manualshive.com logo in svg

Amit IWP87DAM-07151, Руководство пользователя

Поделиться
Скачать
Amit IWP87DAM-07151 Скачать руководство пользователя страница 147

PoE

 

AP

 

Router

 

 

147 

 

3.5.2

  

My

 

Certificate

  

 

My

 

Certificate

 

includes

 

a

 

Local

 

Certificate

 

List.

 

Local

 

Certificate

 

List

 

shows

 

all

 

generated

 

certificates

 

by

 

the

 

root

 

CA

 

for

 

the

 

gateway.

 

And

 

it

 

also

 

stores

 

the

 

generated

 

Certificate

 

Signing

 

Requests

 

(CSR)

 

which

 

will

 

be

 

signed

 

by

 

other

 

external

 

CAs.

 

The

 

signed

 

certificates

 

can

 

be

 

imported

 

as

 

the

 

local

 

ones

 

of

 

the

 

gateway.

 

 

Self

signed

 

Certificate

 

Usage

 

Scenario

 

 

 

 

Scenario

 

Application

 

Timing

 

When

 

the

 

enterprise

 

gateway

 

owns

 

the

 

root

 

CA

 

and

 

VPN

 

tunneling

 

function,

 

it

 

can

 

generate

 

its

 

own

 

local

 

certificates

 

by

 

being

 

signed

 

by

 

itself

 

or

 

import

 

any

 

local

 

certificates

 

that

 

are

 

signed

 

by

 

other

 

external

 

CAs.

 

Also

 

import

 

the

 

trusted

 

certificates

 

for

 

other

 

CAs

 

and

 

Clients.

 

In

 

addition,

 

since

 

it

 

has

 

the

 

root

 

CA,

 

it

 

also

 

can

 

sign

 

Certificate

 

Signing

 

Requests

 

(CSR)

 

to

 

form

 

corresponding

 

certificates

 

for

 

others.

 

These

 

certificates

 

can

 

be

 

used

 

for

 

two

 

remote

 

peers

 

to

 

make

 

sure

 

their

 

identity

 

during

 

establishing

 

a

 

VPN

 

tunnel.

 

Scenario

 

Description

 

Gateway

 

1

 

generates

 

the

 

root

 

CA

 

and

 

a

 

local

 

certificate

 

(HQCRT)

 

signed

 

by

 

itself.

 

Import

 

a

 

trusted

 

certificate

 

(BranchCRT)

 

–a

 

BranchCSR

 

certificate

 

of

 

Gateway

 

2

 

signed

 

by

 

root

 

CA

 

of

 

Gateway

 

1.

 

Gateway

 

2

 

creates

 

a

 

CSR

 

(BranchCSR)

 

to

 

let

 

the

 

root

 

CA

 

of

 

the

 

Gateway

 

1

 

sign

 

it

 

to

 

be

 

the

 

BranchCRT

 

certificate.

 

Import

 

the

 

certificate

 

into

 

the

 

Gateway

 

2

 

as

 

a

 

local

 

certificate.

 

In

 

addition,

 

also

 

import

 

the

 

certificates

 

of

 

the

 

root

 

CA

 

of

 

the

 

Gateway

 

1

 

into

 

the

 

Gateway

 

2

 

as

 

the

 

trusted

 

ones.

 

(Please

 

also

 

refer

 

to

 

following

 

two

 

sub

sections)

 

Establish

 

an

 

IPSec

 

VPN

 

tunnel

 

with

 

IKE

 

and

 

X.509

 

protocols

 

by

 

starting

 

from

 

either

 

peer,

 

so

 

that

 

all

 

Содержание IWP87DAM-07151

Страница 1: ...PoE AP Router IWP87DAM 07151 User Manual...

Страница 2: ...NG 13 1 5 3 HOT SURFACE CAUTION 14 1 6 Hardware Installation 15 1 6 1 Mount the Unit 15 1 6 2 Connecting Power 15 1 6 3 Power Supply Installation 16 1 6 5 Connecting DI DO Devices 18 1 6 6 Connecting...

Страница 3: ...uration 103 2 5 2 Virtual Server Virtual Computer 104 2 5 3 DMZ Pass Through 110 2 6 Routing 113 2 6 1 Static Routing 114 2 5 2 Dynamic Routing 117 2 6 3 Routing Information 125 2 7 DNS DDNS not suppo...

Страница 4: ...4 2 1 Data Logging Configuration 186 4 2 2 Scheme Setup 188 4 2 3 Log File Management 190 Chapter 5 Security 192 5 1 VPN 192 5 1 1 IPSec 193 5 1 2 OpenVPN 208 5 2 Firewall 221 5 2 1 Packet Filter not...

Страница 5: ...6 3 FTP 269 6 3 1 Server Configuration 270 6 3 2 User Account 272 6 4 Diagnostic 273 6 4 1 Diagnostic Tools 273 6 4 2 Packet Analyzer 274 Chapter 7 Service 277 7 1 Cellular Toolkit not supported 277...

Страница 6: ...y 304 8 3 1 VPN Status 304 8 3 2 Firewall Status 307 8 4 Administration 310 8 4 1 Configure Manage Status 310 8 4 2 Log Storage Status 312 8 5 Statistics Report 313 8 5 1 Connection Session 313 8 5 2...

Страница 7: ...DHCP server and many other powerful features for outdoor IP surveillance applications The redundancy design in fallback 24 56 VDC power terminal and dual SIM cards make the data transmission and netw...

Страница 8: ...1 2 1 Package Contents Standard Package Items Description Contents Quantity 1 IWP87DAM 07151 PoE AP Router 1pcs 2 8 pin Terminal Block 1pcs 3 4 pin Terminal Block 1pcs 4 CD Manual 1pcs 5 DIN Rail Bra...

Страница 9: ...Items Description Contents Comments 1 Power Supply SDR 120 48 INPUT 100 240VAC 1 4A 50 60Hz OUTPUT 48V 2 5A Total Watt 120W 2 Power Supply SDR 240 48 INPUT 100 240VAC 2 6A 50 60Hz OUTPUT 48V 5A Total...

Страница 10: ...will restore to factory default settings WiFi Antenna All the 2 4G 5GHz and 5GHz WiFi antennas are optional accessory and not included in the standard package You need to purchase the suitable antenn...

Страница 11: ...PoE AP Router 11 Left View DC Power Terminal Block Earth Ground Screw DI DO Terminal Block...

Страница 12: ...lowly there could be power issue Please check the Power Supply voltage or the connected devices LAN 1 LAN 4 WAN Green Steady ON Ethernet connection of LAN or WAN is established Flash Data packets are...

Страница 13: ...h or Linux based operating system An installed Ethernet adapter Browser Requirements Internet Explorer 6 0 or higher Chrome 2 0 or higher Firefox 3 0 or higher Safari 3 0 or higher 1 5 2 WARNING Only...

Страница 14: ...temperature for the metallic enclosure can be very high Especially after operating for a long time installed at a close cabinet without air conditioning support or in a high ambient temperature space...

Страница 15: ...nd PWR2 If the voltage difference between PWR1 and PWR2 is greater than 5 0 volt this is the case for using two power supplys with the different external spec such as 48V and 24V the power control cir...

Страница 16: ...power to the gateway Hereunder is an example for the Industrial power supply installation AC Power Cable Installation The power supply unit power requirement is 100 240V AC 50 60Hz with power input l...

Страница 17: ...connect to PWR and then V connect to GND After that pulg in the terminal block to the socket at the side of the gateway Finally connect the power plug of the power supply cable to an outlet then the p...

Страница 18: ...Please refer to following specification to connect DI and DO devices Mode Specification Digital Input Trigger Voltage high Logic level 1 5V 30V Normal Voltage low Logic level 0 0V 2V Digital Output V...

Страница 19: ...GND RXD TXD GND RS 485 GND DATA DATA GND 1 6 7 Connecting to the Network or a Host The IWP87D series provides RJ45 ports to connect 10 100 1000Mbps Ethernet It can auto detect the transmission speed o...

Страница 20: ...ss http 192 168 123 254 1 When you see the login page enter the password admin 2 and then click Login button 1 The default LAN IP address of this gateway is 192 168 123 254 If you change it you need t...

Страница 21: ...rious connection protocols to let gateways or user s devices dial in ISPs and then link to the Internet via different kinds of transmit media So the WAN Connection lets you specify the WAN Physical In...

Страница 22: ...ion windows Physical Interface List and Interface Configuration Physical Interface List window shows all the available physical interfaces After clicking on the Edit button for the interface in Physic...

Страница 23: ...ilover A failover interface is a backup connection to the primary That means only when its primary WAN connection is broken the backup connection will be started up to substitute the primary connectio...

Страница 24: ...heckbox is activated it can allow the Failover interface to be connected continuously from system booting up Failover WAN interface just keeps connecting without data traffic The purpose is to shorten...

Страница 25: ...nfiguration Item Value setting Description Physical Interface 1 A Must fill setting 2 WAN 1 is the primary interface and is factory set to Always on Select one expected interface from the available in...

Страница 26: ...this WAN interface Select Failover to make this WAN a Failover WAN when the primary or the secondary WAN link failed Then select the primary or the existed secondary WAN interface to switch Failover...

Страница 27: ...iguration and related configuration windows for each WAN type For the Internet setup of each WAN interface you must specify its WAN type of physical interface first and then its related parameter conf...

Страница 28: ...ss network you can setup a WiFi Uplink connection by using the gateway device This gateway can support 802 11ac n g b data connection and it can connect to a wireless network access point under the re...

Страница 29: ...eless Uplink connection The supporting of bridge mode depends on the product specification if the purchased device doesn t support the bridge mode it will be greyed out from selection When NAT Disable...

Страница 30: ...tatus Check Interval defines the transmitting interval between two DNS Query or ICMP checking packets Check Timeout defines the timeout of each DNS query ICMP Latency Threshold defines the tolerance t...

Страница 31: ...is more expensive but very importat for cooperate requirement Dynamic IP The assigned IP address for the WAN by a DHCP server is different every time It is cheaper and usually for consumer use PPP ove...

Страница 32: ...er the host name provided by your Service Provider ISP Registered MAC Address An optional setting Enter the MAC address that you have registered with your service provider Or Click the Clone button to...

Страница 33: ...address given by your Service Provider WAN Type PPPoE When you select it PPPoE WAN Type Configuration will appear Items and setting is explained below PPPoE WAN Type Configuration Item Value setting...

Страница 34: ...lled setting Enter the WAN subnet mask given by your Service Provider WAN Gateway A Must filled setting Enter the WAN gateway IP address given by your Service Provider When Dynamic IP is selected ther...

Страница 35: ...WAN gateway IP address given by your Service Provider When Dynamic IP is selected there are no above settings required Server IP Address Name A Must filled setting Enter the L2TP server name or IP Ad...

Страница 36: ...tically once it has been booted up and try to reconnect once the connection is down It s recommended to choose this scheme if for mission critical applications to ensure full time Internet connection...

Страница 37: ...tor connection status continuous To do it ICMP Check and FQDN Query are used to check When there is trafiic of connection checking packet will waste bandwidth Response time of replied packets may also...

Страница 38: ...ts the best MTU for best Internet connection performance NAT 1 An optional setting 2 NAT is enabled by default Enable NAT to apply NAT on the WAN connection Uncheck the box to disable NAT function Net...

Страница 39: ...filled setting 2 Disable is set by default Enable IGMP Internet Group Management Protocol would enable the router to listen to IGMP packets to discover which interfaces are connected to which device...

Страница 40: ...elect strategy according to application requirement and environment status The strategies are explained as below By Smart Weight If based on By Smart Weight strategy gateway will take the line speed s...

Страница 41: ...dress is not only a single IP but also a subnet or IP range Destination port can be a single port or port range You can select one target for one mapping to setup IP address and leave others just left...

Страница 42: ...PoE AP Router 42 If packets no belong to user policy rule the gateway just routes those packets based on smart weight algorithm...

Страница 43: ...Load Balance Strategy Configuration Item Value setting Description Load Balance Unchecked by default Check the Enable box to activate Load Balance function Load Balance Strategy 1 A Must filled setti...

Страница 44: ...alue Range 1 99 Note The sum of all weights can t be greater than 100 Save NA Click the Save button to save the configuration Undo NA Click the Undo button to restore what you just configured back to...

Страница 45: ...s Single IP Specify a unique IP Address for the traffics come to the IP Input format is xxx xxx xxx xxx e g 192 168 123 101 Domain Name Specify the domain name for the traffics come to the domain Dest...

Страница 46: ...his device The network device s on your network must use the LAN IP address of this device as their Default Gateway You can change it if necessary Note It s also the IP address of web UI If you change...

Страница 47: ...ed setting 2 lo is set by default Specify the Interface type It can be lo or br0 IP Address 1 An Optional setting 2 192 168 123 254 is set by default Enter the addition IP address for this device Subn...

Страница 48: ...Port based VLAN function can group Ethernet ports Port 1 Port 4 and WiFi Virtual Access Points VAP 1 VAP 8 together for differentiated services like Internet surfing multimedia enjoyment VoIP talking...

Страница 49: ...ts VAP 1 VAP 8 together with different VLAN tags for deploying subnets in Intranet All packet flows can carry with different VLAN tags even at the same physical Ethernet port for Intranet These flows...

Страница 50: ...s equipped with DHCP 3 server to construct a 192 168 12 x subnet He also configure Meeting Rooms segment with VLAN ID 11 The VLAN group is equipped with DHCP 2 server to construct a 192 168 11 x subne...

Страница 51: ...cify members of one VLAN group to be able to access Internet or not Following is an example that VLAN groups of VID is 2 and 3 can access Internet but the one with VID is 1 cannot access Internet That...

Страница 52: ...mmunication pair and one VLAN group can join many communication pairs But communication pair doesn t have the transitive property That is A can communicate with B and B can communicate with C it doesn...

Страница 53: ...VLAN ID Tag based Tag based VLAN allows you to add VLAN ID and select member and DHCP Server for this VLAN ID Go to Tag based VLAN List table Save NA Click the Save button to save the configuration Po...

Страница 54: ...xts Define the Name of this rule It has a default text and cannot be modified VLAN ID A Must filled setting Define the VLAN ID number range is 1 4094 VLAN Tagging Disable is selected by default The ru...

Страница 55: ...function for the VLAN group DHCP Server IP Address for DHCP Relay only A Must filled setting If you select Relay type of DHCP Server assign a DHCP Server IP Address that the gateway will relay the DHC...

Страница 56: ...CP Server wants to match IP Address A Must filled setting Define the IP Address that the DHCP Server will assign If there is a request from the MAC Address filled in the above field the DHCP Server wi...

Страница 57: ...ace If uncheck a certain VLAN ID box it means the VLAN ID member can t access Internet anymore Note VLAN ID 1 is available always it is the default VLAN ID of LAN rule The other VLAN IDs are available...

Страница 58: ...ed setting Define the VLAN ID number range is 6 4094 Internet Access The box is checked by default Click Enable box to allow the members in the VLAN group access to internet Port The box is unchecked...

Страница 59: ...ay LAN interface with its default Subnet Mask setting as 255 255 255 0 and its default IP Pool ranges is from 100 to 200 as shown at the DHCP Server List page on gateway s WEB UI User can add more DHC...

Страница 60: ...xed IP address to map the specific client MAC address by select them then copy when targets were already existed in the DHCP Client List or to add some other Mapping Rules by manually in advance once...

Страница 61: ...o assign IP Addresses to the devices on the local area network LAN Create Edit DHCP Server Policy The gateway allows you to custom your DHCP Server Policy If multiple LAN ports are available you can d...

Страница 62: ...Server Primary DNS IPv4 format The Primary DNS of this DHCP Server Secondary DNS IPv4 format The Secondary DNS of this DHCP Server Primary WINS IPv4 format The Primary WINS of this DHCP Server Seconda...

Страница 63: ...vious setting Back N A When the Back button is clicked the screen will return to the DHCP Server Configuration page View Copy DHCP Client List When DHCP Client List button is applied DHCP Client List...

Страница 64: ...uration Item Value setting Description Option Name 1 String format can be any text 2 A Must filled setting Enter a DHCP Server Option name Enter a name that is easy for you to understand DHCP Server S...

Страница 65: ...P list 4 URL format 5 A Must filled setting Should conform to Type Type Value 66 Single IP Address IPv4 format Single FQDN FQDN format 72 IP Addresses List separated by IPv4 format separated by 114 Si...

Страница 66: ...tput power per cable is 15 4W for IEEE 802 3af PD device and 30W for IEEE802 3at PD device However to make the PoE cellular gateway provide required power through the Ethernet cables you have to prepa...

Страница 67: ...can be 120Watts 60Watts or Manual If you select Manaual you have to enter the power budget With specified power budget the PoE gateway can monitor whether the connected PD devices caused power overfl...

Страница 68: ...No Action or Power off on Select Power off on to restart the PD device if required PD Power Overload No Action by default Specify the the action to take when the PD Power overflow occurs for a certai...

Страница 69: ...al bands of operation There are several wireless operation modes provided by this device They are AP Router Mode WDS Only Mode and WDS Hybrid Mode You can choose the expected mode from the wireless op...

Страница 70: ...face tab the WiFi uplink function is activated However for the wireless LAN function of the module worked under WiFi uplink operation it also provide AP Router function for local wireless clients to c...

Страница 71: ...i gateways as a WiFi repeater chain with all gateways setup as WDS Only mode All gateways can communicate with each other through WiFi All wired client hosts within each gateway can also communicate e...

Страница 72: ...gateways and AP are under WDS hybrid mode To setup WDS hybrid mode it need to fill all configuration items similar to that of AP router and WDS modes Multiple VAPs VAP Virtual Access Point is functio...

Страница 73: ...ed wirelessly over the air The wireless gateway supports Shared WPA PSK WPA2 PSK and WPA WPA2 authentication You can select one authentication scheme to validate the wireless clients while they are co...

Страница 74: ...on band for the WiFi module Basically this setting is fixed and cannot be changed once the module is integrated into the product However there is some module with selectable band for user to choose ac...

Страница 75: ...is function By default the box is checked it means that stations which associated to different VAPs cannot communicate with each other Multiple AP Names 1 A Must filled setting 2 VAP1 and VAP8 are act...

Страница 76: ...security there are several authentication methods supported Client stations should provide the key when associate with this device When Open is selected The check box named 802 1x shows up next to th...

Страница 77: ...WEP without upgrading hardware Enter a Pre shared Key for it The length of key is from 8 to 63 characters AES The newest encryption system in WiFi it also designed for the fast 802 11n high bitrates...

Страница 78: ...authentication methods supported Client stations should provide the key when associate with this device When Open is selected The check box named 802 1x shows up next to the dropdown list 802 1x The b...

Страница 79: ...it The length of key is from 8 to 63 characters AES The newest encryption system in WiFi it also designed for the fast 802 11n high bitrates schemes Enter a Pre shared Key for it The length of key is...

Страница 80: ...P to configure its setting at a time Enable Check the enable box to activate the selected VAP Max STA Limit the maximum number of client station Check this box and enter a limitation The box is unchec...

Страница 81: ...t The default value is 1812 RADIUS Shared Key When Shared is selected The pre shared WEP key should be set for authenticating When Auto is selected The device will select Open or Shared by requesting...

Страница 82: ...it The length of key is from 8 to 63 characters You are recommended to use AES encryption instead of any others for security Save N A Click the Save button to save the current configuration Undo N A C...

Страница 83: ...ever there is some module with selectable band for user to choose according to his network environment Under such situation you can specify which operation band is suitable for the application Multipl...

Страница 84: ...s device Rate N A It shows the data rate between client and this device RSSI0 RSSI1 N A It shows the RX sensitivity RSSI value for each radio path Signal N A The signal strength between client and thi...

Страница 85: ...asic Network WiFi Advanced Configuration Tab Select Target WiFi Target Configuration Item Value setting Description Module Select A Must filled setting Select the WiFi module to check the information...

Страница 86: ...jitter when transmitting multimedia content over a wireless connection Short GI By default 400ns is selected Short GI Guard Interval is defined to set the sending interval between each packet Note th...

Страница 87: ...d operation band for the WiFi module Basically this setting is fixed and cannot be changed once the module is integrated into the gaye product However there are some module with selectable band for us...

Страница 88: ...and decide whether to broadcast the SSID or not The SSID is used for identifying from another AP and client stations will associate with AP according to SSID If the broadcast SSID option is enabled i...

Страница 89: ...on system in WiFi it also designed for the fast 802 11n high bitrates schemes Enter a Preshared Key for it The length of key is from 8 to 63 characters You are recommended to use AES encryption instea...

Страница 90: ...0 Once you selected an AP from the AP list the channel SSID Authentication Encryption and MAC address will be automatically filled into the profile you just have to enter a key for the uplink connecti...

Страница 91: ...fies aspects of address assignment stateless address auto configuration network renumbering and router announcements when changing Internet connectivity providers 2 4 1 IPv6 Configuration The IPv6 Con...

Страница 92: ...dressing type in the information provided by your ISP to setup the IPv6 network DHCPv6 DHCP in IPv6 does the same function as DHCP in IPv4 The DHCP server sends IP address DNS server addresses and oth...

Страница 93: ...DSLAM on the ISP side provides IPv6 configuration upon receiving PPPoEv6 client request When PPPoEv6 server gets client request and successfully authenticates it the server sends IP address DNS server...

Страница 94: ...net IPv4 to IPv6 migration 6in4 uses tunneling to encapsulate IPv6 traffic over explicitly configured IPv4 links As defined in RFC 4213 the 6in4 traffic is sent over the IPv4 Internet inside IPv4 pack...

Страница 95: ...ust filled setting Define the selected IPv6 WAN Connection Type to establish the IPv6 connectivity Select Static IPv6 when your ISP provides you with a set IPv6 addresses Then go to Static IPv6 WAN Ty...

Страница 96: ...Secondary DNS An optional setting Enter the WAN secondary DNS Server MLD Snooping The box is unchecked by default Enable Disable the MLD Snooping function LAN Configuration LAN Configuration Item Val...

Страница 97: ...ed by default Enter the WAN secondary DNS Server MLD The box is unchecked by default Enable Disable the MLD Snooping function LAN Configuration LAN Configuration Item Value setting Description Global...

Страница 98: ...onnection If you want more information please contact your ISP Value Range 0 45 characters Connection Control Fixed value The value is Auto reconnect Always on MTU A Must filled setting Enter the MTU...

Страница 99: ...optional setting Enter the WAN secondary DNS Server MLD The box is unchecked by default Enable Disable the MLD Snooping function LAN Configuration LAN Configuration Item Value setting Description Glob...

Страница 100: ...Must filled setting Filled Client IPv6 Address gotten from tunnel broker in this field Primary DNS An optional setting Enter the WAN primary DNS Server Secondary DNS An optional setting Enter the WAN...

Страница 101: ...rtisement Lifetime A Must filled setting Enter the Router Advertisement Lifetime in seconds 200 is set by default Value Range 0 65535 Select Stateful to manage the Local Area Network to be Stateful DH...

Страница 102: ...nd activates the NAT function You also can disable the NAT function in Basic Network WAN Uplink Internet Setup WAN Type Configuration page Usually all local hosts or servers behind corporate gateway a...

Страница 103: ...ther side are you in accessing the email server at the LAN side or at the WAN side you don t need to change the IP address of the mail server Configuration Setting Go to Basic Network Port Forwarding...

Страница 104: ...ehind office gateway You can set up those servers by using Virtual Server feature After trip if want to access those servers from LAN side by global IP without change original setting NAT Loopback can...

Страница 105: ...ou to access the WAN global IP address from your inside NAT local network It is useful when you run a server inside your network For example if you set a mail server at LAN side your local devices can...

Страница 106: ...o activate this port forwarding function Virtual Computer The box is checked by default Check the Enable box to activate this port forwarding function Save N A Click the Save button to save the settin...

Страница 107: ...tting above Protocol A Must filled setting When ICMPv4 is selected It means the option Protocol of packet filter rule is ICMPv4 Apply Time Schedule to this rule otherwise leave it as Always refer to S...

Страница 108: ...rt range and Private Port can be selected Single Port or Port Range Value Range 1 65535 for Public Port Private Port When GRE is selected It means the option Protocol of packet filter rule is GRE When...

Страница 109: ...d Virtual Computer Rule Configuration screen will appear Virtual Computer Rule Configuration Item Value setting Description Global IP A Must filled setting This field is to specify the IP address of t...

Страница 110: ...not expected to receive by applications in the gateway or by other client hosts in the Intranet Certainly the DMZ host is also protected by the gateway firewall Activate the feature and specify the DM...

Страница 111: ...he corresponding checkbox to activate it DMZ Pass Through Setting Go to Basic Network Port Forwarding DMZ Pass Through tab The DMZ host is a host that is exposed to the Internet cyberspace but still w...

Страница 112: ...number of WAN interfaces for the product Pass Through Enable The boxes are checked by default Check the box to enable the pass through function for the IPSec PPTP and L2TP With the pass through functi...

Страница 113: ...to various network destinations Thus constructing routing tables which are held in the router s memory is very important for efficient routing Most routing algorithms use only one network path at a ti...

Страница 114: ...packets to be transferred via which gateway interface and which peer gateway to their destination It can be carried out by the Static Routing feature Dedicated packet flows from the Intranet will be r...

Страница 115: ...one When Add or Edit button is applied the Static Routing Rule Configuration window will appear to let you define a static routing rule Enable Static Routing Just check the Enable box to activate the...

Страница 116: ...Format 2 A Must filled setting Specify the Gateway IP of this static routing rule Interface Auto is set by default Select the Interface of this static routing rule It can be Auto or the available WAN...

Страница 117: ...upports dynamic routing protocols including RIPv1 RIPv2 Routing Information Protocol OSPF Open Shortest Path First and BGP Border Gateway Protocol for you to establish routing table automatically The...

Страница 118: ...ting protocol that uses link state routing algorithm It is the most widely used interior gateway protocol IGP in large enterprise networks It gathers link state information from available routers and...

Страница 119: ...within one AS will links with some other border gateways for exchanging routing information It will distribute the collected data in AS to all routers in other AS As shown in the diagram BGP 0 is gat...

Страница 120: ...individually The RIP Configuration window lets you choose which version of RIP protocol to be activated or disable it The OSPF Configuration window can let you activate the OSPF dynamic routing protoc...

Страница 121: ...OSPF configuration setting allows user to customize OSPF protocol through the router based on their office setting OSPF Configuration Item Value setting Description OSPF Disable is set by default Clic...

Страница 122: ...st rules It supports up to a maximum of 32 rule sets When Add button is applied OSPF Area Rule Configuration screen will appear OSPF Area Configuration Item Value setting Description Area Subnet 1 Cla...

Страница 123: ...d setting The ASN Number of this router on BGP protocol Value Range 1 4294967295 Router ID 1 IPv4 Format 2 A Must filled setting The Router ID of this router on BGP protocol Create Edit BGP Network Ru...

Страница 124: ...to a maximum of 32 rule sets When Add button is applied BGP Neighbor Rule Configuration screen will appear BGP Neighbor Configuration Item Value setting Description Neighbor IP 1 IPv4 Format 2 A Must...

Страница 125: ...IPv4 Format Subnet Mask N A Routing record of Subnet Mask IPv4 Format Gateway IP N A Routing record of Gateway IP IPv4 Format Metric N A Routing record of Metric Numeric String Format Interface N A R...

Страница 126: ...PoE AP Router 126 2 7 DNS DDNS not supported Not supported feature for the purchased product leave it as blank...

Страница 127: ...cess It is indeed required that an access gateway satisfies the requirements of latency critical applications minimum access right guarantee fair bandwidth usage for same subscribed condition and flex...

Страница 128: ...can be based on VLAN ID MAC Address IP Address Host Name or Packet Length Differentiated Services Specify the service type in a QoS rule for the target packets to be applied on Differentiated services...

Страница 129: ...e depends on model Outbound Inbound Control One QoS rule can be applied to the outbound or inbound direction of packet flow even them both This feature depends on model Two QoS rule examples are liste...

Страница 130: ...to the code value AF Class2 High Drop he can use the Rule based QoS function to carry out this rule by defining an QoS rule as shown in above configuration Under such configuration all packets from W...

Страница 131: ...nction Configuration Item Value Setting Description QoS Type 1 Software is selected by default 2 The box is unchecked by default Select the QoS Type from the dropdown list and then click Enable box to...

Страница 132: ...n the following WAN Interface Resource screen will show the related resources for configuration Bandwidth of Upstream Downstream Specify total upload download bandwidth of the selected WAN Value Range...

Страница 133: ...WAN interface to apply the QoS rule Select All WANs or a certain WAN n to filter the packets entering to or leaving from the interface s Group 1 A Must filled setting 2 Src MAC Address is selected by...

Страница 134: ...min rate max rate and rate unit as the bandwidth settings in the Control Function Set MINR MAXR field Connection Sessions Select Connection Sessions as the resource type for the QoS Rule and you have...

Страница 135: ...oup will have his own QoS service resource as specified in the rule Group Control If Group Control is selected all the group hosts share the same QoS service resource Time Schedule 1 A Must filled set...

Страница 136: ...ription Item Value setting Description Add N A Click the Add button to configure time schedule rule Delete N A Click the Delete button to delete selected rule s When Add button is applied Time Schedul...

Страница 137: ...ect everyday or one of weekday Start Time Time format hh mm Start time in selected weekday End Time Time format hh mm End time in selected weekday Save N A Click Save to save the settings Undo N A Cli...

Страница 138: ...PoE AP Router 138 3 2 User not supported Not supported feature for the purchased product leave it as blank...

Страница 139: ...Name 1 String format can be any text 2 A Must filled setting Enter a group name for the rule It is a name that is easy for you to understand Member List NA This field will indicate the hosts members c...

Страница 140: ...Add the members to the group in this field You can enter the member information as specified in the Member Type above and press the Join button to add Only one member can be add at a time so you have...

Страница 141: ...Server Go to Object Definition External Server External Server tab The External Server setting allows user to add external server Create External Server When Add button is applied External Server Con...

Страница 142: ...t 1 The values must be between 1 and 60 Idle Timeout By default 1 The values must be between 1 and 15 Secondary Shared Key String format any text Authentication Protocol By default CHAP is selected Se...

Страница 143: ...r the external server Server Port A Must filled setting Specify the Port used for the external server If you selected a certain server type the default server port number will be set For Email Server...

Страница 144: ...endorsements whom the person examining the certificate might know and trust The device also plays as a CA role Certificates are an important component of Transport Layer Security TLS sometimes called...

Страница 145: ...fier in the signature algorithm identifier of certificates Subject Name A Must filled setting This field is to specify the information of certificate Country C is the two letter ISO code for the count...

Страница 146: ...omatically re enroll aging certificates The box is unchecked by default When SCEP is activated check the Enable box to activate this function It will be automatically check which certificate is aging...

Страница 147: ...ients In addition since it has the root CA it also can sign Certificate Signing Requests CSR to form corresponding certificates for others These certificates can be used for two remote peers to make s...

Страница 148: ...Name Country C TW State ST Taiwan Location L Tainan Organization O AMITHQ Organization Unit OU HQRD Common Name CN HQRootCA E mail hqrootca amit com tw Configuration Path My Certificate Local Certific...

Страница 149: ...ons to complete the whole user scenario Use default value for those parameters that are not mentioned in the tables Configuration Path My Certificate Local Certificate Configuration Name BranchCRT Sel...

Страница 150: ...nterface They both serve as the NAT security gateways Gateway 1 generates the root CA and a local certificate HQCRT that is signed by itself Import the certificates of the root CA and HQCRT into the T...

Страница 151: ...es or CSRs for representing the gateway The Local Certificate Configuration window can let you fill required information necessary for corresponding certificate to be generated by itself or correspond...

Страница 152: ...Attributes A Must filled setting This field is to specify the extra information for generating a certificate Challenge Password for the password you can use to request certificate revocation in the fu...

Страница 153: ...format can be any text 2 A Must filled setting This is an alternative approach to import a certificate You can directly fill in Copy and Paste the PEM encoded certificate string and click the Apply bu...

Страница 154: ...be used for two remote peers to make sure their identity during establishing a VPN tunnel Scenario Description same as the one described in My Certificate section Gateway 1 generates the root CA and a...

Страница 155: ...sued Certificate sections to complete the setup for the whole user scenario Configuration Path Trusted Certificate Trusted CA Certificate List Command Button Import Configuration Path Trusted Certific...

Страница 156: ...into the Trusted Client Certificate List of the Gateway 1 and the Local Certificate List of the Gateway 2 For more details refer to the Network B operation procedure in My Certificate section of this...

Страница 157: ...port the specified CA certificate file to the gateway Import from a PEM 1 String format can be any text 2 A Must filled setting This is an alternative approach to import a CA certificate You can direc...

Страница 158: ...n to generate CA Identifier 1 String format can be any text Fill in optional CA Identifier to identify which CA could be used for signing certificates Save N A Click Save to save the settings Close N...

Страница 159: ...Import Trusted Client Key When Import button is applied a Trusted Client Key Import screen will appear You can import a Trusted Client Key from an existed file or directly paste a PEM encoded string a...

Страница 160: ...sage Scenario Scenario Application Timing same as the one described in My Certificate section When the enterprise gateway owns the root CA and VPN tunneling function it can generate its own local cert...

Страница 161: ...the gateway of Network A in headquarters and the subnet of its Intranet is 10 0 76 0 24 It has the IP address of 10 0 76 2 for LAN interface and 203 95 80 22 for WAN 1 interface The Gateway 2 is the...

Страница 162: ...em Value setting Description Certificate Signing Request CSR Import from a File A Must filled setting Select a certificate signing request file you re your computer for importing to the gateway Certif...

Страница 163: ...y They can be Virtual COM and Modbus 4 1 1 Port Configuration Before using the supported field communication function like Virtual COM or Modbus you need to configure the physical communication port f...

Страница 164: ...OM or Modbus Interface RS 232 is set by default Select RS 232 or RS 485 physical interface for connecting to the access device s with the same interface specification Baud Rate 19200 is set by default...

Страница 165: ...17 modes for remote accessing the connected serial device These operation modes are illustrated as below TCP Client Mode When the administrator expects the gateway to actively establish a TCP connecti...

Страница 166: ...TCP connection will be automatically disconnected from the host computer by using the TCP alive check timeout or idle timeout settings UDP Mode If both the Remote Host Computer and the serial device...

Страница 167: ...it is required to specify the IP address of the host computers to establish connection with Any 3rd party driver supporting RFC2217 can be used to install in the host computer the driver establishes...

Страница 168: ...a specified period You may also enable full time connection with the TCP server Enable TCP Client Mode Window Item Value setting Description Operation Mode A Must filled setting Select TCP Client Conn...

Страница 169: ...ting 2 Default value is 4001 Enter the TCP port number This is the listen port of the remote TCP server Value Range 1 65535 Serial Port SPort 0 is set by default Apply the TCP server connection for a...

Страница 170: ...to allow any TCP clients to connect Otherwise choose Specific IP to limit certain TCP clients Max Connection 1 Max 4 connections 2 1 is set by default Set the maximum number of concurrent TCP connect...

Страница 171: ...Check the box to specify the rule for selected Serial Port Definition Enable The box is unchecked by default Check the Enable box to enable the rule Save N A Click Save to save the settings Undo N A C...

Страница 172: ...ancel the settings Specify Remote UDP Specify Remote UDP hosts Window Item Value setting Description Host A Must filled setting Press Edit button to enter IP address range of remote UDP hosts Remote P...

Страница 173: ...of RFC 2217 connection Value Range 1 65535 Trust Type Allow All is set by default Choose Allow All to allow any clients to connect Otherwise choose Specific IP to limit certain clients Connection Idle...

Страница 174: ...2217 Clients for Access Window Item Value setting Description Host A Must filled setting Enter the IP address range of allowed clients Serial Port The box is unchecked by default Check the box to spec...

Страница 175: ...truments over RS 485 without additional programming or effort NOTE When Modbus devices are connected to under the same serial port of IoT Modbus Gateway those Modbus devices must use the same protocol...

Страница 176: ...atus like Cellular Network Status device DI DO status to remote Modbus Master via Modbus communication With the Slave option enabled the Modbus Master device can request the information or sending con...

Страница 177: ...e in Port Configuration screen to enable Modbus communication on the serial port Enable Modbus Gateway Gateway Configuration Item Value setting Description Modbus Gateway The box is checked by default...

Страница 178: ...nsmitters off and their receivers back on Setup TCP IP Connection for Receiving Modbus Master Request The following Modbus TCP Configuration items allow user to set up the TCP connection settings so t...

Страница 179: ...k Enable box to enable this rule Serial Port Unchecked by default Check the Enable box to enable the rule in chosen Serial Port Enable Unchecked by default Check the Enable box to enable this rule Ena...

Страница 180: ...0 2G 1 none 2 3G 3 3 5G 4 6 3 75G 7 LTE 4 DI_STATUS_1 R 0 OFF 1 ON 5 DI_STATUS_2 R 0 OFF 1 ON 6 DO_STATUS_1 R W 0 OFF 1 ON 7 DO_STATUS_2 R W 0 OFF 1 ON Modbus Priority Definition Message Buffering mus...

Страница 181: ...ave N A Click the Save button to save the settings Specify the definition of attached serial device s Press Edit Button to select serial mode and other configuration in the following setting Modbus Se...

Страница 182: ...ange 1 to 247 Enter the Modbus ID range for the Modbus TCP Slave s that will respond to the Master s request In addition to specify the Slave IP and Port for accessing those Remote Modbus RTU Salve s...

Страница 183: ...he collected data in local storage in CSV file format When the network connection recovered admin user can download the data log files manually via FTP or web UI for further reference and maintenance...

Страница 184: ...its data acquisition process and if required the administrator can also get the stored data log files to tell if everything goes well or not Under the Data Logging Proxy mode user has to create some...

Страница 185: ...roxy function and execute the pre defined data acquisition task by itself The Modbus request issued by the Modbus Gateway Data Logging Proxy The response data that sent out from the polled Slave devic...

Страница 186: ...or Internal depends on the product specification Save NA Click the Save button to save the settings Note 1 If there is no available storage device the Enable checkbox will be grayed and you can t ena...

Страница 187: ...cify a certain read function for the Data Logging Proxy to issue and record the responses from device s Start Address 1 A Must filled setting 2 Range 0 to 65535 Specify the Start Address of registers...

Страница 188: ...tting Specify a name as the identifier of the data logging rule Value Range 1 16 characters Mode Sniffer is selected by default Select an expected data logging scheme for the data logging rule There a...

Страница 189: ...cify the timeout value for querying Modbus Master If no response from the master for the specified timeout setting selected proxy rule will be triggered and applied with the data logging rule Note If...

Страница 190: ...owing Log File list screen The default Log File management settings will be applied if user didn t change it via the Edit button When the Edit button is applied Log File Configuration screen will appe...

Страница 191: ...n Delete File After Upload 1 An Optional filled setting 2 The box is unchecked by default If Auto Upload is activated user can further specify whether to delete the transferred log from the gateway st...

Страница 192: ...on or a combination of the two The tunnel technology supports data confidentiality data origin authentication and data integrity of network information by utilizing encapsulation protocols encryption...

Страница 193: ...ient as the initiator and the IPSec VPN server as the responder This gateway can be configured as different roles and establish number of tunnels with various remote devices Before going to setup the...

Страница 194: ...routed via this IPSec tunnel including HQ server access and Internet access you can just enable the Full Tunnel setting As a result every time users surfs web or searching data on Internet checking p...

Страница 195: ...PoE AP Router 195...

Страница 196: ...and it must have a Static IP or FQDN It can allow many VPN clients initiators to connect to with various tunnel scenarios In short with a simple Dynamic VPN server setting many VPN clients can connect...

Страница 197: ...Product specification The specified value will limit the maximum number of simultaneous IPSec tunnel connection The default value can be different for the purchased model Save N A Click Save to save...

Страница 198: ...s in tunnel mode The difference among them is the number of subnets With Host to Host IPSec operates in transport mode Hub and Spoke 1 An optional setting 2 None is set by default Select from the drop...

Страница 199: ...or Delete button to add or delete a Local Subnet Note_1 When Dynamic VPN option in Tunnel Scenario is selected there will be only one subnet available Note_2 When Host to Site or Host to Host option...

Страница 200: ...agement section Local ID An optional setting Specify the Local ID for this IPSec tunnel to authenticate Select User Name for Local ID and enter the username The username may include but can t be all n...

Страница 201: ...erver Client or None Selected None no X Auth authentication is required Selected Server this gateway will be an X Auth server Click on the X Auth Account button to create remote X Auth client account...

Страница 202: ...ES 256 Specify the Authentication method It can be None MD5 SHA1 SHA2 256 Specify the DH Group It can be None Group1 Group2 Group5 Group14 Group15 Group16 Group17 Group18 Check Enable box to enable th...

Страница 203: ...set as ESP they are not available for AH Encapsulation Specify the PFS Group It can be None Group1 Group2 Group5 Group14 Group15 Group16 Group17 Group18 Click Enable to enable this setting Save N A C...

Страница 204: ...er the Key ID English alphabet or number Local Remote Configuration Window Item Value setting Description Local Subnet A Must fill setting Specify the Local Subnet IP address and Subnet Mask Local Net...

Страница 205: ...y Available encryptions are None MD5 SHA1 SHA2 256 The key length for MD5 is 32 SHA1 is 40 and SHA2 256 is 64 Note When AH option in Encapsulation Protocol is selected None option in Authentication wi...

Страница 206: ...selected by default The IPSec tunneling scenario is fixed to Dynamic VPN Operation Mode 1 A Must fill setting 2 Alway on is selected by default The available operation mode is Always On Failover opti...

Страница 207: ...and enter the Key ID English alphabet or number Remote ID An optional setting Specify the Remote ID for this IPSec tunnel to authenticate Select User Name for Remote ID and enter the username The use...

Страница 208: ...upports both OpenVPN Server and OpenVPN Client features to meet different application requirements There are two OpenVPN connection scenarios They are the TAP and TUN scenarios The product can create...

Страница 209: ...and operates with layer 2 packets In bridge mode the VPN client is given an IP address on the same subnet as the LAN resided under the OpenVPN server Under such configuration the OpenVPN client can di...

Страница 210: ...or the gateway to operate Configuration Item Value setting Description OpenVPN The box is unchecked by default Check the Enable box to activate the OpenVPN function Server Client Server Configuration...

Страница 211: ...guration window can let you enable the OpenVPN server function specify the virtual IP address of OpenVPN server when remote OpenVPN clients dial in and the authentication protocol OpenVPN Server Confi...

Страница 212: ...is chosen in Tunnel Scenario Local Endpoint IP Address A Must filled setting Specify the virtual Local Endpoint IP Address of this OpenVPN gateway Value Range The IP format is 10 8 0 x the range of x...

Страница 213: ...default Blowfish is selected Specify the Encryption Cipher from the dropdown list It can be Blowfish AES 256 AES 192 AES 128 None Hash Algorithm By default SHA 1 is selected Specify the Hash Algorithm...

Страница 214: ...at any text Specify the TLS Auth Key Note TLS Auth Key will be available only when TLS is chosen in Authorization Mode Client to Client The box is checked by default Check the Enable box to enable the...

Страница 215: ...Fix will be available only when UDP is chosen in Protocol CCD Dir Default File 1 An Optional setting 2 String format any text Specify the CCD Dir Default File Value Range 0 256 characters Client Conn...

Страница 216: ...pplied OpenVPN Client Configuration screen will appear OpenVPN Client Configuration window let you specify the required parameters for an OpenVPN VPN client such as OpenVPN Client Name Interface Proto...

Страница 217: ...ver for this OpenVPN Client tunnel Fill in the remote subnet address and remote subnet mask Redirect Internet Traffic 1 An Optional setting 2 The box is unchecked by default Check the Enable box to ac...

Страница 218: ...sh Algorithm It can be SHA 1 MD5 MD4 SHA2 256 SHA2 512 None Disable LZO Compression By default Adaptive is selected Specify the LZO Compression scheme It can be Adaptive YES NO Default Persis Key 1 An...

Страница 219: ...E DSS AES256 SHA Note TLS Cipher will be available only when TLS is chosen in Authorization Mode TLS Auth Key 1 An Optional setting 2 String format any text Specify the TLS Auth Key for connecting to...

Страница 220: ...s 1500 by default Specify the value of Tunnel UDP Fragment Value Range 0 1500 Note Tunnel UDP Fragment will be available only when UDP is chosen in Protocol Tunnel UDP MSS Fix The box is unchecked by...

Страница 221: ...ket Filter URL Blocking Content Filter MAC Control Application Filter IPS and some firewall options The supported function can be different for the purchased gateway 5 2 1 Packet Filter not supported...

Страница 222: ...PoE AP Router 222 5 2 2 URL Blocking not supported Not supported feature for the purchased product leave it as blank...

Страница 223: ...ddresses he can use the MAC Control function to reject with the black list configuration MAC Control with Black List Scenario As shown in the diagram enable the MAC control function and specify the MA...

Страница 224: ...st Deny MAC Address Below is set by default When Deny MAC Address Below is selected as the name suggest packets specified in the rules will be blocked black listed In contrast with Allow MAC Address B...

Страница 225: ...s easy for you to remember MAC Address Use to Compose 1 MAC Address string Format 2 A Must fill setting Specify the Source MAC Address to filter rule Time Schedule A Must fill setting Apply Time Sched...

Страница 226: ...PoE AP Router 226 5 2 4 Content Filter not supported Not supported feature for the purchased product leave it as blank...

Страница 227: ...PoE AP Router 227 5 2 5 Application Filter not supported Not supported feature for the purchased product leave it as blank...

Страница 228: ...bout this activity attempt to block stop it and report it You can enable the IPS function and check the listed intrusion activities when needed You can also enable the log alerting so that system will...

Страница 229: ...ion IPS The box is unchecked by default Check the Enable box to activate IPS function Log Alert The box is unchecked by default Check the Enable box to activate to activate Event Log Save N A Click Sa...

Страница 230: ...traffic threshold in this field ICMP Flood Defense Click Enable box to activate this intrusion prevention rule and enter the traffic threshold in this field Value Range 10 10000 Port Scan Defection 1...

Страница 231: ...nchecked by default 3 Traffic threshold is set to 300 by default 4 The value range can be from 10 to 10000 Click Enable box to activate this intrusion prevention rule and enter the traffic threshold i...

Страница 232: ...ord the packet information like IP address port address ACK SEQ number and so on while they pass through the gateway and the gateway checks every incoming packet to detect if this packet is valid Disc...

Страница 233: ...h packets from unknown users Discard Ping from WAN Remote Administrator Hosts Scenario Discard Ping from WAN makes any host on the WAN side can t ping this gateway reply any ICMP packets Enable the Di...

Страница 234: ...uter allows network administrator to manage router remotely The network administrator can assign specific IP address and service port to allow accessing the router Remote Administrator Host Definition...

Страница 235: ...field is to specify a Service Port to HTTP or HTTPS connection Value Range 1 65535 Enabling the rule The box is unchecked by default Click Enable box to activate this rule Save N A Click Enable box t...

Страница 236: ...practice computer systems Centralized management has a time and effort trade off that is related to the size of the company the expertise of the IT staff and the amount of technology being used This...

Страница 237: ...can edit the plain text configuration settings in the configuration screen as above Plain Text Configuration Item Value setting Description Clean NA Clean text area You should click Save button to fur...

Страница 238: ...Must filled Setting Specify the Trusted CA certificate for the OpenVPN client It will go through Base64 Conversion OPENVPN_LOCAL_CERT A Must filled Setting Specify the local certificate for OpenVPN cl...

Страница 239: ...s a configuration file ex txtConfig clone tmp config The contents in the configuration file are the same as the plain text commands mentioned above This action is exactly the same as performing the Ba...

Страница 240: ...ith your ISP or the ACS provider for help At the right upper corner of TR 069 Setting screen one Help command let you see the same message about that Scenario Managing deployed gateways through an ACS...

Страница 241: ...peration Procedure In above diagram the ACS server can manage multiple gateways in the Internet The Gateway 1 is one of them and has 118 18 81 33 IP address for its WAN 1 interface When all remote gat...

Страница 242: ...service port and the account information for connection requesting from the ACS server and the time interval for job inquiry Except the inquiry time there are no activities between the ACS server and...

Страница 243: ...ssword and manually set ConnectionRequest Port 1 A Must filled setting 2 By default 8099 is set You can ask ACS manager provide ACS ConnectionRequest Port and manually set Value Range 0 65535 Connecti...

Страница 244: ...ata on the managed systems as variables The protocol also permits active management tasks such as modifying and applying a new configuration through remote modification of these variables The variable...

Страница 245: ...ege IP address can manage the devices but other remote NMS can t Parameter Setup Example Following tables list the parameter configuration as an example for the Gateway 1 in above diagram with SNMP en...

Страница 246: ...he manager uses SNMPv3 protocol for configuring the Gateway 1 Only the UserName1 account can let the Gateway 1 accept the configuration from the NMS since the authority of the account is Read Write On...

Страница 247: ...ault Select the version for the SNMP When Check the v1 box It means you can access SNMP by version 1 When Check the v2c box It means you can access SNMP by version 2c When Check the v3 box It means yo...

Страница 248: ...Specify this version 1 or version v2c user s community that will be allowed Read Only GET and GETNEXT or Read Write GET GETNEXT and SET access respectively The maximum length of the community is 32 En...

Страница 249: ...Password 1 String format any text When your Privacy Mode is authNoPriv or authPriv you must specify the Password for this version 3 user Value Range 8 64 characters Authentication 1 None is selected b...

Страница 250: ...any legal OID The OID Filter Prefix restricts access for this version 3 user to the sub tree rooted at the given OID Value Range 1 2080768 Enable 1 The box is checked by default Click Enable to enabl...

Страница 251: ...Value setting Description Server IP 1 A Must filled setting 2 String format any Ipv4 address Specify the trap Server IP The DUT will send trap to the server IP Server Port 1 String format any port num...

Страница 252: ...the authNoPriv You must specify the Authentication and Password Selected the authPriv You must specify the Authentication Password Encryption and Privacy Key Authentication 1 A v3 Must filled setting...

Страница 253: ...mber 2 A Must filled setting 3 String format any number Specify the Enterprise Number for the particular private MIB Value Range 1 2080768 Enterprise OID 1 The default value is 1 3 6 1 4 1 12823 4 4 9...

Страница 254: ...ice supports both Telnet and SSH Secure Shell CLI with default service port 23 and 22 respectively Telnet SSH Scenario Scenario Application Timing When the administrator of the gateway wants to manage...

Страница 255: ...nable Scenario Operation Procedure In above diagram Local Admin or Remote Admin can manage the Gateway in the Intranet or Internet The Gateway is the gateway of Network A and the subnet of its Intrane...

Страница 256: ...CLI 1 The LAN Enable box is checked by default 2 The WAN Enable box is unchecked by default Check the Enable box to activate the Telnet with CLI function for connecting from WAN LAN interfaces Connect...

Страница 257: ...2 The default password for telnet is m2mamit Type old password and specify new password to change root password Note You are highly recommended to change the default telnet password with yours before...

Страница 258: ...gateway Change Password Item Value Setting Description Old Password 1 String any text 2 The default password for web based MMI is admin Enter the current password to enable you unlock to change passwo...

Страница 259: ...the counting value an warning message Already reaching maximum Password Guessing times please wait a few seconds will be displayed and ignore the following login trials Login Timeout The Enable box i...

Страница 260: ...the system name for identification purpose It can be the manufacture or any name for a device deployment System Information Item Value Setting Description WAN Type N A It displays the WAN Type of WAN...

Страница 261: ...auto mode so that the available server will be used for time synchronization one by one Daylight Saving Time 1 It is an optional item 2 Un checked by default Check the Enable button to activate the d...

Страница 262: ...P Protocol to get system date and time after you click on the Sync with Timer Server button Note Remember to select a correct time zone for the device otherwise you will just get the UTC Coordinated U...

Страница 263: ...ystem Log tab View Email Log History View button is provided for network administrator to view log history on the gateway Email Now button enables administrator to send instant Email for analysis View...

Страница 264: ...the First button to jump to the first page Last N A Click the Last button to jump to the last page Download N A Click the Download button to download log to your PC in tar file format Clear N A Click...

Страница 265: ...Setting Window Item Value Setting Description Enable Un checked by default Check Enable box to enable sending event log messages to destined Email account defined in the E mail Addresses blank space...

Страница 266: ...Debug Log to Storage Log to Storage screen allows network administrator to select the type of events to log and be stored at an internal or an external storage Log to Storage Setting Window Item Value...

Страница 267: ...to specify the file name of new firmware by using Browse button and then click Upgrade button to start the FW upgrading process on this device If you want to upgrade a firmware which is from GPL polic...

Страница 268: ...this device by clicking the Reboot button and reset this device to default settings by clicking the Reset button System Operation Window Item Value Setting Description Reboot Now is selected by defau...

Страница 269: ...echnologically different This gateway embedded FTP SFTP server for administrator to download the log files to his computer or database In the following two sections you can configure the FTP server an...

Страница 270: ...downloading so no any write permission is implemented for user file upload to the storage FTP Port Port 21 is set by default Specify a port number for FTP connection The gateway will listen for incomi...

Страница 271: ...Transfer Mode Optional setting Check the Enable box to activate the support of ASCII mode data transfers Binary mode is supported by default FTPS FTP over SSL TLS Optional setting Check the Enable bo...

Страница 272: ...e String non blank string Enter the user account for login to the FTP server Value Range 1 15 characters Password String no blank Enter the user password for login to the FTP server Directory N A Sele...

Страница 273: ...to test whether it is alive after clicking on the Ping button A test result window will appear beneath it Tracert Test Optional setting Trace route tracert command is a network diagnostic tool for di...

Страница 274: ...e to save the captured packets in log storage If Split Files option is also enabled the file name will be appended with an index code _ index The extension file name is pcap Split Files 1 An optional...

Страница 275: ...further specify some filter rules to capture the packets which matched the rules Capture Fitters Item Value setting Description Filter Optional setting Check Enable box to activate the Capture Filter...

Страница 276: ...Cs which means the destination MAC address of packets Packets which match the rule will be captured Up to 10 MACs are supported but they must be separated with e g AA BB CC DD EE FF 11 22 33 44 55 66...

Страница 277: ...PoE AP Router 277 Chapter 7 Service 7 1 Cellular Toolkit not supported Not supported feature for the purchased product leave it as blank...

Страница 278: ...ific functionality of the gateway On receiving the managing event the gateway will take action to change the functionality collect the required status for administration and also change the status of...

Страница 279: ...cted Modbus devices Notifying Events Trigger Type Digital Input Power Change Connection Change WAN LAN VLAN WiFi DDNS Administration Modbus and Data Usage Actions Notify the administrator with SMS Sys...

Страница 280: ...to activate the Event Management function Enable SMS Management To use the SMS management function you have to configure some important settings first SMS Configuration Item Value setting Description...

Страница 281: ...Account for managing the gateway through the SMS It supports up to a maximum of 5 accounts You can click the Add Edit button to configure the SMS account SMS Account Configuration Item Value setting...

Страница 282: ...ail Service Configuration Item Value setting Description Email Server Option Select an Email Server profile from External Server setting for the email account setting Email Addresses 1 Internet E mail...

Страница 283: ...haracters Description 1 Any text 2 An Optional setting Specify a brief description for the profile DI Source ID1 by default Specify the DI Source It could be ID1 or ID2 The number of available DI sour...

Страница 284: ...on for the profile DO Source ID1 by default Specify the DO Source It could be ID1 Normal Level Low by default Specify the Normal Level It could be Low or High Total Signal Period 1 Numberic String for...

Страница 285: ...dit button to configure the profile Modbus Notifying Events Profile Item Value setting Description Modbus Name 1 String format 2 A Must filled setting Specify the Modbus profile name Value Range 1 32...

Страница 286: ...ify the Device ID of the modbus device It could be from 1 to 247 Register 1 Numberic String format 2 A Must filled setting Specify the Register number of the modbus device Value Range 0 65535 Logic Co...

Страница 287: ...ting Description Modbus Name 1 String format 2 A Must filled setting Specify the Modbus profile name Value Range 1 32 characters Description 1 Any text 2 An Optional setting Specify a brief descriptio...

Страница 288: ...the modbus device Value Range 1 247 Register 1 Numberic String format 2 A Must filled setting Specify the Register number of the modbus device Value Range 0 65535 Value 1 Numberic String format 2 A M...

Страница 289: ...naging Events function Create Edit Managing Event Rules Setup the Managing Event rules It supports up to a maximum of 128 rules When Add button is applied the Managing Event Configuration screen will...

Страница 290: ...ngs as the action for the event VPN Select VPN Checkbox and the interested sub items IPSec Tunnel ON Off PPTP Client On Off L2TP Client On Off OpenVPN Client On Off the gateway will change the setting...

Страница 291: ...gger and handlers Enable Notifying Events Configuration Item Value setting Description Notifying Events The box is unchecked by default Check the Enable box to activate the Notifying Events function C...

Страница 292: ...ased product Description String format any text Enter a brief description for the Notifying Event Action All box is unchecked by default Specify at least one action to take when the expected event is...

Страница 293: ...n status for the gateway They are the System Information System Information History and Network Interface Status The display will be refreshed once per second From the menu on the left select Status D...

Страница 294: ...atistic graphs for the CPU and memory Network Interface Status The Network Interface Status screen shows the statistic information for each network interface of the gateway The statistic information i...

Страница 295: ...et WAN Type N A It displays the method which public IP address is obtained from your ISP Depending on the model purchased it can be Uplink Static IP Dynamic IP PPPoE PPTP or L2TP IP Addr N A It displa...

Страница 296: ...s user to manually disconnect the device from the Internet Note Connect button is available when Connection Control in WAN Type setting is set to Connect Manually Refer to Edit button in Basic Network...

Страница 297: ...sk of the subnet IPv6 Link local Address N A It displays the current LAN IPv6 Link Local address This is also the IPv6 IP Address user use to access Router s Web based Utility IPv6 Global Address N A...

Страница 298: ...ace N A It displays the type of WAN physical interface Depending on the model purchased it can be Ethernet 3G 4G etc Received Packets N A It displays the downstream packets It is reset when the device...

Страница 299: ...gateway LAN Client List Item Value setting Description LAN Interface N A Client record of LAN Interface String Format IP Address N A Client record of IP Address Type and the IP Address Type is String...

Страница 300: ...er the VAP wireless signal is enabled or disabled Op Mode N A The Wi Fi Operation Mode of VAP Depends of device model modes are AP Router WDS Only and WDS Hybrid Universal Repeater and Client SSID N A...

Страница 301: ...ic Network WAN Uplink Internet Setup tab WiFi IDS Status The WiFi Traffic Statistic shows all the received and transmitted packets on WiFi network WiFi IDS Status Item Value setting Description Authen...

Страница 302: ...s all the received and transmitted packets on WiFi network WiFi Traffic Statistic Item Value setting Description Op Band N A It displays the Wi Fi Operation Band 2 4G or 5G of VAP ID N A It displays t...

Страница 303: ...PoE AP Router 303 8 2 4 DDNS Status not supported Not supported feature for the purchased product leave it as blank...

Страница 304: ...status IPSec Tunnel Status Item Value setting Description Tunnel Name N A It displays the tunnel name you have entered to identify Tunnel Scenario N A It displays the Tunnel Scenario specified Local...

Страница 305: ...the connection status of the corresponding OpenVPN tunnel The status can be Connected or Disconnected OpenVPN Client Status OpenVPN Client Status Item Value setting Description OpenVPN Client Name N...

Страница 306: ...PoE AP Router 306...

Страница 307: ...Packet Filter Status Packet Filter Status Item Value setting Description Activated Filter Rule N A This is the Packet Filter Rule name Detected Contents N A This is the logged packet information inclu...

Страница 308: ...stamp of the logged packet Date time format Month Day Hours Minutes Seconds Note Ensure IPS Log Alert is enabled Refer to Security Firewall IPS tab Check Log Alert and save the setting Firewall Option...

Страница 309: ...e and the login time Format IP Source IP User Name Login User Name Time Date time Example IP 192 168 127 39 User Name admin Time Mar 3 01 34 13 Note Ensure Firewall Options Log Alert is enabled Refer...

Страница 310: ...entication This is only available for SNMP version 3 IP Address N A It displays the IP address of SNMP manager Port N A It displays the port number used to maintain connection with the SNMP manager Co...

Страница 311: ...ection status with the TR 068 server TR 069 Status Item Value setting Description Link Status N A It displays the current connection status with the TR 068 server The connection status is either On wh...

Страница 312: ...Storage tab The Log Storage Status screen shows the status for selected device storage Log Storage Status Log Storage Status screen shows the status of current the selected device storage The status i...

Страница 313: ...s button you will see the previous page of track list Next N A Click the Next button you will see the next page of track list First N A Click the First button you will see the first page of track list...

Страница 314: ...fic Go to Status Statistics Reports Network Traffic tab Network Traffic Statistics screen shows the historical graph for the selected network interface You can change the interface drop list and selec...

Страница 315: ...in statistics Next N A Click the Next button you will see the next page of login statistics First N A Click the First button you will see the first page of login statistics Last N A Click the Last but...

Страница 316: ...1998 Eric Young eay cryptsoft com GPL License https www openssl org brctl ethernet bridge administration Stephen Hemminger shemminger osdl org Lennert Buytenhek buytenh gnu org version 1 1 GNU GENERAL...

Страница 317: ...02111 1307 USA https sourceforge net projects mrts Openswan Version v2 6 38 GNU GENERAL PUBLIC LICENSE Version 2 June 1991 Copyright C 1989 1991 Free Software Foundation Inc 59 Temple Place Suite 330...

Страница 318: ...PServ Version 1 3 4 GNU GENERAL PUBLIC LICENSE Version 2 June 1991 Copyright C 1989 1991 Free Software Foundation Inc 675 Mass Ave Cambridge MA 02139 USA Everyone is permitted to copy and distribute v...

Страница 319: ...on the network Version 1 7 Copyright c 2006 2011 Thomas BERNARD CoovaChilli is an open source software access controller for captive portal UAM and 802 1X access provisioning Version 1 3 0 Copyright...

Страница 320: ...h Floor Boston MA 02110 1301 USA mysql 5_1_72 a release of MySQL a dual license SQL database server Version 5 1 72 Copyright c 2000 2013 Oracle and or its affiliates FreeRadius a high performance and...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды