Proroute GEM420 Page 126 User Manual Download

Page: 126 / 166

Proroute GEM420 4G M2M Router

GEM420 User Manual

126

Negotiation Mode:

Choose Main Mode or Aggressive Mode:

Main Mode provides identity protection by authenticating peer identities when

pre-shared keys are used. The IKE SA’s are used to protect the security

negotiations. Aggressive mode will accelerate the establishing speed of VPN

tunnel, but the device will suffer from less security in the meanwhile. Hosts in

both ends of the tunnel must support this mode so as to establish the tunnel

properly.

X-Auth:

For the extended authentication function (XAUTH), the VPN client (or

initiator) needs to provide additional user information to the remote VPN server

(or Business Security Gateway). The VPN server would reject the connect

request from VPN clients because of invalid user information, even though the

pre-shared key is correct. This function is suitable for remote mobile VPN clients.

You can not only configure a VPN rule with a pre-shared key for all remote users,

but you can also designate account / password for specific users that are

permitted to establish VPN connection with VPN server. There are 3 roles to let

Business Security Gateway behave as for X-Auth authentication, including None,

Server and Client. For None role, there is no X-Auth authentication happens

during VPN tunnel establishing. For Server role, click “X-Auth Account” button to

modify 10 user accounts for user validation during tunnel establishing to VPN

server. Finally, for Client role, there are two additional parameters to fill: “User

Name” and “Password” for valid user to initiate that tunnel.

Dead Peer Detection:

This feature will detect if remote VPN peer still exists.

Delay indicates the interval between detections, and Timeout indicates the

timeout of detected to be dead.

Phase 1 Key Life Time

: The value of life time represents the life time of the key

which is dedicated at Phase 1 between both end gateways.

3.2.3.1.8 IKE Proposal Definition

Summary of Contents for GEM420

Page 1: ...User Manual GEM420 4G M2M Router ...

Page 2: ...2 1 4 Connecting to the Network or a Host 14 2 2 EASY SETUP BY CONFIGURING WEB UI 15 2 2 1 Wizard 15 2 2 2 Status 23 CHAPTER 3 MAKING CONFIGURATIONS 28 3 1 BASIC NETWORK 30 3 1 1 WAN Setup 31 3 1 1 1 Physical Interface 32 3 1 1 2 Internet Setup 34 3 1 1 2 1 3G 4G WAN 3G 4G 34 3 1 1 2 2 Ethernet WAN 38 3 1 1 3 Load Balance 51 3 1 2 LAN VLAN Setup 53 3 1 2 1 Ethernet LAN 54 3 1 2 2 VLAN 55 3 1 2 2 1...

Page 3: ...l AP ALG 88 3 1 5 3 DMZ 89 3 1 6 Routing Setup 90 3 1 6 1 Static Routing 90 3 1 6 2 Dynamic Routing 91 3 1 6 3 Routing Information 94 3 1 7 Client Server Proxy 95 3 1 7 1 Dynamic DNS 95 3 1 7 2 DHCP Server 96 3 2 ADVANCED NETWORK 99 3 2 1 Firewall 100 3 2 1 1 Configuration 100 3 2 1 2 Packet Filters 100 3 2 1 2 1 Configuration 101 3 2 1 2 2 Packet Filter List 101 3 2 1 2 3 Packet Filter Rule Confi...

Page 4: ...1 IPSec 121 3 2 3 1 1 IPSec VPN Tunnel Scenarios 121 3 2 3 1 2 IPSec Configuration 123 3 2 3 1 3 Tunnel List Status 124 3 2 3 1 4 Local Remote Configuration 124 3 2 3 1 6 Authentication 125 3 2 3 1 7 IKE Phase 125 3 2 3 1 8 IKE Proposal Definition 126 3 2 3 1 9 IPSec Phase 127 3 2 3 1 10 IPSec Proposal Definition 127 3 2 3 1 11 Manual Proposal 128 3 2 3 2 PPTP 128 3 2 3 2 1 PPTP L2TP VPN Tunnel Sc...

Page 5: ...141 3 2 4 1 VRRP 141 3 2 5 System Management 142 3 2 5 1 TR 069 142 3 2 5 2 SNMP 143 3 2 5 3 Telnet with CLI 145 3 2 5 4 UPnP 146 3 3 APPLICATIONS 146 3 3 1 Mobile Application 147 3 3 1 1 SMS 147 3 3 1 2 USSD 149 3 3 1 3 Network Scan 150 3 3 1 4 Remote Management 151 3 3 2 Captive Portal 154 3 3 2 1 Captive Portal Configuration 154 3 4 SYSTEM 156 3 4 1 System Related 156 3 4 1 1 Change Password 15...

Page 6: ...Proroute GEM420 4G M2M Router GEM420 User Manual 6 ADDITIONAL INFORMATION ERROR BOOKMARK NOT DEFINED ...

Page 7: ...s for NFC or GPS applications This GEM420 series product is loaded with essential security features including VPN firewall NAT port forwarding DHCP server and many other powerful features for complex and demanding business and M2M Machine to Machine applications The redundancy design in fallback 9 48 VDC power terminal dual SIM cards and VRRP function makes the device as a back up in power network...

Page 8: ...ms Description Contents Quantity 1 GEM420AM Cellular M2M Gateway 1pcs 2 Cellular Antenna 2pcs 3 WiFi Antenna 2pcs 4 Power Adapter DC 12V 2A 1pcs 5 DC Jack Converter 1pcs 6 RJ45 Cable 1pcs 7 Console Cable 1pcs 8 CD Manual 1pcs 9 Wall Mount Kits 2pcs 10 DIN Rail Bracket 1pcs ...

Page 9: ...stem An installed Ethernet adapter Browser Requirements Internet Explorer 6 0 or higher Chrome 2 0 or higher Firefox 3 0 or higher Safari 3 0 or higher Do not use the product in high humidity or high temperatures Only use the power adapter that comes with the package Using a different voltage rating power adaptor is dangerous and may damage the product Do not open or repair the case yourself If th...

Page 10: ...ick and easy way to resort the default setting Press the RESET button continuously for 6 seconds and then release it The device will restore to factory default settings Reset Button USB Port LED Indicators Auto MDI MDIX RJ 45 Ports 4x FE LAN to connect local devices Cellular Antenna Cellular Antenna Console Port SIM B Slot SIM A Slot ...

Page 11: ...Proroute GEM420 4G M2M Router GEM420 User Manual 11 Power Terminal Block 2 4G WiFi Antenna 2 4G WiFi Antenna PWR1 GND PWR2 GND ...

Page 12: ... Steady ON SIM card B is chosen for connection LAN 1 LAN 4 Green Steady ON Ethernet connection of LAN is established Flash Data packets are transferred High Cellular Signal Green Steady ON The signal strength of Cellular is strong Low Cellular Signal Green Steady ON The signal strength of Cellular is weak USB Green Steady ON If USB 3G dongle is attached 1 If both of power source 1 and power source...

Page 13: ... product when out of factory Please screw the wall mount kits and DIN rail bracket on the product first 2 1 2 Insert the SIM Card WARNNING BEFORE INSERTING OR CHANGING THE SIM CARD PLEASE MAKE SURE THAT POWER OF THE DEVICE IS SWITCHED OFF The SIM card slots are located at the bottom side of GEM420 housing in order to protect the SIM card You need to unscrew and remove the outer SIM card cover befo...

Page 14: ...quirements and polarity There are a DC converter and a DC12V 2A power adapter in the package for you to easily connect DC power adapter to this terminal block 2 1 4 Connecting to the Network or a Host The GEM420 series provides four RJ 45 ports to connect 10 100Mbps Ethernet It can 3 If both of power source 1 and power source 2 are connected the device will choose power source 1 first If power out...

Page 15: ...Configuring WEB UI You can browse web UI to configure the device First you need to launch the Setup Wizard browser and then the Setup Wizard will guide you step by step to finish the setup process Browse and Activate the Setup Wizard Type in the IP Address http 192 168 123 254 4 When you see the login page type the password admin 5 and then click login button After login select your language from ...

Page 16: ...ace and WiFi LAN interface Press Next to start the wizard Step 2 Change Password Password Configuration You can change the login password of Web UI here It s strongly recommending you to change this login password from default value Press Next to continue Step 3 Time Zone Time Zone Configuration It will detect your time zone automatically If the result of auto detection is not correct you can pres...

Page 17: ...all IP address that you get from ISP Internet Service Provider manually This option is usually chosen when you get a fixed IP address from ISP Press Next to continue Step 4 2 Ethernet Dynamic IP Address If choosing Ethernet Dynamic IP Address you can input host name or registered MAC address when your ISP requests it In most cases you can leave them as blank and go next This option is usually chos...

Page 18: ... ISP This option is usually chosen when your ISP requests it Press Next to continue Step 4 6 3G 4G If choosing 3G 4G 3G 4G please make sure you have inserted SIM card If not please power off this gateway and insert SIM card first Then you can select Auto Detection to finish dial up profile automatically This option is chosen when you want to connect to Internet through 3G 4G network instead of fix...

Page 19: ...lt setting and go to next step Press Next to continue Step 7 Confirm and Apply Check the new settings again If all information is correct please press Apply button to save new settings Then it will take 65 seconds to restart this gateway and take new settings effective Step 8 Counting Down Configuration is completed Press Finish button to close Setup Wizard and browser counts down for 65 seconds a...

Page 20: ...ere are two options of tunnel scenario can be chosen Site to Site is for two offices to create VPN tunnel Dynamic VPN is for remote users to connect to office For other options please go to Advanced Network VPN to setup Input the required network information and pre shared key for VPN connection For Dynamic VPN you don t need to input network information of remote subnet and remote gateway Press N...

Page 21: ...ame IP FQDN of PPTP server username password authentication and MPPE options Please make sure these settings are accepted by PPTP server Otherwise remote PPTP server will reject the connection Press Next to continue If choosing PPTP Server please select options of authentication and MPPE You also need to create a set of username and password for PPTP clients In this wizard you can only create one ...

Page 22: ...ame IP FQDN of L2TP server username password authentication and MPPE options Please make sure these settings are accepted by L2TP server Otherwise remote L2TP server will reject the connection Press Next to continue If choosing L2TP Server please select options of authentication and MPPE You also need to create a set of username and password for L2TP clients In this wizard you can only create one ...

Page 23: ...atus There are 5 kinds of system status to be shown at this window They are Network Status WiFi Status LAN Client List Firewall Status and VPN Status A Network Status In Network Status page you can review lots information of network status including a connection diagram WAN IPv4 status WAN IPv6 status LAN status and 3G 4G modem status You can also check the device time at the bottom of this page C...

Page 24: ...e connected now WAN Interface IPv4 Network Status Display WAN type IPv4 information MAC information and connection status of multiple WAN interfaces in IPv4 networking Press Edit button if you want to change settings WAN Interface IPv6 Network Status Display WAN type IPv6 information and connection status of multiple WAN interfaces in IPv6 networking Press Edit button if you want to change setting...

Page 25: ...r of transmitted packets and received packets of each WAN interface Device Time Display current time information of device B WiFi Status WiFi Virtual AP List In order to view the basic information of WiFi virtual APs it will display operation band virtual AP ID WiFi activity operation mode SSID channel WiFi system WiFi security approach and MAC address of all virtual APs on status page Besides the...

Page 26: ...f received packets and transmitted packets of all virtual APs on status page Besides there is an additional Reset command button for each virtual AP to clear the traffic statistics C LAN Client List In order to view the connection of current active wired wireless clients it will display LAN interface IP address configuration host name MAC address and remaining lease time of all client devices on s...

Page 27: ... all detected contents of firing activated packet filter rules URL Blocking Display all blocked URLs of firing activated URL blocking rules Web Content Filters Display all detected contents of firing activated Web content filter rules MAC Control Display all blocked MAC addresses of firing activated MAC control rules Application Filters Display all activated rules of application filters IPS Displa...

Page 28: ...PPTP Client Status Display the status of all activated PPTP clients L2TP Server Status Display the status of all activated accounts of L2TP server L2TP Client Status Display the status of all activated L2TP clients Chapter 3 Making Configurations Whenever you want to configure your network or this device you can access the Configuration Menu by opening the web browser and typing in the IP Address ...

Page 29: ... default password admin in the Password and then click Login button After login select your language from the list Afterwards you can go Wizard Basic Network Advanced Network or System respectively on left hand side of web page Note You can see the first screen is located at Status Network Status after you logged in and the screen shows the Network Connection Status below ...

Page 30: ...iFi Status page connected clients at LAN Client List page and other advanced function status at Firewall Status page and VPN Status page 3 1 Basic Network You can enter Basic Network for WAN LAN VLAN WiFi IPv6 NAT Bridging Routing and Client Server Proxy settings as the icon shown here ...

Page 31: ...dongle7 Please plug 3G LTE USB dongle and follow UI setting to setup Ethernet WAN The 1st Ethernet port can be configured as WAN connection Please plug in RJ45 cable from your external DSL modem and follow UI setting to setup 6 The specification of embedded module depends on respective model 7 Please refer to compatibility www gem420 com list to check which 3G or LTE dongles are supported by this ...

Page 32: ...tion mode of this interface is forced to Always on mode and operates as the primary Internet connection You can click on the respective Edit button and configure the rest items for this interface 2 WAN 2 The operation mode of this interface is disabled by default you can click on the respective Edit button to configure 3 WAN 3 The operation mode of this interface is disabled by default you can cli...

Page 33: ...tion is failed If you specified a certain WAN interface as a Failover WAN you have to further identify which WAN interface is to be failover and fallback For some mission critical applications this gateway supports Seamless failover 8 to shorten switch time between WAN interface failover and failback For the example above if WAN 1 connection is broken this gateway will try to failover the Internet...

Page 34: ...ribed 3G LTE data services from mobile operators This gateway can support LTE 3G 2G depends on respective specifications Dynamic IP Address You may choose this WAN type if you connects a cable modem or a fiber VDSL modem for Internet connection The assigned IP address may be different every time Static IP Address If you get a fixed IP address from your ISP PPP over Ethernet As known as PPPoE This ...

Page 35: ...se SIM A card unless SIM B connection is also broken That is SIM A and SIM B are used iteratively but either one will keep being used for data transferring when current connection is still alive In the same way the gateway will try to connect to the Internet by using SIM B card first if choosing SIM B First However when SIM A or SIM B is used that means the specified SIM slot of card is the ONLY o...

Page 36: ...g information for your reference after you select country and service provider If you choose SIM A First or SIM B First for Preferred SIM Card you need to input dial up profile for SIM A and SIM B respectively 2 PIN Code Enter PIN code of SIM card if your SIM card needs it to unlock 3 Dial Number Enter the dialed number that is provided by your ISP 4 Account Password Enter Account Password that is...

Page 37: ...ction status of WAN interface Checking mechanism depends on several parameters defined here The network monitoring provides the WAN interface status and then system can prevent embedded 3G LTE modem from some sort of auto timeout and disconnects from the Internet after a period of inactivity This keep alive feature is also known as Ping Reboot Enable Check the box to do Network Monitoring DNS Quer...

Page 38: ...hreshold Times of failed checking This WAN connection will be recognized as broken if the times of continuous failed keep alive checking equals to this value Target1 Target2 Set host that is used for keep alive checking It can be DNS1 DNS2 default Gateway or other host that you need to input IP address manually 5 IGMP Enable or disable multicast traffics from Internet You may enable as auto mode o...

Page 39: ...Always on this gateway will start to establish Internet connection automatically since it s powered on It s recommended to choose this scheme if for mission critical applications to ensure Internet connection is available all the time If choosing Dial on demand this gateway won t start to establish Internet connection until local data is going to be sent to WAN side After that this gateway will di...

Page 40: ...ere are continuous incoming and outgoing data packets passing through WAN connection Check Interval Indicate how often to send keep alive packet Check Timeout Set allowance of time period to receive response of keep alive packet If this gateway doesn t receive response within this time period this gateway will record this keep alive is failed Latency Threshold Set acceptance of response time This ...

Page 41: ...ovided by your ISP 3 Primary DNS Secondary DNS Input the IP address of primary and secondary DNS server that is provided by your ISP Secondary DNS can be ignored if only one DNS server is provided by your ISP 4 MTU Most ISP offers MTU value to users The default value is 0 auto 5 NAT By default it is enabled If you disable this option there will be no NAT mechanism between LAN side and WAN side 6 N...

Page 42: ...ncy Threshold Set acceptance of response time This gateway will record this keep alive check is failed if the response time of replied packet is longer than this setting Fail Threshold Times of failed checking This WAN connection will be recognized as broken if the times of continuous failed keep alive checking equals to this value Target1 Target2 Set host that is used for keep alive checking It c...

Page 43: ... won t be displayed on web UI 4 Primary DNS Secondary DNS In most cases ISP will assign DNS server automatically after PPPoE connection is established Input the IP address of primary and secondary DNS server manually if required 5 Connection Control Select your connection control scheme from the drop list Auto reconnect Always on Dial on demand or Manually If selecting Auto reconnect Always on thi...

Page 44: ... LAN side and WAN side 9 Network Monitoring You can do preferred settings by using this feature to monitor the connection status of WAN interface Checking mechanism depends on several parameters defined here The network monitoring provides the WAN interface status and then system can prevent embedded 3G LTE modem from some sort of auto timeout and disconnects from the Internet after a period of in...

Page 45: ... is used for keep alive checking It can be DNS1 DNS2 default Gateway or other host that you need to input IP address manually 10 IGMP Enable or disable multicast traffics from Internet You may enable as auto mode or select by IGMP v1 IGMP v2 IGMP v3 or Auto 11 WAN IP Alias In some cases ISP will provide you another fixed IP address for management purpose You can enter that IP address in this field...

Page 46: ...Gateway settings provided by your ISP 3 Server IP Address Name IP address of the PPTP server provided by ISP 4 PPTP Account and Password The account and password your ISP assigned to you Please note the account and password is case sensitive For security concern the password you input won t be displayed on web UI 5 Connection ID Optional input the connection ID if your ISP requires it 6 Connection...

Page 47: ... to see if this feature is supported or not 9 NAT By default it is enabled If you disable this option there will be no NAT mechanism between LAN side and WAN side 10 Network Monitoring You can do preferred settings by using this feature to monitor the connection status of WAN interface Checking mechanism depends on several parameters defined here The network monitoring provides the WAN interface s...

Page 48: ... alive checking equals to this value Target1 Target2 Set host that is used for keep alive checking It can be DNS1 DNS2 default Gateway or other host that you need to input IP address manually 11 IGMP Enable or disable multicast traffics from Internet You may enable as auto mode or select by IGMP v1 IGMP v2 IGMP v3 or Auto 12 WAN IP Alias In some cases ISP will provide you another fixed IP address ...

Page 49: ...3 Server IP Address Name IP address of the L2TP server provided by ISP 4 L2TP Account and Password The account and password your ISP assigned to you Please note the account and password is case sensitive For security concern the password you input won t be displayed on web UI 5 Connection Control Select your connection control scheme from the drop list Auto reconnect Always on Dial on demand or Ma...

Page 50: ...tween LAN side and WAN side 9 Network Monitoring You can do preferred settings by using this feature to monitor the connection status of WAN interface Checking mechanism depends on several parameters defined here The network monitoring provides the WAN interface status and then system can prevent embedded 3G LTE modem from some sort of auto timeout and disconnects from the Internet after a period ...

Page 51: ...WAN IP Alias In some cases ISP will provide you another fixed IP address for management purpose You can enter that IP address in this field 3 1 1 3 Load Balance This device support multi WAN load balance function and more than one WAN interface can access to Internet at a time The load balance function can help you to manage the outbound traffics and to maximize the utilization of available bandwi...

Page 52: ...e settings to allocate proper traffics for each WAN to access the internet By User Policy If you choose the By User Policy strategy you have to create the expected policies one by one Click the add button to add your load balance policy You can manage the outbound traffics flow and the force specific traffics to access Internet through designated WAN interface For those traffics not covered in the...

Page 53: ...er for the load balance policy It can be All Port Range Single Port or Well known Applications Just choose one type of the destination port and specify its value as well If you don t want to specify a certain destination port for this policy just leave it as All 4 Protocol Enter the expected protocol type for the load balance policy It can be TCP UDP or Both If you don t want to specify a certain ...

Page 54: ...e it if necessary It s also the IP address of web UI If you change it you need to type new IP address in the browser to see web UI 2 Subnet Mask Input your Subnet mask Subnet mask defines how many clients are allowed in one network or subnet The default subnet mask is 255 255 255 0 24 and it means maximum 254 IP addresses are allowed in this subnet However one of them is occupied by LAN IP address...

Page 55: ...he traffic generated by the nodes remains within the VLAN However in Tag based VLAN all packets with same VLAN ID will be treated as the same group of them and own same access property and QoS property It is especially useful when individuals of a VLAN group are located at different location The VLAN function allows you to divide local network into different virtual LANs In some cases ISP may need...

Page 56: ... upper link for different services A port based VLAN is a group of ports on an Ethernet or Virtual APs of Wired or Wireless Gateway that form a logical Ethernet segment Following is an example In SMB or a company administrator schemes out 4 segments Lobby Lab Servers Office and VoIP IPTV In a Wireless Gateway administrator can configure Lobby segment with VLAN ID 4 The VLAN group includes Port 4 a...

Page 57: ...n carry with different VLAN tags even at the same physical port for Intranet These flows can be directed to different destination because they have differentiated tags The approach is very useful to group some hosts in different geographic location to be a same department Tag based VLAN is also called a VLAN Trunk The VLAN Trunk collects all packet flows with different VLAN IDs from Router device ...

Page 58: ...8 11 x subnet for Intranet only That is any client host in VLAN 11 group can t access the Internet However he configure Office segment with VLAN ID 10 The VLAN group is equipped with DHCP 1 server to construct a 192 168 10 x subnet In this example VLAN 10 and 12 groups can access the Internet as following diagram VLAN Group Access Control Administrator can specify the Internet access right for all...

Page 59: ...transitive property That is A can communicate with B and B can communicate with C that doesn t mean A can communicate with C An example is shown at following diagram VLAN groups of VID is 1 and 3 can access each other but the ones between VID 3 and VID 4 and between VID 1 and VID 4 can t 3 1 2 2 2 Port Based VLAN A port based VLAN is a group of ports on an Ethernet switch or router that form a log...

Page 60: ...essed by NAT mechanism 2 LAN VID Specify a VLAN identifier for this port The ports with the same VID are in the same VLAN group 3 Tx TAG If ISP requests a VLAN Tag with your outgoing data please check the checkbox of Tx TAG 4 DHCP Server Specify a DHCP server for the configuring VLAN This device provides up to 4 DHCP servers to serve the DHCP requests from different VLANs 5 WAN VID The VLAN Tag ID...

Page 61: ... configuration of inter VAP routing please refer to Basic Network WiFi section The last one policy is the Bridge to WAN Policy that includes only Port 4 Afterwards click on Save to store your settings or click Undo to give up the changes 3 1 2 2 3 Tag Based VLAN The second type of VLAN is the tag based VLAN VLAN membership in a tagged VLAN is determined by VLAN information within the packet frames...

Page 62: ...h the VLAN ID before it is forward to the destination belongs to this configuring VLAN group in the Intranet 3 Port 1 Port 4 VAP 1 VAP 8 Specify whether they belong to the VLAN group or not You just have to check the boxes for dedicated ports 4 DHCP Server Specify a DHCP server for the configuring VLAN This device provides up to 4 DHCP servers to serve the DHCP requests from different VLANs Afterw...

Page 63: ...R wireless radio you have to configure 2 4G Hz operation band s wireless settings and then activate your WLAN There are several wireless operation modes provided by this device They are AP Router Mode WDS Hybrid Mode and WDS Only Mode You can choose the expected mode from the wireless operation mode list 3 1 3 1 1 AP Router Mode ...

Page 64: ...chanism all of wireless clients don t need to get public IP addresses from ISP 1 Operation Band Select the WiFi operation band that you want to configure But the device supports only 2 4G single WiFi band 2 WPS Click on the button to setup WPS 1 Wireless Module Enable the wireless function 2 Wireless Operation Mode Choose AP Router Mode from the drop list 3 Green AP Enable the Green AP function to...

Page 65: ...ces 9 Channel The radio channel number The permissible channels depend on the Regulatory Domain The factory default setting is auto channel selection It s recommended to choose a channel that is not used in your environment to reduce radio interference 10 Wireless System This gateway supports 802 11a b g n modes For 2 4GHz operation band you can also choose N only G N mixed or B G N mixed and for ...

Page 66: ... t need additional RADIUS server for user authentication WPA Select Encryption mode and enter RADIUS Server related information You have to specify the IP address and port number for the RADIUS Server and then fill in 64 hexadecimal 0 1 2 8 9 A B F digits or 8 to 63 ASCII characters as the shared key The key value is shared by the RADIUS server and this router This key value must be consistent wit...

Page 67: ...or user authentication WPA WPA2 If some of wireless clients can only support WPA but most of them can support WPA2 You can choose this option to support both of them Select Encryption mode and enter RADIUS Server related information You have to specify the IP address and port number for the RADIUS Server and then fill in 64 hexadecimal 0 1 2 8 9 A B F digits or 8 to 63 ASCII characters as the shar...

Page 68: ...dress filled 4 Green AP Enable the Green AP function to reduce the power consumption when there are no wireless traffics 5 Channel The radio channel number The permissible channels depend on the Regulatory Domain The factory default setting is auto channel selection 6 Authentication Encryption You may select one of the following authentications to secure your wireless network Open Shared Auto WPA ...

Page 69: ...ments Auto The gateway will select appropriate authentication method according to WiFi client s request automatically WPA PSK Select Encryption mode and enter the Pre share Key You can fill in 64 hexadecimal 0 1 2 8 9 A B F digits or 8 to 63 ASCII characters as the pre share key The available encryption modes are TKIP AES or TKIP AES In this mode you don t need additional RADIUS server for user au...

Page 70: ...er one by one Afterwards click on Save to store your settings or click Undo to give up the changes 3 1 3 1 3 WDS Hybrid Mode WDS Wireless Distributed System Hybrid function let this access point acts as a wireless LAN access point and a repeater at the same time Users can use this feature to build up a large wireless network in a large space like airports hotels and schools etc ...

Page 71: ...ccording to the schedule rule you specified By default the wireless radio is always turned on when the wireless module is enabled If you want to add a new schedule rule please go to System Scheduling menu 7 Network ID SSID Network ID is used for identifying the Wireless LAN WLAN Client stations can roam freely over this device and other Access Points that have the same Network ID The factory defau...

Page 72: ...ared key or passphrase The shared key is manually set on both the client station and the AP router Three types of shared key authentication are available today for home or small office WLAN environments Auto The gateway will select appropriate authentication method according to WiFi client s request automatically WPA PSK Select Encryption mode and enter the Pre share Key You can fill in 64 hexadec...

Page 73: ...nce you finished the wireless settings for the following sub sections you can configure and enable the WPS Wi Fi Protection Setup easy setup feature for your wireless network by clinking on the 2 4G WPS Setup button 1 WPS11 You can enable this function by checking Enable box WPS offers a safe and easy way to allow the wireless clients connected to your wireless network 2 Configuration Status This ...

Page 74: ...s PIN number is required for WiFi client during WPS connection You can press New Generate to get a new AP PIN 7 WPS status According to your setting and activity the status will show IDLE STARTPROCESS or NOT USED The status is IDLE by default If you want to start a WPS connection you need to push Trigger button to change its status to STARTPROCESS Only one wireless client is allowed for each WPS c...

Page 75: ...ss configuration for professional user to optimize the wireless performance under the specific installation environment 1 Operation Band Select the WiFi operation band that you want to configure But the device supports only 2 4G single WiFi band 2 Regulatory Domain Indicate number of Wi Fi channel It depends on regional ...

Page 76: ...e 6 Fragmentation Wireless frames can be divided into smaller units fragments to improve performance in the presence of RF interference and at the limits of RF coverage 7 WMM Capable WMM can help control latency and jitter when transmitting multimedia content over a wireless connection 8 Short GI Time setting of Guard Interval between two Wi Fi packets Decrease this time interval will increase Wi ...

Page 77: ...e You can lower down the power ratio to prevent transmissions from reaching beyond your corporate home office or designated wireless area 3 1 4 IPv6 Setup The growth of the Internet has created a need for more addresses than are possible with IPv4 IPv6 Internet Protocol version 6 is a version of the Internet Protocol IP intended to succeed IPv4 which is the protocol currently used to direct almost...

Page 78: ...anging Internet connectivity providers This gateway supports various types of IPv6 connection Static IPv6 DHCPv6 PPPoE 6 to 4 IPv6 in IPv4 tunnel Please ask your ISP of what type of IPv6 is supported before you proceed with IPv6 setup 3 1 4 1 Static IPv6 When Static IPv6 is selected for the WAN Connection Type you need to do the following settings Static IPv6 WAN Type Configuration ...

Page 79: ...1 db8 abcd 0012 ffff ffff ffff ffff 3 Default Gateway Enter the Default Gateway address here a default gateway is the node on the computer network that the network software uses when an IP address does not match any other routes in the routing table 4 Primary Secondary DNS You may select to obtain DNS server address automatically or use following DNS address You may add IPv6 address Primary DNS ad...

Page 80: ...ess of that interface Hosts discover the addresses of their neighboring routers simply by listening for advertisements When a host attached to a multicast link starts up it may multicast a Router Solicitation to ask for immediate advertisements rather than waiting for the next periodic ones to arrive if and only if no advertisements are forthcoming the host may retransmit the solicitation a small ...

Page 81: ...re WAN Connection Options 1 DS Lite If necessary in your environment please enable this feature and enter AFTR IPv6 Address LAN Configuration 1 Global Address Please enter the global IPv6 address for LAN interface 2 Link Local Address To show the IPv6 Link Local address of LAN interface Address Auto configuration 1 Auto configuration Disable or enable this auto configuration setting 2 Auto configu...

Page 82: ...ng are eventually discovered by reception of their periodic unsolicited advertisements 3 1 4 3 PPPoEv6 When PPPoEv6 is selected for the WAN Connection Type you need to do the following settings PPPoEv6 WAN Type Configuration 1 Account enter the Username that you got from your ISP 2 Password enter the Password that you got from your ISP 3 Service Name enter the Service Name that you got from your I...

Page 83: ...the IP address of that interface Hosts discover the addresses of their neighboring routers simply by listening for advertisements When a host attached to a multicast link starts up it may multicast a Router Solicitation to ask for immediate advertisements rather than waiting for the next periodic ones to arrive if and only if no advertisements are forthcoming the host may retransmit the solicitati...

Page 84: ...nk Local Address To show the IPv6 Link Local address of LAN interface Address Auto configuration 1 Auto configuration Disable or enable this auto configuration setting 2 Auto configuration type You may set stateless or stateful Dynamic IPv6 3 Router Advertisement Lifetime You can set the time for the period that the router send broadcast its router advertisement Each router periodically multicasts...

Page 85: ...ocal IPv4 and IPv6 Address you may add remote local IPv4 address and local IPv6 address then set DNS address manually for Primary DNS address and secondary DNS address 2 DNS Please enter IPv6 primary DNS address and secondary DNS address 3 MLD Snooping MLD snooping IPv6 multicast data is selectively forwarded to a list of ports that want to receive the data instead of being flooded to all ports in...

Page 86: ...routers simply by listening for advertisements When a host attached to a multicast link starts up it may multicast a Router Solicitation to ask for immediate advertisements rather than waiting for the next periodic ones to arrive if and only if no advertisements are forthcoming the host may retransmit the solicitation a small number of times but then must desist from sending any more solicitations...

Page 87: ... 1 Virtual Server This gateway s NAT firewall filters out unrecognized packets to protect your Intranet so all hosts behind this device are invisible to the outside world If you wish you can make some of them accessible by enabling the Virtual Server Mapping Press Add button to add new rule for Virtual Server A virtual server is defined as a Public Port and all requests to this port will be redire...

Page 88: ... and local IP address Press Add button to add new rule for Virtual Computer 1 Global IP Enter the global IP address assigned by your ISP 2 Local IP Enter the local IP address of your LAN PC corresponding to the global IP address 3 Enable Check this item to enable the Virtual Computer feature 3 1 5 2 3 Special AP ALG NAT feature can protect Intranet from outside attacks but sometimes also blocks so...

Page 89: ...ed settings will be filled up automatically 1 Trigger Port The outbound port number issued by the application 2 Incoming Ports When the trigger packet is detected the inbound packets sent to the specified port numbers are allowed to pass through the firewall 3 Time Schedule Each special AP setting can be turned off according to the schedule rule you specified By default it is always turned on when...

Page 90: ...erent IP networks Because DHCP is a broadcast based protocol by default its packets do not pass through routers If you need this feature in the environment please enable it NOTE This feature should be used only when needed 3 1 6 Routing Setup If you have more than one router and subnet you will need to enable routing function to allow packets to find proper routing path and allow different subnets...

Page 91: ... route for this destination subnet network The assigned gateway is required to be in the same subnet of LAN side or WAN side 4 Metric The router uses the value to determine the best possible route It will go in the direction of the gateway with the lowest metric 5 Rule Check the Enable box to enable this static routing rule 3 1 6 2 Dynamic Routing The feature of static route is for you to maintain...

Page 92: ...ise please select RIPv1 if you need this protocol 2 OSPF OSPF is an interior gateway protocol that routes Internet Protocol IP packets solely within a single routing domain autonomous system It gathers link state information from available routers and constructs a topology map of the network The topology determines the routing table presented to the Internet Layer which makes routing decisions bas...

Page 93: ...he Select box for those areas and then clicking on the Delete command button at the OSPF Area List caption When you finished setting click on Save to store your settings 3 BGP Border Gateway Protocol BGP is the protocol backing the core routing decisions on the Internet It maintains a table of IP networks or prefixes which designate network reach ability among autonomous systems AS It is described...

Page 94: ...bors can be removed by checking the Select box for those neighbors and then clicking on the Delete command button at the BGP Neighbor List caption When you finished setting click on Save to store your settings 3 1 6 3 Routing Information A routing table or routing information base RIB is a data table stored in a router or a networked computer that lists the routes to particular network destination...

Page 95: ...dress you have to use dynamic domain name service DDNS Therefore anyone wishing to reach your host only needs to know the name of it Dynamic DNS will map the name of your host to your current IP address which changes each time you connect your Internet service provider This device supports most popular 3 party DDNS service provider including TZO com No IP com DynDNS org Dynamic DynDNS org Custom a...

Page 96: ...o 4 DHCP servers to serve the DHCP requests from different VLAN groups and DMZ port And there is one default one whose LAN IP Address and Subnet Mask are the same ones of gateway LAN interface and IP Pool ranges from 100 to 200 as shown at following DHCP Server List You can add or edit one DHCP server configuration by clicking on the Add button behind DHCP Server List or the Edit button at the end...

Page 97: ... and can be modifies by user 3 Subnet Mask Select the subnet mask for the specific DHCP n server Subnet Mask defines how many clients are allowed in one network or subnet It is the same to the one of LAN interface for DHCP 1 server For other DHCP servers the default subnet mask is 255 255 255 0 24 and it means maximum 254 IP addresses are allowed in this subnet However one of them is occupied by L...

Page 98: ...ary DNS Optional This feature allows you to assign DNS Servers 8 Primary WINS Secondary WINS Optional This feature allows you to assign WINS Servers 9 Gateway Optional Gateway address would be the IP address of an alternate Gateway This function enables you to assign another gateway to your local computer when DHCP server offers IP address For an example this gateway will assign IP address to loca...

Page 99: ...is feature to ensure each of them receives same IP address all the time 3 2 Advanced Network This device also supports many advanced network features such as Firewall QoS Bandwidth Management VPN Security Redundancy and System Management You can finish those configurations in this section ...

Page 100: ...x lets you activate all firewall functions that you want 3 2 1 2 Packet Filters Packet Filters function can let you define both outbound filter and inbound filter rules by specifying the source IP and destination IP in a rule It enables you to control what packets are allowed or blocked to pass the router Outbound filters are applied to all outbound packets However inbound filters are applied to p...

Page 101: ...pecified rules White List Besides you also can enable the log alerting so that system will record packet blocking events when filter rules are fired At the right upper corner of screen one Help command let you see the on line help message about Packet Filter function 3 2 1 2 2 Packet Filter List It is a list of all packet filter rules You can add one new rule by clicking on the Add command button ...

Page 102: ...t to be filtered out in the packet filter rule You can define a single IP address 4 3 2 1 or a range of IP addresses 4 3 2 20 30 A 0 0 0 0 implies all IP addresses 5 Destination IP Specify the Destination IP address of packets that want to be filtered out in the packet filter rule You can define a single IP address 4 3 2 1 or a range of IP addresses 4 3 2 20 30 A 0 0 0 0 implies all IP addresses 6...

Page 103: ...is always turned on when the rule is enabled For more details please refer to the System Scheduling menu 9 Rule Enable Check the enable box if you want to activate the rule Each rule can be enabled or disabled individually Afterwards click on Save to store your settings or click Undo to give up the changes 3 2 1 3 URL Blocking URL Blocking will block the webs containing pre defined key words This ...

Page 104: ...re fired 4 Invalid Access Web Redirection Users will see a specific web page to know their access is blocked by rules 5 Help At the right upper corner of screen one Help command let you see the on line help message about URL Blocking function 3 2 1 3 2 URL Blocking Rule List It is a list of all URL Blocking rules You can add one new rule by clicking on the Add command button But also you can modif...

Page 105: ... block the designated domain name like www xxx com www 123aaa org mma com 3 Destination Port Specify the destination port in URL requests that want to be blocked in the URL blocking rule You can define a single port 80 or a range of ports 1000 1999 An empty or 0 implies all ports are used 4 Time Schedule The rule can be turn on according to the schedule rule you specified and give user more flexib...

Page 106: ... Alert Enable the log alerting so that system will record Web content filtering events when filtering rules are fired 3 2 1 4 2 Web Content Filter Rule List It is a list of all Web Content Filter rules You can add one new rule by clicking on the Add command button But also you can modify some existed Web Content Filter rules by clicking corresponding Edit command buttons at the end of each filteri...

Page 107: ... file extensions to be blocked in a rule by using to concatenate these file extensions 3 Schedule The rule can be turn on according to the schedule rule you specified and give user more flexibility on access control By default it is always turned on when the rule is enabled For more details please refer to the System Scheduling menu 4 Enable Check the box if you want to enable the rule Each rule c...

Page 108: ... all to pass except those match the specified rules 3 Log Alert Enable the log alerting so that system will record MAC control events when control rules are fired 4 Known MAC from LAN PC List You can see all of connected clients from this list and copy their MAC address to the MAC Control Rule Configuration window below 3 2 1 5 2 MAC Control Rule List It is a list of all MAC Control rules You can ...

Page 109: ... xx xx xx xx xx xx x is a hexadecimal digit 3 Schedule The rule can be turn on according to the schedule rule you specified and give user more flexibility on access control By default it is always turned on when the rule is enabled For more details please refer to the System Scheduling menu 4 Enable Check the box if you want to enable the rule Each rule can be enabled or disabled individually Afte...

Page 110: ... on access control By default they are always turned on when Application Filters function is enabled For more details please refer to the System Scheduling menu 3 2 1 7 IPS IPS Intrusion Prevention Systems are network security appliances that monitor network and or system activities for malicious activity The main functions of IPS are to identify malicious activity log information about this activ...

Page 111: ...n pass through the router like IP address port address ACK SEQ number and so on And the router will check every incoming packet to detect if this packet is valid 3 Discard PING from WAN If this feature is enabled this gateway won t reply any ICMP request packet from WAN side It means any remote host can t get response when ping to this gateway Ping is a useful command that we use to detect if a ce...

Page 112: ...loss the entire network must ensure them via a connection service guarantee The main goal of QoS BWM Quality of Service and Bandwidth Management is prioritizing incoming data and preventing data loss due to factors such as jitter delay and dropping Another important aspect of QoS is ensuring that prioritizing one data flow doesn t interfere with other data flows So QoS helps to prioritize data as ...

Page 113: ...oughput Flexible Bandwidth Management FBM Adjust the bandwidth distribution dynamically based on current bandwidth usage situation to get the maximum system network performance and it is transparent to all users Before QoS BWM function can work correctly this gateway needs to define the resource for each WAN interface First one is the available bandwidth of WAN connection It was set in the Basic N...

Page 114: ...ally you need to know three parts of information before you create your own policies First who needs to be managed Second what kind of service needs to be managed The last part is how you prioritize Once you get this information you can continue to learn more details in this section Flexible QoS Rule Definition Multiple Group Categories Specify the group category in a QoS rule for the target objec...

Page 115: ... function is setting priority For DSCP resource control function is DSCP marking The last resource is Connection Sessions the related control function is limiting connection sessions Individual Group Control One QoS rule can be applied to individual member or whole group in the target group This feature depends on model Outbound Inbound Control One QoS rule can be applied to the outbound or inboun...

Page 116: ...QoS rules by checking the Select box for each rule you can click on the Delete button to remove those rules from the list 3 Clear Delete all existed QoS rules 4 Restart Press Restart button to re initiate all QoS rules again 5 Edit Configure the specific QoS rule again 3 2 2 2 3 QoS Rule Configuration It supports the adding of one new rule or the editing of one existed rule There are some paramete...

Page 117: ... must be specified DSCP means DiffServ Code Point as known as advanced TOS You can choose this option if your local service gateway supports DSCP tags The DSCP categories that this gateway can detect are as below You need to choose a correct one according to your device s specification When TOS is selected for Service TOS value must be chosen from a list of 4 options For example When User defined ...

Page 118: ...d If you want to apply the value of control setting on each selected host in the Group you need to select Individual Control for Sharing Method On the other hand if the value of control setting wants to be applied on all selected hosts in the Group you need to select Group Control For example you define Control Function as Set Session Limitation and the limited sessions are 2000 sessions You also ...

Page 119: ...t DSCP with DiffServ CodePoint is CS4 Resource Select DiffServ Code Points Control Function Select DSCP Marking with AF Class 2 High Drop QoS Direction Select Inbound for inbound traffic only Sharing Method Select Group Control Schedule Leave the default value of 0 Always as it is This rule means IP packets from all WAN interfaces to LAN IP address 192 168 75 10 192 168 75 40 which have DiffServ c...

Page 120: ... private network VPN extends a private network across a public network such as the Internet It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network while benefitting from the functionality security and management policies of the private network This is done by establishing a virtual point to point connection through th...

Page 121: ...r There are two phases to negotiate between the initiator and responder during tunnel establishment IKE phase and IPSec phase At IKE phase IKE authenticates IPSec peers and negotiates IKE SAs Security Association during this phase setting up a secure channel for negotiating IPSec SAs in phase 2 At IPSec phase IKE negotiates IPSec SA parameters and sets up matching IPSec SAs in the peers After thes...

Page 122: ...ication Site to Site Support Full Tunnel Application When Full Tunnel function of remote Business Security Gateway is enabled all data traffic from remote clients behind remote Business Security Gateway will goes over the VPN tunnel That is if a user is operating at a PC that is in the Intranet of remote Business Security Gateway all application packets and private data packets from the PC will be...

Page 123: ...ox 3 NAT Traversal Some NAT routers will block IPSec packets if they don t support IPSec pass through If your Business Security Gateway connects to this kind of NAT router which doesn t support IPSec pass through you need to activate this option in your Business Security Gateway 4 Max Tunnels The device supports up to 32 IPSec tunnels but you can specify it with the number of maximum current activ...

Page 124: ...king the Edit button at the end of each tunnel list 3 2 3 1 4 Local Remote Configuration 1 Local Subnet The subnet of LAN site of local Business Security Gateway It can be a host a partial subnet the whole subnet or multiple subnets of LAN site of local gateway The device supports VPN hub and spoke function There are 5 local subnets to be defined here and the information will be transferred to rem...

Page 125: ...omains to be defined here for hub and spoke function 6 Remote Gateway Enter the IP address or FQDN of remote Business Security Gateway 3 2 3 1 6 Authentication 1 Key Management Select IKE Pre shared Key or Manually Other options depend on product models By default IKE Pre shared Key method is adopted for key management It is the first key used in IKE phase for both VPN tunnel initiator and respond...

Page 126: ...mote mobile VPN clients You can not only configure a VPN rule with a pre shared key for all remote users but you can also designate account password for specific users that are permitted to establish VPN connection with VPN server There are 3 roles to let Business Security Gateway behave as for X Auth authentication including None Server and Client For None role there is no X Auth authentication h...

Page 127: ...Group 2 MODP1024 Group 5 MODP1536 and Group14 18 4 Enable Check this box to enable the IKE Proposal during tunnel establishing 3 2 3 1 9 IPSec Phase 1 Phase 2 Key Life Time The value of life time represents the life time of the key which is dedicated at Phase 2 between two VPN peers 3 2 3 1 10 IPSec Proposal Definition There are 4 IPSec proposals can be defined by you and used in IPSec phase of ne...

Page 128: ...et and check its integrity The value of inbound SPI should be set in hex formatted 3 Encryption Algorithm There are five algorithms can be selected DES 3DES AES 128 AES 192 and AES 256 Encryption key is used by the encryption algorithm Its length is 16 in hex format if encryption algorithm is DES or 48 if 3DES However AES 128 uses 32 length of hex format AES 192 uses 48 length of hex format and AE...

Page 129: ...authentication and encryption natively as standard features of the Windows PPTP stack The intended use of this protocol is to provide security levels and remote access levels comparable with typical VPN products 3 2 3 2 1 PPTP L2TP VPN Tunnel Scenarios There are some common PPTP L2TP VPN connection scenarios as follows PPTP L2TP Server for Remote Mobile Users The device acts as Server role for rem...

Page 130: ...corresponding role of PPTP VPN tunnels for the Business Security Gateway beneath the choosing screen 3 2 3 2 2 PPTP Server Configuration The Business Security Gateway can behave as a PPTP server and it allows remote hosts to access LAN servers behind the PPTP server The device can support four authentication methods PAP CHAP MS CHAP and MS CHAP v2 Users can also enable MPPE encryption when using M...

Page 131: ...method In the meantime you also can choose encryption length of MPPE encryption 40 bits 56 bits or 128 bits 3 2 3 2 3 PPTP Server Status The user name and connection information for each connected PPTP client to the PPTP server of the Business Security Gateway will be shown in this table 1 Refresh To refresh the PPTP Server Status each 2 seconds by clicking on the Refresh button 2 Disconnect To te...

Page 132: ...ient hosts in the Intranet of Business Security Gateway can access LAN servers behind the PPTP server 1 PPTP Client Enable or disable PPTP client function 3 2 3 2 7 PPTP Client List Status You can add new up to 22 different PPTP client tunnels by clicking on the Add button and modify each tunnel configuration by clicking on the corresponding Edit button at the end of each existed tunnel 1 Add You ...

Page 133: ...ty Gateway goes over this PPTP tunnel if these packets don t match the Peer Subnet of other PPTP tunnels There is only one PPTP tunnel to own the Default Gateway property However when Peer Subnet is chosen peer subnet parameter needs to be filled and it should be the LAN subnet of remote PPTP server If an Intranet packet wants to go to this peer subnet the PPTP tunnel will be established automatic...

Page 134: ...ayer 2 Tunneling Protocol L2TP is a tunneling protocol used to support virtual private networks VPNs or as part of the delivery of services by ISPs It does not provide any encryption or confidentiality by itself Rather it relies on an encryption protocol that it passes within the tunnel to provide privacy The Business Security Gateway can behave as a L2TP server and a L2TP client at the same time ...

Page 135: ... 4 IP Pool Starting Address This device will assign an IP address for each remote L2TP client This value indicates the beginning of IP pool 5 IP Pool Ending Address This device will assign an IP address for each remote L2TP client This value indicates the end of IP pool 6 Authentication Protocol You can choose authentication protocol as PAP CHAP MS CHAP or MS CHAP v2 7 MPPE Encryption Check the En...

Page 136: ...button 3 Account Check the Enable box to validate the user account 4 Edit You can edit one user account configuration by clicking on the Edit button at the end of each user account list 3 2 3 3 4 User Account Configuration Add or edit one user account will activate the User Account Configuration screen 1 User Name Enter the user name of user account 2 Password Enter the password of user account 3 ...

Page 137: ...2TP client tunnel by clicking on the Add button 2 Delete Delete selected tunnels by checking the Select box at the end of each tunnel list and then clicking on the Delete button 3 Tunnel Check the Enable box to activate the tunnel 4 Edit You can edit oneL2TPTP client tunnel configuration by clicking on the Edit button at the end of each tunnel list 3 2 3 3 7 L2TP Client Configuration 1 L2TP Client...

Page 138: ...supported by remote L2TP server 10 MPPE Encryption Check the Enable box to activate MPPE encryption Please note that MPPE needs to work with MS CHAP or MS CHAP v2 authentication methods 11 NAT before Tunneling Check the Enable box to let hosts in the Intranet of Business Security Gateway can go to access Internet via remote PPTP server By default it is enabled However if you want the remote PPTP S...

Page 139: ...ation 1 GRE Tunnel Check the Enable box to activate the GRE tunnel function 3 2 3 4 3 GRE Tunnel Definitions 1 Add You can add one new GRE tunnel by clicking on the Add button 2 Delete Delete selected tunnels by checking the Select box at the end of each tunnel list and then clicking on the Delete button 3 Tunnel Check the Enable box to activate the GRE tunnel 4 Edit You can edit one tunnel config...

Page 140: ... Choose the way to do connection keep alive The keep alive is done by sending ICMP request to a remote host You need to enter the IP address of remote host and define the time interval of sending ICMP requests 9 Default Gateway Peer Subnet You can choose Default Gateway option or Peer Subnet option here When Default Gateway is chosen all traffic from Intranet of Business Security Gateway goes over...

Page 141: ... primary master router or switch fails This increases the availability and reliability of routing paths via automatic default gateway selections on an IP network The protocol achieves this by creation of virtual routers which are an abstract representation of multiple routers i e master and backup routers acting as a group The default gateway of a participating host is assigned to the virtual rout...

Page 142: ... store what you just select or Undo to give up 3 2 5 System Management This device supports many system management protocols such as TR 069 SNMP Telnet with CLI and UPnP You can finish those configurations in this sub section 3 2 5 1 TR 069 TR 069 Technical Report 069 is a Broadband Forum technical specification entitled CPE WAN Management Protocol CWMP It defines an application layer protocol for...

Page 143: ...n typical SNMP uses one or more administrative computers called managers have the task of monitoring or managing a group of hosts or devices on a computer network Each managed system executes at all times a software component called an agent which reports information via SNMP to the manager SNMP agents expose management data on the managed systems as variables The protocol also permits active mana...

Page 144: ...a text password mechanism that is used to weakly authenticate queries to agents of managed network devices The Set community is used for changing configurations on this device 4 Trap Event Receiver 1 4 Enter the IP addresses or Domain Name of your SNMP Management PCs You have to specify it so that the device can send SNMP Trap message to the management PCs consequently 5 WAN Access IP Address If y...

Page 145: ...m device only or change configurations as well read write 8 Enable Check the box to activate this user profile 9 Actions Press Edit button to modify user profile 3 2 5 3 Telnet with CLI A command line interface CLI also known as command line user interface console user interface and character user interface CUI is a means of interacting with a computer program where the user or client issues comma...

Page 146: ...h a process which is error prone and time consuming This device supports the UPnP Internet Gateway Device IGD feature 3 3 Applications In this section you can finish the Mobile Application and Captive Portal settings For Mobile Application this device is equipped with a 3G 4G module as WAN interface and it also provide the SMS USSD Network Scan and Remote Management by SMS Besides it also serves a...

Page 147: ... 1 SMS You can compose new SMS message and check received SMS message on this gateway 1 Physical Interface Indicate which 3G LTE modem is used for SMS feature 2 SMS Indicate which SIM card is used for SMS feature 3 SMS Storage Select storage for SMS message This gateway only supports ...

Page 148: ...e Auto forward Or enter a mail address if choosing By Email Or enter the IP address of syslog server if choosing By Syslog 4 Enable Enable this rule SMS Summary 1 Unread SMS Indicate number of unread SMS message 2 Received SMS Indicate number of total received SMS message 3 Remaining SMS Indicate number of new message can be received because of SMS storage limit Create New SMS Message You can crea...

Page 149: ...ges After reading message you can check the checkbox on the right of each message to delete reply or forward this message 3 3 1 2 USSD Unstructured Supplementary Service Data USSD is a protocol used by GSM cellular telephones to communicate with the service provider s computers USSD can be used for prepaid callback service mobile money services location based content services and as part of config...

Page 150: ...ure And SIM Status indicates which SIM card is used for USSD feature USSD Profile List You can edit USSD profile for some common used command Press Add button to add new profile And select some existed profiles to delete by clicking on Delete button USSD Profile Configuration 1 Profile Name Indicate name of this profile 2 USSD Command Type USSD command of this profile 3 Comments Add comments for t...

Page 151: ...to 3 Scan Approach You can choose Auto or Manually If you choose Manually press Scan button to scan cellular network nearby in your environment and select one network provider to apply by clicking on the Apply button Note Incorrect setting here may cause 3G LTE connection problems 3 3 1 4 Remote Management This part is for remote management functions that are done by text SMS Short Message Service...

Page 152: ...ied continuously If SIM storage is full this gateway can t receive any new SMS 3 Security Key This security key will be used for authentication when this gateway receives SMS command Users need to type this key first and then followed by a command There should be a blank between key and command e g 1234 reboot If this field is empty users just need to type command without adding any key informatio...

Page 153: ...ect command from SMS it won t try to connect again no matter WAN connection mode is set to auto reconnect 4 Reconnect Enable it and you can send command reconnect to disconnect WAN connection and start WAN connection again immediately 5 Reboot Enable it and you can send command reboot to restart router All management commands are not case sensitive Notification Settings 1 WAN Link Down Enable it a...

Page 154: ...eceive notifications 3 3 2 Captive Portal 3 3 2 1 Captive Portal Configuration The gateway supports the Captive Portal function including external captive portal For external captive portable you must specify external RADIUS Remote Authentication Dial In User Service server and external UAM Universal Access Method server External Captive Portal Before enabling external Captive Portal function plea...

Page 155: ...te GEM420 4G M2M Router GEM420 User Manual 155 NOTE All Internet Packets will forward to Captive Portal Web site of the gateway when enabled this feature Please make sure that you had one account and password ...

Page 156: ...time scheduling rules here to be applied at various applications in the device system Administrator Time out in seconds defines the idle time out for administrator to configure the device by using Web UI 3 4 1 System Related In this section you can change login password view system information and status and using several system tools 3 4 1 1 Change Password You can change the System Password here...

Page 157: ...rmation Re type new password again here It must be the same as the one in New Password otherwise an error message will be shown out 3 4 1 2 System Information You can view the System Information in this page It includes the WAN Type Display Time and Modem Information But the modem information will be existed only at the models with embedded modems like ADSL modem and 3G LTE modem Press Refresh but...

Page 158: ... the default value is 25 For example mail your_url com or 192 168 1 100 26 E mail Addresses The recipients are the ones who will receive these logs You can assign more than 1 recipient using or to separate these email addresses E mail Subject The subject of email alert is optional Press Email Now to send system logs immediately 3 Syslogd Enable this function to send system logs to remote syslog se...

Page 159: ...m the available list and by default it is Auto to let system query pre defined NTP servers for the system time one after one 3 Daylight Saving Time Check the Enable checkbox to enable this function 4 Set Date Time Manually Set the date and time for system by manual But Auto Synchronization must be unchecked beforehand to do it Above is the first way to setup system date and time That is it is the ...

Page 160: ... which is from GPL policy please check Accept unofficial firmware NOTE PLEASE DO NOT TURN THE DEVICE OFF WHEN UPGRADE IS PROCEEDING Ping Test This allows you to specify an IP FQDN and the test interface so system will try to ping the specified device to test whether it is alive after clicking on the Ping button A test result window will appear beneath it There is a Close command button there can l...

Page 161: ...sed protocol number is either UDP or ICMP and by default it is UDP Then system will try to trace the specified device to test whether it is alive after clicking on the Traceroute button A test result window will appear beneath it There is a Close command button there can let the test result windows disappear 1 Host IP Input the IP address of destination host 2 Interface Choose which WAN interface ...

Page 162: ... file Once you want to restore these settings please click Firmware Upgrade button and use the bin file you have saved 3 4 2 Scheduling You can set the schedule time to decide which service will be turned on or off The added rules will be listed 1 Time Scheduling Enable or disable the scheduling function 2 Add New Rule Click the Add button to create a schedule rule When the next dialog popped out ...

Page 163: ... Server objects Active Directory Server objects LDAP Server objects and UAM Server objects These objects can be used in other applications of system like system log emailing to email server or sending to syslog server in System System Related System Status captive portable function in Applications Captive Portable and SMS forwarding to email server or syslog server in Applications Mobile Applicati...

Page 164: ...ord in the External Server List Besides unnecessary objects can be removed by checking the Select box for those objects and then clicking on the Delete command button at the External Server List caption 1 Add Click on the button to add one external server object 2 Delete Click on the button to delete the external server objects that are specified in advance by checking on the Select box of those o...

Page 165: ...erver you can specify primary RADIUS server and secondary RADIUS server for redundancy For each server following parameters need to be specified Shared Key Authentication Protocol CHAP or PAP Session Timeout 1 60 Mins and Idle Timeout 1 15 Mins When Active Directory Server you must specify one more parameter Domain When LDAP Server one more parameter Base Domain Name When NT Domains Server one mor...

Page 166: ...Proroute GEM420 4G M2M Router GEM420 User Manual 166 Additional Information For support please contact your supplier in the first instance ...

Search results

Summary of Contents for GEM420

Reviews:

Related manuals for GEM420

Brands by name

Popular brands

Proroute GEM420, User Manual

Search results

Summary of Contents for GEM420

Reviews:

Related manuals for GEM420

Brands by name

Popular brands