Amit IOG761AM-0P001 Скачать руководство пользователя страница 1

 

 

IoT

 

Cellular

 

Gateway

 

IOG761AM

0T001

 

IOG761AM

0P001

 

 

User

 

Manual

 

Содержание IOG761AM-0P001

Страница 1: ...IoT Cellular Gateway IOG761AM 0T001 IOG761AM 0P001 User Manual...

Страница 2: ...1 6 1 Mount the Unit 12 1 6 2 Insert the SIM Card 12 1 6 3 Connecting Power 13 1 6 4 Connecting DI DO Devices 14 1 6 5 Connecting Serial Devices 15 1 6 6 Connecting to the Network or a Host 15 1 6 7 S...

Страница 3: ...tion 132 3 7 IPv6 134 3 7 1 IPv6 Configuration 138 3 9 NAT Bridge 145 3 9 1 NAT Configuration 145 3 9 3 Virtual Server Virtual Computer 149 3 9 5 Special AP ALG 157 3 9 7 DMZ Pass Through 164 3 9 9 SD...

Страница 4: ...8 5 3 3 Rule based QoS 241 5 5 VPN 254 5 5 1 Configuration 254 5 5 3 IPSec 256 5 5 5 PPTP 277 5 5 7 L2TP 289 5 5 9 GRE 301 5 5 d OpenVPN 309 5 7 Redundancy 324 5 7 1 VRRP 325 5 9 System Management 329...

Страница 5: ...D 411 7 1 5 Network Scan 415 7 1 7 SMS Management 417 7 1 b SIM PIN 426 7 1 h Plain Text System Config 435 7 5 Captive Portal 438 7 5 1 Configuration 438 7 d Event Management 445 7 d 1 Configuration 4...

Страница 6: ...for NFC or GPS applications This IOG761 series product is loaded with luxuriant security features including VPN firewall NAT port forwarding DHCP server and many other powerful features for complex a...

Страница 7: ...dard Package Items Description Contents Quantity 1 IOG761AM 0T001 IoT Cellular Gateway 1pcs 2 Cellular Antenna 2pcs 3 WiFi Antenna 2pcs 4 Power Adapter DC 12V 2A 1 1pcs 5 RJ45 Cable 1pcs 6 Console Cab...

Страница 8: ...ovides user with a quick and easy way to resort the default setting Press the RESET button continuously for 6 seconds and then release it The device will restore to factory default settings Auto MDI M...

Страница 9: ...skipping is used to reserve slots for new function insertion when required 9 Bottom View Left View SIM B Slot SIM A Slot 2 4G WiFi Antenna 2 4G WiFi Antenna Power Terminal Block PWR1 GND PWR2 GND DI D...

Страница 10: ...disabled SIM A Green Steady ON SIM card A is used SIM B Green Steady ON SIM card B is used LAN 1 LAN 4 Green Steady ON Ethernet connection of LAN is established Flash Data packets are transferred Hig...

Страница 11: ...Macintosh or Linux based operating system An installed Ethernet adapter Browser Requirements Internet Explorer 6 0 or higher Chrome 2 0 or higher Firefox 3 0 or higher Safari 3 0 or higher Do not use...

Страница 12: ...wall mount kits and DIN rail bracket on the product first 1 6 2 Insert the SIM Card WARNNING BEFORE INSERTING OR CHANGING THE SIM CARD PLEASE MAKE SURE THAT POWER OF THE DEVICE IS SWITCHED OFF The SIM...

Страница 13: ...the right power requirements and polarity There are a DC converter and a DC12V 2A power adapter3 in the package for you to easily connect DC power adapter to this terminal block WARNNING This commerci...

Страница 14: ...with power terminal block Please refer to following specification to connect DI and DO devices Mode Specification Digital Input Trigger Voltage high Logic level 1 5V 30V Normal Voltage low Logic level...

Страница 15: ...nsmission speed on the network and configure itself automatically Connect the Ethernet cable to the RJ45 ports of the device Plug one end of an Ethernet cable into your computer s network port and the...

Страница 16: ...admin 5 and then click login button After logging in select your language from the Language list The user manual uses English for the illustration of all functions in the device 4 The default LAN IP a...

Страница 17: ...izard Network Setup Wizard Step 2 Item Value setting Description Old Password 1 String format any text If you want to change password Enter the current password in this item New Password 1 String form...

Страница 18: ...e time zone for the system clock Detect Again NA Click the Detect Again button to detect the time zone from network Exit NA Click the Exit button to cancel Setup Wizard Back NA Click the Back button t...

Страница 19: ...to Wizard Network Setup Wizard Step 4 WAN interface Step 4 WAN interface Setting Item Value setting Description Physical Interface A Must filled setting Here you specify the Physical Interface that c...

Страница 20: ...ng Enter the host name provided by your Service Provider ISP Registered MAC Address An Optional setting Enter the MAC address that you have registered with your service provider Or Click the Clone but...

Страница 21: ...Subnet Mask A Must filled setting Enter the WAN subnet mask given by your Service Provider WAN Gateway A Must filled setting Enter the WAN gateway IP address given by your Service Provider Primary DNS...

Страница 22: ...Must filled setting Enter the PPPoE password provided by your Service Provider Primary DNS A Must filled setting Enter the IP address of Primary DNS server Secondary DNS Optional setting Enter the IP...

Страница 23: ...r Service Provider WAN Subnet Mask A Must filled setting Enter the WAN subnet mask given by your Service Provider WAN Gateway A Must filled setting Enter the WAN gateway IP address given by your Servi...

Страница 24: ...r Service Provider WAN Subnet Mask A Must filled setting Enter the WAN subnet mask given by your Service Provider WAN Gateway A Must filled setting Enter the WAN gateway IP address given by your Servi...

Страница 25: ...e Provider WAN Gateway A Must filled setting Enter the WAN gateway IP address given by your Service Provider Primary DNS A Must filled setting Enter the primary WAN DNS IP address given by your Servic...

Страница 26: ...Circuit Identifier Number Schedule Type 1 A Must filled setting 2 Default is UBR Define the Schedule Type provided by your Service Provider There are four types can be selected UBR UBR generally is u...

Страница 27: ...rface Item Value setting Description LAN IP Address A Must filled setting Assign an IP Address for LAN this IP address is a gateway IP Subnet Mask By default 255 255 255 0 24 is selected Select a Subn...

Страница 28: ...y step guide you through to complete VPN tunnel setup Step 1 Setup Steps In Step 1 the VPN Setup Step is a screen that displays the summary of steps for VPN setup Click Next button to begin VPN setup...

Страница 29: ...PTP in the following page When L2TP is selected go to Step 3 L2TP in the following page When GRE is selected go to Step 3 GRE in the following page Step 3 IPSec When IPSec is selected in Step 2 for VP...

Страница 30: ...PPTP client or server is selected the client or server configuration window will appear PPTP Client When PPTP Client is selected in Step 2 for VPN Type PPTP configuration window will appear When compl...

Страница 31: ...PPTP Server configuration click Next button a setup summary will display Confirm the setting then click the Apply button to complete the setting Step 3 L2TP When L2TP is selected in Step 2 for VPN Ty...

Страница 32: ...ummary will display Confirm the setting then click the Apply button to complete the setting L2TP Server When L2TP Server is selected in Step 2 for VPN Type L2TP configuration window will appear When c...

Страница 33: ...n when required 33 Step 3 GRE When GRE is selected in Step 2 for VPN Type GRE configuration window will appear When complete the GRE configuration click Next button a setup summary will display Confir...

Страница 34: ...purchased it can be Static IP Dynamic IP PPPoE PPTP L2TP 3G 4G IP Addr N A It displays the public IP address obtained from your ISP for Internet connection Default value is 0 0 0 0 if left unconfigur...

Страница 35: ...dit button in Basic Network WAN Internet Setup and WAN connection status is connected WAN interface IPv6 Network Status WAN interface IPv6 Network Status screen shows status information for IPv6 netwo...

Страница 36: ...by your ISP for your Internet connection Action N A This area provides functional buttons Edit IPv4 Button when press web based utility will take you to the Ethernet LAN configuration page Basic Netwo...

Страница 37: ...splays the current mask of the subnet IPv6 Link local Address N A It displays the current LAN IPv6 Link Local address This is also the IPv6 IP Address user use to access Router s Web based Utility IPv...

Страница 38: ...be 3G 4G 1 and 3G 4G 2 Card Information N A It displays the vendor s 3G 4G modem model name Link Status N A It displays the 3G 4G connection status The status can be Connecting Connected Disconnectin...

Страница 39: ...erface N A It displays the type of WAN physical interface It can be 3G1 or 3G2 Note 3G2 is only for devices that support dual modules Module Name N A It displays the vendor s 3G 4G modem model name IM...

Страница 40: ...lock It is probably due to the device had exceeded the allowed number of times to unlock Refer to PIN Code Remaining Times PIN Code Remaining Times N A This displays the remaining time of the counter...

Страница 41: ...DMA or LTE Band N A It displays the band currently used RSSI N A It displays the RSSI Received Signal Strength Indicator in unit dBm of the signal CS Register Status N A It displays the Circuit Switch...

Страница 42: ...ID of VAP WiFi Enable N A It displays whether the VAP wireless signal is enabled or disabled Op Mode N A The Wi Fi Operation Mode of VAP Depends of device model modes are AP Router WDS Only and WDS Hy...

Страница 43: ...twork WiFi Advanced Configuration tab Note that the WIDS of 2 4G or 5G should be configured separately WiFi IDS Status Item Value setting Description Authentication Frame N A It displays the receiving...

Страница 44: ...o to Status LAN Client List LAN Client List Item Value setting Description LAN Interface N A Client record of LAN Interface String Format IP Address N A Client record of IP Address Type and the IP Add...

Страница 45: ...y log history Clicking the Edit button the screen will be switched to the configuration page From the menu on the left select Status Firewall Status Firewall Status Tab Packet Filter Status Packet Fil...

Страница 46: ...e URL Blocking Log Alert is enabled Refer to Advanced Network Firewall URL Blocking tab Check Log Alert and save the setting Web Content Filter Status Web Content Filter Status Item Value setting Desc...

Страница 47: ...ontrol Log Alert is enabled Refer to Advanced Network Firewall MAC Control tab Check Log Alert and save the setting Plication Filters Status Application Filters Status Item Value setting Description F...

Страница 48: ...le setting status of Stealth Mode on Firewall Options String Format Disable or Enable SPI N A Enable or Disable setting status of SPI on Firewall Options String Format Disable or Enable Discard Ping f...

Страница 49: ...scription Tunnel Name N A It displays the tunnel name you have entered to identify Tunnel Scenario N A It displays the Tunnel Scenario specified Local Subnets N A It displays the Local Subnets specifi...

Страница 50: ...figuration page Advanced Network VPN PPTP tab PPTP Client Status Item Value setting Description Client Name N A It displays Name for the PPTP Client specified Interface N A It displays the WAN interfa...

Страница 51: ...on page Advanced Network VPN L2TP tab L2TP Client Status Item Value setting Description Client Name N A It displays Name for the L2TP Client specified Interface N A It displays the WAN interface with...

Страница 52: ...penVPN Client TCP UDP Read bytes N A It displays the TCP UDP Read Bytes of OpenVPN Client TCP UDP Write bytes N A It displays the TCP UDP Write Bytes of OpenVPN Client Connection Conn Time N A It disp...

Страница 53: ...atus screen shows the status of current active SNMP connections SNMP Link Status Item Value setting Description User Name N A It displays the user name for authentication This is only available for SN...

Страница 54: ...A It displays the timestamp of trap event Trap Event N A It displays the IP address of the trap sender and event type TR 069 Status The TR 069 Status window shows the current connection status with t...

Страница 55: ...Interface WAN Internet Setup and WAN Load Balance for Intranet to access Internet For each WAN interface you must specify its physical interface first and then its Internet setup to connect to ISP If...

Страница 56: ...l the available physical interfaces After clicking on the Edit button for the interface in Physical Interface List window the Interface Configuration window will appear to let you configure a WAN inte...

Страница 57: ...e just some examples They vary from model to model It depends on the model purchased Interface Name The logic name of WAN interfaces is identified by WAN 1 WAN 2 and so on Physical Interface This devi...

Страница 58: ...ou must specify it in the WAN physical interface Please note that only Ethernet and ADSL physical interfaces support the feature Interface Configuration The configuration of a WAN interface includes t...

Страница 59: ...Cellular Network Gateway Cellular Network xDSL Modem Gateway ISP DSLAM ISP DSLAM Gateway Firewall or Ethernet WAN 3G 4G WAN USB 3G 4G WAN ADSL WAN Ethernet WAN The gateway has one or more RJ45 WAN por...

Страница 60: ...s primary WAN connection is broken the backup connection will be started up to substitute the primary connection In addition there is a Seamless option for Failover operation mode When seamless option...

Страница 61: ...n Data Encryption LLC VPI Number 0 VCI Number 33 Schedule Type UBR Configuration Path Internet Setup 3G 4G WAN Type Configuration Interface Name WAN 2 Dial up Profile Auto detection Connection Control...

Страница 62: ...back Seamless Failover Scenario As another example all parameter configuration for WAN 1 and WAN 2 is same as above example except the Seamless box is checked as bellow in red color Configuration Path...

Страница 63: ...Alive Next Failover and Failback processes are shown in following diagram Their steps are S 1 When system discovers the primary WAN connection is failed S 2 System starts the failover process S 3 Sys...

Страница 64: ...alled as Dual SIM Failover In this Dual SIM Failover there are four kinds of SIM card usage scenarios including SIM A First SIM B First and SIM A Only and SIM B Only By default SIM A First scenario is...

Страница 65: ...The steps are Pre state System tries to connect to mobile system for an Internet connection by using connection profile in SIM A for SIM A First scenario after system rebooting If the connection is s...

Страница 66: ...100Mbps Download 100Mbps Gigabit Ethernet WAN Upload 1000Mbps Download 1000Mbps CAT4 Built in LTE Module Upload 50Mbps Download 150Mbps CAT3 LTE USB Dongle Upload 50Mbps Download 100Mbps 3G USB Dongl...

Страница 67: ...Interface Interface Configuration WAN n n 1 2 Interface Name WAN 1 WAN 2 Physical Interface Ethernet ADSL Operation Mode Always on Always on Line Speed 100Mbps 100Mbps 2Mbps 22Mbps VLAN Tagging Enable...

Страница 68: ...ch WAN type For the Internet setup of each WAN interface you must specify its WAN type of physical interface first and then its related parameter configuration for that WAN type Internet Setup List wi...

Страница 69: ...is one Edit button for each WAN interface to let you configure its Internet connection Please see Internet Connection Configuration section beneath Following are some Internet Connection List window e...

Страница 70: ...s WAN type You may choose this WAN type if you connects a cable modem or a fiber VDSL modem for Internet connection The assigned IP address for the WAN interface by a DHCP server may be different ever...

Страница 71: ...is option is typically used for DSL services PPP over ATM WAN type The Point to Point Protocol over ATM PPPoA is a network protocol for encapsulating PPP frames in AAL5 It is used mainly with DSL carr...

Страница 72: ...twork Monitoring IGMP and WAN IP Alias 3G 4G or USB 3G 4G interface there is only 3G 4G WAN type 3G 4G WAN Type Settings include Dial up Profile APN PIN Code Dialed Number Account Password Authenticat...

Страница 73: ...ection Check Interval Indicate how often to send keep alive packet Check Timeout Set allowance of time period to receive response of keep alive packet If this gateway doesn t receive response within t...

Страница 74: ...onnection Control There are three ways for connection control Auto reconnect Always on Dial on demand and Manually Auto reconnect Always on This gateway will establish Internet connection automaticall...

Страница 75: ...ing 3 tables list the parameter configuration for these three WAN interfaces Configuration Path Physical Interface Interface Configuration WAN n n 1 2 3 Interface Name WAN 1 WAN 2 WAN 3 Physical Inter...

Страница 76: ...DNS DHCP Servers 10110110001100 01 Request Coming Start Connecting Disconnect when idle timeout Dial on demand Its steps are Pre state After system booting up the WAN connection is disconnected S 1 Wh...

Страница 77: ...ly Its steps are Pre state After system booting up the WAN connection is disconnected S 1 When administrator click on the Connect button on the Network Status configuration window S 2 System starts to...

Страница 78: ...on Please be noted that By Smart Weight has not further configuration window Load Balance Configuration The Configuration window is to enable the load balance function and specify the strategy When yo...

Страница 79: ...s via these WAN interfaces in past period maybe 5 minutes system decides how many sessions will be transferred via each WAN interface for current period of traffic loadings as shown in the following i...

Страница 80: ...or example 5 minutes At the end of time period the new transferring ratio for each WAN interface will be changed to the ratio between its counted transferred bytes and the summary one of all interface...

Страница 81: ...scribes ADSL ISP for a 22 Mbps WAN connection and 3G 4G ISP for another 11 Mbps WAN connection Administrator fills these both values in the line speed field for both WAN interfaces Please refer to sec...

Страница 82: ...dule Type UBR Configuration Path Internet Setup 3G 4G WAN Type Configuration Interface Name WAN 2 Dial up Profile Auto detection Connection Control Auto reconnect Always on Configuration Path Load Bal...

Страница 83: ...e one user policy for routing dedicated packet flow via one WAN interface They are shown in following diagrams Above example shows that administrator hopes the packet flow whose destination is www goo...

Страница 84: ...y Priority load balance strategy Configuration Path Load Balance Configuration Load Balance Enable Load Balance Strategy By User Policy Configuration Path Load Balance User Policy Configuration ID 1 2...

Страница 85: ...tically adjust traffic loading based on traffic weight of each WAN By Priority System will adjust the loading based on user defined bandwidth for each WAN By User Policy System will route traffics thr...

Страница 86: ...Must filled setting There are four options can be selected Select Any for traffic from any source Subnet Traffic from the setting subnet will follow the rule Input format is xxx xxx xxx xxx xx e g 192...

Страница 87: ...led setting There are three options can be selected Both Traffic with TCP or UDP protocol will follow the rule TCP Traffic to the setting port range will follow the rule UDP Traffic to specific port w...

Страница 88: ...ts of a VLAN form an independent traffic domain in which the traffic generated by the nodes remains within the VLAN However in Tag based VLAN all packets with same VLAN ID will be treated as the same...

Страница 89: ...n bridge mode Intranet packet flow is delivered out WAN trunk port with VLAN tag to upper link for different services A port based VLAN is a group of ports on an Ethernet or Virtual APs of Wired or Wi...

Страница 90: ...ation Tag based VLAN Tagging for Location free Departments Tag based VLAN function can group Ethernet ports Port 1 Port 4 and WiFi Virtual Access Points VAP 1 VAP 8 together with different VLAN tags f...

Страница 91: ...t groups based on VLAN ID Following is an example In a SMB company administrator schemes out 3 segments Lab Meeting Rooms and Office In a Security VPN Gateway administrator can configure Office segmen...

Страница 92: ...roup Internet Access Administrator can specify members of one VLAN group to be able to access Internet or not Following is an example that VLAN groups of VID is 2 and 3 can access Internet but the one...

Страница 93: ...her VLAN group or not This is a communication pair and one VLAN group can join many communication pairs But communication pair doesn t have the transitive property That is A can communicate with B and...

Страница 94: ...w function insertion when required 94 LAN VLAN Setting The Ethernet LAN allows user to setup the LAN IP address for device Setting LAN IP address and subnet mask will affect the IP that LAN devices ca...

Страница 95: ...function allows you to divide local network into different virtual LAN There are Port based and Tag based VLAN types Select one that applies For Port based VLAN Type Go to Basic Network LAN VLAN VLAN...

Страница 96: ...d 96 When Add button is applied Port based VLAN Configuration screen will appear which is including 3 sections Port based VLAN Configuration DHCP Server Configuration and IP Fixed Mapping Rule List an...

Страница 97: ...s selected NAT Bridge By default NAT is selected Select NAT mode or Bridge mode for the rule Port Members These box is unchecked by default Select which LAN port and VAP that you want to add to the ru...

Страница 98: ...e time is 86400 seconds When your lease expires you must stop using the IP address Domain Name NA It s optional field please follow rules of CHCP Server page Go to Basic Network Client Server Proxy DH...

Страница 99: ...etting Define the MAC Address target that the DHCP Server wants to filter IP Address A Must filled setting Define the IP Address that the DHCP Server will assign If there is a request from the MAC Add...

Страница 100: ...it button a screen similar to this will appear VLAN Group Item Value setting Description VALN Group Internet Access Definition All boxes are checked by default By default all boxes are checked means a...

Страница 101: ...ways it is the default VLAN ID of LAN rule VLAN ID 2 is available only when VLAN ID 2 is enabled The same applies to other VLAN IDs i e VLAN ID 3 Save NA Click the Save button to save the configuratio...

Страница 102: ...default Define which LAN port is part of the VLAN ID VAP The box is unchecked by default Define which VAP is part of the VLAN ID Notice that a VAP is only belong to a VLAN ID Disappear VAP if the rou...

Страница 103: ...WiFi specification varies from gateway to gateway based on what category of product you purchased For the wireless products WiFi settings allow you to set the WLAN Wireless LAN configuration items Wh...

Страница 104: ...each other in the scenario Following diagram illustrates that there are two remote wireless gateways running at WDS Only operation mode They both use channel 3 to link to the local Wireless Gateway 1...

Страница 105: ...o the Wireless Gateway 1 the WiFi server by using WiFi system However the Wireless Gateway is running at AP Router mode and has an Internet connection So the remote WiFi networks behind the Access Poi...

Страница 106: ...gram illustrates that there are two remote access points running at Universal Repeater operation mode they are the Access Point 2 and the Access Point 3 They both serve as the access point for their r...

Страница 107: ...r It also uses an Ethernet link to connect to an external gateway that executes IP assigning and NAT routing function for Internet accessing Client Mode The client mode it can provide connect to an ex...

Страница 108: ...ng such as SSID or pre shared key Basic Configuration Go to Basic Network WiFi Configuration Tab Basic Configuration Item Value setting Description Operation Band A Must filled setting Specified the f...

Страница 109: ...Select WPS configuration mode from Registrar or Enrollee When Registrar is selected It means the AP will play a role of Registrar in WPS process Allowed STA PIN Code Enter the PIN code which client g...

Страница 110: ...Settings Item Value setting Description WiFi Module The box is checked by default Check the Enable box to activate Wi Fi function Selectable 2 4G 5G If selectable 2 4G 5G is supported then 2 4G enabl...

Страница 111: ...adcasting The SSID used for identifying from another AP and client stations will associate with AP according to SSID Broadcast It means the SSID will be broadcasted and the stations can associate with...

Страница 112: ...4 WEP keys can be set then select one of it as current key And the key type can set to HEX or ASCII If HEX is selected the key should consist of 0 to 9 and A to F If ASCII is selected the key should c...

Страница 113: ...is device via TKIP or AES When WPA WPA2 is selected It owns the same setting as WPA or WPA2 The client stations can associate with this device via WPA or WPA2 When WPA PSK or WPA2 PSK is selected It o...

Страница 114: ...box is checked by default The SSID used for broadcasting or associating with root AP The SSID used for broadcasting The SSID used for identifying from another AP and client stations will associate wit...

Страница 115: ...Encryption There is only WEP encryption can be used in Shared authentication There are 4 WEP keys can be set then select one of it as current key And the key type can set to HEX or ASCII If HEX is sel...

Страница 116: ...ociate with this device via TKIP or AES When WPA WPA2 is selected It owns the same setting as WPA or WPA2 The client stations can associate with this device via WPA or WPA2 When WPA PSK or WPA2 PSK is...

Страница 117: ...setting 2 Encryption Key Size for WEP encryption 10 or 26 HEX digits 5 or 13 ASCII characters For security there are several authentication methods supported Client stations should provide the key whe...

Страница 118: ...encrypting WEP There are 4 WEP keys can be set then select one of it as current key And the key type can set to HEX or ASCII If HEX is selected the key should consist of 0 to 9 and A to F If ASCII is...

Страница 119: ...that the client stations can Preshared Key The length of key is from 8 to 63 characters When WPA PSK WPA2 PSK is selected It owns the same setting as WPA PSK or WPA2 PSK The client stations can associ...

Страница 120: ...Select one of the schedule settings to enable disable Wi Fi service Go to System Scheduling for further setting Network ID SSID 1 String format Any text 2 The box is checked by default The SSID used f...

Страница 121: ...to F If ASCII is selected the key should consist of ASCII table When Shared is selected The pre shared key should be set for authenticating Encryption There is only WEP encryption can be used in Shar...

Страница 122: ...ad of any others for security TKIP AES TKIP AES mixed mode It means that the client stations can associate with this device via TKIP or AES When WPA WPA2 is selected It owns the same setting as WPA or...

Страница 123: ...manually or Scan button the device will bridge the remote AP when associate successful Save N A Press Save button to save the current configuration Undo N A Press the Undo button to restore configurat...

Страница 124: ...r identifying from another AP and client stations will associate with AP according to SSID Broadcast It means the SSID will be broadcasted and the stations can associate with this device by scanning S...

Страница 125: ...Encryption There is only WEP encryption can be used in Shared authentication There are 4 WEP keys can be set then select one of it as current key And the key type can set to HEX or ASCII If HEX is sel...

Страница 126: ...en WPA WPA2 is selected It owns the same setting as WPA or WPA2 The client stations can associate with this device via WPA or WPA2 When WPA PSK or WPA2 PSK is selected It owns the same encryption syst...

Страница 127: ...Index skipping is used to reserve slots for new function insertion when required 127 when any changing saved Scan N A Press Scan button to scan the spatial Wi Fi signal...

Страница 128: ...e broadcasted and the stations can associate with this device by scanning SSID The SSID used for associating In Universal Repeater Mode the device also associate with root AP according to SSID Note th...

Страница 129: ...is selected the key should consist of 0 to 9 and A to F If ASCII is selected the key should consist of ASCII table When Auto is selected The device will select Open or Shared by requesting of client...

Страница 130: ...ia WPA or WPA2 When WPA PSK or WPA2 PSK is selected It owns the same encryption system as WPA or WPA2 The authentication uses pre shared key instead of RADIUS server Encryption Encrypt the information...

Страница 131: ...ich VAP s client stations will show in following Client List Client List Client List Item Value setting Description IP Address Configuration Address N A It shows the Client s IP address and the derivi...

Страница 132: ...rget WiFi Go to Basic Network WiFi Advanced Configuration Target WiFi Item Value setting Description Operation Band A Must filled setting Specified the following Advanced Configuration will take effec...

Страница 133: ...checked by default WMM Wi Fi Multimedia can help control latency and jitter when transmitting multimedia content over a wireless connection Short GI By default 400ns is selected Short GI Guard Interv...

Страница 134: ...y supports various types of IPv6 connection Static IPv6 DHCPv6 PPPoEv6 6to4 6in4 Please contact your ISP the type of IPv6 is supported before you proceed with IPv6 setup Static IPv6 Static IPv6 does t...

Страница 135: ...s automatically PPPoEv6 PPPoEv6 in IPv6 does the same function as PPPoE in IPv4 The PPPoEv6 server provides configuration parameters based on PPPoEv6 client request When PPPoEv6 server gets client req...

Страница 136: ...d the host is responsible for encapsulation of outgoing IPv6 packets and decapsulation of incoming 6to4 packets If the host is configured to forward packets for other clients often a local network it...

Страница 137: ...r new function insertion when required 137 In above diagram the 6in4 usually needs to register to a 6in4 tunnel service known as Tunnel Broker in order to use It also need end point global IPv4 addres...

Страница 138: ...tting Description WAN Connection Type 1 Only can be selected when IPv6 Enable 2 A Must filled setting Define the selected IPv6 WAN Connection Type to establish the IPv6 connectivity Select Static IPv6...

Страница 139: ...y DNS An optional setting Enter the WAN primary DNS Server Secondary DNS An optional setting Enter the WAN secondary DNS Server MLD Snooping The box is unchecked by default Enable Disable the MLD Snoo...

Страница 140: ...NS Server Secondary DNS Can not modified by default Enter the WAN secondary DNS Server MLD The box is unchecked by default Enable Disable the MLD Snooping function LAN Configuration LAN Configuration...

Страница 141: ...you want more information please contact your ISP Connection Control Fixed value The value is Auto reconnect Always on MTU A Must filled setting Enter the MTU for setting up PPPoEv6 connection If you...

Страница 142: ...g Enter the WAN secondary DNS Server MLD The box is unchecked by default Enable Disable the MLD Snooping function LAN Configuration LAN Configuration Item Value setting Description Global Address An o...

Страница 143: ...of this router Local IPv6 Address A Must filled setting Filled Client IPv6 Address gotten from tunnelbroker in this field Primary DNS An optional setting Enter the WAN primary DNS Server Secondary DN...

Страница 144: ...t Stateless to manage the Local Area Network to be SLAAC RDNSS Router Advertisement Lifetime A Must filled setting Enter the Router Advertisement Lifetime in seconds 200 is setted by default Select St...

Страница 145: ...page Normally with global IP address or FQDN of WAN interface in the gateway employees who travel outside the office can access various servers behind the office gateway You can set up those servers b...

Страница 146: ...seful when you run a server inside your network For example if you set a mail server at LAN side your local devices can access this mail server through gateway s global IP address when enable NAT loop...

Страница 147: ...ration NAT Loopback NAT Loopback Enable Configuration Path Virtual Server Virtual Computer Virtual Server List ID 1 2 Public Port 25 SMTP 110 POP3 Server IP 10 0 75 101 10 0 75 101 Private Port 25 SMT...

Страница 148: ...ess from inside your local network Enable NAT Loopback Go to Basic Network NAT Bridging Configuration tab Configuration Item Value setting Description NAT Loopback The box is checked by default Check...

Страница 149: ...This device s NAT firewall filters out unrecognized packets to protect your Intranet so all hosts behind this device gateway are invisible to the outside world If you wish you can make some of them ac...

Страница 150: ...de with IP address 10 0 75 101 a remote user can access the gateway for E mail service if you defined a virtual E mail server for the gateway by using the real E mail server on the LAN side as shown i...

Страница 151: ...10 0 75 101 in the Intranet of Network A including SMTP service port 25 and POP3 service port 110 So the remote user can access the E mail server in the gateway that has the global IP 118 18 81 33 at...

Страница 152: ...o implement the application scenario Scenario Description A LAN host is assigned with a global IP address to be visible to outside world The host has an embedded FTP file server and is protected by th...

Страница 153: ...TP file server by server s global IP address and it acts as a media between the LAN host and the outside world by using its Virtual Computer feature So remote users can request for file services from...

Страница 154: ...x enabled Server IP A Must filled setting This field is to specify the IP address of the interface selected in the WAN Interface setting above Protocol A Must filled setting When ICMPv4 is selected I...

Страница 155: ...number Public Port is selected Port Range and specify a port range and Private Port can be selected Single Port or Port Range Apply Time Schedule to this rule otherwise leave it as Always refer to Sc...

Страница 156: ...he router allows you to custom your Virtual Computer rules The router supports up to a maximum of 20 rule based Virtual Computer sets When Add button is applied Virtual Computer Rule Configuration scr...

Страница 157: ...ALG allows customized NAT traversal filters to be plugged into the gateway to support address and port translation for certain application layer control data protocols such as FTP BitTorrent SIP RTSP...

Страница 158: ...ports are pb and pc once the pa port is toggled at LAN interface of gateway Scenario Application Timing When local user wants to run an application to access the server in the Internet and the applic...

Страница 159: ...ctivate the rule So the local user at host with IP address 10 0 75 100 can enjoy the music by using Quick Time 4 application The media server is in the Internet ALG Configuration This gateway supports...

Страница 160: ...rameter configuration for the NAT gateway in above diagram Configuration Path Special AP ALG Configuration ALG SIP ALG Enable Scenario Operation Procedure In above diagram the NAT Gateway is the gatew...

Страница 161: ...Support some SIP ALG like STUN Enable Special AP and Virtual Computer Go to Basic Network NAT Bridging Special AP ALG tab Special AP ALG tab Item Value setting Description Special AP The box is checke...

Страница 162: ...ular Applications is selected Battle net Port and Incoming Ports will be defined automatically Apply Time Schedule to this rule otherwise leave it as Always refer to Scheduling setting under System Th...

Страница 163: ...ve it as Always refer to Scheduling setting under System Then check Rule box to enable this rule When Popular Applications is selected Quick Time 4 Port is the same with Incoming Ports Apply Time Sche...

Страница 164: ...address in the Intranet to be DMZ host so that the host under DMZ function can run applications freely that would otherwise blocked by NAT mechanism of the gateway with DMZ feature disabled That is t...

Страница 165: ...all normal and active packets from the Internet Remote user can access the DMZ host by using the IP address of the gateway and the gateway will skip the NAT checking on the DMZ host DMZ host is still...

Страница 166: ...DMZ tab Configuration Item Value setting Description DMZ 1 A Must filled setting 2 Default is ALL Check the Enable box to activate this NAT function Define the selected interface to be the packet ente...

Страница 167: ...Go to Basic Network NAT Bridging SDMZ Configuration Item Value setting Description Enable On Off setting When Enable is checked It means that SDMZ function is enabled and it will start to match the en...

Страница 168: ...g When Enable is checked It means that this rule take effect Note that one rule of a WAN can be enabled at the same time Save NA Click the Save button to save the configuration Undo NA Click the Undo...

Страница 169: ...routers by using some protocols such as RIP OSPF and BGP It is dynamic routing These both routing approaches will be illustrated one after one 3 b 1 Static Routing Static Routing function lets you def...

Страница 170: ...n that can let you add one new static routing rule While the Edit button at the end of each static routing rule can let you modify the rule Static Routing Rule Configuration To configure one static ro...

Страница 171: ...125 73 108 Subnet Mask 255 255 255 255 255 255 255 255 Gateway 118 18 81 1 203 95 80 1 Metric 255 255 Rule Enable Enable Scenario Operation Procedure In above diagram the Gateway is the gateway of Ne...

Страница 172: ...tatic Routing function The box is unchecked by default Check the Enable box to activate this function Create Edit Static Routing Rules The router allows you to custom your static routing rules It supp...

Страница 173: ...etting The Metric of this static routing rule Enabling the rule The box is unchecked by default Click Enable box to activate this rule Save NA Click the Save button to save the configuration Undo NA C...

Страница 174: ...ynamic Routing page there are seven configuration windows for dynamic routing feature They are the RIP Configuration window OSPF Configuration window OSPF Area List OSPF Area Configuration BGP Configu...

Страница 175: ...uting Information Protocol RIP is one of the oldest distance vector routing protocols which employs the hop count as a routing metric RIP prevents routing loops by implementing a limit on the number o...

Страница 176: ...nstructs a topology map of the network The topology is presented as a routing table to the Internet Layer which routes datagrams based solely on the destination IP address found in IP packets OSPF det...

Страница 177: ...rprise and expects the gateway to learn its routing table by using OSPF protocol from the enterprise backbone The OSPF gateway will forward its routing information to other routers that are under the...

Страница 178: ...e dominated areas of the OSPF Gateway know the shortest routing path for each destination IP address of outgoing packets BGP Scenario Border Gateway Protocol BGP is a standardized exterior gateway pro...

Страница 179: ...e another especially if they are multihomed Very large private IP networks use BGP internally An example would be the joining of a number of large OSPF Open Shortest Path First networks where OSPF by...

Страница 180: ...103 0 1 10 104 0 1 Neighbor ID 101 102 103 104 Neighbor Enable Enable Enable Enable Scenario Operation Procedure In above diagram the BGP Gateway is one gateway of its dominated AS self IP is 10 100...

Страница 181: ...amic Routing function The box is unchecked by default Check the Enable box to activate this function The RIP configuration setting allows user to customize RIP protocol through the router based on the...

Страница 182: ...ation with entered the ID and Key in these fields on OSPF protocol Backbone Subnet 1 Classless Inter Domain Routing CIDR Subnet Mask Notation Ex 192 168 1 0 24 2 A Must filled setting The Backbone Sub...

Страница 183: ...Index skipping is used to reserve slots for new function insertion when required 183 default Save N A Click the Save button to save the configuration...

Страница 184: ...Pv4 Format 2 A Must filled setting The Router ID of this router on BGP protocol Create Edit BGP Network Rules The router allows you to custom your BGP Network rules It supports up to a maximum of 32 r...

Страница 185: ...ed BGP Neighbor Rule Configuration screen will appear Item Value setting Description Neighbor IP 1 IPv4 Format 2 A Must filled setting The Neighbor IP of this router on BGP Neighbor List Remote ASN 1...

Страница 186: ...stination IP N A Routing record of Destination IP IPv4 Format Subnet Mask N A Routing record of Subnet Mask IPv4 Format Gateway IP N A Routing record of Gateway IP IPv4 Format Metric N A Routing recor...

Страница 187: ...main name service DDNS Therefore anyone wishing to reach your host only needs to know the domain name Dynamic DNS will map the name of your host to your current IP address which changes each time you...

Страница 188: ...net world will be able to link to your gateway by using your domain name regardless of the changing global IP adress Dynamic DNS Scenario Scenario Application Timing When the IP address of the Gateway...

Страница 189: ...dynamic IP address for the WAN interface the DDNS agent in the gateway tries to request the DDNS server with the mapping between the domain name and the obtained WAN IP address of the gateway The DDNS...

Страница 190: ...on is applied Pre defined Domain Name Configuration screen will appear Pre defined Domain Name Configuration Item Value setting Description Domain Name 1 String format can be any text 2 A Must filled...

Страница 191: ...fault Selected the WAN Interface IP Address of the router Provider DynDNS org Dynamic is set by default Your DDNS provider of Dynamic DNS Host Name 1 String format can be any text 2 A Must filled sett...

Страница 192: ...N IP Address is the same one of gateway LAN interface with its default Subnet Mask setting as 255 255 255 0 and its default IP Pool ranges is from 100 to 200 as shown at the DHCP Server List page on g...

Страница 193: ...ike the LAN Interface IP Address Host Name MAC Address and the Remaining Lease Time Fixed Mapping User can assign fixed IP address to map the specific client MAC address by select them then copy when...

Страница 194: ...ustomize DHCP Server policies to assign IP Addresses to the devices on the local area network LAN Go to Basic Network Client Server Proxy DHCP Server Tab Create Edit DHCP Server Policy The router allo...

Страница 195: ...ng The Lease Time of this DHCP Server Domain Name String format can be any text The Domain Name of this DHCP Server Primary DNS IPv4 format The Primary DNS of this DHCP Server Secondary DNS IPv4 forma...

Страница 196: ...ng The IP Address of this mapping rule Enabling the Rule The box is unchecked by default Click Enable box to activate this rule Save N A Click the Save button to save the configuration Undo N A Click...

Страница 197: ...its sending out DHCPOFFER DHCPACK packages Option Meaning RFC 66 TFTP server name RFC 2132 72 Default World Wide Web Server RFC 2132 114 URL RFC 3679 Go to Basic Network Client Server Proxy DHCP Serv...

Страница 198: ...ption you want to set Type Dropdown list of DHCP server option value s type Each different options has different value types 66 Single IP Address Single FQDN 72 IP Addresses List separated by 114 Sing...

Страница 199: ...Index skipping is used to reserve slots for new function insertion when required 199 Save Undo DHCP Server Options Click Save to restart DHCP server forcing settings to take effect immediately...

Страница 200: ...check box will activate all firewall functions The firewall configuration allows user to enable or disable all functions including Packet Filters URL Blocking Web Content Filters MAC Control Applicati...

Страница 201: ...tion log alerting can be enabled through an Enable checkbox to log events Second the Packet Filter Rule List window lists all your defined packet filtering rule entry At last the Packet Filter Rule Co...

Страница 202: ...igure The parameters in a rule include the rule name the from and to which interface the packet enters and leaves the source and destination IP addresses the destination service port type and port num...

Страница 203: ...er Rule List ID 1 2 Rule Name Access 80 Access 443 Source IP IP Range 10 0 75 200 10 0 75 250 IP Range 10 0 75 200 10 0 75 250 Destination IP Specific IP Address 0 0 0 0 Specific IP Address 0 0 0 0 De...

Страница 204: ...he Enable box to activate Packet Filter function Black List White List Filter Method Selection Deny those match the following rules is set by default When Deny those match the following rules is selec...

Страница 205: ...be the packet entering interface of the router If the packets to be filtered are coming from LAN to WAN then select LAN for this field Or VLAN 1 to WAN then select VLAN 1 for this field Other examples...

Страница 206: ...grouping setting screen Source MAC A Must filled setting This field is to specify the Source MAC address Select Any to filter packets coming from any MAC addresses Select Specific MAC Address to filte...

Страница 207: ...d port number Then enter a pot number in Protocol Number box Time Schedule A Must filled setting Apply Time Schedule to this rule otherwise leave it as Always If the dropdown list is empty ensure Time...

Страница 208: ...list In URL Blocking page there are three configuration windows They are the Configuration window URL Blocking Rule List window and URL Blocking Rule Configuration window The Configuration window can...

Страница 209: ...Other Web requests will be blocked URL Blocking Rule List The URL Blocking Rule List shows the setup parameters of all URL blocking rules There also be one Add button at the URL Blocking Rule List cap...

Страница 210: ...URL Blocking Configuration URL Blocking Enable Black List White List Allow all to pass except those match the following rules Invalid Access Web Redirection Enable Configuration Path URL Blocking URL...

Страница 211: ...e blocked black listed In contrast with Allow those match the following rules you can specifically white list the packets to pass and the rest will be blocked Log Alert The box is unchecked by default...

Страница 212: ...setting screen Source MAC A Must filled setting This field is to specify the Source MAC address Select Any to filter packets coming from any MAC addresses Select Specific MAC Address to filter packet...

Страница 213: ...by default Click Enable box to activate this rule Save N A Click the Save button to save the configuration Undo N A Click the Undo button to restore what you just configured back to the previous setti...

Страница 214: ...activate the Web content filtering function Some popular script types like Java Applet Java Scripts cookies and Active X are in the window and you can check their boxes to enable the gateway to filte...

Страница 215: ...appear when you click on the Add or Edit button to configure The parameters in a rule include the rule name the defined file extension list to be filtered out the integrated time schedule rule and th...

Страница 216: ...a and ActiveX objects then define further with objects in the Web Content Filter List that may include extension exe and com System will block requests containing objects with extension exe or com The...

Страница 217: ...d button is applied Filter Rule Configuration screen will appear Web Content Filter Configuration Item Value setting Description Rule Name 1 String format can be any text 2 A Must filled setting Enter...

Страница 218: ...grouping setting screen User defined File Extension List Use to Concatenate A Must filled setting Specify file extension list to filtering rule It supports up to a maximum of 10 file extension names i...

Страница 219: ...tool that you can use to do quick copy the known MAC address of client hosts in the Intranet to facilitate creating rules Use the Copy to button to copy Second the MAC Control Rule List window lists...

Страница 220: ...control rules There also be one Add button at the MAC Control Rule List caption that can let you add and create one new MAC control rule The Edit button at the end of each MAC control rule can let you...

Страница 221: ...Setup Example Following tables list the parameter configuration as an example for the gateway in above diagram with MAC Control enabling Use default value for those parameters that are not mentioned...

Страница 222: ...ecked by default Check the Enable box to activate the MAC filter function Black List White List Filter Method Selection Deny MAC Address Below is set by default When Deny MAC Address Below is selected...

Страница 223: ...rule name Enter a name that is easy for you to remember MAC Address Ues to Compose 1 MAC Address string Format 2 A Must fill setting Specify the Source MAC Address to filter rule Time Schedule A Must...

Страница 224: ...ategorize Internet Protocol packets based on their application layer data and allow or deny their passing of gateway It supports the application filters for various Internet chat software P2P download...

Страница 225: ...Log Alert Enable Configuration Path Application Filters Application Filter List Rule Name Rule 1 Source IP IP Range 192 168 123 200 192 168 123 250 P2P Software BT BitTorrent BitSpirit BitComet eDonk...

Страница 226: ...checked by default Check the Enable box to activate this filter function Log Alert The box is unchecked by default Check the Enable box to activate Event Log Create Edit Filter Rules The router suppor...

Страница 227: ...roup selected Note group must be pre defined before this selection become available Refer to System Grouping Host grouping You may also access to create a group by the Add Rule shortcut button Setting...

Страница 228: ...enable the IPS function and check the listed intrusion activities when needed There are some intrusion prevention items need a further Threshold parameter to work properly for intrusion detection You...

Страница 229: ...tion The gateway serves as an E mail server Web Server and open TCP Port 8080 allowing user to access web based utility of Gateway so remote users or unknown users can request those services from the...

Страница 230: ...k lots of packets in seconds IPS Setting The Intrusion Prevention System IPS setting allows user to customize intrusion prevention rules to prevent malicious packets Enabling IPS Firewall Go to Advanc...

Страница 231: ...ctivate this intrusion prevention rule and enter the traffic threshold in this field UDP Flood Defense Click Enable box to activate this intrusion prevention rule and enter the traffic threshold in th...

Страница 232: ...ock Fraggle Attack ARP Spoofing Defence 1 A Must filled setting 2 The box is unchecked by default 3 traffic threshold is set to 300 by default 4 The value range can be from 10 to 10000 Click Enable bo...

Страница 233: ...rom WAN makes any host on the WAN side can t ping this product It means this device won t reply any ICMP packet from Internet Remote Administrator Hosts enables only the LAN users to browse the web ba...

Страница 234: ...the parameter configuration as an example for the gateway in above diagram with SPI enabling Configuration Path Options Firewall Options SPI Enable Scenario Operation Procedure In above diagram the G...

Страница 235: ...s surf the internet Following tables list the parameter configuration as an example for the gateway in above diagram Configuration Path Options Firewall Options Discard Ping from WAN Enable Remote Adm...

Страница 236: ...lue setting Description Enable Stealth mode function The box is unchecked by default Check the Enable box to activate Stealth Mode function Enable SPI function The box is checked by default Check the...

Страница 237: ...s Select Any IP to allow any remote hosts Select Specific IP to allow the remote host coming from a specific subnet An IP address entered in this field and a selected Subnet Mask to compose the subnet...

Страница 238: ...g packets QoS determines which queue the packets enter based on priority This is useful when there are certain types of data you want to give higher priority to such as voice packets given higher prio...

Страница 239: ...ameters for the QoS BWM function Incorrect information will result in poor bandwidth utilization System Resource Configuration The gateway system needs to know some system resource status for QoS BWM...

Страница 240: ...also related to default banwidth of WANs WAN Interface By default WAN 1 is selected Select WAN 1 and then the following will show setting function that you can configure WAN 1 is available only when W...

Страница 241: ...w and QoS Rule Configuration window The Configuration window can let you activate the Rule based QoS function In addition you can also enable the Flexible Bandwidth Management FBM feature for better u...

Страница 242: ...ou want to add a new QoS rule or edit one already existed the QoS Rule Configuration window shows up for you to configure The parameters in a rule include the applied WAN interfaces the dedicated host...

Страница 243: ...fined Services and Well known Services Well known services include FTP 21 SSH TCP 22 Telnet 23 SMTP 25 DNS 53 TFTP UDP 69 HTTP TCP 80 POP3 110 Auth 113 SFTP TCP 115 SNMP Traps UDP 161 162 LDAP TCP 389...

Страница 244: ...op for incoming packets from some client hosts in the Intranet Parameter Setup Example Following tables list the parameter configuration as an example for the gateway in above diagram with Rule based...

Страница 245: ...mit the connection sessions from some client hosts IP 10 0 75 16 31 to 20000 sessions totally for accessing the Internet he can use the Rule based QoS function to carry out it by defining an QoS rule...

Страница 246: ...access the Internet via WAN 1 interface under the limitation of the maximum 20000 connection sessions totally at any time The Rule Based QoS allows user to configure QoS and bandwidth to set the limit...

Страница 247: ...e WAN 2 Group A Must filled setting This field is to specify the Group of the interface selected in the Interface setting above Select Src MAC Address to prioritize packets based on MAC Configure Ser...

Страница 248: ...ax rate and rate unit for this rule QoS Direction A Must filled setting When Outbound is selected It means the option QoS Direction of rule based QoS Rule is outbound Outbound means the Group option i...

Страница 249: ...option is a destination group When Both is selected It means the option QoS Direction of rule based QoS Rule is both Time Schedule A Must filled setting Apply Time Schedule to this rule otherwise leav...

Страница 250: ...ing Method of rule based QoS Rule is Individual Control When Group Control is selected It means the option Sharing Method of rule based QoS Rule is Group Control Time Schedule A Must filled setting Ap...

Страница 251: ...he Group option is a destination group When Both is selected It means the option QoS Direction of rule based QoS Rule is both Time Schedule A Must filled setting Apply Time Schedule to this rule other...

Страница 252: ...When Individual Control is selected It means the option Sharing Method of rule based QoS Rule is Individual Control When Group Control is selected It means the option Sharing Method of rule based QoS...

Страница 253: ...A Must filled setting Apply Time Schedule to this rule otherwise leave it as Always refer to Scheduling setting under System Enabling the rule Click Enable box to activate this rule Click the Save bu...

Страница 254: ...hnology supports data confidentiality data origin authentication and data integrity of network information by utilizing encapsulation protocols encryption algorithms and hashing algorithms The product...

Страница 255: ...lots for new function insertion when required 255 VPN Configuration Item Value setting Description VPN The box is unchecked by default Check the Enable box to enable all VPN functions Save N A Click t...

Страница 256: ...egotiates IKE SAs Security Association to set up a secure channel for negotiating IPSec SAs in phase 2 At IPSec phase IKE negotiates IPSec SA parameters and sets up matching IPSec SAs in the peers Aft...

Страница 257: ...shows the maximum number of concurrent IPSec VPN tunnels that are running in system Tunnel List Status The Tunnel List shows the setup parameters of all IPSec VPN tunnels and their connection status...

Страница 258: ...have their own subnet and the Site to Site tunnel scenario is used Site means a subnet of client hosts Scenario Description Both Initiator and Responder of IPSec tunnel must have a Static IP or a FQD...

Страница 259: ...k B Configuration Path IPSec IKE Phase Negotiation Mode Aggressive Mode X Auth None DPD Enable For Network B at Branch Office Following 5 tables list the parameter configuration for above example diag...

Страница 260: ...Phase Negotiation Mode Aggressive Mode X Auth None DPD Enable Scenario Operation Procedure In above diagram Network A is in the headquarters and the subnet of its Intranet is 10 0 76 0 24 The security...

Страница 261: ...application scenario Scenario Application Timing If the gateway in Control Center wants to access remote sites with public IP even if private IP Address in cellular Network the Dynamic VPN connection...

Страница 262: ...Enable Configuration Path IPSec Tunnel Configuration Tunnel Enable Tunnel Name dvpn 101 Interface WAN 1 Tunnel Scenario Dynamic VPN Operation Mode Always on Configuration Path IPSec Local Remote Conf...

Страница 263: ...t 10 0 76 0 Remote Netmask 255 255 255 0 Remote Gateway 203 95 80 22 or www abc com Configuration Path IPSec Authentication Key Management IKE Pre shared Key 12345678 Remote ID User Name Network B Con...

Страница 264: ...tiation packets It must be noted that the remote peer has to initiate the tunnel establishing process first in this application scenario Scenario Application Timing If the gateway in Control Center wa...

Страница 265: ...example diagram of IPSec VPN tunnel in Network A Use default value for those parameters that are not mentioned in these 5 tables Configuration Path IPSec Configuration IPSec Enable NAT Traversal Enab...

Страница 266: ...e dvpn 201 Interface WAN 1 Tunnel Scenario Host to Site Operation Mode Always on Configuration Path IPSec Local Remote Configuration Remote Subnet 10 0 76 0 Remote Netmask 255 255 255 0 Remote Gateway...

Страница 267: ...onfigure via VPN Tunnel Scenario Application Timing If Both gateways are global IP Address and Admin user in Control Center wants to manage remote sites or serial based access devices with public IP i...

Страница 268: ...al Netmask 255 255 255 0 Remote Subnet 118 18 81 33 Remote Netmask 255 255 255 255 Remote Gateway 118 18 81 33 Configuration Path IPSec Authentication Key Management IKE Pre shared Key 12345678 Local...

Страница 269: ...ath IPSec Authentication Key Management IKE Pre shared Key 12345678 Local ID User Name Network B Remote ID User Name Network A Configuration Path IPSec IKE Phase Negotiation Mode Aggressive Mode X Aut...

Страница 270: ...scenario Scenario Application Timing If the security gateway in headquarters wants to allow any remote devices to securely and always access the enterprise operation systems to access office resources...

Страница 271: ...ive Mode Aggressive Mode X Auth None None For Network B at Mobile Office or Remote Site Following 5 tables list the parameter configuration for above example diagram of IPSec VPN tunnel in Network B U...

Страница 272: ...IP address of 10 0 76 2 for LAN interface and 203 95 80 22 or FQDN www abc com for WAN interface However Network B is in the mobile office and the subnet of its Intranet is 192 168 1 0 24 The security...

Страница 273: ...ssing HQ servers all are done on a secured connection through HQ Business Security Gateway Following diagram illustrates this application scenario It is the same as the one for the Site to Site scenar...

Страница 274: ...sferred via the established VPN tunnel Parameter Setup Example For Network A at HQ Following 5 tables list the parameter configuration for above example diagram of IPSec VPN tunnel in Network A Use de...

Страница 275: ...in IKE Phase configuration window should be also matched in both peers And there is at least one proposal entity in IKE Proposal Definition and at least one proposal entity in IPSec Proposal Definitio...

Страница 276: ...k B has the IP address of 10 0 75 2 for LAN interface and 118 18 81 33 for WAN interface Establish an IPSec VPN tunnel with Site to Site scenario by starting from either site So both Intranets of 10 0...

Страница 277: ...nd remote access levels comparable with typical VPN products Deploy a security gateway for local office and establish a virtual private network with the remote gateway of another office by using PPTP...

Страница 278: ...Enable box In the Client Server field of the Configuration window choose either Server or Client Choose Server to define the gateway as the PPTP VPN server for remote clients to initiate the connectio...

Страница 279: ...address and call ID of all PPTP clients User Account List User Account List lists your defined user accounts that can be accepted by the PPTP server User Account Configuration User Account Configurat...

Страница 280: ...ng the PPTP tunnel connection with its account password PPTP protocol is used for establishing a PPTP VPN tunnel Parameter Setup Example For Network A at HQ Following 3 tables list the parameter confi...

Страница 281: ...r defined PPTP clients and their tunnel connection status Only some important information for all tunnels are shown in the list as following diagram Configuration for A PPTP Client Configuration for A...

Страница 282: ...Usually these hosts at PPTP client peer access the Internet directly via the WAN interface of Security Gateway 2 Only the packets whose destination is in the dedicated subnet to Network A will be tran...

Страница 283: ...Subnet Default Gateway Authentication Protocol MS CHAP MPPE Encryption Enable Tunnel Enable Scenario Operation Procedure In above diagram Network A is in the headquarters and the subnet of its Intran...

Страница 284: ...figuration tab Enabling PPTP Go to Advanced Network VPN PPTP tab Enable PPTP Window Item Value setting Description PPTP Unchecked by default Click the Enable box to activate PPTP function Client Serve...

Страница 285: ...t fill setting 2 Default is 100 This is the PPTP server s Virtual IP DHCP server User can specify the last IP address for the subnet from which the PPTP client s IP address will be assigned Authentica...

Страница 286: ...dd user account Enter User name and password Then check the enable box to enable the user Click Save button to save new user account The selected user account can permanently be deleted by clicking th...

Страница 287: ...u will need to select a primary IPSec tunnel from which to failover to Load Balance Define whether the PPTP tunnel connection will take part in load balance function of the gateway You will not need t...

Страница 288: ...fy whether PPTP server supports MPPE Protocol Click the Enable box to enable MPPE Note when MPPE Encryption is enabled the Authentication Protocol PAP CHAP options will not be available NAT before Tun...

Страница 289: ...eling So all client hosts behind local security gateway can make data communication with others behind remote gateway Or when you are a mobile user with your notebook or carrying along a security gate...

Страница 290: ...erver for remote clients to initiate the connection to establish VPN tunnels Or choose Client to create multiple L2TP VPN clients to establish VPN tunnels to remote gateways Moreover the security gate...

Страница 291: ...unt List User Account List lists your defined user accounts that can be accepted by the L2TP server User Account Configuration User Account Configuration window can let you specify the required parame...

Страница 292: ...an L2TP VPN tunnel Parameter Setup Example For Network A at HQ Following 3 tables list the parameter configuration for above example diagram of L2TP VPN server in Network A Use default value for thos...

Страница 293: ...tatus window shows your defined L2TP clients and their tunnel status Only some important information for all tunnels are shown in the list as following diagram Configuration for A L2TP Client Configur...

Страница 294: ...eway 2 or the mobile device can access the resources in the Intranet of Network A at headquarters via this established L2TP tunnel Usually these hosts at L2TP client peer access the Internet directly...

Страница 295: ...les Configuration Path L2TP Configuration L2TP Enable Client Server Client Configuration Path L2TP L2TP Client Configuration L2TP Client Enable Configuration Path L2TP Configuration for A L2TP Client...

Страница 296: ...rk A at HQ in a secured link However if the Default Gateway Remote Subnet parameter in the Security Gateway 2 is configured to Default Gateway the Internet accessing of L2TP Client peer also go throug...

Страница 297: ...set as the starting IP which assign to L2TP client IP Pool Ending Address A Must filled setting Specify the L2TP server ending IP of virtual IP pool It will set as the ending IP which assign to L2TP c...

Страница 298: ...button to enable user account Specify Username Fill in the username Specify Password Fill in the password Click save button to save user account When select Client in Client Server a series L2TP Clien...

Страница 299: ...mote LNS IP FQDN for this L2TP tunnel Fill in the IP address or FQDN Remote LNS Port A Must filled setting Specify the Remote LNS Port for this L2TP tunnel Fill in the value for LNS port Username A Mu...

Страница 300: ...is L2TP tunnel LCP Echo Type A Must filled setting Specify the LCP Echo Type for this L2TP tunnel Select Auto Auto setting the Interval and Max Failure Time Selected User defined Fill in the Interval...

Страница 301: ...ecurity gateway can establish a GRE VPN tunnel with remote gateway in headquarters Client hosts in these both Intranets of branch office and headquarters can make data communication each other In GRE...

Страница 302: ...illustrates the security gateway in headquarters playing the GRE server role In fact the GRE tunnel establishment can be started from either site The GRE tunnel is established by starting from GRE cl...

Страница 303: ...emote Subnet 10 0 75 0 24 Tunnel Enable Scenario Operation Procedure In above diagram Network A is in the headquarters and the subnet of its Intranet is 10 0 76 0 24 The security gateway for Network A...

Страница 304: ...via the GRE tunnel as shown in the diagram by configuring the GRE tunnel is the default gateway at GRE client peer the Internet accessing packets will be also sent to the Security Gateway 1 in Network...

Страница 305: ...ress of 10 0 76 2 for LAN interface and 203 95 80 22 for WAN interface It serves as a GRE server However Network B is in the branch office and the subnet of its Intranet is 10 0 75 0 24 The security g...

Страница 306: ...ption GRE Unchecked by default Click the Enable box to enable GRE function Max Concurrent GRE Tunnels 1 32 is set by default 2 Max of 32 connections It specifies the maximum number of simultaneous GRE...

Страница 307: ...ess of remote GRE tunnel gateway Normally this is the public IP address of the remote GRE gateway TTL 1 A Must fill setting 2 1 to 255 range Specify TTL hop count value for this GRE tunnel Keep alive...

Страница 308: ...Encapsulation Mode will not be available when DMVPN is not enabled Tunnel Unchecked by default Check Enable box to enable this GRE tunnel Save N A Click Save button to save the settings Undo N A Clic...

Страница 309: ...ing signature and Certificate authority It uses the OpenSSL encryption library extensively as well as the SSLv3 TLSv1 protocol and contains many security and control features Deploy a security gateway...

Страница 310: ...Index skipping is used to reserve slots for new function insertion when required 310...

Страница 311: ...urity gateway can play either OpenVPN Server role or OpenVPN Client role or they both You can define the both roles one after one Choose one role in the Configuration window and configure all required...

Страница 312: ...OpenVPN server for remote clients to establish VPN tunnels to it Or you can create multiple OpenVPN clients for the gateway to establish VPN tunnels to remote gateways The security gateway serves as t...

Страница 313: ...penVPN in TAP bridge mode OpenVPN TAP Server Configuration OpenVPN Server Configuration window can let you enable the OpenVPN server function define the pool of virtual IP addresses that will assign t...

Страница 314: ...way can be accessed from Network A at Control Center via this established OpenVPN tunnel Scenario Description OpenVPN Tunneling is a Client and Server based tunneling technology The OpenVPN Server mus...

Страница 315: ...ddress 10 0 76 200 IP Pool Ending Address 10 0 76 220 Gateway 10 0 76 253 Netmask 255 255 255 0 24 Encryption Cipher Blowfish Hash Algorithm SHA 1 LZO Compression Adaptive Scenario Operation Procedure...

Страница 316: ...ndow can let you enable the OpenVPN client function by checking the Enable box OpenVPN TAP Client List OpenVPN Client List window shows your defined OpenVPN clients and their tunnel status Only some i...

Страница 317: ...es as the OpenVPN VPN server Once the tunnel has been established Cellular Gateway or Serial based access devices can be accessed the resources in the Intranet of Network A at Control Center via this...

Страница 318: ...76 0 24 Authorization Mode TLS CA Cert RootCA Client Cert local Client key localkey Encryption Cipher Blowfish NAT Disable Hash Algorithm SHA 1 LZO Compression Adaptive Scenario Operation Procedure I...

Страница 319: ...hich is different from the local LAN Remote Hosts that dial in will get an IP address inside the Virtual network and will have access only to the server where OpenVPN resides If you want to give remot...

Страница 320: ...way can be accessed from Network A at Control Center via this established OpenVPN tunnel Scenario Description OpenVPN Tunneling is a Client and Server based tunneling technology The OpenVPN Server mus...

Страница 321: ...Blowfish Hash Algorithm SHA 1 LZO Compression Adaptive Scenario Operation Procedure In above diagram Network A is in the Control Center and the subnet of its Intranet is 10 0 76 0 24 The security gate...

Страница 322: ...ndow can let you enable the OpenVPN client function by checking the Enable box OpenVPN TAP Client List OpenVPN Client List window shows your defined OpenVPN clients and their tunnel status Only some i...

Страница 323: ...enVPN VPN server Once the tunnel has been established Cellular Gateway and Serial based access devices can be accessed the resources in the Intranet of Network A at Control Center via this established...

Страница 324: ...l Center and the subnet of its Intranet is 10 0 76 0 24 The security gateway for Network A has the IP address of 10 0 76 2 for LAN interface and 203 95 80 22 for WAN interface It serves as a OpenVPN s...

Страница 325: ...s assigned to the virtual router instead of a physical router If the physical router that is routing packets on behalf of the virtual router fails another physical router is selected to automatically...

Страница 326: ...cription When the master gateway is disabled of its Internet connection the backup gateway whose priority is the highest among the ones with alive Internet connection will take over the data communica...

Страница 327: ...re the redundant gateway group of Network A and the subnet of its Intranet is 10 0 75 0 24 The master gateway has the IP address of 10 0 75 1 for LAN interface 203 95 80 22 for WAN 1 interface However...

Страница 328: ...2 A Must filled setting Define the Virtual Server ID on VRRP of the router The value range is from 1 to 255 Priority of Virtual Server 1 Numberic String Format 2 A Must filled setting Define the Prior...

Страница 329: ...col it provides the communication between customer premises equipment CPE and Auto Configuration Servers ACS The Security Gateway is such CPE TR 069 is a customized feature for ISP It is not recommend...

Страница 330: ...elsewhere in the world the gateways in all branch offices must have an embedded TR 069 agent to communicate with the ACS server So that the ACS server can configure FW upgrade and monitor these gatew...

Страница 331: ...Gateway 1 is one of them and has 118 18 81 33 IP address for its WAN 1 interface When all remote gateways have booted up they will try to connect to the ACS server Once the connections are established...

Страница 332: ...rovide ACS password and manually set ConnectionRequest Port A Must filled setting You can ask ACS manager provide ACS ConnectionRequest Port and manually set ConnectionRequest Username A Must filled s...

Страница 333: ...nd applying a new configuration through remote modification of these variables The variables accessible via SNMP are organized in hierarchies These hierarchies and other metadata such as type and desc...

Страница 334: ...n for user authentication and data hashing and encryption In SNMPv3 SNMP protocol supports user privacy feature additionally By referring to above setting diagram there are 3 privacy modes authPriv au...

Страница 335: ...age some devices and they all have supported SNMP protocol use either one application scenario especially the management of devices in the Intranet In managing devices in the Internet the TR 069 is th...

Страница 336: ...reachable network The Gateway 1 is one of the managed devices and it has the IP address of 10 0 75 2 for LAN interface and 118 18 81 33 for WAN 1 interface It serves as a NAT router At first stage th...

Страница 337: ...The v1 box is checked by default 2 The v2c box is checked by default Select the version for the SNMP When Check the v1 box It means you can access SNMP by version 1 When Check the v2c box It means yo...

Страница 338: ...illed setting 3 String format any text Specify this version 1 or version v2c user s community that will be allowed Read Only GET and GETNEXT or Read Write GET GETNEXT and SET access respectively The m...

Страница 339: ...ode is authNoPriv or authPriv you must specify the Password for this version 3 user The minimum length of the password is 8 The maximum length of the password is 64 Authentication 1 None is selected b...

Страница 340: ...ess for this version 3 user to the subtree rooted at the given OID The range of the each OID number is 1 2080768 Enable 1 The box is checked by default Click Enable to enable this version 3 user Save...

Страница 341: ...led setting 2 String format any Ipv4 address Specify the trap Server IP The DUT will send trap to the server IP Server Port 1 String format any port number 2 The default SNMP trap port is 162 3 A Must...

Страница 342: ...thNoPriv You must specify the Authentication and Password Selected the authPriv You must specify the Authentication Password Encryption and Privacy Key Authentication 1 A v3 Must filled setting 2 None...

Страница 343: ...erprise Number 2 A Must filled setting 3 String format any number Specify the Enterprise Number for the particular private mib The range of the enterprise number is 1 2080768 Enterprise OID 1 The defa...

Страница 344: ...automate via scripting The device supports both Telnet and SSH Secure Shell CLI with default service port 23 and 22 respectively In Telnet with CLI page there are two configuration windows for the Tel...

Страница 345: ...lnet or SSH utility with privileged user name and password The data packets between the Local Admin and the Gateway or between the Remote Admin and the Gateway can be plain texts or encrypted texts Su...

Страница 346: ...1 33 for WAN 1 interface It serves as a NAT gateway The Local Admin in the Intranet uses Telnet utility with privileged account to login the Gateway Or the Remote Admin in the Internet uses SSH utilit...

Страница 347: ...y default Service Port is 22 Check the Telnet Enable box to activate telnet service Check the SSH Enable box to activate SSH service You can set which number of Service Port you want to provide for th...

Страница 348: ...rks multiplayer gaming and remote assistance programs need a way to communicate through home and business gateways Without IGD one has to manually configure the gateway to allow traffic through a proc...

Страница 349: ...teway of Network A and the subnet of its Intranet is 10 0 75 0 24 It has the IP address of 10 0 75 2 for LAN interface and 118 18 81 33 for WAN 1 interface There is one gaming station in the Intranet...

Страница 350: ...ew function insertion when required 350 UPnP Configuration Item Name Value Setting Description UPnP Default checked Check to enable UPnP functionality Save N A Click the Save button to save changes Un...

Страница 351: ...rs to issue certificates for them In a web of trust scheme the signer is either the key s owner a self signed certificate or other users endorsements whom the person examining the certificate might kn...

Страница 352: ...r organization is located State ST is the state where your organization is located Location L is the location where your organization is located Organization O is the name of your organization Organiz...

Страница 353: ...tes function The Root CA window can let you generate or delete the certificate of root CA Root CA Configuration window can let you fill required information necessary for generating the root CA Howeve...

Страница 354: ...cenario Application Timing When the enterprise gateway owns the root CA and VPN tunneling function it can generate its own local certificates by being signed by itself or import any local certificates...

Страница 355: ...he tables Configuration Path My Certificates Root CA Certificate Configuration Name HQRootCA Key Key Type RSA Key Length 1024 bits Subject Name Country C TW State ST Taiwan Location L Tainan Organizat...

Страница 356: ...e the whole user scenario Use default value for those parameters that are not mentioned in the tables Configuration Path My Certificates Local Certificate Configuration Name BranchCRT Self signed Key...

Страница 357: ...at is signed by itself Import the certificates of the root CA and HQCRT into the Trusted CA Certificate List and Trusted Client Certificate List of Gateway 2 Gateway 2 generates a Certificate Signing...

Страница 358: ...ion Organization Unit OU is the name of your organization unit Common Name CN is the name of your organization Email is the email of your organization It has to be email address setting only Extra Att...

Страница 359: ...om user s computer and click the Apply button to import the specified certificate file to the gateway PEM Encoded 1 String format can be any text 2 A Must filled setting This is an alternative approac...

Страница 360: ...let you copy the contents of dedicated CA certificate and paste them in the window to be a trusted one for the gateway Similarly the Trusted Client Certificate List window the Trusted Client Certifica...

Страница 361: ...x of those certificates and clicking on the Delete button The View button allows you to view the contents of the dedicated certificate and download them to the management PC by using the Download butt...

Страница 362: ...that all client hosts in these both subnets can communicate with each other Parameter Setup Example same as the one described in My Certificates section For Network A at HQ Following tables list the p...

Страница 363: ...teway 1 into the Trusted CA Certificate List and Trusted Client Certificate List of Gateway 2 Import the obtained BranchCRT certificate the derived BranchCSR certificate after Gateway 1 s root CA sign...

Страница 364: ...ard the import operation and the screen will return to the Trusted Certificates page Instead of importing a Trusted CA certificate with mentioned approaches you can also get the CA certificate from th...

Страница 365: ...ort the specified certificate file to the gateway Import from a PEM 1 String format can be any text 2 A Must filled setting This is an alternative approach to import a certificate You can directly fil...

Страница 366: ...the gateway Import from a PEM 1 String format can be any text 2 A Must filled setting This is an alternative approach to import a certificate key You can directly fill in Copy and Paste the PEM encode...

Страница 367: ...window let you browse the directories and file list of the managing PC to choose a CSR file and import it as the certificate signing request The gateway will generates the certificate based on the de...

Страница 368: ...d button The default name of the saved certification file is issued crt You need to change to a preferred file name Certificate Signing Request CSR Import from a PEM Copy the contents of one CSR in PE...

Страница 369: ...of the Gateway 1 sign it to be the BranchCRT certificate Import the certificate into the Gateway 2 as a local certificate In addition also imports the certificates of the root CA of the Gateway 1 int...

Страница 370: ...tificates of the root CA and HQCRT into the Trusted CA Certificate List and Trusted Client Certificate List of Gateway 2 Gateway 2 generates a Certificate Signing Request BranchCSR for its own certifi...

Страница 371: ...uest CSR Import from a File A Must filled setting It could select a certificate signing request file from user s computer for importing to DUT Certificate Signing Request CSR Import from a PEM 1 Strin...

Страница 372: ...ly one configuration window for the serial port settings The Configuration window can let you specify serial port parameters including the operation mode being Virtual COM Modbus or disabled the inter...

Страница 373: ...efault Select the appropriate baud rate for serial device communication RS 232 9600 19200 38400 57600 115200 RS 485 9600 19200 38400 57600 115200 230400 460800 Data Bits 8 is set by default Select 8 o...

Страница 374: ...user to access serial data remotely There are TCP Client TCP Server UDP and RFC2217 modes for remote accessing the connected serial device These operation modes are illustrated as below TCP Client Mod...

Страница 375: ...settings Finally the host computer can process the collected serial data and make further decisions Parameter Setup Example Following tables list the parameter configuration as an example for TCP Cli...

Страница 376: ...l try to establish a TCP connection to the gateway if the connection is off After the data has been transferred the TCP connection will be automatically disconnected from the host computer by using th...

Страница 377: ...vice via the gateway Scenario Description A remote Internet host computer whose IP address is 140 116 82 98 has a management system in it to collect the serial data from or send data to the serial dev...

Страница 378: ...RFC2217 can be used to install in the host computer the driver establishes a transparent connection between host and serial device by mapping the IP Port of the gateway s serial port to a virtual loca...

Страница 379: ...DP and RFC2217 modes for remote accessing the connected serial device To use the Virtual COM function you have to specify the operation mode for the multi function serial port first Go to Advanced Net...

Страница 380: ...Range 0 to 60 min Enter the idle timeout in minutes The idle timeout is used to disconnect the TCP connection when idle time elapsed Idle timeout is only available when On Demand is selected in the C...

Страница 381: ...d access control The TCP Server supports up to 4 simultaneous connections to receive serial data from multiple TCP clients Enable TCP Server Mode Window Item Value setting Description Operation Mode A...

Страница 382: ...specify the rule for selected Serial Port Enable The box is unchecked by default Check the Enable box to enable the rule Save N A Click Save button to save the settings Enable UDP Mode UDP User Datagr...

Страница 383: ...ess range of remote UDP hosts Remote Port 4001 is set by default Indicate the UDP port of peer UDP hosts Serial Port SPort 0 is set by default Apply the UDP hosts for a selected serial port Up to 4 UD...

Страница 384: ...Alive Check Timeout 0 is set by default Input the time period of alive check timeout The connection will be terminated if it doesn t receive response of alive check longer than this timeout setting E...

Страница 385: ...ial based protocols In order to integrate Modbus networks the IoT Gateway including a serial port that support RS 232 and RS 485 communication interface can automatically and intelligently translate b...

Страница 386: ...rs including the Slave ID the Ethernet or Serial type of interface and the serial protocol if Serial interface is chosen The third window Modbus TCP Configuration can let you specify related parameter...

Страница 387: ...d to the IoT Gateway the Modbus gateway And IoT Gateway executes corresponding processes and replies the Modbus TCP Master with the results Scenario Description The IoT Gateway serves as the Modbus ga...

Страница 388: ...ration Path Modbus Modbus Priority Priority 1 2 Settings IP Address 203 95 80 22 IP Address 203 95 80 23 Enable Enable Enable Scenario Operation Procedure In above diagram the IoT Gateway is the gatew...

Страница 389: ...r executing some actions and making responses then the scenario is adequate for the application The Modbus TCP Master requests the information of or sending control commands to the IoT Gateway the Mod...

Страница 390: ...mal operating the Modbus TCP Master sends requests to the IoT Gateway for obtaining information from or controlling to it via the general Internet accessing approach The IoT Gateway collects its own s...

Страница 391: ...dbus Slave Device Mode the AMIT gateway would act as a standalone Modbus slave role in a Modbus network Gateway information can be requested by the existed SCADA network for Modbus device Management A...

Страница 392: ...s gateway function Response Timeout 1000 in ms is set by default This sets the response timeout of the slave after master request sent If the slave does not response within the specified time data wou...

Страница 393: ...nd a 0Bh exception code message to Modbus Master to indicate that the slave device does not respond before the timeout has been reached Tx Delay Unchecked by default Check the Enable box to activate t...

Страница 394: ...o initiate a TCP connection Press Edit Button to select Master mode and other configuration in the following setting Modbus Serial Definition Window Item Value setting Description Serial Port N A It d...

Страница 395: ...nge 1 to 247 Enter the Modbus ID range of the remote Modbus Slave s that will respond to the Master s request Local Serial Port Unchecked by default Select the Serial port from which the Master s requ...

Страница 396: ...ble Slave attached Mode Note When operates in Slave attached mode the AMIT gateway will run in TCP server mode to wait for a TCP connection request Press Edit Button to select Slave mode and other con...

Страница 397: ...ters on the TCP network TCP Connection Configuration Window Item Value setting Description TCP Connection Idle Time 1 300 is set by default 2 Range 1 to 65535 Enter the idle timeout in seconds If the...

Страница 398: ...checked by default Check the Enable box to enable the rule in chosen Serial Port Enable Unchecked by default Check Enable box to enable this rule Save N A Click the Save button to save the settings Le...

Страница 399: ...ugh the settings described in the Modbus attached Mode section and the Legacy Modbus Slave Device Mode section 5 d 9 Data Logging Data Logging function is a very useful and also important feature for...

Страница 400: ...defined rules via Proxy Mode Rule Configuration to do the Data Acquisition by IoT Gateway itself automatically once the network connection between remote SCADA was lost unexpectedly the Proxy Mode wil...

Страница 401: ...and WEB UI admin user can download the resulting data over the internet intranet by FTP service or from WEB UI for further analysis Only when the FTP download item was checked as Enable then user can...

Страница 402: ...Logging function and ensure that storage media was ready to use on the IoT Gateway e g to plug an USB Stick in USB port or insert a microSD Card then click and check to enable the FTP download option...

Страница 403: ...ata Logging rule don t forget to choose the suitable rules for Proxy Mode enabling Once the rules adding finished we still can do further modification by clicking on the Edit button of those existing...

Страница 404: ...e to data logging function Export File Format CSV is set by default Choose the file format FTP download The box is unchecked by default Check the Enable box to activate to FTP download function It can...

Страница 405: ...y rules if the proxy mode is activated Slave ID Range 1 A Must filled setting 2 Range 1 to 247 Enter the Slave ID Range to send the proxy rules if the proxy mode is activated Proxy Mode The box is unc...

Страница 406: ...g list Function Name Code Read Coils is set by default The modbus protocol for read function Start Address 1 A Must filled setting 2 Range 0 to 65535 The modbus protocol for Start Address Start Addres...

Страница 407: ...ervice component of phone Web or mobile communication systems It uses standardized communications protocols to allow fixed line or mobile phone devices to exchange short text messages 14 SMS as used o...

Страница 408: ...isplays information such as the numbers of unread SMS messages total received SMS messages and SMS messages in free space Moreover a New SMS button can let you compose and send a new SMS message The S...

Страница 409: ...New SMS N A Click New SMS button a New SMS screen appears User can set the SMS setting from this screen Refer to New SMS in the next page SMS Inbox N A Click SMS Inbox button a SMS Inbox List screen a...

Страница 410: ...number from SMS Timestamp N A What time receive SMS SMS Text Preview N A Preview the SMS text Action The box is unchecked by default User can check the box then click Delete button to delete SMS User...

Страница 411: ...on The connection remains open allowing a two way exchange of a sequence of data This makes USSD more responsive than services that use SMS 1 In USSD page there are four windows for the USSD function...

Страница 412: ...ssion Scenario Scenario Application Timing When the administrator wants to uses the Voice Gateway to ask for some ISP s services through an USSD session the scenario is adequate for the application Fo...

Страница 413: ...ming setting profile and the USSD Command field shows 135 Click on the Send button to send out the USSD request via the gateway and the recevied response will appear at USSD Response line As you type...

Страница 414: ...e Comments is this profile comment USSD Request When send the USSD command the USSD Response screen will appear When click the Clear button the USSD Response will disappear USSD Request Item Value set...

Страница 415: ...re two windows for the Network Scan function The Configuration window can let you select which 3G 4G module physical interface is used to perform Network Scan and system will show the current used SIM...

Страница 416: ...dule and user need to select option at least one for all network type Scan Approach The box is Auto by default When Auto selected cellular module register automatically If the Manually selected Networ...

Страница 417: ...ateway via the SMS system Only these phones can SMS control the gateway Furthermore the SMS messages can be removed after being processed by the system to clear up the memory to receive more other man...

Страница 418: ...ssaging access control From which phone number the gateway will receive the management SMS messages or to which phone the gateway can issue the notification SMS messages A SMS based Remote Management...

Страница 419: ...iguration Path Remote Management Specific Phone Number Definition ID 1 Phone Number 8869116xxxxx Granted Functions Management Notification Enable Scenario Operation Procedure In above diagram the Cell...

Страница 420: ...ent Item Value setting Description SMS Remote Management The box is unchecked by default Check the Enable box to activate SMS Remote Management function Managing Events The box is unchecked by default...

Страница 421: ...fter it has been processed Delete All Received SMS N A Press the Active button to delete all the received SMS Security Key The box is unchecked by default Click the Enable box to enable the security k...

Страница 422: ...nt Definition Item Value setting Description Phone Number 1 Mobile telephone numbers format 2 A Must filled setting Specify the phone number that will issuing the SMS as the account identifier Applica...

Страница 423: ...tion to specify Modbus Event Handlers All box is unchecked by default Specify the related Handlers for the managing event Select Power Checkbox and select the handlers you want to specify Power Handle...

Страница 424: ...select profile from Digital Output DO Profile List to specify the DO Response Select SMS to specify the SMS Response Select SNMP Trap to specify the SNMP Trap Response Select Modbus and select profil...

Страница 425: ...n to specify WiFi Event Select Client Server Proxy and select the event condition to specify Client Server Proxy Event Select System Related and the event condition to specify System Related Event Han...

Страница 426: ...iber As SIM card plays an important role between service providers and subscribers some security mechanisms are required on SIM card to prevent any unauthorized access Imagining you are not aware that...

Страница 427: ...ower nearby and start to provide cellular related services After understanding the potential risk and purpose of SIM lock you should know how important and easy to finish this job Speaking of the purc...

Страница 428: ...ay model you purchased SIM Status It shows current status of selected SIM The status could be Ready Not Insert or SIM PIN Hereafter is the definition for each status Ready SIM card is inserted and rea...

Страница 429: ...get a PUK code to unlock SIM card SIM Lock Enable or disable SIM lock function Please always enter correct PIN code whenever you enable or disable SIM lock function If it s the first time to enable S...

Страница 430: ...re PIN code In this case the PUK Status will turns to PUK Lock In a normal situation it will display PUK Unlock Remaining Times Indicate the remaining times of failure trial for PUK code This number w...

Страница 431: ...inserted in SIM A slot for 3G 4G 1 WAN connection Configuration Configuration Path Mobile Applications SIM PIN Configuration Physical Interface 3G 4G 1 SIM Status SIM PIN SIM Selection SIM A SIM Func...

Страница 432: ...tting Sim Pin is the application of that allows user to enable disable or change sim card password It can also unlock the PUK when password is locked Configuration setting Go to Applications Mobile Ap...

Страница 433: ...w PIN Code that afresh configure the sim card Save N A Click the Save button to save the configuration SIM function Application Enable or Disable pin code password function even the change pin code fu...

Страница 434: ...setting Description Current PIN Code N A It need you fill in the current pin code password then you can change the pin code New PIN Code N A Fill in the PIN Code you want to change Verified New PIN Co...

Страница 435: ...ation Item Value setting Description Clean NA Clean text area You should click Save button to further clean the configuration already saved in the system Backup NA Backup and download configuration Sa...

Страница 436: ...The OpenVPN will use TLS authorization mode and the following items CA Cert Client Cert and Client Key need to specify as well OPENVPN_CA_CERT A Must filled Setting Specify the Trusted CA certificate...

Страница 437: ...ion Action Option Description clone Output file Duplicate the configuration content from database and stored as a configuration file ex txtConfig clone tmp config The contents in the configuration fil...

Страница 438: ...some gateways can whitelist TCP ports The MAC address of attached clients can also be set to bypass the login process This technique has occasionally been referred to as UAM Universal Access Method i...

Страница 439: ...from the pre defined external server object list Internal Captive Portal Before enabling internal Captive Portal function please go to System External Servers to define some external server objects l...

Страница 440: ...those parameters that are not mentioned in the tables Configuration Path DHCP Server DHCP Server Configuration DHCP Server Name DHCP 2 LAN IP Address 10 0 76 2 Subnet Mask 255 255 255 0 24 IP Pool 10...

Страница 441: ...t group hasn t been authenticated by the gateway So the gateway redirects the request to the UAM web page and asks the user to input correct account and password Once the user authentication process c...

Страница 442: ...Index skipping is used to reserve slots for new function insertion when required 442...

Страница 443: ...tions can be added by enable WAN interface in Basic Network WAN Physical Interface LAN Subnet A Must filled setting This field is to specify the LAN subnet of captive portal When DHCP 1 is selected me...

Страница 444: ...tional setting The domain names filled in this field can be accessed directly without direct to login page Authentication Server A Must filled setting This field is to specify the authentication serve...

Страница 445: ...dbus devices and D O devices which are already well connected to The supported events are categorized into two groups the notifying events and managing events The notifying events are the events that...

Страница 446: ...everal items they are the SMS Account Definition Email Service Definition Digital Input DI Profile Configuration Digital Output DO Profile Configuration and Modbus Definition Then you have to configur...

Страница 447: ...profile Managing Events Trigger Type SMS SNMP Trap DI and Modbus Handlers WAN behavior LAN VLAN behavior WIFI behavior NAT behavior Firewall behavior System Management System Related D O profile Resp...

Страница 448: ...a maximum of 5 accounts You can click the Edit button for each ID to edit the account SMS Account Definition Item Value setting Description Phone Number 1 Mobile telephone numbers format 2 A Must fill...

Страница 449: ...pply Email Server profile from External Server settings Email Addresses 1 Internet E mail address format 2 A Must filled setting Specify the Destination Email Addresses Enable The box is unchecked by...

Страница 450: ...e DI Profile Name DI Source ID1 by default Specify the DI Source It could be ID1 Normal Level Low by default Specify the Normal Level It could be Low or High Signal Active Time 1 Numberic String forma...

Страница 451: ...tal Signal Period 1 Numberic String format 2 A Must filled setting Specify the Total Signal Period It could be from 10 to 10000 milliseconds Repeat Counter The box is unchecked by default Check the En...

Страница 452: ...Read Function for Managing Events Write Function Write Single Registers by default Specify the Write Function for Notifying Events Modbus Mode Serial by default Specify the Modbus Mode It could be Se...

Страница 453: ...the configuration Undo NA Click the Undo button to restore what you just configured back to the previous setting Please note that the restored setting may not be the factory default setting but a ret...

Страница 454: ...tion to specify Modbus Event Handlers All box is unchecked by default Specify the related Handlers for the managing event Select Power Checkbox and select the handlers you want to specify Power Handle...

Страница 455: ...ult Click Enable box to activate this Managing Event setting Save NA Click the Save button to save the configuration Undo NA Click the Undo button to restore what you just configured back to the previ...

Страница 456: ...Proxy Event Select System Related and the event condition to specify System Related Event Handlers All box is unchecked by default Specify the Handlers to take reaction when the event is triggered Se...

Страница 457: ...rades Email alert and system log Go to System System Related tab Change Password Change password screen allows network administrator to change the web based utility login password to access gateway Go...

Страница 458: ...been upgraded and system configuration file has been loaded Go to System System Related System Information tab System Information Item Value Setting Description WAN Type N A It displays WAN Type of W...

Страница 459: ...og History Item Value setting Description View button N A Click on the View button to view Log History in Web Log List Window Email Now button N A Click on the Email Now button to send Log History via...

Страница 460: ...elect the type of event to log and be displayed in the Web Log List Window as described in the previous section Click on the View button to view Log History in the Web Log List window Web Log Type Cat...

Страница 461: ...pient s Email account Separate Email accounts with comma or semicolon Enter the Email account in the format of myemail domain com Subject String any text Enter an Email subject that is easy for you to...

Страница 462: ...one syslog server from the Server dropdown box to sent event log to If none has been available press Add Object button to create a syslog server Log type category Default unchecked Select the type of...

Страница 463: ...ternal is selected by default Select internal or external storage Log file name Default unchecked Set file name to save logs in storage Split file Enable Default unchecked Check to enable split file w...

Страница 464: ...Date _ index Define the output filename If left blank the device automatically assigns a name in the format of File Name _ index pcap Split Files 1 Optional setting 2 The default value of File Size is...

Страница 465: ...s to filter packets That means Packet Analyzer will only capture packets which match rules Capture Fitters Item Value setting Description Filter Optional setting When Enable is checked It means that P...

Страница 466: ...lter rule with Destination MACs which means the destination MAC address of packets Packets which match rules will be captured Multiple input is accepted but it must be seperated by e g AA BB CC DD EE...

Страница 467: ...which can be applied to other functionality Go to System Scheduling Schedule Settings Button description Item Value setting Description Add N A Click the Add button to configure time schedule rule De...

Страница 468: ...ate the function been applied to in the time period below Time Period Definition Item Value Setting Description Week Day Select from menu Select everyday or one of weekday Start Time Time format hh mm...

Страница 469: ...n will appear Host Group Configuration Item Value setting Description Group Name 1 String format can be any text 2 A Must filled setting Enter a group rule name Enter a name that is easy for you to un...

Страница 470: ...l appear File Extension Group Configuration Item Value setting Description Group Name 1 String format can be any text 2 A Must filled setting Enter a group rule name Enter a name that is easy for you...

Страница 471: ...an be added Include ace ari bzip2 bz2 cab gz gzip rar sit and zip When Execution is selected there are total eight file extension names about execution can be added Include bas bat com exe inf pif reg...

Страница 472: ...P2P is selected there are total seven P2P application can be added Include BT eDonkey eMule Shareaza HTTP Multiple Thread Download Thunder Baofeng When Proxy is selected there are three proxy applica...

Страница 473: ...text Then check Enable box to add this server Syslog Server A Must filled setting When Syslog Server is selected it means the option External Servers is set Syslog Server Server Port will be set 514 b...

Страница 474: ...ormat any text N AS Gateway ID String format any text Location ID String format any text Location Name String format any text Then check Enable box to add this server TACACS Server A Must filled setti...

Страница 475: ...he setting allows administrator to enable automatic logout and set the logout idle time When the Time out is disabled the system will not logout the administrator automatically Go to System MMI Web UI...

Отзывы: