M2M IDG500AM-0T001 Скачать руководство пользователя страница 347

Страница: 347 / 357

M2M

Cellular

Gateway

Index

skipping

used

reserve

slots

for

new

function

insertion,

when

required.

347

View

Email

Log

History

View

button

provided

for

network

administrator

view

log

history

the

gateway.

Now

button

enables

administrator

send

instant

Emails

for

analysis.

View

Email

Log

History

Item

Value setting

Description

View

button

N/A

Click

the

View

button

view

Log

History

Web

Log

List

Window.

Email

Now

button

N/A

Click

the

Email

Now

button

send

Log

History

via

instantly.

Save

N/A

Click

Save

button

save

the

settings.

Refresh

N/A

Click

the

Refresh

button

refresh

the

page.

Web

Log

List

Window

Item

Value Setting

Description

Time

column

N/A

displays

event

time

stamps

Log

column

N/A

displays

Log

messages

Содержание IDG500AM-0T001

Страница 1: ...M2M Cellular Gateway IDG500AM 0T001 User Manual...

Страница 2: ...tion 11 1 6 1 Mount the Unit 11 1 6 2 Insert the SIM Card 11 1 6 3 Connecting Power 12 1 6 4 Connecting to the Network or a Host 13 1 6 5 Setup by Configuring WEB UI 13 Chapter 2 Getting Started 14 2...

Страница 3: ...87 3 9 3 Virtual Server Virtual Computer 91 3 9 5 Special AP ALG 99 3 9 7 DMZ Pass Through 106 3 b Routing 109 3 b 1 Static Routing 109 3 b 3 Dynamic Routing 114 3 b 5 Routing Information 126 3 d Clie...

Страница 4: ...RRP 251 5 9 System Management 255 5 9 1 TR 069 255 5 9 3 SNMP 259 5 9 5 Telnet with CLI 270 5 9 7 UPnP 274 5 b Certificate 277 5 b 1 Configuration 277 5 b 3 My Certificates 279 5 b 5 Trusted Certifica...

Страница 5: ...new function insertion when required 5 7 d Event Management 331 7 d 1 Configuration 334 7 d 3 Managing Events 340 7 d 5 Notifying Events 342 Chapter 9 System 344 9 1 System Related 344 9 1 1 System Re...

Страница 6: ...ed to insert SIM card from local mobile carrier to get to Internet The redundant SIM design provides a more reliable WAN connection for critical applications Main Features Provide 3G LTE WAN connectio...

Страница 7: ...Contents List 1 2 1 Package Contents Standard Package Items Description Contents Quantity 1 IDG500AM 0T001 M2M Cellular Gateway 1pcs 2 Cellular Antenna 2pcs 3 Power Adapter DC 5V 2A 1 1pcs 4 RJ45 Cabl...

Страница 8: ...guration Left View Right View Reset Button The RESET button provides user with a quick and easy way to resort the default setting Press the RESET button continuously for 6 seconds and then release it...

Страница 9: ...l Strength is 61 100 SIM 1 2 Internet Blue Purple Red LED Off Connection is not established Flash in Blue Connection is establishing re establishing by SIM 1 Blue steady On Uplink connection was estab...

Страница 10: ...ux based operating system An installed Ethernet adapter Browser Requirements Internet Explorer 6 0 or higher Chrome 2 0 or higher Firefox 3 0 or higher Safari 3 0 or higher Do not use the product in h...

Страница 11: ...MAKE SURE THAT POWER OF THE DEVICE IS SWITCHED OFF The SIM card slots are located at the right side of IDG500 series housing in order to protect the SIM card You need to unscrew and remove the outer...

Страница 12: ...r you to easily connect DC power adapter to this terminal block WARNNING This commercial grade power adapter is mainly for ease of powering up the purchased device while initial configuration It s not...

Страница 13: ...hernet cable to connect the IDG500 series to the host PC s Ethernet port for configuring the device 1 6 5 Setup by Configuring WEB UI You can browse web UI to configure the device First you need to la...

Страница 14: ...rd Go to Wizard Network Setup Wizard Step 2 Item Value setting Description Old Password 1 String format any text If you want to change password Enter the current password in this item New Password 1 S...

Страница 15: ...Select the time zone for the system clock Detect Again NA Click the Detect Again button to detect the time zone from network Exit NA Click the Exit button to cancel Setup Wizard Back NA Click the Bac...

Страница 16: ...ettings Go to Wizard Network Setup Wizard Step 4 WAN interface Step 4 WAN interface Setting Item Value setting Description Physical Interface A Must filled setting Here you specify the Physical Interf...

Страница 17: ...onal setting Enter the host name provided by your Service Provider ISP Registered MAC Address An Optional setting Enter the MAC address that you have registered with your service provider Or Click the...

Страница 18: ...vider WAN Subnet Mask A Must filled setting Enter the WAN subnet mask given by your Service Provider WAN Gateway A Must filled setting Enter the WAN gateway IP address given by your Service Provider P...

Страница 19: ...Password A Must filled setting Enter the PPPoE password provided by your Service Provider Primary DNS A Must filled setting Enter the IP address of Primary DNS server Secondary DNS Optional setting En...

Страница 20: ...ven by your Service Provider WAN Subnet Mask A Must filled setting Enter the WAN subnet mask given by your Service Provider WAN Gateway A Must filled setting Enter the WAN gateway IP address given by...

Страница 21: ...ven by your Service Provider WAN Subnet Mask A Must filled setting Enter the WAN subnet mask given by your Service Provider WAN Gateway A Must filled setting Enter the WAN gateway IP address given by...

Страница 22: ...t LAN Interface Item Value setting Description LAN IP Address A Must filled setting Assign an IP Address for LAN this IP address is a gateway IP Subnet Mask By default 255 255 255 0 24 is selected Sel...

Страница 23: ...ill step by step guide you through to complete VPN tunnel setup Step 1 Setup Steps In Step 1 the VPN Setup Step is a screen that displays the summary of steps for VPN setup Click Next button to begin...

Страница 24: ...o Step 3 PPTP in the following page When L2TP is selected go to Step 3 L2TP in the following page When GRE is selected go to Step 3 GRE in the following page Step 3 IPSec When IPSec is selected in Ste...

Страница 25: ...nd either PPTP client or server is selected the client or server configuration window will appear PPTP Client When PPTP Client is selected in Step 2 for VPN Type PPTP configuration window will appear...

Страница 26: ...mplete the PPTP Server configuration click Next button a setup summary will display Confirm the setting then click the Apply button to complete the setting Step 3 L2TP When L2TP is selected in Step 2...

Страница 27: ...a setup summary will display Confirm the setting then click the Apply button to complete the setting L2TP Server When L2TP Server is selected in Step 2 for VPN Type L2TP configuration window will app...

Страница 28: ...n insertion when required 28 Step 3 GRE When GRE is selected in Step 2 for VPN Type GRE configuration window will appear When complete the GRE configuration click Next button a setup summary will disp...

Страница 29: ...the model purchased it can be Static IP Dynamic IP PPPoE PPTP L2TP 3G 4G IP Addr N A It displays the public IP address obtained from your ISP for Internet connection Default value is 0 0 0 0 if left...

Страница 30: ...AN connection is connected Connect button allows user to manually connect the device to the Internet Note Connect button is available when Connection Control in WAN Type setting is set to Connect Manu...

Страница 31: ...be Ethernet 3G 4G USB 3G 4G WAN Type N A It displays the method which public IP address is obtained from your ISP WAN type setting can be changed from Basic Network IPv6 Configuration Link local IP A...

Страница 32: ...assigned by your ISP for your Internet connection Action N A This area provides functional buttons Edit IPv4 Button when press web based utility will take you to the Ethernet LAN configuration page B...

Страница 33: ...ur Internet connection Action N A This area provides functional buttons Edit IPv4 Button when press web based utility will take you to the Ethernet LAN configuration page Basic Network LAN VLAN Ethern...

Страница 34: ...m Information SIM Status and Service Information Refer to next page for more Note Currently USB 3G 4G doesn t support this feature When th Detail button in the Action column is pressed 3G 4G modem inf...

Страница 35: ...code to unlock It is probably due to the device had exceeded the allowed number of times to unlock Refer to PIN Code Remaining Times PIN Code Remaining Times N A This displays the remaining time of th...

Страница 36: ...be GSM WCDMA or LTE Band N A It displays the band currently used RSSI N A It displays the RSSI Received Signal Strength Indicator in unit dBm of the signal CS Register Status N A It displays the Circ...

Страница 37: ...s router Go to Status LAN Client List LAN Client List Item Value setting Description LAN Interface N A Client record of LAN Interface String Format IP Address N A Client record of IP Address Type and...

Страница 38: ...to display log history Clicking the Edit button the screen will be switched to the configuration page From the menu on the left select Status Firewall Status Firewall Status Tab Packet Filter Status...

Страница 39: ...Note Ensure URL Blocking Log Alert is enabled Refer to Advanced Network Firewall URL Blocking tab Check Log Alert and save the setting Web Content Filter Status Web Content Filter Status Item Value se...

Страница 40: ...sure MAC Control Log Alert is enabled Refer to Advanced Network Firewall MAC Control tab Check Log Alert and save the setting Plication Filters Status Application Filters Status Item Value setting Des...

Страница 41: ...e or Disable setting status of Stealth Mode on Firewall Options String Format Disable or Enable SPI N A Enable or Disable setting status of SPI on Firewall Options String Format Disable or Enable Disc...

Страница 42: ...setting Description Tunnel Name N A It displays the tunnel name you have entered to identify Tunnel Scenario N A It displays the Tunnel Scenario specified Local Subnets N A It displays the Local Subne...

Страница 43: ...server configuration page Advanced Network VPN PPTP tab PPTP Client Status Item Value setting Description Client Name N A It displays Name for the PPTP Client specified Interface N A It displays the W...

Страница 44: ...onfiguration page Advanced Network VPN L2TP tab L2TP Client Status Item Value setting Description Client Name N A It displays Name for the L2TP Client specified Interface N A It displays the WAN inter...

Страница 45: ...MP Link Status screen shows the status of current active SNMP connections SNMP Link Status Item Value setting Description User Name N A It displays the user name for authentication This is only availa...

Страница 46: ...vel Time N A It displays the timestamp of trap event Trap Event N A It displays the IP address of the trap sender and event type TR 069 Status The TR 069 Status window shows the current connection sta...

Страница 47: ...N A It displays the name you entered to identify DDNS service provider Provider N A It displays the DDNS server of DDNS service provider Effective IP N A It displays the public IP address of the devic...

Страница 48: ...Go to Advanced Network System Management UPnP Tab UPnP Status Item Value setting Description Remote Host N A The field is shown remote host that connect to internal client Protocol N A This field is...

Страница 49: ...Previous N A Click the Previous button you will see the previous page of track list Next N A Click the Next button you will see the next page of track list First N A Click the First button you will s...

Страница 50: ...stics Network traffic statistics shows traffic of each enabled interface Go to Statistic Report Network Traffic Statistics Internet Surfing List Item Name Value Setting Description Menu WAN LAN 2 4G i...

Страница 51: ...revious button you will see the previous page of login statistics Next N A Click the Next button you will see the next page of login statistics First N A Click the First button you will see the first...

Страница 52: ...Physical Interface WAN Internet Setup and WAN Load Balance for Intranet to access Internet For each WAN interface you must specify its physical interface first and then its Internet setup to connect...

Страница 53: ...w shows all the available physical interfaces After clicking on the Edit button for the interface in Physical Interface List window the Interface Configuration window will appear to let you configure...

Страница 54: ...windows are just some examples They vary from model to model It depends on the model purchased Interface Name The logic name of WAN interfaces is identified by WAN 1 WAN 2 and so on Physical Interface...

Страница 55: ...services You must specify it in the WAN physical interface Please note that only Ethernet and ADSL physical interfaces support the feature Interface Configuration The configuration of a WAN interface...

Страница 56: ...Cellular Network xDSL Modem Gateway ISP DSLAM ISP DSLAM Gateway Firewall or Ethernet WAN 3G 4G WAN USB 3G 4G WAN ADSL WAN Ethernet WAN The gateway has one or more RJ45 WAN ports that can be configure...

Страница 57: ...backup connection will be started up to substitute the primary connection In addition there is a Seamless option for Failover operation mode When seamless option is activated by checking on the Seamle...

Страница 58: ...t Always on Data Encryption LLC VPI Number 0 VCI Number 33 Schedule Type UBR Configuration Path Internet Setup 3G 4G WAN Type Configuration Interface Name WAN 2 Dial up Profile Auto detection Connecti...

Страница 59: ...lover Failback Seamless Failover Scenario As another example all parameter configuration for WAN 1 and WAN 2 is same as above example except the Seamless box is checked as bellow in red color Configur...

Страница 60: ...just Keep Alive Next Failover and Failback processes are shown in following diagram Their steps are S 1 When system discovers the primary WAN connection is failed S 2 System starts the failover proce...

Страница 61: ...re It is called as Dual SIM Failover In this Dual SIM Failover there are four kinds of SIM card usage scenarios including SIM A First SIM B First and SIM A Only and SIM B Only By default SIM A First s...

Страница 62: ...th SIM A First scenario is shown in the following diagram The steps are Pre state System tries to connect to mobile system for an Internet connection by using connection profile in SIM A for SIM A Fir...

Страница 63: ...ce functions normally If you don t know accurate line speed of your subscribed Internet service following are some suggestions High Speed Ethernet WAN Upload 100Mbps Download 100Mbps Gigabit Ethernet...

Страница 64: ...r these two WAN interfaces and their scenarios are shown in the following diagram Configuration Path Physical Interface Interface Configuration WAN n n 1 2 Interface Name WAN 1 WAN 2 Physical Interfac...

Страница 65: ...nfiguration and related configuration windows for each WAN type For the Internet setup of each WAN interface you must specify its WAN type of physical interface first and then its related parameter co...

Страница 66: ...terface name the kinds of physical interface their operation mode and WAN connection type There is one Edit button for each WAN interface to let you configure its Internet connection Please see Intern...

Страница 67: ...You will need to enter in the IP address subnet mask and gateway address provided to you by your ISP Dynamic IP Address WAN type You may choose this WAN type if you connects a cable modem or a fiber V...

Страница 68: ...ddress and DNS to you to setup an ADSL Internet connection PPPoE ADSL WAN type Select this option if your ISP requires you to use a PPPoE connection for accessing Internet This option is typically use...

Страница 69: ...Time Service Name Assigned IP Address MTU MPPE NAT Network Monitoring IGMP and WAN IP Alias L2TP WAN Type Settings include IP Mode Server IP Name L2TP Account Password Connection Control Maximum Idle...

Страница 70: ...id keep alive feature work abnormally enable this option will stop sending keep alive packets when there are continuous incoming and outgoing data packets passing through WAN connection Check Interval...

Страница 71: ...of fails Connection Control There are three ways for connection control Auto reconnect Always on Dial on demand and Manually Auto reconnect Always on This gateway will establish Internet connection au...

Страница 72: ...ly Following 3 tables list the parameter configuration for these three WAN interfaces Configuration Path Physical Interface Interface Configuration WAN n n 1 2 3 Interface Name WAN 1 WAN 2 WAN 3 Physi...

Страница 73: ...Secondary DNS DHCP Servers 10110110001100 01 Request Coming Start Connecting Disconnect when idle timeout Dial on demand Its steps are Pre state After system booting up the WAN connection is disconnec...

Страница 74: ...out Manually Its steps are Pre state After system booting up the WAN connection is disconnected S 1 When administrator click on the Connect button on the Network Status configuration window S 2 System...

Страница 75: ...ides a brief description of LAN and VLAN It also explains how to create and modify virtual LANs which are more commonly known as VLANs 3 3 1 Ethernet LAN The Local Area Network LAN can be used to shar...

Страница 76: ...his gateway supports various types of IPv6 connection Static IPv6 DHCPv6 PPPoEv6 6to4 6in4 Please contact your ISP the type of IPv6 is supported before you proceed with IPv6 setup Static IPv6 Static I...

Страница 77: ...v6 default gateway address and IPv6 DNS to client host s automatically PPPoEv6 PPPoEv6 in IPv6 does the same function as PPPoE in IPv4 The PPPoEv6 server provides configuration parameters based on PPP...

Страница 78: ...a host it must have a global IPv4 address connected and the host is responsible for encapsulation of outgoing IPv6 packets and decapsulation of incoming 6to4 packets If the host is configured to forw...

Страница 79: ...ve slots for new function insertion when required 79 In above diagram the 6in4 usually needs to register to a 6in4 tunnel service known as Tunnel Broker in order to use It also need end point global I...

Страница 80: ...Value setting Description WAN Connection Type 1 Only can be selected when IPv6 Enable 2 A Must filled setting Define the selected IPv6 WAN Connection Type to establish the IPv6 connectivity Select St...

Страница 81: ...ss Primary DNS An optional setting Enter the WAN primary DNS Server Secondary DNS An optional setting Enter the WAN secondary DNS Server MLD Snooping The box is unchecked by default Enable Disable the...

Страница 82: ...primary DNS Server Secondary DNS Can not modified by default Enter the WAN secondary DNS Server MLD The box is unchecked by default Enable Disable the MLD Snooping function LAN Configuration LAN Confi...

Страница 83: ...ction If you want more information please contact your ISP Connection Control Fixed value The value is Auto reconnect Always on MTU A Must filled setting Enter the MTU for setting up PPPoEv6 connectio...

Страница 84: ...nal setting Enter the WAN secondary DNS Server MLD The box is unchecked by default Enable Disable the MLD Snooping function LAN Configuration LAN Configuration Item Value setting Description Global Ad...

Страница 85: ...ed IPv4 address of this router Local IPv6 Address A Must filled setting Filled Client IPv6 Address gotten from tunnelbroker in this field Primary DNS An optional setting Enter the WAN primary DNS Serv...

Страница 86: ...nectivity Select Stateless to manage the Local Area Network to be SLAAC RDNSS Router Advertisement Lifetime A Must filled setting Enter the Router Advertisement Lifetime in seconds 200 is setted by de...

Страница 87: ...iguration page Normally with global IP address or FQDN of WAN interface in the gateway employees who travel outside the office can access various servers behind the office gateway You can set up those...

Страница 88: ...k It is useful when you run a server inside your network For example if you set a mail server at LAN side your local devices can access this mail server through gateway s global IP address when enable...

Страница 89: ...eature to do that Scenario Description Local user can access mail server by FQDN or global IP when NAT loop back is enable Global user can access mail server only when mail server is set as virtual se...

Страница 90: ...virtual server to be located at a server with IP address 10 0 75 101 in the Intranet of Network A including SMTP service port 25 and POP3 service port 110 So the local user at host with IP address 10...

Страница 91: ...gateway This device s NAT firewall filters out unrecognized packets to protect your Intranet so all hosts behind this device gateway are invisible to the outside world If you wish you can make some o...

Страница 92: ...side For example if you set an E mail server on the LAN side with IP address 10 0 75 101 a remote user can access the gateway for E mail service if you defined a virtual E mail server for the gateway...

Страница 93: ...virtual server to be located at a server with IP address 10 0 75 101 in the Intranet of Network A including SMTP service port 25 and POP3 service port 110 So the remote user can access the E mail ser...

Страница 94: ...gateway to implement the application scenario Scenario Description A LAN host is assigned with a global IP address to be visible to outside world The host has an embedded FTP file server and is prote...

Страница 95: ...to the FTP file server by server s global IP address and it acts as a media between the LAN host and the outside world by using its Virtual Computer feature So remote users can request for file servi...

Страница 96: ...x when WAN x enabled Server IP A Must filled setting This field is to specify the IP address of the interface selected in the WAN Interface setting above Protocol A Must filled setting When ICMPv4 is...

Страница 97: ...ingle Port number Public Port is selected Port Range and specify a port range and Private Port can be selected Single Port or Port Range Apply Time Schedule to this rule otherwise leave it as Always r...

Страница 98: ...omputer The router allows you to custom your Virtual Computer rules The router supports up to a maximum of 20 rule based Virtual Computer sets When Add button is applied Virtual Computer Rule Configur...

Страница 99: ...l gateway ALG allows customized NAT traversal filters to be plugged into the gateway to support address and port translation for certain application layer control data protocols such as FTP BitTorrent...

Страница 100: ...tion rule is that the trigger port is pa and the activated ports are pb and pc once the pa port is toggled at LAN interface of gateway Scenario Application Timing When local user wants to run an appli...

Страница 101: ...er port 554 Quick Time 4 and incoming ports 6970 6999 and activate the rule So the local user at host with IP address 10 0 75 100 can enjoy the music by using Quick Time 4 application The media server...

Страница 102: ...ne with the help of the SIP server in the Internet Parameter Setup Example Following table lists the parameter configuration for the NAT gateway in above diagram Configuration Path Special AP ALG Conf...

Страница 103: ...ecial AP setting allows some applications require multiple connections The ALG setting allows user to Support some SIP ALG like STUN Enable Special AP and Virtual Computer Go to Basic Network NAT Brid...

Страница 104: ...le box to enable this rule When Popular Applications is selected Battle net Port and Incoming Ports will be defined automatically Apply Time Schedule to this rule otherwise leave it as Always refer to...

Страница 105: ...Schedule to this rule otherwise leave it as Always refer to Scheduling setting under System Then check Rule box to enable this rule When Popular Applications is selected Quick Time 4 Port is the same...

Страница 106: ...ify the IP address in the Intranet to be DMZ host so that the host under DMZ function can run applications freely that would otherwise blocked by NAT mechanism of the gateway with DMZ feature disabled...

Страница 107: ...Description The DMZ host is behind a NAT gateway and receives all normal and active packets from the Internet Remote user can access the DMZ host by using the IP address of the gateway and the gatewa...

Страница 108: ...e DMZ and Pass Through Enable Go to Basic Network NAT Bridging DMZ tab Configuration Item Value setting Description DMZ 1 A Must filled setting 2 Default is ALL Check the Enable box to activate this N...

Страница 109: ...tables record the obtained routing paths from neighbor routers by using some protocols such as RIP OSPF and BGP It is dynamic routing These both routing approaches will be illustrated one after one 3...

Страница 110: ...ll static routing rule enteries There also be one Add button at the Static Routing Rule List caption that can let you add one new static routing rule While the Edit button at the end of each static ro...

Страница 111: ...ing Rule List ID 1 2 Destination IP 173 194 72 94 188 125 73 108 Subnet Mask 255 255 255 255 255 255 255 255 Gateway 118 18 81 1 203 95 80 1 Metric 255 255 Rule Enable Enable Scenario Operation Proced...

Страница 112: ...heir office setting Go to Basic Network Routing Static Routing Tab Static Routing Tab Item Value setting Description Enable Static Routing function The box is unchecked by default Check the Enable box...

Страница 113: ...Interface Auto is set by default The Interface of this static routing rule Metric 1 Numberic String Format 2 A Must filled setting The Metric of this static routing rule Enabling the rule The box is...

Страница 114: ...e In the Dynamic Routing page there are seven configuration windows for dynamic routing feature They are the RIP Configuration window OSPF Configuration window OSPF Area List OSPF Area Configuration B...

Страница 115: ...ting protocols are described as follows RIP Scenario The Routing Information Protocol RIP is one of the oldest distance vector routing protocols which employs the hop count as a routing metric RIP pre...

Страница 116: ...gle routing domain such as an autonomous system It gathers link state information from available routers and constructs a topology map of the network The topology is presented as a routing table to th...

Страница 117: ...rio Application Timing When the administrator of the gateway wants to deploy one OSPF gateway in a large enterprise and expects the gateway to learn its routing table by using OSPF protocol from the e...

Страница 118: ...r OSPF gateways in the enterprise backbone And then it forwards the routing information to the routers in its dominated areas Finally the routers in the dominated areas of the OSPF Gateway know the sh...

Страница 119: ...eighbor ID and neighbor activation by an Enable box Following diagram is an example for the scenario Scenario Application Timing Most Internet service providers ISPs must use BGP to establish routing...

Страница 120: ...able Self ID 100 Configuration Path Dynamic Routing BGP Neighbor List ID 1 2 3 4 Neighbor IP 10 101 0 1 10 102 0 1 10 103 0 1 10 104 0 1 Neighbor ID 101 102 103 104 Neighbor Enable Enable Enable Enabl...

Страница 121: ...Routing Dynamic Routing Tab Item Value setting Description Enable Dynamic Routing function The box is unchecked by default Check the Enable box to activate this function The RIP configuration setting...

Страница 122: ...ed setting The Router ID of this router on OSPF protocol Authentication None is set by default The Authentication method of this router on OSPF protocol Select None will disable Authentication on OSPF...

Страница 123: ...Area Rule Configuration screen will appear Item Value setting Description Area Subnet 1 Classless Inter Domain Routing CIDR Subnet Mask Notation Ex 192 168 1 0 24 2 A Must filled setting The Area Sub...

Страница 124: ...ter ID 1 IPv4 Format 2 A Must filled setting The Router ID of this router on BGP protocol Create Edit BGP Network Rules The router allows you to custom your BGP Network rules It supports up to a maxim...

Страница 125: ...n is applied BGP Neighbor Rule Configuration screen will appear Item Value setting Description Neighbor IP 1 IPv4 Format 2 A Must filled setting The Neighbor IP of this router on BGP Neighbor List Rem...

Страница 126: ...ription Destination IP N A Routing record of Destination IP IPv4 Format Subnet Mask N A Routing record of Subnet Mask IPv4 Format Gateway IP N A Routing record of Gateway IP IPv4 Format Metric N A Rou...

Страница 127: ...server on a changing IP address you have to use dynamic domain name service DDNS Therefore anyone wishing to reach your host only needs to know the domain name Dynamic DNS will map the name of your ho...

Страница 128: ...automatically re maps your domain name with the changed IP address So other hosts in the Internet world will be able to link to your gateway by using your domain name regardless of the changing globa...

Страница 129: ...hen the gateway has booted up and has gotten a dynamic IP address for the WAN interface the DDNS agent in the gateway tries to request the DDNS server with the mapping between the domain name and the...

Страница 130: ...n Add button is applied Pre defined Domain Name Configuration screen will appear Pre defined Domain Name Configuration Item Value setting Description Domain Name 1 String format can be any text 2 A Mu...

Страница 131: ...set by default Selected the WAN Interface IP Address of the router Provider DynDNS org Dynamic is set by default Your DDNS provider of Dynamic DNS Host Name 1 String format can be any text 2 A Must f...

Страница 132: ...r whose LAN IP Address is the same one of gateway LAN interface with its default Subnet Mask setting as 255 255 255 0 and its default IP Pool ranges is from 100 to 200 as shown at the DHCP Server List...

Страница 133: ...ormation like the LAN Interface IP Address Host Name MAC Address and the Remaining Lease Time Fixed Mapping User can assign fixed IP address to map the specific client MAC address by select them then...

Страница 134: ...eate and customize DHCP Server policies to assign IP Addresses to the devices on the local area network LAN Go to Basic Network Client Server Proxy DHCP Server Tab Create Edit DHCP Server Policy The r...

Страница 135: ...lled setting The Lease Time of this DHCP Server Domain Name String format can be any text The Domain Name of this DHCP Server Primary DNS IPv4 format The Primary DNS of this DHCP Server Secondary DNS...

Страница 136: ...lled setting The IP Address of this mapping rule Enabling the Rule The box is unchecked by default Click Enable box to activate this rule Save N A Click the Save button to save the configuration Undo...

Страница 137: ...options in its sending out DHCPOFFER DHCPACK packages Option Meaning RFC 66 TFTP server name RFC 2132 72 Default World Wide Web Server RFC 2132 114 URL RFC 3679 Go to Basic Network Client Server Proxy...

Страница 138: ...specific option you want to set Type Dropdown list of DHCP server option value s type Each different options has different value types 66 Single IP Address Single FQDN 72 IP Addresses List separated b...

Страница 139: ...lular Gateway Index skipping is used to reserve slots for new function insertion when required 139 Save Undo DHCP Server Options Click Save to restart DHCP server forcing settings to take effect immed...

Страница 140: ...Firewall check box will activate all firewall functions The firewall configuration allows user to enable or disable all functions including Packet Filters URL Blocking Web Content Filters MAC Control...

Страница 141: ...ry In addition log alerting can be enabled through an Enable checkbox to log events Second the Packet Filter Rule List window lists all your defined packet filtering rule entry At last the Packet Filt...

Страница 142: ...dy existed the Packet Filter Rule Configuration window shows up for you to configure The parameters in a rule include the rule name the from and to which interface the packet enters and leaves the sou...

Страница 143: ...t those match the following rules Configuration Path Packet Filters Packet Filter Rule List ID 1 2 Rule Name Access 80 Access 443 Source IP IP Range 10 0 75 200 10 0 75 250 IP Range 10 0 75 200 10 0 7...

Страница 144: ...lt Check the Enable box to activate Packet Filter function Black List White List Filter Method Selection Deny those match the following rules is set by default When Deny those match the following rule...

Страница 145: ...erface to be the packet entering interface of the router If the packets to be filtered are coming from LAN to WAN then select LAN for this field Or VLAN 1 to WAN then select VLAN 1 for this field Othe...

Страница 146: ...the Host grouping setting screen Source MAC A Must filled setting This field is to specify the Source MAC address Select Any to filter packets coming from any MAC addresses Select Specific MAC Addres...

Страница 147: ...h specified port number Then enter a pot number in Protocol Number box Time Schedule A Must filled setting Apply Time Schedule to this rule otherwise leave it as Always If the dropdown list is empty e...

Страница 148: ...or in the exclusion of the white list In URL Blocking page there are three configuration windows They are the Configuration window URL Blocking Rule List window and URL Blocking Rule Configuration win...

Страница 149: ...if one pattern in the requests matches to one rule Other Web requests will be blocked URL Blocking Rule List The URL Blocking Rule List shows the setup parameters of all URL blocking rules There also...

Страница 150: ...ted patterns to go through the gateway he can use the URL Blocking function by defining the white list to carry out to meet the requirement It is contrasting to above diagram Scenario Description Web...

Страница 151: ...for WAN 1 interface It serves as a NAT router Enable the URL blocking function and specify the URL Blocking Rule List is a black list and configure two URL blocking rules for the gateway Create one r...

Страница 152: ...activate to activate Event Log Invalid Access Web Redirection The box is unchecked by default Check the Enable box to activate this function When the user attempts to open a blocked http URL by the we...

Страница 153: ...group by the Add Rule shortcut button Setting done through the Add Rule button will also appear in the Host grouping setting screen URL Domain Name Keyword A Must filled setting Specify URL Domain Na...

Страница 154: ...an let you activate the Web content filtering function Some popular script types like Java Applet Java Scripts cookies and Active X are in the window and you can check their boxes to enable the gatewa...

Страница 155: ...e or edit one existed rule the Web Content Filter Configuration window will appear when you click on the Add or Edit button to configure The parameters in a rule include the rule name the defined file...

Страница 156: ...teway has the IP address of 10 0 75 2 for LAN interface 118 18 81 33 for WAN 1 interface It serves as a NAT router Enable the Web content filters function to check and filter out Web requests on Cooki...

Страница 157: ...Log Alert The box is unchecked by default Check the Enable box to activate to activate Event Log Create Edit Filter Rules The router supports up to a maximum of 20 filter rule sets Ensure that the We...

Страница 158: ...ou may also access to create a group by the Add Rule shortcut button Setting done through the Add Rule button will also appear in the Host grouping setting screen User defined File Extension List Use...

Страница 159: ...kbox to log events Another Known MAC from LAN PC List is a tool that you can use to do quick copy the known MAC address of client hosts in the Intranet to facilitate creating rules Use the Copy to but...

Страница 160: ...C Control Rule List shows the setup parameters of all MAC control rules There also be one Add button at the MAC Control Rule List caption that can let you add and create one new MAC control rule The E...

Страница 161: ...teway he can use the MAC Control function by defining the white list to carry out to meet the requirement It is contrasting to above diagram Scenario Description To only reject client hosts with dedic...

Страница 162: ...e Gateway is the gateway of Network A and the subnet of its Intranet is 10 0 75 0 24 The gateway has the IP address of 10 0 75 2 for LAN interface 118 18 81 33 for WAN 1 interface It serves as a NAT r...

Страница 163: ...ox is unchecked by default Check the Enable box to activate the MAC filter function Black List White List Filter Method Selection Deny MAC Address Below is set by default When Deny MAC Address Below i...

Страница 164: ...AC Control rule name Enter a name that is easy for you to remember MAC Address Ues to Compose 1 MAC Address string Format 2 A Must fill setting Specify the Source MAC Address to filter rule Time Sched...

Страница 165: ...tion can categorize Internet Protocol packets based on their application layer data and allow or deny their passing of gateway It supports the application filters for various Internet chat software P2...

Страница 166: ...ter Enable Log Alert Enable Configuration Path Application Filters Application Filter List Rule Name Rule 1 Source IP IP Range 192 168 123 200 192 168 123 250 P2P Software BT BitTorrent BitSpirit BitC...

Страница 167: ...box is unchecked by default Check the Enable box to activate this filter function Log Alert The box is unchecked by default Check the Enable box to activate Event Log Create Edit Filter Rules The rou...

Страница 168: ...defined group selected Note group must be pre defined before this selection become available Refer to System Grouping Host grouping You may also access to create a group by the Add Rule shortcut butt...

Страница 169: ...it You can enable the IPS function and check the listed intrusion activities when needed There are some intrusion prevention items need a further Threshold parameter to work properly for intrusion det...

Страница 170: ...io Description The gateway serves as an E mail server Web Server and open TCP Port 8080 allowing user to access web based utility of Gateway so remote users or unknown users can request those services...

Страница 171: ...will block lots of packets in seconds IPS Setting The Intrusion Prevention System IPS setting allows user to customize intrusion prevention rules to prevent malicious packets Enabling IPS Firewall Go...

Страница 172: ...e box to activate this intrusion prevention rule and enter the traffic threshold in this field UDP Flood Defense Click Enable box to activate this intrusion prevention rule and enter the traffic thres...

Страница 173: ...ceroute Block Fraggle Attack ARP Spoofing Defence 1 A Must filled setting 2 The box is unchecked by default 3 traffic threshold is set to 300 by default 4 The value range can be from 10 to 10000 Click...

Страница 174: ...ard Ping from WAN makes any host on the WAN side can t ping this product It means this device won t reply any ICMP packet from Internet Remote Administrator Hosts enables only the LAN users to browse...

Страница 175: ...ables list the parameter configuration as an example for the gateway in above diagram with SPI enabling Configuration Path Options Firewall Options SPI Enable Scenario Operation Procedure In above dia...

Страница 176: ...local users surf the internet Following tables list the parameter configuration as an example for the gateway in above diagram Configuration Path Options Firewall Options Discard Ping from WAN Enable...

Страница 177: ...ns Item Value setting Description Enable Stealth mode function The box is unchecked by default Check the Enable box to activate Stealth Mode function Enable SPI function The box is checked by default...

Страница 178: ...mote access Select Any IP to allow any remote hosts Select Specific IP to allow the remote host coming from a specific subnet An IP address entered in this field and a selected Subnet Mask to compose...

Страница 179: ...tunnel technology supports data confidentiality data origin authentication and data integrity of network information by utilizing encapsulation protocols encryption algorithms and hashing algorithms T...

Страница 180: ...reserve slots for new function insertion when required 180 VPN Configuration Item Value setting Description VPN The box is unchecked by default Check the Enable box to enable all VPN functions Save N...

Страница 181: ...eers and negotiates IKE SAs Security Association to set up a secure channel for negotiating IPSec SAs in phase 2 At IPSec phase IKE negotiates IPSec SA parameters and sets up matching IPSec SAs in the...

Страница 182: ...ion window shows the maximum number of concurrent IPSec VPN tunnels that are running in system Tunnel List Status The Tunnel List shows the setup parameters of all IPSec VPN tunnels and their connecti...

Страница 183: ...y gateways have their own subnet and the Site to Site tunnel scenario is used Site means a subnet of client hosts Scenario Description Both Initiator and Responder of IPSec tunnel must have a Static I...

Страница 184: ...guration Path IPSec IKE Phase Negotiation Mode Main Mode X Auth None For Network B at Branch Office Following 5 tables list the parameter configuration for above example diagram of IPSec VPN tunnel in...

Страница 185: ...Negotiation Mode Main Mode X Auth None Scenario Operation Procedure In above diagram Network A is in the headquarters and the subnet of its Intranet is 10 0 76 0 24 The security gateway for Network A...

Страница 186: ...ccess the enterprise operation systems to access office resources from outside the Dynamic VPN connection can be setup up to meet the requirement These mobile employees are carrying with their noteboo...

Страница 187: ...Operation Mode Always on Configuration Path IPSec Local Remote Configuration Local Subnet 10 0 76 0 Local Netmask 255 255 255 0 Configuration Path IPSec Authentication Key Management IKE Pre shared K...

Страница 188: ...eep alive item Configuration Path IPSec Authentication Key Management IKE Pre shared Key 12345678 Local ID User Name Network B Configuration Path IPSec IKE Phase Negotiation Mode Main Mode X Auth None...

Страница 189: ...ng scenario example When Full Tunnel function of remote Business Security Gateway is enabled all data traffic from remote clients behind remote Business Security Gateway will go over the VPN tunnel Th...

Страница 190: ...rough the established VPN tunnel between both sites including the HQ resource accessing and regular Internet accessing Scenario Description Both Initiator and Responder of IPSec tunnel must have a Sta...

Страница 191: ...None For Network B at Branch Office Following 5 tables list the parameter configuration for above example diagram of IPSec VPN tunnel in Network B Use default value for those parameters that are not...

Страница 192: ...s 10 0 76 0 24 The security gateway for Network A has the IP address of 10 0 76 2 for LAN interface and 203 95 80 22 for WAN interface However Network B is in the branch office and the subnet of its I...

Страница 193: ...tion NetBIOS over IPSec Unchecked by default Click the Enable box to enable NetBIOS over IPSec function NAT Traversal Unchecked by default Click the Enable box to enable NAT Traversal function Max Con...

Страница 194: ...M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion when required 194...

Страница 195: ...r Site to Site VPN tunneling specified in Tunnel Scenario It is not available for Dynamic VPN tunneling application Operation Mode 1 A Must fill setting 2 Alway on is selected by default There are thr...

Страница 196: ...aracters Select Key Management from the dropdown box for this IPSec tunnel IKE Pre shared Key user need to set a key Min 8 characters IKE X 509 user need Certificate to authenticate IKE_X 509 will be...

Страница 197: ...server Click on the X Auth Account button to create remote X Auth client account Selected Client this gateway will be a X Auth client Enter User name and Password to be authenticated by the X Auth ser...

Страница 198: ...inition Window Item Value setting Description IPSec Proposal Definition A Must fill setting Specify the Encryption method None AES auto AES128 AES192 AES256 DES 3DES Specify Authentication method None...

Страница 199: ...described in Authentication Configuration Window a series of configuration windows for Manual IPSec Tunnel configuration will appear The configuration windows are the Tunnel configuration the Local R...

Страница 200: ...terface as the system will automatically utilize the available WAN interfaces to balance traffic loads For more details on WAN Load Balance refer to Load Balance Usage in this manual On gateway s web...

Страница 201: ...tion Outbound SPI Hexadecimal format Specify the Outbound SPI for this IPSec tunnel Inbound SPI Hexadecimal format Specify the Inbound SPI for this IPSec tunnel Encryption 1 A Must fill setting 2 Hexa...

Страница 202: ...y levels and remote access levels comparable with typical VPN products Deploy a security gateway for local office and establish a virtual private network with the remote gateway of another office by u...

Страница 203: ...window is to enable the PPTP VPN function by checking the Enable box In the Client Server field of the Configuration window choose either Server or Client Choose Server to define the gateway as the P...

Страница 204: ...he used user name remote IP address the obtained virtual IP address and call ID of all PPTP clients User Account List User Account List lists your defined user accounts that can be accepted by the PPT...

Страница 205: ...et of Network A at headquarters via this established PPTP tunnel Usually these hosts at PPTP client peer access the Internet directly via the WAN interface of Security Gateway 2 Only the packets whose...

Страница 206: ...of its Intranet is 10 0 76 0 24 The security gateway for Network A has the IP address of 10 0 76 2 for LAN interface and 203 95 80 22 for WAN interface It serves as a PPTP server However Network B is...

Страница 207: ...bnet Authentication Protocol MPPE Encryption NAT before Tunneling LCP Echo Type and tunnel activation Please be noted the Default Gateway Remote Subnet configuration item There are two options Default...

Страница 208: ...work A at headquarters via this established PPTP tunnel Usually these hosts at PPTP client peer access the Internet directly via the WAN interface of Security Gateway 2 Only the packets whose destinat...

Страница 209: ...PPTP 1 Interface WAN 1 Remote IP FQDN 203 95 80 22 User Name User 1 Password 1234 Default Gateway Remote Subnet Default Gateway Authentication Protocol MS CHAP MPPE Encryption Enable Tunnel Enable Sc...

Страница 210: ...user to create and configure PPTP tunnels Before you proceed ensure that the VPN is enabled and saved To enable VPN go to Advanced Network VPN Configuration tab Enabling PPTP Go to Advanced Network VP...

Страница 211: ...s is the PPTP server s Virtual IP DHCP server User can specify the first IP address for the subnet from which the PPTP client s IP address will be assigned IP Pool Ending Address 1 A Must fill setting...

Страница 212: ...nts for remote clients to establish PPTP VPN connection to the gateway device Click Add button to add user account Enter User name and password Then check the enable box to enable the user Click Save...

Страница 213: ...tunneling you will need to select a primary IPSec tunnel from which to failover to Load Balance Define whether the PPTP tunnel connection will take part in load balance function of the gateway You wi...

Страница 214: ...setting Specify whether PPTP server supports MPPE Protocol Click the Enable box to enable MPPE Note when MPPE Encryption is enabled the Authentication Protocol PAP CHAP options will not be available N...

Страница 215: ...L2TP tunneling So all client hosts behind local security gateway can make data communication with others behind remote gateway Or when you are a mobile user with your notebook or carrying along a sec...

Страница 216: ...nt Choose Server to define the gateway as the L2TP VPN server for remote clients to initiate the connection to establish VPN tunnels Or choose Client to create multiple L2TP VPN clients to establish V...

Страница 217: ...cluding the used user name remote IP address the obtained virtual IP address and call ID of all L2TP clients User Account List User Account List lists your defined user accounts that can be accepted b...

Страница 218: ...2TP Server must have a Static IP or a FQDN and maintain a Client list account password The Client may be a mobile user or mobile site and requesting the L2TP tunnel connection with its account passwor...

Страница 219: ...rio When you want the security gateway to play a L2TP client role check the Enable box and choose Client option in the L2TP Configuration window And make its related configuration in following section...

Страница 220: ...el Scenario Application Timing Above diagram illustrates the Security Gateway 2 or the mobile device playing the L2TP VPN client role The L2TP tunnel is established by the L2TP client making the tunne...

Страница 221: ...ault Gateway Remote Subnet setting determines how the Internet traffic from L2TP client site is handled The L2TP over IPSec is usually used for BYOD devices to establish a secure VPN tunnel between mo...

Страница 222: ...establishing a L2TP VPN tunnel So both Intranets of 10 0 75 0 24 and 10 0 76 0 24 can securely communicate each other Finally the client hosts in the Intranet of Network B at mobile office can access...

Страница 223: ...l It will set as the starting IP which assign to L2TP client IP Pool Ending Address A Must filled setting Specify the L2TP server ending IP of virtual IP pool It will set as the ending IP which assign...

Страница 224: ...ck Enable button to enable user account Specify Username Fill in the username Specify Password Fill in the password Click save button to save user account When select Client in Client Server a series...

Страница 225: ...ust filled setting Specify the Remote LNS IP FQDN for this L2TP tunnel Fill in the IP address or FQDN Remote LNS Port A Must filled setting Specify the Remote LNS Port for this L2TP tunnel Fill in the...

Страница 226: ...ble box It will enable NAT for this L2TP tunnel LCP Echo Type A Must filled setting Specify the LCP Echo Type for this L2TP tunnel Select Auto Auto setting the Interval and Max Failure Time Selected U...

Страница 227: ...ters supports the GRE tunneling function Then local security gateway can establish a GRE VPN tunnel with remote gateway in headquarters Client hosts in these both Intranets of branch office and headqu...

Страница 228: ...a GRE tunnel between the gateway in headquarters and the one in branch office as an example fo following description GRE Tunnel at HQ Peer Scenario Application Timing Above diagram illustrates the se...

Страница 229: ...N 1 Operation Mode Always on Tunnel IP 203 95 80 22 Remote IP 118 18 81 33 Key 1234 TTL 255 Default Gateway Remote Subnet Remote Subnet 10 0 75 0 24 Tunnel Enable Scenario Operation Procedure In above...

Страница 230: ...ackets are delivered via the GRE tunnel as shown in the diagram by configuring the GRE tunnel is the default gateway at GRE client peer the Internet accessing packets will be also sent to the Security...

Страница 231: ...teway for Network A has the IP address of 10 0 76 2 for LAN interface and 203 95 80 22 for WAN interface It serves as a GRE server However Network B is in the branch office and the subnet of its Intra...

Страница 232: ...go to Advanced Network VPN Configuration tab Enabling GRE Go to Advanced Network VPN GRE tab Enable GRE Window Item Value setting Description GRE Unchecked by default Click the Enable box to enable G...

Страница 233: ...lways On Failover Load Balance Failover Always Define whether the GRE tunnel is a failover tunnel function or an Always on tunnel Note If this GRE is a failover tunneling you will need to select a pri...

Страница 234: ...0 0 2 24 DMVPN Spoke Unchecked by default Specify whether the gateway will support DMVPN Spoke for this GRE tunnel Check Enable box to enable DMVPN Spoke GRE Pre shared Key 1 Unchecked by default 2 Pr...

Страница 235: ...e for every client using signature and Certificate authority It uses the OpenSSL encryption library extensively as well as the SSLv3 TLSv1 protocol and contains many security and control features Depl...

Страница 236: ...M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion when required 236...

Страница 237: ...nother role Above diagram is the server role configuration and following diagram shows the client role configuration To configure OpenVPN Server or Client role for the security gateway as follows Conf...

Страница 238: ...l enable the OpenVPN server function specify the virtual IP address of OpenVPN server define the pool of virtual IP addresses that will assign to remote OpenVPN clients dialing in the security gateway...

Страница 239: ...blishing an OpenVPN VPN tunnel Parameter Setup Example For Network A at HQ Following below tables list the parameter configuration for above example diagram of OpenVPN server in Network A Use default...

Страница 240: ...nVPN VPN tunnel by starting from the OpenVPN client site So hosts in Network B can access hosts or servers in Network A But can t access from Network A to Network B To communicate each other securely...

Страница 241: ...41 Configuration for An OpenVPN Client Configuration for An OpenVPN Client window let you specify the required parameters for an OpenVPN VPN client such as OpenVPN Client Name Interface Protocol Port...

Страница 242: ...OpenVPN Client peer is also controlled by the Security Gateway 1 the OpenVPN VPN server Scenario Description OpenVPN Tunneling is a Client and Server based tunneling technology The OpenVPN Server mus...

Страница 243: ...hosts in Network B can access hosts or servers in Network A But can t access from Network A to Network B However if the Default Gateway Remote Subnet parameter in the Security Gateway 2 is configured...

Страница 244: ...A Must filled setting By default 443 is set Specify the Port for the OpenVPN Server to use Tunnel Device A Must filled setting By default TUN is selected Specify the Tunnel Device for the OpenVPN Serv...

Страница 245: ...ilable only when TAP is be chose in Tunnel Device IP Pool A Must filled setting Specify the OpenVPN server virtual IP pool Starting Address It will set as the starting IP which assign to OpenVPN clien...

Страница 246: ...ilable only when TLS is be chose in Authorization Mode Redirect Default Gateway The box is checked by default Specify the OpenVPN server Redirect Default Gateway Client to Client The box is checked by...

Страница 247: ...tify it in the tunnel list Interface A Must filled setting Define the selected interface to be the used for this OpenVPN Client tunnel Select WAN 1 for this OpenVPN Client tunnel by default Protocol A...

Страница 248: ...icate Refer to Advanced Network Certificate My Certificates Local Endpoint IP Address A Must filled setting Specify the Local Endpoint IP Address Note_1 Local Endpoint IP Address will be available onl...

Страница 249: ...Optional String format any text Specify the OpenVPN client TLS Auth Key Note_1 TLS Auth Key will be available only when TLS is be chose in Authorization Mode User Name Optional String format any text...

Страница 250: ...is unchecked by default Specify the OpenVPN client Tunnel UDP MSS Fix Note_1 Tunnel UDP MSS Fix will be available only when UDP is be chose in Protocol nsCertType Verification The box is unchecked by...

Страница 251: ...r or switch fails This increases the availability and reliability of routing paths via automatic default gateway selections on an IP network The protocol achieves this by creation of virtual routers w...

Страница 252: ...s a reliable connection to the Internet administrator can setup a group of VRRP redundant gateways as the enterprise entry gateway Each member gateway connects to different ISP for a redundant connect...

Страница 253: ...3 Virtual Server IP Address 10 0 75 200 Scenario Operation Procedure In above diagram the Master Gateway and the Backup Gateway are the redundant gateway group of Network A and the subnet of its Intra...

Страница 254: ...ng Format 2 A Must filled setting Define the Virtual Server ID on VRRP of the router The value range is from 1 to 255 Priority of Virtual Server 1 Numberic String Format 2 A Must filled setting Define...

Страница 255: ...s gateway device As a bidirectional SOAP HTTP based protocol it provides the communication between customer premises equipment CPE and Auto Configuration Servers ACS The Security Gateway is such CPE T...

Страница 256: ...rver to manage remote gateways geographically distributed elsewhere in the world the gateways in all branch offices must have an embedded TR 069 agent to communicate with the ACS server So that the AC...

Страница 257: ...ernet The Gateway 1 is one of them and has 118 18 81 33 IP address for its WAN 1 interface When all remote gateways have booted up they will try to connect to the ACS server Once the connections are e...

Страница 258: ...manager provide ACS password and manually set ConnectionRequest Port A Must filled setting You can ask ACS manager provide ACS ConnectionRequest Port and manually set ConnectionRequest Username A Mus...

Страница 259: ...odifying and applying a new configuration through remote modification of these variables The variables accessible via SNMP are organized in hierarchies These hierarchies and other metadata such as typ...

Страница 260: ...indow provides 5 records of user privacy definition for user authentication and data hashing and encryption In SNMPv3 SNMP protocol supports user privacy feature additionally By referring to above set...

Страница 261: ...te NMS to manage some devices whose WAN interfaces are connected together by using a switch or a router with UDP forwarding If you want to manage some devices and they all have supported SNMP protocol...

Страница 262: ...NoPriv Privacy Key 12345678 Disable Disable Authority Read Write Read Read Enable Enable Enable Enable Scenario Operation Procedure In above diagram the NMS server can manage multiple devices in the I...

Страница 263: ...interface for the SNMP and enable SNMP functions When Check the LAN box It will activate SNMP functions and you can access SNMP by LAN When Check the WAN box It will activate SNMP functions and you c...

Страница 264: ...ear Multiple Community Rule Configuration Item Value setting Description Community 1 Read Only is selected by default 2 A Must filled setting 3 String format any text Specify this version 1 or version...

Страница 265: ...Privacy Mode is authNoPriv or authPriv you must specify the Password for this version 3 user The minimum length of the password is 8 The maximum length of the password is 64 Authentication 1 None is...

Страница 266: ...tricts access for this version 3 user to the subtree rooted at the given OID The range of the each OID number is 1 2080768 Enable 1 The box is checked by default Click Enable to enable this version 3...

Страница 267: ...ue setting Description Server IP 1 A Must filled setting 2 String format any Ipv4 address Specify the trap Server IP The DUT will send trap to the server IP Server Port 1 String format any port number...

Страница 268: ...ypes and encryption protocols Selected the authNoPriv You must specify the Authentication and Password Selected the authPriv You must specify the Authentication Password Encryption and Privacy Key Aut...

Страница 269: ...3 AMIT Enterprise Number 2 A Must filled setting 3 String format any number Specify the Enterprise Number for the particular private mib The range of the enterprise number is 1 2080768 Enterprise OID...

Страница 270: ...easier to automate via scripting The device supports both Telnet and SSH Secure Shell CLI with default service port 23 and 22 respectively In Telnet with CLI page there are two configuration windows f...

Страница 271: ...y using Telnet or SSH utility with privileged user name and password The data packets between the Local Admin and the Gateway or between the Remote Admin and the Gateway can be plain texts or encrypte...

Страница 272: ...interface and 118 18 81 33 for WAN 1 interface It serves as a NAT gateway The Local Admin in the Intranet uses Telnet utility with privileged account to login the Gateway Or the Remote Admin in the In...

Страница 273: ...default By default Service Port is 22 Check the Telnet Enable box to activate telnet service Check the SSH Enable box to activate SSH service You can set which number of Service Port you want to prov...

Страница 274: ...peer networks multiplayer gaming and remote assistance programs need a way to communicate through home and business gateways Without IGD one has to manually configure the gateway to allow traffic thro...

Страница 275: ...ation Procedure In above diagram the NAT Gateway is the gateway of Network A and the subnet of its Intranet is 10 0 75 0 24 It has the IP address of 10 0 75 2 for LAN interface and 118 18 81 33 for WA...

Страница 276: ...presence and establish functional network services Go to Advanced Network System Management UPnP UPnP Configuration Item Name Value Setting Description UPnP Default checked Check to enable UPnP funct...

Страница 277: ...es customers to issue certificates for them In a web of trust scheme the signer is either the key s owner a self signed certificate or other users endorsements whom the person examining the certificat...

Страница 278: ...where your organization is located State ST is the state where your organization is located Location L is the location where your organization is located Organization O is the name of your organizati...

Страница 279: ...Certificates function The Root CA window can let you generate or delete the certificate of root CA Root CA Configuration window can let you fill required information necessary for generating the root...

Страница 280: ...ficate if the Self signed box is checked otherwise it is a CSR Self signed Certificate Usage Scenario Scenario Application Timing When the enterprise gateway owns the root CA and VPN tunneling functio...

Страница 281: ...establishing as shown in above diagram The configuration example must be combined with the ones in following two sections to complete the whole user scenario Use default value for those parameters th...

Страница 282: ...on as an example for the My Certificates function used in the user authentication of IPSec VPN tunnel establishing as shown in above diagram The configuration example must be combined with the ones in...

Страница 283: ...IP address of 10 0 75 2 for LAN interface and 118 18 81 33 for WAN 1 interface They both serve as the NAT security gateways Gateway 1 generates the root CA and a local certificate HQCRT that is signe...

Страница 284: ...ignature algorithm identifier of certificates Subject Name A Must filled setting This field is to specify the information of certificate Country C is the two letter ISO code for the country where your...

Страница 285: ...hoice which certificate could be accepted by SCEP server for encryption data information It could be generated in Trusted Certificates CA Identifier is for SCEP server identifier which CA is used for...

Страница 286: ...Trusted CA Certificate Import from a PEM window that can let you copy the contents of dedicated CA certificate and paste them in the window to be a trusted one for the gateway Similarly the Trusted Cl...

Страница 287: ...dition you can delete used ones by checking the Select box of those certificates and clicking on the Delete button The View button allows you to view the contents of the dedicated certificate and down...

Страница 288: ...t CA of the Gateway 1 sign it to be the BranchCRT certificate Import the certificate into the Gateway 2 as a local certificate In addition also imports the certificates of the root CA of Gateway 1 int...

Страница 289: ...gram the Gateway 1 is the gateway of Network A in headquarters and the subnet of its Intranet is 10 0 76 0 24 It has the IP address of 10 0 76 2 for LAN interface and 203 95 80 22 for WAN 1 interface...

Страница 290: ...ply N A Click the Apply button to import certificate Cancel N A When the Cancel button is clicked the screen will return to the Trusted Certificates page When Get CA button is applied Trusted CA impor...

Страница 291: ...rtificates When Import button is applied Trusted Client import screen will appear Trusted Client Certificate List Item Value setting Description Import A Must filled setting It could select a certific...

Страница 292: ...generates the certificate based on the dedicated CSR by clicking on the Sign button in the window Certainly only the gateway be the root CA and it can sign the requests to certify Another approach to...

Страница 293: ...om a PEM Copy the contents of one CSR in PEM format to this window and use Sign button to generate corresponding certificate based on the pasted CSR contents The Signed Certificate View window will di...

Страница 294: ...oot CA of Gateway 1 Gateway 2 creates a CSR BranchCSR to let the root CA of the Gateway 1 sign it to be the BranchCRT certificate Import the certificate into the Gateway 2 as a local certificate In ad...

Страница 295: ...NAT security gateways Gateway 1 generates the root CA and a local certificate HQCRT that is signed by itself Import the certificates of the root CA and HQCRT into the Trusted CA Certificate List and T...

Страница 296: ...lue setting Description Certificate Signing Request CSR Import from a File A Must filled setting It could select a certificate signing request file from user s computer for importing to DUT Certificat...

Страница 297: ...rst In Port Configuration page there is only one configuration window for the serial port settings The Configuration window can let you specify serial port parameters including the operation mode bein...

Страница 298: ...based network Baud Rate 19200 is set by default Select the appropriate baud rate for serial device communication RS 232 9600 19200 38400 57600 115200 RS 485 9600 19200 38400 57600 115200 230400 46080...

Страница 299: ...there are three more configuration parameters need to specify They are the connection control the connection idle timeout and the alive check timeout In the TCP Client mode there is another Legal IP F...

Страница 300: ...another Trusted IP Definition window can let you define four hosts as TCP clients to connect to the gateway by using their IP addresses if the trust type is Specific IP These operation modes are illu...

Страница 301: ...re In above diagram the IOG Gateway is the gateway that attaches a serial device and the gateway has a 3G LTE WAN interface to connect to the Internet A remote Internet host computer whose IP address...

Страница 302: ...e time Scenario Description When the Internet Host Computer wants to get the serial data via the IOG Gateway it will try to establish a TCP connection to the gateway if the connection is off After the...

Страница 303: ...from the serial device via the gateway it will establish a TCP connection to the IOG Gateway if the connection is off After the data has been transferred the gateway automatically disconnects from th...

Страница 304: ...remote Internet host computer whose IP address is 140 116 82 98 has a management system in it to collect the serial data from or send data to the serial device via the gateway Please be noted that th...

Страница 305: ...trol Always on is set by default Choose Always on for a TCP full time connection Otherwise choose On Demand to initiate TCP connection only when required to transmit and disconnect at idle timeout Con...

Страница 306: ...or FQDN of the remote TCP server to transmit serial data Remote Port 1 A Must filled setting 2 Default value is 4001 Enter the TCP port number This is the listen port of the remote TCP server Local Po...

Страница 307: ...Port 4001 is set by default Indicate the listening port of TCP connection Trust Type Allow All is set by default Choose Allow All to allow any TCP clients to connect Otherwise choose Specific IP to l...

Страница 308: ...settings Enable UDP Mode UDP User Datagram Protocol enables applications using UDP socket programs to communicate with the serial ports on the serial server The UDP mode provides connectionless commun...

Страница 309: ...ected to the local serial port When a virtual serial port on the local serial device is being created it is required to specify the IP address of the remote hosts to establish connection with Enable R...

Страница 310: ...ton to save the settings Specify Remote Host for Access Specify RFC 2217 Clients for Access Window Item Value setting Description Host A Must filled setting Enter the IP address range of allowed clien...

Страница 311: ...obile communication systems It uses standardized communications protocols to allow fixed line or mobile phone devices to exchange short text messages 12 SMS as used on modern handsets originated from...

Страница 312: ...mbers of unread SMS messages total received SMS messages and SMS messages in free space Moreover a New SMS button can let you compose and send a new SMS message The SMS Inbox button can let you check...

Страница 313: ...minus one New SMS N A Click New SMS button a New SMS screen appears User can set the SMS setting from this screen Refer to New SMS in the next page SMS Inbox N A Click SMS Inbox button a SMS Inbox Lis...

Страница 314: ...the phone number from SMS Timestamp N A What time receive SMS SMS Text Preview N A Preview the SMS text Action The box is unchecked by default User can check the box then click Delete button to delet...

Страница 315: ...D messages create a real time connection during an USSD session The connection remains open allowing a two way exchange of a sequence of data This makes USSD more responsive than services that use SMS...

Страница 316: ...h the USSD server by sending USSD commands and getting USSD responses via the voice gateway An USSD Session Scenario Scenario Application Timing When the administrator wants to uses the Voice Gateway...

Страница 317: ...file named as roaming setting with command 135 for further use In the USSD Request window from the USSD Profile dropdown box select the roaming setting profile and the USSD Command field shows 135 Cli...

Страница 318: ...Name that user can key in USSD Command N A The USSD command that user can key in Comments N A The Comments is this profile comment USSD Request When send the USSD command the USSD Response screen wil...

Страница 319: ...ge there are two windows for the Network Scan function The Configuration window can let you select which 3G 4G module physical interface is used to perform Network Scan and system will show the curren...

Страница 320: ...pend on module and user need to select option at least one for all network type Scan Approach The box is Auto by default When Auto selected cellular module register automatically If the Manually selec...

Страница 321: ...with the gateway via the SMS system Only these phones can SMS control the gateway Furthermore the SMS messages can be removed after being processed by the system to clear up the memory to receive more...

Страница 322: ...ber administrator can further specify the SMS messaging access control From which phone number the gateway will receive the management SMS messages or to which phone the gateway can issue the notifica...

Страница 323: ...Control Configuration Access Control Enable Configuration Path Remote Management Specific Phone Number Definition ID 1 Phone Number 8869116xxxxx Granted Functions Management Notification Enable Scenar...

Страница 324: ...scription SMS Remote Management The box is unchecked by default Check the Enable box to activate SMS Remote Management function Managing Events The box is unchecked by default Check the Enable box to...

Страница 325: ...ived managing events SMS must have the designated security key as an initial identifier then corresponding handlers will become effective for further processing Save NA Click the Save button to save t...

Страница 326: ...bus Definition to specify Modbus Event Handlers All box is unchecked by default Specify the related Handlers for the managing event Select Power Checkbox and select the handlers you want to specify Po...

Страница 327: ...ect DO and select profile from Digital Output DO Profile List to specify the DO Response Select SMS to specify the SMS Response Select SNMP Trap to specify the SNMP Trap Response Select Modbus and sel...

Страница 328: ...t condition to specify WiFi Event Select Client Server Proxy and select the event condition to specify Client Server Proxy Event Select System Related and the event condition to specify System Related...

Страница 329: ...ow what is the current SIM card and the sim card condition SIM Selection N A Press theSwitch button then router would switch sim card to another one Then you can configure the sim card PUK function Ap...

Страница 330: ...imes Depend on sim card Represent the SIM PIN number of times that you can try unlocking Save NA Click the Save button to save the configuration Change PIN Code NA Click the Change PIN code button to...

Страница 331: ...o the fieldbus devices and D O devices which are already well connected to The supported events are categorized into two groups the notifying events and managing events The notifying events are the ev...

Страница 332: ...tings are separated as several items they are the SMS Account Definition Email Service Definition Digital Input DI Profile Configuration Digital Output DO Profile Configuration and Modbus Definition T...

Страница 333: ...ofiles Modbus Read Write profile Managing Events Trigger Type SMS SNMP Trap DI and Modbus Handlers WAN behavior LAN VLAN behavior WIFI behavior NAT behavior Firewall behavior System Management System...

Страница 334: ...on Setup your SMS Account It supports up to a maximum of 5 accounts You can click the Edit button for each ID to edit the account SMS Account Definition Item Value setting Description Phone Number 1 M...

Страница 335: ...alue setting Description Email Server Option Apply Email Server profile from External Server settings Email Addresses 1 Internet E mail address format 2 A Must filled setting Specify the Destination E...

Страница 336: ...ing Specify the DI Profile Name DI Source ID1 by default Specify the DI Source It could be ID1 Normal Level Low by default Specify the Normal Level It could be Low or High Signal Active Time 1 Numberi...

Страница 337: ...Low or High Total Signal Period 1 Numberic String format 2 A Must filled setting Specify the Total Signal Period It could be from 10 to 10000 milliseconds Repeat Counter The box is unchecked by defaul...

Страница 338: ...ents Notifying Events or both Read Function Read Holding Registers by default Specify the Read Function for Managing Events Write Function Write Single Registers by default Specify the Write Function...

Страница 339: ...ecify the Logic Comparator for Managing Events Value 1 Numberic String format 2 A Must filled setting Specify the Value It could be from 0 to 65535 Profile The box is unchecked by default Click Enable...

Страница 340: ...function Create Edit Managing Events Rules Setup your Managing Event rules It supports up to a maximum of 128 rules When Add button is applied the Managing Event Configuration screen will appear Manag...

Страница 341: ...ment Handlers Select System Related Checkbox and select the handlers you want to specify System Related Handlers Select DO Checkbox and select the profile from Digital Output DO Profile List to specif...

Страница 342: ...upports up to a maximum of 128 rules When Add button is applied the Notifying Event Configuration screen will appear Notifying Event Configuration Item Value setting Description Event DI 1 or WAN by d...

Страница 343: ...the Web Log Handler Select SNMP Trap to specify the SNMP Trap Handler Select Email and select the profile from Email Definition to specify the Email Handler Select Modbus and select profile from Modbu...

Страница 344: ...rmware upgrades Email alert and system log Go to System System Related tab Change Password Change password screen allows network administrator to change the web based utility login password to access...

Страница 345: ...nection is currently being used The display also shows the current System time It is particularly useful when firmware has been upgraded and system configuration file has been loaded Go to System Syst...

Страница 346: ...e slots for new function insertion when required 346 System Status System Status screen contains various event log tools facilitating network administrator to perform local event logging and remote re...

Страница 347: ...analysis View Email Log History Item Value setting Description View button N A Click on the View button to view Log History in Web Log List Window Email Now button N A Click on the Email Now button to...

Страница 348: ...rator to select the type of event to log and be displayed in the Web Log List Window as described in the previous section Click on the View button to view Log History in the Web Log List window Web Lo...

Страница 349: ...r the recipient s Email account Separate Email accounts with comma or semicolon Enter the Email account in the format of myemail domain com Subject String any text Enter an Email subject that is easy...

Страница 350: ...nu Select one syslog server from the Server dropdown box to sent event log to If none has been available press Add Object button to create a syslog server Log type category Default unchecked Select th...

Страница 351: ...Device Internal is selected by default Select internal or external storage Log file name Default unchecked Set file name to save logs in storage Split file Enable Default unchecked Check to enable sp...

Страница 352: ...dule rules which can be applied to other functionality Go to System Scheduling Schedule Settings Button description Item Value setting Description Add N A Click the Add button to configure time schedu...

Страница 353: ...vate activate the function been applied to in the time period below Time Period Definition Item Value Setting Description Week Day Select from menu Select everyday or one of weekday Start Time Time fo...

Страница 354: ...o understand Server IP FQDN A Must filled setting This field is to specify the external server IP Server Port A Must filled setting This field is to specify the external server port Server Type A Must...

Страница 355: ...es must be between 1 and 26 Then check Enable box to add this server Active Directory Server A Must filled setting When Active Directory Server is selected it means the option External Servers is set...

Страница 356: ...t be between 1 and 60 Then check Enable box to add this server SCEP Server A Must filled setting When SCEP Server is selected it means the option External Servers is set SCEP Server Server Port will b...

Страница 357: ...elapsed The setting allows administrator to enable automatic logout and set the logout idle time When the Time out is disabled the system will not logout the administrator automatically Go to System...

Результаты поиска

Содержание IDG500AM-0T001

Отзывы:

M2M IDG500AM-0T001, Руководство пользователя, Страница: 347 / 357

Результаты поиска

Содержание IDG500AM-0T001

Отзывы: