Home
/
Modbus
/
IOG700AM-0xCR1
/
User Manual

Modbus IOG700AM-0xCR1, User Manual

Share

Page: 207 / 395

Modbus IOG700AM-0xCR1 User Manual Download Page 207

Modbus

Cellular

Gateway

Index

skipping

is

used

to

reserve

slots

for

new

function

insertion,

when

required.

207

5.5.3

IPSec

Internet

Protocol

Security

(IPSec)

is

a

protocol

suite

for

securing

Internet

Protocol

(IP)

communications

by

authenticating

and

encrypting

each

IP

packet

of

a

communication

session.

IPSec

includes

protocols

for

establishing

mutual

authentication

between

agents

at

the

beginning

of

the

session

and

negotiation

of

cryptographic

keys

to

be

used

during

the

session.

An

IPSec

VPN

tunnel

is

established

between

IPSec

client

and

server.

Sometimes,

we

call

the

IPSec

VPN

client

as

the

initiator

and

the

IPSec

VPN

server

as

the

responder.

There

are

two

phases

to

negotiate

between

the

initiator

and

responder

during

tunnel

establishment,

IKE

phase

and

IPSec

phase.

At

IKE

phase,

IKE

authenticates

IPSec

peers

and

negotiates

IKE

SAs

(Security

Association)

to

set

up

a

secure

channel

for

negotiating

IPSec

SAs

in

phase

2.

At

IPSec

phase,

IKE

negotiates

IPSec

SA

parameters

and

sets

up

matching

IPSec

SAs

in

the

peers.

After

these

both

phases,

data

is

transferred

between

IPSec

peers

based

on

the

IPSec

parameters

and

keys

stored

in

the

SA

database.

In

"IPSec"

page,

there

is

the

"Configuration"

window

to

enable

the

IPSec

for

VPN

function

to

activate

network

neighborhood

between

the

Intranets

of

local

and

remote

peers.

It

enables

the

VPN

tunnels

even

the

gateway

is

under

a

NAT

router

and

specify

the

maximum

concurrent

IPSec

tunnels.

In

addition,

there

is

one

more

"Tunnel

List

&

Status"

window

lists

the

created

IPSec

VPN

tunnels

and

their

connection

status.

To

add

and

create

a

new

tunnel,

click

on

the

"Add"

button.

There

are

some

configuration

windows

for

you

to

setup.

They

are

"Tunnel

Configuration",

"Local

&

Remote

Configuration",

"Authentication",

"IKE

Phase",

"IKE

Proposal

Definition",

"IPSec

Phase",

and

"IPSec

Proposal

Definition"

windows.

«
...
205
206
207
208
209
...
»

Summary of Contents for IOG700AM-0xCR1

Page 1: ...Modbus Cellular Gateway IOG700AM 0xCR1 User Manual...

Page 2: ...Hardware Installation 13 1 6 1 Mount the Unit 13 1 6 2 Insert the SIM Card 13 1 6 3 Connecting Power 14 1 6 4 Connecting DI DO Devices 15 1 6 5 Connecting Serial Devices 16 1 6 6 Connecting to the Ne...

Page 3: ...LG 112 3 9 7 DMZ Pass Through 119 3 b Routing 122 3 b 1 Static Routing 122 3 b 3 Dynamic Routing 127 3 b 5 Routing Information 139 3 d Client Server Proxy 140 3 d 1 DNS DDNS 140 3 d 3 DHCP Server 145...

Page 4: ...Management 280 5 9 1 TR 069 280 5 9 3 SNMP 284 5 9 5 Telnet with CLI 295 5 9 7 UPnP 298 5 b Certificate 301 5 b 1 Configuration 301 5 b 3 My Certificates 303 5 b 5 Trusted Certificates 310 5 b 7 Issue...

Page 5: ...ts for new function insertion when required 5 7 5 Captive Portal 370 7 5 1 Configuration 370 Chapter 9 System 376 9 1 System Related 376 9 1 1 System Related 376 9 1 3 Packet Analyzer 384 9 3 Scheduli...

Page 6: ...t one to support new application in short time such as for NFC or GPS applications This IOG700AM series product is loaded with luxuriant security features including VPN firewall NAT port forwarding DH...

Page 7: ...Package Contents Standard Package Items Description Contents Quantity 1 IOG700AM 0TCR1 Modbus Cellular Gateway 1pcs 2 Cellular Antenna 2pcs 3 Power Adapter DC 12V 1A 1 1pcs 4 RJ45 Cable 1pcs 5 Console...

Page 8: ...ront View Reset Button The RESET button provides user with a quick and easy way to resort the default setting Press the RESET button continuously for 6 seconds and then release it The device will rest...

Page 9: ...s Cellular Gateway Index skipping is used to reserve slots for new function insertion when required 9 Bottom View Left View SIM A Slot SIM B Slot 3G LTE Aux Antenna 3G LTE Main Antenna Power Terminal...

Page 10: ...Modbus Cellular Gateway Index skipping is used to reserve slots for new function insertion when required 10 Right View Serial Port SD Card DI DO Terminal Block...

Page 11: ...connection High Cellular Signal Green Steady ON The signal strength of Cellular is strong Low Cellular Signal Green Steady ON The signal strength of Cellular is weak LAN Green Steady ON Ethernet conn...

Page 12: ...ing Windows Macintosh or Linux based operating system An installed Ethernet adapter Browser Requirements Internet Explorer 6 0 or higher Chrome 2 0 or higher Firefox 3 0 or higher Safari 3 0 or higher...

Page 13: ...rst if necessary 1 6 2 Insert the SIM Card WARNNING BEFORE INSERTING OR CHANGING THE SIM CARD PLEASE MAKE SURE THAT POWER OF THE DEVICE IS SWITCHED OFF The SIM card slots are located at the bottom sid...

Page 14: ...verter and a DC12V 1A power adapter5 in the package for you to easily connect DC power adapter to this terminal block WARNNING This commercial grade power adapter is mainly for ease of powering up the...

Page 15: ...O ports together with power terminal block Please refer to following specification to connect DI and DO devices Mode Specification Digital Input Trigger Voltage high Logic level 1 5V 30V Normal Voltag...

Page 16: ...Pin8 Pin9 RS 232 DCD RXD TXD DTR GND DSR RTS CTS RI RS 485 DATA DATA GND 1 6 6 Connecting to the Network or a Host The IOG700AM series provides one RJ45 port to connect 10 100Mbps Ethernet It can aut...

Page 17: ...ord Go to Wizard Network Setup Wizard Step 2 Item Value setting Description Old Password 1 String format any text If you want to change password Enter the current password in this item New Password 1...

Page 18: ...g Select the time zone for the system clock Detect Again NA Click the Detect Again button to detect the time zone from network Exit NA Click the Exit button to cancel Setup Wizard Back NA Click the Ba...

Page 19: ...settings Go to Wizard Network Setup Wizard Step 4 WAN interface Step 4 WAN interface Setting Item Value setting Description Physical Interface A Must filled setting Here you specify the Physical Inte...

Page 20: ...tional setting Enter the host name provided by your Service Provider ISP Registered MAC Address An Optional setting Enter the MAC address that you have registered with your service provider Or Click t...

Page 21: ...ovider WAN Subnet Mask A Must filled setting Enter the WAN subnet mask given by your Service Provider WAN Gateway A Must filled setting Enter the WAN gateway IP address given by your Service Provider...

Page 22: ...E Password A Must filled setting Enter the PPPoE password provided by your Service Provider Primary DNS A Must filled setting Enter the IP address of Primary DNS server Secondary DNS Optional setting...

Page 23: ...given by your Service Provider WAN Subnet Mask A Must filled setting Enter the WAN subnet mask given by your Service Provider WAN Gateway A Must filled setting Enter the WAN gateway IP address given b...

Page 24: ...given by your Service Provider WAN Subnet Mask A Must filled setting Enter the WAN subnet mask given by your Service Provider WAN Gateway A Must filled setting Enter the WAN gateway IP address given b...

Page 25: ...et LAN Interface Item Value setting Description LAN IP Address A Must filled setting Assign an IP Address for LAN this IP address is a gateway IP Subnet Mask By default 255 255 255 0 24 is selected Se...

Page 26: ...will step by step guide you through to complete VPN tunnel setup Step 1 Setup Steps In Step 1 the VPN Setup Step is a screen that displays the summary of steps for VPN setup Click Next button to begin...

Page 27: ...to Step 3 PPTP in the following page When L2TP is selected go to Step 3 L2TP in the following page When GRE is selected go to Step 3 GRE in the following page Step 3 IPSec When IPSec is selected in St...

Page 28: ...and either PPTP client or server is selected the client or server configuration window will appear PPTP Client When PPTP Client is selected in Step 2 for VPN Type PPTP configuration window will appea...

Page 29: ...complete the PPTP Server configuration click Next button a setup summary will display Confirm the setting then click the Apply button to complete the setting Step 3 L2TP When L2TP is selected in Step...

Page 30: ...n a setup summary will display Confirm the setting then click the Apply button to complete the setting L2TP Server When L2TP Server is selected in Step 2 for VPN Type L2TP configuration window will ap...

Page 31: ...ion insertion when required 31 Step 3 GRE When GRE is selected in Step 2 for VPN Type GRE configuration window will appear When complete the GRE configuration click Next button a setup summary will di...

Page 32: ...on the model purchased it can be Static IP Dynamic IP PPPoE PPTP L2TP 3G 4G IP Addr N A It displays the public IP address obtained from your ISP for Internet connection Default value is 0 0 0 0 if lef...

Page 33: ...y Refer to Edit button in Basic Network WAN Internet Setup and WAN connection status is connected WAN interface IPv6 Network Status WAN interface IPv6 Network Status screen shows status information fo...

Page 34: ...ss assigned by your ISP for your Internet connection Action N A This area provides functional buttons Edit IPv4 Button when press web based utility will take you to the Ethernet LAN configuration page...

Page 35: ...k N A It displays the current mask of the subnet IPv6 Link local Address N A It displays the current LAN IPv6 Link Local address This is also the IPv6 IP Address user use to access Router s Web based...

Page 36: ...ce name will be 3G 4G 1 and 3G 4G 2 Card Information N A It displays the vendor s 3G 4G modem model name Link Status N A It displays the 3G 4G connection status The status can be Connecting Connected...

Page 37: ...ription Interface N A It displays the type of WAN physical interface It can be 3G1 or 3G2 Note 3G2 is only for devices that support dual modules Module Name N A It displays the vendor s 3G 4G modem mo...

Page 38: ...code to unlock It is probably due to the device had exceeded the allowed number of times to unlock Refer to PIN Code Remaining Times PIN Code Remaining Times N A This displays the remaining time of t...

Page 39: ...an be GSM WCDMA or LTE Band N A It displays the band currently used RSSI N A It displays the RSSI Received Signal Strength Indicator in unit dBm of the signal CS Register Status N A It displays the Ci...

Page 40: ...is router Go to Status LAN Client List LAN Client List Item Value setting Description LAN Interface N A Client record of LAN Interface String Format IP Address N A Client record of IP Address Type and...

Page 41: ...ed to display log history Clicking the Edit button the screen will be switched to the configuration page From the menu on the left select Status Firewall Status Firewall Status Tab Packet Filter Statu...

Page 42: ...s Note Ensure URL Blocking Log Alert is enabled Refer to Advanced Network Firewall URL Blocking tab Check Log Alert and save the setting Web Content Filter Status Web Content Filter Status Item Value...

Page 43: ...Ensure MAC Control Log Alert is enabled Refer to Advanced Network Firewall MAC Control tab Check Log Alert and save the setting Plication Filters Status Application Filters Status Item Value setting D...

Page 44: ...le or Disable setting status of Stealth Mode on Firewall Options String Format Disable or Enable SPI N A Enable or Disable setting status of SPI on Firewall Options String Format Disable or Enable Dis...

Page 45: ...e setting Description Tunnel Name N A It displays the tunnel name you have entered to identify Tunnel Scenario N A It displays the Tunnel Scenario specified Local Subnets N A It displays the Local Sub...

Page 46: ...server configuration page Advanced Network VPN PPTP tab PPTP Client Status Item Value setting Description Client Name N A It displays Name for the PPTP Client specified Interface N A It displays the...

Page 47: ...configuration page Advanced Network VPN L2TP tab L2TP Client Status Item Value setting Description Client Name N A It displays Name for the L2TP Client specified Interface N A It displays the WAN inte...

Page 48: ...SNMP Link Status screen shows the status of current active SNMP connections SNMP Link Status Item Value setting Description User Name N A It displays the user name for authentication This is only avai...

Page 49: ...level Time N A It displays the timestamp of trap event Trap Event N A It displays the IP address of the trap sender and event type TR 069 Status The TR 069 Status window shows the current connection s...

Page 50: ...AN Physical Interface WAN Internet Setup and WAN Load Balance for Intranet to access Internet For each WAN interface you must specify its physical interface first and then its Internet setup to connec...

Page 51: ...ow shows all the available physical interfaces After clicking on the Edit button for the interface in Physical Interface List window the Interface Configuration window will appear to let you configure...

Page 52: ...windows are just some examples They vary from model to model It depends on the model purchased Interface Name The logic name of WAN interfaces is identified by WAN 1 WAN 2 and so on Physical Interfac...

Page 53: ...services You must specify it in the WAN physical interface Please note that only Ethernet and ADSL physical interfaces support the feature Interface Configuration The configuration of a WAN interface...

Page 54: ...ay Cellular Network xDSL Modem Gateway ISP DSLAM ISP DSLAM Gateway Firewall or Ethernet WAN 3G 4G WAN USB 3G 4G WAN ADSL WAN Ethernet WAN The gateway has one or more RJ45 WAN ports that can be configu...

Page 55: ...backup connection will be started up to substitute the primary connection In addition there is a Seamless option for Failover operation mode When seamless option is activated by checking on the Seaml...

Page 56: ...ect Always on Data Encryption LLC VPI Number 0 VCI Number 33 Schedule Type UBR Configuration Path Internet Setup 3G 4G WAN Type Configuration Interface Name WAN 2 Dial up Profile Auto detection Connec...

Page 57: ...ailover Failback Seamless Failover Scenario As another example all parameter configuration for WAN 1 and WAN 2 is same as above example except the Seamless box is checked as bellow in red color Config...

Page 58: ...ut just Keep Alive Next Failover and Failback processes are shown in following diagram Their steps are S 1 When system discovers the primary WAN connection is failed S 2 System starts the failover pro...

Page 59: ...here It is called as Dual SIM Failover In this Dual SIM Failover there are four kinds of SIM card usage scenarios including SIM A First SIM B First and SIM A Only and SIM B Only By default SIM A First...

Page 60: ...with SIM A First scenario is shown in the following diagram The steps are Pre state System tries to connect to mobile system for an Internet connection by using connection profile in SIM A for SIM A F...

Page 61: ...ance functions normally If you don t know accurate line speed of your subscribed Internet service following are some suggestions High Speed Ethernet WAN Upload 100Mbps Download 100Mbps Gigabit Etherne...

Page 62: ...or these two WAN interfaces and their scenarios are shown in the following diagram Configuration Path Physical Interface Interface Configuration WAN n n 1 2 Interface Name WAN 1 WAN 2 Physical Interfa...

Page 63: ...Configuration and related configuration windows for each WAN type For the Internet setup of each WAN interface you must specify its WAN type of physical interface first and then its related parameter...

Page 64: ...nterface name the kinds of physical interface their operation mode and WAN connection type There is one Edit button for each WAN interface to let you configure its Internet connection Please see Inter...

Page 65: ...u You will need to enter in the IP address subnet mask and gateway address provided to you by your ISP Dynamic IP Address WAN type You may choose this WAN type if you connects a cable modem or a fiber...

Page 66: ...address and DNS to you to setup an ADSL Internet connection PPPoE ADSL WAN type Select this option if your ISP requires you to use a PPPoE connection for accessing Internet This option is typically u...

Page 67: ...Time Service Name Assigned IP Address MTU MPPE NAT Network Monitoring IGMP and WAN IP Alias L2TP WAN Type Settings include IP Mode Server IP Name L2TP Account Password Connection Control Maximum Idle...

Page 68: ...void keep alive feature work abnormally enable this option will stop sending keep alive packets when there are continuous incoming and outgoing data packets passing through WAN connection Check Interv...

Page 69: ...t of fails Connection Control There are three ways for connection control Auto reconnect Always on Dial on demand and Manually Auto reconnect Always on This gateway will establish Internet connection...

Page 70: ...ally Following 3 tables list the parameter configuration for these three WAN interfaces Configuration Path Physical Interface Interface Configuration WAN n n 1 2 3 Interface Name WAN 1 WAN 2 WAN 3 Phy...

Page 71: ...S Secondary DNS DHCP Servers 10110110001100 01 Request Coming Start Connecting Disconnect when idle timeout Dial on demand Its steps are Pre state After system booting up the WAN connection is disconn...

Page 72: ...eout Manually Its steps are Pre state After system booting up the WAN connection is disconnected S 1 When administrator click on the Connect button on the Network Status configuration window S 2 Syste...

Page 73: ...ed with same VLAN ID in the device The ports of a VLAN form an independent traffic domain in which the traffic generated by the nodes remains within the VLAN However in Tag based VLAN all packets with...

Page 74: ...NAT mechanism of business access gateway In bridge mode Intranet packet flow is delivered out WAN trunk port with VLAN tag to upper link for different services A port based VLAN is a group of ports o...

Page 75: ...AN configuration Tag based VLAN Tagging for Location free Departments Tag based VLAN function can group Ethernet ports Port 1 Port 4 and WiFi Virtual Access Points VAP 1 VAP 8 together with different...

Page 76: ...to different groups based on VLAN ID Following is an example In a SMB company administrator schemes out 3 segments Lab Meeting Rooms and Office In a Security VPN Gateway administrator can configure Of...

Page 77: ...ther VLAN Group Internet Access Administrator can specify members of one VLAN group to be able to access Internet or not Following is an example that VLAN groups of VID is 2 and 3 can access Internet...

Page 78: ...nes of another VLAN group or not This is a communication pair and one VLAN group can join many communication pairs But communication pair doesn t have the transitive property That is A can communicate...

Page 79: ...lots for new function insertion when required 79 LAN VLAN Setting The Ethernet LAN allows user to setup the LAN IP address for device Setting LAN IP address and subnet mask will affect the IP that LAN...

Page 80: ...ory The VLAN function allows you to divide local network into different virtual LAN There are Port based and Tag based VLAN types Select one that applies For Port based VLAN Type Go to Basic Network L...

Page 81: ...tion insertion when required 81 When Add button is applied Port based VLAN Configuration screen will appear which is including 3 sections Port based VLAN Configuration DHCP Server Configuration and IP...

Page 82: ...rt Members configuration when Disable is selected NAT Bridge By default NAT is selected Select NAT mode or Bridge mode for the rule Port Members These box is unchecked by default Select which LAN port...

Page 83: ...me for an IP Address that the DHCP Server leases to a new device By default the lease time is 86400 seconds When your lease expires you must stop using the IP address Domain Name NA It s optional fiel...

Page 84: ...nfiguration Item Value setting Description MAC Address A Must filled setting Define the MAC Address target that the DHCP Server wants to filter IP Address A Must filled setting Define the IP Address t...

Page 85: ...red 85 Inter VLAN Group Routing Click on VLAN Group Routing button the VLAN Group Internet Access Definition and Inter VLAN Group Routing screen will appear The screen in the figure shows the default...

Page 86: ...N ID of LAN rule VLAN ID 2 is available only when VLAN ID 2 is enabled The same applies to other VLAN IDs i e VLAN ID 3 Inter VLAN Group Routing The box is unchecked by default By default members in d...

Page 87: ...VLAN allows you to custom each LAN port according to VLAN ID There is a default rule shows the configuration of all LAN ports and All VAPs Also If your device has a DMZ port you will see DMZ configur...

Page 88: ...nchecked by default Define which LAN port is part of the VLAN ID VAP The box is unchecked by default Define which VAP is part of the VLAN ID Notice that a VAP is only belong to a VLAN ID Disappear VAP...

Page 89: ...This gateway supports various types of IPv6 connection Static IPv6 DHCPv6 PPPoEv6 6to4 6in4 Please contact your ISP the type of IPv6 is supported before you proceed with IPv6 setup Static IPv6 Static...

Page 90: ...IPv6 default gateway address and IPv6 DNS to client host s automatically PPPoEv6 PPPoEv6 in IPv6 does the same function as PPPoE in IPv4 The PPPoEv6 server provides configuration parameters based on P...

Page 91: ...by a host it must have a global IPv4 address connected and the host is responsible for encapsulation of outgoing IPv6 packets and decapsulation of incoming 6to4 packets If the host is configured to fo...

Page 92: ...rve slots for new function insertion when required 92 In above diagram the 6in4 usually needs to register to a 6in4 tunnel service known as Tunnel Broker in order to use It also need end point global...

Page 93: ...em Value setting Description WAN Connection Type 1 Only can be selected when IPv6 Enable 2 A Must filled setting Define the selected IPv6 WAN Connection Type to establish the IPv6 connectivity Select...

Page 94: ...ress Primary DNS An optional setting Enter the WAN primary DNS Server Secondary DNS An optional setting Enter the WAN secondary DNS Server MLD Snooping The box is unchecked by default Enable Disable t...

Page 95: ...N primary DNS Server Secondary DNS Can not modified by default Enter the WAN secondary DNS Server MLD The box is unchecked by default Enable Disable the MLD Snooping function LAN Configuration LAN Con...

Page 96: ...nection If you want more information please contact your ISP Connection Control Fixed value The value is Auto reconnect Always on MTU A Must filled setting Enter the MTU for setting up PPPoEv6 connect...

Page 97: ...onal setting Enter the WAN secondary DNS Server MLD The box is unchecked by default Enable Disable the MLD Snooping function LAN Configuration LAN Configuration Item Value setting Description Global A...

Page 98: ...Pv4 address of this router Local IPv6 Address A Must filled setting Filled Client IPv6 Address gotten from tunnelbroker in this field Primary DNS An optional setting Enter the WAN primary DNS Server S...

Page 99: ...ivity Select Stateless to manage the Local Area Network to be SLAAC RDNSS Router Advertisement Lifetime A Must filled setting Enter the Router Advertisement Lifetime in seconds 200 is setted by defaul...

Page 100: ...nfiguration page Normally with global IP address or FQDN of WAN interface in the gateway employees who travel outside the office can access various servers behind the office gateway You can set up tho...

Page 101: ...ork It is useful when you run a server inside your network For example if you set a mail server at LAN side your local devices can access this mail server through gateway s global IP address when enab...

Page 102: ...Path Configuration NAT Loopback NAT Loopback Enable Configuration Path Virtual Server Virtual Computer Virtual Server List ID 1 2 Public Port 25 SMTP 110 POP3 Server IP 10 0 75 101 10 0 75 101 Private...

Page 103: ...WAN IP address from inside your local network Enable NAT Loopback Go to Basic Network NAT Bridging Configuration tab Configuration Item Value setting Description NAT Loopback The box is checked by de...

Page 104: ...ur gateway This device s NAT firewall filters out unrecognized packets to protect your Intranet so all hosts behind this device gateway are invisible to the outside world If you wish you can make some...

Page 105: ...the LAN side with IP address 10 0 75 101 a remote user can access the gateway for E mail service if you defined a virtual E mail server for the gateway by using the real E mail server on the LAN side...

Page 106: ...IP address 10 0 75 101 in the Intranet of Network A including SMTP service port 25 and POP3 service port 110 So the remote user can access the E mail server in the gateway that has the global IP 118 1...

Page 107: ...he gateway to implement the application scenario Scenario Description A LAN host is assigned with a global IP address to be visible to outside world The host has an embedded FTP file server and is pro...

Page 108: ...ng to the FTP file server by server s global IP address and it acts as a media between the LAN host and the outside world by using its Virtual Computer feature So remote users can request for file ser...

Page 109: ...box when WAN x enabled Server IP A Must filled setting This field is to specify the IP address of the interface selected in the WAN Interface setting above Protocol A Must filled setting When ICMPv4 i...

Page 110: ...Single Port number Public Port is selected Port Range and specify a port range and Private Port can be selected Single Port or Port Range Apply Time Schedule to this rule otherwise leave it as Always...

Page 111: ...Computer The router allows you to custom your Virtual Computer rules The router supports up to a maximum of 20 rule based Virtual Computer sets When Add button is applied Virtual Computer Rule Config...

Page 112: ...vel gateway ALG allows customized NAT traversal filters to be plugged into the gateway to support address and port translation for certain application layer control data protocols such as FTP BitTorre...

Page 113: ...e activated ports are pb and pc once the pa port is toggled at LAN interface of gateway Scenario Application Timing When local user wants to run an application to access the server in the Internet and...

Page 114: ...0 6999 and activate the rule So the local user at host with IP address 10 0 75 100 can enjoy the music by using Quick Time 4 application The media server is in the Internet ALG Configuration This gate...

Page 115: ...lists the parameter configuration for the NAT gateway in above diagram Configuration Path Special AP ALG Configuration ALG SIP ALG Enable Scenario Operation Procedure In above diagram the NAT Gateway...

Page 116: ...P ALG Setting The Special AP setting allows some applications require multiple connections The ALG setting allows user to Support some SIP ALG like STUN Enable Special AP and Virtual Computer Go to Ba...

Page 117: ...faces It can be selected WAN x box when WAN x enabled Trigger Port A Must filled setting When Popular Applications is selected User defined Port is set a port number and Incoming Ports can be set a po...

Page 118: ...Schedule to this rule otherwise leave it as Always refer to Scheduling setting under System Then check Rule box to enable this rule When Popular Applications is selected PC to Phone Port is the same...

Page 119: ...cify the IP address in the Intranet to be DMZ host so that the host under DMZ function can run applications freely that would otherwise blocked by NAT mechanism of the gateway with DMZ feature disable...

Page 120: ...way and receives all normal and active packets from the Internet Remote user can access the DMZ host by using the IP address of the gateway and the gateway will skip the NAT checking on the DMZ host D...

Page 121: ...work NAT Bridging DMZ tab Configuration Item Value setting Description DMZ 1 A Must filled setting 2 Default is ALL Check the Enable box to activate this NAT function Define the selected interface to...

Page 122: ...g tables record the obtained routing paths from neighbor routers by using some protocols such as RIP OSPF and BGP It is dynamic routing These both routing approaches will be illustrated one after one...

Page 123: ...g feature Static Routing Rule List The Static Routing Rule List shows the setup parameters of all static routing rule enteries There also be one Add button at the Static Routing Rule List caption that...

Page 124: ...tatic Routing Configuration Static Routing Enable Configuration Path Static Routing Static Routing Rule List ID 1 2 Destination IP 173 194 72 94 188 125 73 108 Subnet Mask 255 255 255 255 255 255 255...

Page 125: ...their office setting Go to Basic Network Routing Static Routing Tab Static Routing Tab Item Value setting Description Enable Static Routing function The box is unchecked by default Check the Enable b...

Page 126: ...le Interface Auto is set by default The Interface of this static routing rule Metric 1 Numberic String Format 2 A Must filled setting The Metric of this static routing rule Enabling the rule The box i...

Page 127: ...ure In the Dynamic Routing page there are seven configuration windows for dynamic routing feature They are the RIP Configuration window OSPF Configuration window OSPF Area List OSPF Area Configuration...

Page 128: ...outing protocols are described as follows RIP Scenario The Routing Information Protocol RIP is one of the oldest distance vector routing protocols which employs the hop count as a routing metric RIP p...

Page 129: ...g Internet Protocol IP packets solely within a single routing domain such as an autonomous system It gathers link state information from available routers and constructs a topology map of the network...

Page 130: ...rs including the area subnet the area ID and area activation by an Enable box Following diagram is an example for the scenario Scenario Application Timing When the administrator of the gateway wants t...

Page 131: ...and area 2 with area code is 10 0 76 254 and area subnet is 10 0 76 0 24 By operating with OSPF protocol the OSPF gateway can gather the routing information from other OSPF gateways in the enterprise...

Page 132: ...re also be one Add button at the BGP Neighbor List caption that can let you add and create one new BGP neighbor The Edit button at the end of each BGP neighbor definition can let you modify it BGP Nei...

Page 133: ...lowing tables list the parameter configuration as an example for the BGP gateway in above diagram Use default value for those parameters that are not mentioned in the tables Configuration Path Dynamic...

Page 134: ...k Routing Dynamic Routing Tab Item Value setting Description Enable Dynamic Routing function The box is unchecked by default Check the Enable box to activate this function The RIP configuration settin...

Page 135: ...lled setting The Router ID of this router on OSPF protocol Authentication None is set by default The Authentication method of this router on OSPF protocol Select None will disable Authentication on OS...

Page 136: ...F Area Rule Configuration screen will appear Item Value setting Description Area Subnet 1 Classless Inter Domain Routing CIDR Subnet Mask Notation Ex 192 168 1 0 24 2 A Must filled setting The Area Su...

Page 137: ...outer ID 1 IPv4 Format 2 A Must filled setting The Router ID of this router on BGP protocol Create Edit BGP Network Rules The router allows you to custom your BGP Network rules It supports up to a max...

Page 138: ...on is applied BGP Neighbor Rule Configuration screen will appear Item Value setting Description Neighbor IP 1 IPv4 Format 2 A Must filled setting The Neighbor IP of this router on BGP Neighbor List Re...

Page 139: ...cription Destination IP N A Routing record of Destination IP IPv4 Format Subnet Mask N A Routing record of Subnet Mask IPv4 Format Gateway IP N A Routing record of Gateway IP IPv4 Format Metric N A Ro...

Page 140: ...ou can refer to Wikipedia website10 11 To host your server on a changing IP address you have to use dynamic domain name service DDNS Therefore anyone wishing to reach your host only needs to know the...

Page 141: ...n the gateway has changed the dynamic DNS agent in the gateway will inform the DDNS server with the new IP address The server automatically re maps your domain name with the changed IP address So othe...

Page 142: ...required parameters for DDNS function by referring to above setup example When the gateway has booted up and has gotten a dynamic IP address for the WAN interface the DDNS agent in the gateway tries t...

Page 143: ...hen Add button is applied Pre defined Domain Name Configuration screen will appear Pre defined Domain Name Configuration Item Value setting Description Domain Name 1 String format can be any text 2 A...

Page 144: ...is set by default Selected the WAN Interface IP Address of the router Provider DynDNS org Dynamic is set by default Your DDNS provider of Dynamic DNS Host Name 1 String format can be any text 2 A Must...

Page 145: ...for whose LAN IP Address is the same one of gateway LAN interface with its default Subnet Mask setting as 255 255 255 0 and its default IP Pool ranges is from 100 to 200 as shown at the DHCP Server Li...

Page 146: ...formation like the LAN Interface IP Address Host Name MAC Address and the Remaining Lease Time Fixed Mapping User can assign fixed IP address to map the specific client MAC address by select them then...

Page 147: ...reate and customize DHCP Server policies to assign IP Addresses to the devices on the local area network LAN Go to Basic Network Client Server Proxy DHCP Server Tab Create Edit DHCP Server Policy The...

Page 148: ...filled setting The Lease Time of this DHCP Server Domain Name String format can be any text The Domain Name of this DHCP Server Primary DNS IPv4 format The Primary DNS of this DHCP Server Secondary DN...

Page 149: ...filled setting The IP Address of this mapping rule Enabling the Rule The box is unchecked by default Click Enable box to activate this rule Save N A Click the Save button to save the configuration Und...

Page 150: ...le Firewall check box will activate all firewall functions The firewall configuration allows user to enable or disable all functions including Packet Filters URL Blocking Web Content Filters MAC Contr...

Page 151: ...ntry In addition log alerting can be enabled through an Enable checkbox to log events Second the Packet Filter Rule List window lists all your defined packet filtering rule entry At last the Packet Fi...

Page 152: ...lowing sub sections for more reference Packet Filter Rule Configuration When you want to add a new packet filtering rule or edit one already existed the Packet Filter Rule Configuration window shows u...

Page 153: ...mentioned in the tables Configuration Path Packet Filters Configuration Packet Filters Enable Black List White List Deny all to pass except those match the following rules Configuration Path Packet Fi...

Page 154: ...ault Check the Enable box to activate Packet Filter function Black List White List Filter Method Selection Deny those match the following rules is set by default When Deny those match the following ru...

Page 155: ...nterface to be the packet entering interface of the router If the packets to be filtered are coming from LAN to WAN then select LAN for this field Or VLAN 1 to WAN then select VLAN 1 for this field Ot...

Page 156: ...in the Host grouping setting screen Source MAC A Must filled setting This field is to specify the Source MAC address Select Any to filter packets coming from any MAC addresses Select Specific MAC Addr...

Page 157: ...ith specified port number Then enter a pot number in Protocol Number box Time Schedule A Must filled setting Apply Time Schedule to this rule otherwise leave it as Always If the dropdown list is empty...

Page 158: ...or in the exclusion of the white list In URL Blocking page there are three configuration windows They are the Configuration window URL Blocking Rule List window and URL Blocking Rule Configuration wi...

Page 159: ...the requests matches to one rule Other Web requests will be blocked URL Blocking Rule List The URL Blocking Rule List shows the setup parameters of all URL blocking rules There also be one Add button...

Page 160: ...URL Blocking enabling Use default value for those parameters that are not mentioned in the tables Configuration Path URL Blocking Configuration URL Blocking Enable Black List White List Allow all to...

Page 161: ...fault When Deny those match the following rules is selected as the name suggest packets specified in the rules will be blocked black listed In contrast with Allow those match the following rules you c...

Page 162: ...gh the Add Rule button will also appear in the Host grouping setting screen Source MAC A Must filled setting This field is to specify the Source MAC address Select Any to filter packets coming from an...

Page 163: ...m Scheduling setting Enabling the rule The box is unchecked by default Click Enable box to activate this rule Save N A Click the Save button to save the configuration Undo N A Click the Undo button to...

Page 164: ...ation window can let you activate the Web content filtering function Some popular script types like Java Applet Java Scripts cookies and Active X are in the window and you can check their boxes to ena...

Page 165: ...Web content filtering rule or edit one existed rule the Web Content Filter Configuration window will appear when you click on the Add or Edit button to configure The parameters in a rule include the...

Page 166: ...com Rule Enable Scenario Operation Procedure In above diagram the Gateway is the gateway of Network A and the subnet of its Intranet is 10 0 75 0 24 The gateway has the IP address of 10 0 75 2 for LA...

Page 167: ...his filter function as the name suggests this pattern matching rule define as the packet with the keyword js class jar jsp java jse jcm jtk or jad Check the ActiveX box to activate this filter functio...

Page 168: ...filter packets coming from a MAC address entered in this field Select MAC Address based Group to filter packets coming from a pre defined group selected Note group must be pre defined before this sele...

Page 169: ...ckbox to log events Another Known MAC from LAN PC List is a tool that you can use to do quick copy the known MAC address of client hosts in the Intranet to facilitate creating rules Use the Copy to bu...

Page 170: ...MAC Control Rule List shows the setup parameters of all MAC control rules There also be one Add button at the MAC Control Rule List caption that can let you add and create one new MAC control rule The...

Page 171: ...y Parameter Setup Example Following tables list the parameter configuration as an example for the gateway in above diagram with MAC Control enabling Use default value for those parameters that are not...

Page 172: ...box is unchecked by default Check the Enable box to activate the MAC filter function Black List White List Filter Method Selection Deny MAC Address Below is set by default When Deny MAC Address Below...

Page 173: ...MAC Control rule name Enter a name that is easy for you to remember MAC Address Ues to Compose 1 MAC Address string Format 2 A Must fill setting Specify the Source MAC Address to filter rule Time Sche...

Page 174: ...nction can categorize Internet Protocol packets based on their application layer data and allow or deny their passing of gateway It supports the application filters for various Internet chat software...

Page 175: ...ilter Enable Log Alert Enable Configuration Path Application Filters Application Filter List Rule Name Rule 1 Source IP IP Range 192 168 123 200 192 168 123 250 P2P Software BT BitTorrent BitSpirit Bi...

Page 176: ...he box is unchecked by default Check the Enable box to activate this filter function Log Alert The box is unchecked by default Check the Enable box to activate Event Log Create Edit Filter Rules The r...

Page 177: ...re defined group selected Note group must be pre defined before this selection become available Refer to System Grouping Host grouping You may also access to create a group by the Add Rule shortcut bu...

Page 178: ...t it You can enable the IPS function and check the listed intrusion activities when needed There are some intrusion prevention items need a further Threshold parameter to work properly for intrusion d...

Page 179: ...rio Description The gateway serves as an E mail server Web Server and open TCP Port 8080 allowing user to access web based utility of Gateway so remote users or unknown users can request those service...

Page 180: ...em will block lots of packets in seconds IPS Setting The Intrusion Prevention System IPS setting allows user to customize intrusion prevention rules to prevent malicious packets Enabling IPS Firewall...

Page 181: ...ble box to activate this intrusion prevention rule and enter the traffic threshold in this field UDP Flood Defense Click Enable box to activate this intrusion prevention rule and enter the traffic thr...

Page 182: ...aceroute Block Fraggle Attack ARP Spoofing Defence 1 A Must filled setting 2 The box is unchecked by default 3 traffic threshold is set to 300 by default 4 The value range can be from 10 to 10000 Clic...

Page 183: ...scard Ping from WAN makes any host on the WAN side can t ping this product It means this device won t reply any ICMP packet from Internet Remote Administrator Hosts enables only the LAN users to brows...

Page 184: ...tables list the parameter configuration as an example for the gateway in above diagram with SPI enabling Configuration Path Options Firewall Options SPI Enable Scenario Operation Procedure In above di...

Page 185: ...local users surf the internet Following tables list the parameter configuration as an example for the gateway in above diagram Configuration Path Options Firewall Options Discard Ping from WAN Enable...

Page 186: ...Control Enabling Firewall Options Go to Advanced Network Firewall Options Tab Enabling Firewall Options Item Value setting Description Enable Stealth mode function The box is unchecked by default Chec...

Page 187: ...ccess IP A Must filled setting This field is to specify the remote host to assign access right for remote access Select Any IP to allow any remote hosts Select Specific IP to allow the remote host com...

Page 188: ...to incoming packets QoS determines which queue the packets enter based on priority This is useful when there are certain types of data you want to give higher priority to such as voice packets given...

Page 189: ...sponding WAN Interface Resource window The system resource information provides important parameters for the QoS BWM function Incorrect information will result in poor bandwidth utilization System Res...

Page 190: ...t is related to configure of each rule based QoS if select Priority Queues of Resource It is also related to default banwidth of WANs WAN Interface By default WAN 1 is selected Select WAN 1 and then t...

Page 191: ...List window and QoS Rule Configuration window The Configuration window can let you activate the Rule based QoS function In addition you can also enable the Flexible Bandwidth Management FBM feature f...

Page 192: ...tion When you want to add a new QoS rule or edit one already existed the QoS Rule Configuration window shows up for you to configure The parameters in a rule include the applied WAN interfaces the ded...

Page 193: ...ID User defined Services and Well known Services Well known services include FTP 21 SSH TCP 22 Telnet 23 SMTP 25 DNS 53 TFTP UDP 69 HTTP TCP 80 POP3 110 Auth 113 SFTP TCP 115 SNMP Traps UDP 161 162 L...

Page 194: ...ce 4 CS4 to AF Class2 High Drop for incoming packets from some client hosts in the Intranet Parameter Setup Example Following tables list the parameter configuration as an example for the gateway in a...

Page 195: ...or of the gateway wants to limit the connection sessions from some client hosts IP 10 0 75 16 31 to 20000 sessions totally for accessing the Internet he can use the Rule based QoS function to carry ou...

Page 196: ...16 31 can access the Internet via WAN 1 interface under the limitation of the maximum 20000 connection sessions totally at any time The Rule Based QoS allows user to configure QoS and bandwidth to se...

Page 197: ...hen WAN 1 interface is enabled The same applies to other WAN interfaces i e WAN 2 Group A Must filled setting This field is to specify the Group of the interface selected in the Interface setting abov...

Page 198: ...when Set MINR MAXR is selected It means the option Control Function of rule based QoS Rule is set MINR MAXR You can assign min rate max rate and rate unit for this rule QoS Direction A Must filled se...

Page 199: ...option is a source group When Inbound is selected It means the option QoS Direction of rule based QoS Rule is inbound Inbound means the Group option is a destination group When Both is selected It mea...

Page 200: ...group When Both is selected It means the option QoS Direction of rule based QoS Rule is both Sharing Method A Must filled setting When Individual Control is selected It means the option Sharing Method...

Page 201: ...lected It means the option QoS Direction of rule based QoS Rule is outbound Outbound means the Group option is a source group When Inbound is selected It means the option QoS Direction of rule based Q...

Page 202: ...d It means the option QoS Direction of rule based QoS Rule is inbound Inbound means the Group option is a destination group When Both is selected It means the option QoS Direction of rule based QoS Ru...

Page 203: ...is selected It means the option QoS Direction of rule based QoS Rule is inbound Inbound means the Group option is a destination group When Both is selected It means the option QoS Direction of rule b...

Page 204: ...e slots for new function insertion when required 204 Apply Time Schedule to this rule otherwise leave it as Always refer to Scheduling setting under System Enabling the rule Click Enable box to activa...

Page 205: ...ne by establishing a virtual point to point connection through the use of dedicated connections encryption or a combination of the two The tunnel technology supports data confidentiality data origin a...

Page 206: ...ns The VPN configuration allows user to enable or disable all the VPN functions of the gateway device The VPN enables check box must be checked to enable to allow IPSec PPTP L2TP and GRE to function V...

Page 207: ...peers and negotiates IKE SAs Security Association to set up a secure channel for negotiating IPSec SAs in phase 2 At IPSec phase IKE negotiates IPSec SA parameters and sets up matching IPSec SAs in th...

Page 208: ...ation window shows the maximum number of concurrent IPSec VPN tunnels that are running in system Tunnel List Status The Tunnel List shows the setup parameters of all IPSec VPN tunnels and their connec...

Page 209: ...ity gateways have their own subnet and the Site to Site tunnel scenario is used Site means a subnet of client hosts Scenario Description Both Initiator and Responder of IPSec tunnel must have a Static...

Page 210: ...figuration Path IPSec IKE Phase Negotiation Mode Main Mode X Auth None For Network B at Branch Office Following 5 tables list the parameter configuration for above example diagram of IPSec VPN tunnel...

Page 211: ...se Negotiation Mode Main Mode X Auth None Scenario Operation Procedure In above diagram Network A is in the headquarters and the subnet of its Intranet is 10 0 76 0 24 The security gateway for Network...

Page 212: ...office resources from outside the Dynamic VPN connection can be setup up to meet the requirement These mobile employees are carrying with their notebooks or security supporting gateways outsides and...

Page 213: ...cal Subnet 10 0 76 0 Local Netmask 255 255 255 0 Configuration Path IPSec Authentication Key Management IKE Pre shared Key 12345678 Local ID User Name Network B Configuration Path IPSec IKE Phase Nego...

Page 214: ...ode X Auth None Scenario Operation Procedure In above diagram Network A is in the headquarters and the subnet of its Intranet is 10 0 76 0 24 The security gateway for Network A has the IP address of 1...

Page 215: ...Security Gateway will go over the VPN tunnel That is if a user is operating at a PC that is in the Intranet of remote Business Security Gateway all application packets and private data packets from th...

Page 216: ...c tunnel must have a Static IP or a FQDN for Site to Site scenario Any peer gateway can be worked as an Initiator or a Responder of the IPSec VPN tunnel Two phases IKE and IPSec to negotiate for estab...

Page 217: ...both peers must match each other to complete the authentication process successfully and it is just for an example here In addition Negotiation Mode and X Auth in IKE Phase configuration window shoul...

Page 218: ...erface and 118 18 81 33 for WAN interface Establish an IPSec VPN tunnel with Site to Site scenario by starting from either site So both Intranets of 10 0 75 0 24 and 10 0 76 0 24 can securely communic...

Page 219: ...ed by default Click the Enable box to enable NAT Traversal function Max Concurrent IPSec Tunnels 32 is set by default The Value specified will limit the maximum number of simultaneous IPSec tunnel con...

Page 220: ...s selected by default Select an IPSec tunneling scenario from the dropdown box for your application Select Site to Site Site to Host Host to Site Host to Host or Dynamic VPN With Site to Site or Site...

Page 221: ...ation Protocol from the dropdown box for this IPSec tunnel Available encapsulations are ESP and AH Keep alive 1 Unchecked by default 2 30s is set by default Check the Enable box to enable Keep alive f...

Page 222: ...rname The username may include but can t be all numbers Select FQDN for Local ID and enter the FQDN Select User FQDN for Remote ID and enter the User FQDN Select Key ID for Remote ID and enter the Key...

Page 223: ...Group18 Check Enable box to enable this setting IPSec Phase Window Item Value setting Description Phase2 Key Life Time 1 A Must fill setting 2 28800s is set by default 3 Max 86400s Specify the Phase2...

Page 224: ...y Management section under Authentication configuration window in the previous pages When Manually option is selected for Key Management described in Authentication Configuration Window a series of co...

Page 225: ...On Failover Load Balance Define whether the IPSec tunnel is a failover tunnel function or an always on tunneling Note If this IPSec is a failover tunneling you will need to select the primary IPSec t...

Page 226: ...alphabet or number Remote ID An optional setting Specify the Remote ID for this IPSec tunnel to authenticate Select Key ID for Remote ID and enter the Key ID English alphabet or number Manual Proposa...

Page 227: ...ty levels and remote access levels comparable with typical VPN products Deploy a security gateway for local office and establish a virtual private network with the remote gateway of another office by...

Page 228: ...n window is to enable the PPTP VPN function by checking the Enable box In the Client Server field of the Configuration window choose either Server or Client Choose Server to define the gateway as the...

Page 229: ...the used user name remote IP address the obtained virtual IP address and call ID of all PPTP clients User Account List User Account List lists your defined user accounts that can be accepted by the PP...

Page 230: ...nd requesting the PPTP tunnel connection with its account password PPTP protocol is used for establishing a PPTP VPN tunnel Parameter Setup Example For Network A at HQ Following 3 tables list the para...

Page 231: ...ow shows your defined PPTP clients and their tunnel connection status Only some important information for all tunnels are shown in the list as following diagram Configuration for A PPTP Client Configu...

Page 232: ...PTP tunnel Usually these hosts at PPTP client peer access the Internet directly via the WAN interface of Security Gateway 2 Only the packets whose destination is in the dedicated subnet to Network A w...

Page 233: ...teway Remote Subnet Default Gateway Authentication Protocol MS CHAP MPPE Encryption Enable Tunnel Enable Scenario Operation Procedure In above diagram Network A is in the headquarters and the subnet o...

Page 234: ...you proceed ensure that the VPN is enabled and saved To enable VPN go to Advanced Network VPN Configuration tab Enabling PPTP Go to Advanced Network VPN PPTP tab Enable PPTP Window Item Value setting...

Page 235: ...his is the PPTP server s Virtual IP DHCP server User can specify the first IP address for the subnet from which the PPTP client s IP address will be assigned IP Pool Ending Address 1 A Must fill setti...

Page 236: ...ounts for remote clients to establish PPTP VPN connection to the gateway device Click Add button to add user account Enter User name and password Then check the enable box to enable the user Click Sav...

Page 237: ...er tunneling you will need to select a primary IPSec tunnel from which to failover to Load Balance Define whether the PPTP tunnel connection will take part in load balance function of the gateway You...

Page 238: ...l setting Specify whether PPTP server supports MPPE Protocol Click the Enable box to enable MPPE Note when MPPE Encryption is enabled the Authentication Protocol PAP CHAP options will not be available...

Page 239: ...ng L2TP tunneling So all client hosts behind local security gateway can make data communication with others behind remote gateway Or when you are a mobile user with your notebook or carrying along a s...

Page 240: ...ent Choose Server to define the gateway as the L2TP VPN server for remote clients to initiate the connection to establish VPN tunnels Or choose Client to create multiple L2TP VPN clients to establish...

Page 241: ...ncluding the used user name remote IP address the obtained virtual IP address and call ID of all L2TP clients User Account List User Account List lists your defined user accounts that can be accepted...

Page 242: ...maintain a Client list account password The Client may be a mobile user or mobile site and requesting the L2TP tunnel connection with its account password L2TP protocol is used for establishing an L2T...

Page 243: ...Client option in the L2TP Configuration window And make its related configuration in following sections L2TP Client Configuration L2TP Client Configuration window can let you enable the L2TP client f...

Page 244: ...tunnel is established by the L2TP client making the tunnel connection request initiation and the Security Gateway 1 in Network A of headquarters serves as the L2TP VPN server responding to the reques...

Page 245: ...etermines how the Internet traffic from L2TP client site is handled The L2TP over IPSec is usually used for BYOD devices to establish a secure VPN tunnel between mobile employees and company office Pa...

Page 246: ...User 1 user account to dial in the L2TP server at HQ for establishing a L2TP VPN tunnel So both Intranets of 10 0 75 0 24 and 10 0 76 0 24 can securely communicate each other Finally the client hosts...

Page 247: ...It will enable L2TP over IPSec and need to fill in the Pre shared Key Server Virtual IP A Must filled setting Specify the L2TP server Virtual IP It will set as this L2TP server local virtual IP IP Po...

Page 248: ...Undo N A Click the Undo button to recovery the configuration L2TP Server Status Item Value setting Description L2TP Server Status N A Show the L2TP client information which connect to this L2TP serve...

Page 249: ...Server a series L2TP Client Configuration will appear L2TP Client Configuration Item Setting Value setting Description L2TP Client The box is unchecked by default When click the Enable box It will ac...

Page 250: ...Must filled setting Specify the Remote LNS IP FQDN for this L2TP tunnel Fill in the IP address or FQDN Remote LNS Port A Must filled setting Specify the Remote LNS Port for this L2TP tunnel Fill in t...

Page 251: ...nable box It will enable NAT for this L2TP tunnel LCP Echo Type A Must filled setting Specify the LCP Echo Type for this L2TP tunnel Select Auto Auto setting the Interval and Max Failure Time Selected...

Page 252: ...rters supports the GRE tunneling function Then local security gateway can establish a GRE VPN tunnel with remote gateway in headquarters Client hosts in these both Intranets of branch office and headq...

Page 253: ...rs and the one in branch office as an example fo following description GRE Tunnel at HQ Peer Scenario Application Timing Above diagram illustrates the security gateway in headquarters playing the GRE...

Page 254: ...nel IP 203 95 80 22 Remote IP 118 18 81 33 Key 1234 TTL 255 Default Gateway Remote Subnet Remote Subnet 10 0 75 0 24 Tunnel Enable Scenario Operation Procedure In above diagram Network A is in the hea...

Page 255: ...o all packets are delivered via the GRE tunnel as shown in the diagram by configuring the GRE tunnel is the default gateway at GRE client peer the Internet accessing packets will be also sent to the S...

Page 256: ...or Network A has the IP address of 10 0 76 2 for LAN interface and 203 95 80 22 for WAN interface It serves as a GRE server However Network B is in the branch office and the subnet of its Intranet is...

Page 257: ...PN go to Advanced Network VPN Configuration tab Enabling GRE Go to Advanced Network VPN GRE tab Enable GRE Window Item Value setting Description GRE Unchecked by default Click the Enable box to enable...

Page 258: ...Always On Failover Load Balance Failover Always Define whether the GRE tunnel is a failover tunnel function or an Always on tunnel Note If this GRE is a failover tunneling you will need to select a pr...

Page 259: ...0 0 2 24 DMVPN Spoke Unchecked by default Specify whether the gateway will support DMVPN Spoke for this GRE tunnel Check Enable box to enable DMVPN Spoke GRE Pre shared Key 1 Unchecked by default 2 P...

Page 260: ...te for every client using signature and Certificate authority It uses the OpenSSL encryption library extensively as well as the SSLv3 TLSv1 protocol and contains many security and control features Dep...

Page 261: ...Modbus Cellular Gateway Index skipping is used to reserve slots for new function insertion when required 261...

Page 262: ...another role Above diagram is the server role configuration and following diagram shows the client role configuration To configure OpenVPN Server or Client role for the security gateway as follows Con...

Page 263: ...ble the OpenVPN server function specify the virtual IP address of OpenVPN server define the pool of virtual IP addresses that will assign to remote OpenVPN clients dialing in the security gateway and...

Page 264: ...nel Parameter Setup Example For Network A at HQ Following below tables list the parameter configuration for above example diagram of OpenVPN server in Network A Use default value for those parameters...

Page 265: ...arting from the OpenVPN client site So hosts in Network B can access hosts or servers in Network A But can t access from Network A to Network B To communicate each other securely between Intranets of...

Page 266: ...266 Configuration for An OpenVPN Client Configuration for An OpenVPN Client window let you specify the required parameters for an OpenVPN VPN client such as OpenVPN Client Name Interface Protocol Por...

Page 267: ...also controlled by the Security Gateway 1 the OpenVPN VPN server Scenario Description OpenVPN Tunneling is a Client and Server based tunneling technology The OpenVPN Server must have a Static IP or a...

Page 268: ...n access hosts or servers in Network A But can t access from Network A to Network B However if the Default Gateway Remote Subnet parameter in the Security Gateway 2 is configured to Default Gateway th...

Page 269: ...A Must filled setting By default 443 is set Specify the Port for the OpenVPN Server to use Tunnel Device A Must filled setting By default TUN is selected Specify the Tunnel Device for the OpenVPN Ser...

Page 270: ...ailable only when TAP is be chose in Tunnel Device IP Pool A Must filled setting Specify the OpenVPN server virtual IP pool Starting Address It will set as the starting IP which assign to OpenVPN clie...

Page 271: ...vailable only when TLS is be chose in Authorization Mode Redirect Default Gateway The box is checked by default Specify the OpenVPN server Redirect Default Gateway Client to Client The box is checked...

Page 272: ...ntify it in the tunnel list Interface A Must filled setting Define the selected interface to be the used for this OpenVPN Client tunnel Select WAN 1 for this OpenVPN Client tunnel by default Protocol...

Page 273: ...ificate Refer to Advanced Network Certificate My Certificates Local Endpoint IP Address A Must filled setting Specify the Local Endpoint IP Address Note_1 Local Endpoint IP Address will be available o...

Page 274: ...y Optional String format any text Specify the OpenVPN client TLS Auth Key Note_1 TLS Auth Key will be available only when TLS is be chose in Authorization Mode User Name Optional String format any tex...

Page 275: ...ox is unchecked by default Specify the OpenVPN client Tunnel UDP MSS Fix Note_1 Tunnel UDP MSS Fix will be available only when UDP is be chose in Protocol nsCertType Verification The box is unchecked...

Page 276: ...er or switch fails This increases the availability and reliability of routing paths via automatic default gateway selections on an IP network The protocol achieves this by creation of virtual routers...

Page 277: ...le connection to the Internet administrator can setup a group of VRRP redundant gateways as the enterprise entry gateway Each member gateway connects to different ISP for a redundant connection to the...

Page 278: ...erver IP Address 10 0 75 200 Scenario Operation Procedure In above diagram the Master Gateway and the Backup Gateway are the redundant gateway group of Network A and the subnet of its Intranet is 10 0...

Page 279: ...ring Format 2 A Must filled setting Define the Virtual Server ID on VRRP of the router The value range is from 1 to 255 Priority of Virtual Server 1 Numberic String Format 2 A Must filled setting Defi...

Page 280: ...his gateway device As a bidirectional SOAP HTTP based protocol it provides the communication between customer premises equipment CPE and Auto Configuration Servers ACS The Security Gateway is such CPE...

Page 281: ...erver to manage remote gateways geographically distributed elsewhere in the world the gateways in all branch offices must have an embedded TR 069 agent to communicate with the ACS server So that the A...

Page 282: ...nternet The Gateway 1 is one of them and has 118 18 81 33 IP address for its WAN 1 interface When all remote gateways have booted up they will try to connect to the ACS server Once the connections are...

Page 283: ...CS manager provide ACS password and manually set ConnectionRequest Port A Must filled setting You can ask ACS manager provide ACS ConnectionRequest Port and manually set ConnectionRequest Username A M...

Page 284: ...modifying and applying a new configuration through remote modification of these variables The variables accessible via SNMP are organized in hierarchies These hierarchies and other metadata such as ty...

Page 285: ...window provides 5 records of user privacy definition for user authentication and data hashing and encryption In SNMPv3 SNMP protocol supports user privacy feature additionally By referring to above se...

Page 286: ...faces are connected together by using a switch or a router with UDP forwarding If you want to manage some devices and they all have supported SNMP protocol use either one application scenario especial...

Page 287: ...rver can manage multiple devices in the Intranet or a UDP reachable network The Gateway 1 is one of the managed devices and it has the IP address of 10 0 75 2 for LAN interface and 118 18 81 33 for WA...

Page 288: ...Versions 1 The v1 box is checked by default 2 The v2c box is checked by default Select the version for the SNMP When Check the v1 box It means you can access SNMP by version 1 When Check the v2c box...

Page 289: ...2 A Must filled setting 3 String format any text Specify this version 1 or version v2c user s community that will be allowed Read Only GET and GETNEXT or Read Write GET GETNEXT and SET access respect...

Page 290: ...ur Privacy Mode is authNoPriv or authPriv you must specify the Password for this version 3 user The minimum length of the password is 8 The maximum length of the password is 64 Authentication 1 None i...

Page 291: ...stricts access for this version 3 user to the subtree rooted at the given OID The range of the each OID number is 1 2080768 Enable 1 The box is checked by default Click Enable to enable this version 3...

Page 292: ...alue setting Description Server IP 1 A Must filled setting 2 String format any Ipv4 address Specify the trap Server IP The DUT will send trap to the server IP Server Port 1 String format any port numb...

Page 293: ...types and encryption protocols Selected the authNoPriv You must specify the Authentication and Password Selected the authPriv You must specify the Authentication Password Encryption and Privacy Key Au...

Page 294: ...23 AMIT Enterprise Number 2 A Must filled setting 3 String format any number Specify the Enterprise Number for the particular private mib The range of the enterprise number is 1 2080768 Enterprise OID...

Page 295: ...es are generally easier to automate via scripting The device supports both Telnet and SSH CLI with default service port 2300 and 22 respectively And it also accepts commands from both LAN and WAN side...

Page 296: ...using Telnet or SSH utility with privileged user name and password The data packets between the Local Admin and the Gateway or between the Remote Admin and the Gateway can be plain texts or encrypted...

Page 297: ...ternet uses SSH utility with privileged account Usually root and the same password as the one to login Web UI to login the Gateway The administrator of the gateway can control the device as like he is...

Page 298: ...o peer networks multiplayer gaming and remote assistance programs need a way to communicate through home and business gateways Without IGD one has to manually configure the gateway to allow traffic th...

Page 299: ...th UPnP Configuration UPnP Enable Scenario Operation Procedure In above diagram the NAT Gateway is the gateway of Network A and the subnet of its Intranet is 10 0 75 0 24 It has the IP address of 10 0...

Page 300: ...for networked devices to discover each other s presence and establish functional network services Go to Advanced Network System Management UPnP UPnP Configuration Item Name Value Setting Description...

Page 301: ...rges customers to issue certificates for them In a web of trust scheme the signer is either the key s owner a self signed certificate or other users endorsements whom the person examining the certific...

Page 302: ...ry where your organization is located State ST is the state where your organization is located Location L is the location where your organization is located Organization O is the name of your organiza...

Page 303: ...My Certificates function The Root CA window can let you generate or delete the certificate of root CA Root CA Configuration window can let you fill required information necessary for generating the ro...

Page 304: ...Scenario Scenario Application Timing When the enterprise gateway owns the root CA and VPN tunneling function it can generate its own local certificates by being signed by itself or import any local c...

Page 305: ...ers that are not mentioned in the tables Configuration Path My Certificates Root CA Certificate Configuration Name HQRootCA Key Key Type RSA Key Length 1024 bits Subject Name Country C TW State ST Tai...

Page 306: ...llowing two sections to complete the whole user scenario Use default value for those parameters that are not mentioned in the tables Configuration Path My Certificates Local Certificate Configuration...

Page 307: ...cal certificate HQCRT that is signed by itself Import the certificates of the root CA and HQCRT into the Trusted CA Certificate List and Trusted Client Certificate List of Gateway 2 Gateway 2 generate...

Page 308: ...is located Location L is the location where your organization is located Organization O is the name of your organization Organization Unit OU is the name of your organization unit Common Name CN is th...

Page 309: ...certificates When Import button is applied Import screen will appear Import Item Value setting Description Import A Must filled setting It could select a certificate file from user s computer for imp...

Page 310: ...e Trusted CA Certificate Import from a PEM window that can let you copy the contents of dedicated CA certificate and paste them in the window to be a trusted one for the gateway Similarly the Trusted...

Page 311: ...s a trusted one In addition you can delete used ones by checking the Select box of those certificates and clicking on the Delete button The View button allows you to view the contents of the dedicated...

Page 312: ...be the BranchCRT certificate Import the certificate into the Gateway 2 as a local certificate In addition also imports the certificates of the root CA of Gateway 1 into the Gateway 2 as the trusted o...

Page 313: ...Network A in headquarters and the subnet of its Intranet is 10 0 76 0 24 It has the IP address of 10 0 76 2 for LAN interface and 203 95 80 22 for WAN 1 interface The Gateway 2 is the gateway of Netwo...

Page 314: ...em encoded to DUT Apply N A Click the Apply button to import certificate Cancel N A When the Cancel button is clicked the screen will return to the Trusted Certificates page When Get CA button is appl...

Page 315: ...ted Certificates When Import button is applied Trusted Client import screen will appear Trusted Client Certificate List Item Value setting Description Import A Must filled setting It could select a ce...

Page 316: ...ll generates the certificate based on the dedicated CSR by clicking on the Sign button in the window Certainly only the gateway be the root CA and it can sign the requests to certify Another approach...

Page 317: ...rom a PEM Copy the contents of one CSR in PEM format to this window and use Sign button to generate corresponding certificate based on the pasted CSR contents The Signed Certificate View window will d...

Page 318: ...root CA of Gateway 1 Gateway 2 creates a CSR BranchCSR to let the root CA of the Gateway 1 sign it to be the BranchCRT certificate Import the certificate into the Gateway 2 as a local certificate In...

Page 319: ...NAT security gateways Gateway 1 generates the root CA and a local certificate HQCRT that is signed by itself Import the certificates of the root CA and HQCRT into the Trusted CA Certificate List and...

Page 320: ...alue setting Description Certificate Signing Request CSR Import from a File A Must filled setting It could select a certificate signing request file from user s computer for importing to DUT Certifica...

Page 321: ...irst In Port Configuration page there is only one configuration window for the serial port settings The Configuration window can let you specify serial port parameters including the operation mode bei...

Page 322: ...IP based network Baud Rate 19200 is set by default Select the appropriate baud rate for serial device communication RS 232 9600 19200 38400 57600 115200 RS 485 9600 19200 38400 57600 115200 230400 460...

Page 323: ...there are three more configuration parameters need to specify They are the connection control the connection idle timeout and the alive check timeout In the TCP Client mode there is another Legal IP...

Page 324: ...rusted IP Definition window can let you define four hosts as TCP clients to connect to the gateway by using their IP addresses if the trust type is Specific IP These operation modes are illustrated as...

Page 325: ...erial device and the gateway has a 3G LTE WAN interface to connect to the Internet A remote Internet host computer whose IP address is 140 116 82 98 has a management system in it to process the serial...

Page 326: ...ue for those parameters that are not mentioned in the tables Configuration Path Virtual COM Configuration Operation Mode TCP Server Listen Port 4001 WAN Interface All WANs Trust Type Specific IP Max C...

Page 327: ...omputers to connect to the serial device via the gateway Scenario Description Internet Host Computer is the trusted one in the IOG Gateway for communicating UDP data with the serial device Parameter S...

Page 328: ...irtual COM Setting Virtual COM setting screen enables user to connect a Virtual COM port based device to the Internet It allows user to access serial data remotely There are TCP Client TCP Server UDP...

Page 329: ...ed in the Connection Control field Alive Check Timeout 0 is set by default Input the time period of alive check timeout The TCP connection will be terminated if it doesn t receive response of alive ch...

Page 330: ...en Port 4001 is set by default Indicate the listening port of TCP connection Trust Type Allow All is set by default Choose Allow All to allow any TCP clients to connect Otherwise choose Specific IP to...

Page 331: ...31 Specify TCP Clients for TCP Server Access Specify TCP Clients Window Item Value setting Description Host A Must filled setting Enter the IP address range of allowed TCP clients Enable The box is un...

Page 332: ...ssage display applications Enable UDP Mode Window Item Value setting Description Operation Mode A Must filled setting Select UDP mode Listen Port 4001 is set by default Indicate the listening port of...

Page 333: ...ning port of RFC 2217 connection Trust Type Allow All is set by default Choose Allow All to allow any clients to connect Otherwise choose Specific IP to limit certain clients Connection Idle Timeout 0...

Page 334: ...riginal serial based protocols In order to integrate Modbus networks the IoT Gateway including a serial port that support RS 232 and RS 485 communication interface can automatically and intelligently...

Page 335: ...me parameters including the Slave ID the Ethernet or Serial type of interface and the serial protocol if Serial interface is chosen The third window Modbus TCP Configuration can let you specify relate...

Page 336: ...hat attached to the IoT Gateway the Modbus gateway And IoT Gateway executes corresponding processes and replies the Modbus TCP Master with the results Scenario Description The IoT Gateway serves as th...

Page 337: ...n ID 1 Source IP 203 95 80 22 203 95 80 29 Enable Configuration Path Modbus Modbus Priority Priority 1 2 Settings IP Address 203 95 80 22 IP Address 203 95 80 23 Enable Enable Enable Scenario Operatio...

Page 338: ...ants to configure the gateway to be a Modbus TCP Slave for receiving requests from remote Modbus TCP Master executing some actions and making responses then the scenario is adequate for the applicatio...

Page 339: ...T Gateway for delivering Modbus commands and responses During normal operating the Modbus TCP Master sends requests to the IoT Gateway for obtaining information from or controlling to it via the gener...

Page 340: ...egacy Modbus Slave Device Mode the AMIT gateway would act as a standalone Modbus slave role in a Modbus network Gateway information can be requested by the existed SCADA network for Modbus device Mana...

Page 341: ...in ms is set by default This sets the response timeout of the slave after master request sent If the slave does not response within the specified time data would be discarded This applies to the seria...

Page 342: ...uld insert a Tx delay between Master requests The delay gives sufficient time for the slave devices to turn their transmitters off and their receivers back on Save N A Click the Save button to save th...

Page 343: ...E g SPort 1 Serial Mode Slave is set by default Select Master Serial Protocol RTU is set by default Select RTU or ASCII Then Click Save to save the setting Enable N A It displays whether it is enable...

Page 344: ...able ensure that you have Master option selected in the Modbus Serial Definition sub screen and save the setting Remote Slave Unchecked by default Check Enable box to enable this rule Save N A Click S...

Page 345: ...server listening port number to receive TCP client s Modbus Server side session connection request and other required parameters The TCP Connection Configuration screen also allows user to specify aut...

Page 346: ...ble this rule Save N A Click the Save button to save the settings Legacy Modbus Slave Device Mode Single Mode This setting sets up the AMIT Gateway as a standalone Modbus Slave Device As a Modbus slav...

Page 347: ...the Modbus device operator to set up the AMIT gateway of the attached Modbus Slave to listen for the server request that is coming from the TCP Client s connection request on the specified TCP port B...

Page 348: ...Description Source IP A Must fill setting Select Specific IP Address to only allow an IP address of the allowed Master to access the attached Slave s Select IP Range to only allow a set range of IP a...

Page 349: ...ponse to Modbus master device s data acquisition The data logging function can save all communicate data into several CSV format files automatically and user can define how to split and storage those...

Page 350: ...ction insertion when required 350 Data Logging Files Download All the data acquired from local modbus device can be downloaded through FTP and WEB UI admin user can get the resulting data over the int...

Page 351: ...messaging service component of phone Web or mobile communication systems It uses standardized communications protocols to allow fixed line or mobile phone devices to exchange short text messages 13 S...

Page 352: ...shows all your defined altering rules for SMS messages like auto forwarding messages to another mobile phone set message forwarding by email and message forwarding by syslog By using the third window...

Page 353: ...k Save to save the settings SMS Summary Show Unread SMS Received SMS Remaining SMS and edit SMS context to send read SMS from SIM card SMS Summary Item Value setting Description Unread SMS N A If SIM...

Page 354: ...t will show Send Failed Send N A Click Send button SMS will send SMS Inbox List User can read or delete SMS reply SMS or forward SMS from this screen SMS Inbox List Item Value setting Description ID N...

Page 355: ...SSD messages create a real time connection during an USSD session The connection remains open allowing a two way exchange of a sequence of data This makes USSD more responsive than services that use S...

Page 356: ...ith the USSD server by sending USSD commands and getting USSD responses via the voice gateway An USSD Session Scenario Scenario Application Timing When the administrator wants to uses the Voice Gatewa...

Page 357: ...setting with command 135 for further use In the USSD Request window from the USSD Profile dropdown box select the roaming setting profile and the USSD Command field shows 135 Click on the Send button...

Page 358: ...ey in USSD Command N A The USSD command that user can key in Comments N A The Comments is this profile comment USSD Request When send the USSD command the USSD Response screen will appear When click t...

Page 359: ...ng normal operation In Network Scan page there are two windows for the Network Scan function The Configuration window can let you select which 3G 4G module physical interface is used to perform Networ...

Page 360: ...by default The Band List s options depend on module and user need to select option at least one for all network type Scan Approach The box is Auto by default When Auto selected cellular module registe...

Page 361: ...with the gateway via the SMS system Only these phones can SMS control the gateway Furthermore the SMS messages can be removed after being processed by the system to clear up the memory to receive mor...

Page 362: ...y the SMS messaging access control From which phone number the gateway will receive the management SMS messages or to which phone the gateway can issue the notification SMS messages A SMS based Remote...

Page 363: ...Enable Configuration Path Remote Management Specific Phone Number Definition ID 1 Phone Number 8869116xxxxx Granted Functions Management Notification Enable Scenario Operation Procedure In above diagr...

Page 364: ...Configuration Item Value setting Description SMS Remote Management The box is unchecked by default Check the Enable box to activate SMS Remote Management function Managing Events The box is unchecked...

Page 365: ...event SMS after it has been processed Delete All Received SMS N A Press the Active button to delete all the received SMS Security Key The box is unchecked by default Click the Enable box to enable th...

Page 366: ...t SMS Account Definition Item Value setting Description Phone Number 1 Mobile telephone numbers format 2 A Must filled setting Specify the phone number that will issuing the SMS as the account identif...

Page 367: ...dbus Definition to specify Modbus Event Handlers All box is unchecked by default Specify the related Handlers for the managing event Select Power Checkbox and select the handlers you want to specify P...

Page 368: ...lect DO and select profile from Digital Output DO Profile List to specify the DO Response Select SMS to specify the SMS Response Select SNMP Trap to specify the SNMP Trap Response Select Modbus and se...

Page 369: ...nt condition to specify WiFi Event Select Client Server Proxy and select the event condition to specify Client Server Proxy Event Select System Related and the event condition to specify System Relate...

Page 370: ...of web hosts some gateways can whitelist TCP ports The MAC address of attached clients can also be set to bypass the login process This technique has occasionally been referred to as UAM Universal Acc...

Page 371: ...Server from the pre defined external server object list Internal Captive Portal Before enabling internal Captive Portal function please go to System External Servers to define some external server ob...

Page 372: ...as an example for Internal Captive Portal function as shown in above diagram Use default value for those parameters that are not mentioned in the tables Configuration Path DHCP Server DHCP Server Con...

Page 373: ...wser The gateway checks out that the Internet surfing request comes from the Guest group and the client host in the Guest group hasn t been authenticated by the gateway So the gateway redirects the re...

Page 374: ...ed to specify Authentication Server and login page can be edited in Customize login page Customize login page N A The Download Default CSS and Logo button can download the default CSS file and Logo of...

Page 375: ...o specify and enable uam server The uam server can be added by pressing AddObject button directly or added in System External Servers External Servers tab Note UAM Server is available when External in...

Page 376: ...firmware upgrades Email alert and system log Go to System System Related tab Change Password Change password screen allows network administrator to change the web based utility login password to acces...

Page 377: ...onnection is currently being used The display also shows the current System time It is particularly useful when firmware has been upgraded and system configuration file has been loaded Go to System Sy...

Page 378: ...ve slots for new function insertion when required 378 System Status System Status screen contains various event log tools facilitating network administrator to perform local event logging and remote r...

Page 379: ...r analysis View Email Log History Item Value setting Description View button N A Click on the View button to view Log History in Web Log List Window Email Now button N A Click on the Email Now button...

Page 380: ...trator to select the type of event to log and be displayed in the Web Log List Window as described in the previous section Click on the View button to view Log History in the Web Log List window Web L...

Page 381: ...er the recipient s Email account Separate Email accounts with comma or semicolon Enter the Email account in the format of myemail domain com Subject String any text Enter an Email subject that is easy...

Page 382: ...enu Select one syslog server from the Server dropdown box to sent event log to If none has been available press Add Object button to create a syslog server Log type category Default unchecked Select t...

Page 383: ...t Device Internal is selected by default Select internal or external storage Log file name Default unchecked Set file name to save logs in storage Split file Enable Default unchecked Check to enable s...

Page 384: ...iven the file name by default is Interface _ Date _ index Define the output filename If left blank the device automatically assigns a name in the format of File Name _ index pcap Split Files 1 Optiona...

Page 385: ...ting but a retrieve of what was saved in the memory Capture Filters Capture Filters let user can setup rules to filter packets That means Packet Analyzer will only capture packets which match rules Ca...

Page 386: ...en match one of the rules Destination MACs Optional setting Define the filter rule with Destination MACs which means the destination MAC address of packets Packets which match rules will be captured M...

Page 387: ...hedule rules which can be applied to other functionality Go to System Scheduling Schedule Settings Button description Item Value setting Description Add N A Click the Add button to configure time sche...

Page 388: ...tivate activate the function been applied to in the time period below Time Period Definition Item Value Setting Description Week Day Select from menu Select everyday or one of weekday Start Time Time...

Page 389: ...ration screen will appear Host Group Configuration Item Value setting Description Group Name 1 String format can be any text 2 A Must filled setting Enter a group rule name Enter a name that is easy f...

Page 390: ...Configuration screen will appear File Extension Group Configuration Item Value setting Description Group Name 1 String format can be any text 2 A Must filled setting Enter a group rule name Enter a na...

Page 391: ...ames about compression can be added Include ace ari bzip2 bz2 cab gz gzip rar sit and zip When Execution is selected there are total eight file extension names about execution can be added Include bas...

Page 392: ...Aliww When P2P is selected there are total seven P2P application can be added Include BT eDonkey eMule Shareaza HTTP Multiple Thread Download Thunder Baofeng When Proxy is selected there are three pr...

Page 393: ...format any text Then check Enable box to add this server Syslog Server A Must filled setting When Syslog Server is selected it means the option External Servers is set Syslog Server Server Port will...

Page 394: ...et String format any text N AS Gateway ID String format any text Location ID String format any text Location Name String format any text Then check Enable box to add this server TACACS Server A Must f...

Page 395: ...as elapsed The setting allows administrator to enable automatic logout and set the logout idle time When the Time out is disabled the system will not logout the administrator automatically Go to Syste...

Reviews:

No comments

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands