Teltonica RUT900 Page 75 User Manual Download

Page: 75 / 141

6.6.6

DDOS Prevention

6.6.6.1

SYN Flood Protection

SYN Flood Protection allows you to protect from attack that exploits part of the normal TCP three-way handshake

to consume resources on the targeted server and render it unresponsive. Essentially, with SYN flood DDoS, the offender
sends TCP connection requests faster than the targeted machine can process them, causing network saturation.

Field Name

Sample value

Explanation

1. Enable SYN flood

protection

Enable/Disable

Makes router more resistant to SYN flood attacks.

2. SYN flood rate

“25”

Set rate limit (packets/second) for SYN packets above

which the traffic is considered a flood.

3. SYN flood burst

“50”

Set burst limit for SYN packets above which the traffic is

considered a flood if it exceeds the allowed rate.

4. TCP SYN cookies

Enable/Disable

Enable the use of SYN cookies(particular choices of initial

TCP sequence numbers by TCP servers).

Summary of Contents for RUT900

Page 1: ...1 USER MANUAL RUT900 3G Router ...

Page 2: ...chnical improvement without prior notice Other product and company names mentioned herein may be trademarks or trade names of their respective owners Attention Before using the device we strongly recommend reading this user manual first Do not rip open the device Do not touch the device if the device block is broken All wireless devices for data transferring may be susceptible to interference whic...

Page 3: ...12 3 1 1 Front Panel and Back Panel 12 3 1 2 Hardware installation 12 3 2 Logging in 13 4 Operation Modes 16 5 Powering Options 16 5 1 Powering the device from higher voltage 17 6 Status 18 6 1 Overview 18 6 2 System Information 19 6 3 Network Information 20 6 4 Device information 31 6 5 Services 32 6 6 Routes 32 6 6 1 ARP 32 6 6 2 Active IP Routes 33 6 6 3 Active IPv6 Routes 33 6 7 Realtime Graph...

Page 4: ...eneral 46 7 1 2 SIM Management 48 7 1 3 Network Operators 48 7 1 4 Mobile Data Limit 50 7 1 5 Sim Idle protection 51 7 2 WAN 52 7 2 1 Operation Mode 52 7 2 2 Common configuration 53 7 3 LAN 59 7 3 1 Configuration 59 7 3 2 DHCP Server 60 7 4 VLAN 61 7 4 1 VLAN Networks 61 7 4 2 LAN Networks 63 7 5 Wireless 63 7 6 Firewall 66 7 6 1 General Settings 66 7 6 2 DMZ 67 7 6 3 Port Forwarding 67 7 6 4 Traf...

Page 5: ...c 86 8 5 3 GRE Tunnel 89 8 5 4 PPTP 91 8 5 5 L2TP 92 8 6 Dynamic DNS 93 8 7 SNMP 94 8 7 1 SNMP Settings 94 8 7 2 TRAP Settings 95 8 8 SMS Utilities 96 8 8 1 SMS Utilities 96 8 8 2 Call Utilities 99 8 8 3 User Groups 99 8 8 4 SMS Management 100 8 8 5 Remote Configuration 101 8 8 6 Statistics 105 8 9 SMS Gateway 105 8 9 1 Post Get Configuration 105 8 9 2 Email to SMS 107 8 9 3 Scheduled Messages 108...

Page 6: ...iversal Plug Play 125 9 System 126 9 1 Configuration Wizard 126 9 2 Profiles 128 9 3 Administration 129 9 3 1 General 129 9 3 2 Troubleshoot 130 9 3 3 Backup 131 9 3 4 Diagnostics 133 9 3 5 MAC Clone 133 9 3 6 Overview 134 9 3 7 Monitoring 135 9 4 User scripts 135 9 5 Safe mode 136 9 6 Firmware 136 9 6 1 Firmware 136 9 6 2 FOTA 137 9 7 Restore point 138 9 7 1 Restore point create 138 9 7 2 Restore...

Page 7: ...10 3 Bootloader s WebUI 139 11 Glossary 140 7 ...

Page 8: ...the requirements of standard EN 60950 1 Do not mount or service the device during a thunderstorm To avoid mechanical damages to the device it is recommended to transport it packed in a damage proof pack Protection in primary circuits of associated PC and PSU LPS against short circuits and earth faults of associated PC shall be provided as part of the building installation To avoid mechanical damag...

Page 9: ...Device connection 9 ...

Page 10: ...orts Auto MDI MDIX 1 2 Wi Fi IEEE 802 11b g n WiFi standards 2x2 MIMO AP and STA modes 64 128 bit WEP WPA WPA2 WPA WPA2 encryption methods 2 401 2 495GHz Wi Fi frequency range 20dBm max WiFi TX power SSID stealth mode and access control based on MAC address 1 3 Hardware High performance 560 MHz CPU with 128 Mbytes of DDR2 memory 5 5 2 5mm DC power socket Reset restore to default button 2 x SMA for...

Page 11: ... Storage humidity 5 to 95 Non condensing 1 5 Applications 11 ...

Page 12: ...he router 2 1 1 Front Panel and Back Panel 1 2 3 LAN Ethernet ports 1 3Gauxiliary antenna connector 4 WAN Ethernet port 2 3G main antenna connector 5 6 7 LAN LEDs 3 4 WiFi antenna connectors 8 WAN LED 4 Reset button 9 Power socket 10 Power LED 11 Connection status LED 12 Signal strength indication LEDs 2 1 2 Hardware installation 1 Remove back panel and insert SIM card which was given by your ISP ...

Page 13: ...gs Network Connections see step 4 You wont s see Internet protocol version 4 TCP IPv4 instead you ll have to select TCP IP Settings and click options Go to step 6 We first must set up our network card so that it could properly communicate with the router 1 Press the start button 2 Type in network connections wait for the results to pop up 3 Click View network connections 4 Then right click on your...

Page 14: ...you can only enter an IP in the form of 192 168 1 XXX where XXX is a number in the range of 2 254 192 168 1 2 192 168 1 254 192 168 1 155 and so on are valid 192 168 1 0 192 168 1 1 192 168 1 255 192 168 1 699 and so on are not Next we enter the subnet mask this has to be 255 255 255 0 Then we enter the default gateway this has to be 192 168 1 1 Finally we enter primary and secondary DNS server IP...

Page 15: ...ser and enter the routers IP into the address field Press enter If there are no problems you should be greeted with a login screen such as this Enter the default password which is admin01 into the Password field and then either click Login with your mouse or press the Enter key You have now successfully logged into the RUT900 From here on out you can configure almost any aspect of your router 15 ...

Page 16: ...ur LAN WAN LAN Mobile Backup link Ethernet Wi Fi Mobile x Ethernet Wi Fi In later sections it will be explained in detail how to configure your router to work in a desired mode 4 Powering Options The RUT9xx router can be powered from power socket or over Ethernet port Depending on your network architecture you can use LAN 1 port to power the device RUT9xx can be powered from power socket and over ...

Page 17: ...C please make sure that you choose power supply of high quality Some power supplies can produce voltage peaks significantly higher than the declared output voltage especially during connecting and disconnecting them While the device is designed to accept input voltage of up to 30 VDC peaks from high voltage power supplies can harm the device If you want to use high voltage power supplies it is rec...

Page 18: ...e current IP addresses of various network interfaces the state of the routers memory firmware version DHCP leases associated wireless stations graphs indicating load traffic etc and much more 5 1 Overview Overview section contains various summary information 18 ...

Page 19: ...irmware upgrade or not 5 Kernel Version 3 10 36 The version of the Linux kernel that is currently running on the router 6 Local Time 2014 11 03 14 33 14 Shows the current system time Might differ from your computer because the router synchronizes it s time with an NTP server Format year month day hours minutes seconds 7 Uptime 0h 40m 46s since 2014 11 03 13 53 13 Indicates how long it has been sin...

Page 20: ... 4308 kB 126452 kB 3 The size of the area in which data is temporarily stored before moving it to another location 5 3 Network Information 5 3 1 1 Mobile Displays information aboutmobile modem connection Mobile information Field Name Sample Value Explanation 1 Data connection state Connected Mobile data connection status 2 IMEI 351579003495949 Modem s IMEI International Mobile Equipment Identity n...

Page 21: ...tes the GSM network s access technology 13 Bytes received 2 3 Kb 2391 bytes How many bytes were received via mobile data connection 14 Bytes sent 1 9 kb 1969 bytes How many bytes were sent via mobile data connection 5 3 1 2 WAN Displays information aboutWAN connection WAN information Field Name Sample Value Explanation 1 Interface Wired Specifies through what medium the router is connecting to the...

Page 22: ...lanation 1 Name Lan Lan instance name 2 IP address 192 168 99 218 Address that the router uses on the LAN network 3 Netmask 255 255 255 0 A mask used to define how large the LAN network is 4 Ethernet LAN MAC address 00 1E 42 00 00 00 MAC Media Access Control address used for communication in a Ethernet LAN Local Area Network 5 Connected for 1h 53m 56s How long LAN has been successfully maintained ...

Page 23: ...o connect to an Access Point via WAN 5 3 1 4 1 Station Displays information about wireless connection Station mode Client mode information Field Name Sample Value Explanation 1 Channel 1 2 41 GHz The channel that the AP to which the routers is connected to uses Your wireless radio is forced to work in this channel in order to maintain the connection 2 Country 00 Country code 3 SSID Teltonika_Route...

Page 24: ...cast the SSID and to establish new connections to devices 2 Country code 00 World Country code 3 SSID Teltonika_Router_Test The SSID that is being broadcast Other devices will see this and will be able to use to connect to your wireless network 4 Mode Access Point AP Connection mode Master indicates that you router is an access point 5 Encryption No Encryption The type of encryption that the route...

Page 25: ... 2 Device Name Android 9aed2b2077a54c74 DHCP client s hostname 3 Signal 54dBm Received Signal Strength Indicator RSSI Signal s strength measured in dBm 4 RX Rate 24 0Mbit s MCS 0 20MHz The rate at which packets are received from associated station 5 TX Rate 54 0Mbit s MCS 0 20MHz The rate at which packets are sent to associated station 5 3 1 6 OpenVPN Client must be updated Displays openVPN connec...

Page 26: ...Mask 255 255 255 255 Remote virtual network s subnet mask 5 Time 20h 13m 9s For how long the connection has been established 5 3 1 8 Client information Field Name Sample Value Explanation 1 Common Name Client1 Client connection 2 Real Address 192 168 99 91 50850 Client s IP address and port number 3 Virtual Address 172 16 1 6 Virtual address which has been given to a client 4 Connection Since 2015...

Page 27: ...IP 192 168 1 253 Virtual IP address es for LAN s VRRP Virtual Router Redundancy Protocol cluster 3 Priority 100 Router with highest priority value on the same VRRP Virtual Router Redundancy Protocol cluster will act as a master range 1 255 4 Router Master Since when connection has been established Exclusive to other Modes with Slave 27 ...

Page 28: ...5 3 1 10 Topology Network scanner allowing you to quickly retrieve information about network devices 28 ...

Page 29: ...Value Explanation 1 Type SSH HTTP HTTPS Type of connection protocol 2 Status Disabled Enabled Connection status 3 Port 22 80 443 Connection port used 4 Active Connections 0 0 00B 1 9 26 KB 6 558 12 KB Count of active connections and amount of data transmitted in KB Exclusive to other Modes with Slave 29 ...

Page 30: ... status Field Name Sample Value Explanation 1 Type SSH HTTP HTTPS Type of connection protocol 2 Date 2015 05 11 10 36 59 Date and time of connection 3 IP 192 168 1 167 IP address from which the connection was made 4 Authentications Status Failed Succeded Status of authentication attempt 30 ...

Page 31: ...anufacturing process 4 Hardware revision 0321 Hardware revision of the device 5 IMEI 860461024164561 Identification number of the internal modem 6 IMSI 246020100070220 Subscriber identification number of the internal modem 6 Ethernet LAN MAC 3E 83 6F 84 E1 A4 MAC address of the Ethernet LAN ports 7 Ethernet WAN MAC AE F4 F3 5B 9D CC MAC address of the Ethernet WAN port 8 Wireless MAC N A MAC addre...

Page 32: ...d MAC addresses of every immediate device that was communicating with the router Field Name Sample Value Explanation 1 IP Address 192 168 99 17 Recently cashed IP addresses of every immediate device that was communicating with the router 2 MAC Address 00 25 22 D7 CA A7 Recently cashed MAC addresses of every immediate device that was communicating with the router 3 Interface br lan Interface used f...

Page 33: ...0 0 0 0 Indicates through which gateway a TCP IP packet should be directed 4 Metric 0 Metric number indicating interface priority of usage 5 5 3 Active IPv6 Routes Displays active IPv6 routes for data packet transmittion Field Name Sample Value Explanation 1 Network loopback Network interface used 2 Target 0 0 0 0 0 0 0 0 0 Indicates where a TCP IP packet with a specific IP address should be direc...

Page 34: ...l Strenght Displays mobile signal strength variation in time measured in dBm Field Name Sample Value Explanation 1 Connection type 3G WCDMA Type of mobile connection used 2 Signal 72 dBm Current signal strength value 3 Average 72 0 dBm Average signal strength value 4 Peak 72 dBm Peak signal strength value 34 ...

Page 35: ... one corresponding to the average CPU load over 1 red 5 orange and 15 yellow most recent minutes Field Name Sample Value Explanation 1 1 5 15 Minutes Load 0 83 Time interval for load averaging color of the diagram 2 Average 0 86 Average CPU load value over time interval 1 5 15 Minute 3 Peak 1 50 Peak CPU load value of the time interval 35 ...

Page 36: ... also displays peak loads over 1 5 and 15 minutes Field Name Explanation 1 Bridge Cumulative graph which encompasses wired Ethernet LAN and the wireless network 2 LAN Graphs the total traffic that passes through both LAN network interfaces 3 WAN Wired Graphs the amount of traffic which passed through the current active WAN connection 4 Mobile Graphs the amount of traffic which passed through the m...

Page 37: ...5 6 4 Realtime Wireless Displaysthe wireless radio signal signal noise and theoretical maximum channel permeability Average and peak signal levels are displayed 37 ...

Page 38: ...5 6 5 Realtime Connections Displays currently active network connections With the information on network protocol source and destination addresses transfer speed 38 ...

Page 39: ...bile connection data sent and received in KB of this day week month 5 8 Speed Test Speed test is a tool for measuring your internet connection upload and download speeds You can select servers for manual testing or use auto test 39 ...

Page 40: ...5 9 Events Log Event log displays such actions as login reboot firmware flashing and reset 5 9 1 All Events Displays all router events their type and time of occurrence 40 ...

Page 41: ...2 System Events Displays all system events their type and time of occurance Events include authentication or reboot requests safemode incoming and outgoing SMS and calls configuration changes DHCP events 41 ...

Page 42: ...5 9 3 Network Events Displays information about recent network events like connection status change lease status change network type or operator change 42 ...

Page 43: ...ify created rules for events reporting 5 9 4 1 Events Reporting Configuration Allows to review created rules details and modify them so after event occurrence messages or emails are sent to specified address or phone numbers with information about the event 43 ...

Page 44: ...pected shut down Specify event subtype to activate the rule 4 Action Send SMS Action to perform when an event occurs 5 Custom message Enable Disable When action occurs custom message will be send 6 Recipient s phone number 123456789 For whom you want to send a SMS 5 9 5 Reporting Configuration Displays configured services for event reporting allows to enable disable view and modify the parameters ...

Page 45: ...92 168 123 123 FTP File transfer Protocol host name e g ftp exemple com 192 168 123 123 Allowed characters a z A Z0 9 _ 6 User name Username User name for authentication on SMTP Simple Mail Transfer Protocol or FTP File Transfer Protocol server Allowed characters a z A Z0 9 _ 7 Password password Password for authentication on SMTP Simple Mail Transfer Protocol or FTP File Transfer Protocol server ...

Page 46: ...nt Name APN is a configurable network identifier used by a mobile device when connecting to a GSM carrier 4 PIN number 1234 or any number that falls between 0000 and 9999 A personal identification number is a secret numeric password shared between a user and a system that can be used to authenticate the user to the system 5 Dialing number 99 1 Dialling number is used to establish a mobile PPP Poin...

Page 47: ...ablishing mobile data connection while not in home network 11 Use IPv4 only Enable Disable If enabled this function makes the device to use only IPv4 settings when connecting to operator Warning If an invalid PIN number was entered i e the entered PIN does not match the one that was used to protect the SIM card your SIM card will get blocked To avoid such mishaps it is highly advised to use an unp...

Page 48: ...ard is exceeded 6 On sms limit Enable Disable Perform a SIM card switch when sms limit for your currrent SIM card is exceeded 7 On roaming Enable Disable Perform a SIM card switch when roaming is detected 8 On data connection fail Enable Disable Perform a SIM card switch when data connection fails 9 Switch back to primary SIM card after timeout Enable Disable Switch back to primary SIM card after ...

Page 49: ...tatus have to be available There is manual connection to network operator you have to fill numeric name and it s have to be available Field Name Sample Value Explanation 1 SIM card in use SIM 1 SIM 2 Shows current SIM card s in use 2 Current operator TELE2 Operator s name of the connected GSM network 49 ...

Page 50: ...Period for which mobile data limiting should apply 4 Start day Start hour 1 A starting time for mobile data limiting period 6 1 4 2 SMS Warning Configuration Field Name Sample value Explanation 1 Enable SMS warning Enable Disable Enables sending of warning SMS message when mobile data limit for current period is reached 2 Data limit MB 200 Send warning SMS message after limit value in MB is reache...

Page 51: ...tion 2 Period Month Week Switches between monthly and weekly sim activation periods 3 Day 1 31 Monday Sunday Specifies the day for SIM idle protection activation 1 31 if Period is Month and Monday Sunday if period is week 4 Hour 1 24 Specifies the hour for SIM idle protection activation 5 Minute 1 60 Specifies the minute for SIM idle protection activation 6 Host to ping 8 8 8 8 Specifies IP addres...

Page 52: ...day Displays the IP of the Host 4 Ping Success Displays status of ping attempt 6 2 WAN 6 2 1 Operation Mode Type Explanation 1 Main WAN Switches between Mobile Wired and WiFi interface for main WAN 2 Backup WAN Let s user to select one or two interfaces for WAN backup 3 Interface Name Displays Wan interface name and changes interface priority the interface at the table top has the highest priority...

Page 53: ...99 162 Your routers address on the WAN network 2 IPv4 netmask 255 255 255 0 A mask used to define how large the WAN network is 3 IPv4 gateway 192 168 99 254 Address where the router will send all the outgoing traffic 4 IPv4 broadcast 192 168 99 255 Broadcast address autogenerated if not set It is best to leave this blank unless you know what you are doing 5 custom DNS servers 8 8 8 8 8 8 6 6 Usual...

Page 54: ...tup for when you select PPPoE protocol Filed name Sample Explanation 1 PAP CHAP username test Your username and password that you would use to connect to your carriers network 2 PAP CHAP password your_password A mask used to define how large the WAN network is 3 Access Concentrator isp Specifies the name of access concentrator Leave empty to auto detect 4 Service Name isp Specifies the name of the...

Page 55: ...ess i e that IP will only work with your computer In this field you can enter your computers MAC address and fool the gateway in thinking that it is communicating with your computer 3 Override MTU 1500 Maximum transmission unit specifies the largest possible size of a data packet 4 Use gateway metric 0 The WAN configuration by default generates a routing table entry With this field you can alter t...

Page 56: ...d fool the gateway in thinking that it is communicating with your computer 9 Override MTU 1500 Maximum transmission unit specifies the largest possible size of a data packet 6 2 2 2 3 PPPoE Field name Sample value Explanation 1 Disable NAT Enable Disable If checked router will not perform NAT masquerade on this interface 2 Use default gateway Enable Disable If unchecked no default route is configu...

Page 57: ...t it will reroute it s traffic not to the gateway that is defined in common configurations but through the one that is specified in IP aliases You may also optionally define a broadcast address and a custom DNS server 6 2 2 2 5 Backup WAN configuration Backup WAN is function that allows you to back up your primary connection in case it goes down There can be two backup connections selected at the ...

Page 58: ...lability that of the internet as a whole 3 Health monitor ICMP timeout 1 3 4 5 10 Seconds How long to wait for an ICMP request to come back Set a higher value if your connection has high latency or high jitter latency spikes 4 Attempts before failover 1 3 5 10 15 20 How many checks should fail for your WAN connection to be declared DOWN for good 5 Attempts before recovery 1 3 5 10 15 20 How many c...

Page 59: ...arge the LAN network is 3 IP broadcast 0 IP broadcasts are used by BOOTP and DHCP clients to find and send requests to their respective servers 6 3 1 2 Advanced settings Field name Sample value Explanation 1 Accept router advertisements Enable Disable If enabled allows accepting router advertisements Disabled by default 2 Override MTU 1500 MTU Maximum Transmission Unit specifies the largest possib...

Page 60: ...s 192 168 2 1 and your subnet mask is 255 255 255 0 that means that in your network a valid IP address has to be in the range of 192 168 2 1 192 168 2 254 192 168 2 0 and 192 168 2 255 are special unavailable addresses If the Start value is set to 100 then the DHCP server will only be able to lease out addresses starting from 192 168 2 100 3 Limit 150 How many addresses the DHCP server gets to lea...

Page 61: ... netmask You can override your LAN netmask here to make the DHCP server think it s serving a larger or a smaller network than it actually is 4 DHCP Options Additional options to be added for this DHCP server For example with 26 1470 or option mtu 1470 you can assign an MTU per DHCP Your client must accept MTU by DHCP for this to work 6 4 VLAN On this page you can configure your virtual LAN setting...

Page 62: ...ess access points Enabled Disabled Assign selected access point s to selected LAN 4 LAN Select to which LAN to assign selected LAN ports and wireless access points If VLAN mode Taged based Field Name Sample Value Explanation 1 VLAN ID 1 VLAN Identification number allowed in range 1 4094 3 Wireless access points Enabled Disabled Assign selected access point s to selected LAN 4 LAN Select to which L...

Page 63: ...an configure your wireless settings Depending on whether your WAN mode is set to Wi Fi or not the page will display either the options for configuring an Access Point or options for configuring a connection to some local access point Access Point Here you can see the Overview of the wireless configuration It is divided into two main sections device and interface One is dedicated to configuring har...

Page 64: ...Auto b g g n Different modes provide different throughput and security options 2 Country Code Any ISO IEC 3166 alpha2 country code Selecting this will help the wireless radio configure its internal parameters to meet your countries wireless regulations 3 Transmit power 20 40 60 80 100 Select WiFi signal power 4 Frag Threshold 2346 The smallest packet size that can be fragmented and transmitted by ...

Page 65: ...P CCMP encryption After you ve selected your encryption method you should enter your passphrase which must be at least 8 characters long 6 5 1 2 2 MAC Filter Filter you can define a rule for what to do with the MAC list you ve defined You can either allow only the listed MACs or allow ALL but forbid only the listed ones 6 5 1 2 3 Advanced settings Separate clients prevents Wi Fi clients from commu...

Page 66: ...d Name Sample value Explanation 1 Drop Invalid packets Checked Unchecked A Drop action is performed on a packet that is determined to be invalid 2 Input Reject Drop Accept DEFAULT action that is to be performed for packets that pass through the Input chain 3 Output Reject Drop Accept DEFAULT action that is to be performed for packets that pass through the Output chain 4 Forward Reject Drop Accept ...

Page 67: ...68 1 109 to be reached from the outside by entering http routersExternalIp 12345 Field Name Sample value Explanation 1 Name localWebsite Name of the rule Used purely to make it easier to manage rules 2 Protocol TCP UDP TCP UDP Other Type of protocol of incoming packet 3 External Port 1 65535 From what port on the WAN network will the traffic be forwarded 4 Internal IP address IP address of some co...

Page 68: ... ICMP Custom You may specify multiple by selecting custom and then entering protocols separated by space 3 Source zone LAN VPN WAN Match incoming traffic from this zone only 4 Source MAC address Any Match incoming traffic from these MACs only 5 Source IP address any Match incoming traffic from this IP or range only 7 Source port any Match incoming traffic originating from the given source port or ...

Page 69: ...e with care 6 6 4 Traffic Rules The traffic rule page contains a more generalised rule definition With it you can block or open ports alter how traffic is forwarded between LAN and WAN and many more things Field Name Explanation 1 Name Name of the rule Used for easier rules management purpose only 2 Protocol Protocol type of incoming or outgoing packet 3 Source Match incoming traffic from this IP ...

Page 70: ...lected address family only 3 Protocol TCP UDP Any ICMP Custom Protocol of the packet that is being matched against traffic rules 4 Match ICMP type any Match traffic with selected ICMP type only 5 Source zone Any zone LAN VPN WAN Match incoming traffic from this zone only 6 Source MAC address any Match incoming traffic from these MACs only 7 Source address any Match incoming traffic from this IP or...

Page 71: ...so define additional options like limiting packet volume and defining to which chain the rule belongs 6 6 4 1 Open Ports On Router Field Name Sample value Explanation 1 Name Open_Port_rule Used to make rule management easier 2 Protocol TCP UDP Any ICMP Custom Protocol of the packet that is being matched against traffic rules 3 External port 1 65535 Match incoming traffic directed at the given dest...

Page 72: ... the packet that is being matched against traffic rules 3 Source LAN VPN WAN Match incoming traffic from selected address family only 4 Destination Redirect matched traffic to the given IP address and destination port 5 SNAT SNAT Source Network Address Translation rewrite packet s source IP address and port 6 Enable Enable Disable Make a rule active inactive 72 ...

Page 73: ...d against traffic rules 3 Source zone LAN VPN WAN Match incoming traffic from this zone only 4 Source MAC address any Match incoming traffic from these MACs only 5 Source address any Match incoming traffic from this IP or range only 6 Source port any Match incoming traffic originating from the given source port or port range on the client host only 7 Destination zone LAN VPN WAN Match forwarded tr...

Page 74: ... port 22 Rewrite matched traffic to the given source port May be left empty to only rewrite the IP address 12 Extra arguments Passes additional arguments to iptables Use with care 6 6 5 Custom Rules Here you have the ultimate freedom in defining your rules you can enter them straight into the iptables program Just type them out into the text field ant it will get executed as a Linux shell script I...

Page 75: ...n process them causing network saturation Field Name Sample value Explanation 1 Enable SYN flood protection Enable Disable Makes router more resistant to SYN flood attacks 2 SYN flood rate 25 Set rate limit packets second for SYN packets above which the traffic is considered a flood 3 SYN flood burst 50 Set burst limit for SYN packets above which the traffic is considered a flood if it exceeds the...

Page 76: ...0 Maximum ICMP echo requestduring the period 5 Limit burst 5 Indicating the maximum burst before the above limit kicks in 6 6 6 3 SSH Attack Prevention Prevent SSH Allows a user to run commands on a machine s command prompt without them being physically present near the machine attacks by limiting connections in defined period Field Name Sample value Explanation 1 Enable SSH limit Enable Disable E...

Page 77: ...ing it down Field Name Sample value Explanation 1 Enable HTTP limit Enable Disable Limits HTTP connections per period 2 Limit period Second Minute Hour Day Select in what period limit HTTP connections 3 Limit 10 Maximum HTTP connections during the period 4 Limit burst 10 Indicating the maximum burst before the above limit kicks in 6 6 6 5 HTTPS Attack Prevention Field Name Sample value Explanation...

Page 78: ... a packet about to be routed fits two rules the one with the higher metric is applied Additional note on Target Netmask You can define a rule that applies to a single IP like this Target some IP Netmask 255 255 255 255 Furthermore you can define a rule that applies to a segment of IPs like this Target some IP that STARTS the segment Netmask Netmask that defines how large the segment is E g 192 168...

Page 79: ...t priority value on the same VRRP Virtual Router Redundancy Protocol cluster will act as a master 7 1 2 Check Internet connection Field name Sample Explanation 1 Enable Enable Disable Enable WAN s connection monitoring 2 Ping IP address 8 8 4 4 A host to send ICMP Internet Control Message Protocol packets to 3 Ping interval 10 Time interval in minutes between two Pings 4 Ping timeout sec 1 Respons...

Page 80: ...xplanation 1 Enable Enable Disable Enable TR 069 client 2 Enable Periodic Transmission Enable Disable Enable periodic transmissions of data to server 3 Sending interval 100 Periodic data transmission to server period 4 User name admin User name for authentication on TR 069 server 5 Password Password for authentication on TR 069 server 6 URL http 192 168 1 110 8080 TR 069 server URL address 80 ...

Page 81: ...ng else Blacklist block every site on the list and allow everything else 7 3 2 Proxy based URL content blocker Field name Sample Explanation 1 Enable Enable Disable Enable proxy server based URL content blocking Works with HTTP protocol only 2 Mode Whitelist Blacklist Whitelist allow every part of URL on the list and block everything else Blacklist block every part of URL on the list and allow eve...

Page 82: ... functionality 4 Update interval How often router updates systems time 5 Count of time synchronizations Total amount of times that router will do the synchronization If left blank the count will be infinite 6 Offset frequency Adjust the minor drift of the clock so that it will be more accurate Note that under Time Servers at least one server has to be present otherwise NTP will not serve its purpo...

Page 83: ...ration to establish any sort of OpenVPN connection To create it enter desired configuration name in New configuration name field select device role from Role drop down list For example to create an OpenVPN client with configuration name Demo select client role name it Demo and press Add New button as shown in the following picture To see at specific configuration settings press edit button located...

Page 84: ...There can be multiple server client instances 84 ...

Page 85: ...er make sure that this port allowed by firewall 5 LZO This setting enables LZO compression With LZO compression your VPN connection will generate less network traffic however this means higher router CPU loads Use it carefully with high rate traffic or low CPU resources 6 Encryption Selects Packet encryption algorithm 7 Authentication Sets authentication mode used to secure data sessions Two possi...

Page 86: ...tificate that is used by client systems to make authenticated requests to a remote server Client certificates play a key role in many mutual authentication designs providing strong assurances of a requester s identity 15 Client key Authenticating the client to the server and establishing precisely who they are After setting any of these parameters press Save button Some of selected parameters will...

Page 87: ...s 6 My identifier Set the device identifier for IPSec tunnel In case RUT has Private IP its identifier should be its own LAN network address In this way the RoadWarrior approach is possible 7 Preshare key Specify the authentication secret string Secret s length depends on selected algorithm eg 128 bit long secret is 16 characters in length 128 bits 8 bits one character 16 8 Remote VPN endpoint Set...

Page 88: ...be LAN network of remote IPSec host Field name Explanation 1 Tunnel keep alive Allows sending ICMP echo request Ping utility to the remote tunnel network This function may be used to automatically start the IPSec tunnel This function should be used every time 2 Enable Allows sending ICMP echo requests to the remote tunnel network 3 Host Enter IP address to which ICMP echo requests will be sent 4 P...

Page 89: ...h as the Internet GRE tunneling does not use encryption it simply encapsulates data and sends it over the WAN In the example network diagram two distant networks LAN1 and LAN2 are connected To create GRE tunnel the user must know the following parameters 1 Source and destination IP addresses 2 Tunnel local IP address 3 Distant network IP address and Subnet mask 89 ...

Page 90: ...on unit MTU of a communications protocol of a layer in bytes 8 TTL Specify the fixed time to live TTL value on tunneled packets 0 255 The 0 is a special value meaning that packets inherit the TTL value 9 PMTUD Check the box to enable the Path Maximum Transmission Unit Discovery PMTUD status on this tunnel 10 Enable Keep alive It gives the ability for one side to originate and receive keepalive pac...

Page 91: ...ompany no longer needs to lease its own lines for wide area communication but can securely use the public networks This kind of interconnection is known as a virtual private network VPN Field name Explanation 1 Enable Check the box to enable the PPTP function 2 Local IP IP Address of this device RUT 3 Remote IP range begin IP address leases beginning 4 Remote IP range end IP address leases end 5 U...

Page 92: ...able Check the box to enable the GRE Tunnel function 2 Local IP IP Address of this device RUT 3 Remote IP range begin IP address leases beginning 4 Remote IP range end IP address leases end 5 Username Username to connect to L2TP this server 6 Password Password to connect to L2TP server Client configuration is even simplier which requires only Servers IP Username and Password 92 ...

Page 93: ...DNS Hostnames in the main DDNS Configuration section To edit your selected configuration hit Edit Field name Value Explanation 1 Enable Enables current DDNS configuration 2 Status Timestamp of the last IP check or update 3 Service 1 dydns org 2 3322 org 3 no ip com 4 easydns com 5 zoneedit com Your dynamic DNS service provider selected from the list In case your DDNS provider is not present from t...

Page 94: ...2 minutes Time interval in minutes to force IP address renew 7 7 SNMP SNMP settings window allows you to remotely monitor and send GSM event information to the server 7 7 1 SNMP Settings Field name Sample Explanation 1 Enable SNMP service Enable Disable Run SNMP Simple Network Management Protocol service on system s start up 2 Enable remote access Enable Disable Open port in firewall so that SNMP ...

Page 95: ...9 1 1 7 Pin status 8 1 3 6 1 4 1 99999 1 1 8 IMSI 9 1 3 6 1 4 1 99999 1 1 9 Mobile network registration status 10 1 3 6 1 4 1 99999 1 1 10 Signal level 11 1 3 6 1 4 1 99999 1 1 11 Operator currently in use 12 1 3 6 1 4 1 99999 1 1 12 Operator number MCC MNC 13 1 3 6 1 4 1 99999 1 1 13 Data session connection state 14 1 3 6 1 4 1 99999 1 1 14 Data session connection type 15 1 3 6 1 4 1 99999 1 1 15...

Page 96: ...work Management Protocol Community is an ID that allows access to a router s SNMP data 7 8 SMS Utilities RUT900 has extensive amount of various SMS Utilities These are subdivided into 6 sections SMS Utilities Call Utilities User Groups SMS Management Remote Configuration Statistics 7 8 1 SMS Utilities You can choose your SMS Keyword text to be sent and authorized phone number in the main menu You ...

Page 97: ... Data state Operator Connection type Signal Strength Connection State IP You can select which status elements to display 9 Wireless On Off via SMS This check box will enable and disable this function Allows Wi Fi control via SMS 10 Wireless on SMS text SMS text which will turn Wi Fi ON SMS text can contain letters numbers spaces and special symbols Capital letters also matters 11 Wireless on SMS t...

Page 98: ...Capital letters also matters 3 3G off SMS text Text to turn 3G connection OFF 4 Write to config Permanently saves 3G network state With this setting enabled router will keep 3G state even after reboot If it is not selected router will revert 3G state after reboot 5 Change profile via SMS This check box will enable and disable this function Function disabled by default 6 SMS text to change profile ...

Page 99: ...Allowed users From all numbers Allows to limit action triggering from all users to user groups or single user numbers 4 Get status via SMS after reboot Enable Disable Enables automatic message sendingwith router status information after reboot 7 8 3 User Groups Gives possibility to group phone numbers for SMS management purposes You can then later use these groups in all related SMS functionalitie...

Page 100: ...number Should be preceded with country code i e 370 2 Message My text Message text special characters are allowed 7 8 4 3 Storage With storage option you can choose for router NOT to delete SMS from SIM card If this option is not used router will automatically delete all incoming messages after they have been read Message status read unread is examined every 60 seconds All read messages are delete...

Page 101: ...the router that you wish to configure and Send the SMS Total count of SMS is managed automatically You should be aware of possible number of SMS and use this feature at your own responsibility It should not generally be used if you have high cost per SMS This is especially relevant if you will try to send whole OpenVPN configuration which might acumulate 40 SMS 7 8 5 1 Receive configuration This s...

Page 102: ...l numbers From group From single number Gives greater control and security measures Note that for safety reasons Authorization method should be configured before deployment of the router 7 8 5 2 Send configuration This section lets you configure remote devices The authorization settings must confirm to those that are set on the receiving party 102 ...

Page 103: ...de configuration forLAN Local Area Network 5 Interface Wired Mobile Interface type used for WAN Wide Area Network connection 6 Protocol Static DHCP Network protocol used for network configuration parameters management 7 IP address 217 147 40 44 IP address that router will use to connect to the internet 8 IP netmask 255 255 255 0 That will be used to define how large the WAN Wide Area Network netwo...

Page 104: ...enticate new connections on your GSM carrier s network 18 User name admin User name used for authentication on your GSM carrier s network 19 Password password Password used for authentication on your GSM carrier s network 20 Service mode 2G only 2G preferred 3G only 3G preferred Automatic Select network s preference If your local mobile network supports GSM 2G and UMTS 3G you can specify to which ...

Page 105: ... both SIM card slots You can also reset the counters 7 9 SMS Gateway 7 9 1 Post Get Configuration Post Get Configuration allows you to perform actions by writing these requests URI after your device IP address Field name Values Notes 1 Enable Enabled Disabled Enable SMS management functionality through POST GET 2 User name admin User name used for authorization 3 Password Password used for authori...

Page 106: ...sage cgi bin sms_send number PHONE_NUMBER text MESSAGE_TEXT Send message cgi bin sms_delete number MESSAGE_INDEX Delete message cgi bin sms_list List all messages cgi bin sms_ total Number of messages in memory Note parameters of HTTP POST GET string are in capital letters inside curly brackets Curly brackets are not needed when submitting HTTP POST GET string 7 9 1 3 Parameters of HTTP POST GET s...

Page 107: ... bin sms_list http 192 168 1 1 cgi bin sms_total 7 9 2 Email to SMS Field name Values Notes 1 Enable Enable Disable Allows to convert received Email to SMS 2 POP3 server pop gmail com POP3 server address 3 Server port 995 Server authentication port 4 User name admin User name using for server authentication 5 Password admin01 Password using for server authentication 6 Secure connection SLL Enable ...

Page 108: ...7 9 3 Scheduled Messages Scheduled messages allows to periodically send mobile messages to specified number 108 ...

Page 109: ...es 1 Enable Enable Disable Activates periodical messages sending 2 Recipient s phone number 37060000001 Phone number that will receive messages 3 Message text Test Message that will be send 4 Message sending interval Day Week Month Year Message sending period 109 ...

Page 110: ...alues Notes 1 Enable Enable Disable Enable auto reply to every received mobile message 2 Don t save received message Enable Disable If enabled received messages are not going to be saved 3 Mode Everyone Listed numbers Specifies from which senders received messages are going to be replied 4 Message Text Message text that will be sent in reply 110 ...

Page 111: ...es to 4 Number value name sender Name to assign for sender s phone number value in query string 5 Message value name text Name to assign for message text value in query string 6 Extra data pair 1 Var1 17 If you want to transfer some extra information through HTTP query enter variable name on the left field and its value on the right 7 Extra data pair 2 Var2 go If you want to transfer some extra in...

Page 112: ... Disable Enable mobile message forwarding 2 Add sender number Enable Disable If enabled original senders number will be added at the end of the forwarded message 3 Mode All message From listed numbers Specifies from which senders received messages are going to be forwarded 4 Recipients phone numbers 37060000001 Phone numbers to which message is going to be forwarded to 112 ...

Page 113: ...P server mail teltonika lt Your SMTP server s address 5 SMTP server port 25 Your SMTP server s port number 6 Secure connection Enable Disable Enables the use of cryptographic protocols enable only if your SMTP server supports SSL or TLS 7 User name admin Your full email account user name 8 Password Your email account password 9 Sender s email address name surname gmail com Your address that will b...

Page 114: ...ages but receiving incoming messages is not supported for now Field name Values Notes 1 Enable Enable Disable Enables SMPP server on router 2 User name admin User name which clients will need to connect to SMPP server 3 Password Password which clients will need to connect to SMPP server 4 Server port 7777 Server port to be used for SMPP communication You can choose any unused port 0 65535 114 ...

Page 115: ...less hotspot provides essential functionality for managing an open access wireless network In addition to standard RADIUS server authentication there is also the ability to gather and upload detailed logs on what each device denoted as a MAC address was doing on the network what sites were traversed etc 7 11 1 General settings 115 ...

Page 116: ... External radius 4 Radius server 1 The IP address of the RADIUS server that is to be used for Authenticating your wireless clients 5 Radius server 2 The IP address of the second RADIUS server 6 Authentication port RADIUS server authentication port 7 Accounting port RADIUS server accounting port 8 Authentication mode Internal radius 9 IP address or network of the client E g 192 168 1 1 or 192 168 1...

Page 117: ...ich contain data on what websites each client was visiting during the time he was connected to your hotspot 2 Server address The IP address of the FTP server to which you want the logs uploaded 3 Username The username of the user on the aforementioned FTP server 4 Password The password of the user 5 Port The TCP IP Port of the FTP server 117 ...

Page 118: ...y only commas E g If you want to upload the logs on Monday Wednesday and Saturday you should enter 1 3 6 3 Interval Shows up only when Mode is set to Interval Specifies the interval of regular uploads on one specific day E g If you choose 4 hours the uploading will be done on midnight 4 00 8 00 12 00 16 00 and 20 00 4 Hours Minutes Shows up only when Mode is set to Fixed Uploading will be done on ...

Page 119: ...s landing page title 2 Theme Landing page theme selection 3 Upload login page Allows to upload custom landing page theme 4 Login page file Allows to download and save your landing page file In the sections Terms Of Services Background Configuration Logo Image Configuration Link Configuration Text Configuration you can customize various parameters of landing page components 119 ...

Page 120: ...7 11 4 2 Template In this page you can review landing page template HTML code and modify it 120 ...

Page 121: ... information is passed to a RADIUS server which checks that the information is correct and then authorizes access to the ISP system Field name Explanation 1 Enable Activates an authentication and accounting system 2 Remote access Activates remote access to radius server 3 Accounting port Port on which to listen for acounting 4 Authentication port Port on which to listen for authentication 121 ...

Page 122: ...er of unsuccessful retries router will reboot It is possible to turn of the router rebooting after defined unsuccessful retries Therefore this feature can be used as Keep Alive function when router Pings the host unlimited number of times Field name Explanation Notes 1 Enable This check box will enable or disable Ping reboot feature Ping Reboot is disabled by default 2 Reboot router if no echo rec...

Page 123: ...erval 7 Host to ping from SIM 1 IP address or domain name which will be used to send ping packets to E g 192 168 1 1 or www host com if DNS server is configured correctly Ping packets will be sending from SIM1 8 Host to ping from SIM 2 IP address or domain name which will be used to send ping packets to E g 192 168 1 1 or www host com if DNS server is configured correctly Ping packets will be send...

Page 124: ...acteristics can be measured improved and to some extent guaranteed in advance QoS is of particular concern for the continuous transmission of high bandwidth video and multimedia information QoS can be improved with traffic shaping techniques such as packet network traffic port prioritization 124 ...

Page 125: ...y for the entire LAN Field name Sample Explanation 1 Enable Enable Disable Enable UPNP service 2 Use secure mode Enable Disable Enable secure mode allow adding forwards only to requesting IP Field name Sample Explanation 1 Enable UPnP port mapping Enable Disable Enable UPnP port mapping functionality 2 Use NAT PMP port mapping Enable Disable Enable NAT PMP mapping functionality 3 Device UUID 109f5...

Page 126: ...zard The configuration wizard provides a simple way of quickly configuring the device in order to bring it up to basic functionality The wizard is comprised out of 4 steps and they are as follows Step 1 General change First the wizard prompts you to change the default password Simply enter the same password into both Password and Confirmation fields and press Next 126 ...

Page 127: ...our mobile configuration On a detailed instruction on how this should be done see the Mobilesection under Network Step 3 LAN Next you are given the chance to configure your LAN and DHCP server options For a detailed explanation see LAN under Network 127 ...

Page 128: ...nt When you re done with the configuration wizard press Save 8 2 Profiles Router can have virtually unlimited number or configuration profiles which you can later apply either via WebUI or via SMS When you add New Profile you save current full configuration of the router Note profile names cannot exceed 10 symbols 128 ...

Page 129: ...as well 4 Confirm new password Re enter your new administration password 5 Language Website will be translated into selected language 6 IPv6 support Enable IPv6 support on rounter 7 Show mobile info at login page Show operator and signal strength at login page 8 Show WAN IP at login page Show WAN IP at login page 9 On Off leds If uncheck all routers leds are off 10 Restore to default Router will b...

Page 130: ... PPPD information Default setting disabled should be used unless instructed otherwise 5 Include Chat script information Default setting enabled should be used unless instructed otherwise 6 Include network topology information Default setting disabled should be used unless instructed otherwise 7 System Log Provides on screen System logging information It does not however substitute troubleshooting ...

Page 131: ...t router settings file to personal computer This file can be loaded to other RUT900 with same Firmware version in order to quickly configure it 2 Restore from backup Select upload and restore router settings file from personal computer 8 3 3 1 Access Control General 131 ...

Page 132: ...S communication 9 Enable CLI Enables Command Line Interface 10 Enable remote CLI Enables remote Command Line Interface 11 Port Port to be used for CLI communication Note The router has 2 users admin for WebUI and root for SSH When logging in via SSH use root 8 3 3 2 Access Control Safety Field name Explanation 1 SSH access secure enable Check box to enable SSH access secure functionality 2 Clean a...

Page 133: ...le 3 Traceroute Diagnostics tool for displaying the route path and measuring transit delays of packets across an Internet IP network Log containing route information will be shown after few seconds 4 Nslookup Network administration command line tool for querying the Domain Name System DNS to obtain domain name or IP address mapping or for any other specific DNS record Log containing specified serv...

Page 134: ... page 6 Local network Check box to show Local network table in Overview page 7 Access control Check box to show Access control table in Overview page 8 Recent system events Check box to show Recent system events table in Overview page 9 Recent network events Check box to show Recent network events table in Overview page 10 Hotspot name Hotspot Check box to show Hotspot instance table in Overview p...

Page 135: ... numbers are displayed for conveniencei n this page becouse they are needed when adding device to monitoring system Field name Explanation 1 Enable remote monitoring Enables the device to connect to remote monitoring system 8 4 User scripts Advanced users can insert their own commands that will be executed at the end of booting process 135 ...

Page 136: ...ke Wireless Hotspot VRRPD SNMP Web Filterare removed Safe mode firmware can be recognized from different logo and reduced menu in the WebUI The sole purpose of safe mode firmware is to allow the user to update master firmware and in doing so toremove all previous configuration settings To make safe mode useful it is strongly recommended to back up configuration of master firmware when the user is ...

Page 137: ... supply and do not press reset button during upgrade process This would seriously damage your router and make it inaccessible If you have any problems related to firmware upgrade you should always consult with local dealer 8 6 2 FOTA Field name Explanation 1 Server address Specify server address to check for firmware updates E g http teltonika sritis lt rut9xx_auto_update clients 2 User name User ...

Page 138: ...ed restore point You can upload restore point from your computer or from router s external memory 8 8 Reboot Reboot router by pressing button Reboot 9 Device Recovery The following section describes available options for recovery of malfunctioning device Usually device can become unreachable due to power failure during firmware upgrade or if its core files were wrongly modified in the file system ...

Page 139: ... to reduce its size Wireless Hotspot VRRPD SNMP and Web Filter function were removed Safemode firmware can be recognized from different logo and reduced menu in the WebUI The sole purpose of safemode firmware is to allow the user to update master firmware on the routerandto reset all previous configuration changes while doing so To make safemode useful it is strongly recommended to back up configu...

Page 140: ...rowse the web provided that you know the IP of the website you are trying to reach ARP Short for Adress Resolution Protocol a network layerprotocol used to convert an IP address into a physical address called a DLC address such as an Ethernet address PPPoE Point to Point Protocol over Ethernet PPPoE is a specification for connecting the users on an Ethernet to the internet through a common broadba...

Page 141: ...ct way to send and receive datagrams over IP network VPN Virtual Private Network a network that is constructed by using public wires usually the Internet to connect to a private network such as a company s internal network VRRP Virtual Router Redundancy Protocol an election protocol that dynamically assigns responsibility for one or more virtual router s to the VRRP router s on a LAN allowing seve...

Search results

Summary of Contents for RUT900

Reviews:

Related manuals for RUT900

Brands by name

Popular brands

Teltonica RUT900, User Manual

Search results

Summary of Contents for RUT900

Reviews:

Related manuals for RUT900

Brands by name

Popular brands