manualshive.com logo in svg

ANTlabs InnGate 3 E-series, Руководство администратора

Поделиться
Скачать
ANTlabs InnGate 3 E-series Скачать руководство пользователя страница 53

Connectivity 

Made Easy

  

Page 53 of 164

 

 
Next we proceed to define the IP addresses for the different scopes: 
 

1.

 

Setting up the Default Scope – See Section 3.2.1.1. 

 

2.

 

Setting up the User Provision Routed Scope – See Section 
3.2.1.2. 

 
When the client first connects on the downstream LAN, the InnGate will 
assign an IP address from the Default Scope to the client via DHCP initially. 

The client may be allowed to request for a routed IP address from the User 
Provision Routed Scope.  
 

 The propagation of this new routable IP will only occur when the client 

seeks to renew the DHCP lease, which is half of the lease expiry time. 
Alternatively, the client can force an immediate change in IP by releasing and 

renewing its IP address. 
 

3.2.1.1

 

Setting up the Default Scope 

 

 

To setup the Default Scope: 

 

1.

 

Click on LAN

 

2.

 

Click on DHCP

 

 
Select the Default Scope tab as shown in Figure 3-5. 
 
A list of IP address ranges will be presented. Click on an entry to modify it or 

click 

 to create one. 

 

 

 

Figure 3-5 Default Scope IP Addresses 

 

 Ensure that there is no overlap of the IP address ranges between the 

Default Scope and User Provision Routed Scope. 

Содержание InnGate 3 E-series

Страница 1: ...INNGATE 3 ADMINISTRATOR S MANUAL DOCUMENT RELEASE 1 01 ...

Страница 2: ...manual provides an in depth coverage of the setup configuration and administration of an InnGate 3 and is intended for system and network administrators who will be performing these tasks Copyright 2002 2009 Advanced Network Technology Laboratories Pte Ltd All rights reserved ...

Страница 3: ...ectronic or otherwise without the express written permission of ANTlabs The software and accompanying written materials including instructions for use and this document are provided as is without warranty of any kind ANTlabs does not warrant guarantee or make any representations regarding the use or the results of the use of the software or written materials in terms of correctness accuracy reliab...

Страница 4: ...1 4 1 VLAN enabled Networks 36 1 5 Testing the Configuration 36 Chapter 2 38 Authentication 38 2 1 Overview 38 2 2 Local Accounts 38 2 2 1 Local Accounts Maintenance 40 2 3 PMS 40 2 4 Account Printers 43 2 5 Credit Card 47 2 6 MAC Filter 47 2 7 Global Settings 48 Chapter 3 50 LAN NETWORK SETTINGS 50 3 1 Overview 50 3 2 DHCP Setup 51 3 2 1 Configuring DHCP Server Mode 51 3 2 1 1 Setting up the Defa...

Страница 5: ...agnostics 90 Chapter 7 92 SYSTEM MONITORING AND REPORTING 92 7 1 Overview 92 7 2 Monitors 92 7 2 1 Status Monitor 92 7 2 2 Device Monitor 94 7 2 3 Session Monitor 96 7 2 4 Account Monitor 97 7 2 5 Cookies Monitor 99 7 2 6 Email Monitor 100 7 3 Logs 101 7 3 1 Device Logs 101 7 3 2 Session Logs 102 7 3 3 PMS Logs 103 7 3 4 Account Printer Logs 105 7 3 5 Credit Card Logs 106 7 4 Maintenance 106 Chapt...

Страница 6: ...ser Account 130 8 13 3 Change the FTP Account Password 131 8 13 4 Change the Telnet and Console Password 131 Chapter 9 133 HIGH AVAILABILITY E Series 133 9 1 Overview 133 9 2 Network Configuration 133 9 3 System Configuration 134 9 3 1 HA Identifier 136 9 4 HA Leader Election 137 9 5 HA Failover Behavior 137 9 6 HA Synchronization 138 9 6 1 Manual Synchronization 139 Chapter 10 141 HIGH AVAILABILI...

Страница 7: ...Connectivity Made Easy Page 7 of 164 Appendix D 156 UPLOADING CUSTOM WEBPAGES 156 Appendix E 157 CUSTOM SSL LOGIN PAGES 157 Appendix F 161 ERROR PAGES 161 Appendix G 163 CREDIT CARD 163 ...

Страница 8: ... HTTP will also allow the administrator to customize the user facing web pages RELATED DOCUMENTATION You may refer to the ANTlabs homepage at http www antlabs com for other related materials and documents released by ANTlabs FEEDBACK AND COMMENTS ANTlabs welcomes all comments and suggestions on the quality and usefulness of this document Our users feedback is an important component of the informat...

Страница 9: ... following 3 steps 1 System Setup Configuring the InnGate to operate in the network 2 Network Installation Connecting the InnGate to the network 3 Testing the Configuration Ensuring that the InnGate operates as expected Figure 1 1 shows a simple network setup which will be used to illustrate the deployment steps in this chapter Figure 1 1 Example Network Diagram ...

Страница 10: ...ered in this chapter is suitable for quick demonstrations and small scale setups Later chapters will cover details for more complex deployment scenarios 1 1 1 Hardware Front Panel Back Panel Figure 1 2 InnGate E Series Front Back Panels Front Panel Back Panel Figure 1 3 InnGate M Series Front Back Panels Some of the switches and connectors shown in Figure 1 2 and Figure 1 3 are described here ...

Страница 11: ...he faceplate The behaviour of the button depends on the power state a InnGate is powered up Pressing will shut down the InnGate b InnGate was shutdown normally Press to power up In the event of a power failure the InnGate will automatically power up when the supply from the electrical mains is restored The power button does not need to be pressed The hardware serial number is usually found on the ...

Страница 12: ... 000 Total number of detected devices VLANs 300 1 000 2 000 Total number of configured VLANs Network Devices 30 100 200 Total number of Network devices Port Binding Rules 30 100 200 Total number of Port Binding rules Undelivered Mails 1 000 10 000 20 000 Total number of undelivered mails Locations 5 15 25 Total number of defined Locations Plans 10 30 50 Total number of defined Plans 1 3 System Set...

Страница 13: ...included 1 Connecting from the WAN Interface The URL to access the Admin GUI is https WAN IP Address admin The factory default WAN IP address is 192 168 0 1 with a subnet mask of 255 255 255 0 When connecting directly ensure that the subnet mask setting on your client device matches the default value The URL of the Admin GUI for a new InnGate will therefore be https 192 168 0 1 admin 2 Connecting ...

Страница 14: ...e 1 5 Login Prompt Login with the default User ID root and default password admin It is recommended that you change the default password see Section 8 3 2 to prevent unauthorized access Upon successful login the main Admin Page will be displayed Figure 1 6 shows a portion of the actual page which is a status summary Figure 1 6 Admin Page ...

Страница 15: ...s to be properly configured with a routable IP address valid subnet mask and gateway in order for the InnGate to function correctly in your network To configure the WAN Interface 1 Click on WAN A list of WAN profiles will be displayed see Figure 1 7 Figure 1 7 WAN Profiles The InnGate comes preconfigured with a single default WAN profile In our example we will go ahead and modify this profile by c...

Страница 16: ...m network that the InnGate is connected to The factory default subnet mask setting is 255 255 255 0 Change this to the mask used on your upstream network segment 3 Gateway The address of the router or gateway for the InnGate to send network traffic to for the next hop 4 Bandwidth Bandwidth options are available with an optional module which may be purchased separately a Download Limit The maximum ...

Страница 17: ...address If that happens close ALL currently opened browser sessions start a new browser session and login to the admin page again 1 3 3 Configuring the Domain Name Server A DNS is required by the InnGate to resolve domain names If you do not configure this parameter hosts will only be addressable via their IP addresses If you have your own DNS within your network for name resolutions you can likew...

Страница 18: ...lution Click to add more entries Click to confirm the changes The InnGate will switch to another DNS server in the list for subsequent name resolution attempts if a previous attempt was unanswered 1 3 4 Configuring the Web Proxy The InnGate can be configured to forward HTTP requests to a web proxy server if necessary This is optional depending on whether your network allows direct connections to t...

Страница 19: ...e proxy server 5 Display Email This is the email address that is displayed in error pages generated when users attempt to access an invalid or inaccessible URL You may add and remove proxy server entries by clicking or Click to confirm the entries Configuring the web proxy for the InnGate does not mean that the downstream clients have to set their browser s proxy setting Downstream clients will co...

Страница 20: ...me of the plan Best to give a meaningful name 2 Price The units to charge for usage The definition of a unit depends on what is defined in your PMS system 3 Duration Volume Limit Select if you want to charge by duration or data volume usage The user will need to repurchase once the plan is used up The 4 different types of duration and volume plans supported are a Unlimited duration and volume b Fi...

Страница 21: ...t be used for login anymore There is a default Throttled Plan that is pre configured in the Gateway The user s bandwidth will be automatically adjusted to the values specified in this plan if the user s plan is a volume plan with the throttled option enabled and the volume limit is exceeded The default bandwidth for this plan is unlimited You will need to change it to your desired throttled value ...

Страница 22: ...ndividual User Groups for greater control over network access To configure a Firewall rule 1 Click on Plans 2 Click on Firewall Any existing entries will be displayed see Figure 1 14 Any account belonging to the Plan will be subject to the rules defined in the order that the rules appear when they log in Click on an entry to modify it or click to create one Figure 1 14 List of Firewall rules ...

Страница 23: ...evices users whose MAC addresses are denied access Section 2 6 Whitelisted Devices users whose MAC addresses are allowed access without login Section 2 6 Throttled users who are throttled None users who are not login yet 2 Order The position in the list of rules and determines its priority 3 VLAN The firewall rule will be applied to users that connect from the specified VLAN group Previously defin...

Страница 24: ...on Port The firewall will pick up network traffic with the specified destination port number 9 Action This is the action that will be performed for network traffic that is picked up by the firewall based on the above specified criteria 10 Description A description for the firewall rule Click to confirm the entry or for modifications 1 3 7 Creating a Location Now partition your network into service...

Страница 25: ...ep process and the wizard will guide you through the steps Figure 1 18 Pre Login Page The Pre Login section lets you configure what page is shown to the user instead of the login page Enable the check box to turn on this feature 1 URL This is the URL of the page to send the user to In addition you can pass the zero configuration settings to this webpage and do customized processing ...

Страница 26: ...the browser 2 Welcome Message The content shown on the page Accepts HTML code 3 Footer Copyright Statement The footer or copyright statement shown at the bottom part of the login page The Look Feel section is meant for customizing the presentation of the landing page allowing you to modify it via CSS and even uploading your own CSS definitions This advanced feature is normally used for customized ...

Страница 27: ...for the Display Label will be what is shown in the plan selection drop down box Only Fixed Duration plans with relogin option enabled can be selected as a Complimentary Access plan Figure 1 21 Complimentary Access 2 Local Authentication This is the standard User ID and Password login access method Figure 1 22 Local Authentication 3 Radius Authentication This is currently not available 4 PMS Authen...

Страница 28: ... checked only guests with Allow Post status can do posting o Prevent users with the same Is checked to prevent double billing d Plans To configure what are the plans selectable in the login page e Currency does not have decimal The billing amount is sent in cent If it is checked the billing amount will not be multiplied by 100 f Display an access code to This option is to display an access code so...

Страница 29: ... order in the drop down list of authentication options that is shown to the user Figure 1 25 Authentication Display Click to proceed with the next step in the wizard The next step in the wizard will let you define the content that is shown under the terms and conditions Figure 1 26 Authentication Display Click to proceed with the next step in the wizard The next step is to define what is shown to ...

Страница 30: ...lude customized post login processes enable this to invoke the following actions to an external page a display link as the external page is displayed as a link on the default success page b redirect to link after the default success page is first shown for the specified number of seconds before redirecting to the external page c use link as login success page the external page is used as the succe...

Страница 31: ...ror Figure 1 28 Error Page Click to proceed with the next step in the wizard The next step is to define what to name the various labels on the pages shown to the user in the whole authentication process Figure 1 29 Customizing Labels Click to proceed with the next step in the wizard The next step allows you to preview the Welcome Login page that you have just configured ...

Страница 32: ...1 3 8 Creating VLANs Within each location you will now assign VLANs to it so that under each VLAN you can have network specific controls To configure the VLAN 1 Click on Locations 2 Click on VLANs Figure 1 31 VLANs Figure 1 31 shows the list of existing VLANs Select an existing record or create a new one Figure 1 32 Defining a VLAN ...

Страница 33: ... A description for this VLAN Click below the Description field to create the VLAN entry and it will be displayed in a table see Figure 1 33 Figure 1 33 New VLAN entry created You can add more entries or click on the respective buttons to remove existing entries These VLAN entries are not committed yet Once you have finalized the list of entries you can proceed to save the list by clicking on the s...

Страница 34: ...ows the list of VLAN definitions Figure 1 35 Import Export VLAN Definitions Click CSV to import VLAN definitions from a comma separated values formatted file To export VLAN definitions from the system check the required entries and click The format of the exported records file may not compatible with older versions of the InnGate Figure 1 36 shows the interface for selecting a CSV file to upload F...

Страница 35: ...s Hotspot VLAN The CSV must contain a header row which will not be imported 1 4 Network Installation The following steps describe how to install the InnGate in the desired network 1 Connect the respective network cables to the InnGate a LAN interface Connect to the downstream network b WAN interface Connect to the upstream network 2 Power up the InnGate a Connect the InnGate to the electrical main...

Страница 36: ...is now configured and ready to accept client connections on the LAN interface Follow the steps below to connect a client on the downstream to the Internet via the InnGate 1 Connect a PC Laptop on the downstream One way to do this is to connect directly to the LAN interface you must use a cross cable for a direct client to InnGate connection which may be useful for quick demonstrations 2 Startup th...

Страница 37: ...Connectivity Made Easy Page 37 of 164 Figure 1 37 Login Page If you are unable to surf to the website check that the instructions in the previous sections were implemented correctly ...

Страница 38: ...his to create local User ID and Password accounts to be given out to users Users will then use it to login To access the option 1 Click on Authentication 2 Click on Local Accounts Any existing accounts will be shown as seen in Figure 2 1 Click an existing record to edit or add a new one Figure 2 1 Existing accounts When creating a new record select either to create a single account or multiple acc...

Страница 39: ...unt Type 3 Credentials The User ID and Password Figure 2 4 Account Credentials 4 Plan Select the type of Plan that the account is being created for The Plans should already have been created at the start when configuring the service offerings Figure 2 5 Plan Type 5 Advanced Subsection Under the advanced subsection there are additional account control options a Account can be used You can set the t...

Страница 40: ...dvanced Subsection Click to commit the changes 2 2 1 Local Accounts Maintenance Local Accounts Maintenance is explained in details in Section 6 2 2 3 PMS Use this to interface with a PMS system To access the option 1 Click on Authentication 2 Click on PMS The InnGate comes with various pre built interfaces for common PMS Select the correct one Figure 2 7 PMS Type ...

Страница 41: ...ge Figure 2 8 PMS Communication Setting 1 Use TCP IP connection To enable TCP IP based PMS 2 Host Name The host name used for TCP IP connection 3 Port Number The port number used for TCP IP connection 4 Baud Rate Serial baud rate 5 Data Bits It is necessary to set 8 as number of data bits to be able to transmit multiple character sets 6 Parity Bit To enable single bit error correction The default ...

Страница 42: ...f services or posting This is only used by TCP IP based Micros Fidelio Figure 2 9 shows the PMS Billing Setting Figure 2 9 PMS Billing Setting 1 Fixed time posting To enable or disable fixed time bill posting 2 Repost unacknowledged bills To enable or disable reposting of unacknowledged bills 3 Repost unsent bills To enable or disable resposting of unsent bills 4 Post Usage Duration To configure t...

Страница 43: ...ion You can also use the diagnostic tool to post PMS events To access the option 1 Click on Authentication 2 Click on PMS 3 Click on Diagnostics Enter the PMS post event details and you can use it to test if the PMS posting from the InnGate works correctly The details can be found in Section 6 4 Figure 2 11 PMS Diagnostics 2 4 Account Printers Use this to configure account printer based authentica...

Страница 44: ...cation Next step is to configure each button of the account printer There is a maximum of six buttons supported Click on the button you want to configure Figure 2 13 Account Printers Button Setting Choose the account type and account sharing option you want to assign to the respective button Shared account is only applicable to fixed duration plans and it only allows maximum 100 simultaneous users...

Страница 45: ...s setting will be shown in Figure 2 15 Figure 2 15 User ID Password s Credentials If the account type is Access Code the Credentials setting will be shown in Figure 2 16 Figure 2 16 Access Code s Credentials Configure the plan account expiry and the login limit to be assigned to the accounts created by respective button ...

Страница 46: ...64 Figure 2 17 Account configuration Enter the header and footer text to be printed by account printer Figure 2 18 Header and Footer Click button to save the configuration Use Audit Log to view the accounts created Figure 2 19 Audit Log ...

Страница 47: ...e 2 20 Credit Card Payment Gateway 1 Payment Gateway 2 Transaction Type Choose Test Mode if you are testing 3 Merchant ID 4 Transaction Key 5 Currency Currency to be used in the transaction Depending on the selected payment gateway the fields will change accordingly and that depends what functions are made available by the service provider Details of credit card are explained in Appendix G 2 6 MAC...

Страница 48: ...gure 2 21 Blocked MAC Conversely select the Allowed MAC Addresses tab to add devices that are allowed access to the network without login 2 7 Global Settings Here you can configure the global settings that will apply to all accounts To access the option 1 Click on Authentication 2 Click on Settings The following sections are available 1 Auto Logout This tells the system to logout users that have b...

Страница 49: ...Connectivity Made Easy Page 49 of 164 Figure 2 22 Auto Logout ...

Страница 50: ...y Page 50 of 164 Chapter 3 LAN NETWORK SETTINGS 3 1 Overview Figure 3 1 Example Network Setup This chapter covers the basic LAN network settings that allow you to configure how the InnGate will manage the downstream network ...

Страница 51: ...nfiguring DHCP Relay Mode See Section 3 2 2 3 2 1 Configuring DHCP Server Mode When the InnGate is setup in DHCP Server mode downstream clients will be assigned IP addresses from one of two DHCP scopes 1 Default Scope The pool of IP addresses that are assigned to clients by default Traffic from these clients can be either routed upstream or via Network Address and Port Translation NAPT See Section...

Страница 52: ... specifically request the lease duration 2 Max Lease Specify the maximum lease duration that can be requested from DHCP clients Figure 3 3 Default Scope Settings Figure 3 4 shows the configuration settings for the User Provision Routed Scope The fields are the same as for the Default Scope Figure 3 4 User Provision Routed Scope Settings Click to commit the changes After saving the Settings for DHC...

Страница 53: ...Routed Scope The propagation of this new routable IP will only occur when the client seeks to renew the DHCP lease which is half of the lease expiry time Alternatively the client can force an immediate change in IP by releasing and renewing its IP address 3 2 1 1 Setting up the Default Scope To setup the Default Scope 1 Click on LAN 2 Click on DHCP Select the Default Scope tab as shown in Figure 3...

Страница 54: ...ange that can be assigned which is defined by the First and Last IP Address fields 4 First IP Address The first IP address of the IP range to be assigned The First and Last IP Addresses must fall within the subnet defined above 5 Last IP Address The last IP address of the IP range to be assigned 6 Routed When enabled the InnGate will not perform NAPT for the packets from clients assigned these IP ...

Страница 55: ...er the value for that option Click to add the option to the list as shown in Figure 3 8 Figure 3 8 DHCP options To delete any option from the list select the entry and click To commit the Default Scope entry click on the button or for modifications 3 2 1 2 Setting up the User Provision Routed Scope Downstream clients may be allowed to request for a routed IP address when logging on to the network ...

Страница 56: ...odate such scenarios 1 Connecting to Virtual Private Networks Often clients on the LAN may need to connect to a VPN server for example to access a corporate enterprise network securely from a remote location This is a common requirement of business travelers or telecommuters Although quite uncommon some VPN applications do not always work with devices performing NAPT between the VPN server and the...

Страница 57: ...address of the server Other similar applications that also require a public IP may include multiplayer game servers FTP servers etc In all these scenarios the downstream user will need to select public IP upon login in order to be assigned a valid routable IP address to allow for clients from the WAN to connect to it To setup the User Provision Routed Scope 1 Click on LAN 2 Click on DHCP Select th...

Страница 58: ... Network IP Address 3 Default Gateway Clients will be configured with the default gateway specified here 4 VLAN Restricts this scope to be applied to a particular VLAN only 5 Options Figure 3 12 shows the interface for configuring the DHCP options that are sent to the client Figure 3 12 Adding DHCP options Select the DHCP option from the drop down list and enter the value for that option Click to ...

Страница 59: ... when defining the routing table of the router on the WAN segment traffic destined for the IP addresses in the User Provisioned Routed Scope should be sent to the WAN subnet rather than directly to the InnGate s WAN IP address There are two additional configuration options which are accessible when you select an existing entry from the list shown in Figure 3 14 to modify The additional interface o...

Страница 60: ... DHCP requests and responses between the downstream clients and a DHCP server on the upstream Configuring the InnGate for DHCP Relay is a two step process 1 Configuring the InnGate to interface with the external DHCP server 2 Setting up the InnGate so that the IP addresses assigned by the external DHCP server are not subject to Network Address and Port Translation NAPT and therefore defined in the...

Страница 61: ...but will only acknowledge and use the first response it receives ignoring the other reply Figure 3 16 DHCP Relay Settings Click to commit the changes You will need to configure the DHCP range in the Routed Network so that the InnGate does not perform Network Address and Port Translation NAPT for the externally assigned IP addresses See Section 3 3 3 2 2 1 Relay Agent Mappings After saving the Sett...

Страница 62: ...nding DHCP requests for any of the clients on the office VLAN You can then configure the DHCP server to respond with the desired IP address range based on the DHCP Relay Agent IP address it receives The fields are described as follows 1 DHCP Relay Agent IP Address The IP address that the InnGate will use when relaying DHCP requests from downstream clients 2 VLAN The VLAN for which the Relay Agent ...

Страница 63: ...ream clients to resources on the upstream that are within the intranet such as intranet portals but perform NAPT for Internet traffic In this case the intranet resources will be defined in the Routed Network To setup Routed Networks 1 Click on LAN 2 Click on Routed Network Any existing entries will be displayed see Figure 3 18 Click on an entry to modify it or click to create one Figure 3 18 List ...

Страница 64: ...ions 3 4 Walled Garden Setup This feature allows you to configure HTTP URLs HTTPS Domain and IP Addresses that the InnGate will allow downstream clients to access before authentication A common example of using this feature is in a charged Internet usage environment where you need to allow the user to access a credit card payment portal to complete the purchase transaction before he has logged in ...

Страница 65: ... URLs in the Walled Garden 1 Click on LAN 2 Click on Walled Garden Select the HTTP URLs tab as shown in Figure 3 20 Any existing entries will be displayed Click on an entry to modify it or click to create one Figure 3 20 Whitelist of HTTP URLs Figure 3 21 shows the interface for defining a HTTP URL in the Walled Garden Figure 3 21 Define HTTP URL in the Walled Garden ...

Страница 66: ...tlabs com sg ends with com http www antlabs com http ftpezxcess com sg contains antlabs http ftp antlabs com http www antlabs com matches the regular expression See Appendix B is the SmartURL 2 http Allow access to the URL that matches the condition 3 Description A description for the entry Click to set advanced options for the Walled Garden entry Figure 3 22 shows the interface for defining advan...

Страница 67: ...dress 3 Additional redirect URL query string parameters Set any other variables to be added to the redirected URL query string a If name value is input the redirect URL will become URL name value b Click to add additional URL query string parameters If there are more than 1 parameter added the redirect URL will become URL name value name2 value2 c Click to remove any unwanted parameters Click to c...

Страница 68: ... HTTP Domains in the Walled Garden 1 Click on LAN 2 Click on Walled Garden Select the HTTP Domains tab as shown in Figure 3 23 Any existing entries will be displayed Click on an entry to modify it or click to create one Figure 3 23 Whitelist of HTTPS Domains Figure 3 24 shows the HTTPS Domain Definition page with the following fields 1 HTTPS Domain Name IP address of the HTTPS web server 2 Descrip...

Страница 69: ...to send before they are logged in To define IP addresses in the Walled Garden 1 Click on LAN 2 Click on Walled Garden Select the IP Addresses tab as shown in Figure 3 25 Any existing entries will be displayed Click on an entry to modify it or click to create one Figure 3 25 Whitelist of IP addresses Figure 3 26 shows the interface for defining IP addresses in the Walled Garden ...

Страница 70: ...a here are allowed 4 Source Port Packets whose source port field matches the entry here are allowed 5 Destination Network Packets whose destination field matches the criteria here are allowed If you are creating this IP Address Walled Garden entry as part of the HTTPS Domain requirements see Section 3 4 2 this will be the IP of the web server that will handle the HTTPS traffic 6 Destination Port P...

Страница 71: ...evices Subsequently whenever an upstream device sends packets to a downstream Network Device the InnGate will perform a proxy ARP on the WAN interface on behalf of the Network Device receive the packets and then forward to it Network Devices often need to communicate back to the sender Unlike a downstream user who will initiate a browser session to authenticate themselves devices such as access po...

Страница 72: ...network that is not visible to the upstream because the InnGate performs NAPT In such cases upstream users will only see the WAN IP of the InnGate and not the individual downstream hosts So there will be no way for an upstream user to connect to a particular downstream device Port Binding allows you to configure a port forwarding service which allows incoming traffic from the upstream to reach dow...

Страница 73: ...elds are described as follows 1 Protocol Specify the protocol that is allowed over the proxied connection 2 Local Port This is the port on the InnGate that the upstream client will connect to in order to connect to the downstream device Do not use ports 61000 to 65096 as these are reserved by InnGate for IP masquerading 3 Destination Host IP address of the downstream host that traffic will be forw...

Страница 74: ...ia is detected Figure 3 30 shows the Port Binding Access Control page Figure 3 30 Port Binding Access Control The fields are described as follows 1 Limit port binding to these addresses To limit only allowed addresses to use port binding 2 Source Network Matches the value of the source IP address field in the incoming network packet 3 Subnet Mask Click to confirm the entry After you have configure...

Страница 75: ...m number of UDP sessions allowed Click to commit the changes 3 6 Device Detection Setup The InnGate sends ARP requests ARP probe on the downstream to determine whether a remote device is still on the LAN or has physically disconnected The device detection feature is activated by default and you may make changes to the respective fields to suit your network environment To configure the Device Detec...

Страница 76: ...umber of unacknowledged probes before the user is disconnected 3 Probe a maximum of Select a value between 0 45 depending on the network requirements Click to confirm the changes 3 7 ARP Setup You can configure how the InnGate will manage ARP requests and responses To configure the ARP settings 1 Click on LAN 2 Click on ARP Figure 3 33 shows the ARP Settings configuration page Figure 3 33 ARP Sett...

Страница 77: ...bnet may not be the same as the subnet of the Default Gateway and some devices are known to ignore ARP requests that are not from their own subnet If you encounter such cases you can configure the Source IP Address of the ARP probe here 2 Manage ARP traffic for users in the same VLAN This is normally unselected to allow users within the same VLAN to communicate directly with each other If the chec...

Страница 78: ...ecting to a network the InnGate s network settings such as its IP address on the upstream must be configured The WAN setup interface allows you to do this 1 Configuring the WAN interface was previously covered in Chapter 1 GETTING STARTED under Section 1 3 2 Configuring the WAN Interface 4 2 1 Defining a Static Route To setup a Static Route for a Service Provider 1 Click on Static Routes Any exist...

Страница 79: ...re 4 2 shows the interface for defining a static route to a previously defined Service Provider 1 Network Address Specify the Network Address for this Static Route 2 Subnet Mask Subnet Mask for the Network Address 3 Route Type Indicate if this entry is a Subnet or Gateway route ...

Страница 80: ...oxy See Section 5 3 3 Email Server See Section 5 4 4 Remote Access See Section 5 5 5 2 Web Server This email address is displayed to users in the Web Server error pages To set the Web Server admin email 1 Click on Services 2 Click on Web Server Enter the email address in the Display Email field as shown in Figure 5 1 Click to confirm the changes Figure 5 1 Web Server Admin Contact ...

Страница 81: ...n Services 2 Click on Email Server Figure 5 2 shows the first part of the configuration interface 1 Display Email Any bounced or undelivered email will be forwarded to this email address Figure 5 2 Email Services Admin Contact Figure 5 3 shows the SMTP settings configuration interface 1 Enable Bypass Disable SMTP Services Enable bypass or disable SMTP services a Enable By selecting this option all...

Страница 82: ... g your ISP s SMTP to send out emails then the InnGate will need to be configured to forward all emails to it If left unselected the InnGate will use its own SMTP process for sending emails a IP Address Name IP address or host name of the SMTP server to forward outgoing emails to b Port IP port of the SMTP service The SMTP server itself may have to be configured to allow relays from the InnGate i ...

Страница 83: ...ddresses 2 Limit the total number of concurrent SMTP connections This setting limits the total number of concurrent SMTP connections from all downstream clients Software or viruses that spam usually send out high volumes of email concurrently causing heavy bandwidth utilization and putting a strain on the resources of the InnGate 3 Limit the users concurrent SMTP connections When enabled the InnGa...

Страница 84: ...m is often sent in quick succession continuously to many recipients resulting in high system loads This setting reduces the effectiveness of automated spam systems by introducing artificial delays thus slowing down its ability to send The InnGate can also be configured to send an email to a user if he tries to access his POP3 server before having logged in to gain Internet access Figure 5 5 shows ...

Страница 85: ...y Page 85 of 164 To set the Remote Access settings 1 Click on Services 2 Click on Remote Access Select the appropriate services required as shown in Figure 5 6 Click to confirm the changes Figure 5 6 Remote Access Settings ...

Страница 86: ...onnect to InnGate Default User ID Default Password Telnet telnet ezxcess antlabs com console admin Ftp ftp ezxcess antlabs com ftponly antlabs The commands in the table above apply only to the clients connecting from the downstream If you connect from the upstream you should use the public host domain name or IP address assigned to it The Telnet and Console see Section 8 12 services use the same u...

Страница 87: ... See Section 6 2 2 Reports Maintenance See Section 6 3 3 PMS Diagnostics See Section 6 4 6 2 Local Accounts Maintenance You can do maintenance of the local accounts you have been created by deleting expired accounts and email the list to an email address To do local accounts maintenance 1 Click on Local Accounts Figure 6 1 shows the options for local accounts maintenance Figure 6 1 Local Accounts ...

Страница 88: ...ntenance 1 Click on Reports Figure 6 2 shows the available reports to be selected for maintenance Figure 6 2 Select Reports Figure 6 3 shows the task options that can be performed to the selected reports 1 Delete selected reports Selected reports will be deleted 2 E mail selected reports as attachment A copy of the selected reports will be sent to the specified email address If this option is sele...

Страница 89: ... how old records should be before they are deleted emailed backed up Figure 6 3 Maintenance Tasks Figure 6 4 shows the interface for specifying the frequency of the tasks to be performed on the selected logs The selected tasks can be scheduled daily weekly or monthly Figure 6 4 Maintenance Schedule Click button to view the advanced setting as shown in Figure 6 5 1 Do not format duration field into...

Страница 90: ...ted the reports are mailed to the recipient before they are deleted 6 4 PMS Diagnostics PMS Diagnostics allows you to do PMS test posting To do PMS diagnostics 1 Click on PMS In order to do PMS test posting you need to fill the compulsory fields room number guest number and amount into the form as shown in Figure 6 6 Click button Figure 6 6 PMS Diagnostics The information of posting you have done ...

Страница 91: ...Connectivity Made Easy Page 91 of 164 Figure 6 7 Test Posting Log Click button to clear the log ...

Страница 92: ...ou can also configure the presentation of the logs and reports 1 Monitors See Section 7 2 2 Logs See Section 7 3 3 Maintenance See Section 7 4 7 2 Monitors You can perform status device session account cookies and email monitoring 7 2 1 Status Monitor To monitor system status 1 Click on Monitors 2 Click on Status The System Status report includes information about 1 Downstream information Shows in...

Страница 93: ... Load This value should be less than 25 for the past 1 5 or 15 minutes Temporary high system loads may be observed when configuring or changing system settings However if observed for extended periods you will need to check if the InnGate is experiencing an ARP storm denial of service attacks email spamming etc 3 Disk Space The disk space used should be less than 80 for optimum performance A commo...

Страница 94: ...on and serial numbers Figure 7 4 Firmware Information Click button to refresh the InnGate s status summary 7 2 2 Device Monitor View real time information about the devices detected on the downstream Devices that have disconnected will be found in the Device Logs To view the Device Monitors 1 Click on Monitors 2 Click on Device Figure 7 5 shows the device monitor s interface when there are devices...

Страница 95: ... 10 Charged Access This indicates whether the user needs to login in order to get internet access 11 Logged In The start of login session upon user login 12 Login Duration This indicates the duration of the login session Click CSV to export the entries into a comma separated values file Click to run a search of the entries as shown in Figure 7 6 You can click on the button to add more search condi...

Страница 96: ... the Session Monitor is further explained here 1 Status Session status a active The user has not logged out and the session is still active b unexpired The user is physically disconnected from the network but the Usage Duration for the User has not been exceeded c pending_close The user has logged out and the InnGate has initiated a Stop request to the RADIUS server and is awaiting a response from...

Страница 97: ...shown in Figure 7 8 You can click on the button to add more search conditions or to remove Figure 7 8 Search Session Entries Click to retrieve the entries with the search conditions applied Click to store the filter for future use 7 2 4 Account Monitor View all unexpired accounts information that have been created ...

Страница 98: ...lan assigned the account 4 Valid Until This will show the expiry date of the account 5 Login Limit To show the login limit of the account 6 MAC Address To show the MAC address of the user when user is having session 7 Duration Mins To show the remaining duration user can use the account 8 Start Time The time when user starts using the account 9 End Time The time when user ends the session or to sh...

Страница 99: ...d sessions To view the Cookies Monitor 1 Click on Monitors 2 Click on Cookies Any valid session s cookies will be listed as shown in Figure 7 10 The following column in the Cookies Monitor is further explained here 1 Cookies ID The ID of cookies 2 User ID The user id whose cookies belong to 3 Last Used MAC Address The last used MAC address of relevant cookies 4 Cookie Expiry Date The validity time...

Страница 100: ...s the number of undelivered emails as well as the amount of disk space used to store emails that have yet to be sent out To view the Email Monitor 1 Click on Monitors 2 Click on Email The email monitor status shows number of undeliverable emails and size of disk space used Figure 7 11 Email Monitor Status ...

Страница 101: ...es that are still detected on the downstream will be found in Device Monitor To view the Device Logs 1 Click on Logs 2 Click on Device Any existing log entries will be listed as shown in Figure 7 12 Click CSV to export the existing log entries into a comma separated values file Click to purge the log Figure 7 12 Device Logs Click to run a search of the log entries as shown in Figure 7 13 You can c...

Страница 102: ...ntly active sessions are displayed in Session Monitor instead To view the Device Logs 1 Click on Logs 2 Click on Session Any existing log entries will be listed as shown in Figure 7 14 Click CSV to export the existing log entries into a comma separated values file Click to purge the log Figure 7 14 Session Logs Click to run a search of the log entries as shown in Figure 7 15 You can click on the b...

Страница 103: ...s and guest status To view the PMS Logs 3 Click on Logs 4 Click on PMS Click on Billing Log tab to view the past PMS billing log as shown in Figure 7 13 The following column in the PMS Billing Log is further explained here 1 Date Date of billing 2 Guest Number 3 Room Number Current room number 4 Original Room Number Previous room number if guest ever changed room 5 Usage Time 6 Start Time 7 Charge...

Страница 104: ... to export the existing log entries into a comma separated values file Click on Room Status tab to view the log of room status as shown in Figure 7 16 Figure 7 16 PMS Room Status Log Click CSV to export the existing log entries into a comma separated values file Click on Guest Status tab to view the log of guest status as shown in Figure 7 17 ...

Страница 105: ...Account Printers Figure 7 18 shows the list of accounts created by account printers The following column in the Account Printers Log is further explained here 1 Date Time The date and time when the relevant account is created 2 Printer IP address The IP address of the printer 3 Button To indicates which button was pressed to create the account 4 User ID 5 Password 6 Access Code Figure 7 18 Account...

Страница 106: ...arated values format or click button to download all the logs in comma separated values format 7 3 5 Credit Card Logs View the log of past credit card activities To view the Credit Card Logs 3 Click on Logs 4 Click on Account Printers Figure 7 19 shows the log of credit card Figure 7 19 Credit Card Log 7 4 Maintenance Reports maintenance has been explained in Section 6 3 ...

Страница 107: ...ration See Section 8 7 7 SNMP Setup See Section 8 8 8 View API Information See Section 8 9 9 High Availability See Section 8 10 10 View License Information See Section 8 11 11 Console Access via Serial Connection See Section 8 12 12 Securing the System for Deployment See Section 8 13 8 2 Setting up Administrator Accounts Administrator accounts with different access privileges can be created for pe...

Страница 108: ...eate an administrator group 1 Click on Admin Accounts 2 Click on Admin Groups Select the Groups tab as shown in Figure 8 1 Any existing entries will be displayed Click on an entry to modify it or click to create one Figure 8 1 List of Admin Groups Figure 8 2 shows the interface for configuring the Admin Group 1 Name The name given to the Admin Group 2 Idle Timeout Maximum inactivity period before ...

Страница 109: ...dmin Group Permissions In this step you will define the permissions for the Admin Group created To define administrator group permissions 1 Click on Admin Accounts 2 Click on Admin Groups Select the Permissions tab as shown in Figure 8 3 All Admin Groups will be listed and you can click to view the permissions for each Click on the Admin Group s name to modify the permissions for it ...

Страница 110: ... to give to the group Figure 8 4 Admin Group Permissions Click to confirm the changes 8 2 3 Creating an Administrator Account In this step you will create Admin Accounts that will be given out to the respective personnel To create an administrator account 1 Click on Admin Accounts Any existing entries will be displayed see Figure 8 5 Click on an entry to modify it or click to create one Figure 8 5...

Страница 111: ...nt 4 Password Re type Password Login password 5 Admin Group Select the admin group 6 Email The email address for the user account 7 Max Logins Maximum number of concurrent sessions allowed for this account Earlier sessions will be terminated when the limit is exceeded 8 Description A description for this entry Figure 8 6 Administrator Account Details Click to confirm the entry or for modifications...

Страница 112: ...of audit log 1 Date Time The date and time when the admin account logged in 2 ID The admin account used for login 3 Status The status of login 4 Module The module accessed by admin 5 Operation The activity done by admin 6 Details Additional information of activity Figure 8 7 Audit Log 8 2 5 Assigning Admin Access Assigning Admin Access is explained in Section 8 13 1 ...

Страница 113: ...8 8 shows the existing admin account sessions 1 ID 2 Name 3 Admin Group 4 Login Time 5 Current Session Figure 8 8 Admin Account Sessions 8 3 Powering up and shutting down the system To access the power options 1 Click on Maintenance Figure 8 9 shows the power options interface Click to reboot the InnGate Click to power down the InnGate ...

Страница 114: ...file Or you can also choose Save to local system to save the configuration file in the local drive Click button to back up This process normally takes less than a minute as the InnGate gathers the system configuration into a binary file The file will be named configuration_yyyymmdd ezxconf where yyyymmdd is the current date in year month date format E g 2 Jun 2006 20060602 2 System Configuration R...

Страница 115: ...t sample In addition to backing up and restoring the configuration of a InnGate the Command Line Interface CLI provides additional features to make a snapshot of the current state of the gateway and perform a subsequent on demand restore You can also invoke a factory restore from the CLI to revert the InnGate back to its original state Please refer to the InnGate Command Line Interface Reference f...

Страница 116: ...ult in system corruption 8 6 Setting the Date and Time To set the Date and Time 1 Click on Settings 2 3 Click on Date Time Figure 8 12 shows the Date and Time configuration page 1 Retrieve time from NTP server The InnGate supports Network Time Protocol NTP to automatically synchronize the internal clock with an external time server a IP Address NTP server IP address 2 New Date Time Specify the upd...

Страница 117: ...ard protocol for sending log information over TCP IP usually using UDP Port 514 To configure Syslog 1 Click on Settings 2 Click on Syslog Figure 8 13 shows the Syslog selection settings 1 Mirror system logs When selected the following system log information is sent to the Syslog server a Email information b FTP login logout information 2 IP Address The IP address of the Syslog server to send to ...

Страница 118: ...ervers may require you to specify the sender s IP address as a security measure In such cases you should specify the WAN IP address of the InnGate 8 8 SNMP Setup The InnGate supports SNMP version 2 and can be configured to operate in an SNMP enabled managed network environment as a network element Network managers can then query the Management Information Base MIB maintained by the InnGate for rem...

Страница 119: ... interface for configuring SNMP traps 1 Destination Host Host IP address of the manager that traps will be sent to By default it is set to 127 0 0 1 which means that traps will not be sent out 2 Port SNMP traps are normally sent on port 162 3 Community The community string of the manager for authentication when sending traps to it Figure 8 16 Trap Configuration Figure 8 17 shows the SNMP Denial of...

Страница 120: ... 2 2 0 ARPD_MONITOR ARPD_mon service down 1 3 6 1 4 1 12902 1 1 3 2 3 0 SQUID Web proxy service down 1 3 6 1 4 1 12902 1 1 3 2 4 0 DHCPD DHCPD service down 1 3 6 1 4 1 12902 1 1 3 2 5 0 HTTPD Web service down 1 3 6 1 4 1 12902 1 1 3 2 6 0 ANTMGR Antmgr service down 1 3 6 1 4 1 12902 1 1 3 2 7 0 NAMED DNS service down 1 3 6 1 4 1 12902 1 1 3 2 8 0 ANT_HEARTBEAT Heartbeat service down 1 3 6 1 4 1 12...

Страница 121: ... release public IP address 1 3 6 1 4 1 12902 1 1 3 2 28 0 ANT_HA PROMOTION TRAP Server has just been promoted to master in a HA setup 1 3 6 1 4 1 12902 1 1 1 3 1 ANT_HA DEMOTION TRAP Server has just been demoted to slave in a HA setup 1 3 6 1 4 1 12902 1 1 1 3 2 SNMPv2 MIB coldStart Sent whenever the SNMP agent starts up due to process restart or server reboot etc 1 3 6 1 6 3 1 1 5 1 UCD SNMP MIB ...

Страница 122: ...neFollower Lone node in slave mode for too long 1 3 6 1 4 1 12902 1 1 4 2 1 8 5 antHeartbeatFailover ANT Heartbeat failover 1 3 6 1 4 1 12902 1 1 4 2 1 8 6 siploginUp SIP Login service restored 1 3 6 1 4 1 12902 1 1 4 2 1 9 1 siploginDown SIP Login service down 1 3 6 1 4 1 12902 1 1 4 2 1 9 2 dnsredirUp DNS Redirector service restored 1 3 6 1 4 1 12902 1 1 4 2 1 10 1 dnsredirDown DNS Redirector se...

Страница 123: ...em memory usage passes critical limit 1 3 6 1 4 1 12902 1 1 4 2 2 2 3 diskNormal System disk usage returns to normal 1 3 6 1 4 1 12902 1 1 4 2 2 3 1 diskWarning System disk usage reaches critical limit 1 3 6 1 4 1 12902 1 1 4 2 2 3 2 diskCritical System disk usage passes critical limit 1 3 6 1 4 1 12902 1 1 4 2 2 3 3 The following are the security event SNMP traps sent by the InnGate Trap Ref Desc...

Страница 124: ... 12902 ezxcess 1 ezxcessModules 1 clientInfoMIB 2 clientIn foObjects 1 clientInfo 1 detectedClientNum 1 0 b Number of logged in clients OID 1 3 6 1 4 1 12902 1 1 2 1 1 2 0 iso 1 org 3 dod 6 internet 1 private 4 enterprises 1 antlab s 12902 ezxcess 1 ezxcessModules 1 clientInfoMIB 2 clientIn foObjects 1 clientInfo 1 internetClientNum 2 0 c Number of clients with Full Access OID 1 3 6 1 4 1 12902 1 ...

Страница 125: ... the API and its modules installed in the InnGate Figure 8 19 API Information 8 9 1 HTTP Setting Configure the setting when making API calls via HTTP or HTTPS from downstream To view the configure HTTP setting 1 Click on Settings 2 Click on API 3 Click on HTTP Figure 8 20 shows the settings to allow IP addresses to call API via HTTP or HTTPS ...

Страница 126: ...e the API s password which is required when API is called via HTTP or HTTPS Figure 8 21 Change API Password Setting Click to confirm the changes 8 9 2 Browser Setting Configure the matching user agent strings for PDA and phone browsers This is used by the BrowserType PHP API function and the browser API module to detect and return the browser type ...

Страница 127: ...164 To view the configure Browser setting 1 Click on Settings 2 Click on API 3 Click on Browser Figure 8 22 shows the existing configuration for browser setting Figure 8 22 API Browser Setting Click button to add new configuration record ...

Страница 128: ...es that the InnGate is licensed to operate The Serial Number pertains to the licensing serial number and is not the same as the hardware serial number found on the equipment Figure 8 24 License Information 8 12 Console Access via Serial Connection You can access the InnGate in console mode via a direct serial connection Once connected and logged in you will be presented with the command line inter...

Страница 129: ...and deployed for security reasons it is recommended that you 1 Securing Access to the Admin GUI See Section 8 13 1 2 Change the Default Admin User Account See Section 8 13 2 3 Change the FTP Account Password See Section 8 13 3 4 Change the Telnet and Console Password See Section 8 13 4 8 13 1 Securing Access to the Admin GUI You can limit access to the web admin system by IP addresses and also blo...

Страница 130: ...abled access to the Admin GUI from the downstream is prohibited 2 Limit users accessing this admin system to these IP Addresses Subnet Mask pairs If enabled only client machines whose IP addresses are listed here will be allowed to access the Admin GUI from the upstream Click and to add and remove the IP address and subnet mask entries defined Figure 8 25 Admin Access Settings Click to confirm the...

Страница 131: ...rd through the CLI command passwd_ftp First connect to the InnGate via Telnet see Section 5 5 1 or Console see Section 8 12 Then type in the command passwd_ftp as shown in Figure 8 27 Figure 8 27 Change of FTP password You will be prompted to key in your new password twice If they match your password will be updated successfully 8 13 4 Change the Telnet and Console Password The Telnet and Console ...

Страница 132: ...Connectivity Made Easy Page 132 of 164 Figure 8 28 Change of Telnet Console Password ...

Страница 133: ...take over the network management responsibilities while the original Live InnGate attempts to recover This chapter describes the network setup requirements GUI configurations and discusses the failover process 9 2 Network Configuration The network diagram in Figure 9 1 illustrates the basic connections for a typical HA setup in terms of the network connections Figure 9 1 High Availability Setup Do...

Страница 134: ... upstream clients when they need to probe and access each InnGate individually with Ping and Telnet A HA setup will thus require 3 IP addresses The Admin GUI will still be accessible only via the WAN IP if accessing from the upstream and will always be the Admin GUI of the Live InnGate Some potential problems due to setup errors are also highlighted here 1 If the downstream network is not overlapp...

Страница 135: ... next bootup 11 Bootup InnGate Alpha 12 Connect the upstream and downstream interfaces of InnGate Alpha to the network and connect the Control Channel to InnGate Omega 13 Ensure that InnGate Alpha operates correctly e g downstream clients can login and access the Internet through the InnGate 14 Bootup InnGate Omega In accordance with the HA Leader Election Process see Section 9 4 InnGate Alpha wil...

Страница 136: ...failover will not function properly To setup the HA identifier 1 Click on Settings 2 Click on High Availability Figure 9 2 shows the interface for configuring the HA identifier 1 Slave Connected Indicates if a slave machine is connected to the machine 2 ID for This Unit The HA ID for this machine permissible values are either 1 or 2 The ID is only used to uniquely distinguish the machines and does...

Страница 137: ...the Control Channel link be reconnected subsequently the Leader Election process described in condition 2 above applies 9 5 HA Failover Behavior After the Leader Election process is completed the both InnGate will begin failure event monitoring Should a failover event be triggered the HA Failover mechanism applies the STONITH approach to attempt to recover the faulty machine Failover triggers are ...

Страница 138: ... so if the Control Channel link goes down e g network interface or cable failure a failover is not triggered although other services dependent on the link such as GUI and client state synchronization may cease to function 9 6 HA Synchronization HA Synchronization can only be performed if Full HA module is installed in the InnGate The HA system supports automated periodic synchronization of some of...

Страница 139: ...3 Web patches System patches must be applied individually to both InnGate in a HA setup You cannot just apply a patch to the Live InnGate and expect the synchronization process to copy the system image over to the Backup InnGate to produce a patched Backup InnGate 9 6 1 Manual Synchronization HA Manual Synchronization can only be performed if Full HA module is installed in the InnGate You may also...

Страница 140: ...Connectivity Made Easy Page 140 of 164 Figure 9 3 Manual Synchronization Once completed you will be presented with a log report of the synchronization process ...

Страница 141: ...om standby mode to active mode and take over the network management responsibilities from the primary InnGate while the primary InnGate is recovered This chapter describes the network setup requirements admin configuration and the failover process 10 2 Network Configuration The network diagram in Figure 10 1 shows the network connections needed for a typical HA setup Figure 10 1 High Availability ...

Страница 142: ...the OPT network interface to allow both gateways to communicate via a control channel link This link is used by the primary and secondary InnGates to detect the state of its peer and trigger a failover when necessary 3 A connection to the same downstream network and trunk VLANs via the LAN interface so that both InnGates can serve the same clients on the network The web admin of each InnGate can b...

Страница 143: ...work services are similarly provisioned The recommended steps to set up a HA deployment is as follows 1 Start up the primary InnGate 2 Make the necessary system configuration changes 3 Set it as a primary InnGate 4 Reboot the primary InnGate for the HA settings to take effect 5 Connect the primary InnGate s WAN and LAN interfaces to the upstream and downstream networks 6 Start up the secondary Inn...

Страница 144: ...onfigured with billing plans Secondary InnGate No billing policies to prevent duplicate billing in the event of a failover It is important that backups of the policies and web pages on the primary InnGate are made whenever they are changed If the primary InnGate has a downtime which exceeds the maximum billing duration of your billed usage plans it is recommended to swap the primary and secondary ...

Страница 145: ...ate is not detected Control channel OPT link to the primary InnGate is down Received indication from the primary InnGate that it is rebooting or shutting down A failback from the secondary InnGate to the primary InnGate will occur when the primary InnGate is Turned on Detected again after a OPT link disconnection Able to contact its LAN and WAN networks again If a valid email address is configured...

Страница 146: ...can be performed through CLI in supervisor mode To save snapshot through CLI 1 Connect your PC or laptop to InnGate s USB Serial Console or Serial Console port using USB Serial cable 2 Open a Hyperterminal session Login using console account see Section 8 12 3 Enable supervisor mode by typing enasup No password is required Figure 11 1 Enabling supervisor mode 4 Run the command by typing save_snaps...

Страница 147: ...are through CLI 1 Connect your PC or laptop to InnGate s USB port using USB serial cable 2 Open a HyperTerminal session Login using console account see Section 8 12 3 Enable supervisor mode by typing enasup No password is required 4 Run the command by typing restore_snapshot There will be a prompt asking you whether you are sure to perform snapshot save Press y for yes or N for cancel Figure 11 3 ...

Страница 148: ...he changes To restore through GRUB 1 Connect your laptop or PC to the InnGate s PMS port using USB serial cable 2 Reboot the InnGate Open a HyperTerminal session from your laptop or PC Once the InnGate is up you should see as shown in Figure 11 4 below on your HyperTerminal window Press ESC to skip memory test Figure 11 4 Memory Test 3 After you see the system verifies DMI Pool Data on your screen...

Страница 149: ... see the GRUB selection menu as shown in Figure 11 6 Choose InnGate3 00 Factory Firmware to do firmware restoration Figure 11 6 GRUB Selection Menu 11 4 Restore Snapshot Restoring snapshot will restore the InnGate to the latest saved state This action can be done through CLI in supervisor mode ...

Страница 150: ...Enable supervisor mode by typing enasup No password is required 4 Run the command by typing restore_snapshot There will be a prompt asking you whether you are sure to perform snapshot save Press y for yes or N for cancel Figure 11 7 Restoring Snapshot When there is no snapshot found this action will be aborted Figure 11 8 Aborting snapshot restore Restoring snapshot through GRUB has the same steps...

Страница 151: ...lt need_reg_defaulturl 302 http ezxcess antlabs com www pub sample singleclick http php This is the user s first attempt at accessing the Internet The user has just connected to the LAN and launched the Internet browser to access the URL http www google com sg The user s IP address is 10 128 0 1 and his browser has initiated a HTTP Get request to the destination IP address of 64 233 189 104 on por...

Страница 152: ...ogin success php url requestedURL The user enters clicks the Go button on the SingleClick login page This action initiates a HTTP Post to login now which resides on the InnGate 192 168 123 50 80 The InnGate matches the Web Access SmartURL TM which invokes an API call for SingleClick login Fri Jun 10 10 34 14 2005 http ezxcess antlabs com www pub sample login success php url http 3A 2F 2Fwww google...

Страница 153: ...9 104 80 413 00 11 D8 4C 2A 3B Result charged_internet http www google com sg images hp2 gif Thu Jun 10 10 34 22 2005 http www google com sg images hp3 gif 10 128 0 1 GET 64 233 189 104 80 413 00 11 D8 4C 2A 3B Result charged_internet http www google com sg images hp3 gif Thu Jun 10 10 34 22 2005 http www google com sg favicon ico 10 128 0 1 GET 64 233 189 104 80 413 00 11 D8 4C 2A 3B Result charg...

Страница 154: ...cter to match the start of the URL Regular Expression http www ezxcess com Match http www ezxcess com mod id 123 http www ezxcess com index html Mismatch http www redirectaway com url http www ezxcess com The InnGate recognizes Perl Regular Expressions and it is beyond the scope of this manual to discuss its full syntax Instead some references are provided 1 http www perl com doc manual html pod p...

Страница 155: ...double quote characters as follows Text to be imported Field in CSV File Flower garden Level 1 Flower garden Level 1 Lounge access Lounge access 2 Do not use the double quote character except to enclose strings in the manner described in point 1 3 Do not use the single quote character 4 For multiple line input fields such as description fields a new line carriage return is denoted by n as follows ...

Страница 156: ...be in the default webroot directory This corresponds to the following webroot URL from the downstream http ezxcess antlabs com www pub 3 Begin uploading your custom webpages You can only upload files and create new subdirectories in the login and ssl directories For example if you create a subdirectory new under the login directory and upload a webpage called test htm there the URL from the downst...

Страница 157: ...n Page The SSL Domain is only applicable on the downstream Step 1 Generate the Certificate Signing Request You can either generate the Certificate Signing Request CSR for the required domain using the ANTlabs Cert Generator or by other means Here we will describe how to do it with the ANTlabs Cert Generator Firstly obtain a copy of the ANTlabs Cert Generator Windows program from your local ANTlabs...

Страница 158: ...lified Domain Name for which you plan to use your Certificate For example a certificate generated for antlabs com will not be valid for secure antlabs com If the web address to be used for SSL is secure antlabs com ensure that the common name submitted in the CSR is secure antlabs com Click on the Generate button to generate the CSR and private key If you want to generate a self signed key enable ...

Страница 159: ... Format PEM You must own the domain for which you are applying the certificate Step 3 Install the Signed Certificate and Private Key Initiate an FTP session to the InnGate See Section 5 5 1 for the default User ID and Password 1 Change to the ssl directory and upload the signed certificate and private key The signed certificate filename extension must be crt not csr and the private key filename ex...

Страница 160: ...in User ID and Password information via HTTPS 1 Ensure that the URL for the login page specified in your active Authentication Policy reflects yourdomain rather than the default ezxcess antlabs com 2 Modify the HTML code in the login page to post the login form to the new domain i e ezxcess antlabs com to yourdomain Example form method post action https yourdomain ...

Страница 161: ... show the default error page below Figure F 1 Figure F 1 Default blocked ant 2 location_config ant This error page is shown when location has not been configured yet When this file is not available InnGate will show the default error page below Figure F 2 Figure F 2 Default location_config ant 3 config_error ant This error page is shown when there is configuration error When this file is not avail...

Страница 162: ...fig_error ant svc_failure ant This error page is shown when there is temporary service error When this file is not available InnGate will show the default error page as shown in Figure F 4 Figure F 4 Default svc_failure ant ...

Страница 163: ...orldpay Select Junior s setting page Figure G 1 Worldpay Select Junior Setting For details visit http www worldpay com 2 Paypal Payflow Pro Figure G 2 shows the Paypal Payflow Pro s setting page Figure G 2 Paypal Payflow Pro Setting For details visit https www paypal com cgi bin webscr cmd _payflow pro overview outside ...

Страница 164: ... Authorize Net SIM Setting For details visit http www authorize net 4 Paypal Payflow Link Figure G 4 shows Paypal Payflow Link s setting page Figure G 4 Paypal Payflow Link Setting For details visit https www paypal com cgi bin webscr cmd _payflow link overview outside to the Admin GUI ...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды