manualshive.com logo in svg

WoMaster WR302G Series, User Manual

Share
Download
WoMaster WR302G Series User Manual Download Page 71

 

71 

 

3.8 SECURITY 

WoMaster Router provides several security features for User to secure access to its management functions and it 
can be remotely managed (monitored and configured). 

The following topics are included in this section: 
3.8.1 Access Control 
3.8.2 Outbound Firewall 
3.8.3 NAT Setting 
3.8.4 OpenVPN 
3.8.5 IPSec Setting 
3.8.6 GRE Setting 
 

3.8.1 ACCESS CONTROL 

WoMaster router provides access control mode in several ways, such as Remote Management, WAN Service Access 
Control and Custom Exception. By configuring this configuration, user can enhance the security access to the device. 

Remote Management 

Remote Management function, open the Remote Management, that would allow the user via the local access (WAN 
Port) Remote Management the router.

 

The description of the columns is as below: 

TERMS 

DESCRIPTION 

Telnet 

Allows the user to remotely login and manage the device by Telnet. When user doesn’t 
enable it, the connection through telnet will not allow.

 

SNMP 

Allows the user to remotely login and manage the device by SNMP. When user doesn’t 
enable it, the connection through SNMP will not allow.

 

SSH 

Allows the user to remotely login and manage the device by SSH/ When user doesn’t 
enable it, the connection through SSH will not allow.

 

HTTPS Only 

Allows the user to remotely login and manage the device by HTTPS access for secure 
connection, and it would disable the HTTP access. 

Once User finishes configuring the settings, click on 

Submit 

to apply configuration. 

Summary of Contents for WR302G Series

Page 1: ...C COVER WR302G WR312G WR322GR Industrial Secure Cellular Router Serial Server Aug 23 2018 V 1 WOM ASIA Co Ltd 1F No 185 3 Kewang Rd Longtan Dist Taoyuan 325 Taiwan...

Page 2: ...n the equipment and does not claim to provide for every possible contingency met in the process of installation operation or maintenance Should further information be required or should particular pro...

Page 3: ...UNTING 13 2 7 ANTENNA 14 2 8 SIM SD CARD INSTALLATION 16 3 WEB MANAGEMENT CONFIGURATION 17 3 1 SYSTEM 19 3 1 1 INFORMATION 19 3 1 2 LOGIN SETTING 20 3 1 3 NETWORK SETTING 24 3 1 4 DATE AND TIME 26 3 1...

Page 4: ...5 3 8 3 NAT SETTING 79 3 8 4 OPEN VPN 82 3 8 5 IPSEC SETTING 88 3 8 6 GRE SETTING 90 3 9 ROUTING 91 3 9 1 STATIC ROUTE 91 3 9 2 RIPv2 92 3 10 WARNING 92 3 10 1 EMAIL ALERT 92 3 10 2 PING WATCHDOG 93 3...

Page 5: ...5 3 13 BACKUP AND RESTORE 116 3 14 FIRMWARE UPGRADE 117 3 15 RESET TO DEFAULTS 118 3 16 SAVE 118 3 17 LOGOUT 119 3 18 REBOOT 119 3 19 WOMASTER MIB 120 4 REVISION HISTORY 121...

Page 6: ...ized Zone DMZ Port Forwarding HTTPs SSH for Telnet security and many other security features All of these features in order to ensure the secure data communication WoMaster Industrial Secure LTE route...

Page 7: ...C Series Industrial Secure Cellular Router 2GbE 1COM LTE E 2SIM FDD B1 3 5 7 8 20 TDD B38 40 41 WR312G LTE AU C Series Industrial Secure Cellular Router 2GbE 1COM LTE AU 2SIM FDD B1 2 3 4 5 7 8 28 TDD...

Page 8: ...io on off 4G LTE 3G HSPA Configuration SIM Security Connection Status Wireless redundancy Cellular to Eth WAN Redundant wireless auto offload Advanced Security system by OpenVPN IPsec Firewall DMZ Por...

Page 9: ...duces hardware and contains information on installation and configuration procedures 2 1 HARDWARE DIMENSION Dimensions of WR312G 50 x 151 x 120 W x H x D without DIN Rail Clip Dimensions of WR322GR 50...

Page 10: ...for configuration firmware management Not available for C Series 1 x 6 pin terminal block connector 4 pin for power inputs and 2 pin for DO alarm and 1 chassis grounding screw The difference for WR31...

Page 11: ...n the terminal block On the picture below is the power connector Wiring the Power Input 1 Insert the positive and negative wires into the V and V contact on the terminal block connector 2 Tighten the...

Page 12: ...ort link break or other pre defined events which can be configured in the device Screw the DO wire tightly after digital output wire is connected 2 5 CONNECTING THE GROUNDING SCREW Grounding screw is...

Page 13: ...plate to the device make sure the plate is situated towards the top as shown by the following figures To mount the router on DIN Rail track do the following instruction 1 Insert the top side of DIN Ra...

Page 14: ...3 0 Radiation Omni Gain 2dBi Polarization Vertical Impedance 50 Ohm Connector Type Brass Operational Temperature 20 C 65 C Frequency 2400 2500 MHz 5150 5850 MHz S W R 2 0 2400 2500 MHz 2 0 5150 5850 M...

Page 15: ...TE Main Ant 4 GPS Ant 5 LTE Aux Check the picture below for the antenna installation WR312G Radio LED LED LTE Status WLAN Status Radio 1 Ra SIM detected Green On SIM not detected Off AP Green On Disab...

Page 16: ...second period Base station disconnected Green Blinking Off for 2 second period 2 8 SIM SD CARD INSTALLATION SIM Card Slot The SIM Card Slot is used to insert the cellular card Micro SD Card Slot The S...

Page 17: ...access and configure the router management on the network 1 Plug the DC power to the router and connect router to computer 2 Make sure that the router default IP address is 192 168 10 1 3 Check that...

Page 18: ...ork Following topics are covered in this chapter 3 1 System 3 2 Ethernet Port 3 3 Redundancy 3 4 Serial 3 5 Cellular 3 6 GPS 3 7 Wireless LAN 3 8 Security 3 9 Routing 3 10 Warning 3 11 Diagnostics 3 1...

Page 19: ...on from the router to make it easier to identify different router that is connected to User network and also it shows the Cellular Status and LAN Settings information The figure below shows the interf...

Page 20: ...the Login Setting section for admin level With the Name default setting is admin and the authority allow user to configure all of configuration parameters The Login Setting interface describes how to...

Page 21: ...that has been explained above RADIUS The Remote Authentication Dial In User Service RADIUS protocol was developed by Livingston Enterprises as an access server authentication and accounting protocol...

Page 22: ...developed by Cisco It provides detailed accounting information and flexible administrative control over the authentication and authorization processes TACACS allows for a single access control server...

Page 23: ...device and the TACACS server If the server cannot be reached within the limit time and it will directly change to Local This configuration is applied to TACPLUS Local mode only TACPLUS Server IP TACA...

Page 24: ...Address from DHCP Server Static IP Select Static IP to configure the IP configuration manually IP Address Default 192 168 10 1 Set up the IP address reserved by User network for User device If DHCP C...

Page 25: ...P configuration manually IP Address Default 192 168 1 1 Set up the IP address reserved by User network for User device If DHCP Client function is enabled no need to assign an IP address to device as i...

Page 26: ...1 4 DATE AND TIME The WoMaster router has a time calibration function based on information from an NTP server or user specified time and date allowing functions such as automatic warning emails to in...

Page 27: ...CRIPTION DHCP Setting Select to Enable or Disable to activate and deactivate DHCP Server function IP Address Start Assign the IP Address Start range IP Address End Assign the IP Address End range Subn...

Page 28: ...ake sure the IP addresses are outside of this range or User may have an IP conflict After finished configuring click on Submit to activate the configuration DHCP Leased Entries The figure below shows...

Page 29: ...from the Ethernet such as Network Mode LAN Settings and also the Interface Status The description of the columns is as below TERMS DESCRIPTION Network Mode Shows network mode from the router Bridge o...

Page 30: ...page to configure the Ethernet setting such as the Host Name Network Mode and the speed duplex for the Ethernet port The description of the Ethernet Setting page is as below TERMS DESCRIPTION Host Nam...

Page 31: ...ault Enable Default Auto Auto Negotiation Configure the Speed Duplex of the port Ethernet 2 Users can set the bandwidth of each port as Auto negotiation 100 full 100 half 10 full 10 half mode Click Su...

Page 32: ...e network to provide a backup data transmission route in the event that a cable is inadvertently disconnected or damaged This switch supports Spanning Tree Protocol STP and Rapid Spanning Tree Protoco...

Page 33: ...can generate broadcast storms in a network The spanning tree was created to combat the negative effects of message loops in switched networks A spanning tree algorithm is used to automatically sense w...

Page 34: ...sages Forward Delay Time 4 30 Enter a value between 4 and 30 seconds This value is the time that a port waits before changing from Spanning Tree Protocol learning and listening states to forwarding st...

Page 35: ...ver on each line RS 232 also uses a Full Duplex transmission method RS422 is an improved version of RS232 it uses twisted pair cable to reduce the noise and it uses signaling balancing to transmit dat...

Page 36: ...umns is as below TERMS DESCRIPTION Interface Default RS422 Choose and change the interface type from the drop down list The serial port supports the RS232 RS422 RS485 2w and RS485 4w Baudrate Default...

Page 37: ...or retransmitted data Terminal Resistor Default Disable Enable to prevent serial signal reflection Force TX Interval Default 0 ms Force TX interval time is to specify the timeout when no data has been...

Page 38: ...onnection number from 1 to 5 Idle Timeout sec When serial port stops data transmission for a defined period of time Idle Timeout the connection will be closed and the port will be freed and re try for...

Page 39: ...iption of the columns is as below TERMS DESCRIPTION Cellular ETH WAN Redundancy Default Disabled User can choose the redundancy mode ETH WAN First Cellular WAN Backup by choosing this mode the redunda...

Page 40: ...ength The signal strength to the remote connected base station If the signal strength shows low please change the device location or mounting the antenna in better location Below are the signal streng...

Page 41: ...ncy mode ETH WAN First Cellular WAN Backup by choosing this mode the redundancy mode would be like prioritize the ETH WAN connection if the ETH WAN connection has a problem then the Cellular WAN would...

Page 42: ...generated challenge string to the client along with its hostname PAP Password Authentication Protocol PAP works basically the same way as the normal login procedure The authenticates itself by sending...

Page 43: ...he user enables the function If the SIM card cannot be read after the redundant parameters are expired then it will directly change to read the other SIM card Period Set the period time to read the SI...

Page 44: ...orking And also user can change the new PIN settings The figure below belongs to WR312G The figure below belongs to C Series Model and WR322GR it has the Current SIM Index section because the device i...

Page 45: ...ection feature Choose the mode from the drop list Disable PIN Disable the PIN Protection feature Enable PIN Activate the PIN Protection feature Change PIN Change the PIN number make sure user type the...

Page 46: ...systems improves availability of signals gives operators more access and increases accuracy Recent driving tests combining GPS and GLONASS showed a noticeable improvement in both precision and perform...

Page 47: ...f satellites that help to fix the position Minimum 4 satellites At the status section a MAP button appears Click this button to show the specific location of your device through the Google Maps After...

Page 48: ...he columns is as below TERMS DESCRIPTION Operation Mode Display the current operating modes on the device Wireless Mode Display the current wireless mode SSID Display the primary name of the SSID Encr...

Page 49: ...put Power Data Rate and Extension Channel Protection The description of the columns is as below TERMS DESCRIPTION WLAN Interface Check the box to disable the WLAN interface and stop all of the wireles...

Page 50: ...ct the proper channel each country has different band user may select the channel based on the situation Or select auto to automatically set the channel Extension Channel Default Lower Channel 2417MHz...

Page 51: ...mption The Full output power may need the antenna Data Rate Default Auto Select the specific data rate in order to control the transmission rate Auto is preferred rate the access point will automatica...

Page 52: ...n then another form will appear see the figure below The description of the column is as below TERMS DESCRIPTION Profile Name Display the available WLAN Profile name SSID Display the SSID Name Securit...

Page 53: ...the configuration page for specific Profile The figure below is the pop up WLAN Security configuration page for each Profile In this configuration page user can configure the AP profile divide the AP...

Page 54: ...elow TERMS DESCRIPTION WLAN Interface Check the box to disable the WLAN interface and stop all of the wireless functions Operation Mode Select the Operation Mode for the router AP Wireless Client WDS...

Page 55: ...cific data rate in order to control the transmission rate Auto is preferred rate the access point will automatically select the highest available rate to transmit User may select lower rate when there...

Page 56: ...y the choice Click Scan to refresh the list The description of the columns is as below TERMS DESCRIPTION Select Select the SSID SSID Display the detected SSID s name Frequency Channel Display the curr...

Page 57: ...s is as below TERMS DESCRIPTION WLAN Interface Check the box to disable the WLAN interface and stop all of the wireless function Operation Mode Select the Operation Mode for the router AP Wireless Cli...

Page 58: ...user may select the channel based on the situation Or select auto to automatically set the channel Extension Channel Default Lower Channel 2417MHz 2 This option would be appeared when user select the...

Page 59: ...ed the antenna Data Rate Default Auto Select the specific data rate in order to control the transmission rate Auto is preferred rate the access point will automatically select the highest available ra...

Page 60: ...he box to disable the WLAN interface and stop all of the wireless functions Operation Mode Select the Operation Mode for the router AP Wireless Client WDS AP and WDS Client SSID Default WR322_1 Input...

Page 61: ...can cover the signal widely and of course may need big power consumption The Full output power may need the antenna Data Rate Default Auto Select the specific data rate in order to control the transmi...

Page 62: ...t SSID Default WR322_1 Set the Service Set Identifier name this ID can be recognized by the Client when the WLAN connection is established Broadcast SSID Default Enabled By enabling the broadcast SSID...

Page 63: ...dards Background Background priority encompasses file downloads print jobs and other traffic that does not suffer from increased latency Max Station Number Default 64 0 64 Set the maximum number of st...

Page 64: ...encryption is co used with WPA PSK AES Advanced Encryption Standard it is usually co used with WPA2 PSK Key Type Default Hex WEP can be configured with a 64 bit or 128 bit Shared Key hexadecimal or AS...

Page 65: ...it will do the negotiation process about sending the data frame When the station receives an RTS frame the station will respond with send back Clear to Send frame to confirm the right to start transm...

Page 66: ...which is can be long or can be short IGMP Snooping Default Enable By enabling IGMP Snooping allows the ports to detect IGMP queries report packets and manage multicast traffic through the AP IGMP Sno...

Page 67: ...ist Allow the specific MAC Address to access the WLAN Deny List Deny the specific MAC Address to access the WLAN MAC Address Display the specific MAC Address that allowed or denied to access the WLAN...

Page 68: ...n Server IP Address b Enter the Shared Secret of the RADIUS server c Enter the Server port if necessary by default RADIUS server listens to port 1812 d Click Submit The description of the RADIUS Authe...

Page 69: ...ate Upload User Key Upload a certificate file from a specified file location 3 7 8 AUTO OFFLOAD CLIENT MODE The WoMaster Router Client mode is supported by the Auto Offload feature that allows the use...

Page 70: ...irected to Cellular Signal high threshold Default 50 dBm Range 1 100 dBm When signal strength is higher than the upper range then the connection will be directed to Wi Fi Switch mode Default Auto When...

Page 71: ...ion open the Remote Management that would allow the user via the local access WAN Port Remote Management the router The description of the columns is as below TERMS DESCRIPTION Telnet Allows the user...

Page 72: ...ough the use of certificates issued by trusted certificate authorities When a web browser makes a connection attempt to a secured web site a digital certificate is sent to the browser so that it can v...

Page 73: ...router from WAN interface The description of the columns is as below TERMS DESCRIPTION Filter All By select Filter All it will block all external access from WAN interface to the device such as SSH SN...

Page 74: ...he columns is as below TERMS DESCRIPTION Src IP Address Set up the source IP Address that may access the device Src Port Range Set up the source port range where the access came from Dest Port Range S...

Page 75: ...rameter in this table it can restrict certain types of data packets from the local network to the internet through the Router The Source IP Filter will help to filter all of the packets that coming in...

Page 76: ...e packets Select Enable to activate Destination IP Filtering type the Destination IP Address and Comment to write a note for the entry and then click Submit to apply the settings After applied then us...

Page 77: ...filtering type the Port Range of below Protocol type the protocol type can be UDP TCP or Both Type the Comment to write a note for the entry and then click Submit to activate the settings After applie...

Page 78: ...ol type the protocol type can be UDP TCP or Both Type the Comment to write note for the entry and then press Submit to apply the settings After applied then user can see the new entry shown in the bel...

Page 79: ...the NAT in an RFC 1918 IP address space to initiate a connection to a host on the outside of the NAT It supports the Port Forwarding DMZ and 1 to 1 NAT configuration A DNAT by way of contrast occurs w...

Page 80: ...the settings click on Submit to apply User configuration DMZ A Demilitarized Zone is used to provide Internet services without sacrificing unauthorized access to its local private network Typically t...

Page 81: ...have public IP addresses With one to one NAT you assign local systems RFC 1918 addresses then establish a one to one mapping between those addresses and public IP addresses For outgoing connections S...

Page 82: ...ficates or username password The server and client have almost the same configuration The difference in the client configuration is the remote endpoint IP or hostname field Also the client can set up...

Page 83: ...VPN servers IP are also provided in order to have the backup connection for VPN Server The description of the columns is as below TERMS DESCRIPTION Enable VPN Client Select Enable to activate the VPN...

Page 84: ...elect enable or disable the persist key enable this function will keep the key first use if VPN restart after Keepalive timeout LZO Compression Default Disable Select use LZO Compression or not this f...

Page 85: ...t The description of the columns is as below TERMS DESCRIPTION Enable VPN Server Select Enable to activate the VPN Server function Encryption Mode Choose the Encryption Mode Static Key Use a pre share...

Page 86: ...Select enable or disable the persist key enable this function will keep the key first use if VPN restart after Keepalive timeout LZO Compression Default Disable Select use LZO Compression or not this...

Page 87: ...dered more secure In WoMaster devices digital certificates are one way of authenticating two peer devices to establish a VPN tunnel The description of the columns is as below TERMS DESCRIPTION Delete...

Page 88: ...connected or disconnected Authentication Method Default PSK Optional Pre Shared Key or Certificate Pre shared key Default 12345678 Set the preshared key IPsec Cipher Suites Default AES128 SHA1 DH2 Se...

Page 89: ...role as the VPN Server To get the access to the server the branch office need to connect to the VPN Server As we can see the connection is established through the LTE connection In this case IPsec con...

Page 90: ...Check the box to enable the function Remote IP Address Set the remote real IP Address of the GRE Tunnel Virtual Remote IP Address Set the remote virtual IP Address of the GRE tunnel Virtual Local IP...

Page 91: ...entries are populated with the help of routing protocols The major advantages of static routing are reduced routing protocol router overhead and reduced routing protocol network traffic The major disa...

Page 92: ...g feature for remote monitoring of end devices status or network changes 3 10 1 EMAIL ALERT WoMaster router supports E mail Warning feature With this function being enabled the user is allowed to conf...

Page 93: ...in this Ping Watchdog section the first one is when the device continuously ping the target IP and in the end it can reach one of the target IPs the device would not reboot But if both targets IPs ca...

Page 94: ...ely monitor router events history Once User finishes configuring the settings click on Submit to apply User configuration User can monitor the system logs in Diagnostics Event Log page The condition o...

Page 95: ...ring port link down event After finishing the configuration clicks Submit to activate the relay alarm function 3 10 5 EVENT TYPE In this page user allowed to select the Event Type Event Warning Type T...

Page 96: ...tocol version V2c V3 configure the server port set up the password for the Get Community and specify the password for Set Community SNMPv2C SNMPv2c is a sub version of SNMPv2 Its key advantage over pr...

Page 97: ...reported SNMP traps are quite unique if compared to other message types since they are the only method that can be directly initiated by an SNMP agent The other types of messages are either initiated...

Page 98: ...re secure communication SNMPv3 requires an authentication level of MD5 or DES to encrypt data to enhance data security To activate the page make sure user has already chosen SNMPv3 at the SNMP Setting...

Page 99: ...d Set up the Password for the SNMPv3 User Confirm Password Confirm the Admin for the SNMPv3 User Access Type Access type for the SNMPv3 User choose Read Only or Read and Write Authentication Protocol...

Page 100: ...ENT LOGS When remote System Log server mode is activated the router will record occurred events in local log table This page shows this log table The entry includes the index occurred data time and co...

Page 101: ...ARP provides the protocol rules for making this correlation and providing address conversion in both directions The other ARP feature is ARP with 802 2 LLC Type 2 is the new level of ARP where the dev...

Page 102: ...n IP address of the target device and click on Ping to start the ping 3 11 4 TRACEROUTE Traceroute is a diagnostics tool for displaying the route path and measuring transit delays of packets across an...

Page 103: ...mission Click on Reload to refresh the table The description of the columns is as below TERMS DESCRIPTION Poll Interval Default 5 To set the Poll Interval time setting with range from 0 to 65534 secon...

Page 104: ...where user may set the refresh period for refresh the list Click Set to apply the setting click Stop to stop the refresh function Click Reload to refresh the list The description of the columns is as...

Page 105: ...2 1 AWS IoT Amazon Web Services IoT enables secure bi directional communication between Internet connected things such as sensors actuators embedded devices or smart appliances and the AWS cloud over...

Page 106: ...ck Thing Add your device shadow Create and download the key or certificate Certificate private key root CA is necessary Public key is used by AWS server to authenticate with private key The public key...

Page 107: ...he device Go to Manage Things click the device name Click Interact Copy the HTTPS link to update user s Thing Shadow using this Rest API Endpoint Connect the device to AWS Copy the link and paste on t...

Page 108: ...t CA IoT Hub Enter the IoT hub server this information can be found at the azure platform Port Default 8883 Display the port number Because Azure IoT uses the MQTT protocol so user needs to enter 8883...

Page 109: ...menu and select Devices myCreatedDevice Shared access policies iothubowner Connection string primary key User has to annotate the value of this field 1 Get the connection string Click the IoT Hub Sha...

Page 110: ...k to download the software https github com Azure azure iot sdk csharp releases download 2018 3 13 SetupDeviceExplorer msi 4 Paste the Connection String Primary Key to the IoT Hub Connection String bo...

Page 111: ...rdware applications and storage can all be provided as services The cloud network service has the advantages of easy expansion rapid adjustment and minimal management and can dynamically meet increasi...

Page 112: ...show this message again then click Retry 4 Configure network adapter of ThingsMaster VM to make sure that the laptop or the computer can ping the Virtual Machine Go to Player Managed Virtual Machine S...

Page 113: ...nge IP address and add default gateway if needed 8 Configure Date Time of the ThingsMaster Virtual Machine Please adjust the time and change time zone of the VM first User can configure it from the We...

Page 114: ...114 Enable the NTP Client from the Web GUI choose the Manual IP enter the server IP Address 192 168 10 101 10 Enable WoM IoT service and get connected to the ThingsMaster...

Page 115: ...d have their own information please check their information The description of the columns is as below TERMS DESCRIPTION Modbus Logging Check the box to enable the function Name Enter the Modbus name...

Page 116: ...r This mode is only provided by Web UI while CLI is not supported Also this feature provides the Download Backup button in order to download the backup configuration from the router USB mode this mode...

Page 117: ...n file Web mode and USB mode Web mode The router acts as the file server Users can browse the target folder and then type the file name to back up the configuration Users also can browse the target fo...

Page 118: ...ly change to the default IP 192 168 10 1 Pop up message screen to show User that have done the command Click on OK to close the screen and reboot the device Below is the interface for resetting the de...

Page 119: ...Yes to logout 3 18 REBOOT System Reboot allows user to reboot the device Some of the feature changes require user to reboot the system Click on Reboot to reboot device Reboot main screen to do confir...

Page 120: ...ster eu Private MIB tree is the same as the web tree This is easier to understand and use If user does not familiar with standard MIB User can directly use private MIB to manage monitor the device The...

Page 121: ...Redundancy Description table Modify the Outbound Firewall description 3 8 2 Revise the IPSec Topology Page 77 2018 04 26 Yohan V1 2 Add up the C Series content Add up some new features Cyber Security...

Reviews:

No comments

Brands by name

Popular brands

Load more brands