101 in the Intranet of Network A including SMTP service port 25 and POP3 service port 110 So the remote user can access the E mail ser...

Page 94: ...gateway to implement the application scenario Scenario Description A LAN host is assigned with a global IP address to be visible to outside world The host has an embedded FTP file server and is prote...

Page 95: ...to the FTP file server by server s global IP address and it acts as a media between the LAN host and the outside world by using its Virtual Computer feature So remote users can request for file servi...

Page 96: ...x when WAN x enabled Server IP A Must filled setting This field is to specify the IP address of the interface selected in the WAN Interface setting above Protocol A Must filled setting When ICMPv4 is...

Page 97: ...ingle Port number Public Port is selected Port Range and specify a port range and Private Port can be selected Single Port or Port Range Apply Time Schedule to this rule otherwise leave it as Always r...

Page 98: ...omputer The router allows you to custom your Virtual Computer rules The router supports up to a maximum of 20 rule based Virtual Computer sets When Add button is applied Virtual Computer Rule Configur...

Page 99: ...l gateway ALG allows customized NAT traversal filters to be plugged into the gateway to support address and port translation for certain application layer control data protocols such as FTP BitTorrent...

Page 100: ...tion rule is that the trigger port is pa and the activated ports are pb and pc once the pa port is toggled at LAN interface of gateway Scenario Application Timing When local user wants to run an appli...

Page 101: ...er port 554 Quick Time 4 and incoming ports 6970 6999 and activate the rule So the local user at host with IP address 10 0 75 100 can enjoy the music by using Quick Time 4 application The media server...

Page 102: ...ne with the help of the SIP server in the Internet Parameter Setup Example Following table lists the parameter configuration for the NAT gateway in above diagram Configuration Path Special AP ALG Conf...

Page 103: ...ecial AP setting allows some applications require multiple connections The ALG setting allows user to Support some SIP ALG like STUN Enable Special AP and Virtual Computer Go to Basic Network NAT Brid...

Page 104: ...le box to enable this rule When Popular Applications is selected Battle net Port and Incoming Ports will be defined automatically Apply Time Schedule to this rule otherwise leave it as Always refer to...

Page 105: ...Schedule to this rule otherwise leave it as Always refer to Scheduling setting under System Then check Rule box to enable this rule When Popular Applications is selected Quick Time 4 Port is the same...

Page 106: ...ify the IP address in the Intranet to be DMZ host so that the host under DMZ function can run applications freely that would otherwise blocked by NAT mechanism of the gateway with DMZ feature disabled...

Page 107: ...Description The DMZ host is behind a NAT gateway and receives all normal and active packets from the Internet Remote user can access the DMZ host by using the IP address of the gateway and the gatewa...

Page 108: ...e DMZ and Pass Through Enable Go to Basic Network NAT Bridging DMZ tab Configuration Item Value setting Description DMZ 1 A Must filled setting 2 Default is ALL Check the Enable box to activate this N...

Page 109: ...tables record the obtained routing paths from neighbor routers by using some protocols such as RIP OSPF and BGP It is dynamic routing These both routing approaches will be illustrated one after one 3...

Page 110: ...ll static routing rule enteries There also be one Add button at the Static Routing Rule List caption that can let you add one new static routing rule While the Edit button at the end of each static ro...

Page 111: ...ing Rule List ID 1 2 Destination IP 173 194 72 94 188 125 73 108 Subnet Mask 255 255 255 255 255 255 255 255 Gateway 118 18 81 1 203 95 80 1 Metric 255 255 Rule Enable Enable Scenario Operation Proced...

Page 112: ...heir office setting Go to Basic Network Routing Static Routing Tab Static Routing Tab Item Value setting Description Enable Static Routing function The box is unchecked by default Check the Enable box...

Page 113: ...Interface Auto is set by default The Interface of this static routing rule Metric 1 Numberic String Format 2 A Must filled setting The Metric of this static routing rule Enabling the rule The box is...

Page 114: ...e In the Dynamic Routing page there are seven configuration windows for dynamic routing feature They are the RIP Configuration window OSPF Configuration window OSPF Area List OSPF Area Configuration B...

Page 115: ...ting protocols are described as follows RIP Scenario The Routing Information Protocol RIP is one of the oldest distance vector routing protocols which employs the hop count as a routing metric RIP pre...

Page 116: ...gle routing domain such as an autonomous system It gathers link state information from available routers and constructs a topology map of the network The topology is presented as a routing table to th...

Page 117: ...rio Application Timing When the administrator of the gateway wants to deploy one OSPF gateway in a large enterprise and expects the gateway to learn its routing table by using OSPF protocol from the e...

Page 118: ...r OSPF gateways in the enterprise backbone And then it forwards the routing information to the routers in its dominated areas Finally the routers in the dominated areas of the OSPF Gateway know the sh...

Page 119: ...eighbor ID and neighbor activation by an Enable box Following diagram is an example for the scenario Scenario Application Timing Most Internet service providers ISPs must use BGP to establish routing...

Page 120: ...able Self ID 100 Configuration Path Dynamic Routing BGP Neighbor List ID 1 2 3 4 Neighbor IP 10 101 0 1 10 102 0 1 10 103 0 1 10 104 0 1 Neighbor ID 101 102 103 104 Neighbor Enable Enable Enable Enabl...

Page 121: ...Routing Dynamic Routing Tab Item Value setting Description Enable Dynamic Routing function The box is unchecked by default Check the Enable box to activate this function The RIP configuration setting...

Page 122: ...ed setting The Router ID of this router on OSPF protocol Authentication None is set by default The Authentication method of this router on OSPF protocol Select None will disable Authentication on OSPF...

Page 123: ...Area Rule Configuration screen will appear Item Value setting Description Area Subnet 1 Classless Inter Domain Routing CIDR Subnet Mask Notation Ex 192 168 1 0 24 2 A Must filled setting The Area Sub...

Page 124: ...ter ID 1 IPv4 Format 2 A Must filled setting The Router ID of this router on BGP protocol Create Edit BGP Network Rules The router allows you to custom your BGP Network rules It supports up to a maxim...

Page 125: ...n is applied BGP Neighbor Rule Configuration screen will appear Item Value setting Description Neighbor IP 1 IPv4 Format 2 A Must filled setting The Neighbor IP of this router on BGP Neighbor List Rem...

Page 126: ...ription Destination IP N A Routing record of Destination IP IPv4 Format Subnet Mask N A Routing record of Subnet Mask IPv4 Format Gateway IP N A Routing record of Gateway IP IPv4 Format Metric N A Rou...

Page 127: ...server on a changing IP address you have to use dynamic domain name service DDNS Therefore anyone wishing to reach your host only needs to know the domain name Dynamic DNS will map the name of your ho...

Page 128: ...automatically re maps your domain name with the changed IP address So other hosts in the Internet world will be able to link to your gateway by using your domain name regardless of the changing globa...

Page 129: ...hen the gateway has booted up and has gotten a dynamic IP address for the WAN interface the DDNS agent in the gateway tries to request the DDNS server with the mapping between the domain name and the...

Page 130: ...n Add button is applied Pre defined Domain Name Configuration screen will appear Pre defined Domain Name Configuration Item Value setting Description Domain Name 1 String format can be any text 2 A Mu...

Page 131: ...set by default Selected the WAN Interface IP Address of the router Provider DynDNS org Dynamic is set by default Your DDNS provider of Dynamic DNS Host Name 1 String format can be any text 2 A Must f...

Page 132: ...r whose LAN IP Address is the same one of gateway LAN interface with its default Subnet Mask setting as 255 255 255 0 and its default IP Pool ranges is from 100 to 200 as shown at the DHCP Server List...

Page 133: ...ormation like the LAN Interface IP Address Host Name MAC Address and the Remaining Lease Time Fixed Mapping User can assign fixed IP address to map the specific client MAC address by select them then...

Page 134: ...eate and customize DHCP Server policies to assign IP Addresses to the devices on the local area network LAN Go to Basic Network Client Server Proxy DHCP Server Tab Create Edit DHCP Server Policy The r...

Page 135: ...lled setting The Lease Time of this DHCP Server Domain Name String format can be any text The Domain Name of this DHCP Server Primary DNS IPv4 format The Primary DNS of this DHCP Server Secondary DNS...

Page 136: ...lled setting The IP Address of this mapping rule Enabling the Rule The box is unchecked by default Click Enable box to activate this rule Save N A Click the Save button to save the configuration Undo...

Page 137: ...options in its sending out DHCPOFFER DHCPACK packages Option Meaning RFC 66 TFTP server name RFC 2132 72 Default World Wide Web Server RFC 2132 114 URL RFC 3679 Go to Basic Network Client Server Proxy...

Page 138: ...specific option you want to set Type Dropdown list of DHCP server option value s type Each different options has different value types 66 Single IP Address Single FQDN 72 IP Addresses List separated b...

Page 139: ...lular Gateway Index skipping is used to reserve slots for new function insertion when required 139 Save Undo DHCP Server Options Click Save to restart DHCP server forcing settings to take effect immed...

Page 140: ...Firewall check box will activate all firewall functions The firewall configuration allows user to enable or disable all functions including Packet Filters URL Blocking Web Content Filters MAC Control...

Page 141: ...ry In addition log alerting can be enabled through an Enable checkbox to log events Second the Packet Filter Rule List window lists all your defined packet filtering rule entry At last the Packet Filt...

Page 142: ...dy existed the Packet Filter Rule Configuration window shows up for you to configure The parameters in a rule include the rule name the from and to which interface the packet enters and leaves the sou...

Page 143: ...t those match the following rules Configuration Path Packet Filters Packet Filter Rule List ID 1 2 Rule Name Access 80 Access 443 Source IP IP Range 10 0 75 200 10 0 75 250 IP Range 10 0 75 200 10 0 7...

Page 144: ...lt Check the Enable box to activate Packet Filter function Black List White List Filter Method Selection Deny those match the following rules is set by default When Deny those match the following rule...

Page 145: ...erface to be the packet entering interface of the router If the packets to be filtered are coming from LAN to WAN then select LAN for this field Or VLAN 1 to WAN then select VLAN 1 for this field Othe...

Page 146: ...the Host grouping setting screen Source MAC A Must filled setting This field is to specify the Source MAC address Select Any to filter packets coming from any MAC addresses Select Specific MAC Addres...

Page 147: ...h specified port number Then enter a pot number in Protocol Number box Time Schedule A Must filled setting Apply Time Schedule to this rule otherwise leave it as Always If the dropdown list is empty e...

Page 148: ...or in the exclusion of the white list In URL Blocking page there are three configuration windows They are the Configuration window URL Blocking Rule List window and URL Blocking Rule Configuration win...

Page 149: ...if one pattern in the requests matches to one rule Other Web requests will be blocked URL Blocking Rule List The URL Blocking Rule List shows the setup parameters of all URL blocking rules There also...

Page 150: ...ted patterns to go through the gateway he can use the URL Blocking function by defining the white list to carry out to meet the requirement It is contrasting to above diagram Scenario Description Web...

Page 151: ...for WAN 1 interface It serves as a NAT router Enable the URL blocking function and specify the URL Blocking Rule List is a black list and configure two URL blocking rules for the gateway Create one r...

Page 152: ...activate to activate Event Log Invalid Access Web Redirection The box is unchecked by default Check the Enable box to activate this function When the user attempts to open a blocked http URL by the we...

Page 153: ...group by the Add Rule shortcut button Setting done through the Add Rule button will also appear in the Host grouping setting screen URL Domain Name Keyword A Must filled setting Specify URL Domain Na...

Page 154: ...an let you activate the Web content filtering function Some popular script types like Java Applet Java Scripts cookies and Active X are in the window and you can check their boxes to enable the gatewa...

Page 155: ...e or edit one existed rule the Web Content Filter Configuration window will appear when you click on the Add or Edit button to configure The parameters in a rule include the rule name the defined file...

Page 156: ...teway has the IP address of 10 0 75 2 for LAN interface 118 18 81 33 for WAN 1 interface It serves as a NAT router Enable the Web content filters function to check and filter out Web requests on Cooki...

Page 157: ...Log Alert The box is unchecked by default Check the Enable box to activate to activate Event Log Create Edit Filter Rules The router supports up to a maximum of 20 filter rule sets Ensure that the We...

Page 158: ...ou may also access to create a group by the Add Rule shortcut button Setting done through the Add Rule button will also appear in the Host grouping setting screen User defined File Extension List Use...

Page 159: ...kbox to log events Another Known MAC from LAN PC List is a tool that you can use to do quick copy the known MAC address of client hosts in the Intranet to facilitate creating rules Use the Copy to but...

Page 160: ...C Control Rule List shows the setup parameters of all MAC control rules There also be one Add button at the MAC Control Rule List caption that can let you add and create one new MAC control rule The E...

Page 161: ...teway he can use the MAC Control function by defining the white list to carry out to meet the requirement It is contrasting to above diagram Scenario Description To only reject client hosts with dedic...

Page 162: ...e Gateway is the gateway of Network A and the subnet of its Intranet is 10 0 75 0 24 The gateway has the IP address of 10 0 75 2 for LAN interface 118 18 81 33 for WAN 1 interface It serves as a NAT r...

Page 163: ...ox is unchecked by default Check the Enable box to activate the MAC filter function Black List White List Filter Method Selection Deny MAC Address Below is set by default When Deny MAC Address Below i...

Page 164: ...AC Control rule name Enter a name that is easy for you to remember MAC Address Ues to Compose 1 MAC Address string Format 2 A Must fill setting Specify the Source MAC Address to filter rule Time Sched...

Page 165: ...tion can categorize Internet Protocol packets based on their application layer data and allow or deny their passing of gateway It supports the application filters for various Internet chat software P2...

Page 166: ...ter Enable Log Alert Enable Configuration Path Application Filters Application Filter List Rule Name Rule 1 Source IP IP Range 192 168 123 200 192 168 123 250 P2P Software BT BitTorrent BitSpirit BitC...

Page 167: ...box is unchecked by default Check the Enable box to activate this filter function Log Alert The box is unchecked by default Check the Enable box to activate Event Log Create Edit Filter Rules The rou...

Page 168: ...defined group selected Note group must be pre defined before this selection become available Refer to System Grouping Host grouping You may also access to create a group by the Add Rule shortcut butt...

Page 169: ...it You can enable the IPS function and check the listed intrusion activities when needed There are some intrusion prevention items need a further Threshold parameter to work properly for intrusion det...

Page 170: ...io Description The gateway serves as an E mail server Web Server and open TCP Port 8080 allowing user to access web based utility of Gateway so remote users or unknown users can request those services...

Page 171: ...will block lots of packets in seconds IPS Setting The Intrusion Prevention System IPS setting allows user to customize intrusion prevention rules to prevent malicious packets Enabling IPS Firewall Go...

Page 172: ...e box to activate this intrusion prevention rule and enter the traffic threshold in this field UDP Flood Defense Click Enable box to activate this intrusion prevention rule and enter the traffic thres...

Page 173: ...ceroute Block Fraggle Attack ARP Spoofing Defence 1 A Must filled setting 2 The box is unchecked by default 3 traffic threshold is set to 300 by default 4 The value range can be from 10 to 10000 Click...

Page 174: ...ard Ping from WAN makes any host on the WAN side can t ping this product It means this device won t reply any ICMP packet from Internet Remote Administrator Hosts enables only the LAN users to browse...

Page 175: ...ables list the parameter configuration as an example for the gateway in above diagram with SPI enabling Configuration Path Options Firewall Options SPI Enable Scenario Operation Procedure In above dia...

Page 176: ...local users surf the internet Following tables list the parameter configuration as an example for the gateway in above diagram Configuration Path Options Firewall Options Discard Ping from WAN Enable...

Page 177: ...ns Item Value setting Description Enable Stealth mode function The box is unchecked by default Check the Enable box to activate Stealth Mode function Enable SPI function The box is checked by default...

Page 178: ...mote access Select Any IP to allow any remote hosts Select Specific IP to allow the remote host coming from a specific subnet An IP address entered in this field and a selected Subnet Mask to compose...

Page 179: ...tunnel technology supports data confidentiality data origin authentication and data integrity of network information by utilizing encapsulation protocols encryption algorithms and hashing algorithms T...

Page 180: ...reserve slots for new function insertion when required 180 VPN Configuration Item Value setting Description VPN The box is unchecked by default Check the Enable box to enable all VPN functions Save N...

Page 181: ...eers and negotiates IKE SAs Security Association to set up a secure channel for negotiating IPSec SAs in phase 2 At IPSec phase IKE negotiates IPSec SA parameters and sets up matching IPSec SAs in the...

Page 182: ...ion window shows the maximum number of concurrent IPSec VPN tunnels that are running in system Tunnel List Status The Tunnel List shows the setup parameters of all IPSec VPN tunnels and their connecti...

Page 183: ...y gateways have their own subnet and the Site to Site tunnel scenario is used Site means a subnet of client hosts Scenario Description Both Initiator and Responder of IPSec tunnel must have a Static I...

Page 184: ...guration Path IPSec IKE Phase Negotiation Mode Main Mode X Auth None For Network B at Branch Office Following 5 tables list the parameter configuration for above example diagram of IPSec VPN tunnel in...

Page 185: ...Negotiation Mode Main Mode X Auth None Scenario Operation Procedure In above diagram Network A is in the headquarters and the subnet of its Intranet is 10 0 76 0 24 The security gateway for Network A...

Page 186: ...ccess the enterprise operation systems to access office resources from outside the Dynamic VPN connection can be setup up to meet the requirement These mobile employees are carrying with their noteboo...

Page 187: ...Operation Mode Always on Configuration Path IPSec Local Remote Configuration Local Subnet 10 0 76 0 Local Netmask 255 255 255 0 Configuration Path IPSec Authentication Key Management IKE Pre shared K...

Page 188: ...eep alive item Configuration Path IPSec Authentication Key Management IKE Pre shared Key 12345678 Local ID User Name Network B Configuration Path IPSec IKE Phase Negotiation Mode Main Mode X Auth None...

Page 189: ...ng scenario example When Full Tunnel function of remote Business Security Gateway is enabled all data traffic from remote clients behind remote Business Security Gateway will go over the VPN tunnel Th...

Page 190: ...rough the established VPN tunnel between both sites including the HQ resource accessing and regular Internet accessing Scenario Description Both Initiator and Responder of IPSec tunnel must have a Sta...

Page 191: ...None For Network B at Branch Office Following 5 tables list the parameter configuration for above example diagram of IPSec VPN tunnel in Network B Use default value for those parameters that are not...

Page 192: ...s 10 0 76 0 24 The security gateway for Network A has the IP address of 10 0 76 2 for LAN interface and 203 95 80 22 for WAN interface However Network B is in the branch office and the subnet of its I...

Page 193: ...tion NetBIOS over IPSec Unchecked by default Click the Enable box to enable NetBIOS over IPSec function NAT Traversal Unchecked by default Click the Enable box to enable NAT Traversal function Max Con...

Page 194: ...M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion when required 194...

Page 195: ...r Site to Site VPN tunneling specified in Tunnel Scenario It is not available for Dynamic VPN tunneling application Operation Mode 1 A Must fill setting 2 Alway on is selected by default There are thr...

Page 196: ...aracters Select Key Management from the dropdown box for this IPSec tunnel IKE Pre shared Key user need to set a key Min 8 characters IKE X 509 user need Certificate to authenticate IKE_X 509 will be...

Page 197: ...server Click on the X Auth Account button to create remote X Auth client account Selected Client this gateway will be a X Auth client Enter User name and Password to be authenticated by the X Auth ser...

Page 198: ...inition Window Item Value setting Description IPSec Proposal Definition A Must fill setting Specify the Encryption method None AES auto AES128 AES192 AES256 DES 3DES Specify Authentication method None...

Page 199: ...described in Authentication Configuration Window a series of configuration windows for Manual IPSec Tunnel configuration will appear The configuration windows are the Tunnel configuration the Local R...

Page 200: ...terface as the system will automatically utilize the available WAN interfaces to balance traffic loads For more details on WAN Load Balance refer to Load Balance Usage in this manual On gateway s web...

Page 201: ...tion Outbound SPI Hexadecimal format Specify the Outbound SPI for this IPSec tunnel Inbound SPI Hexadecimal format Specify the Inbound SPI for this IPSec tunnel Encryption 1 A Must fill setting 2 Hexa...

Page 202: ...y levels and remote access levels comparable with typical VPN products Deploy a security gateway for local office and establish a virtual private network with the remote gateway of another office by u...

Page 203: ...window is to enable the PPTP VPN function by checking the Enable box In the Client Server field of the Configuration window choose either Server or Client Choose Server to define the gateway as the P...

Page 204: ...he used user name remote IP address the obtained virtual IP address and call ID of all PPTP clients User Account List User Account List lists your defined user accounts that can be accepted by the PPT...

Page 205: ...et of Network A at headquarters via this established PPTP tunnel Usually these hosts at PPTP client peer access the Internet directly via the WAN interface of Security Gateway 2 Only the packets whose...

Page 206: ...of its Intranet is 10 0 76 0 24 The security gateway for Network A has the IP address of 10 0 76 2 for LAN interface and 203 95 80 22 for WAN interface It serves as a PPTP server However Network B is...

Page 207: ...bnet Authentication Protocol MPPE Encryption NAT before Tunneling LCP Echo Type and tunnel activation Please be noted the Default Gateway Remote Subnet configuration item There are two options Default...

Page 208: ...work A at headquarters via this established PPTP tunnel Usually these hosts at PPTP client peer access the Internet directly via the WAN interface of Security Gateway 2 Only the packets whose destinat...

Page 209: ...PPTP 1 Interface WAN 1 Remote IP FQDN 203 95 80 22 User Name User 1 Password 1234 Default Gateway Remote Subnet Default Gateway Authentication Protocol MS CHAP MPPE Encryption Enable Tunnel Enable Sc...

Page 210: ...user to create and configure PPTP tunnels Before you proceed ensure that the VPN is enabled and saved To enable VPN go to Advanced Network VPN Configuration tab Enabling PPTP Go to Advanced Network VP...

Page 211: ...s is the PPTP server s Virtual IP DHCP server User can specify the first IP address for the subnet from which the PPTP client s IP address will be assigned IP Pool Ending Address 1 A Must fill setting...

Page 212: ...nts for remote clients to establish PPTP VPN connection to the gateway device Click Add button to add user account Enter User name and password Then check the enable box to enable the user Click Save...

Page 213: ...tunneling you will need to select a primary IPSec tunnel from which to failover to Load Balance Define whether the PPTP tunnel connection will take part in load balance function of the gateway You wi...

Page 214: ...setting Specify whether PPTP server supports MPPE Protocol Click the Enable box to enable MPPE Note when MPPE Encryption is enabled the Authentication Protocol PAP CHAP options will not be available N...

Page 215: ...L2TP tunneling So all client hosts behind local security gateway can make data communication with others behind remote gateway Or when you are a mobile user with your notebook or carrying along a sec...

Page 216: ...nt Choose Server to define the gateway as the L2TP VPN server for remote clients to initiate the connection to establish VPN tunnels Or choose Client to create multiple L2TP VPN clients to establish V...

Page 217: ...cluding the used user name remote IP address the obtained virtual IP address and call ID of all L2TP clients User Account List User Account List lists your defined user accounts that can be accepted b...

Page 218: ...2TP Server must have a Static IP or a FQDN and maintain a Client list account password The Client may be a mobile user or mobile site and requesting the L2TP tunnel connection with its account passwor...

Page 219: ...rio When you want the security gateway to play a L2TP client role check the Enable box and choose Client option in the L2TP Configuration window And make its related configuration in following section...

Page 220: ...el Scenario Application Timing Above diagram illustrates the Security Gateway 2 or the mobile device playing the L2TP VPN client role The L2TP tunnel is established by the L2TP client making the tunne...

Page 221: ...ault Gateway Remote Subnet setting determines how the Internet traffic from L2TP client site is handled The L2TP over IPSec is usually used for BYOD devices to establish a secure VPN tunnel between mo...

Page 222: ...establishing a L2TP VPN tunnel So both Intranets of 10 0 75 0 24 and 10 0 76 0 24 can securely communicate each other Finally the client hosts in the Intranet of Network B at mobile office can access...

Page 223: ...l It will set as the starting IP which assign to L2TP client IP Pool Ending Address A Must filled setting Specify the L2TP server ending IP of virtual IP pool It will set as the ending IP which assign...

Page 224: ...ck Enable button to enable user account Specify Username Fill in the username Specify Password Fill in the password Click save button to save user account When select Client in Client Server a series...

Page 225: ...ust filled setting Specify the Remote LNS IP FQDN for this L2TP tunnel Fill in the IP address or FQDN Remote LNS Port A Must filled setting Specify the Remote LNS Port for this L2TP tunnel Fill in the...

Page 226: ...ble box It will enable NAT for this L2TP tunnel LCP Echo Type A Must filled setting Specify the LCP Echo Type for this L2TP tunnel Select Auto Auto setting the Interval and Max Failure Time Selected U...

Page 227: ...ters supports the GRE tunneling function Then local security gateway can establish a GRE VPN tunnel with remote gateway in headquarters Client hosts in these both Intranets of branch office and headqu...

Page 228: ...a GRE tunnel between the gateway in headquarters and the one in branch office as an example fo following description GRE Tunnel at HQ Peer Scenario Application Timing Above diagram illustrates the se...

Page 229: ...N 1 Operation Mode Always on Tunnel IP 203 95 80 22 Remote IP 118 18 81 33 Key 1234 TTL 255 Default Gateway Remote Subnet Remote Subnet 10 0 75 0 24 Tunnel Enable Scenario Operation Procedure In above...

Page 230: ...ackets are delivered via the GRE tunnel as shown in the diagram by configuring the GRE tunnel is the default gateway at GRE client peer the Internet accessing packets will be also sent to the Security...

Page 231: ...teway for Network A has the IP address of 10 0 76 2 for LAN interface and 203 95 80 22 for WAN interface It serves as a GRE server However Network B is in the branch office and the subnet of its Intra...

Page 232: ...go to Advanced Network VPN Configuration tab Enabling GRE Go to Advanced Network VPN GRE tab Enable GRE Window Item Value setting Description GRE Unchecked by default Click the Enable box to enable G...

Page 233: ...lways On Failover Load Balance Failover Always Define whether the GRE tunnel is a failover tunnel function or an Always on tunnel Note If this GRE is a failover tunneling you will need to select a pri...

Page 234: ...0 0 2 24 DMVPN Spoke Unchecked by default Specify whether the gateway will support DMVPN Spoke for this GRE tunnel Check Enable box to enable DMVPN Spoke GRE Pre shared Key 1 Unchecked by default 2 Pr...

Page 235: ...e for every client using signature and Certificate authority It uses the OpenSSL encryption library extensively as well as the SSLv3 TLSv1 protocol and contains many security and control features Depl...

Page 236: ...M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion when required 236...

Page 237: ...nother role Above diagram is the server role configuration and following diagram shows the client role configuration To configure OpenVPN Server or Client role for the security gateway as follows Conf...

Page 238: ...l enable the OpenVPN server function specify the virtual IP address of OpenVPN server define the pool of virtual IP addresses that will assign to remote OpenVPN clients dialing in the security gateway...

Page 239: ...blishing an OpenVPN VPN tunnel Parameter Setup Example For Network A at HQ Following below tables list the parameter configuration for above example diagram of OpenVPN server in Network A Use default...

Page 240: ...nVPN VPN tunnel by starting from the OpenVPN client site So hosts in Network B can access hosts or servers in Network A But can t access from Network A to Network B To communicate each other securely...

Page 241: ...41 Configuration for An OpenVPN Client Configuration for An OpenVPN Client window let you specify the required parameters for an OpenVPN VPN client such as OpenVPN Client Name Interface Protocol Port...

Page 242: ...OpenVPN Client peer is also controlled by the Security Gateway 1 the OpenVPN VPN server Scenario Description OpenVPN Tunneling is a Client and Server based tunneling technology The OpenVPN Server mus...

Page 243: ...hosts in Network B can access hosts or servers in Network A But can t access from Network A to Network B However if the Default Gateway Remote Subnet parameter in the Security Gateway 2 is configured...

Page 244: ...A Must filled setting By default 443 is set Specify the Port for the OpenVPN Server to use Tunnel Device A Must filled setting By default TUN is selected Specify the Tunnel Device for the OpenVPN Serv...

Page 245: ...ilable only when TAP is be chose in Tunnel Device IP Pool A Must filled setting Specify the OpenVPN server virtual IP pool Starting Address It will set as the starting IP which assign to OpenVPN clien...

Page 246: ...ilable only when TLS is be chose in Authorization Mode Redirect Default Gateway The box is checked by default Specify the OpenVPN server Redirect Default Gateway Client to Client The box is checked by...

Page 247: ...tify it in the tunnel list Interface A Must filled setting Define the selected interface to be the used for this OpenVPN Client tunnel Select WAN 1 for this OpenVPN Client tunnel by default Protocol A...

Page 248: ...icate Refer to Advanced Network Certificate My Certificates Local Endpoint IP Address A Must filled setting Specify the Local Endpoint IP Address Note_1 Local Endpoint IP Address will be available onl...

Page 249: ...Optional String format any text Specify the OpenVPN client TLS Auth Key Note_1 TLS Auth Key will be available only when TLS is be chose in Authorization Mode User Name Optional String format any text...

Page 250: ...is unchecked by default Specify the OpenVPN client Tunnel UDP MSS Fix Note_1 Tunnel UDP MSS Fix will be available only when UDP is be chose in Protocol nsCertType Verification The box is unchecked by...

Page 251: ...r or switch fails This increases the availability and reliability of routing paths via automatic default gateway selections on an IP network The protocol achieves this by creation of virtual routers w...

Page 252: ...s a reliable connection to the Internet administrator can setup a group of VRRP redundant gateways as the enterprise entry gateway Each member gateway connects to different ISP for a redundant connect...

Page 253: ...3 Virtual Server IP Address 10 0 75 200 Scenario Operation Procedure In above diagram the Master Gateway and the Backup Gateway are the redundant gateway group of Network A and the subnet of its Intra...

Page 254: ...ng Format 2 A Must filled setting Define the Virtual Server ID on VRRP of the router The value range is from 1 to 255 Priority of Virtual Server 1 Numberic String Format 2 A Must filled setting Define...

Page 255: ...s gateway device As a bidirectional SOAP HTTP based protocol it provides the communication between customer premises equipment CPE and Auto Configuration Servers ACS The Security Gateway is such CPE T...

Page 256: ...rver to manage remote gateways geographically distributed elsewhere in the world the gateways in all branch offices must have an embedded TR 069 agent to communicate with the ACS server So that the AC...

Page 257: ...ernet The Gateway 1 is one of them and has 118 18 81 33 IP address for its WAN 1 interface When all remote gateways have booted up they will try to connect to the ACS server Once the connections are e...

Page 258: ...manager provide ACS password and manually set ConnectionRequest Port A Must filled setting You can ask ACS manager provide ACS ConnectionRequest Port and manually set ConnectionRequest Username A Mus...

Page 259: ...odifying and applying a new configuration through remote modification of these variables The variables accessible via SNMP are organized in hierarchies These hierarchies and other metadata such as typ...

Page 260: ...indow provides 5 records of user privacy definition for user authentication and data hashing and encryption In SNMPv3 SNMP protocol supports user privacy feature additionally By referring to above set...

Page 261: ...te NMS to manage some devices whose WAN interfaces are connected together by using a switch or a router with UDP forwarding If you want to manage some devices and they all have supported SNMP protocol...

Page 262: ...NoPriv Privacy Key 12345678 Disable Disable Authority Read Write Read Read Enable Enable Enable Enable Scenario Operation Procedure In above diagram the NMS server can manage multiple devices in the I...

Page 263: ...interface for the SNMP and enable SNMP functions When Check the LAN box It will activate SNMP functions and you can access SNMP by LAN When Check the WAN box It will activate SNMP functions and you c...

Page 264: ...ear Multiple Community Rule Configuration Item Value setting Description Community 1 Read Only is selected by default 2 A Must filled setting 3 String format any text Specify this version 1 or version...

Page 265: ...Privacy Mode is authNoPriv or authPriv you must specify the Password for this version 3 user The minimum length of the password is 8 The maximum length of the password is 64 Authentication 1 None is...

Page 266: ...tricts access for this version 3 user to the subtree rooted at the given OID The range of the each OID number is 1 2080768 Enable 1 The box is checked by default Click Enable to enable this version 3...

Page 267: ...ue setting Description Server IP 1 A Must filled setting 2 String format any Ipv4 address Specify the trap Server IP The DUT will send trap to the server IP Server Port 1 String format any port number...

Page 268: ...ypes and encryption protocols Selected the authNoPriv You must specify the Authentication and Password Selected the authPriv You must specify the Authentication Password Encryption and Privacy Key Aut...

Page 269: ...3 AMIT Enterprise Number 2 A Must filled setting 3 String format any number Specify the Enterprise Number for the particular private mib The range of the enterprise number is 1 2080768 Enterprise OID...

Page 270: ...easier to automate via scripting The device supports both Telnet and SSH Secure Shell CLI with default service port 23 and 22 respectively In Telnet with CLI page there are two configuration windows f...

Page 271: ...y using Telnet or SSH utility with privileged user name and password The data packets between the Local Admin and the Gateway or between the Remote Admin and the Gateway can be plain texts or encrypte...

Page 272: ...interface and 118 18 81 33 for WAN 1 interface It serves as a NAT gateway The Local Admin in the Intranet uses Telnet utility with privileged account to login the Gateway Or the Remote Admin in the In...

Page 273: ...default By default Service Port is 22 Check the Telnet Enable box to activate telnet service Check the SSH Enable box to activate SSH service You can set which number of Service Port you want to prov...

Page 274: ...peer networks multiplayer gaming and remote assistance programs need a way to communicate through home and business gateways Without IGD one has to manually configure the gateway to allow traffic thro...

Page 275: ...ation Procedure In above diagram the NAT Gateway is the gateway of Network A and the subnet of its Intranet is 10 0 75 0 24 It has the IP address of 10 0 75 2 for LAN interface and 118 18 81 33 for WA...

Page 276: ...presence and establish functional network services Go to Advanced Network System Management UPnP UPnP Configuration Item Name Value Setting Description UPnP Default checked Check to enable UPnP funct...

Page 277: ...es customers to issue certificates for them In a web of trust scheme the signer is either the key s owner a self signed certificate or other users endorsements whom the person examining the certificat...

Page 278: ...where your organization is located State ST is the state where your organization is located Location L is the location where your organization is located Organization O is the name of your organizati...

Page 279: ...Certificates function The Root CA window can let you generate or delete the certificate of root CA Root CA Configuration window can let you fill required information necessary for generating the root...

Page 280: ...ficate if the Self signed box is checked otherwise it is a CSR Self signed Certificate Usage Scenario Scenario Application Timing When the enterprise gateway owns the root CA and VPN tunneling functio...

Page 281: ...establishing as shown in above diagram The configuration example must be combined with the ones in following two sections to complete the whole user scenario Use default value for those parameters th...

Page 282: ...on as an example for the My Certificates function used in the user authentication of IPSec VPN tunnel establishing as shown in above diagram The configuration example must be combined with the ones in...

Page 283: ...IP address of 10 0 75 2 for LAN interface and 118 18 81 33 for WAN 1 interface They both serve as the NAT security gateways Gateway 1 generates the root CA and a local certificate HQCRT that is signe...

Page 284: ...ignature algorithm identifier of certificates Subject Name A Must filled setting This field is to specify the information of certificate Country C is the two letter ISO code for the country where your...

Page 285: ...hoice which certificate could be accepted by SCEP server for encryption data information It could be generated in Trusted Certificates CA Identifier is for SCEP server identifier which CA is used for...

Page 286: ...Trusted CA Certificate Import from a PEM window that can let you copy the contents of dedicated CA certificate and paste them in the window to be a trusted one for the gateway Similarly the Trusted Cl...

Page 287: ...dition you can delete used ones by checking the Select box of those certificates and clicking on the Delete button The View button allows you to view the contents of the dedicated certificate and down...

Page 288: ...t CA of the Gateway 1 sign it to be the BranchCRT certificate Import the certificate into the Gateway 2 as a local certificate In addition also imports the certificates of the root CA of Gateway 1 int...

Page 289: ...gram the Gateway 1 is the gateway of Network A in headquarters and the subnet of its Intranet is 10 0 76 0 24 It has the IP address of 10 0 76 2 for LAN interface and 203 95 80 22 for WAN 1 interface...

Page 290: ...ply N A Click the Apply button to import certificate Cancel N A When the Cancel button is clicked the screen will return to the Trusted Certificates page When Get CA button is applied Trusted CA impor...

Page 291: ...rtificates When Import button is applied Trusted Client import screen will appear Trusted Client Certificate List Item Value setting Description Import A Must filled setting It could select a certific...

Page 292: ...generates the certificate based on the dedicated CSR by clicking on the Sign button in the window Certainly only the gateway be the root CA and it can sign the requests to certify Another approach to...

Page 293: ...om a PEM Copy the contents of one CSR in PEM format to this window and use Sign button to generate corresponding certificate based on the pasted CSR contents The Signed Certificate View window will di...

Page 294: ...oot CA of Gateway 1 Gateway 2 creates a CSR BranchCSR to let the root CA of the Gateway 1 sign it to be the BranchCRT certificate Import the certificate into the Gateway 2 as a local certificate In ad...

Page 295: ...NAT security gateways Gateway 1 generates the root CA and a local certificate HQCRT that is signed by itself Import the certificates of the root CA and HQCRT into the Trusted CA Certificate List and T...

Page 296: ...lue setting Description Certificate Signing Request CSR Import from a File A Must filled setting It could select a certificate signing request file from user s computer for importing to DUT Certificat...

Page 297: ...rst In Port Configuration page there is only one configuration window for the serial port settings The Configuration window can let you specify serial port parameters including the operation mode bein...

Page 298: ...based network Baud Rate 19200 is set by default Select the appropriate baud rate for serial device communication RS 232 9600 19200 38400 57600 115200 RS 485 9600 19200 38400 57600 115200 230400 46080...

Page 299: ...there are three more configuration parameters need to specify They are the connection control the connection idle timeout and the alive check timeout In the TCP Client mode there is another Legal IP F...

Page 300: ...another Trusted IP Definition window can let you define four hosts as TCP clients to connect to the gateway by using their IP addresses if the trust type is Specific IP These operation modes are illu...

Page 301: ...re In above diagram the IOG Gateway is the gateway that attaches a serial device and the gateway has a 3G LTE WAN interface to connect to the Internet A remote Internet host computer whose IP address...

Page 302: ...e time Scenario Description When the Internet Host Computer wants to get the serial data via the IOG Gateway it will try to establish a TCP connection to the gateway if the connection is off After the...

Page 303: ...from the serial device via the gateway it will establish a TCP connection to the IOG Gateway if the connection is off After the data has been transferred the gateway automatically disconnects from th...

Page 304: ...remote Internet host computer whose IP address is 140 116 82 98 has a management system in it to collect the serial data from or send data to the serial device via the gateway Please be noted that th...

Page 305: ...trol Always on is set by default Choose Always on for a TCP full time connection Otherwise choose On Demand to initiate TCP connection only when required to transmit and disconnect at idle timeout Con...

Page 306: ...or FQDN of the remote TCP server to transmit serial data Remote Port 1 A Must filled setting 2 Default value is 4001 Enter the TCP port number This is the listen port of the remote TCP server Local Po...

Page 307: ...Port 4001 is set by default Indicate the listening port of TCP connection Trust Type Allow All is set by default Choose Allow All to allow any TCP clients to connect Otherwise choose Specific IP to l...

Page 308: ...settings Enable UDP Mode UDP User Datagram Protocol enables applications using UDP socket programs to communicate with the serial ports on the serial server The UDP mode provides connectionless commun...

Page 309: ...ected to the local serial port When a virtual serial port on the local serial device is being created it is required to specify the IP address of the remote hosts to establish connection with Enable R...

Page 310: ...ton to save the settings Specify Remote Host for Access Specify RFC 2217 Clients for Access Window Item Value setting Description Host A Must filled setting Enter the IP address range of allowed clien...

Page 311: ...obile communication systems It uses standardized communications protocols to allow fixed line or mobile phone devices to exchange short text messages 12 SMS as used on modern handsets originated from...

Page 312: ...mbers of unread SMS messages total received SMS messages and SMS messages in free space Moreover a New SMS button can let you compose and send a new SMS message The SMS Inbox button can let you check...

Page 313: ...minus one New SMS N A Click New SMS button a New SMS screen appears User can set the SMS setting from this screen Refer to New SMS in the next page SMS Inbox N A Click SMS Inbox button a SMS Inbox Lis...

Page 314: ...the phone number from SMS Timestamp N A What time receive SMS SMS Text Preview N A Preview the SMS text Action The box is unchecked by default User can check the box then click Delete button to delet...

Page 315: ...D messages create a real time connection during an USSD session The connection remains open allowing a two way exchange of a sequence of data This makes USSD more responsive than services that use SMS...

Page 316: ...h the USSD server by sending USSD commands and getting USSD responses via the voice gateway An USSD Session Scenario Scenario Application Timing When the administrator wants to uses the Voice Gateway...

Page 317: ...file named as roaming setting with command 135 for further use In the USSD Request window from the USSD Profile dropdown box select the roaming setting profile and the USSD Command field shows 135 Cli...

Page 318: ...Name that user can key in USSD Command N A The USSD command that user can key in Comments N A The Comments is this profile comment USSD Request When send the USSD command the USSD Response screen wil...

Page 319: ...ge there are two windows for the Network Scan function The Configuration window can let you select which 3G 4G module physical interface is used to perform Network Scan and system will show the curren...

Page 320: ...pend on module and user need to select option at least one for all network type Scan Approach The box is Auto by default When Auto selected cellular module register automatically If the Manually selec...

Page 321: ...with the gateway via the SMS system Only these phones can SMS control the gateway Furthermore the SMS messages can be removed after being processed by the system to clear up the memory to receive more...

Page 322: ...ber administrator can further specify the SMS messaging access control From which phone number the gateway will receive the management SMS messages or to which phone the gateway can issue the notifica...

Page 323: ...Control Configuration Access Control Enable Configuration Path Remote Management Specific Phone Number Definition ID 1 Phone Number 8869116xxxxx Granted Functions Management Notification Enable Scenar...

Page 324: ...scription SMS Remote Management The box is unchecked by default Check the Enable box to activate SMS Remote Management function Managing Events The box is unchecked by default Check the Enable box to...

Page 325: ...ived managing events SMS must have the designated security key as an initial identifier then corresponding handlers will become effective for further processing Save NA Click the Save button to save t...

Page 326: ...bus Definition to specify Modbus Event Handlers All box is unchecked by default Specify the related Handlers for the managing event Select Power Checkbox and select the handlers you want to specify Po...

Page 327: ...ect DO and select profile from Digital Output DO Profile List to specify the DO Response Select SMS to specify the SMS Response Select SNMP Trap to specify the SNMP Trap Response Select Modbus and sel...

Page 328: ...t condition to specify WiFi Event Select Client Server Proxy and select the event condition to specify Client Server Proxy Event Select System Related and the event condition to specify System Related...

Page 329: ...ow what is the current SIM card and the sim card condition SIM Selection N A Press theSwitch button then router would switch sim card to another one Then you can configure the sim card PUK function Ap...

Page 330: ...imes Depend on sim card Represent the SIM PIN number of times that you can try unlocking Save NA Click the Save button to save the configuration Change PIN Code NA Click the Change PIN code button to...

Page 331: ...o the fieldbus devices and D O devices which are already well connected to The supported events are categorized into two groups the notifying events and managing events The notifying events are the ev...

Page 332: ...tings are separated as several items they are the SMS Account Definition Email Service Definition Digital Input DI Profile Configuration Digital Output DO Profile Configuration and Modbus Definition T...

Page 333: ...ofiles Modbus Read Write profile Managing Events Trigger Type SMS SNMP Trap DI and Modbus Handlers WAN behavior LAN VLAN behavior WIFI behavior NAT behavior Firewall behavior System Management System...

Page 334: ...on Setup your SMS Account It supports up to a maximum of 5 accounts You can click the Edit button for each ID to edit the account SMS Account Definition Item Value setting Description Phone Number 1 M...

Page 335: ...alue setting Description Email Server Option Apply Email Server profile from External Server settings Email Addresses 1 Internet E mail address format 2 A Must filled setting Specify the Destination E...

Page 336: ...ing Specify the DI Profile Name DI Source ID1 by default Specify the DI Source It could be ID1 Normal Level Low by default Specify the Normal Level It could be Low or High Signal Active Time 1 Numberi...

Page 337: ...Low or High Total Signal Period 1 Numberic String format 2 A Must filled setting Specify the Total Signal Period It could be from 10 to 10000 milliseconds Repeat Counter The box is unchecked by defaul...

Page 338: ...ents Notifying Events or both Read Function Read Holding Registers by default Specify the Read Function for Managing Events Write Function Write Single Registers by default Specify the Write Function...

Page 339: ...ecify the Logic Comparator for Managing Events Value 1 Numberic String format 2 A Must filled setting Specify the Value It could be from 0 to 65535 Profile The box is unchecked by default Click Enable...

Page 340: ...function Create Edit Managing Events Rules Setup your Managing Event rules It supports up to a maximum of 128 rules When Add button is applied the Managing Event Configuration screen will appear Manag...

Page 341: ...ment Handlers Select System Related Checkbox and select the handlers you want to specify System Related Handlers Select DO Checkbox and select the profile from Digital Output DO Profile List to specif...

Page 342: ...upports up to a maximum of 128 rules When Add button is applied the Notifying Event Configuration screen will appear Notifying Event Configuration Item Value setting Description Event DI 1 or WAN by d...

Page 343: ...the Web Log Handler Select SNMP Trap to specify the SNMP Trap Handler Select Email and select the profile from Email Definition to specify the Email Handler Select Modbus and select profile from Modbu...

Page 344: ...rmware upgrades Email alert and system log Go to System System Related tab Change Password Change password screen allows network administrator to change the web based utility login password to access...

Page 345: ...nection is currently being used The display also shows the current System time It is particularly useful when firmware has been upgraded and system configuration file has been loaded Go to System Syst...

Page 346: ...e slots for new function insertion when required 346 System Status System Status screen contains various event log tools facilitating network administrator to perform local event logging and remote re...

Page 347: ...analysis View Email Log History Item Value setting Description View button N A Click on the View button to view Log History in Web Log List Window Email Now button N A Click on the Email Now button to...

Page 348: ...rator to select the type of event to log and be displayed in the Web Log List Window as described in the previous section Click on the View button to view Log History in the Web Log List window Web Lo...

Page 349: ...r the recipient s Email account Separate Email accounts with comma or semicolon Enter the Email account in the format of myemail domain com Subject String any text Enter an Email subject that is easy...

Page 350: ...nu Select one syslog server from the Server dropdown box to sent event log to If none has been available press Add Object button to create a syslog server Log type category Default unchecked Select th...

Page 351: ...Device Internal is selected by default Select internal or external storage Log file name Default unchecked Set file name to save logs in storage Split file Enable Default unchecked Check to enable sp...

Page 352: ...dule rules which can be applied to other functionality Go to System Scheduling Schedule Settings Button description Item Value setting Description Add N A Click the Add button to configure time schedu...

Page 353: ...vate activate the function been applied to in the time period below Time Period Definition Item Value Setting Description Week Day Select from menu Select everyday or one of weekday Start Time Time fo...

Page 354: ...o understand Server IP FQDN A Must filled setting This field is to specify the external server IP Server Port A Must filled setting This field is to specify the external server port Server Type A Must...

Page 355: ...es must be between 1 and 26 Then check Enable box to add this server Active Directory Server A Must filled setting When Active Directory Server is selected it means the option External Servers is set...

Page 356: ...t be between 1 and 60 Then check Enable box to add this server SCEP Server A Must filled setting When SCEP Server is selected it means the option External Servers is set SCEP Server Server Port will b...

Page 357: ...elapsed The setting allows administrator to enable automatic logout and set the logout idle time When the Time out is disabled the system will not logout the administrator automatically Go to System...

Reviews: